Azure 的 Configuration Manager - 常見問題集Configuration Manager on Azure - Frequently Asked Questions

適用於: Configuration Manager (最新分支)Applies to: Configuration Manager (current branch)

下列問題及回答可協助您了解何時使用,以及如何在 Microsoft Azure 上設定 Configuration Manager。The following questions and answers can help you understand when to use and how to configure Configuration Manager on Microsoft Azure.

一般問題General Questions

我的公司正嘗試將盡可能多的實體伺服器移動至 Microsoft Azure,我可以將 Configuration Manager 伺服器移動至 Azure 嗎?My company is trying to move as many physical servers as possible to Microsoft Azure, can I move Configuration Manager servers to Azure?

當然可以,這是支援的案例。Certainly, this is a supported scenario. 請參閱 Configuration Manager 的虛擬化環境支援See Support for Virtualization Environments for Configuration Manager.

太棒了!Great! 我的環境需要多個站台。My environment requires multiple sites. 是否所有的子主要站台都應該在 Azure 中,使用管理中心網站或內部部署?Should all child primary sites be in Azure with the central administration site or on-premises? 那次要站台呢?What about secondary sites?

站台對站台通訊 (檔案型和資料庫複寫) 因裝載在 Azure 中的近距離而得益。Site-to-site communications (file-based and database replication) benefits from the proximity of being hosted in Azure. 不過,所有用戶端相關的流量都與站台伺服器及站台系統無關。However, all client related traffic would be remote from site servers and site systems. 如果使用無限行動數據方案的 Azure 和內部網路連線快速又穩定,將所有基礎結構裝載在 Azure 中也是一個選項。If you use a fast and reliable network connection between Azure and your intranet with an unlimited data plan, hosting all your infrastructure in Azure is an option.

但若使用計量付費數據傳輸方案,要考慮可用的頻寬或成本,或 Azure 和內部網路之間的網路連線速度不夠快,或可能不夠穩定,請考慮將特定網站 (和站台系統) 放在內部,然後使用 Configuration Manager 內建的頻寬控制。However, if you use a metered data plan and available bandwidth or cost is a concern, or the network connection between Azure and your intranet is not fast or can be unreliable, then consider placing specific sites (and site systems) on-premises and then use the bandwidth controls built into Configuration Manager.

將 Configuration Manager 放在 Azure 中是 SaaS (軟體即服務) 案例嗎?Is having Configuration Manager in Azure a SaaS scenario (Software as a Service)?

否,這是 IaaS (基礎結構即服務),因為 Configuration Manager 基礎結構伺服器是裝載在 Azure 虛擬機器中。No, it is an IaaS (Infrastructure as a Service) because you host your Configuration Manager infrastructure servers in Azure virtual machines.

將 Configuration Manager 基礎結構移至 Azure 時應注意哪些部分?What areas should I pay attention to when considering a move of my Configuration Manager infrastructure to Azure?

這個問題很棒,以下是進行此決策時最重要的各個部分,本主題會在各節中一一探索︰Great question, here are the areas that are most important when making this decision, each is explored in a separate section of this topic:

  1. 網路功能Networking
  2. 可用性Availability
  3. 效能Performance
  4. 成本Cost
  5. 使用者體驗User Experience

網路功能Networking

那網路需求呢,我應該使用 ExpressRoute 或 Azure VPN 閘道?What about networking requirements, should I use ExpressRoute or an Azure VPN Gateway?

網路功能是非常重要的決策。Networking is a very important decision. 網路速度和延遲會影響站台伺服器和遠端站台系統與任何站台系統用戶端之間進行通訊的功能。Network speeds and latency can affect functionality between the site server and remote site systems and any client communication to the site systems. 建議您使用 ExpressRoute。Our recommendation is to use ExpressRoute. 但 Configuration Manager 對您使用 Azure VPN 閘道沒有任何限制。But there is no Configuration Manager limitation to stop you from using Azure VPN Gateway. 您應該仔細從這個基礎結構檢閱您的需求 (效能、修補、軟體發佈、作業系統部署),再進行您的決定。You should carefully review your requirements (performance, patching, software distribution, operation system deployment) from this infrastructure and then make your decision. 每項解決方案都要考慮的事項包括︰Some things to consider for each solution include:

