System Center Operations Manager 的整合套件The integration pack for System Center Operations Manager

重要

此版本的 Orchestrator 已達終止支援,建議您 升級至 Orchestrator 2019This version of Orchestrator has reached the end of support, we recommend you to upgrade to Orchestrator 2019.

Operations Manager 的整合套件是 System Center Orchestrator 所提供的增益集。The integration pack for Operations Manager is an add-in provided by System Center Orchestrator. 使用整合套件將 Orchestrator Runbook server 連接到 Operations Manager 管理伺服器,讓您可以自動化各種動作。Use the integration pack to connect an Orchestrator Runbook server to an Operations Manager management server so you can automate various actions.

如需整合套件的詳細資訊,請參閱《 System Center 整合指南》For more information about integration packs, see the System Center integration guide.

系統需求System requirements

在您部署 Operations Manager 整合套件之前,請先安裝並設定下列軟體:Before you deploy the Operations Manager integration pack, install and configure the following software:

  • 協調.Orchestrator.

  • 作的原則來提供建議。Operations Manager. 整合套件版本應該符合 System Center 版本。The integration pack version should match the System Center version.

    注意

    如果您使用 Orchestrator 2016 或1801整合套件來 Operations Manager 2016 UR4 或更新版本,且您已將 Operations Manager 設定為僅接受 TLS 1.1 或1.2 連線,請依照 此處的詳細說明進行登錄變更。If you're using the Orchestrator 2016 or 1801 integration pack for Operations Manager 2016 UR4 or later, if you've configured Operations Manager to accept only TLS 1.1 or 1.2 connections, make the registry changes as detailed here.

  • 若要允許伺服器與 Operations Manager 互動,請安裝 Orchestrator Runbook server 或 Runbook Designer 安裝所在的 Operations Manager 主控台。To allow server interaction with Operations Manager, install the Operations Manager console where an Orchestrator Runbook server or Runbook Designer is installed.

  • Create Alert 物件需要 Orchestrator integration library 管理元件。The Orchestrator integration library management pack is required by the Create Alert object.

    注意

    Create Alert 物件會在第一次執行時自動安裝管理元件 Operations Manager。The Create Alert object installs the management pack automatically in Operations Manager the first time it's run. 若要卸載整合套件,請從 Operations Manager 移除 Orchestrator integration library 管理元件。To uninstall the integration pack, remove the Orchestrator integration library management pack from Operations Manager.

下載整合套件Download the integration pack

登錄和部署套件Register and deploy the pack

下載整合套件檔案之後,您必須使用 Orchestrator management server 來註冊它。After you download the integration pack file, you must register it with the Orchestrator management server. 然後將它部署至 Runbook 伺服器和 Runbook designer。Then deploy it to Runbook servers and Runbook Designers. 深入了解Learn more.

設定連接Configure the connections

連接會在 Orchestrator 與 Operations Manager 管理伺服器之間建立可重複使用的連結。A connection establishes a reusable link between Orchestrator and an Operations Manager management server. 您可以建立多個連接,以指定多個 Operations Manager 管理伺服器的連結。You can create as many connections as you need to specify links to multiple Operations Manager management servers. 您也可以建立多個與相同伺服器的連接,以允許使用者帳戶的安全性許可權有所差異。You can also create multiple connections to the same server to allow for differences in security permissions for user accounts.

若要設定連接:To configure a connection:

  1. 在 Runbook Designer 中,選取 [選項 > Operations Manager]。In Runbook Designer, select Options > Operations Manager.
  2. 在 [ 連接 ] 索引標籤上,選取 [ 新增]。On the Connections tab, select Add.
  3. 在 [ 連接專案] 的 [ 名稱 ] 方塊中,輸入 Operations Manager 執行之伺服器的名稱或 IP 位址。In Connection Entry, in the Name box, type the name or IP address of the server that runs Operations Manager.
  4. 在 [ 網域 ] 方塊中,輸入 Operations Manager 伺服器的功能變數名稱。In the Domain box, type the domain name of the Operations Manager server. 或者,選取省略號按鈕 ( ... ) 流覽網域、選取它,然後選取 [ 加入]。Or select the ellipsis button (...) to browse for the domain, select it, and then select Add.
  5. 在 [ 使用者名稱 ] 和 [ 密碼 ] 方塊中,輸入 Orchestrator 伺服器將用來連線到 Operations Manager 伺服器的認證。In the User name and Password boxes, type the credentials that the Orchestrator server will use to connect to the Operations Manager server.
  6. 在 **監視間隔 \ ** 中,輪詢和 監視間隔 \ 重新連接,接受預設值10秒,或變更值。In Monitoring Intervals\Polling and Monitoring Intervals\Reconnect, accept the default value of 10 seconds, or change the value. 屬性 ** (預設值:10秒) ** 是可設定的。The property (default value: 10 seconds) is configurable.
  7. 選取 [測試連線]。Select Test Connection. 當確認訊息出現時,請選取 [確定]When the confirmation message appears, select OK.
  8. 視需要新增更多連接。Add more connections if necessary.
  9. 選取 [確定 > 完成]。Select OK > Finish.

