Azure Stack Hub 操作員存取工作站Azure Stack Hub Operator Access Workstation

操作員存取工作站 (OAW) 是用來在執行2005版或更新版本的硬體生命週期主機上部署跳躍方塊虛擬機器 (VM) ,讓 (操作員可以存取具特殊許可權的端點) PEP Azure Stack Hub 和系統管理員入口網站中的支援案例。The Operator Access Workstation (OAW) is used to deploy a jump box virtual machine (VM) on a Hardware Lifecycle Host (HLH) that runs version 2005 or later so an Azure Stack Hub operator can access the privileged endpoint (PEP) and the Administrator portal for support scenarios.

當操作員執行新工作時,應建立 OAW VM。The OAW VM should be created when an operator performs a new task. 完成 VM 內的必要工作之後,應關閉 VM,並將其移除,因為 Azure Stack Hub 不一定要執行它。After a required task inside the VM is completed, the VM should be shut down and removed as Azure Stack Hub doesn't need to always run it.

OAW 案例OAW scenarios

下表列出 OAW 的一般案例,但這不是專屬的。The following tables lists common scenarios for the OAW, but this is not exclusive. 建議您使用遠端桌面連線到 OAW。It is recommended to use Remote Desktop to connect to the OAW.

案例Scenario 描述Description
存取系統管理入口網站Access the Administration portal 執行系統管理作業Perform administrative operations
存取 PEPAccess PEP 記錄檔收集和上傳:Log collection and upload:
-從 Azure Stack Hub 在 HLH 上建立 SMB 共用以進行檔案傳輸-Create an SMB share on the HLH for file transfer from Azure Stack Hub
-使用 Azure 儲存體總管來上傳儲存至 SMB 共用的記錄-Use Azure Storage Explorer to upload logs saved to the SMB share
註冊 Azure Stack HubRegister Azure Stack Hub 若要重新註冊,請從系統管理入口網站取得先前的註冊名稱和資源群組For re-registration, get previous Registration Name and Resource Group from the Administration portal
Marketplace 摘要整合Marketplace syndication 在 HLH 上建立 SMB 共用以儲存下載的映射或延伸模組Create an SMB share on the HLH to store the downloaded image or extension

下載檔案Download files

若要取得檔案以建立 OAW VM,請從 這裡下載To get the files to create the OAW VM, download here. 在下載之前,請務必先閱讀 Microsoft 隱私權聲明法律條款Please be sure to review the Microsoft Privacy Statement and Legal Terms prior to download.

由於解決方案的無狀態性質,OAW VM 沒有任何更新。Due to the stateless nature of the solution, there are no updates for the OAW VM. 針對每個里程碑,將會釋出新版本的 VM 映射檔案。For each milestone, a new version of the VM image file will be released. 使用最新版本來建立新的 OAW VM。Use the latest version to create a new OAW VM. 影像檔案是以最新的 Windows Server 2019 版本為基礎。The image file is based on the latest Windows Server 2019 version. 安裝之後,您可以使用 Windows Update 來套用更新,包括任何重大更新。After installation, you can apply updates, including any critical updates, using Windows Update.

驗證下載的 OAW.zip 檔案的雜湊,以確定它在用來建立 OAW VM 之前尚未經過修改。Validate the hash of the downloaded OAW.zip file to make sure it has not been modified before using it to create the OAW VM. 執行下列 PowerShell 指令碼。Run the following PowerShell script. 如果傳回值為 True,您可以使用下載的 OAW.zip:If the return value is True, you can use the downloaded OAW.zip:

param(
    [Parameter(Mandatory=$True)]
    [ValidateNotNullOrEmpty()]
    [ValidateScript({Test-Path $_ -PathType Leaf})]
    [string]
    $DownloadedOAWZipFilePath
)

$expectedHash = '73E16995B79433E79F9EFA9A292443296D112B24B4D86A060FCB4C9403B8D014'
$actualHash = (Get-FileHash -Path $DownloadedOAWZipFilePath).Hash

Write-Host "Expected hash: $expectedHash"

if ($expectedHash -eq $actualHash)
{
    Write-Host 'SUCCESS: OAW.zip file hash matches.'
}
else
{
    Write-Error 'ERROR: OAW.zip file hash does not match! It is not safe to use it, please download it again.'
    Write-Error "Actual hash: $actualHash"
}

使用者帳戶原則User account policy

下列使用者帳戶原則會套用至 OAW VM:The following user account policy is applied to the OAW VM:

  • 內建系統管理員使用者名稱: AdminUserBuilt-in Administrator username: AdminUser
  • Msds-minimumpasswordlength = 14MinimumPasswordLength = 14
  • PasswordComplexity 已啟用PasswordComplexity is enabled
  • Msds-minimumpasswordage = 1 (day) MinimumPasswordAge = 1 (day)
  • Msds-maximumpasswordage = 42 (天) MaximumPasswordAge = 42 (days)
  • NewGuestName = GUser (預設為停用) NewGuestName = GUser (disabled by default)

預先安裝的軟體Pre-installed software

下表列出 OAW VM 上預先安裝的軟體。The following table lists the pre-installed software on the OAW VM.