  • ExpressRoute (建議選項)ExpressRoute (recommended)
    • 資料中心的自然擴充 (可結合多個資料中心)Natural extension to your datacenter (can tie together multiple datacenters)
    • Azure 資料中心和基礎結構之間的私人連線Private connections between Azure datacenters and your infrastructure
    • 不經過公用網際網路Doesn't go over the public internet
    • 提供穩定性、高速、低延遲、高安全性Offers reliability, fast speeds, lower latency, high security
    • 提供高達 10 Gbps 的速度和無限行動數據方案選項Offers up to 10gbps speeds and Unlimited Data plan options
  • VPN 閘道VPN Gateway
    • 站對站/點對站 VPNSite-to-site/point-to-site VPNs
    • 流量經過公用網際網路Traffic goes over the public internet
    • 使用網際網路通訊協定安全性 (IPsec) 和網際網路金鑰交換 (IKE)Uses Internet Protocol Security (IPsec) and Internet Key Exchange (IKE)

ExpressRoute 有許多不同的選項,例如無限行動數據與計量付費數據、不同速度的選項及超值的附加元件。ExpressRoute has many different options like unlimited vs. metered, different speed options, and premium add-on. 我該選哪一種?Which should I choose?

您要根據實作案例以及計劃散發的資料量選取選項。The options you select depend on the scenario you are implementing and how much data you plan to distribute. 站台伺服器與發佈點之間的 Configuration Manager 資料傳輸是可以控制的,但是站台伺服器對站台伺服器的通訊則無法控制。The transfer of Configuration Manager data can be controlled between site servers and distribution points, but site server-to-site server communication can't be controlled. 當您使用計量付費數據傳輸方案時,將特定網站 (和站台系統) 放在內部部署與使用 Configuration Manager 內建的頻寬控制有助於控制使用 Azure 的成本。When you use a metered data plan, placing specific sites (and site systems) on-premises and using Configuration Manager's built-in bandwidth controls can help control the cost of using Azure.

像 Active Directory 網域這樣的安裝需求呢?What about installation requirements like Active Directory domains? 我還需要將站台伺服器加入 Active Directory 網域嗎?Do I still need to join my site servers to an Active Directory domain?

是。Yes. 當您移到 Azure 時,支援的設定保持不變,包括安裝 Configuration Manager 的 Active Directory 需求。When you move to Azure, the supported configurations remain the same, including Active Directory requirements for installing Configuration Manager.

我知道站台伺服器必須加入 Active Directory 網域,但是可以使用 Azure Active Directory 嗎?I understand the need to join my site servers to an Active Directory domain, but can I use Azure Active Directory?

否,目前不支援 Azure Active Directory。No, Azure Active Directory is not supported at this time. 您的站台伺服器仍必須是 Windows Active Directory 網域的成員。Your site servers still must be members of a Windows Active Directory domain.

可用性Availability

我將基礎結構移至 Azure 的原因之一是它承諾高可用性。One of the reasons I am moving infrastructure to Azure is the promise of high availability. 我可以將像 Azure VM 可用性設定組這樣的高可用性選項,用在 Configuration Manager 要使用的 VM 嗎?Can I take advantage of high availability options like Azure VM Availability sets for VMs that I will use for Configuration Manager?

是!Yes! Azure VM 可用性設定組可用於備援的站台系統角色,例如發佈點或管理點。Azure VM Availability sets can be used for redundant site system roles like distribution points or management points.

您也可以將它們用於 Configuration Manager 站台伺服器。You can also use them for the Configuration Manager site servers. 例如,管理中心網站和主要站台全部可位於相同的可用性設定組中,以利確保它們不會同時重新開機。For example, central administration sites and primary sites can all be in the same availability set which can help you ensure that they are not rebooted at the same time.

我該如何讓資料庫具有高可用性?How can I make my database highly available? 我可以使用 Azure SQL Database 嗎?Can I use Azure SQL Database? VM 中必須使用 Microsoft SQL Server 嗎?Or do I have to use Microsoft SQL Server in a VM?

VM 中必須使用 Microsoft SQL Server。You need to use Microsoft SQL Server in a VM. Configuration Manager 目前不支援 Azure SQL Server。Configuration Manager does not support Azure SQL Server at this time. 但是 SQL server 可以使用 AlwaysOn 可用性群組這類的功能。But you can use functionalities like AlwaysOn Availability Groups for your SQL server. 從 Configuration Manager 1602 版開始建議使用並正式支援 AlwaysOn 可用性群組AlwaysOn Availability Groups are recommended and are officially supported starting with version 1602 of Configuration Manager.

Azure 負載平衡器可以和如管理點或軟體更新點這樣的站台系統角色一起使用嗎?Can I use Azure load balancers with site system roles like management points or software update points?

