Microsoft Azure SharePoint 2013 架構Microsoft Azure Architectures for SharePoint 2013

Azure 是一種主控 SharePoint Server 2013 解決方案的良好環境。Azure is a good environment for hosting a SharePoint Server 2013 solution. 在大多數情況下,建議使用 Microsoft 365,但是在 Azure 主控的 SharePoint 伺服器陣列可以是特定解決方案的一個不錯選項。In most cases, we recommend Microsoft 365, but a SharePoint Server farm hosted in Azure can be a good option for specific solutions. 本文說明如何設計 SharePoint 方案,使其符合 Azure 平臺的完美程度。This article describes how to architect SharePoint solutions so they are a good fit in the Azure platform. 下列兩個特定解決方案用作範例:The following two specific solutions are used as examples:

Azure 基礎結構服務是主控 SharePoint 解決方案的極具說服力的選項。Azure infrastructure services is a compelling option for hosting SharePoint solutions. 有些方案比其他解決方案更適合使用此平臺。Some solutions are a better fit for this platform than others. 下表顯示建議的解決方案。The following table shows recommended solutions.

解決方案Solution 為何建議使用此解決方案進行 AzureWhy this solution is recommended for Azure
開發和測試環境Development and test environments
這很容易建立及管理這些環境。It's easy to create and manage these environments.
內部部署 SharePoint 伺服器陣列至 Azure 的災難修復Disaster recovery of on-premises SharePoint farms to Azure
主控次要資料中心 使用 Azure,而不是在不同地區的次要資料中心中投資。Hosted secondary datacenter Use Azure instead of investing in a secondary datacenter in a different region.
低成本的災害復原環境 維護和支付的資源少於內部部署的嚴重損壞修復環境。Lower-cost disaster-recovery environments Maintain and pay for fewer resources than an on-premises disaster recovery environment. 資源數目取決於您所選擇的嚴重損壞復原環境:冷待命、溫待命或熱待機。The number of resources depends on the disaster recovery environment you choose: cold standby, warm standby, or hot standby.
更多彈性平臺 萬一發生嚴重損壞,請輕鬆向外延展您的修復 SharePoint 伺服器陣列,以滿足負載需求。More elastic platform In the event of a disaster, easily scale-out your recovery SharePoint farm to meet load requirements. 當您不再需要資源時放大。Scale in when you no longer need the resources.
請參閱 在 Microsoft Azure 中 SharePoint Server 2013 災難修復See SharePoint Server 2013 Disaster Recovery in Microsoft Azure.
使用 Microsoft 365 無法使用之功能和縮放功能的網際網路對向網站Internet-facing sites that use features and scale not available in Microsoft 365
致力於您的努力 專注于建立卓越的網站,而不是建立基礎結構。Focus your efforts Concentrate on building a great site rather than building infrastructure.
在 Azure 中利用彈性 新增新的伺服器,並只支付您需要的資源,以調整需求的伺服器陣列大小。Take advantage of elasticity in Azure Size the farm for the demand by adding new servers, and pay only for resources you need. (自動縮放) 不支援動態電腦分配。Dynamic machine allocation is not supported (auto scale).
**使用 Azure Active Directory (AD) ** 請利用 Azure AD 取得客戶帳戶。Use Azure Active Directory (AD) Take advantage of Azure AD for customer accounts.
新增 Microsoft 365 中無法使用的 SharePoint 功能 新增深入報告和 web analytics。Add SharePoint functionality not available in Microsoft 365 Add deep reporting and web analytics.
請參閱 使用 SharePoint Server 2013 的 Microsoft Azure 中的網際網路網站See Internet Sites in Microsoft Azure using SharePoint Server 2013.
支援 Microsoft 365 或內部部署環境的應用程式伺服器陣列App farms to support Microsoft 365 or on-premises environments
在 Azure 中建立、測試和主控應用程式,以同時支援內部部署和雲端環境。Build, test, and host apps in Azure to support both on-premises and cloud environments.
在 Azure 中主控此角色,而不是購買內部部署環境的新硬體。Host this role in Azure instead of buying new hardware for on-premises environments.

針對內部網路和共同作業解決方案及工作量,請考慮下列選項:For intranet and collaboration solutions and workloads, consider the following options:

  • 判斷 Microsoft 365 是否符合您的業務需求,或是否可以成為解決方案的一部分。Determine if Microsoft 365 meets your business requirements or can be part of the solution. Microsoft 365 提供一個功能齊全的功能集,永遠都是最新的。Microsoft 365 provides a rich feature set that is always up to date.

  • 如果 Microsoft 365 不符合您的所有業務需求,請考慮從 Microsoft 諮詢服務 (MCS) 的標準實施 SharePoint 2013。If Microsoft 365 does not meet all your business requirements, consider a standard implementation of SharePoint 2013 on premises from Microsoft Consulting Services (MCS). 標準架構可以是比自訂更快速、成本低且更容易的解決方案。A standard architecture can be a quicker, cheaper, and easier solution for you to support than a customized one.

  • 如果標準執行不符合您的業務需求,請考慮使用自訂的內部部署解決方案。If a standard implementation doesn't meet your business requirements, consider a customized on-premises solution.

  • 如果使用雲端平臺對您的業務需求很重要,請考慮使用 Azure 基礎結構服務中所主控的 SharePoint 2013 標準或自訂的實施。If using a cloud platform is important for your business requirements, consider a standard or customized implementation of SharePoint 2013 hosted in Azure infrastructure services. 與其他非原生 Microsoft public 雲端平臺相比,在 Azure 中支援的 SharePoint 解決方案更輕鬆。SharePoint solutions are much easier to support in Azure than other non-native Microsoft public cloud platforms.

設計 Azure 環境之前Before you design the Azure environment

雖然本文使用 SharePoint 拓朴的範例,但您可以將這些設計概念與任何 SharePoint 伺服器陣列拓撲搭配使用。While this article uses example SharePoint topologies, you can use these design concepts with any SharePoint farm topology. 在您設計 Azure 環境之前,請使用下列拓撲、架構、容量和效能指導來設計 SharePoint 伺服器陣列:Before you design the Azure environment, use the following topology, architecture, capacity, and performance guidance to design the SharePoint farm:

決定 Active Directory 網欄位型別Determine the Active Directory domain type

每個 SharePoint 伺服器陣列都依賴 Active Directory 來提供伺服器陣列設定的管理帳戶。Each SharePoint Server farm relies on Active Directory to provide administrative accounts for farm setup. 目前,Azure 的 SharePoint 解決方案有兩個選項。At this time, there are two options for SharePoint solutions in Azure. 如下表所述。These are described in the following table.

選項Option 描述Description
私人網路域Dedicated domain
您可以將專用且隔離的 Active Directory 網域部署至 Azure,以支援您的 SharePoint 伺服器陣列。You can deploy a dedicated and isolated Active Directory domain to Azure to support your SharePoint farm. 這對於上市公司的網際網路網站是很好的選擇。This is a good choice for public-facing Internet sites.
透過跨單位連線擴充內部部署網域Extend the on-premises domain through a cross-premises connection
當您透過跨單位連線擴充內部部署網域時,使用者會透過您的內部網路存取該 SharePoint 伺服器陣列,就像它是在內部部署中主控。When you extend the on-premises domain through a cross-premises connection, users access the SharePoint farm via your intranet as if it were hosted on-premises. 您可以充分運用內部部署的 Active Directory 和 DNS 實施。You can take advantage of your on-premises Active Directory and DNS implementation.
在 Azure 中建立會從您的內部部署伺服器陣列容錯移轉至內部的嚴重損壞修復環境時,需要進行跨單位連線。A cross-premises connection is required for building a disaster-recovery environment in Azure to fail over to from your on-premises farm.

本文包含透過跨單位連線擴充內部部署網域的設計概念。This article includes design concepts for extending the on-premises domain through a cross-premises connection. 如果您的解決方案使用專用的網域,您就不需要跨部署連線。If your solution uses a dedicated domain, you don't need a cross-premises connection.

設計虛擬網路Design the virtual network

首先,您需要 Azure 中的虛擬網路,包含您要用來存放虛擬機器的子網。First you need a virtual network in Azure, which includes subnets on which you will place your virtual machines. 虛擬網路必須有私人 IP 位址空間,也就是您指派給子網的部分。The virtual network needs a private IP address space, portions of which you assign to the subnets.

如果您要將內部部署網路擴充至 Azure,並透過執行災難修復) 環境所需的 (跨單位連線,則必須選擇尚未在組織網路中的其他地方使用的私人位址空間,其中可能包含您的內部部署環境和其他 Azure 虛擬網路。If you are extending your on-premises network to Azure through a cross-premises connection (required for a disaster recovery environment), you must choose a private address space that is not already in use elsewhere in your organization network, which can include your on-premises environment and other Azure virtual networks.

圖1:在 Azure 中具有虛擬網路的內部部署環境Figure 1: On-premises environment with a virtual network in Azure

為 SharePoint 解決方案設計的 Microsoft Azure 虛擬網路。

在此圖表中:In this diagram:

  • Azure 中的虛擬網路是內部部署環境的並列說明。A virtual network in Azure is illustrated side-by-side to the on-premises environment. 這兩種環境尚未透過跨單位連線相連,其可以是網站對網站 VPN 連線或 ExpressRoute。The two environments are not yet connected by a cross-premises connection, which can be a site-to-site VPN connection or ExpressRoute.

  • 此時,虛擬網路只會包含子網,而不會包含其他架構元素。At this point, the virtual network just includes the subnets and no other architectural elements. 一個子網會主控 Azure 閘道,其他子網會主控 SharePoint 伺服器陣列的層級,另外一個用於 Active Directory 和 DNS。One subnet will host the Azure gateway and other subnets host the tiers of the SharePoint farm, with an additional one for Active Directory and DNS.

新增跨部署連線能力Add cross-premises connectivity

下一個部署步驟是建立跨單位的連線 (如果此連接適用于您的解決方案) 。The next deployment step is to create the cross-premises connection (if this applies to your solution). 若為跨單位連線,Azure 閘道位於個別的閘道子網,您必須建立並指派位址空間。For cross-premises connections, a Azure gateway resides in a separate gateway subnet, which you must create and assign an address space.

當您規劃跨單位連線時,您可以定義及建立 Azure 閘道和內部部署閘道裝置的連線。When you plan for a cross-premises connection, you define and create an Azure gateway and connection to an on-premises gateway device.

圖2:使用 Azure 閘道和內部部署閘道裝置,在內部部署環境和 Azure 之間提供網站對網站的連線能力Figure 2: Using an Azure gateway and an on-premises gateway device to provide site-to-site connectivity between the on-premises environment and Azure

內部部署環境已透過跨單位連線連接至 Azure 虛擬網路,其可以是網站對網站 VPN 連線或是 ExpressRoute

在此圖表中:In this diagram:

  • 新增至上圖:內部部署環境會透過跨單位連線(可以是網站對網站 VPN 連線或 ExpressRoute)連線至 Azure 虛擬網路。Adding to the previous diagram, the on-premises environment is connected to the Azure virtual network by a cross-premise connection, which can be a site-to-site VPN connection or ExpressRoute.

  • Azure 閘道位於閘道子網上。An Azure gateway is on a gateway subnet.

  • 內部部署環境包括閘道裝置(例如路由器或 VPN 伺服器)。The on-premises environment includes a gateway device, such as a router or VPN server.

如需規劃及建立跨單位虛擬網路的其他資訊,請參閱 將內部部署網路連線至 Microsoft Azure 虛擬網路For additional information to plan for and create a cross-premises virtual network, see Connect an on-premises network to a Microsoft Azure virtual network.

將 Active Directory 網域服務新增 (AD DS) 和 DNSAdd Active Directory Domain Services (AD DS) and DNS

針對 Azure 中的嚴重損壞修復,您可以在混合案例中部署 Windows Server AD 和 DNS,其中 Windows Server AD 同時部署在內部部署和 Azure 虛擬機器上。For disaster recovery in Azure, you deploy Windows Server AD and DNS in a hybrid scenario where Windows Server AD is deployed both on-premises and on Azure virtual machines.

圖3:混合式 Active Directory 網域設定Figure 3: Hybrid Active Directory domain configuration

STwo 虛擬機器部署到 Azure 虛擬網路和 SharePoint 伺服器陣列子網路是複本網域控制站和 DNS 伺服器

這個圖表是透過將兩部虛擬機器加入 Windows Server AD 和 DNS 子網,在先前的圖表上建立。This diagram builds on the previous diagrams by adding two virtual machines to a Windows Server AD and DNS subnet. 這些虛擬機器為複本網域控制站和 DNS 伺服器。These virtual machines are replica domain controllers and DNS servers. 它們是內部部署 Windows Server AD 環境的分機。They are an extension of the on-premises Windows Server AD environment.

下表提供 Azure 中這些虛擬機器的設定建議。The following table provides configuration recommendations for these virtual machines in Azure. 使用這些功能做為設計您自己的環境的起點,即使針對 Azure 環境不會與您的內部部署環境進行通訊的私人網路域也是一樣。Use these as a starting point for designing your own environment—even for a dedicated domain where your Azure environment doesn't communicate with your on-premises environment.

項目Item 設定Configuration
Azure 中的虛擬機器大小Virtual machine size in Azure
標準層級的 A1 或 A2 大小A1 or A2 size in the Standard tier
作業系統Operating system
Windows Server 2012 R2Windows Server 2012 R2
Active Directory 角色Active Directory role
指定為通用類別目錄伺服器的 AD DS 網域控制站。AD DS domain controller designated as a global catalog server. 這種設定可減少跨跨單位連線的傳出流量。This configuration reduces egress traffic across the cross-premises connection.
在具有高變更率的多網域環境中 (此) 不常見,請將內部部署的網域控制站設定為不要與 Azure 中的通用類別目錄伺服器進行同步處理,以減少複寫流量。In a multidomain environment with high rates of change (this is not common), configure domain controllers on premises not to sync with the global catalog servers in Azure, to reduce replication traffic.
DNS 角色DNS role
在網域控制站上安裝及設定 DNS 伺服器服務。Install and configure the DNS Server service on the domain controllers.
資料磁片Data disks
將 Active Directory 資料庫、記錄檔和 SYSVOL 放在其他 Azure 資料磁片上。Place the Active Directory database, logs, and SYSVOL on additional Azure data disks. 請勿將它們置於 Azure 所提供的作業系統磁片或臨時磁片上。Do not place these on the operating system disk or the temporary disks provided by Azure.
IP 位址IP addresses
在設定網域控制站之後,使用靜態 IP 位址和設定虛擬網路以將這些位址指派給虛擬網路中的虛擬機器。Use static IP addresses and configure the virtual network to assign these addresses to the virtual machines in the virtual network after the domain controllers have been configured.

重要

在 Azure 中部署 Active Directory 之前,請閱讀在 Azure 虛擬機器上部署 Windows Server Active Directory 的指導方針Before you deploy Active Directory in Azure, read Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines. 這些會協助您判斷方案是否需要不同的架構或不同的設定。These help you determine if a different architecture or different configuration settings are needed for your solution.

新增 SharePoint 伺服器陣列Add the SharePoint farm

將 SharePoint 伺服器陣列的虛擬機器放在適當子網上的層級。Place the virtual machines of the SharePoint farm in tiers on the appropriate subnets.

圖4: SharePoint 虛擬機器的位置Figure 4: Placement of SharePoint virtual machines

資料庫伺服器和 SharePoint 伺服器角色加入 SharePoint 伺服器陣列子網路內的 Azure 虛擬網路

這個圖表是透過在各自的層級新增 SharePoint 伺服器陣列伺服器角色,在先前的圖表上建立。This diagram builds on the previous diagrams by adding the SharePoint farm server roles in their respective tiers.

  • 兩部執行 SQL Server 的資料庫虛擬機器建立資料庫層。Two database virtual machines running SQL Server create the database tier.

  • 針對下列各層執行 SharePoint Server 2013 的兩部虛擬機器:前端伺服器、分散式快取伺服器及後端伺服器。Two virtual machines running SharePoint Server 2013 for each of the following tiers: front end servers, distributed cache servers, and back end servers.

設計及微調可用性集和容錯網域的伺服器角色Design and fine tune server roles for availability sets and fault domains

容錯網域是執行角色實例之硬體的群組。A fault domain is a grouping of hardware in which role instances run. 相同容錯網域內的虛擬機器可以同時由 Azure 基礎結構更新。Virtual machines within the same fault domain can be updated by the Azure infrastructure at the same time. 或者,因為它們共用相同的機架,所以它們可能會同時失敗。Or, they can fail at the same time because they share the same rack. 為了避免在相同容錯網域上有兩個虛擬機器的風險,您可以將虛擬機器設定為可用性設定,以確保每個虛擬機器都位於不同的容錯網域中。To avoid the risk of having two virtual machines on the same fault domain, you can configure your virtual machines as an availability set, which ensures that each virtual machine is in a different fault domain. 如果有三個虛擬機器設定為可用性集,Azure 就會保證兩個以上的虛擬機器都位於相同的容錯網域中。If three virtual machines are configured as an availability set, Azure guarantees that no more than two of the virtual machines are located in the same fault domain.

當您為 SharePoint 伺服器陣列設計 Azure 架構時,請將相同的伺服器角色設定為可用性設定的一部分。When you design the Azure architecture for a SharePoint farm, configure identical server roles to be part of an availability set. 這可確保您的虛擬機器分散在多個容錯網域。This ensures that your virtual machines are spread across multiple fault domains.

圖5:使用 Azure 可用性設定可為 SharePoint 伺服器陣列層級提供高可用性Figure 5: Use Azure Availability Sets to provide high availability for the SharePoint farm tiers

Azure 基礎結構中針對 SharePoint 2013 解決方案的可用性設定組設定

此圖表會呼叫 Azure 基礎結構內可用性集的設定。This diagram calls out the configuration of availability sets within the Azure infrastructure. 下列每個角色共用個別的可用性集:Each of the following roles share a separate availability set:

  • Active Directory 和 DNSActive Directory and DNS

  • DatabaseDatabase

  • 後端Back end

  • 散佈快取Distribute cache

  • 前端Front end

在 Azure 平臺中,可能需要精細調整 SharePoint 伺服器陣列。The SharePoint farm might need to be fine tuned in the Azure platform. 為了確保所有元件的高可用性,請確定伺服器角色的設定都相同。To ensure high availability of all components, ensure that the server roles are all configured identically.

以下是一個範例,顯示符合特定容量和效能目標的標準網際網路網站架構。Here is an example that shows a standard Internet Sites architecture that meets specific capacity and performance goals. 這個範例會依下列架構模型所述: SharePoint Server 2013 的網際網路網站搜尋架構This example is featured in the following architecture model: Internet Sites Search Architectures for SharePoint Server 2013.

圖6:三層式伺服器陣列中的容量和效能目標規劃範例Figure 6: Planning example for capacity and performance goals in a three-tier farm

標準 SharePoint 2013 Internet Sites 架構具有符合特定容量和效能目標的元件配置

在此圖表中:In this diagram:

  • 代表三層式伺服器陣列:網頁伺服器、應用程式伺服器及資料庫伺服器。A three-tier farm is represented: web servers, application servers, and database servers.

  • 三台網頁伺服器的設定與多個元件相同。The three web servers are configured identically with multiple components.

  • 這兩個資料庫伺服器設定相同。The two database servers are configured identically.

  • 這三個應用程式伺服器的設定不相同。The three application servers are not configured identically. 這些伺服器角色需要針對 Azure 中的可用性集進行微調微調。These server roles require fine tuning for availability sets in Azure.

讓我們更深入瞭解應用程式伺服器層。Let's look closer at the application server tier.

圖7:精細調整之前的應用程式伺服器層Figure 7: Application server tier before fine tuning

調整為 Microsoft Azure 可用性設定組之前的 SharePoint Server 2013 應用程式伺服器層範例

在此圖表中:In this diagram:

  • 應用層中包含三部伺服器。Three servers are included in the application tier.

  • 第一部伺服器包含四個元件。The first server includes four components.

  • 第二部伺服器包含三個元件。The second server includes three components.

  • 第三部伺服器包含兩個元件。The third server includes two components.

您可以根據伺服器陣列的效能與容量目標,判斷元件數目。You determine the number of components by the performance and capacity targets for the farm. 若要調整此 Azure 的架構,我們會在所有三個伺服器上複寫四個元件。To adapt this architecture for Azure, we'll replicate the four components across all three servers. 這會增加超出效能與容量所需的元件數目。This increases the number of components beyond what is necessary for performance and capacity. 其缺點是,此設計可確保將三個虛擬機器指派給可用性集時,Azure 平臺中所有四個元件的高可用性。The tradeoff is that this design ensures high availability of all four components in the Azure platform when these three virtual machines are assigned to an availability set.

圖8:微調微調後的應用程式伺服器層Figure 8: Application server tier after fine tuning

調整為 Microsoft Azure 可用性設定組之後的 SharePoint Server 2013 應用程式伺服器層範例

此圖顯示所有三個應用程式伺服器設定相同的四個元件。This diagram shows all three application servers configured identically with the same four components.

當我們將可用性設定集新增至 SharePoint 伺服器陣列的層級時,會完成執行。When we add availability sets to the tiers of the SharePoint farm, the implementation is complete.

圖9: Azure 基礎結構服務中已完成的 SharePoint 伺服器陣列Figure 9: The completed SharePoint farm in Azure infrastructure services

Azure Infrastructure Services 中的 SharePoint 2013 伺服器陣列以及虛擬網路、跨單位連線能力、子網路、VM 以及可用性設定組的範例

此圖顯示在 Azure 基礎結構服務中所執行的 SharePoint 伺服器陣列,其可用性設定可提供每一層中的伺服器的容錯網域。This diagram shows the SharePoint farm implemented in Azure infrastructure services, with availability sets to provide fault domains for the servers in each tier.

另請參閱See Also

Microsoft 365 解決方案與架構中心Microsoft 365 solution and architecture center

Microsoft Azure 中使用 SharePoint Server 2013 的網際網路網站Internet Sites in Microsoft Azure using SharePoint Server 2013

Microsoft Azure 中的 SharePoint Server 2013 災害復原SharePoint Server 2013 Disaster Recovery in Microsoft Azure