軟體名稱Software Name 位置Location
商務 Microsoft EdgeMicrosoft Edge for Business [SystemDrive ] \Program Files (x86) \microsoft\edge\application[SystemDrive]\Program Files (x86)\Microsoft\Edge\Application
Az 模組Az Modules [SystemDrive ] \ProgramFiles\WindowsPowerShell\Modules[SystemDrive]\ProgramFiles\WindowsPowerShell\Modules
PowerShell 7PowerShell 7 [SystemDrive ] \Program Files\PowerShell\7[SystemDrive]\Program Files\PowerShell\7
Azure 命令列介面 (CLI)Azure Command-Line Interface (CLI) [SystemDrive ] \Program Files (x86) \Microsoft SDKs\Azure\CLI2[SystemDrive]\Program Files (x86)\Microsoft SDKs\Azure\CLI2
Microsoft Azure 儲存體總管Microsoft Azure Storage Explorer [SystemDrive ] \Program Files (x86) \microsoft Azure 儲存體總管[SystemDrive]\Program Files (x86)\Microsoft Azure Storage Explorer
AzCopyAzCopy [SystemDrive ] \vmsoftware\ azcopy_windows_amd64_10 3。4[SystemDrive]\VMSoftware\azcopy_windows_amd64_10.3.4
Azure Stack 工具AzureStack-Tools [SystemDrive ] \VMSoftware\AzureStack-Tools[SystemDrive]\VMSoftware\AzureStack-Tools

檢查 HLH 版本Check HLH version

  1. 使用您的認證登入 HLH。Log onto the HLH with your credentials.

  2. 開啟 PowerShell ISE 並執行下列腳本:Open PowerShell ISE and run the following script:

    'C:\Version\Get-Version.ps1'
    

    例如:For example:

    PowerShell Cmdlet 的螢幕擷取畫面,可檢查 OAW VM 的版本

使用腳本建立 OAW VMCreate the OAW VM using a script

下列腳本會將虛擬機器準備為操作員存取工作站 (OAW) ,用來存取 Microsoft Azure Stack Hub 以進行系統管理與診斷。The following script prepares the virtual machine as the Operator Access Workstation (OAW), which is used to access Microsoft Azure Stack Hub for administration and diagnostics.

  1. 使用您的認證登入 HLH。Log onto the HLH with your credentials.
  2. 下載 OAW.zip 並解壓縮檔案。Download OAW.zip and extract the files.
  3. 開啟提升權限的 PowerShell 工作階段。Open an elevated PowerShell session.
  4. 流覽至 OAW.zip 檔案的解壓縮內容。Navigate to the extracted contents of the OAW.zip file.
  5. 執行 New-OAW.ps1 腳本。Run the New-OAW.ps1 script.

例如,若要在 HLH 上建立 OAW VM,而不使用 Azure Stack Hub 2005 版或更新版本的任何自訂,請只使用 -LocalAdministratorPassword 參數執行 New-OAW.ps1 腳本:For example, to create the OAW VM on the HLH without any customization using Azure Stack Hub version 2005 or later, run the New-OAW.ps1 script with only the -LocalAdministratorPassword parameter:

$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword  

若要在具有網路連線的主機上建立 OAW VM 以 Azure Stack Hub:To create the OAW VM on a host with network connection to Azure Stack Hub:

$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
   -IPAddress '192.168.0.20' `
   -SubnetMask '255.255.255.0' `
   -DefaultGateway '192.168.0.1' `
   -DNS '192.168.0.10'

若要從檔案 AzureStackStampInformation.js取出 ERCS VM 的 IP 位址:To retrieve the IP address of the ERCS VM from the AzureStackStampInformation.json file:

$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
   -AzureStackCertificatePath 'F:\certroot.cer' `
   -DeploymentDataFilePath 'F:\DeploymentData.json' `
   -AzSStampInfoFilePath 'F:\AzureStackStampInformation.json'

若要在 HLH 上建立具有 DeploymentData.js的 OAW VM:To create the OAW VM on the HLH with DeploymentData.json:

$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
   -DeploymentDataFilePath 'D:\AzureStack\DeploymentData.json'

如果 DeploymentData.json 檔案包含 OAW VM 的命名前置詞,該值將會用於 VirtualMachineName 參數。If the DeploymentData.json file includes the Naming Prefix for OAW VM, that value will be used for the VirtualMachineName parameter. 否則,預設名稱為 AzSOAW 或由使用者指定的任何名稱。Otherwise, the default name is AzSOAW or whatever name specified is by the user.

