在 VMM 中設定自助Set up self-service in VMM

重要

已不再支援此版本的 Virtual Machine Manager (VMM),建議升級至 VMM 2019This version of Virtual Machine Manager (VMM) has reached the end of support, we recommend you to upgrade to VMM 2019.

本文說明如何在 System Center - Virtual Machine Manager (VMM) 中設定自助式服務。This article describes how to set up self-service in System Center - Virtual Machine Manager (VMM).

VMM 為自助使用者提供一些選項:VMM offers a number of options for self-service users:

  • 虛擬機器/服務:使用者可以將其虛擬機器和服務部署至私人雲端。Virtual machines/Services: Users can deploy their virtual machines and services to private clouds. 一個私人雲端可指派給多個自助使用者角色。A private clouds can be assigned to multiple self-service user roles. 每個自助使用者角色的角色層級配額與範圍內的私人雲端可用來配置雲端計算和儲存容量。Role-level quotas for each self-service user role with the private cloud in scope are used to allocate cloud compute and storage capacity. 成員層級配額會設定自助使用者角色成員的個別限制。Member-level quotas set individual limits for members of the self-service user role.
  • 虛擬硬碟:使用者可從 VHD 及範本部署 VM。Virtual hard disks: Users can deploy VMs from VHDs as well as templates.
  • 範本/設定檔:使用者可以建立自己的範本和設定檔。Templates/Profiles: Users can create their own templates and profiles. 自助使用者角色的 [撰寫] 動作提供這些撰寫權限來建立硬體設定檔、客體作業系統設定檔、應用程式設定檔、SQL Server 設定檔、VM 範本和服務範本。The Author action for a self-service user role providing these authoring rights to create hardware profiles, guest operating system profiles, app profiles, SQL Server profiles, VM templates, and service templates. 請注意,這些資源可由具有自助角色的使用者建立,並可與其他自助使用者角色成員共用。Note that these resources can be created by a user with the self-service role, and shared with other members of the self-service user role.

自助使用者使用 VMM 主控台 (或 PowerShell) 來建立及管理 VM、服務等等。在 VMM 主控台中,自助使用者可以檢視其 VM 和服務的狀態、資源使用狀況、作業和 PRO 提示 (如果啟用)。Self-service users use the VMM console (or PowerShell) to create and manage VMs, services etc. In the VMM console self-service users can view status, resource usage, jobs, and PRO tips (if enabled) for their own VMs and services. 他們可以在其私人雲端中檢視可用容量和配額使用量,They can view available capacity and quota usage in their private clouds. 但無法查看主機群組、主機、程式庫伺服器和共用,或網路和存放裝置組態設定。They can't see host groups, hosts, library servers and shares, or network and storage configuration settings.

您可以依照下列方式在 VMM 中設定自助:You set up self-service in VMM as follows:

  1. 建立自助使用者角色。Create a self-service user role. 指定角色可執行的動作、將資源指派給角色,並設定自助使用者與 VMM 互動時可使用的執行身分帳戶。Specify actions that the role can perform, assign resources to the role, and configure Run As accounts that self-service users can use when interacting with VMM.
  2. 設定 VMM 程式庫。Set up the VMM library. 指派將用來存放自助使用者可用資源的程式庫共用。Assign a library share on which resources available to self-service users will reside. 此外,設定共用,讓自助使用者可以與其他使用者共用其資源。In addition, set up a share so that self-service users can share their resources with other users.

設定自助使用者角色Set up a self-service user role

  1. 按一下 [設定] > [建立] > [建立使用者角色] 。Click Settings > Create > Create User Role.

  2. 在 [建立使用者角色精靈] 中,輸入角色的名稱和選擇性描述,然後按一下 [下一步] 。In the Create User Role Wizard, enter a name and optional description for the role, and then click Next.

  3. 在 [設定檔] 頁面中,選取 [自助使用者] ,然後按一下 [下一步] 。In Profile page, select Self-Service User, and then click Next.

  4. 在 [成員] 中,按一下 [新增] 將使用者帳戶和 Active Directory 群組新增至角色。In Members, click Add to add user accounts and Active Directory groups to the role. 然後按一下 [下一步] 。Then click Next.