雖然 Configuration Manager 未使用 Azure 負載平衡器測試,但只要是向應用程式開放的功能,應該不會對正常作業有任何負面影響。While Configuration Manager is not tested with Azure load balancers, if the functionality is transparent to the application, it should not have any adverse effects on normal operations.

效能Performance

本案例中影響效能的因素What factors affect performance in this scenario?

Azure VM 的大小與類型、Azure VM 的磁碟 (建議使用進階儲存體,尤其是 SQL Server)、網路延遲和速度都是最重要的部分。Azure VM size and type, Azure VM disks (premium storage is recommended, especially for SQL Server), networking latency, and speed are the most important areas.

那麼,告訴我更多關於 Azure 虛擬機器的情況吧,我該使用何種大小的 VM?So, tell me more about Azure virtual machines; what size VMs should I use?

一般情況下,計算能力 (CPU 和記憶體) 必須符合 Configuration Manager 的建議硬體In general, your compute power (CPU and Memory) need to meet the recommended hardware for Configuration Manager. 但是一般電腦硬體和 Azure VM 之間有一些差異,特別是關係到這些 VM 使用的磁碟時。But there are some differences between regular computer hardware and Azure VMs, especially when it comes to the disks these VMs use. 您使用的 VM 大小取決於環境的大小,以下提供您一些建議︰What size VMs you use depends on the size of your environment but here are some recommendations:

  • 凡是大小相當大的生產環境部署,都建議使用 "S" 類別的 Azure VM。For production deployments of any significant size we recommend "S" class Azure VMs. 這是因為它們可以使用進階儲存體磁碟。This is because they can leverage Premium Storage disks. 非 "S" 類別的 VM 使用 Blob 儲存體,而且一般不符合可接受之生產環境體驗的必要效能需求。Non "S" class VMs use blob storage and in general will not meet the performance requirements necessary for an acceptable production experience.
  • 多個進階儲存體磁碟應該用於較高的級別,且與 Windows 磁碟管理主控台中最大的 IOPS 等量。Multiple Premium Storage disks should be used for higher scale, and striped in the Windows Disk Management console for maximum IOPS.
  • 建議您在初始站台部署期間使用較佳或多個進階磁碟 (例如用 P30 而非 P20,在等量磁碟區用 2xP30 而非 1xP30)。We recommend using better or multiple premium disks during your initial site deployment (like P30 instead of P20, and 2xP30 in a striped volume instead of 1xP30). 接著,若站台後來因為額外負載需要增加 VM 大小,您就可以利用較大的 VM 大小來提供的額外 CPU 和記憶體。Then, if your site later needs to ramp up in VM size due to additional load, you can take advantage of the additional CPU and memory that a larger VM size provides. 您也會有預先準備好的磁碟,可以利用較大的 VM 大小所允許的額外 IOPS 輸送量。You will also have disks already in place that can take advantage of the additional IOPS throughput that the larger VM size allows.

下表列出主要和管理中心網站用於各種大小安裝的初始建議磁碟計數︰The following tables list the initial suggested disk counts to utilize at primary and central administration sites for various size installations:

共置的站台資料庫:站台伺服器上具有站台資料庫的主要或管理中心網站︰Co-located site database - Primary or central administration site with the site database on the site server:

桌面用戶端Desktop Clients 建議的 VM 大小Recommended VM size 建議的磁碟Recommended Disks
最多 25 kUp to 25k DS4_V2DS4_V2 2xP30 (等量)2xP30 (striped)
25 k 到 50 k25k to 50k DS13_V2DS13_V2 2xP30 (等量)2xP30 (striped)
50 k 至 100 k50k to 100k DS14_V2DS14_V2 3xP30 (等量)3xP30 (striped)

遠端站台資料庫:遠端伺服器上具有站台資料庫的主要或管理中心網站︰Remote site database - Primary or central administration site with the site database on a remote server:

桌面用戶端Desktop Clients 建議的 VM 大小Recommended VM size 建議的磁碟Recommended Disks
最多 25 kUp to 25k 站台伺服器:F4SSite server: F4S
資料庫伺服器:DS12_V2Database server: DS12_V2
站台伺服器:1xP30Site server: 1xP30
資料庫伺服器:2xP30 (等量)Database server: 2xP30 (striped)
25 k 到 50 k25k to 50k 站台伺服器:F4SSite server: F4S
資料庫伺服器:DS13_V2Database server: DS13_V2
站台伺服器:1xP30Site server: 1xP30
資料庫伺服器:2xP30 (等量)Database server: 2xP30 (striped)
50 k 至 100 k50k to 100k 站台伺服器:F8SSite server: F8S
資料庫伺服器:DS14_V2Database server: DS14_V2
站台伺服器:2xP30 (等量)Site server: 2xP30 (striped)
資料庫伺服器:3xP30 (等量)Database server: 3xP30 (striped)