有兩個參數集可用於新的-OAW。Two parameter sets are available for New-OAW. 選擇性參數會顯示在括弧中。Optional parameters are shown in brackets.

New-OAW 
-LocalAdministratorPassword <Security.SecureString> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-DNS <String[]>] `
[-DeploymentDataFilePath <String>] `
[-SkipNetworkConfiguration] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]
New-OAW
-LocalAdministratorPassword <Security.SecureString> `
-IPAddress <String> `
-SubnetMask <String> `
-DefaultGateway <String> `
-DNS <String[]> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]

下表列出每個參數的定義。The following table lists the definition for each parameter.

參數Parameter 必要/選用Required/Optional 描述Description
LocalAdministratorPasswordLocalAdministratorPassword 必要Required 虛擬機器本機系統管理員帳戶 AdminUser 的密碼。Password for the virtual machine's local administrator account AdminUser.
IpAddressIPAddress 必要Required 要在虛擬機器上設定 TCP/IP 的靜態 IPv4 位址。The static IPv4 address to configure TCP/IP on the virtual machine.
SubnetMaskSubnetMask 必要Required 要在虛擬機器上設定 TCP/IP 的 IPv4 子網路遮罩。The IPv4 subnet mask to configure TCP/IP on the virtual machine.
DefaultGatewayDefaultGateway 必要Required 要在虛擬機器上設定 TCP/IP 之預設閘道的 IPv4 位址。IPv4 address of the default gateway to configure TCP/IP on the virtual machine.
DNSDNS 必要Required DNS 伺服器 (s) 在虛擬機器上設定 TCP/IP。DNS server(s) to configure TCP/IP on the virtual machine.
ImageFilePathImageFilePath 選擇性Optional Microsoft 所提供之 OAW 的路徑。Path of OAW.vhdx provided by Microsoft. 此腳本的相同父資料夾下的預設值為 OAW。Default value is OAW.vhdx under the same parent folder of this script.
VirtualMachineNameVirtualMachineName 選擇性Optional 要指派給虛擬機器的名稱。The name to be assigned to the virtual machine. 如果在 DeploymentData.js檔案中找到命名前置詞,則會使用它做為預設名稱。If the Naming Prefix can be found in the DeploymentData.json file, it will be used as the default name. 否則,將會使用 AzSOAW 做為預設名稱。Otherwise, AzSOAW will be used as the default name. 您可以指定其他名稱以覆寫預設值。You can specify another name to overwrite the default value.
VirtualMachineMemoryVirtualMachineMemory 選擇性Optional 要指派給虛擬機器的記憶體。Memory to be assigned to the virtual machine. 預設值為 4 gbDefault value is 4GB.
VirtualProcessorCountVirtualProcessorCount 選擇性Optional 要指派給虛擬機器的虛擬處理器數目。Number of virtual processors to be assigned to the virtual machine. 預設值為 8Default value is 8.
VirtualMachineDiffDiskPathVirtualMachineDiffDiskPath 選擇性Optional 管理 VM 處於作用中時,用來儲存暫存差異磁片檔案的路徑。Path to store temporary diff disk files while the management VM was active. 預設值為此腳本之相同父資料夾下的 DiffDisks 子目錄。Default value is DiffDisks subdirectory under the same parent folder of this script.
AzureStackCertificatePathAzureStackCertificatePath 選擇性Optional 要匯入虛擬機器以進行 Azure Stack Hub 存取的憑證路徑。Path of certificates to be imported to the virtual machine for Azure Stack Hub access.
AzSStampInfoFilePathAzSStampInfoFilePath 選擇性Optional 檔案上的 AzureStackStampInformation.js路徑,腳本可在此取得 ERCS VM 的 Ip。Path of AzureStackStampInformation.json file where the script can retrieve the IPs of the ERCS VM.
CertificatePasswordCertificatePassword 選擇性Optional 要匯入虛擬機器以進行 Azure Stack Hub 存取的憑證密碼。Password of certificate to be imported to the virtual machine for Azure Stack Hub access.
ERCSVMIPERCSVMIP 選擇性Optional 要新增至虛擬機器之信任主機清單的 Azure Stack Hub ERCS VM () s 的 IP。IP of Azure Stack Hub ERCS VM(s) to be added to trusted host list of the virtual machine. 如果設定 -SkipNetworkConfiguration ,將不會生效。Won't take effect if -SkipNetworkConfiguration is set.
SkipNetworkConfigurationSkipNetworkConfiguration 選擇性Optional 略過虛擬機器的網路設定,讓使用者可以稍後再設定。Skips network configuration for the virtual machine so user can configure later.
DeploymentDataFilePathDeploymentDataFilePath 選擇性Optional DeploymentData.js的路徑。Path of DeploymentData.json. 如果設定 -SkipNetworkConfiguration ,將不會生效。Won't take effect if -SkipNetworkConfiguration is set.
PhysicalAdapterMACAddressPhysicalAdapterMACAddress 選擇性Optional 將用來連接虛擬機器的主機網路介面卡的 MAC 位址。The MAC address of the host's network adapter that will be used to connect the virtual machine to.
-如果只有一張實體網路介面卡,則不需要此參數,而且只會使用唯一的網路介面卡。- If there is only one physical network adapter, this parameter is not needed and the only network adapter will be used.
-如果有多個實體網路介面卡,則需要此參數來指定要使用哪一個。- If there is more than one physical network adapter, this parameter is required to specify which one to use.
VirtualSwitchNameVirtualSwitchName 選擇性Optional 需要在 Hyper-v 中為虛擬機器設定的虛擬交換器名稱。The name of virtual switch that needs to be configured in Hyper-V for the virtual machine.
-如果有具有所提供名稱的 VMSwitch,則會選取這類的 VMSwitch。- If there is VMSwitch with the provided name, such VMSwitch will be selected.
-如果沒有具有所提供名稱的 VMSwitch,則會以提供的名稱建立 VMSwitch。- If there is no VMSwitch with the provided name, a VMSwitch will be created with the provided name.
重建ReCreate 選擇性Optional 如果已經存在同名的虛擬機器,則移除並重新建立虛擬機器。Removes and re-creates the virtual machine if there is already an existed virtual machine with the same name.

檢查 OAW VM 版本Check the OAW VM version

  1. 使用您的認證登入 OAW VM。Log onto the OAW VM with your credentials.

  2. 開啟 PowerShell ISE 並執行下列腳本:Open PowerShell ISE and run the following script:

    'C:\Version\Get-Version.ps1'
    

    例如:For example:

    用來檢查硬體生命週期主機版本的 PowerShell Cmdlet 螢幕擷取畫面

在 HLH 與 OAW 之間傳輸檔案Transfer files between the HLH and OAW

如果您需要在 HLH 和 OAW 之間傳輸檔案,請使用 >get-smbshare Cmdlet 來建立 SMB 共用。If you need to transfer files between the HLH and the OAW, create an SMB share by using the New-SmbShare cmdlet. New-SmbShare 會將檔系統資料夾公開給遠端用戶端,做為 (SMB) 共用的伺服器訊息區。New-SmbShare exposes a file system folder to remote clients as a Server Message Block (SMB) share. 例如:For example:

若要刪除此 Cmdlet 所建立的共用,請使用 >get-smbshare Cmdlet。To delete a share that was created by this cmdlet, use the Remove-SmbShare cmdlet. 例如:For example:

移除 OAW VMRemove the OAW VM

下列腳本會移除用來存取 Azure Stack Hub 以進行管理和診斷的 OAW VM。The following script removes the OAW VM, which is used to access Azure Stack Hub for administration and diagnostics. 此腳本也會移除與 VM 相關聯的磁片檔案和守護者。This script also removes the disk files and the guardian associated with the VM.

  1. 使用您的認證登入 HLH。Log onto the HLH with your credentials.

  2. 開啟提升權限的 PowerShell 工作階段。Open an elevated PowerShell session.

  3. 流覽至已安裝之 OAW.zip 檔案的解壓縮內容。Navigate to the extracted contents of the installed OAW.zip file.

  4. 執行 Remove-OAW.ps1 腳本來移除 VM:Remove the VM by running the Remove-OAW.ps1 script:

    Remove-OAW.ps1 -VirtualMachineName <name>
    

    其中 <name> 是要移除之虛擬機器的名稱。Where <name> is the name of the virtual machine to be removed. 依預設,此名稱為 AzSOAWBy default, the name is AzSOAW.

    例如:For example:

    Remove-OAW.ps1 -VirtualMachineName AzSOAW
    

後續步驟Next steps

Azure Stack 管理工作Azure Stack Management Tasks