部署 Network Controller 使用 Windows PowerShellDeploy Network Controller using Windows PowerShell

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

本主題提供部署 Network Controller 一或多個虛擬在電腦上 (Vm) 是執行 Windows Server 2016 使用 Windows PowerShell 指示。This topic provides instructions on using Windows PowerShell to deploy Network Controller on one or more virtual machines (VMs) that are running Windows Server 2016.

重要

不要部署實體主機上的 Network Controller 伺服器角色。Do not deploy the Network Controller server role on physical hosts. 若要部署 Network Controller,您必須安裝網路控制站伺服器角色 HYPER-V 一樣上 (VM) HYPER-V 主機上安裝。To deploy Network Controller, you must install the Network Controller server role on a Hyper-V virtual machine (VM) that is installed on a Hyper-V host. 有三種不同的 Hyper\ HYPER-V 主機上 Vm 上安裝 Network Controller 之後,您必須讓 Hyper\ HYPER-V 主機的網路軟體定義 (SDN) 加到使用 Windows PowerShell 命令 Network Controller 的主機新-NetworkControllerServerAfter you have installed Network Controller on VMs on three different Hyper-V hosts, you must enable the Hyper-V hosts for Software Defined Networking (SDN) by adding the hosts to Network Controller using the Windows PowerShell command New-NetworkControllerServer. 如此一來,您會讓 SDN 軟體負載平衡器函式。By doing so, you are enabling the SDN Software Load Balancer to function. 如需詳細資訊,請查看新-NetworkControllerServerFor more information, see New-NetworkControllerServer.

本主題包含下列各節。This topic contains the following sections.

安裝網路控制站伺服器角色Install the Network Controller server role

您可以使用此程序上一樣,安裝 Network Controller 伺服器角色 (VM)。You can use this procedure to install the Network Controller server role on a virtual machine (VM).

重要

不要部署實體主機上的 Network Controller 伺服器角色。Do not deploy the Network Controller server role on physical hosts. 若要部署 Network Controller,您必須安裝網路控制站伺服器角色 HYPER-V 一樣上 (VM) HYPER-V 主機上安裝。To deploy Network Controller, you must install the Network Controller server role on a Hyper-V virtual machine (VM) that is installed on a Hyper-V host. 有三種不同的 Hyper\ HYPER-V 主機上 Vm 上安裝 Network Controller 之後,您必須讓 Hyper\ HYPER-V 主機的網路軟體定義 (SDN) 加到 Network Controller 的主機。After you have installed Network Controller on VMs on three different Hyper-V hosts, you must enable the Hyper-V hosts for Software Defined Networking (SDN) by adding the hosts to Network Controller. 如此一來,您會讓 SDN 軟體負載平衡器函式。By doing so, you are enabling the SDN Software Load Balancer to function.

資格在系統管理員,或相當於,才能執行此程序最小值。Membership in Administrators, or equivalent, is the minimum required to perform this procedure.

注意

如果您想要使用 Windows PowerShell 而的伺服器管理員安裝網路控制器,請查看安裝使用伺服器管理員 Network Controller 伺服器角色If you want to use Server Manager instead of Windows PowerShell to install Network Controller, see Install the Network Controller server role using Server Manager

若要使用 Windows PowerShell 來安裝網路控制器,請在 Windows PowerShell 命令提示字元中,輸入下列命令,然後按 ENTER 鍵。To install Network Controller by using Windows PowerShell, type the following commands at a Windows PowerShell prompt, and then press ENTER.

Install-WindowsFeature -Name NetworkController -IncludeManagementTools

安裝 Network Controller 需要重新開機。Installation of Network Controller requires that you restart the computer. 若要這樣做,請輸入下列命令,,然後按 ENTER 鍵。To do so, type the following command, and then press ENTER.

Restart-Computer

設定 Network Controller 叢集Configure the Network Controller cluster

Network Controller 叢集提供可用性和延展性 Network Controller 應用程式,在建立叢集之後,您可以設定和的位於叢集上方。The Network Controller cluster provides high availability and scalability to the Network Controller application, which you can configure after creating the cluster, and which is hosted on top of the cluster.

注意

您可以執行程序下列章節直接在 VM 位置安裝網路控制器,或您可以使用遠端伺服器管理工具的 Windows Server 2016 來執行從遠端電腦是執行 Windows 10 或 Windows Server 2016 的程序。You can perform the procedures in the following sections either directly on the VM where you installed Network Controller, or you can use the Remote Server Administration Tools for Windows Server 2016 to perform the procedures from a remote computer that is running either Windows Server 2016 or Windows 10. 此外,在成員資格系統管理員,或相當於,才能執行此程序最小值。In addition, membership in Administrators, or equivalent, is the minimum required to perform this procedure. 如果 VM 時,您可以安裝 Network Controller 的電腦已經加入網域,您的使用者帳號必須成員的網域使用者If the computer or VM upon which you installed Network Controller is joined to a domain, your user account must be a member of Domain Users.

您可以建立節點物件,然後叢集的設定來建立 Network Controller 叢集。You can create a Network Controller cluster by creating a node object and then configuring the cluster.

建立節點物件Create a node object

您需要為每個成員叢集 Network Controller 的 VM 建立節點物件。You need to create a node object for each VM that is a member of the Network Controller cluster.

若要建立節點物件的 Windows PowerShell 命令提示字元中,輸入下列命令,然後按 ENTER 鍵。To create a node object, type the following command at the Windows PowerShell command prompt, and then press ENTER. 請確定您新增的每個參數值適用於您的部署。Ensure that you add values for each parameter that are appropriate for your deployment.

New-NetworkControllerNodeObject -Name <string> -Server <String> -FaultDomain <string>-RestInterface <string> [-NodeCertificate <X509Certificate2>]

下表中提供的每個參數描述新-NetworkControllerNodeObject命令。The following table provides descriptions for each parameter of the New-NetworkControllerNodeObject command.

參數Parameter 描述Description
名稱Name 名稱參數指定您要新增到叢集伺服器的易記名稱The Name parameter specifies the friendly name of the server that you want to add to the cluster
伺服器Server 伺服器參數指定主機名稱、完全完整網域名稱 (FQDN) 或您想要新增到叢集伺服器的 IP 位址。The Server parameter specifies the host name, Fully Qualified Domain Name (FQDN), or IP address of the server that you want to add to the cluster. 加入網域的電腦,則需要 FQDN。For domain-joined computers, FQDN is required.
FaultDomainFaultDomain FaultDomain參數指定的伺服器叢集您要加入的網域失敗。The FaultDomain parameter specifies the failure domain for the server that you are adding to the cluster. 此參數定義的伺服器,可能會發生錯誤,同時為您新增到叢集伺服器。This parameter defines the servers that might experience failure at the same time as the server that you are adding to the cluster. 這個錯誤可能會因為電力和來源網路共用實體相依性。This failure might be due to shared physical dependencies such as power and networking sources. 錯誤網域通常表示階層有關更多伺服器可能會失敗在一起從高點錯誤網域樹與這些共用相依性。Fault domains typically represent hierarchies that are related to these shared dependencies, with more servers likely to fail together from a higher point in the fault domain tree. 在執行階段 Network Controller 認為錯誤網域中叢集,並嘗試分散 Network Controller 的服務,讓它們在不同的錯誤的網域。During runtime, Network Controller considers the fault domains in the cluster and attempts to spread out the Network Controller services so that they are in separate fault domains. 此程序可協助確保受到不到該 service 和其狀態的可用性、的任何一項錯誤網域故障。This process helps ensure, in case of failure of any one fault domain, that the availability of that service and its state is not compromised. 錯誤網域詳列於階層格式。Fault domains are specified in a hierarchical format. 例如:「Fd: / Host1 日 Rack1 DC1 日」、位置 DC1 是 datacenter 名稱、Rack1 是架名稱,以及 Host1 是放置節點主機的名稱。For example: "Fd:/DC1/Rack1/Host1", where DC1 is the datacenter name, Rack1 is the rack name and Host1 is the name of the host where the node is placed.
RestInterfaceRestInterface RestInterface參數指定位置終止代表狀態傳輸(將)通訊節點上的介面的名稱。The RestInterface parameter specifies the name of the interface on the node where the Representational State Transfer (REST) communication is terminated. 這個 Network Controller 介面從網路管理層接收 Northbound API 要求。This Network Controller interface receives Northbound API requests from the network's management layer.
NodeCertificateNodeCertificate NodeCertificate參數指定使用電腦驗證 Network Controller 的憑證。The NodeCertificate parameter specifies the certificate that Network Controller uses for computer authentication. 如果您使用的憑證以驗證叢集; 通訊,則需要憑證憑證也可用於 Network Controller 服務間的流量加密。The certificate is required if you use certificate-based authentication for communication within the cluster; the certificate is also used for encryption of traffic between Network Controller services. 憑證主體名稱必須是節點的相同 DNS 名稱。The certificate subject name must be same as the DNS name of the node.

設定叢集Configure the cluster

若要設定叢集的 Windows PowerShell 命令提示字元中,輸入下列命令,然後按 ENTER 鍵。To configure the cluster, type the following command at the Windows PowerShell command prompt, and then press ENTER. 請確定您新增的每個參數值適用於您的部署。Ensure that you add values for each parameter that are appropriate for your deployment.

Install-NetworkControllerCluster -Node <NetworkControllerNode[]> -ClusterAuthentication <ClusterAuthentication> [-ManagementSecurityGroup <string>][-DiagnosticLogLocation <string>][-LogLocationCredential <PSCredential>] [-CredentialEncryptionCertificate <X509Certificate2>][-Credential <PSCredential>][-CertificateThumbprint <String>] [-UseSSL][-ComputerName <string>][-LogSizeLimitInMBs<UInt32>] [-LogTimeLimitInDays<UInt32>]

下表中提供的每個參數描述安裝-NetworkControllerCluster命令。The following table provides descriptions for each parameter of the Install-NetworkControllerCluster command.

參數Parameter 描述Description
ClusterAuthenticationClusterAuthentication ClusterAuthentication參數指定驗證類型用於節點間通訊的保護,也可用於 Network Controller 服務間的流量加密。The ClusterAuthentication parameter specifies the authentication type that is used for securing the communication between nodes and is also used for encryption of traffic between Network Controller services. 支援的值為KerberosX509The supported values are Kerberos, X509 and None. F:kerberos 驗證使用網域帳號,並只能加入網域 Network Controller 節點時使用。Kerberos authentication uses domain accounts and can only be used if the Network Controller nodes are domain joined. 若您指定 X509 為基礎的驗證,您必須提供中 NetworkControllerNode 物件的憑證。If you specify X509-based authentication, you must provide a certificate in the NetworkControllerNode object. 此外,您必須手動提供憑證之前您執行這個命令。In addition, you must manually provision the certificate before you run this command.
ManagementSecurityGroupManagementSecurityGroup ManagementSecurityGroup參數指定包含使用者可從遠端電腦上執行管理 cmdlet 安全性群組的名稱。The ManagementSecurityGroup parameter specifies the name of the security group that contains users that are allowed to run the management cmdlets from a remote computer. 這只有 Kerberos ClusterAuthentication 是否適用。This is only applicable if ClusterAuthentication is Kerberos. 您必須指定網域安全性群組並不安全性群組本機電腦上。You must specify a domain security group and not a security group on the local computer.
節點Node 節點參數指定清單中,使用您建立網路控制器節點新-NetworkControllerNodeObject命令。The Node parameter specifies the list of Network Controller nodes that you created by using the New-NetworkControllerNodeObject command.
DiagnosticLogLocationDiagnosticLogLocation DiagnosticLogLocation參數指定分享位置診斷登會定期上載。The DiagnosticLogLocation parameter specifies the share location where the diagnostic logs are periodically uploaded. 如果您不指定的值此參數,登的每個節點上儲存在本機。If you do not specify a value for this parameter, the logs are stored locally on each node. 登入資料夾 %systemdrive%\windows\tracing\sdndiagnostics 儲存在本機。Logs are stored locally in the folder %systemdrive%\Windows\tracing\SDNDiagnostics. 叢集登入資料夾 %systemdrive%\ProgramData\Microsoft\Service Fabric\log\Traces 儲存在本機。Cluster logs are stored locally in the folder %systemdrive%\ProgramData\Microsoft\Service Fabric\log\Traces.
LogLocationCredentialLogLocationCredential LogLocationCredential參數指定的認證所需的存取共用位置登的儲存位置。The LogLocationCredential parameter specifies the credentials that are required for accessing the share location where the logs are stored.
CredentialEncryptionCertificateCredentialEncryptionCertificate CredentialEncryptionCertificate參數指定憑證 Network Controller 使用加密用於存取網路控制器二進位檔認證和LogLocationCredential,如果指定。The CredentialEncryptionCertificate parameter specifies the certificate that Network Controller uses to encrypt the credentials that are used to access Network Controller binaries and the LogLocationCredential, if specified. 上的所有網路控制器節點之前執行這個命令時,您必須都提供憑證,必須相同的憑證退出所有叢集節點上。The certificate must be provisioned on all of the Network Controller nodes before you run this command, and the same certificate must be enrolled on all of the cluster nodes. 建議使用此參數保護 Network Controller 二進位檔和登 production 環境中。Using this parameter to protect Network Controller binaries and logs is recommended in production environments. 此參數,而認證儲存在明文,可以濫用任何未經授權使用者。Without this parameter, the credentials are stored in clear text and can be misused by any unauthorized user.
認證Credential 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. 認證參數指定帳號的目標電腦上執行此命令的權限。The Credential parameter specifies a user account that has permission to run this command on the target computer.
CertificateThumbprintCertificateThumbprint 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. CertificateThumbprint參數指定的數位公開金鑰憑證 (X509) 帳號的目標電腦上執行此命令的權限。The CertificateThumbprint parameter specifies the digital public key certificate (X509) of a user account that has permission to run this command on the target computer.
UseSSLUseSSL 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. UseSSL參數指定用來建立連接到遠端電腦的安全通訊端層 (SSL) 通訊協定。The UseSSL parameter specifies the Secure Sockets Layer (SSL) protocol that is used to establish a connection to the remote computer. 根據預設,不使用 SSL。By default, SSL is not used.
電腦名稱ComputerName 電腦名稱參數指定 Network Controller 節點是執行這個命令。The ComputerName parameter specifies the Network Controller node on which this command is run. 如果您不指定的值此參數,預設為使用本機電腦。If you do not specify a value for this parameter, the local computer is used by default.
LogSizeLimitInMBsLogSizeLimitInMBs 此參數指定登入最大大小 (mb),可儲存 Network Controller。This parameter specifies the maximum log size, in MB, that Network Controller can store. 登會儲存在循環的方式。Logs are stored in circular fashion. 如果提供 DiagnosticLogLocation,此參數預設值是 40 GB。If DiagnosticLogLocation is provided, the default value of this parameter is 40 GB. 未提供 DiagnosticLogLocation,如果登會儲存到網路控制器節點和此參數預設值為 15 GB。If DiagnosticLogLocation is not provided, the logs are stored on the Network Controller nodes and the default value of this parameter is 15 GB.
LogTimeLimitInDaysLogTimeLimitInDays 此參數指定的時間限制,天,儲存的登入。This parameter specifies the duration limit, in days, for which the logs are stored. 登會儲存在循環的方式。Logs are stored in circular fashion. 此參數預設值是 3 天。The default value of this parameter is 3 days.

Network Controller 應用程式設定Configure the Network Controller application

若要設定 Network Controller 應用程式的 Windows PowerShell 命令提示字元中,輸入下列命令,然後按 ENTER 鍵。To configure the Network Controller application, type the following command at the Windows PowerShell command prompt, and then press ENTER. 請確定您新增的每個參數值適用於您的部署。Ensure that you add values for each parameter that are appropriate for your deployment.

Install-NetworkController -Node <NetworkControllerNode[]> -ClientAuthentication <ClientAuthentication>  [-ClientCertificateThumbprint <string[]>]  [-ClientSecurityGroup <string>] -ServerCertificate <X509Certificate2> [-RESTIPAddress <String>] [-RESTName <String>] [-Credential <PSCredential>][-CertificateThumbprint <String> ] [-UseSSL]

下表中提供的每個參數描述安裝-NetworkController命令。The following table provides descriptions for each parameter of the Install-NetworkController command.

參數Parameter 描述Description
ClientAuthenticationClientAuthentication ClientAuthentication參數指定用於保護其餘和 Network Controller 間通訊的驗證類型。The ClientAuthentication parameter specifies the authentication type that is used for securing the communication between REST and Network Controller. 支援的值為KerberosX509The supported values are Kerberos, X509 and None. F:kerberos 驗證使用網域帳號,並只能加入網域 Network Controller 節點時使用。Kerberos authentication uses domain accounts and can only be used if the Network Controller nodes are domain joined. 若您指定 X509 為基礎的驗證,您必須提供中 NetworkControllerNode 物件的憑證。If you specify X509-based authentication, you must provide a certificate in the NetworkControllerNode object. 此外,您必須手動提供憑證之前您執行這個命令。In addition, you must manually provision the certificate before you run this command.
節點Node 節點參數指定清單中,使用您建立網路控制器節點新-NetworkControllerNodeObject命令。The Node parameter specifies the list of Network Controller nodes that you created by using the New-NetworkControllerNodeObject command.
ClientCertificateThumbprintClientCertificateThumbprint 您的網路控制器戶端使用憑證式驗證時,只需要此參數。This parameter is required only when you are using certificate-based authentication for Network Controller clients. ClientCertificateThumbprint參數指定指紋已退出以戶端 Northbound 層上的憑證。The ClientCertificateThumbprint parameter specifies the thumbprint of the certificate that is enrolled to clients on the Northbound layer.
伺服器憑證ServerCertificate 伺服器憑證參數指定其身份戶端用於 Network Controller 的憑證。The ServerCertificate parameter specifies the certificate that Network Controller uses to prove its identity to clients. 伺服器的憑證必須伺服器驗證目的納入增強金鑰使用方法的擴充功能,並必須發給 Network Controller 信任的樹系用 ca。The server certificate must include the Server Authentication purpose in Enhanced Key Usage extensions, and must be issued to Network Controller by a CA that is trusted by clients.
RESTIPAddressRESTIPAddress 您不需要指定的值為RESTIPAddress節點單一的部署 Network Controller。You do not need to specify a value for RESTIPAddress with a single node deployment of Network Controller. 對於多節點部署,請RESTIPAddress參數指定 IP 位址的其餘部分端點 CIDR 表示法中。For multiple-node deployments, the RESTIPAddress parameter specifies the IP address of the REST endpoint in CIDR notation. 例如,192.168.1.10 24。For example, 192.168.1.10/24. 主體名稱為伺服器憑證必須解析的值為RESTIPAddress的參數。The Subject Name value of ServerCertificate must resolve to the value of the RESTIPAddress parameter. 所有節點上相同的子網路時必須此參數都指定所有多節點 Network Controller 部署。This parameter must be specified for all multiple-node Network Controller deployments when all of the nodes are on the same subnet. 如果節點上不同子網路,您必須使用RestName參數,而不要使用RESTIPAddressIf nodes are on different subnets, you must use the RestName parameter instead of using RESTIPAddress.
RestNameRestName 您不需要指定的值為RestName節點單一的部署 Network Controller。You do not need to specify a value for RestName with a single node deployment of Network Controller. 唯一必須指定的值RestName當多節點部署有不同子網路上的節點。The only time you must specify a value for RestName is when multiple-node deployments have nodes that are on different subnets. 對於多節點部署,請RestName參數指定叢集 Network Controller 的 FQDN。For multiple-node deployments, the RestName parameter specifies the FQDN for the Network Controller cluster.
ClientSecurityGroupClientSecurityGroup ClientSecurityGroup參數指定 Active Directory 安全性群組成員是戶端 Network Controller 的名稱。The ClientSecurityGroup parameter specifies the name of the Active Directory security group whose members are Network Controller clients. 這是必要參數只有當您使用 F:kerberos 驗證適用於ClientAuthenticationThis parameter is required only if you use Kerberos authentication for ClientAuthentication. 安全性群組必須包含從中存取 REST Api,帳號,您必須建立安全性群組和新增成員,才能執行這個命令。The security group must contain the accounts from which the REST APIs are accessed, and you must create the security group and add members before running this command.
認證Credential 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. 認證參數指定帳號的目標電腦上執行此命令的權限。The Credential parameter specifies a user account that has permission to run this command on the target computer.
CertificateThumbprintCertificateThumbprint 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. CertificateThumbprint參數指定的數位公開金鑰憑證 (X509) 帳號的目標電腦上執行此命令的權限。The CertificateThumbprint parameter specifies the digital public key certificate (X509) of a user account that has permission to run this command on the target computer.
UseSSLUseSSL 這是必要參數只有當您正在執行這個命令的遠端電腦。This parameter is required only if you are running this command from a remote computer. UseSSL參數指定用來建立連接到遠端電腦的安全通訊端層 (SSL) 通訊協定。The UseSSL parameter specifies the Secure Sockets Layer (SSL) protocol that is used to establish a connection to the remote computer. 根據預設,不使用 SSL。By default, SSL is not used.

Network Controller 應用程式的設定完成之後,您的部署 Network Controller 的已完成。After you complete the configuration of the Network Controller application, your deployment of Network Controller is complete.

網路控制器部署驗證Network Controller deployment validation

如果要驗證您的網路控制器部署,您可以新增 Network Controller 認證,並擷取 credential。To validate your Network Controller deployment, you can add a credential to the Network Controller and then retrieve the credential.

如果您使用 Kerberos 做為 ClientAuthentication 機制,成員資格在ClientSecurityGroup您建立是的最低需求才能執行此程序。If you are using Kerberos as the ClientAuthentication mechanism, membership in the ClientSecurityGroup that you created is the minimum required to perform this procedure.

若要驗證 Network Controller 的部署To validate deployment of Network Controller

  1. Client 的電腦上,如果您使用 Kerberos 做為 ClientAuthentication 機制,登入的使用者 account 的成員,您ClientSecurityGroupOn a client computer, if you are using Kerberos as the ClientAuthentication mechanism, log on with a user account that is a member of your ClientSecurityGroup.

  2. 打開 Windows PowerShell 輸入下列命令,以新增到網路控制器,請認證,然後按 ENTER 鍵。Open Windows PowerShell, type the following commands to add a credential to Network Controller, and then press ENTER. 請確定您新增的每個參數值適用於您的部署。Ensure that you add values for each parameter that are appropriate for your deployment.

    $cred=New-Object Microsoft.Windows.Networkcontroller.credentialproperties
    $cred.type="usernamepassword"
    $cred.username="admin"
    $cred.value="abcd"
    
    New-NetworkControllerCredential -ConnectionUri https://networkcontroller -Properties $cred -ResourceId cred1
    
  3. 若要擷取的認證,您新增到網路控制器,請輸入下列命令,,然後按 ENTER 鍵。To retrieve the credential that you added to Network Controller, type the following command, and then press ENTER. 請確定您新增的每個參數值適用於您的部署。Ensure that you add values for each parameter that are appropriate for your deployment.

    Get-NetworkControllerCredential -ConnectionUri https://networkcontroller -ResourceId cred1  
    
  4. 檢視命令的輸出之後,應該類似下列範例輸出。Review the command output, which should be similar to the following example output.

    Tags                   :
    ResourceRef     : /credentials/cred1
    CreatedTime    : 1/1/0001 12:00:00 AM
    InstanceId        : e16ffe62-a701-4d31-915e-7234d4bc5a18
    Etag                  : W/"1ec59631-607f-4d3e-ac78-94b0822f3a9d"
    ResourceMetadata :
    ResourceId       : cred1
    Properties       : Microsoft.Windows.NetworkController.CredentialProperties
    

    注意

    當您執行取得-NetworkControllerCredential命令時,您也可以使用點電信業者清單的認證屬性變數指派命令的輸出。When you run the Get-NetworkControllerCredential command, you can assign the output of the command to a variable by using the dot operator to list the properties of the credentials. 例如,$cred。屬性。For example, $cred.Properties.

Network Controller 的其他 Windows PowerShell 命令Additional Windows PowerShell commands for Network Controller

部署 Network Controller 之後,您可以使用 Windows PowerShell 命令管理和修改您的部署。After you deploy Network Controller, you can use Windows PowerShell commands to manage and modify your deployment. 以下是一些變更,您可以讓您的部署。Following are some of the changes that you can make to your deployment.

  • 修改 Network Controller] 節點、叢集,以及應用程式設定Modify Network Controller node, cluster, and application settings

  • 移除 Network Controller 叢集和應用程式Remove the Network Controller cluster and application

  • 管理網路控制器叢集節點,包括新增、移除、讓,以及停用節點。Manage Network Controller cluster nodes, including adding, removing, enabling, and disabling nodes.

下表會提供的語法 Windows PowerShell 命令,您可以使用完成這些工作。The following table provides the syntax for Windows PowerShell commands that you can use to accomplish these tasks.

工作Task 命令Command 語法Syntax
修改 Network Controller 叢集設定Modify Network Controller cluster settings Set-NetworkControllerClusterSet-NetworkControllerCluster Set-NetworkControllerCluster [-ManagementSecurityGroup <string>][-Credential <PSCredential>] [-computerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
修改 Network Controller 的應用程式設定Modify Network Controller application settings Set-NetworkControllerSet-NetworkController Set-NetworkController [-ClientAuthentication <ClientAuthentication>] [-Credential <PSCredential>] [-ClientCertificateThumbprint <string[]>] [-ClientSecurityGroup <string>] [-ServerCertificate <X509Certificate2>] [-RestIPAddress <String>] [-ComputerName <String>][-CertificateThumbprint <String> ] [-UseSSL]
修改 Network Controller 節點設定Modify Network Controller node settings Set-NetworkControllerNodeSet-NetworkControllerNode Set-NetworkControllerNode -Name <string> > [-RestInterface <string>] [-NodeCertificate <X509Certificate2>] [-Credential <PSCredential>] [-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
修改 Network Controller 診斷設定Modify Network Controller diagnostic settings Set-NetworkControllerDiagnosticSet-NetworkControllerDiagnostic Set-NetworkControllerDiagnostic [-LogScope <string>] [-DiagnosticLogLocation <string>] [-LogLocationCredential <PSCredential>] [-UseLocalLogLocation] >] [-LogLevel <loglevel>][-LogSizeLimitInMBs <uint32>] [-LogTimeLimitInDays <uint32>] [-Credential <PSCredential>] [-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
移除 Network Controller 的應用程式Remove the Network Controller application Uninstall-NetworkControllerUninstall-NetworkController Uninstall-NetworkController [-Credential <PSCredential>][-ComputerName <string>] [-CertificateThumbprint <String> ] [-UseSSL]
移除 Network Controller 叢集Remove the Network Controller cluster Uninstall-NetworkControllerClusterUninstall-NetworkControllerCluster Uninstall-NetworkControllerCluster [-Credential <PSCredential>][-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
將節點新增至 Network Controller 叢集Add a node to the Network Controller cluster Add-NetworkControllerNodeAdd-NetworkControllerNode Add-NetworkControllerNode -FaultDomain <String> -Name <String> -RestInterface <String> -Server <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-Force] [-NodeCertificate <X509Certificate2> ] [-PassThru] [-UseSsl]
停用 Network Controller 叢集節點Disable a Network Controller cluster node Disable-NetworkControllerNodeDisable-NetworkControllerNode Disable-NetworkControllerNode -Name <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-PassThru] [-UseSsl]
讓 Network Controller 叢集節點Enable a Network Controller cluster node Enable-NetworkControllerNodeEnable-NetworkControllerNode Enable-NetworkControllerNode -Name <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-PassThru] [-UseSsl]
移除 Network Controller 節點從叢集Remove a Network Controller node from a cluster Remove-NetworkControllerNodeRemove-NetworkControllerNode Remove-NetworkControllerNode [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-Force] [-Name <String> ] [-PassThru] [-UseSsl]

注意

Windows PowerShell 命令 Network Controller 的於 TechNet Library 在網路控制器 CmdletWindows PowerShell commands for Network Controller are in the TechNet Library at Network Controller Cmdlets.

範例 Network Controller 設定指令碼Sample Network Controller configuration script

下列範例組態指令碼示範如何建立多個節點 Network Controller 叢集並安裝控制器網路應用程式。The following sample configuration script shows how to create a multi-node Network Controller cluster and install the Network Controller application. 此外,$cert 變數選取憑證從本機電腦的憑證存放區符合主體名稱字串」networkController.contoso.com」。In addition, the $cert variable selects a certificate from the local computer certificates store that matches the subject name string "networkController.contoso.com".

$a = New-NetworkControllerNodeObject -Name Node1 -Server NCNode1.contoso.com -FaultDomain fd:/rack1/host1 -RestInterface Internal
$b = New-NetworkControllerNodeObject -Name Node2 -Server NCNode2.contoso.com -FaultDomain fd:/rack1/host2 -RestInterface Internal
$c = New-NetworkControllerNodeObject -Name Node3 -Server NCNode3.contoso.com -FaultDomain fd:/rack1/host3 -RestInterface Internal

$cert= get-item Cert:\LocalMachine\My | get-ChildItem | where {$_.Subject -imatch "networkController.contoso.com" }

Install-NetworkControllerCluster -Node @($a,$b,$c)  -ClusterAuthentication Kerberos -DiagnosticLogLocation \\share\Diagnostics - ManagementSecurityGroup Contoso\NCManagementAdmins -CredentialEncryptionCertificate $cert  
Install-NetworkController -Node @($a,$b,$c) -ClientAuthentication Kerberos -ClientSecurityGroup Contoso\NCRESTClients -ServerCertificate $cert -RestIpAddress 10.0.0.1/24

部署後續步驟的非-Kerberos 部署Post-Deployment Steps For non-Kerberos Deployments

如果您不使用 Kerberos Network Controller 部署,您必須將憑證部署。If you are not using Kerberos with your Network Controller deployment, you must deploy certificates.

如需詳細資訊,請查看部署後步驟 Network Controller 的For more information, see Post-Deployment Steps for Network Controller.