  5. 在 [範圍] 中,至少選取角色成員將使用的一個私人雲端。In Scope, select at least one private cloud that members of the role will use. 然後按一下 [下一步] 。Then click Next.

  6. 在 [配額] 中,設定每個私人雲端的配額。In Quotas, set quota for each private cloud. 每個配額會設定每個使用者角色成員的個別限制。Each quota sets an individual limit for each member of the user role. 如果您想要讓所有角色成員共用整體配額,請在 Active Directory 中建立安全性群組,然後將該群組指派給使用者角色。If you want all role members to share overall quotas, create a security group in Active Directory, and assign that group to the user role. 支援的配額類型包括:Supported quota types include:

    • 虛擬 CPU:限制可從私人雲端取用的 VM CPU 總數。Virtual CPUs: Limits the total number of VM CPUs that can be consumed from the private cloud.
    • 記憶體 (MB) :限制可從私人雲端取用的 VM 記憶體數量。Memory (MB): Limits the amount of VM memory that can be consumed from the private cloud.
    • 儲存空間 (GB) :限制可從私人雲端取用的 VM 儲存空間數量。Storage (GB): Limits the amount of VM storage that can be consumed from the private cloud.
    • 配額 (計點) :根據透過其 VM 範本指派給 VM 的配額計點總計,設定部署於私人雲端之 VM 上的配額。Quota (points): Sets a quota on VMs deployed on the private cloud based on total quota points assigned to the VMs via their VM templates.
    • 虛擬機器:限制可部署於私人雲端的 VM 總數。Virtual machines: Limits the total number of VMs that can be deployed on a private cloud. 包含includ
  7. 在 [資源] 中,按一下 [新增] 新增角色可使用的資源。In Resources, click Add to add resources that the role can use. 您可以指派建立 VM 和服務時可使用的硬體設定檔、OS 設定檔、VM 範本、應用程式設定檔、SQL Server 設定檔和服務範本。You can assign hardware profiles, OS profiles, VM templates, app profiles, SQL Server profiles, and service templates that can be used when creating VMs and services.

  8. 在 [指定使用者角色資料路徑] 中,按一下 [瀏覽] 指定此使用者角色成員可用來上傳及共用其資料的程式庫路徑。In Specify user role data path, click Browse to specify a library path that members of this user role can use to upload and share their own data. 然後按一下 [下一步] 。Then click Next.

  9. 在 [動作] 中,選取使用者可執行的動作。In Actions, select the actions that users are allowed to perform.

    • 撰寫:使用者可撰寫範本和設定檔,包括硬體設定檔、作業系統設定檔、應用程式設定檔、SQL Server 設定檔、虛擬機器範本和服務範本。Author: Users can author templates and profiles, including hardware profiles, operating system profiles, application profiles, SQL Server profiles, virtual machine templates and service templates.
    • 檢查點:使用者可建立、編輯和刪除其 VM 的檢查點,並將 VM 還原至先前的檢查點。Checkpoint: Users can create, edit, and delete checkpoints for their own VMs, and to restore a VM to a previous checkpoint. VMM 不支援對服務執行檢查點動作。VMM doesn't support checkpoint actions on services.
    • 檢查點 (僅還原) :使用者可以將自己的 VM 還原至檢查點,但無法建立、編輯和刪除檢查點。Checkpoint (Restore only): Users can restore their own VMs to a checkpoint but can't create, edit, and delete checkpoints.
    • 部署:使用者可從指派給其角色的範本和虛擬硬碟部署虛擬機器和服務。Deploy: Users can deploy virtual machines and services from templates and virtual hard disks that are assigned to their role. 但無法撰寫範本和設定檔。They can't author templates and profiles.
    • 部署 (僅從範本) :使用者只能從範本部署 VM 和服務。Deploy (from template only): Users can deploy VMs and services from templates only. 他們沒有撰寫權限。They don't have authoring rights.
    • 本機系統管理員:使用者可以是其 VM 的本機系統管理員。Local Administrator: Users can be Local Admins on their own VMs. 您必須在啟用 [部署 (從範本)] 的任何使用者角色上啟用 [本機系統管理員] ,讓這些使用者可以在 VM 和服務部署期間設定本機系統管理員密碼。You must enable Local Administrator on any User role that has the Deploy (From template) enabled, so that those users can set the Local Admin password during VM and service deployment. 具有 [部署] 動作的使用者不需要這樣做就能設定認證。Users will the Deploy action don't need this to set credentials.
    • 暫停和繼續:使用者可以暫停並繼續使用自己的 VM 和服務。Pause and resume: Users can pause and resume their own VMs and services.
    • 接收:使用者可以使用其他自助使用者角色成員所共用的資源。Receive: Users can use resources that are shared by members of other self-service user roles.
    • 遠端連線:使用者可以從 VMM 主控台或 App Controller 連線至其 VM。Remote connection: Users can connect to their VMs from the VMM console or App Controller.
    • 移除/儲存:使用者可以移除或儲存其 VM。Remove/Save: Users can remove or save their VMs.
    • 共用:使用者可以與其他自助使用者角色共用其所擁有的資源。Share: Users can share resources that they own with other self-service user roles. 可共用的資源包含硬體設定檔、作業系統設定檔、應用程式設定檔、SQL Server 設定檔、虛擬機器範本、虛擬機器、服務範本和服務。Sharable resources include hardware profiles, operating system profiles, application profiles, SQL Server profiles, virtual machine templates, virtual machines, service templates, and services. 自助使用者必須是資源的擁有者才能共用資源。A self-service user must be the owner of a resource to share it. 使用者角色必須具有 [接收] 動作,才能使用資源。For a user role to use the resources, it must have the Receive action. 啟動/停止:使用者可啟動及停止自己的 VM 和服務。Start/Stop: Users can start and stop their own VMs and services. 存放並重新部署:使用者可將自己的虛擬機器存放至 VMM 程式庫,並重新部署這些虛擬機器。Store and redeploy: Users can store their own virtual machines in the VMM library, and redeploy those virtual machines. 存放至程式庫的虛擬機器不會計入使用者的虛擬機器配額。Virtual machines stored in the library do not count against a user's virtual machine quota. VMM 不支援儲存服務。VMM doesn't support storing services.
  10. 如果出現 [執行身分帳戶] 頁面,請新增您要讓此角色成員能夠在建立 VM 和服務的動作中使用的執行身分帳戶。If the Run As accounts page appears, add Run As accounts that you want the members of this role to be able to use in the actions to create VMs and services. 然後按一下 [下一步] 。Then click Next.

  11. 檢閱 [摘要] 頁面中的設定,然後按一下 [完成] 即可建立角色。In Summary page, review the settings, and click Finish to create the role. 確認角色出現在 [設定] > [安全性] > [使用者角色] 中。Verify the role appears in Settings > Security > User Roles.

建立角色之後,您可以在 [內容] 頁面上修改其設定。After you create the role, you can modify its settings on the properties page.

準備 VMM 程式庫的自助功能Prepare the VMM library for self-service

具有必要權限的自助使用者可以存取 VMM 程式庫。Self-service users with the required permissions can access the VMM library. 具有 [撰寫] 動作的使用者可以在程式庫中建立範本和設定檔。Users with the Author action can create templates and profiles in the library. 他們也可以與其他自助使用者共用這些範本和設定檔。They can also share those templates and profiles with other self-service users. 若要讓自助使用者與程式庫互動,您必須準備下列項目:In order for self-service users to interact with the library you need to prepare the following:

  • 唯讀程式庫共用:若要與自助使用者共用 VHD 和 ISO 映像等實體資源,您可以設定私人雲端的唯讀程式庫共用,並將資源新增至該路徑。Read-only library shares: To share physical resources such as VHDs and ISO images with self-service users, you set up read-only library shares for private clouds, and add the resources to the path. 然後即可將資源提供給私人雲端在其範圍內的自助使用者。The resources are then available for self-service users that have the private cloud in their scope. 您也可以將應用程式架構等資源存放至這些共用,讓自助使用者可以使用指令碼來設定範本和設定檔。You could also store resources such as Application Frameworks on these shares to enable self-service users to configure templates and profiles with scripts.
  • 自助使用者資料路徑:在自助角色上設定使用者資料路徑,提供一個位置讓角色成員可上傳並共用自己的資源。Self-service user data paths: Set up user data paths on self-service roles to provides a place where members of the role can upload and share their own resources. 例如,路徑可能會存放自助使用者角色所部署之服務的應用程式套件。For example a path might store app packages for services deployed by a self-service user role. 您可以透過檔案系統來控制路徑的讀取及寫入權限。Read and write permissions for the path are controlled through the file system. VMM 會探索目前自助使用者可存取的所有路徑。VMM discovers all paths that the current self-service user can access. 這些資料路徑必須在程式庫共用上。These data paths must be on a library share.

