Windows Server 軟體定義資料中心Windows Server Software-Defined Datacenter

適用於︰Windows Server 2016Applies To: Windows Server 2016

什麼是 Windows Server 軟體定義資料中心?What is Windows Server Software-Defined Datacenter?

軟體定義資料中心 (SDDC) 為常見業界術語,一般是指所有基礎結構皆已虛擬化的資料中心。Software-Defined Datacenter (SDDC) is a common industry term that generally refers to a datacenter where all of the infrastructure is virtualized. 虛擬化是關鍵,簡單意思就是資料中心的硬體與軟體比例已擴大超出傳統的一比一。Virtualization is the key, and it simply means that the hardware and software in the datacenter expand beyond a traditional one-to-one ratio. 作業系統和應用程式可以透過軟體 Hypervisor 模擬硬體從實體硬體中撤離,並倍增構成處理器、記憶體、I/O 及網路的彈性資源集區。With a software hypervisor emulating hardware, operating systems and applications can be abstracted away from physical hardware, and multiplied to form elastic resource pools of processors, memory, I/O and networks.

Microsoft 的 SDDC 實作包含本文中提出的 Windows Server 技術。Microsoft's implementation of the SDDC consists of the Windows Server technologies highlighted in this article. 這是從 Hyper-V Hypervisor 開始實作,提供建置網路及儲存空間的虛擬化平台。It starts with the Hyper-V hypervisor that provides the virtualization platform upon which networking and storage are built. 針對虛擬化基礎結構獨特挑戰所開發的安全性技術減輕內部與外部威脅的影響。Security technologies, developed for the unique challenges of virtualized infrastructure, mitigate internal and external threats. 利用內建於 Windows Server 的 PowerShell,加上 System Center 和/或 Operations Management Suite,您就可以將佈建、部署、設定和管理程式化和自動化。With PowerShell built into Windows Server, and the addition of System Center and/or Operations Management Suite, you can program and automate provisioning, deployment, configuration and management.

內建於 Windows Server 和 System Center 的技術是 Windows Server SDDC 體驗的主要建置組塊。The technologies built into Windows Server and System Center are the main building blocks of the Windows Server SDDC experience. 但即使是虛擬化平台,底層仍需要正確的硬體來支援。But even though it's a virtualized platform, it still requires the right hardware underneath. 參與 Windows Server 軟體定義 (WSSD) 解決方案計畫的 Microsoft 合作夥伴程式可以協助您的企業取得正確的硬體,並提前做好啟動和執行的準備。Microsoft partners participating in the Windows Server Software-Defined (WSSD) Solutions program can help your enterprise acquire the right hardware and get it up and running on day zero.

Windows Server 軟體定義 (WSSD) 解決方案Windows Server Software-Defined (WSSD) Solutions

在正確的硬體基礎結構上建置 Windows Server 軟體定義資料中心獲致成功的重要第一步。Building your Windows Server Software-Defined Datacenter on the right hardware infrastructure is a crucial first step to success. 這就是我們為什麼與 DataONFujitsuLenovoQCTSuperMicroHewlett Packard EnterpriseDell EMC 一起合作建立 Microsoft 驗證 SDDC 設計和部署最佳做法。That's why we've partnered with DataON, Fujitsu, Lenovo, QCT, SuperMicro, Hewlett Packard Enterprise and Dell EMC, to create Microsoft-validated SDDC designs and best practices for deployment. Microsoft 合作夥伴推出一系列使用 Window Server 2016 的 Windows Server 軟體定義 (WSSD) 解決方案,來提供高效能、超融合式儲存體及網路基礎結構。Microsoft partners offer an array of Windows Server Software-Defined (WSSD) solutions that work with Window Server 2016 to deliver high-performance, hyper-converged, storage and networking infrastructure. 超融合式解決方案將業界標準伺服器及元件上的運算、儲存和網路功能整合在一起,以改善資料中心智慧與控制。Hyper-converged solutions bring together compute, storage, and networking on industry-standard servers and components for improved datacenter intelligence and control.

深入了解 WSSD 解決方案Learn more about WSSD Solutions

Windows Server 虛擬化技術Windows Server virtualized technologies

本主題的其餘部分會列出 Windows Server SDDC 技術,提供每項技術相關文件的連結。The remainder of this topic lists the Windows Server SDDC technologies and provides links to the documentation for each. 下表列出這些技術:The technologies are listed in the table below:

Windows Server 超融合Windows Server, Hyper-converged

Windows Server 虛擬化技術包含 Hyper-V、Hyper-V 虛擬交換器以及受防護網狀架構與受防護的虛擬機器 (VM) 的更新,可改善安全性、延展性及可靠性。Windows Server Virtualization technologies include updates to Hyper-V, Hyper-V Virtual Switch, and Guarded Fabric and Shielded Virtual Machines (VMs), that improve security, scalability, and reliability. 容錯移轉叢集、網路功能和儲存空間的更新讓您更容易在搭配 Hyper-V 時部署和管理這些技術。Updates to failover clustering, networking, and storage make it even easier to deploy and manage these technologies when used with Hyper-V.

深入了解 Windows Server 超融合Learn more about Windows Server, Hyper-converged

Hyper-V HypervisorHyper-V Hypervisor

Hyper-V 是以適用於 Windows、以 Hypervisor 為基礎的虛擬化技術。Hyper-V is a hypervisor-based virtualization technology for Windows. Hypervisor 是虛擬化的核心。The hypervisor is core to virtualization. 這是處理器特定的虛擬化平台,可讓多個獨立的作業系統共用單一硬體平台。It is the processor-specific virtualization platform that allows multiple isolated operating systems to share a single hardware platform.

深入了解 Hyper-V HypervisorLearn more about Hyper-V Hypervisor

含共用 VHDX 的客體叢集Guest Clustering with Shared VHDX

既靈活又安全,且未繫結於底層存放裝置拓撲,共用 VHDX 不再需要向客體 OS 展示實體底層存放裝置。Flexible and secure, and not bound to the underlying storage topology, Shared VHDX removes the need to present the physical underlying storage to a guest OS. 新的共用 VHDX 支援線上調整大小功能。The new Shared VHDX supports online re-size.

  • 共用 VHDX 可以存放在區塊存放裝置或 SMB 檔案型儲存體上的叢集共用磁碟區 (CSV)。Shared VHDX can reside on a Cluster Shared Volume (CSV) on block storage, or on SMB file-based storage.
  • 受保護:共用 VHDX 支援 Hyper-V 複本和主機層級備份。Protected: Shared VHDX supports Hyper-V Replica and host-level backup.

深入了解客體叢集與共用 VHDXLearn more about Guest Clustering with Shared VHDX

Hyper-V 複本Hyper-V Replica

使用憑證以軟體為基礎的跨網路整合式 VM 複寫。Integrated software-based VM replication across the network with certificates. 未繫結至任一網站上的伺服器、網路或儲存硬體。Not bound to server, network or storage hardware on either site.

不需要其他虛擬機器複寫技術,並降低成本。No need for other virtual machine replication technologies, reducing costs.

  • 自動處理即時移轉。Handles live migration automatically.
  • 簡易設定及管理:透過 Hyper-V 管理員、PowerShell 或 Azure Site Recovery 進行。Simple configuration and management — either through Hyper-V Manager, PowerShell, or with Azure Site Recovery.

深入了解 Hyper-V 複本Learn more about Hyper-V Replica

網路控制卡Network Controller

集中式、可程式化的自動化點,可以管理、設定、監視和疑難排解資料中心的虛擬及實體網路基礎結構。A centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter.

系統管理員會使用與網路控制器直接互動的管理工具。Administrators use a Management Tool that interacts directly with Network Controller. 網路控制卡將網路基礎結構 (包括虛擬及實體基礎結構) 的相關資訊提供給管理工具。Network Controller provides information about the network infrastructure, including both virtual and physical infrastructure, to the Management Tool.

深入了解網路控制卡Learn more about Network Controller

資料中心防火牆Datacenter Firewall

當部署並提供做為服務時,租用戶系統管理員可以安裝和設定防火牆原則來協助保護虛擬網路,不受網際網路及內部網路流量的干擾。When deployed and offered as a service, tenant administrators can install and configure firewall policies to help protect virtual networks from unwanted traffic from Internet and intranet networks.

服務提供者系統管理員或租用戶系統管理員可以透過網路控制卡管理資料中心防火牆原則。The service provider administrator or the tenant administrator can manage the Datacenter Firewall policies via the network controller.

深入了解資料中心防火牆Learn More about Datacenter Firewall

交換器內嵌小組Switch Embedded Teaming

SET 是替代的 NIC 小組解決方案,您可以用於包含 Hyper-V 及軟體定義的網路功能 (SDN) 堆疊的環境中。SET is an alternative NIC Teaming solution that you can use in environments that include Hyper-V and the Software Defined Networking (SDN) stack.

深入了解交換器內嵌小組Learn more about Switch Embedded Teaming

軟體負載平衡Software Load Balancing

SLB 可讓多部伺服器裝載相同的工作負載,並提供高度可用性及延展性。SLB enables multiple servers to host the same workload, providing high availability and scalability. 在您用於其他 VM 工作負載的那部相同 Hyper-V 伺服器上使用 SLB VM,向外延展負載平衡功能。Scale out load balancing capabilities using SLB VMs on the same Hyper-V servers you use for your other VM workloads. SLB 支援快速建立和刪除雲端服務提供者作業的負載平衡端點。SLB supports the rapid creation and deletion of load balancing endpoints for Cloud Service Provider operations. SLB 支援每個叢集數十 GB、提供簡易佈建模型,並可輕鬆向外和向內延展。SLB supports tens of gigabytes per cluster, provides a simple provisioning model, and is easy to scale out and in.

深入了解軟體負載平衡Learn more about Software Load Balancing

儲存空間直接存取Storage Spaces Direct

儲存空間直接存取將業界標準伺服器與本機連結磁碟機搭配使用,只需傳統 SAN 或 NAS 陣列的一小部分成本,就能提供高可用性、高延展性的軟體定義存放裝置。Using industry-standard servers with local-attached drives, Storage Spaces Direct provides highly available, highly scalable software-defined storage at a fraction of the cost of traditional SAN or NAS arrays. 其架構大幅簡化採購與部署作業。Its architecture radically simplifies procurement and deployment.

每個節點都有本機連結的磁碟機,由儲存空間直接存取加入叢集層級的集區,然後由 VM 透過 CSV 來存取

儲存空間直接存取導入了新的軟體儲存匯流排,並利用目前在 Windows Server 中熟知的許多功能,例如容錯移轉叢集、叢集共用磁碟區 (CSV)、伺服器訊息區 (SMB) 3,以及儲存空間。Storage Spaces Direct introduces the new Software Storage Bus and leverages many of the features you know today in Windows Server, such as Failover Clustering, Cluster Shared Volumes (CSVs), Server Message Block (SMB) 3, and Storage Spaces.

深入了解儲存空間直接存取Learn more about Storage Spaces Direct

存放裝置服務品質Storage Quality of Service

使用 Hyper-V 與向外延展檔案伺服器角色來集中監視和管理虛擬機器的存放裝置效能,並改善多個虛擬機器之間的存放裝置資源公平性。Centrally monitor and manage storage performance for virtual machines using Hyper-V and the Scale-Out File Server roles, improving storage resource fairness between multiple virtual machines.

存放裝置 QoS 內建於向外延展檔案伺服器與 Hyper-V 使用 SMB3 通訊協定所提供的 Microsoft 軟體定義存放裝置解決方案。Storage QoS is built into the Microsoft software-defined storage solution provided by Scale-Out File Server and Hyper-V using SMB3 protocol. 新的原則管理員提供中央存放裝置效能監視。A new Policy Manager provides central storage performance monitoring.

深入了存放裝置 QoSLearn more about Storage QoS

儲存體複本Storage Replica

災害復原和準備更有效率地利用多個資料中心,透過同步保護位於不同機架、樓層、建物、校區及城市及國家/地區之資料的功能,使資料零遺失變成可能。Disaster recovery and preparedness make possible zero data loss, with the ability to synchronously protect data on different racks, floors, buildings, campuses, cities, and countries with more efficient use of multiple datacenters.

同步複寫Synchronous Replication

  1. 應用程式寫入資料Application writes data
  2. 記錄檔資料已寫入,且資料已複寫至遠端站台Log data is written and the data is replicated to the remote site
  3. 記錄檔資料已在遠端站台寫入Log data is written at the remote site
  4. 遠端站台做出確認Acknowledgement from the remote site
  5. 應用程式寫入已確認Application write acknowledged

t & t1︰資料排清到磁碟區,記錄檔一律寫入t & t1 : Data flushed to the volume, logs always write through

深入了解儲存體複本Learn more about Storage Replica

受防護網狀架構Guarded fabric

身為雲端服務提供者或企業私人雲端系統管理員,您可以使用受防護網狀架構為 VM 提供更安全的環境。As a cloud service provider or enterprise private cloud administrator, you can use a guarded fabric to provide a more secure environment for VMs. 受防護網狀架構包含一個主機守護者服務 (HGS) (通常是有三個節點的叢集),加上一個或多個受防護主機,以及一組受防護虛擬機器 (VM)。A guarded fabric consists of one Host Guardian Service (HGS) - typically, a cluster of three nodes - plus one or more guarded hosts, and a set of shielded virtual machines (VMs).

深入了解受防護網狀架構Learn more about guarded fabric

受防護 VMShielded VMs

受防護 VM 的資料及狀態已受保護,可硬體惡意程式碼和資料中心系統管理員的檢查、竊取和竄改。The data and state of a shielded VM are protected against inspection, theft and tampering, from both malware and datacenter administrators.

  • 受防護 VM 只會在指定為 VM 擁有者的網狀架構中執行。Shielded VMs will only run in fabrics designated as owners of the VM.
  • 受防護 VM 是透過 BitLocker 或其他方式加密,因此只有指定的擁有者才能加以執行。Shielded VMs are encrypted by BitLocker, or other means, so that only designated owners can run them.
  • 執行中 VM 可以轉換成受防護的。Running VMs can be converted to shielded.

深入了解 受防護的 VMLearn more about shielded VMs

主機守護者服務Host Guardian Service

主機守護者服務保存合法網狀架構及已加密虛擬機器的金鑰。Host Guardian Service holds the keys to legitimate fabrics, as well as encrypted virtual machines.

深入了解主機守護者服務Learn more about the Host Guardian Service

裝置健康情況證明Device Health Attestation

此證明可讓企業提升其組織的安全性基準提升至硬體監視和安全性證明,而不影響作業成本或只有些微影響。Attestation enables enterprises to raise the security bar of their organization to hardware monitored and attested security, with minimal or no impact on operation costs.

上述硬體信任模式透過 TPM v2.0 硬體根信任,在符合金鑰發行程式碼完整性原則的情況下,提供最高等級的保證。Hardware trusted mode, shown above, provides the highest level of assurance, with TPM v2.0 hardware rooted trust and compliance with code-integrity policy for key-release.

深入了解裝置健康情況證明Learn more about Device Health Attestation

PowerShell DSCPowerShell DSC

Windows PowerShell 預期狀態設定是 Windows 內建的開放式標準設定管理平台。Windows PowerShell Desired State Configuration is a configuration management platform built into Windows that is based on open standards. DSC 的彈性足以因應部署生命週期 (開發、測試、生產階段前,生產環境) 各階段穩定且一致的運作,向外延展時亦然。DSC is flexible enough to function reliably and consistently in each stage of the deployment lifecycle (development, test, pre-production, production), as well as during scale-out.

DSC 支援「連續部署」,讓您可以重複部署設定,而不會中斷任何作業。DSC supports “continuous deployments,” so you can deploy configurations over and over without breaking anything.

  • DSC 設定只會套用已變更而與原始設定不同的設定,以便更快速進行部署。DSC configurations only apply settings that have changed from the original for faster deployments.
  • DSC 可以用於內部部署、公用雲端或私人雲端環境。DSC can be used on-premises, in a public, or in a private Cloud environment.
  • 只要您可以將 DSC 與任何 Microsoft 或非 Microsoft 解決方案整合,只要您能在目標系統上執行 PowerShell 指令碼即可。You can integrate DSC with any Microsoft or non-Microsoft solution as long as you can execute a PowerShell script on the target system.

深入了解 PowerShell DSCLearn more about PowerShell DSC

System Center VMMSystem Center VMM

Virtual Machine Manager 是 System Center 套件的一部分,用來設定、管理和轉換傳統資料中心,以在所有內部部署、服務提供者和 Azure 雲端提供一致的管理體驗。Virtual Machine Manager is part of the System Center suite, used to configure, manage and transform traditional datacenters to provide a unified management experience across on-premises, service provider, and the Azure cloud.

  • 資料中心:將資料中心元件當做為 VMM 中的單一網狀架構來設定和管理。Datacenter: Configure and manage datacenter components as a single fabric in VMM.
  • 虛擬化主機:VMM 可以新增、佈建和管理 Hyper-V 及 VMWare 虛擬化主機與叢集。Virtualization hosts: VMM can add, provision, and manage Hyper-V and VMware virtualization hosts and clusters.
  • 網路功能:VMM 提供網路虛擬化,包括支援建立和管理虛擬網路及網路閘道。Networking: VMM provides network virtualization, including support for creating and manage virtual networks and network gateways.
  • 儲存空間:VMM 可以探索、分類、佈建、配置和指派本機及遠端儲存空間。Storage: VMM can discover, classify, provision, allocate, and assign local and remote storage.

深入了解 System Center VMMLearn more about System Center VMM

Windows Admin CenterWindows Admin Center

Windows Admin Center 是本機部署的瀏覽器型管理工具組,可在沒有任何 Azure 或雲端相依性的情況下用來進行 Windows Servers 內部部署管理。Windows Admin Center is a locally deployed, browser-based, management tool set that enables on-premises administration of Windows Servers with no Azure or cloud dependency. Windows Admin Center 賦予 IT 系統管理員對其伺服器基礎結構所有層面的完整控制權,這在管理未連線至網際網路的私人網路上,特別有用。Windows Admin Center gives IT Admins full control over all aspects of their Server infrastructure, and is particularly useful for management on private networks that are not connected to the Internet.

發佈網頁伺服器至 DNS 以及設定公司防火牆,可讓您從公用網際網路存取 Windows Admin Center,並允許您隨處使用 Microsoft Edge 或 Google Chrome 連接和管理您的伺服器。Publishing the web server to DNS and setting up the corporate firewall can allow you to access Windows Admin Center from the public internet, enabling you to connect to, and manage, your servers from anywhere with Microsoft Edge or Google Chrome.

深入了解 Microsoft Project Windows Admin CenterLearn more about Microsoft Project Windows Admin Center