下圖顯示 DS14_V2 上 50k 至 100k 之用戶端的設定範例,其在等量磁碟區中有 3xP30 個磁碟,並有不同的邏輯磁碟區以供 Configuration Manager 安裝和資料庫檔案使用:VM)disksThe following shows an example configuration for 50k to 100k clients on DS14_V2 with 3xP30 disks in a striped volume with separate logical volumes for the Configuration Manager install and database files: VM)disks

使用者體驗User Experience

您提到的使用者體驗是很重要的主要部分之一,為什麼會這樣?You mention that user experience is one of the main areas of importance, why is that?

您對網路功能、可用性、效能和 Configuration Manager 站台伺服器位置的決定,都會直接影響您的使用者。The decisions you make for networking, availability, performance, and where you place your Configuration Manager site servers can affect your users directly. 我們相信移至 Azure 應該對您的使用者透明無感,他們才不會在與 Configuration Manager 的日常互動中感受到變化。We believe a move to Azure should be transparent to your users so that they don't experience a change in their day-to-day interactions with Configuration Manager.

好,我了解了。Ok, I get it. 我打算在 Azure 虛擬機器上安裝單一的獨立主要站台,而且希望確保成本低廉。I plan to install a single stand-alone primary site on an Azure virtual machine and I want to make sure my costs are low. 我是不是也應該將 (遠端) 站台系統 (例如管理點、發佈點和軟體更新點) 放在 Azure 虛擬機器上,還是放在內部部署?Should I place (remote) site systems (like management points, distribution points, and software update points) on Azure virtual machines as well or on-premises?

除了從站台伺服器到發佈點的通訊以外,這些網站中伺服器對伺服器的通訊可能會在任何時間發生,並且不會使用任何機制控制網路頻寬的使用。Except for communication from the site server to a distribution point, these server-to-server communications in a site can occur at any time and do not use mechanisms to control the use of network bandwidth. 因為您無法控制站台系統之間的通訊,所以應該考慮與這些通訊相關的任何費用。Because you cannot control the communication between site systems, any costs associated with these communications should be considered.

網路速度和延遲也是要考慮的其他因素。Network speeds and latency are other factors to consider as well. 速度慢又不穩定的網路會影響站台伺服器和遠端站台系統之間的功能,也會影響站台系統的所有用戶端通訊。Slow or unreliable networks could impact functionality between the site server and remote site systems as well any client communication to the site systems. 也應該考慮使用指定站台系統的受管理用戶端數目,以及目前正在使用的功能。The number of managed clients that use a given site system as well as the features you actively use should also be considered. 一般可以使用一般指引,因為它和 WAN 連結及站台系統有關,可以作為起點。In general, you can leverage the normal guidance as it relates to WAN links and site systems as a starting point. 在理想情況下,Azure 和內部網路之間選取和接收的網路輸送量,和與快速網路連線狀況良好的 WAN 是一致的。Ideally, the network throughput that you select and receive between Azure and your intranet will be consistent with a WAN that is well-connected with a fast network.

內容發佈與內容管理又是如何?What about content distribution and content management? 標準發佈點應該位在 Azure 或內部部署?我應該使用 BranchCache 或內部部署提取發佈點?Should standard distribution points be in Azure or on-premises, and should I use BranchCache or pull-distribution points on-premises? 還是應該專用雲端發佈點?Or should I make exclusive use of Cloud Distribution Points?

內容管理的方法與站台伺服器和站台系統十分相似。The approach for content management is much the same as for site servers and site systems.

  • 如果使用無限行動數據方案的 Azure 和內部網路連線快速又穩定,將標準發佈點裝載在 Azure 中也是一個選項。If you use a fast and reliable network connection between Azure and your intranet with an unlimited data plan, hosting standard distribution points in Azure could be an option.
  • 如果您使用計量付費數據傳輸方案,而且要考量頻寬成本,或者 Azure 和內部網路之間的網路連線速度不夠快或不穩定,則可能要考慮其他方法。If you use a metered data plan and bandwidth cost is a concern or the network connection between Azure and your intranet is not fast or can be unreliable, then you might consider other approaches. 這些包括尋找內部部署的標準或提取發佈點,以及使用 BranchCache。These include locating standard or pull distribution points on-premises as well as using BranchCache. 使用雲端架構發佈點也是一個選項,但支援的內容類型會有所限制 (例如,不支援軟體更新套件)。The use of cloud-based distribution points is also an option but there are some limits on the content types supported (for example, no support for software updates packages).