在您開始使用 Intune 之前Before you start

所有程序都必須由 VMM 系統管理員來執行。All of these procedures must be performed by a VMM administrator. 委派系統管理員可以在其使用者角色範圍內的程式庫伺服器上新增程式庫共用、在其建立的私人雲端上設定唯讀程式庫共用,以及在其建立的自助使用者角色上設定使用者資料路徑。Delegated administrators can add library shares on library servers that are in the scope of their user role, can configure read-only library shares on private clouds that they created, and can configure user data paths on self-service user roles that they created. 只有本機系統管理員群組的成員可以授與其使用者資料路徑的存取權限。Only members of the local Administrators group can grant access permissions on their user data paths.

建立唯讀程式庫共用Create read-only library shares

  1. 建立共用資料夾來存放資源。Create a shared folder to store resources. 此資料夾將包含私人雲端的唯讀程式庫共用,以及自助使用者角色的使用者資料路徑。The folder will include read-only library shares for private clouds, and user data paths for self-service user roles. 建議您在預設程式庫共用附近建立此資料夾,以便您在管理程式庫時,可輕鬆地進行存取。We recommend that you crate the folder near your default library share so that it's easy to access when you're managing the library. 例如,C:\ApplicationData\Virtual Machine Manager Cloud Resources。For example C:\ApplicationData\Virtual Machine Manager Cloud Resources.
  2. 如有使用需要,請在共用資料夾中,建立資料夾來存放 \ApplicationFrameworks 資源。In the shared folder, create a folder to store the \ApplicationFrameworks resources in case you want to use them. 例如,C:\ApplicationData\Virtual Machine Manager Cloud Resources\ApplicationFrameworks。For example C:\ApplicationData\Virtual Machine Manager Cloud Resources\ApplicationFrameworks. 共用資料夾,讓您可以將它新增為程式庫共用。Share the folder so that you can add it as a library share. 請注意,共用資料夾不能在預設程式庫共用路徑中。Note that the shared folder can't be in the default library share path. 您無法新增現有程式庫共用路徑中的程式庫共用。You can't add a library shares that's in the path of an existing library share.
  3. 將 \ApplicationFrameworks 資料夾從預設程式庫共用複製到您為私人雲端資源建立的共用。Copy the \ApplicationFrameworks folder from the default library share to the share you created for private cloud resources.
  4. 將共用新增至 VMM 程式庫。Add the share to the VMM library. 在 [程式庫] > [程式庫伺服器] > [新增程式庫共用] 中,選取您要新增至程式庫的每個共用資料夾。In Library > Library Server > Add Library Share, select each shared folder you want to add to the library. 確認共用已新增至 [程式庫伺服器] 。Verify that the share is added in Library Servers.
  5. 若要將唯讀共用新增至私人雲端,請開啟 [VM 和服務] > [雲端],然後選取您要更新的私人雲端。To add the read-only share to a private clouds open VMs and Services > clouds, and select the private cloud you want to update.
  6. 在雲端中,按一下 [資料夾] > [內容] > [程式庫] > [唯讀程式庫共用] > [新增] 。In the cloud, click Folder > Properties > Library > Read-only library shares > Add.

讓自助使用者共用資源Enable self-service users to share resources

若要讓具有 [撰寫] 動作的自助使用者共用他們所建立的資源,您必須建立資料夾來存放共用資源,然後啟用自助使用者角色的資源共用。To enable self-service users with the Author action to share resources they create you need to create a folder to store shared resources, and then enable resource sharing for the self-service user role.

建立資料夾來共用使用者資源Create a folder to share user resources

設定自助使用者角色的使用者資料路徑,並授與資料夾的讀取/寫入權限。Configure a user data path for the self-service user role, and grant read/write permission on the folder.