啟用 Operations Manager 2016 UR4 或更新版本的 SCO IPEnable SCO IP for Operations Manager 2016 UR4 or later

當 Operations Manager 設定僅接受 TLS 1.1 或 TLS 1.2 時,您必須啟用 Operations Manager 2016 (UR4 +) 的 SCO IP。You must enable SCO IP for Operations Manager 2016 (UR4+) when the Operations Manager configuration accepts only TLS 1.1 or TLS 1.2.

請遵循下列步驟:Follow these steps:

  1. 將 Windows 設定為只使用 TLS 1.2。Set Windows to use only TLS 1.2.

    方法 1:手動修改登錄Method 1: Manually modify the registry

    重要

    請仔細遵循本節中的步驟。Carefully follow the steps in this section. 如果您不正確地修改登錄,可能會造成嚴重的問題。You could cause serious problems if you modify the registry incorrectly. 在開始之前,請先備份登錄,以便在發生問題時進行還原。Before you begin, back up the registry so you can restore it if a problems occurs.

    您可以使用下列步驟來啟用或停用整個系統的所有 SCHANNEL 通訊協定。Use the following steps to enable or disable all SCHANNEL protocols across the system.

    注意

    建議您啟用 TLS 1.2 通訊協定,以進行連入通訊。We recommend that you enable the TLS 1.2 protocol for incoming communications. 針對所有外寄通訊啟用 TLS 1.2、TLS 1.1 和 TLS 1.0 通訊協定。Enable the TLS 1.2, TLS 1.1, and TLS 1.0 protocols for all outgoing communications. 登錄變更不會影響 Kerberos 通訊協定或 NTLM 通訊協定的使用。Registry changes don't affect the use of the Kerberos protocol or NTLM protocol.

    a.a. 啟動 [登錄編輯程式]。Start Registry Editor. 若要這樣做,請以滑鼠右鍵按一下 [ 開始],在 [執行] 方塊中輸入 regedit ,然後選取 [確定]To do this, right-click Start, type regedit in the Run box, and then select OK.

    b.b. 找出下列登錄子機碼:Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ProtocolsHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    c.c. 在 [通訊協定] 上按一下滑鼠右鍵,然後指向 [新增 > 金鑰]。Right-click Protocol, and point to New > Key.

    新增登錄機碼

    d.d. 輸入 SSL 3.0Enter SSL 3.0.

    e.e. 重複上述兩個步驟,以建立適用于 TLS 0、TLS 1.1 和 TLS 1.2 的金鑰。Repeat the previous two steps to create keys for TLS 0, TLS 1.1, and TLS 1.2. 這些索引鍵類似目錄。These keys resemble directories.

    f.f. 在每個 SSL 3.0、TLS 1.0、TLS 1.1 和 TLS 1.2 金鑰下建立用戶端金鑰和伺服器金鑰。Create a client key and a server key under each of the SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 keys.

    g.g. 若要啟用通訊協定,請在每個用戶端和伺服器機碼底下建立 DWORD 值,如下所示:To enable a protocol, create the DWORD value under each client and server key, as follows:

    • DisabledByDefault [Value = 0]DisabledByDefault [Value = 0]
    • Enabled [Value = 1]Enabled [Value = 1]

    h.h. 若要停用通訊協定,請變更每個用戶端和伺服器金鑰下的 DWORD 值,如下所示:To disable a protocol, change the DWORD value under each client and server key, as follows:

    • DisabledByDefault [值 = 1]DisabledByDefault [Value = 1]
    • Enabled [值 = 0]Enabled [Value = 0]

    i.i. 選取 [ 檔案 > 退出]。Select File > Exit.

    方法 2:自動修改登錄Method 2: Automatically modify the registry

    以系統管理員模式執行下列 Windows PowerShell 腳本,自動將 Windows 設定為只使用 TLS 1.2 通訊協定:Run the following Windows PowerShell script in administrator mode to automatically configure Windows to use only the TLS 1.2 protocol:

        $ProtocolList       = @("SSL 2.0","SSL 3.0","TLS 1.0", "TLS 1.1", "TLS 1.2")
        $ProtocolSubKeyList = @("Client", "Server")
        $DisabledByDefault = "DisabledByDefault"
        $Enabled = "Enabled"
        $registryPath = "HKLM:\\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\"
    
        foreach($Protocol in $ProtocolList)
        {
          Write-Host " In 1st For loop"
          foreach($key in $ProtocolSubKeyList)
          {      
              $currentRegPath = $registryPath + $Protocol + "\" + $key
              Write-Host " Current Registry Path $currentRegPath"
    
              if(!(Test-Path $currentRegPath))
              {
                  Write-Host "creating the registry"
                  New-Item -Path $currentRegPath -Force | out-Null           
              }
              if($Protocol -eq "TLS 1.2")
              {
                  Write-Host "Working for TLS 1.2"
                  New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "0" -PropertyType DWORD -Force | Out-Null
                  New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "1" -PropertyType DWORD -Force | Out-Null
    
               }
              else
               {
                   Write-Host "Working for other protocol"
                   New-ItemProperty -Path $currentRegPath -Name $DisabledByDefault -Value "1" -PropertyType DWORD -Force | Out-Null
                   New-ItemProperty -Path $currentRegPath -Name $Enabled -Value "0" -PropertyType DWORD -Force | Out-Null
               }
           }
         }
    
         Exit 0
    
  2. 將 System Center 設定為僅使用 TLS 1.2。Set System Center to use only TLS 1.2.

    在此步驟中變更登錄之前,請先備份登錄,以防您稍後需要還原。Before you change the registry in this step, back up the registry in case you need to restore it later. 然後設定下列登錄機碼值。Then set the following registry key values.

    64位作業系統的值Values for 64-bit operating systems

    路徑Path 登錄機碼Registry key Value
    HKEY _ 本機 _ MACHINE\SOFTWARE\Microsoft . NETFramework\v2.0.50727HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v2.0.50727 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001
    HKEY _ 本機 _ MACHINE\SOFTWARE\Wow6432Node\Microsoft . NETFramework\v2.0.50727HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v2.0.50727 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001
    HKEY _ 本機 _ MACHINE\SOFTWARE\Microsoft . NETFramework\v4.0.30319HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001
    HKEY _ 本機 _ MACHINE\SOFTWARE\Wow6432Node\Microsoft . NETFramework\v4.0.30319HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001

    32位作業系統的值Values for 32-bit operating systems

    路徑Path 登錄機碼Registry key Value
    HKEY _ 本機 _ MACHINE\SOFTWARE\Microsoft . NETFramework\v4.0.30319HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001
    HKEY _ LOCAL _ MACHINE\SOFTWARE\Microsoft . .netframework \ v 2.0.50727HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\ v2.0.50727 SystemDefaultTlsVersionsSystemDefaultTlsVersions dword:00000001dword:00000001
  3. 在所有 Service Manager 角色上安裝下列更新。Install the following updates on all Service Manager roles. 更新管理伺服器、Azure 資料倉儲伺服器、自助入口網站及分析師主控台 (的角色,包括安裝在 Orchestrator Runbook server) 上的分析主控台。Update roles on management servers, Azure Data Warehouse servers, the Self-Service portal, and Analyst consoles (including the Analyst consoles installed on the Orchestrator Runbook servers).

    作業系統Operating system 所需的更新Required update
    Windows 8.1 與 Windows Server 2012 R2Windows 8.1 and Windows Server 2012 R2 3154520 和 Windows Server 2012 R2 Windows 8.1 上 .NET Framework 3.5 中包含的 TLS 系統預設版本支援3154520 Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2
    Windows Server 2012Windows Server 2012 3154519 支援 Windows Server 上 .NET Framework 3.5 中所含的 TLS 系統預設版本20123154519 Support for TLS System Default Versions included in the .NET Framework 3.5 on Windows Server 2012
    Windows 7 SP1 和 Windows Server 2008 R2 SP1Windows 7 SP1 and Windows Server 2008 R2 SP1 3154518 支援 WINDOWS 7 Sp1 和 Server 2008 R2 SP1 上的 .NET Framework 3.5.1 中包含的 TLS 系統預設版本3154518 Support for TLS System Default Versions included in the .NET Framework 3.5.1 on Windows 7 SP1 and Server 2008 R2 SP1
    Windows 10 與 Windows Server 2016Windows 10 and Windows Server 2016 3154521 適用于 Windows 的 .NET Framework 4.5.2 和4.5.1 的修正程式匯總套件31545213154521 Hotfix rollup 3154521 for the .NET Framework 4.5.2 and 4.5.1 on Windows

    3156421 Windows 10 版本1511和 Windows Server 的累計更新 2016 Technical Preview 4:5月10日,20163156421 Cumulative Update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: May 10, 2016
  4. 重新啟動電腦。Restart the computer.