從 Azure Stack 管理 Windows Azure 套件虛擬機器Manage Windows Azure Pack virtual machines from Azure Stack

適用於:Azure Stack 開發套件Applies to: Azure Stack Development Kit

在 Azure Stack 開發套件環境中,您可以從 Azure Stack 使用者入口網站中,啟用在 Windows Azure 套件上所執行租用戶虛擬機器的存取權。In the Azure Stack Development Kit, you can enable access from the Azure Stack user portal to tenant virtual machines running on Windows Azure Pack. 使用者可以使用 Azure Stack 入口網站來管理其現有的 IaaS 虛擬機器和虛擬網路。Users can use the Azure Stack portal to manage their existing IaaS virtual machines and virtual networks. 這些資源都可以透過基礎的 Service Provider Foundation (SPF) 和 Virtual Machine Manager (VMM) 元件,在 Windows Azure 套件上使用。These resources are made available on Windows Azure Pack through the underlying Service Provider Foundation (SPF) and Virtual Machine Manager (VMM) components. 具體而言,使用者可以:Specifically, users can:

  • 瀏覽資源Browse resources
  • 檢查設定值Examine configuration values
  • 停止或啟動虛擬機器Stop or start a virtual machine
  • 透過遠端桌面通訊協定 (RDP) 連線到虛擬機器Connect to a virtual machine through Remote Desktop Protocol (RDP)
  • 建立和管理檢查點Create and manage checkpoints
  • 刪除虛擬機器和虛擬網路Delete virtual machines and virtual networks

此功能是由適用於 Azure Stack 的 Windows Azure 套件連接器所提供 (預覽)。This functionality is provided by the Windows Azure Pack Connector for Azure Stack (Preview). 本文示範如何設定適用於單一節點 Azure Stack 環境的連接器。This article shows how to configure the connector for a single-node Azure Stack environment.

針對此預覽版本的連接器,請注意以下事項:For this preview release of the connector, be aware of the following:

  • 請僅在測試環境中使用 Windows Azure 套件連接器 (針對 Azure Stack 和 Windows Azure 套件),而不要在生產環境部署中使用。Use the Windows Azure Pack Connector only in test environments (for both Azure Stack and Windows Azure Pack), and not in production deployments.
  • 您必須擁有 Windows Azure 套件更新彙總套件 (UR) 9.1 或更新版本,以及 System Center SPF 和 VMM UR 9 或更新版本。You must have Windows Azure Pack Update Rollup (UR) 9.1 or later and System Center SPF and VMM UR 9 or later.
  • VMM 和 SPF 元件可以是 System Center 2012 R2 或 System Center 2016。The VMM and SPF components can be either System Center 2012 R2 or System Center 2016.
  • 您必須在 Azure Stack 和 Windows Azure 套件都執行設定步驟。You must perform configuration steps on both Azure Stack and on Windows Azure Pack.
  • 此指示適用於非雲端平台系統 (CPS) 環境。The instructions apply to non-Cloud Platform System (CPS) environments.
  • 若要檢閱已知的問題,請參閱 Microsoft Azure Stack 疑難排解To review the known issues, see Microsoft Azure Stack troubleshooting.

架構Architecture

下圖顯示 Windows Azure 套件連接器的主要元件。The following diagram shows the main components of the Windows Azure Pack Connector.

Windows Azure 套件連接器元件

請注意下列詳細資料:Notice the following details:

  • Azure Stack 使用者入口網站會從這兩個雲端 (Azure Stack 和 Windows Azure 套件) 存取資源資訊。The Azure Stack user portal accesses the resource information from both clouds (Azure Stack and Windows Azure Pack).
  • 使用者必須具有在這兩種環境中都有效的帳戶。The user must have an account that is valid in both environments.
  • Azure Stack 使用者入口網站必須具有在 Windows Azure 套件上所執行元件的網路存取權。The Azure Stack user portal must have network access to the components running on Windows Azure Pack.
  • 在圖表中的 WAP 區段,您可以看到新的 Windows Azure 套件連接器模組 (WAP 擴充功能和連接器) 以及包含 SPF 和 VMM 元件的現有 Windows Azure 套件租用戶 API。In the WAP section of the diagram, you can see the new Windows Azure Pack Connector modules (WAP Extension and Connector) and the existing Windows Azure Pack Tenant API with SPF and VMM components.

身分識別管理Identity management

Windows Azure 套件租用戶 API 必須信任 Azure Stack 安全性權杖服務 (STS)。The Windows Azure Pack Tenant API must trust the Azure Stack security token service (STS).

當使用者透過 Azure Stack 入口網站執行目標為 Windows Azure 套件資源的動作時,入口網站會使用 Windows Azure 套件租用戶 API。When a user performs an action through the Azure Stack portal that targets Windows Azure Pack resources, the portal uses the Windows Azure Pack Tenant API. 因此,提供的使用者驗證權杖必須來自受信任的 STS。Therefore, the provided user authentication token must come from a trusted STS. 請參閱下圖:See the following diagram:

Windows Azure 套件連接器驗證的圖表

在開發套件環境中,Windows Azure 套件和 Azure Stack 具有獨立的識別提供者。In the development kit environment, Windows Azure Pack and Azure Stack have independent identity providers. 從 Azure Stack 入口網站存取這兩種環境的使用者,在這兩個識別提供者中使用者主體名稱 (UPN) 的名稱必須相同。Users who access both environments from the Azure Stack portal must have the same user principal name (UPN) name in both identity providers. 例如,帳戶 azurestackadmin@azurestack.local 在 Windows Azure 套件的 STS 中也應存在。For example, the account azurestackadmin@azurestack.local should also exist in the STS for Windows Azure Pack. 若 AD FS 未設定為支援連出的信任關係,您會從 Windows Azure 套件元件 (租用戶 API) 建立對 AD FS Azure Stack 執行個體的信任。Where AD FS is not set up to support outbound trust relationships, you will establish trust from the Windows Azure Pack components (Tenant API) to the Azure Stack instance of AD FS.

必要條件Prerequisites

下載 Windows Azure 套件連接器Download the Windows Azure Pack Connector

Microsoft 下載中心下載 .exe 檔案,並將其解壓縮到本機電腦。On the Microsoft Download Center, download the .exe file and extract it to your local computer. 稍後,您要將內容複製到可以存取您 Windows Azure 套件環境的電腦。Later, you copy the contents to a computer that can access your Windows Azure Pack environment.

部署選項需求Deployment option requirement

為了與 Windows Azure 套件整合,您可以使用 AD FS 選項或 Azure Active Directory 選項來部署 Azure Stack。To integrate with Windows Azure Pack, you can deploy Azure Stack by using the AD FS option or the Azure Active Directory option.

連線能力需求Connectivity requirements

  1. 請從可存取 Azure Stack 使用者入口網站的電腦,確定您可以透過網頁瀏覽器來存取 Windows Azure 套件租用戶入口網站。From the computer on which you access the Azure Stack user portal, make sure that you can access the Windows Azure Pack tenant portal through the web browser.
  2. Azure Stack 上的 AzS-WASP01 虛擬機器必須能夠連線到 Windows Azure 套件租用戶入口網站的電腦。The AzS-WASP01 virtual machine on Azure Stack must be able to connect to the Windows Azure Pack tenant portal computer. 請使用 Ping.exe 驗證網路連線能力。Use Ping.exe to verify network connectivity.
  3. 您必須擁有新連接器服務的有效憑證。You must have valid certificates for the new Connector services. 這些 SSL 憑證必須由受信任的憑證授權單位 (CA) 發行。These SSL certificates must be issued by a trusted certification authority (CA). 您不得使用自我簽署的憑證。You can't use self-signed certificates. Azure Stack (尤其是 AzS-WASP01 VM) 和任何其他租用戶可用來存取 Azure Stack 使用者入口網站的電腦,都必須信任該 SSL 憑證。The SSL certificates must be trusted by Azure Stack (specifically the AzS-WASP01 VM) and any other computer that the tenant may use to access the Azure Stack user portal.

    注意

    由於 AzS-WASP01 會執行包含伺服器核心安裝選項的 Windows Server,因此您可以使用命令列工具 (例如 Certutil.ext) 來匯入憑證。Because AzS-WASP01 runs Windows Server with the Server Core installation option, you can use a command-line tool such as Certutil.ext to import the certificate. 例如,您可將 .cer 檔案複製到 AzS-WASP01 的 c:\temp 上,並執行命令 certutil -addstore "CA" "c:\temp\certname.cer"For example, you could copy the .cer file to c:\temp on AzS-WASP01, and then run the command certutil -addstore "CA" "c:\temp\certname.cer".

  4. 若要透過 Azure Stack 入口網站建立到 Windows Azure 套件租用戶虛擬機器的 RDP 連線,Windows Azure 套件環境必須允許到租用戶虛擬機器的遠端桌面流量。To establish RDP connectivity to Windows Azure Pack tenant virtual machines through the Azure Stack portal, the Windows Azure Pack environment must allow Remote Desktop traffic to the tenant VMs.

  5. 針對 Azure Stack 疊租用戶虛擬機器與 Windows Azure 套件租用戶虛擬機器之間的連線,它們的外部 IP 位址必須可跨兩個環境路由傳送。For connectivity between Azure Stack tenant virtual machines and Windows Azure Pack tenant virtual machines, their external IP addresses must be routable across the two environments. 這種連線能力也可能包括建立 DNS 伺服器的關聯,以解析在環境之間的虛擬機器名稱。This connectivity could also include associating a DNS server to resolve virtual machine names between the environments.

IIS 需求IIS requirements

裝載 Windows Azure 套件租用戶入口網站的電腦 (這可能是實體主機、一部虛擬機器或多部虛擬機器) 必須安裝 URL 重寫 IIS 擴充功能。The computer that hosts the Windows Azure Pack tenant portal (which may be a physical host, a virtual machine, or multiple virtual machines) must have the URL Rewrite IIS extension installed. 如果尚未安裝,您可以從這裡下載。If it is not already installed, you can download it from here. 若有多部虛擬機器裝載租用戶入口網站,請在每部虛擬機器都上安裝擴充功能。If multiple virtual machines host the tenant portal, install the extension on each virtual machine.

設定 Azure StackConfigure Azure Stack

設定 Windows Azure 套件連接器之前,您必須先在 Azure Stack 使用者入口網站中啟用多重雲端模式。Before you configure the Windows Azure Pack Connector, you must enable multi-cloud mode in the Azure Stack user portal. 此模式可讓使用者選取要存取其資源的雲端。This mode enables users to select from which cloud to access resources.

若要啟用多重雲端模式,您必須在部署 Azure Stack 後執行 Add-AzurePackConnector.ps1 指令碼。To enable multi-cloud mode, you must run the Add-AzurePackConnector.ps1 script after Azure Stack deployment. 下表描述指令碼參數。The following table describes the script parameters.

參數Parameter 說明Description 範例Example
AzurePackCloudsAzurePackClouds Windows Azure 套件連接器的 URI。URIs of the Windows Azure Pack Connectors. 這些 URI 應該對應到 Windows Azure 套件租用戶入口網站。These URIs should correspond to the Windows Azure Pack tenant portals. @{CloudName = "AzurePack1"; CloudEndpoint = "https://waptenantportal1:40005"},@{CloudName = "AzurePack2"; CloudEndpoint = "https://waptenantportal2:40005"}@{CloudName = "AzurePack1"; CloudEndpoint = "https://waptenantportal1:40005"},@{CloudName = "AzurePack2"; CloudEndpoint = "https://waptenantportal2:40005"}

(依預設,此連接埠值為 40005。)(By default, the port value is 40005.)
AzureStackCloudNameAzureStackCloudName 代表本機 Azure Stack 雲端的標籤。Label to represent the local Azure Stack cloud. "AzureStack""AzureStack"
DisableMultiCloudDisableMultiCloud 停用多重雲端模式的開關。A switch to disable multi-cloud mode. N/AN/A

您可在部署之後緊接著執行 Add-AzurePackConnector.ps1 指令碼,也可以稍後再執行。You can run the Add-AzurePackConnector.ps1 script immediately after deployment, or later. 若要在部署後緊接著執行指令碼,請使用與完成 Azure Stack 部署相同的 Windows PowerShell 工作階段。To run the script immediately after deployment, use the same Windows PowerShell session where Azure Stack deployment completed. 否則,您也可用系統管理員身分 (登入為 azurestackadmin 帳戶) 開啟新的 Windows PowerShell 工作階段。Otherwise, you can open a new Windows PowerShell session as an administrator (signed in as the azurestackadmin account).

  1. 使用下列命令 (具有您環境專屬的值) 執行 Add-AzurePackConnector.ps1 指令碼。Run the Add-AzurePackConnector.ps1 script by using the following commands (with values specific to your environment). 請注意 Add-AzurePackConnector 指令碼可讓您新增多個 Windows Azure 套件連接器端點。Notice that the Add-AzurePackConnector script enables you to add more than one Windows Azure Pack Connector endpoint.

     $cred = New-Object System.Management.Automation.PSCredential("cloudadmin@azurestack.local", `
     (ConvertTo-SecureString -String "<password>" -AsPlainText -Force))
     $session = New-PSSession -ComputerName 'azs-ercs01' `
      -Credential $cred `
      -ConfigurationName PrivilegedEndpoint `
      -Authentication Credssp
    
     # Enable Multicloud
     Invoke-Command -Session $session -ScriptBlock { Add-AzurePackConnector -AzurePackClouds `
     @{CloudName = "AzurePack_1"; CloudEndpoint = "https://waptenantportal1:40005"},`
     @{CloudName = "AzurePack_2"; CloudEndpoint = "https://waptenantportal2:40005" } `
     -AzureStackCloudName "AzureStack" }
    

    注意

    在目前的組建中有個問題,就是 Add-AzurePackConnector 指令碼結束後,會停留在輪詢迴圈中一段很長的時間 (數分鐘),然後才會結束。In the current build there is an issue where after the Add-AzurePackConnector script ends, it remains in a polling loop for an extended period of time (several minutes) until it ends. 您看到 VERBOSE:步驟「設定 Azure 套件連接器」狀態:「成功」訊息後,就可以停止指令碼,或等到它自己停止。After you see the message VERBOSE: Step 'Configure Azure Pack Connector' status: 'Success', you can stop the script or wait until it stops by itself. 由於已設定成功,因此兩者將不會有所差別。It won’t make a difference because the configuration has already succeeded.

  2. 請針對您指定的每個 Windows Azure 套件環境,記下此指令碼所產生的輸出檔 (每個環境各一個)。Make note of the output files that are produced by this script, one for each Windows Azure Pack environment that you specified. 檔案位於:\\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput。The files are located at: \\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput. 這些檔案包含設定目標 Windows Azure 套件環境所需的資訊。These files contain the information that is required to configure the target Windows Azure Pack environments. 稍後在這些指示中,您會將這個檔案作為參數傳遞給指令碼。You pass this file as a parameter to a script later in these instructions. 這個檔案包含下列資訊:This file contains the following information:

    • AzurePackConnectorEndpoint:包含 Windows Azure 套件連接器服務的端點。AzurePackConnectorEndpoint: Contains the endpoint to the Windows Azure Pack Connector service.
    • AuthenticationIdentityProviderPartner:包含下列值組:AuthenticationIdentityProviderPartner: Contains the following value pair:

  3. 瀏覽至包含輸出檔的資料夾 (\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput),並將檔案複製到本機電腦。Browse to the folder that contains the output files (\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput), and copy the files to your local computer. 檔案會看起來像這樣:AzurePack-06-27-15-50.txt。The files will look similar to this: AzurePack-06-27-15-50.txt.

  4. 測試設定。Test the configuration.

    a.a. 開啟瀏覽器並登入 Azure Stack 使用者入口網站 (https://portal.local.azurestack.external/)。Open your browser and sign in to the Azure Stack user portal (https://portal.local.azurestack.external/).

    b.b. 以租用戶身分登入且入口網站載入後,您將會看到無法從 Azure 套件雲端擷取訂用帳戶或擴充功能的錯誤訊息。After you sign in as a tenant and the portal loads, you'll see errors about not being able to fetch subscriptions or extensions from the Azure Pack cloud. 按一下 [確定] 以關閉訊息。Click OK to close these messages. (在您設定 Windows Azure 套件後這些錯誤訊息就會消失。)(These error messages will go away after you configure Windows Azure Pack.)

    c.c. 請注意入口網站左上角的 [雲端] 下拉式清單。Notice the Cloud drop-down list in the upper-left corner of the portal.

    Azure Stack 使用者介面中的雲端選取器

設定 Windows Azure 套件Configure Windows Azure Pack

只有此預覽版本連接器需要手動設定 Windows Azure 套件。For this Connector preview release only, Windows Azure Pack requires manual configuration.

重要

針對此預覽版本,請僅在測試環境中使用 Windows Azure 套件連接器,而不要在生產環境部署中使用。For this preview release, use the Windows Azure Pack Connector only in test environments, and not in production deployments.

  1. 在 Windows Azure 套件租用戶入口網站虛擬機器上安裝連接器 MSI 檔案,並安裝憑證。Install Connector MSI files on the Windows Azure Pack tenant portal virtual machine, and install certificates. (若您有多部租用戶入口網站虛擬機器,則必須在每部虛擬機器上都完成此步驟。)(If you have multiple tenant portal virtual machines, you must complete this step on each virtual machine.)

    a.a. 在 [檔案總管] 中,將 (您之前下載的) WAPConnector 資料夾複製到租用戶入口網站虛擬機器上名為 c:\temp 的資料夾中。In File Explorer, copy the WAPConnector folder (what you downloaded earlier) to a folder named c:\temp in the tenant portal virtual machine.

    b.b. 開啟對租用戶入口網站虛擬機器的主控台或 RDP 連線。Open a Console or RDP connection to the tenant portal virtual machine.

    c.c. 將目錄變更為 c:\temp\wapconnector\setup\scripts,並執行 Install-Connector.ps1 指令碼來安裝三個 MSI 檔案。Change directories to c:\temp\wapconnector\setup\scripts, and run the Install-Connector.ps1 script to install three MSI files. 不需要任何參數。No parameters are required.

    cd C:\temp\wapconnector\setup\scripts\
    
    .\Install-Connector.ps1
    

    d.d. 將目錄變更為 c:\inetpub,並確認已安裝這三個新網站:Change directories to c:\inetpub and verify that the three new sites are installed:

    • MgmtSvc-ConnectorMgmtSvc-Connector

    • MgmtSvc-ConnectorExtensionMgmtSvc-ConnectorExtension

    • MgmtSvc-ConnectorControllerMgmtSvc-ConnectorController

    e.e. 從相同的 c:\temp\wapconnector\setup\scripts 資料夾中,執行 Configure-Certificates.ps1 指令碼來安裝憑證。From the same c:\temp\wapconnector\setup\scripts folder, run the Configure-Certificates.ps1 script to install certificates. 依預設,會使用 Windows Azure 套件租用戶入口網站中可用的相同憑證。By default, it will use the same certificate that is available for the Tenant Portal site in Windows Azure Pack. 請確定這是有效的憑證 (受到 Azure Stack AzS-WASP01 虛擬機器和任何存取 Azure Stack 入口網站的用戶端電腦信任)。Make sure this is a valid certificate (trusted by the Azure Stack AzS-WASP01 virtual machine and any client computer that accesses the Azure Stack portal). 否則,通訊將無法運作。Otherwise, communication won’t work. (或者,您也可以使用 -Thumbprint 參數,明確地傳遞憑證指紋作為參數。)(Alternatively, you can explicitly pass a certificate thumbprint as a parameter by using the -Thumbprint parameter.)

       cd C:\temp\wapconnector\setup\scripts\
    
       .\Configure-Certificates.ps1
    

    f.f. 若要完成這三項服務的設定,請執行 Configure-WapConnector.ps1 指令碼以更新 Web.config 檔案參數。To finish the configuration of these three services, run the Configure-WapConnector.ps1 script to update the Web.config file parameters.

    參數Parameter 說明Description 範例Example
    TenantPortalFQDNTenantPortalFQDN Windows Azure 套件租用戶入口網站 FQDN。The Windows Azure Pack tenant portal FQDN. tenant.contoso.comtenant.contoso.com
    TenantAPIFQDNTenantAPIFQDN Windows Azure 套件租用戶 API FQDN。The Windows Azure Pack Tenant API FQDN. tenantapi.contoso.comtenantapi.contoso.com
    AzureStackPortalFQDNAzureStackPortalFQDN Azure Stack 使用者入口網站 FQDN。The Azure Stack user portal FQDN. portal.local.azurestack.externalportal.local.azurestack.external
    .\Configure-WapConnector.ps1 -TenantPortalFQDN "tenant.contoso.com" `
        -TenantAPIFQDN "tenantapi.contoso.com" `
        -AzureStackPortalFQDN "portal.local.azurestack.external"
    

    g.g. 若您有多部租用戶入口網站虛擬機器,請在每部虛擬機器上重複步驟 1。If you have multiple tenant portal virtual machines, repeat step 1 for each of these virtual machines.