注意

如果需要 PXE 或多點傳送支援,則必須使用內部部署發佈點 (標準或提取) 回應開機要求。If PXE or multicast support is required, you must use on-premises distribution points (standard or pull) to respond to boot requests.

雖然我可以接受雲端架構發佈點的限制,但我不想將管理點放入 DMZ,即使必須這樣才能支援以網際網路為基礎的用戶端。While I am OK with the limitations of cloud-based distribution points, I don't want to put my management point into a DMZ even though that is needed to support my internet-based clients. 我有任何其他選項嗎?Do I have any other options?

可以!Yes! 我們在 Configuration Manager 1610 版推出了雲端管理閘道器作為發行前版本功能With the Configuration Manager version 1610, we introduced the Cloud Management Gateway as a pre-release feature. (這項功能最先是以雲端 Proxy 服務出現在 Technical Preview 1606 版中)。(This feature first appeared in the Technical Preview version 1606 as the Cloud Proxy Service).

雲端管理閘道可讓您輕鬆管理網際網路上的 Configuration Manager 用戶端。The Cloud Management Gateway provides a simple way to manage Configuration Manager clients on the internet. 部署至 Microsoft Azure 且需要 Azure 訂用帳戶的服務,使用稱為雲端管理閘道連接器端點的新角色,連線到內部部署的 Configuration Manager 基礎結構。The service, which is deployed to Microsoft Azure and requires an Azure subscription, connects to your on-premises Configuration Manager infrastructure using a new role called the cloud management gateway connector point. 在它經部署及設定後,用戶端就可以存取內部部署的 Configuration Manager 站台系統角色,不論它們是連線到內部的私人網路還是網際網路。After it's deployed and configured, clients can access on-premises Configuration Manager site system roles regardless of whether they're connected to the internal private network or on the internet.

您可以在環境中開始使用雲端管理閘道,並提供意見反應,幫助我們改進服務。You can start using the cloud management gateway in your environment and give us feedback to make this better. 如需發行前版本功能的資訊,請參閱使用更新的發行前版本功能For information about pre-release features, see Use pre-release features from updates.

我還聽說你們有另一個稱為「對等快取」的新功能,其在 1610 版中當成發行前版本功能引進。I also heard that you have another new feature called Peer Cache introduced as a pre-release feature in version 1610. 它和 BranchCache 不一樣嗎?Is that different than BranchCache? 我該選哪一種?Which one should I choose?

是的,它們完全不一樣。Yes, totally different. 對等快取是 100% 的原生 Configuration Manager 技術,而 BranchCache 則是 Windows 功能。Peer Cache is a 100% native Configuration Manager technology where BranchCache is a feature of Windows. 兩者對您都很有用,BranchCache 使用廣播尋找所需的內容,而對等快取則使用 Configuration Managers 一般發佈流程和界限群組設定。Both can be useful for you; BranchCache uses a broadcast to find the required content whereas Peer Cache uses Configuration Managers regular distribution workflow and boundary group settings.

任何用戶端都可以設定為對等快取來源。You can configure any client to be a Peer Cache source. 然後,當管理點提供與內容來源位置有關的用戶端資訊時,它們會提供有該用戶端要求內容的發佈點和對等快取來源的詳細資料。Then, when management points provide clients information about content source locations, they provide details about both the distribution points and any Peer Cache sources that have the content that client requires.

成本Cost

好的,請告訴我成本相關訊息。OK tell me a bit about the cost. 這是符合我成本效益的解決方案嗎?Will this be a cost-effective solution for me?

很難說,因為每個環境都不同。Hard to say since every environment is different. 最佳做法是使用 Microsoft Azure 價格計算機計算環境成本︰ https://azure.microsoft.com/pricing/calculator/The best thing to do is to cost your environment using Microsoft Azure pricing calculator: https://azure.microsoft.com/pricing/calculator/

其他資源Additional Resources

基本概念: https://azure.microsoft.com/documentation/articles/fundamentals-introduction-to-azure/Fundamentals: https://azure.microsoft.com/documentation/articles/fundamentals-introduction-to-azure/

Azure VM 電腦類型︰Azure VM Machine Types:

磁碟效能考量:Disk Performance Considerations:

可用性:Availability:

連線能力:Connectivity: