資料管理閘道Data Management Gateway

注意

本文適用於 Data Factory 第 1 版。This article applies to version 1 of Data Factory. 如果您使用目前版本的 Data Factory 服務,請參閱 自我裝載整合執行階段If you are using the current version of the Data Factory service, see self-hosted integration runtime in.

注意

資料管理閘道現已更名為「自我裝載整合執行階段」。Data Management Gateway has now been rebranded as Self-hosted Integration Runtime.

資料管理閘道是一個用戶端代理程式,您必須在內部部署環境中部署此代理程式,才能在雲端與內部部署資料存放區之間複製資料。The Data management gateway is a client agent that you must install in your on-premises environment to copy data between cloud and on-premises data stores. 如需 Data Factory 所支援的內部部署資料存放區,請參閱 支援的資料來源 一節。The on-premises data stores supported by Data Factory are listed in the Supported data sources section.

本文是用來補充 在內部部署和雲端資料存放區之間移動資料 一文中的逐步解說。This article complements the walkthrough in the Move data between on-premises and cloud data stores article. 在該逐步解說中,您會建立一個使用閘道將資料從內部部署 SQL Server 資料庫移到 Azure Blob 的管線。In the walkthrough, you create a pipeline that uses the gateway to move data from an on-premises SQL Server database to an Azure blob. 這篇文章提供有關資料管理閘道的詳細深入資訊。This article provides detailed in-depth information about the data management gateway.

您可以將多個內部部署機器關聯到閘道以相應放大資料管理閘道。You can scale out a data management gateway by associating multiple on-premises machines with the gateway. 您可以增加可在節點上同時執行的資料移動作業數目來進行相應增加。You can scale up by increasing number of data movement jobs that can run concurrently on a node. 這項功能也適用於具有單一節點的邏輯閘道。This feature is also available for a logical gateway with a single node. 如需得詳細資料,請參閱在 Azure Data Factory 中調整資料管理閘道一文。See Scaling data management gateway in Azure Data Factory article for details.

注意

目前在 Data Factory 中,閘道器只支援複製活動和預存程序活動。Currently, gateway supports only the copy activity and stored procedure activity in Data Factory. 您不能使用自訂活動中的閘道器來存取內部部署資料來源。It is not possible to use the gateway from a custom activity to access on-premises data sources.

注意

本文已更新為使用新的 Azure PowerShell Az 模組。This article has been updated to use the new Azure PowerShell Az module. AzureRM 模組在至少 2020 年 12 月之前都還會持續收到錯誤 (Bug) 修正,因此您仍然可以持續使用。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要深入了解新的 Az 模組和 AzureRM 的相容性,請參閱新的 Azure PowerShell Az 模組簡介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 如需 Az 模組安裝指示,請參閱安裝 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

總覽Overview

資料管理閘道功能Capabilities of data management gateway

資料管理閘道提供下列功能:Data management gateway provides the following capabilities:

  • 在相同 Data Factory 內建立內部部署資料來源和雲端資料來源的模型及移動資料。Model on-premises data sources and cloud data sources within the same data factory and move data.
  • 具有用於監視和管理的單一窗格,可從 [Data Factory] 頁面看見閘道狀態。Have a single pane of glass for monitoring and management with visibility into gateway status from the Data Factory page.
  • 安全地管理內部部署資料來源的存取權。Manage access to on-premises data sources securely.
    • 不需要變更公司防火牆。No changes required to corporate firewall. 閘道器只會使輸出 HTTP 連線開啟網際網路。Gateway only makes outbound HTTP-based connections to open internet.
    • 利用您的憑證加密內部部署資料存放區的認證。Encrypt credentials for your on-premises data stores with your certificate.
  • 有效率地移動資料 - 資料會以平行方式傳輸,且系統會採用自動重試邏輯,修復間歇性網路問題。Move data efficiently - data is transferred in parallel, resilient to intermittent network issues with auto retry logic.

命令流程和資料流程Command flow and data flow

當您使用複製活動在內部部署與雲端之間複製資料時,該活動會使用閘道將資料從內部部署資料來源轉移到雲端,以及反向操作。When you use a copy activity to copy data between on-premises and cloud, the activity uses a gateway to transfer data from on-premises data source to cloud and vice versa.

以下是利用資料閘道進行複製步驟的高層級資料流和摘要:使用閘道的資料流Here is the high-level data flow for and summary of steps for copy with data gateway: Data flow using gateway

  1. 資料開發人員會使用 Azure 入口網站PowerShell Cmdlet,為 Azure Data Factory 建立閘道器。Data developer creates a gateway for an Azure Data Factory using either the Azure portal or PowerShell Cmdlet.
  2. 資料開發人員會藉由指定閘道,建立內部部署資料存放區的連結服務。Data developer creates a linked service for an on-premises data store by specifying the gateway. 在設定連結服務資料的過程中,開發人員會使用 [設定認證] 應用程式來指定驗證類型和認證。As part of setting up the linked service, data developer uses the Setting Credentials application to specify authentication types and credentials. [設定認證] 應用程式對話方塊將會與資料存放區進行通訊,以測試要儲存認證的連線與閘道。The Setting Credentials application dialog communicates with the data store to test connection and the gateway to save credentials.
  3. 在雲端中儲存認證之前,閘道會利用與閘道 (由資料開發人員提供) 相關聯的憑證加密認證。Gateway encrypts the credentials with the certificate associated with the gateway (supplied by data developer), before saving the credentials in the cloud.
  4. Data Factory 服務會和閘道進行通訊,以透過使用共用 Azure 服務匯流排佇列的控制通道,進行工作的排程和管理。Data Factory service communicates with the gateway for scheduling & management of jobs via a control channel that uses a shared Azure service bus queue. 必須開始複製活動作業時,Data Factory 會將要求和認證資訊一起排入佇列。When a copy activity job needs to be kicked off, Data Factory queues the request along with credential information. 輪詢佇列之後,閘道器隨即啟動。Gateway kicks off the job after polling the queue.
  5. 閘道會利用相同的憑證解密認證,然後利用適當的驗證類型和認證連接到內部部署資料存放區。The gateway decrypts the credentials with the same certificate and then connects to the on-premises data store with proper authentication type and credentials.
  6. 閘道會根據「複製活動」在資料管線中的設定方式,將資料從內部部署存放區複製到雲端儲存體,或反向操作。The gateway copies data from an on-premises store to a cloud storage, or vice versa depending on how the Copy Activity is configured in the data pipeline. 針對這個步驟,閘道會透過安全的 (HTTPS) 通道,直接與雲端式儲存體服務 (例如 Azure Blob 儲存體) 進行通訊。For this step, the gateway directly communicates with cloud-based storage services such as Azure Blob Storage over a secure (HTTPS) channel.

使用閘道的考量Considerations for using gateway

  • 您可以將單一資料管理閘道執行個體用於多個內部部署資料來源。A single instance of data management gateway can be used for multiple on-premises data sources. 不過, 單一閘道執行個體只會繫結至一個 Azure Data Factory ,不能與另一個 Data Factory 共用。However, a single gateway instance is tied to only one Azure data factory and cannot be shared with another data factory.
  • 單一電腦上只能安裝一個資料管理閘道的執行個體You can have only one instance of data management gateway installed on a single machine. 假設您有兩個需要存取內部部署資料來源的 Data Factory,您就需要在兩部內部部署電腦上安裝閘道。Suppose, you have two data factories that need to access on-premises data sources, you need to install gateways on two on-premises computers. 換句話說,閘道會繫結至特定的 Data FactoryIn other words, a gateway is tied to a specific data factory
  • 閘道不一定要在與資料來源相同的電腦上The gateway does not need to be on the same machine as the data source. 不過,讓閘道較靠近資料來源可縮短閘道連線到資料來源的時間。However, having gateway closer to the data source reduces the time for the gateway to connect to the data source. 建議您將閘道安裝在與裝載內部部署資料來源的機器不同的機器上。We recommend that you install the gateway on a machine that is different from the one that hosts on-premises data source. 當閘道和資料來源位於不同的機器上時,閘道才不會與資料來源爭奪資源。When the gateway and data source are on different machines, the gateway does not compete for resources with data source.
  • 您可以有「多個閘道器在不同電腦上,但連接至相同的內部部署資料來源」 。You can have multiple gateways on different machines connecting to the same on-premises data source. 例如,您可能有兩個閘道器用於服務兩個 Data Factory,但相同的內部部署資料來源都向這兩個 Data Factory 註冊。For example, you may have two gateways serving two data factories but the same on-premises data source is registered with both the data factories.
  • 若您已在電腦上安裝用於 Power BI 案例的閘道器,請於另一台電腦上安裝另一個用於 Azure Data Factory 的閘道器If you already have a gateway installed on your computer serving a Power BI scenario, install a separate gateway for Azure Data Factory on another machine.
  • 即使您使用 ExpressRoute,也必須使用閘道。Gateway must be used even when you use ExpressRoute.
  • 即使您使用 ExpressRoute,也應該將資料來源視為內部部署資料來源 (亦即在防火牆後面)。Treat your data source as an on-premises data source (that is behind a firewall) even when you use ExpressRoute. 請使用閘道來建立服務與資料來源之間的連線。Use the gateway to establish connectivity between the service and the data source.
  • 您必須使用閘道,即使資料存放區位於 Azure IaaS VM 上的雲端中。You must use the gateway even if the data store is in the cloud on an Azure IaaS VM.

安裝Installation

先決條件Prerequisites

  • 支援的 作業系統 版本包括 Windows 7、Windows 8/8.1、Windows 10、Windows Server 2008 R2、Windows Server 2012、Windows Server 2012 R2。The supported Operating System versions are Windows 7, Windows 8/8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2. 目前不支援在網域控制站上安裝資料管理閘道。Installation of the data management gateway on a domain controller is currently not supported.
  • 必須有 .NET Framework 4.5.1 或更新版本。.NET Framework 4.5.1 or above is required. 如果您要在 Windows 7 電腦上安裝閘道,請安裝 .NET Framework 4.5 或更新版本。If you are installing gateway on a Windows 7 machine, install .NET Framework 4.5 or later. 如需詳細資訊,請參閱 .NET Framework 系統需求See .NET Framework System Requirements for details.
  • 建議的閘道機器「組態」 為至少 2 GHz、4 核心、8 GB RAM 和 80 GB 磁碟。The recommended configuration for the gateway machine is at least 2 GHz, 4 cores, 8-GB RAM, and 80-GB disk.
  • 如果主機電腦休眠,閘道器不會回應資料要求。If the host machine hibernates, the gateway does not respond to data requests. 因此,安裝閘道器之前,請先在電腦上設定適當的「電源計劃」 。Therefore, configure an appropriate power plan on the computer before installing the gateway. 如果電腦已設定為休眠,安裝閘道時會提示訊息。If the machine is configured to hibernate, the gateway installation prompts a message.
  • 您必須是電腦上的系統管理員,才能成功安裝和設定資料管理閘道。You must be an administrator on the machine to install and configure the data management gateway successfully. 您可以將其他使用者新增至資料管理閘道使用者本機 Windows 群組。You can add additional users to the data management gateway Users local Windows group. 此群組的成員可以使用資料管理閘道組態管理員工具來設定閘道器。The members of this group are able to use the Data Management Gateway Configuration Manager tool to configure the gateway.

因為複製活動執行會以特定的頻率發生,在電腦上的資源使用量 (CPU、記憶體) 也會遵循與尖峰和閒置時間相同的模式。As copy activity runs happen on a specific frequency, the resource usage (CPU, memory) on the machine also follows the same pattern with peak and idle times. 資源使用率也仰賴要移動的資料量。Resource utilization also depends heavily on the amount of data being moved. 如果有多個複製作業正在進行,您會看到資源使用量在尖峰時段增加。When multiple copy jobs are in progress, you see resource usage go up during peak times.

安裝選項Installation options

可以用下列方式安裝資料管理閘道:Data management gateway can be installed in the following ways:

  • Microsoft 下載中心下載 MSI 安裝套件。By downloading an MSI setup package from the Microsoft Download Center. MSI 也可用來將現有的資料管理閘道升級至最新的版本,並保留所有設定。The MSI can also be used to upgrade existing data management gateway to the latest version, with all settings preserved.
  • 按一下 [手動設定] 底下的 [下載並安裝資料閘道] 連結,或 [快速安裝] 之下的 [直接安裝在此電腦上] 。By clicking Download and install data gateway link under MANUAL SETUP or Install directly on this computer under EXPRESS SETUP. 如需使用快速安裝的逐步指示,請參閱 在內部部署與雲端之間移動資料 一文。See Move data between on-premises and cloud article for step-by-step instructions on using express setup. 手動步驟會帶您前往下載中心。The manual step takes you to the download center. 下一節會提供從下載中心下載並安裝閘道的指示。The instructions for downloading and installing the gateway from download center are in the next section.

安裝最佳作法:Installation best practices:

  1. 為閘道器設定主機電腦上的電源計劃,使電腦不休眠。Configure power plan on the host machine for the gateway so that the machine does not hibernate. 如果主機電腦休眠,閘道器不會回應資料要求。If the host machine hibernates, the gateway does not respond to data requests.
  2. 請備份與閘道器相關聯的憑證。Back up the certificate associated with the gateway.

從下載中心安裝閘道Install the gateway from download center

  1. 瀏覽至 Microsoft 資料管理閘道下載頁面Navigate to Microsoft Data Management Gateway download page.
  2. 按一下 [下載,選取64 位元版本 (不再支援 32 位元),然後按一下下一步]Click Download, select the 64-bit version (32-bit is no more supported), and click Next.
  3. 直接執行 MSI 或將它儲存至您的硬碟並執行。Run the MSI directly or save it to your hard disk and run.
  4. 在 [歡迎] 頁面上,選取一個語言,然後按 [下一步] 。On the Welcome page, select a language click Next.
  5. 接受使用者授權合約,然後按 [下一步] 。Accept the End-User License Agreement and click Next.
  6. 選取要安裝閘道的資料夾,然後按 [下一步] 。Select folder to install the gateway and click Next.
  7. 在 [準備安裝] 頁面上,按一下 [安裝] 。On the Ready to install page, click Install.
  8. 按一下 [完成] 來完成安裝。Click Finish to complete installation.
  9. 從 Azure 入口網站取得金鑰。Get the key from the Azure portal. 如需逐步指示,請參閱下一節。See the next section for step-by-step instructions.
  10. 在您機器上執行的資料管理閘道組態管理員中的 [註冊閘道器] 頁面上,執行下列步驟:On the Register gateway page of Data Management Gateway Configuration Manager running on your machine, do the following steps:
    1. 將金鑰貼在文字中。Paste the key in the text.
    2. (選擇性) 按一下 [顯示閘道器金鑰] 以查看金鑰文字。Optionally, click Show gateway key to see the key text.
    3. 按一下 [註冊] 。Click Register.

使用金鑰註冊閘道Register gateway using key

如果您尚未在入口網站中建立邏輯閘道If you haven't already created a logical gateway in the portal

若要在入口網站中建立閘道並從 [設定] 頁面取得金鑰,請依照在內部部署和雲端之間移動資料一文中的逐步解說步驟操作。To create a gateway in the portal and get the key from the Configure page, Follow steps from walkthrough in the Move data between on-premises and cloud article.

如果您已經在入口網站中建立邏輯閘道If you have already created the logical gateway in the portal

  1. 在 Azure 入口網站中,瀏覽至 [Data Factory] 頁面,然後按一下 [連結服務] 圖格。In Azure portal, navigate to the Data Factory page, and click Linked Services tile.

    Data Factory 頁面

  2. 在 [已連結的服務] 頁面中,選取您在入口網站中建立的邏輯閘道In the Linked Services page, select the logical gateway you created in the portal.

    邏輯閘道

  3. 在 [資料閘道] 頁面中,按一下 [下載並安裝資料閘道] 。In the Data Gateway page, click Download and install data gateway.

    入口網站中的下載連結

  4. 在 [設定] 頁面中,按一下 [重新建立金鑰] 。In the Configure page, click Recreate key. 在仔細閱讀警告訊息後,請按一下 [是]。Click Yes on the warning message after reading it carefully.

    重新建立索引鍵

  5. 按一下金鑰旁的 [複製] 按鈕。Click Copy button next to the key. 金鑰會複製到剪貼簿中。The key is copied to the clipboard.

    複製金鑰

系統匣圖示/通知System tray icons/ notifications

下圖顯示您會看到的某些系統匣圖示。The following image shows some of the tray icons that you see.

系統匣圖示

如果您將游標放在系統匣圖示/通知訊息上,您會在快顯視窗中看到閘道/更新作業的狀態詳細資料。If you move cursor over the system tray icon/notification message, you see details about the state of the gateway/update operation in a popup window.

連接埠和防火牆Ports and firewall

有兩個您需要考量的防火牆:在組織的中央路由器上執行的公司防火牆,以及在已安裝閘道的本機電腦上設定為精靈的 Windows 防火牆There are two firewalls you need to consider: corporate firewall running on the central router of the organization, and Windows firewall configured as a daemon on the local machine where the gateway is installed.

防火牆

在公司防火牆層級,您需要設定下列網域和輸出連接埠:At corporate firewall level, you need configure the following domains and outbound ports:

網域名稱Domain names 連接埠Ports 描述Description
*.servicebus.windows.net*.servicebus.windows.net 443443 用於與「資料移動服務」後端進行通訊Used for communication with Data Movement Service backend
*.core.windows.net*.core.windows.net 443443 用於使用 Azure Blob 的分段複製 (如果已設定)Used for Staged copy using Azure Blob (if configured)
*.frontend.clouddatahub.net*.frontend.clouddatahub.net 443443 用於與「資料移動服務」後端進行通訊Used for communication with Data Movement Service backend
*.servicebus.windows.net*.servicebus.windows.net 9350-9354, 56719350-9354, 5671 透過 TCP 的選擇性服務匯流排轉送,由複製精靈所使用Optional service bus relay over TCP used by the Copy Wizard

Windows 防火牆層級通常會啟用這些輸出連接埠。At Windows firewall level, these outbound ports are normally enabled. 如果沒有,您可以在閘道電腦上相應地設定網域和連接埠。If not, you can configure the domains and ports accordingly on gateway machine.

注意

  1. 視您的來源/接收器而定,您可能需要將額外的網域和輸出連接埠加到您公司/Windows 防火牆的允許清單中。Based on your source/ sinks, you may have to whitelist additional domains and outbound ports in your corporate/Windows firewall.
  2. 對於某些「雲端資料庫」(例如:Azure SQL DatabaseAzure Data Lake 等),您可能需要將閘道電腦的 IP 位址加到其防火牆組態的白名單中。For some Cloud Databases (For example: Azure SQL Database, Azure Data Lake, etc.), you may need to whitelist IP address of Gateway machine on their firewall configuration.

將資料從來源資料存放區複製到接收資料存放區Copy data from a source data store to a sink data store

請確定在公司防火牆、閘道機器上的 Windows 防火牆及資料存放區本身都已正確啟用防火牆規則。Ensure that the firewall rules are enabled properly on the corporate firewall, Windows firewall on the gateway machine, and the data store itself. 啟用這些規則可讓閘道成功連接到來源和接收器。Enabling these rules allows the gateway to connect to both source and sink successfully. 請為複製作業所涉及的每個資料存放區啟用規則。Enable rules for each data store that is involved in the copy operation.

例如,若要 從內部部署資料存放區複製到 Azure SQL Database 接收器或 Azure SQL 資料倉儲接收器,執行下列步驟︰For example, to copy from an on-premises data store to an Azure SQL Database sink or an Azure SQL Data Warehouse sink, do the following steps:

  • 在 Windows 防火牆和公司防火牆的通訊埠 1433 上都允許進行輸出 TCP 通訊。Allow outbound TCP communication on port 1433 for both Windows firewall and corporate firewall.
  • 設定 Azure SQL 伺服器的防火牆設定,將閘道機器的 IP 位址新增到允許的 IP 位址清單中。Configure the firewall settings of Azure SQL server to add the IP address of the gateway machine to the list of allowed IP addresses.

注意

如果您的防火牆不允許使用輸出連接埠 1433,閘道將無法直接存取 Azure SQL。If your firewall does not allow outbound port 1433, Gateway can't access Azure SQL directly. 在此情況下,您可以使用分段複製來移到 SQL Azure Database/SQL Azure DW。In this case, you may use Staged Copy to SQL Azure Database/ SQL Azure DW. 在此案例中,您只需要 HTTPS (連接埠 443) 即可進行資料移動。In this scenario, you would only require HTTPS (port 443) for the data movement.

Proxy 伺服器考量Proxy server considerations

如果您的公司網路環境使用 Proxy 伺服器來存取網際網路,請將資料管理閘道設定為使用適當的 Proxy 設定。If your corporate network environment uses a proxy server to access the internet, configure data management gateway to use appropriate proxy settings. 您可以在初始註冊階段期間設定 Proxy。You can set the proxy during the initial registration phase.

在註冊期間設定 Proxy

閘道會使用 Proxy 伺服器來連線到雲端服務。Gateway uses the proxy server to connect to the cloud service. 進行初始設定時,按一下 [變更] 連結。Click Change link during initial setup. 您會看到 [Proxy 設定] 對話方塊。You see the proxy setting dialog.

使用組態管理員來設定 Proxy

有三個組態選項:There are three configuration options:

  • 不使用 Proxy︰閘道不會明確地使用任何 Proxy 來連線到雲端服務。Do not use proxy: Gateway does not explicitly use any proxy to connect to cloud services.
  • 使用系統 Proxy:閘道會使用 diahost.exe.config 和 diawp.exe.config 中設定的 Proxy 設定。如果 diahost.exe.config 和 diawp.exe.config 中未設定任何 Proxy,閘道就會直接連線到雲端服務而不經由 Proxy。Use system proxy: Gateway uses the proxy setting that is configured in diahost.exe.config and diawp.exe.config. If no proxy is configured in diahost.exe.config and diawp.exe.config, gateway connects to cloud service directly without going through proxy.
  • 使用自訂 Proxy:設定要用於閘道的 HTTP Proxy 設定,而不使用 diahost.exe.config 和 diawp.exe.config 中的組態。必須指定「IP 位址」和「連接埠」。Use custom proxy: Configure the HTTP proxy setting to use for gateway, instead of using configurations in diahost.exe.config and diawp.exe.config. Address and Port are required. 「使用者名稱」和「密碼」則為選擇性,需視您的 Proxy 驗證設定而定。User Name and Password are optional depending on your proxy's authentication setting. 所有設定都會由閘道的認證憑證予以加密,並儲存在閘道主機機器的本機。All settings are encrypted with the credential certificate of the gateway and stored locally on the gateway host machine.

在您儲存已更新的 Proxy 設定之後,資料管理閘道主機服務會自動重新啟動。The data management gateway Host Service restarts automatically after you save the updated proxy settings.

在成功註冊閘道之後,如果您想要檢視或更新 Proxy 設定,請使用「資料管理閘道組態管理員」。After gateway has been successfully registered, if you want to view or update proxy settings, use Data Management Gateway Configuration Manager.

  1. 啟動 資料管理閘道器組態管理員Launch Data Management Gateway Configuration Manager.
  2. 切換到 [設定] 索引標籤。Switch to the Settings tab.
  3. 按一下 [HTTP Proxy] 區段中的 [變更] 連結,以啟動 [設定 HTTP Proxy] 對話方塊。Click Change link in HTTP Proxy section to launch the Set HTTP Proxy dialog.
  4. 按 [下一步] 按鈕之後,您會看到一個警告對話方塊,此對話方塊會向您請求權限來儲存 Proxy 設定及重新啟動「閘道主機服務」。After you click the Next button, you see a warning dialog asking for your permission to save the proxy setting and restart the Gateway Host Service.

您可以使用「組態管理員」工具來更新 HTTP Proxy。You can view and update HTTP proxy by using Configuration Manager tool.

使用組態管理員來設定 Proxy

注意

如果您為 Proxy 伺服器設定了 NTLM 驗證,「閘道主機服務」就會以網域帳戶執行。If you set up a proxy server with NTLM authentication, Gateway Host Service runs under the domain account. 如果您稍後變更網域帳戶的密碼,請記得更新服務的組態設定並相應地將它重新啟動。If you change the password for the domain account later, remember to update configuration settings for the service and restart it accordingly. 基於這項需求,建議您使用不需要經常更新密碼的專用網域帳戶來存取 Proxy 伺服器。Due to this requirement, we suggest you use a dedicated domain account to access the proxy server that does not require you to update the password frequently.

設定 Proxy 伺服器設定Configure proxy server settings

如果您為 HTTP Proxy 選取 [使用系統 Proxy] 設定,閘道就會使用 diahost.exe.config 和 diawp.exe.config 中的 Proxy 設定。如果 diahost.exe.config 和 diawp.exe.config 中未指定任何 Proxy,閘道就會直接連線到雲端服務而不經由 Proxy。If you select Use system proxy setting for the HTTP proxy, gateway uses the proxy setting in diahost.exe.config and diawp.exe.config. If no proxy is specified in diahost.exe.config and diawp.exe.config, gateway connects to cloud service directly without going through proxy. 下列程序說明如何更新 diahost.exe.config 檔案。The following procedure provides instructions for updating the diahost.exe.config file.

  1. 在 [檔案總管] 中,建立的安全複c:\\Program Files\Microsoft 資料管理閘道\2.0\共用\diahost.exe.config至備份原始的檔案。In File Explorer, make a safe copy of C:\\Program Files\Microsoft Data Management Gateway\2.0\Shared\diahost.exe.config to back up the original file.

  2. 系統管理員身分啟動 Notepad.exe,並開啟文字檔c:\\Program Files\Microsoft 資料管理閘道\2.0\共用\diahost.exe.config。您會在以下程式碼中看見 system.net 的預設標籤:Launch Notepad.exe running as administrator, and open text file C:\\Program Files\Microsoft Data Management Gateway\2.0\Shared\diahost.exe.config. You find the default tag for system.net as shown in the following code:

    <system.net>
        <defaultProxy useDefaultCredentials="true" />
    </system.net>
    

    接著,您可以新增 Proxy 伺服器詳細資料,如以下範例所示:You can then add proxy server details as shown in the following example:

    <system.net>
        <defaultProxy enabled="true">
            <proxy bypassonlocal="true" proxyaddress="http://proxy.domain.org:8888/" />
        </defaultProxy>
    </system.net>
    

    在 Proxy 標記內可以有其他屬性,用以指定必要的設定,例如 scriptLocation。Additional properties are allowed inside the proxy tag to specify the required settings like scriptLocation. 請參閱 Proxy 項目 (網路設定) 以了解語法。Refer to proxy Element (Network Settings) on syntax.

    <proxy autoDetect="true|false|unspecified" bypassonlocal="true|false|unspecified" proxyaddress="uriString" scriptLocation="uriString" usesystemdefault="true|false|unspecified "/>
    
  3. 將組態檔儲存到原始位置中,然後重新啟動「資料管理閘道主機服務」以套用變更。Save the configuration file into the original location, then restart the Data Management Gateway Host service, which picks up the changes. 重新啟動服務:使用 [控制台] 中的 [服務] 小程式,或是從 [資料管理閘道組態管理員] > 按一下 [停止服務] 按鈕,然後按一下 [啟動服務] 。To restart the service: use services applet from the control panel, or from the Data Management Gateway Configuration Manager > click the Stop Service button, then click the Start Service. 如果服務未啟動,可能因為在已編輯的應用程式組態檔中加入了不正確的 XML 標記語法。If the service does not start, it is likely that an incorrect XML tag syntax has been added into the application configuration file that was edited.

重要

別忘了「同時」 更新 diahost.exe.config 和 diawp.exe.config。Do not forget to update both diahost.exe.config and diawp.exe.config.

除了這幾點以外,您也必須確定 Microsoft Azure 包含在公司的允許清單中。In addition to these points, you also need to make sure Microsoft Azure is in your company's whitelist. 如需有效的 Microsoft Azure IP 位址清單,可從 Microsoft 下載中心下載。The list of valid Microsoft Azure IP addresses can be downloaded from the Microsoft Download Center.

如果發生類似以下的錯誤,有可能是因為防火牆或 Proxy 伺服器的組態不正確,使得閘道無法連線到 Data Factory 來進行自我驗證。If you encounter errors similar to the following ones, it is likely due to improper configuration of the firewall or proxy server, which blocks gateway from connecting to Data Factory to authenticate itself. 請參閱上一節,以確保您的防火牆和 Proxy 伺服器的設定皆正確。Refer to previous section to ensure your firewall and proxy server are properly configured.

  1. 當您嘗試註冊閘道時,您會收到下列錯誤:「無法註冊閘道金鑰。When you try to register the gateway, you receive the following error: "Failed to register the gateway key. 再次嘗試註冊閘道器金鑰之前,請確認資料管理閘道已處於連線狀態,且已啟動資料管理閘道主機服務。」Before trying to register the gateway key again, confirm that the data management gateway is in a connected state and the Data Management Gateway Host Service is Started."
  2. 當您開啟「組態管理員」時,您會看到「已中斷連線」或「正在連線」狀態。When you open Configuration Manager, you see status as "Disconnected" or "Connecting." 檢視 Windows 事件記錄時,在 [事件檢視器] > [應用程式和服務記錄] > [資料管理閘道] 下,您會看到如以下的錯誤訊息:Unable to connect to the remote server A component of Data Management Gateway has become unresponsive and restarts automatically. Component name: Gateway.When viewing Windows event logs, under "Event Viewer" > "Application and Services Logs" > "Data Management Gateway", you see error messages such as the following error: Unable to connect to the remote server A component of Data Management Gateway has become unresponsive and restarts automatically. Component name: Gateway.

開啟用於認證加密的連接埠 8050Open port 8050 for credential encryption

當您在 Azure 入口網站中設定了內部部署連結服務時,設定認證應用程式會使用輸入連接埠 8050 將認證轉送到閘道。The Setting Credentials application uses the inbound port 8050 to relay credentials to the gateway when you set up an on-premises linked service in the Azure portal. 閘道設定期間,閘道安裝預設會在閘道電腦上開啟此連接埠。During gateway setup, by default, the gateway installation opens it on the gateway machine.

如果您使用協力廠商的防火牆,則可以手動開啟連接埠 8050。If you are using a third-party firewall, you can manually open the port 8050. 如果您在設定閘道時遇到防火牆問題,您可以嘗試使用下列命令來安裝閘道,而不設定防火牆。If you run into firewall issue during gateway setup, you can try using the following command to install the gateway without configuring the firewall.

msiexec /q /i DataManagementGateway.msi NOFIREWALL=1

如果您選擇不開啟閘道機器上的連接埠 8050,則請使用「設定認證」 應用程式以外的機制來設定資料存放區認證。If you choose not to open the port 8050 on the gateway machine, use mechanisms other than using the Setting Credentials application to configure data store credentials. 例如,您可以使用新增 AzDataFactoryEncryptValue PowerShell cmdlet。For example, you could use New-AzDataFactoryEncryptValue PowerShell cmdlet. 若要了解如何設定資料存放區認證,請參閱<設定認證和安全性>一節。See Setting Credentials and Security section on how data store credentials can be set.

UpdateUpdate

根據預設,資料管理閘道會在有更新版本的閘道時自動進行更新。By default, data management gateway is automatically updated when a newer version of the gateway is available. 在所有排定的工作完成前,閘道不會進行更新。The gateway is not updated until all the scheduled tasks are done. 更新作業完成後,閘道才會處理後續的工作。No further tasks are processed by the gateway until the update operation is completed. 如果更新失敗,閘道會回復為舊版本。If the update fails, gateway is rolled back to the old version.

您會在下列位置看到已排定的更新時間︰You see the scheduled update time in the following places:

  • Azure 入口網站中的 [閘道屬性] 頁面。The gateway properties page in the Azure portal.
  • 「資料管理閘道組態管理員」的 [首頁]。Home page of the Data Management Gateway Configuration Manager
  • 系統匣通知訊息。System tray notification message.

「資料管理閘道組態管理員」的 [首頁] 索引標籤會顯示更新排程,以及上次安裝/更新閘道的時間。The Home tab of the Data Management Gateway Configuration Manager displays the update schedule and the last time the gateway was installed/updated.

更新排程

您可以立即安裝更新,或等候閘道在排定時間自動更新。You can install the update right away or wait for the gateway to be automatically updated at the scheduled time. 例如,下圖顯示的是「閘道組態管理員」中所顯示的通知訊息以及 [更新] 按鈕,按一下此按鈕即可立即安裝更新。For example, the following image shows you the notification message shown in the Gateway Configuration Manager along with the Update button that you can click to install it immediately.

DMG 組態管理員中的更新

系統匣中的通知訊息看起來就像下圖:The notification message in the system tray would look as shown in the following image:

系統匣訊息

您會在系統匣中看到更新作業 (手動或自動) 的狀態。You see the status of update operation (manual or automatic) in the system tray. 下次啟動「閘道組態管理員」時,您會在通知列上看到指出閘道已更新的訊息,以及一個連到 新功能主題的連結。When you launch Gateway Configuration Manager next time, you see a message on the notification bar that the gateway has been updated along with a link to what's new topic.

停用/啟用自動更新功能To disable/enable auto-update feature

您可以執行下列步驟來停用/啟用自動更新功能:You can disable/enable the auto-update feature by doing the following steps:

[適用於單一節點閘道][For single node gateway]

  1. 在閘道電腦上啟動 Windows PowerShell。Launch Windows PowerShell on the gateway machine.

  2. 若要切換c:\\Program Files\Microsoft Integration Runtime\3.0\PowerShellScript\ 資料夾。Switch to the C:\\Program Files\Microsoft Integration Runtime\3.0\PowerShellScript\ folder.

  3. 執行下列命令,將自動更新功能關閉 (停用)。Run the following command to turn the auto-update feature OFF (disable).

    .\IntegrationRuntimeAutoUpdateToggle.ps1 -off
    
  4. 若要將它重新開啟:To turn it back on:

    .\IntegrationRuntimeAutoUpdateToggle.ps1 -on
    

    適用於多節點高度可用且可調整的閘道For multi-node highly available and scalable gateway

  5. 在閘道電腦上啟動 Windows PowerShell。Launch Windows PowerShell on the gateway machine.

  6. 若要切換c:\\Program Files\Microsoft Integration Runtime\3.0\PowerShellScript\ 資料夾。Switch to the C:\\Program Files\Microsoft Integration Runtime\3.0\PowerShellScript\ folder.

  7. 執行下列命令,將自動更新功能關閉 (停用)。Run the following command to turn the auto-update feature OFF (disable).

    對於具備高可用性功能的閘道,需要額外的 AuthKey 參數。For gateway with high availability feature, an extra AuthKey param is required.

    .\IntegrationRuntimeAutoUpdateToggle.ps1 -off -AuthKey <your auth key>
    
  8. 若要將它重新開啟:To turn it back on:

    .\IntegrationRuntimeAutoUpdateToggle.ps1 -on -AuthKey <your auth key>
    

組態管理員Configuration Manager

安裝閘道後,您可以用下列方式啟動 [資料管理閘道組態管理員]:Once you install the gateway, you can launch Data Management Gateway Configuration Manager in one of the following ways:

  1. 在 [搜尋] 視窗中,輸入資料管理閘道以存取這個公用程式。In the Search window, type Data Management Gateway to access this utility.
  2. 在以下資料夾中執行 ConfigManager.exe 執行檔:C:\\程式檔案\Microsoft 資料管理閘道器\2.0\共用Run the executable ConfigManager.exe in the folder: C:\\Program Files\Microsoft Data Management Gateway\2.0\Shared.

首頁Home page

首頁可讓您執行下列動作︰The Home page allows you to do the following actions:

  • 檢視閘道的狀態 (連接至雲端服務等)。View status of the gateway (connected to the cloud service etc.).
  • Register using a key from the portal.
  • 在閘道電腦上停止後啟動 [資料管理閘道主機服務] 。Stop and start the Data Management Gateway Host service on the gateway machine.
  • 更新排程Schedule updates at a specific time of the days.
  • 檢視閘道 上次更新時的日期。View the date when the gateway was last updated.

設定頁面Settings page

[設定] 頁面可讓您執行下列動作︰The Settings page allows you to do the following actions:

  • 檢視、變更及匯出閘道所使用的 憑證View, change, and export certificate used by the gateway. 此憑證用來加密資料來源認證。This certificate is used to encrypt data source credentials.
  • 變更端點的 HTTPS 連接埠Change HTTPS port for the endpoint. 閘道會開啟一個連接埠,以便設定資料來源認證。The gateway opens a port for setting the data source credentials.
  • 狀態Status of the endpoint
  • 檢視 [SSL 憑證] 用於入口網站與閘道之間的 SSL 通訊,以設定資料來源的認證。View SSL certificate is used for SSL communication between portal and the gateway to set credentials for data sources.

來自內部網路的遠端存取Remote access from intranet

未來將會啟用此功能。This functionality will be enabled in the future. 在即將推出的更新 (v3.4 或更新版本) 中,我們將讓您啟用/停用任何目前使用連接埠 8050 來進行的遠端連線 (請參閱上一節),同時使用 PowerShell 或「認證管理員」應用程式來加密認證。In the upcoming updates (v3.4 or later) we will let you enable/ disable any remote connectivity that today happens using port 8050 (see section above) while using PowerShell or Credential Manager application for encrypting credentials.

診斷頁面Diagnostics page

[診斷] 頁面可讓您執行下列動作︰The Diagnostics page allows you to do the following actions:

  • 啟用詳細資訊 記錄、在事件檢視器中檢視記錄檔,以及有失敗時將記錄檔傳送給 Microsoft。Enable verbose logging, view logs in event viewer, and send logs to Microsoft if there was a failure.
  • 測試連線 (對資料來源的連線)。Test connection to a data source.

Help pageHelp page

[說明] 頁面會顯示以下資訊:The Help page displays the following information:

  • 閘道的簡短說明。Brief description of the gateway
  • 版本號碼Version number
  • 線上說明、隱私權聲明及授權合約的連結。Links to online help, privacy statement, and license agreement.

在入口網站中監視閘道Monitor gateway in the portal

在 Azure 入口網站中,您可以檢視閘道機器近乎即時的資源使用率 (CPU、記憶體、網路 (輸入/輸出) 等) 快照集。In the Azure portal, you can view near-real time snapshot of resource utilization (CPU, memory, network(in/out), etc.) on a gateway machine.

  1. 在 Azure 入口網站中,瀏覽至您資料處理站的首頁,然後按一下 [已連結的服務] 圖格。In Azure portal, navigate to the home page for your data factory, and click Linked services tile.

    Data Factory 首頁

  2. 在 [已連結的服務] 頁面中選取閘道Select the gateway in the Linked services page.

    [已連結的服務] 頁面

  3. 在 [閘道] 頁面中,您可以看到閘道的記憶體和 CPU 使用量。In the Gateway page, you can see the memory and CPU usage of the gateway.

    閘道的 CPU 和記憶體使用量

  4. 啟用 [進階設定] 可查看更多詳細資料,例如網路使用量。Enable Advanced settings to see more details such as network usage.

    閘道的進階監視

下表說明 [閘道節點] 清單中的資料行:The following table provides descriptions of columns in the Gateway Nodes list:

監視屬性Monitoring Property 描述Description
名稱Name 邏輯閘道和閘道相關聯節點的名稱。Name of the logical gateway and nodes associated with the gateway. 節點是安裝了閘道的內部部署 Windows 機器。Node is an on-premises Windows machine that has the gateway installed on it. 若要了解如何在單一邏輯閘道中擁有一個以上的節點 (最多四個節點),請參閱資料管理閘道 - 高可用性和延展性For information on having more than one node (up to four nodes) in a single logical gateway, see Data Management Gateway - high availability and scalability.
狀態Status 邏輯閘道和閘道節點的狀態。Status of the logical gateway and the gateway nodes. 範例:線上/離線/受限制/等等。如需這些狀態的相關資訊,請參閱閘道狀態一節。Example: Online/Offline/Limited/etc. For information about these statuses, See Gateway status section.
VersionVersion 顯示邏輯閘道和每個閘道節點的版本。Shows the version of the logical gateway and each gateway node. 邏輯閘道的版本取決於群組中大多數節點的版本。The version of the logical gateway is determined based on version of majority of nodes in the group. 如果邏輯閘道設定中有不同版本的節點,則只有版本號碼和邏輯閘道相同的節點會正常運作。If there are nodes with different versions in the logical gateway setup, only the nodes with the same version number as the logical gateway function properly. 其他節點會進入受限制模式,並需要加以手動更新 (如果自動更新失敗才需要這麼做)。Others are in the limited mode and need to be manually updated (only in case auto-update fails).
可用的記憶體Available memory 閘道節點上可用的記憶體。Available memory on a gateway node. 這個值是近乎即時的快照集。This value is a near real-time snapshot.
CPU 使用率CPU utilization 閘道節點的 CPU 使用率。CPU utilization of a gateway node. 這個值是近乎即時的快照集。This value is a near real-time snapshot.
網路功能 (輸入/輸出)Networking (In/Out) 閘道節點的網路使用率。Network utilization of a gateway node. 這個值是近乎即時的快照集。This value is a near real-time snapshot.
並行作業 (執行中/限制)Concurrent Jobs (Running/ Limit) 每個節點上執行的作業或工作數目。Number of jobs or tasks running on each node. 這個值是近乎即時的快照集。This value is a near real-time snapshot. 限制表示每個節點的最大並行作業數。Limit signifies the maximum concurrent jobs for each node. 這個值會根據機器大小來定義。This value is defined based on the machine size. 您可以提高限制以在進階案例 (CPU/記憶體/網路並未充分使用,但活動會逾時的案例) 中相應增加並行作業執行能力。單一節點的閘道也能擁有這樣的能力 (即使該閘道尚未啟用延展性和可用性功能)。You can increase the limit to scale up concurrent job execution in advanced scenarios, where CPU/memory/network is under-utilized, but activities are timing out. This capability is also available with a single-node gateway (even when the scalability and availability feature is not enabled).
RoleRole 多節點閘道中的角色有兩種 - 發送器和背景工作角色。There are two types of roles in a multi-node gateway - Dispatcher and worker. 所有節點都是背景工作角色,這表示它們全都能用來執行作業。All nodes are workers, which means they can all be used to execute jobs. 發送器節點只有一個,可用來提取雲端服務中的工作/作業,並發送到不同的背景工作節點 (包括發送器節點本身)。There is only one dispatcher node, which is used to pull tasks/jobs from cloud services and dispatch them to different worker nodes (including itself).

當閘道中有兩個以上的節點 (相應放大案例) 時,您會在此頁面中看到某些更合理的設定。In this page, you see some settings that make more sense when there are two or more nodes (scale out scenario) in the gateway. 如需設定多節點閘道的詳細資料,請參閱資料管理閘道 - 高可用性和延展性See Data Management Gateway - high availability and scalability for details about setting up a multi-node gateway.

閘道狀態Gateway status

下表提供閘道節點的可能狀態:The following table provides possible statuses of a gateway node:

狀態Status 註解/案例Comments/Scenarios
線上Online 節點已連線至 Data Factory 服務。Node connected to Data Factory service.
離線Offline 節點已離線。Node is offline.
升級中Upgrading 節點正在自動更新。The node is being auto-updated.
限制Limited 由於連線問題。Due to Connectivity issue. 可能是因為 HTTP 連接埠 8050 問題、服務匯流排連線問題或認證同步問題。May be due to HTTP port 8050 issue, service bus connectivity issue, or credential sync issue.
非使用中Inactive 節點所在的組態不同於其他大多數節點的組態。Node is in a configuration different from the configuration of other majority nodes.

節點無法連線至其他節點時,便會處於非使用中狀態。A node can be inactive when it cannot connect to other nodes.

下表提供邏輯閘道的可能狀態。The following table provides possible statuses of a logical gateway. 閘道的狀態取決於閘道節點的狀態。The gateway status depends on statuses of the gateway nodes.

狀態Status 註解Comments
需要註冊Needs Registration 此邏輯閘道還沒有已註冊的節點No node is yet registered to this logical gateway
線上Online 閘道節點已連線Gateway Nodes are online
離線Offline 沒有處於線上狀態的節點。No node in online status.
限制Limited 此閘道中的節點並非全都處於健康情況良好的狀態。Not all nodes in this gateway are in healthy state. 這個狀態是某些節點可能會關閉的警告!This status is a warning that some node might be down!

可能是因為發送器/背景工作節點有認證同步問題。Could be due to credential sync issue on dispatcher/worker node.

相應增加閘道Scale up gateway

您可以設定節點中可以執行的並行資料移動作業數目,以相應增加在內部部署機器與雲端資料存放區之間移動資料的能力。You can configure the number of concurrent data movement jobs that can run on a node to scale up the capability of moving data between on-premises and cloud data stores.

當可用的記憶體和 CPU 並未充分使用,但閒置容量已為 0,就應該增加節點上可執行的並行作業數目來進行相應增加。When the available memory and CPU are not utilized well, but the idle capacity is 0, you should scale up by increasing the number of concurrent jobs that can run on a node. 當閘道超載而導致活動逾時,您也可以相應增加。You may also want to scale up when activities are timing out because the gateway is overloaded. 在閘道節點的進階設定中,您可以提高節點的容量上限。In the advanced settings of a gateway node, you can increase the maximum capacity for a node.

閘道問題疑難排解Troubleshooting gateway issues

如需對使用資料管理閘道的問題進行疑難排解的資訊/提示,請參閱閘道問題疑難排解一文。See Troubleshooting gateway issues article for information/tips for troubleshooting issues with using the data management gateway.

在機器之間移動閘道Move gateway from one machine to another

本節提供將閘道器用戶端從一台電腦移至另一台電腦的步驟。This section provides steps for moving gateway client from one machine to another machine.

  1. 在入口網站中,瀏覽至 Data Factory 首頁,然後按一下 [連結服務] 圖格。In the portal, navigate to the Data Factory home page, and click the Linked Services tile.

    資料閘道連結

  2. 在 [連結服務] 頁面的 [資料閘道器] 區段中選取您的閘道器。Select your gateway in the DATA GATEWAYS section of the Linked Services page.

    [已連結的服務] 頁面與所選取的閘道

  3. 在 [資料閘道] 頁面中,按一下 [下載並安裝資料閘道] 。In the Data gateway page, click Download and install data gateway.

    下載閘道器連結

  4. 在 [設定] 頁面中,按一下 [下載並安裝資料閘道] ,然後依照指示在機器上安裝資料閘道。In the Configure page, click Download and install data gateway, and follow instructions to install the data gateway on the machine.

    [設定] 頁面

  5. 讓 [Microsoft 資料管理閘道組態管理員] 保持開啟。Keep the Microsoft Data Management Gateway Configuration Manager open.

    組態管理員

  6. 在入口網站的 [設定] 頁面中,按一下命令列上的 [重新建立金鑰] ,然後按一下警告訊息中的 [是] 。In the Configure page in the portal, click Recreate key on the command bar, and click Yes for the warning message. 按一下金鑰文字旁的 [複製] 按鈕,以將金鑰複製到剪貼簿。Click copy button next to key text that copies the key to the clipboard. 一旦重新建立索引鍵,舊電腦上的閘道器便會停止運作。The gateway on the old machine stops functioning as soon you recreate the key.

    重新建立索引鍵

  7. 在您的電腦上,將索引鍵貼入資料管理閘道組態管理員之 [註冊閘道器] 頁面上的文字方塊。Paste the key into text box in the Register Gateway page of the Data Management Gateway Configuration Manager on your machine. (選擇性) 按一下 [顯示閘道器金鑰] 核取方塊以查看金鑰文字。(optional) Click Show gateway key check box to see the key text.

    複製金鑰與註冊

  8. 按一下 [註冊] 透過雲端服務註冊閘道器。Click Register to register the gateway with the cloud service.

  9. 在 [設定] 索引標籤上,按一下 [變更] 以選取舊閘道所使用的憑證,輸入密碼,然後按一下 [完成] 。On the Settings tab, click Change to select the same certificate that was used with the old gateway, enter the password, and click Finish.

    指定憑證

    您可以執行下列步驟,從舊閘道器中匯出憑證:啟動舊電腦上的 [資料管理閘道組態管理員],切換到 [憑證] 索引標籤,按一下 [匯出] 按鈕,然後遵循指示進行。You can export a certificate from the old gateway by doing the following steps: launch Data Management Gateway Configuration Manager on the old machine, switch to the Certificate tab, click Export button and follow the instructions.

  10. 成功註冊閘道器後,閘道器組態管理員首頁上的 [註冊] 應會設定為 [已註冊] ,[狀態] 會設定為 [已啟動] 。After successful registration of the gateway, you should see the Registration set to Registered and Status set to Started on the Home page of the Gateway Configuration Manager.

加密認證Encrypting credentials

若要在 Data Factory 編輯器中加密認證,請執行下列步驟︰To encrypt credentials in the Data Factory Editor, do the following steps:

  1. 在「閘道機器」 上啟動網頁瀏覽器,瀏覽至 Azure 入口網站Launch web browser on the gateway machine, navigate to Azure portal. 視需要搜尋您的 Data Factory,在 [DATA FACTORY] 頁面中開啟 Data Factory,然後按一下 [編寫及部署] 來啟動 Data Factory 編輯器。Search for your data factory if needed, open data factory in the DATA FACTORY page and then click Author & Deploy to launch Data Factory Editor.

  2. 在樹狀檢視中按一下現有的連結服務,以查看其 JSON 定義或建立需要資料管理閘道 (例如︰SQL Server 或 Oracle) 的連結服務。Click an existing linked service in the tree view to see its JSON definition or create a linked service that requires a data management gateway (for example: SQL Server or Oracle).

  3. 在 JSON 編輯器中,為 gatewayName 屬性輸入閘道的名稱。In the JSON editor, for the gatewayName property, enter the name of the gateway.

  4. connectionString 中輸入資料來源屬性的伺服器名稱。Enter server name for the Data Source property in the connectionString.

  5. connectionString 中輸入初始目錄屬性的資料庫名稱。Enter database name for the Initial Catalog property in the connectionString.

  6. 在命令列上按一下 [加密] 按鈕,以啟動 Click Once 認證管理員應用程式。Click Encrypt button on the command bar that launches the click-once Credential Manager application. 您應該會看見 [設定認證] 對話方塊。You should see the Setting Credentials dialog box.

    [設定認證] 對話方塊

  7. 在 [設定認證] 對話方塊中,執行下列步驟:In the Setting Credentials dialog box, do the following steps:

    1. 選取您要 Data Factory 服務用來連接到資料庫的 驗證Select authentication that you want the Data Factory service to use to connect to the database.
    2. 在 [使用者名稱] 設定中輸入可存取資料庫的使用者名稱。Enter name of the user who has access to the database for the USERNAME setting.
    3. 在 [密碼] 設定中輸入使用者的密碼。Enter password for the user for the PASSWORD setting.
    4. 按一下 [確定] 以加密認證並關閉對話方塊。Click OK to encrypt credentials and close the dialog box.
  8. 您現在應該會在 connectionString 中看到 encryptedCredential 屬性。You should see a encryptedCredential property in the connectionString now.

    {
        "name": "SqlServerLinkedService",
        "properties": {
            "type": "OnPremisesSqlServer",
            "description": "",
            "typeProperties": {
                "connectionString": "data source=myserver;initial catalog=mydatabase;Integrated Security=False;EncryptedCredential=eyJDb25uZWN0aW9uU3R",
                "gatewayName": "adftutorialgateway"
            }
        }
    }
    

    如果您從閘道器電腦以外的另一台電腦存取入口網站,您必須確定「認證管理員」應用程式可以連接到閘道器電腦。If you access the portal from a machine that is different from the gateway machine, you must make sure that the Credentials Manager application can connect to the gateway machine. 如果應用程式無法連接閘道器電腦,它不會允許您設定資料來源的認證,以及測試資料來源的連接。If the application cannot reach the gateway machine, it does not allow you to set credentials for the data source and to test connection to the data source.

當您使用設定認證應用程式時,入口網站會使用在閘道機器上閘道組態管理員的 [憑證] 索引標籤中指定的憑證來加密認證。When you use the Setting Credentials application, the portal encrypts the credentials with the certificate specified in the Certificate tab of the Gateway Configuration Manager on the gateway machine.

如果您要尋找 API 為基礎的方法來加密認證,您可以使用新增 AzDataFactoryEncryptValue PowerShell cmdlet 來加密認證。If you are looking for an API-based approach for encrypting the credentials, you can use the New-AzDataFactoryEncryptValue PowerShell cmdlet to encrypt credentials. 此 cmdlet 會使用閘道器設定用來加密認證的憑證。The cmdlet uses the certificate that gateway is configured to use to encrypt the credentials. 您需將加密認證新增到 JSON 中 connectionStringEncryptedCredential 元素中。You add encrypted credentials to the EncryptedCredential element of the connectionString in the JSON. 使用 JSON 與補充新增 AzDataFactoryLinkedService cmdlet 或在 Data Factory 編輯器中。You use the JSON with the New-AzDataFactoryLinkedService cmdlet or in the Data Factory Editor.

"connectionString": "Data Source=<servername>;Initial Catalog=<databasename>;Integrated Security=True;EncryptedCredential=<encrypted credential>",

使用「Data Factory 編輯器」來設定認證還有另一個方法。There is one more approach for setting credentials using Data Factory Editor. 如果您使用該編輯器來建立 SQL Server 連結服務,並以純文字輸入認證,系統就會使用 Data Factory 服務所擁有的憑證來加密該認證。If you create a SQL Server linked service by using the editor and you enter credentials in plain text, the credentials are encrypted using a certificate that the Data Factory service owns. 它「不會」使用已設定讓閘道使用的憑證。It does NOT use the certificate that gateway is configured to use. 雖然這種方法在某些情況下可能快一點,但也比較不安全。While this approach might be a little faster in some cases, it is less secure. 因此,建議您只在開發/測試用途才採用此方法。Therefore, we recommend that you follow this approach only for development/testing purposes.

PowerShell CmdletPowerShell cmdlets

本節說明如何使用 Azure PowerShell Cmdlet 建立和註冊閘道。This section describes how to create and register a gateway using Azure PowerShell cmdlets.

  1. 在系統管理員模式下啟動 Azure PowerShellLaunch Azure PowerShell in administrator mode.

  2. 請執行下列命令並輸入您的 Azure 認證,登入您的 Azure 帳戶。Log in to your Azure account by running the following command and entering your Azure credentials.

    Connect-AzAccount
    
  3. 使用新增 AzDataFactoryGateway cmdlet 來建立邏輯閘道,如下所示:Use the New-AzDataFactoryGateway cmdlet to create a logical gateway as follows:

    $MyDMG = New-AzDataFactoryGateway -Name <gatewayName> -DataFactoryName <dataFactoryName> -ResourceGroupName ADF –Description <desc>
    

    範例命令和輸出Example command and output:

    PS C:\> $MyDMG = New-AzDataFactoryGateway -Name MyGateway -DataFactoryName $df -ResourceGroupName ADF –Description “gateway for walkthrough”
    
    Name              : MyGateway
    Description       : gateway for walkthrough
    Version           :
    Status            : NeedRegistration
    VersionStatus     : None
    CreateTime        : 9/28/2014 10:58:22
    RegisterTime      :
    LastConnectTime   :
    ExpiryTime        :
    ProvisioningState : Succeeded
    Key               : ADF#00000000-0000-4fb8-a867-947877aef6cb@fda06d87-f446-43b1-9485-78af26b8bab0@4707262b-dc25-4fe5-881c-c8a7c3c569fe@wu#nfU4aBlq/heRyYFZ2Xt/CD+7i73PEO521Sj2AFOCmiI
    
  4. 在 Azure PowerShell 中,切換至資料夾:C:\\程式檔案\Microsoft Integration Runtime\3.0\PowerShellScript\In Azure PowerShell, switch to the folder: C:\\Program Files\Microsoft Integration Runtime\3.0\PowerShellScript\. 執行與區域變數 $Key 相關聯的 RegisterGateway.ps1,如下列命令所示。 Run RegisterGateway.ps1 associated with the local variable $Key as shown in the following command. 此指令碼會向您稍早建立的邏輯閘道註冊您機器上安裝的用戶端代理程式。This script registers the client agent installed on your machine with the logical gateway you create earlier.

    PS C:\> .\RegisterGateway.ps1 $MyDMG.Key
    
    Agent registration is successful!
    

    您可以使用 IsRegisterOnRemoteMachine 參數在遠端電腦上註冊閘道器。You can register the gateway on a remote machine by using the IsRegisterOnRemoteMachine parameter. 範例:Example:

    .\RegisterGateway.ps1 $MyDMG.Key -IsRegisterOnRemoteMachine true
    
  5. 您可以使用Get AzDataFactoryGateway cmdlet 來取得您的 data factory 中的閘道清單。You can use the Get-AzDataFactoryGateway cmdlet to get the list of Gateways in your data factory. 當 [狀態] 顯示為 [線上] 時,表示您的閘道器已就緒可供使用。When the Status shows online, it means your gateway is ready to use.

    Get-AzDataFactoryGateway -DataFactoryName <dataFactoryName> -ResourceGroupName ADF
    

    您可以移除閘道,使用移除 AzDataFactoryGateway閘道使用的 cmdlet,並更新描述組 AzDataFactoryGateway cmdlet。You can remove a gateway using the Remove-AzDataFactoryGateway cmdlet and update description for a gateway using the Set-AzDataFactoryGateway cmdlets. 如需這些 Cmdlet 的語法及其他詳細資訊,請參閱 Data Factory Cmdlet 參考文件。For syntax and other details about these cmdlets, see Data Factory Cmdlet Reference.

使用 PowerShell 列出閘道器List gateways using PowerShell

Get-AzDataFactoryGateway -DataFactoryName jasoncopyusingstoredprocedure -ResourceGroupName ADF_ResourceGroup

使用 PowerShell 移除閘道器Remove gateway using PowerShell

Remove-AzDataFactoryGateway -Name JasonHDMG_byPSRemote -ResourceGroupName ADF_ResourceGroup -DataFactoryName jasoncopyusingstoredprocedure -Force

後續步驟Next steps