  2. 在每部 Windows Azure 套件租用戶 API 虛擬機器上安裝新的租用戶 API MSI。Install the new Tenant API MSI on each Windows Azure Pack Tenant API virtual machine.

    a.a. 如果負載平衡器正在使用中,您可能會想要將虛擬機器標示為離線。If a load balancer is in use, you may want to mark the virtual machine as offline.

    b.b. 在 [檔案總管] 中,將 WAPConnector 資料夾複製到每部租用戶 API 機器上名為 c:\temp 的資料夾中。In File Explorer, copy the WAPConnector folder to a folder named c:\temp on each Tenant API machine.

    c.c. 將您稍早儲存的 AzurePackConnectorOutput.txt 檔案複製到 c:\temp\WAPConnectorCopy the AzurePackConnectorOutput.txt file that you saved earlier, to c:\temp\WAPConnector.

    d.d. 開啟對 (您將檔案複製到的) 租用戶 API VM 的主控台或 RDP 連線。Open a Console or RDP connection to the Tenant API VM you copied the files to.

    e.e. 將目錄變更為 c:\temp\wapconnector\setup\scripts,並執行 Update-TenantAPI.ps1Change directories to c:\temp\wapconnector\setup\scripts, and run Update-TenantAPI.ps1. 這個新版本的 WAP 租用戶 API 包含變更,不只可啟用與目前 STS 間的信任關係,還可以啟用與 Azure Stack AD FS 執行個體間的信任關係。This new version of the WAP Tenant API contains a change to enable a trust relationship not only with the current STS, but also with the instance of AD FS in Azure Stack.

    cd C:\temp\wapconnector\setup\packages\
    
    .\Update-TenantAPI.ps1
    

    f.f. 在每部執行租用戶 API 的虛擬機器上重複步驟 2。Repeat step 2 on any other virtual machine running the Tenant API.

  3. 只從其中一部租用戶 API VM 上,執行 Configure-TrustAzureStack.ps1 指令碼,以新增與租用戶 API 和 Azure Stack 上 AD FS 執行個體之間的信任關係。From only one of the Tenant API VMs, run the Configure-TrustAzureStack.ps1 script to add a trust relationship between the Tenant API and the AD FS instance on Azure Stack. 您必須使用對 Microsoft.MgmtSvc.Store 資料庫具有系統管理員存取權的帳戶。You must use an account with sysadmin access to the Microsoft.MgmtSvc.Store database. 此指令碼具有下列參數︰This script has the following parameters:

    參數Parameter 說明Description 範例Example
    SqlServerSqlServer 包含 Microsoft.MgmtSvc.Store 資料庫的 SQL Server 名稱。The name of the SQL Server that contains the Microsoft.MgmtSvc.Store database. 這是必要參數。This parameter is required. SQLServerSQLServer
    DataFileDataFile 此輸出檔是稍早在設定 Azure Stack 多重雲端模式期間所產生的。The output file that was generated during the configuration of the Azure Stack multi-cloud mode earlier. 這是必要參數。This parameter is required. AzurePack-06-27-15-50.txtAzurePack-06-27-15-50.txt
    PromptForSqlCredentialPromptForSqlCredential 表示指令碼應該以互動方式提示您,要連線到 SQL Server 執行個體時所使用的 SQL 驗證認證。Indicates that the script should prompt you interactively for a SQL Authentication credential to use when connecting to the SQL Server instance. 指定的認證必須有足夠的權限,可解除安裝資料庫、結構描述及刪除使用者登入。The given credential must have sufficient permissions to uninstall databases, schemas, and delete user logins. 如果未提供,指令碼會假設目前的使用者內容具有存取權。If none is provided, the script assumes that current user context has access. 不需要任何值。No value is needed.

    如果您不知道要使用的 SQL 伺服器,可以進行探索。If you don't know the SQL Server to use, you can discover it. 請連線到租用戶 API 的電腦,使用 Unprotect-MgmtSvc 命令取消保護租用戶 API Web.config 檔案,並尋找連接字串中的伺服器名稱。Connect to the Tenant API computer, use the Unprotect-MgmtSvc command to unprotect the Tenant API Web.config file, and look for the server name in the connection string. 請記得再次執行 Protect-MgmtSvc 以保護租用戶 API Web.config 檔案。Remember to run Protect-MgmtSvc again to protect the Tenant API Web.config file.

    cd C:\temp\wapconnector\setup\scripts\
    
    .\Configure-TrustAzureStack.ps1 -SqlServer "SQLServer" `
        -DataFile "C:\temp\wapconnector\AzurePackConnectorOutput.txt"
    

範例Example

下列範例會示範在單一節點 Azure Stack 設定下完整的 Windows Azure 套件連接器部署,以及兩種 Windows Azure 套件快速安裝。The following example shows a complete Windows Azure Pack Connector deployment on a single-node Azure Stack configuration and two Windows Azure Pack Express installations. (每種快速安裝都是在單一電腦上,範例名稱為 wapcomputer1wapcomputer2。)(Each Express installation is on a single computer, with the example names wapcomputer1 andwapcomputer2.)

# Run the following script on the Azure Stack host
$cred = New-Object System.Management.Automation.PSCredential("cloudadmin@azurestack.local",`
     (ConvertTo-SecureString -String "p@ssw0rd" -AsPlainText -Force))
$session = New-PSSession -ComputerName 'azs-ercs01' -Credential $cred `
     -ConfigurationName PrivilegedEndpoint -Authentication Credssp

# Enable Multicloud
invoke-command -Session $session -ScriptBlock { Add-AzurePackConnector -AzurePackClouds `
     @{CloudName = "AzurePack_1"; CloudEndpoint = "https://wapcomputer1.contoso.com:40005"},`
     @{CloudName = "AzurePack_2"; CloudEndpoint = "https://wapcomputer2.contoso.com:40005"}`
     -AzureStackCloudName "AzureStack" }  

Microsoft 下載中心下載 .exe 檔案、將其解壓縮,並將 WAPConnector 資料夾複製到 Windows Azure 套件電腦上的 c:\temp 資料夾中。Download the .exe file from the Microsoft Download Center, extract it, and copy the WAPConnector folder to a c:\temp folder on the Windows Azure Pack computer. 將先前指令碼中所產生的輸出檔案 (位於 \\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput) 複製到 c:\temp\WAPConnector 資料夾中。Copy the files that were generated as output in the previous script (located at \\su1fileserver\SU1_Infrastructure_1\AzurePackConnectorOutput) to the c:\temp\WAPConnector folder. (檔案會看起來像這樣:AzurePack-06-27-15-50.txt。)然後執行下列指令碼 (每次一個 Windows Azure 套件執行個體):(The files will looks similar to this: AzurePack-06-27-15-50.txt.) Then, run the following script, once per instance of Windows Azure Pack:

# Install Connector components
cd C:\temp\WAPConnector\Setup\Scripts
.\Install-Connector.ps1

# Configure Certificates for the new Connector services
.\Configure-Certificates.ps1

# Configure the Connector services
.\Configure-WapConnector.ps1 -TenantPortalFQDN "wapcomputer1.contoso.com" `
    -TenantAPIFQDN "wapcomputer1.contoso.com" `
    -AzureStackPortalFQDN "portal.local.azurestack.external"

# Install the updated TenantAPI
.\Update-TenantAPI.ps1

# Establish trust with the Azure Stack AD FS
.\Configure-TrustAzureStack.ps1 -SqlServer "wapcomputer1" `
    -DataFile "C:\temp\wapconnector\AzurePack-06-27-15-50.txt" 

疑難排解秘訣Troubleshooting tips

  1. 確保 Azure Stack 與 Windows Azure 套件之間有網路連線能力。Ensure there is network connectivity between Azure Stack and Windows Azure Pack. 在任何存取 Azure Stack 入口網站的租用戶電腦,與執行新連接器服務的 Windows Azure 套件租用戶入口網站虛擬機器之間,都應具有連線能力。This connectivity should be between any tenant computer that accesses the Azure Stack portal and the Windows Azure Pack tenant portal virtual machine where the new Connector services are running.
  2. 確保所有指定的 FQDN 都正確。Ensure that all specified FQDNs are correct.
  3. 確保 Azure Stack (尤其是 AzS-WASP01 VM) 和任何其他租用戶可用來存取 Azure Stack 使用者入口網站的電腦,都必須信任用於新連接器服務上的 SSL 憑證。Ensure that the SSL certificates used in the new Connector services are trusted by Azure Stack (specifically the AzS-WASP01 VM) and any other computer the tenant may use to access the Azure Stack user portal.
  4. 若要檢閱已知的問題,請參閱 Microsoft Azure Stack 疑難排解For known issues, see Microsoft Azure Stack troubleshooting.

後續步驟Next steps

使用 Azure Stack 中系統管理員和使用者的入口網站Using the administrator and user portals in Azure Stack