  1. 建立資料夾來存放將由自助使用者共用的所有資源。Create a folder to store all resources that will be shared by self-service users. 例如,C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data。For example, C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data.

  2. 在該資料夾中,建立子資料夾來存放自助使用者角色的資源。Within that folder, create a subfolder to store resources for the self-service user role. 例如:C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers。For example: C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers.

  3. 然後在該子資料夾中,建立第三層子資料夾來存放您將在此案例中使用之所有虛擬應用程式版本的所有應用程式套件。Then within that subfolder, create a third-level subfolder to store all the application packages for all releases of the virtual application that you will use in this scenario. 例如:C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers<MyApplication>。For example: C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers<MyApplication>.

  4. 在該子資料夾中,建立第四層子資料夾來存放初次發行之服務的應用程式套件。In that subfolder, create a fourth-level subfolder to store the application package for the first release of the service. 例如:C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers<MyApplication>\MyApplication v1>。For example: C:\ProgramData\Virtual Machine Manager Cloud Resources\Self-Service User Data\Finance Service Managers<MyApplication>\MyApplication v1>.

    每次您使用 Server App-V 更新並重新排序應用程式時,您都需要將新的應用程式套件存放至個別資料夾。Each time you update and re-sequence an application by using Server App-V, you will need to store the new application package in a separate folder.

  5. 若要讓自助使用者角色成員存取資源,並將自己的資源上傳至資料夾,請將資料夾的讀取/寫入權限授與所有成員。To enable members of the self-service user role to access the resources and upload their own resources to the folder, grant all members read/write permission on the folder.

  6. 如有需要,請共用包含所有自助使用者角色之使用者資料的資料夾,然後將共用新增至 VMM 程式庫。If needed, share the folder that contains user data for all self-service user roles, and then add the share to the VMM library. 使用者資料路徑必須在程式庫共用上,才能指派給自助使用者角色。To be assigned to a self-service user role, a user data path must be on a library share.

  7. 請依照下列方式設定自助使用者角色的路徑:Configure the path for a self-service user role as follows:

    1. 在 [設定] > [安全性] > [使用者角色] 中,按一下自助使用者角色。In Settings > Security > User Roles, click the self-service user role.
    2. 在 [使用者角色] 群組中,按一下 [內容] > [資源] 。In the User Role group, click Properties > Resource.
    3. 瀏覽並選取將保留共用資源的資料夾。Browse and select the folder that will hold the shared resources. 儲存變更之後,資料路徑會新增至程式庫。After you save the changes, the data path is added to the library. 確認 [程式庫] > [自助使用者內容] 中的路徑。Verify the path in Library > Self-Service User Content.

為自助使用者啟用共用Enable sharing for self-service users

若要與其他自助使用者角色成員共用資源,您需要下列各項:To share a resource with a member of another self-service user role, you need the following:

  • 共用資源的自助使用者必須是資源的擁有者。The self-service user who shares the resource must be the owner of the resource.
  • 資源擁有者必須屬於已指派 [共用] 動作的自助使用者角色。The resource owner must belong to a self-service user role that has been assigned the Share action.
  • 資源接收者必須屬於已指派 [接收] 動作的自助使用者角色。The resource receiver must belong to a self-service user role that has been assigned the Receive action.

請依照下列方式啟用資源共用:Enable resource sharing as follows:

  1. 按一下 [設定] > [安全性] > [使用者角色],然後按一下您要啟用資源共用的自助使用者角色。Click Settings > Security > User Roles, and click the self-service user role for which you want to enable resource sharing.
  2. 在 [使用者角色] 群組中,按一下 [內容] 。In the User Role group, click Properties.
  3. 在 [動作] 中,選取 [共用] ,然後按一下 [確定] 。In Actions, select Share, and then click OK. 此自助使用者角色成員現在可以與已指派 [接收] 動作的任何自助使用者角色成員共用自己的資源。Members of this self-service user role can now share their own resources with members of any self-service user role that has the Receive action assigned to it.
  4. 若要設定具有 [接收] 動作的使用者角色,請選取角色 > [內容] > [動作] ,然後選取 [接收] 。To configure a user role with the Receive action, select the role > Properties > Action, and select Receive.