工作資料夾部署的規劃Planning a Work Folders deployment

適用於:Windows Server (半年度管道)、Windows Server 2016、Windows Server 2012 R2、Windows 10、Windows 8.1、Windows 7Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows 10, Windows 8.1, Windows 7

本主題說明設計工作資料夾實作的程序,並假設您已具備下列背景知識:This topic explains the design process for a Work Folders implementation, and assumes that you have the following background:

  • 具備工作資料夾的基本知識 (如工作資料夾概觀中所述)Have a basic understanding of Work Folders (as described in Work Folders)

  • 具備 Active Directory Domain Services (AD DS) 概念的基本知識Have a basic understanding of Active Directory Domain Services (AD DS) concepts

  • 具備 Windows 檔案共用和相關技術的基本知識Have a basic understanding of Windows file sharing and related technologies

  • 具備 SSL 憑證用法的基本知識Have a basic understanding of SSL certificate usage

  • 具備透過 Web 反向 Proxy 啟用 Web 存取內部資源的基本知識Have a basic understanding of enabling web access to internal resources via a web reverse proxy

    下列各節將協助您設計工作資料夾實作。The following sections will help you design your Work Folders implementation. 部署工作資料夾會在下一個主題部署工作資料夾中討論。Deploying Work Folders is discussed in the next topic, Deploying Work Folders.

軟體需求 Software requirements

工作資料夾對檔案伺服器和網路基礎結構具有下列軟體需求:Work Folders has the following software requirements for file servers and your network infrastructure:

  • 執行 Windows Server 2012 R2 或 Windows Server 2016 的伺服器,用於裝載與使用者檔案的同步共用A server running Windows Server 2012 R2 or Windows Server 2016 for hosting sync shares with user files

  • 以 NTFS 檔案系統格式化的磁碟區,用來存放使用者檔案A volume formatted with the NTFS file system for storing user files

  • 若要在 Windows 7 電腦上強制執行密碼原則,您必須使用群組原則密碼原則。To enforce password policies on Windows 7 PCs, you must use Group Policy password policies. 您也必須將 Windows 7 電腦從「工作資料夾」密碼原則排除 (若有使用的話)。You also have to exclude the Windows 7 PCs from Work Folders password policies (if you use them).

  • 每個裝載工作資料夾之檔案伺服器的伺服器憑證。A server certificate for each file server that will host Work Folders. 這些憑證必須來自使用者信任的憑證授權單位 (CA),最好是公開憑證授權單位。These certificates should be from a certification authority (CA) that is trusted by your users—ideally a public CA.

  • (選用) Windows Server 2012 R2 中 Active Directory Domain Services 樹系具有架構延伸,在使用多部檔案伺服器時,支援自動將電腦和裝置參照到正確的檔案伺服器。(Optional) An Active Directory Domain Services forest with schema extensions in Windows Server 2012 R2 to support automatically referring PCs and devices to the correct file server when using multiple file servers.

若要讓使用者透過網際網路同步,還有下列其他需求:To enable users to sync across the Internet, there are additional requirements:

  • 能夠從網際網路存取伺服器,方法是在組織的反向 Proxy 或網路閘道中建立發佈規則The ability to make a server accessible from the Internet by creating publishing rules in your organization's reverse proxy or network gateway

  • (選用) 公開登錄的網址名稱以及能夠建立網域的其他公用 DNS 記錄(Optional) A publicly registered domain name and the ability to create additional public DNS records for the domain

  • (選用) 使用 Active Directory 同盟服務 (AD FS) 驗證時的 AD FS 基礎結構(Optional) Active Directory Federation Services (AD FS) infrastructure when using AD FS authentication

工作資料夾對用戶端電腦具有下列軟體需求:Work Folders has the following software requirements for client computers:

  • 電腦必須執行下列其中一種作業系統:Computers must be running one of the following operating systems:

    • Windows 10Windows 10

    • Windows 8.1Windows 8.1

    • Windows RT 8.1Windows RT 8.1

    • Windows 7Windows 7

    • Android 4.4 KitKat 和更新版本Android 4.4 KitKat and later

    • iOS 10.2 和更新版本iOS 10.2 and later

  • Windows 7 電腦必須執行下列其中一個 Windows 版本:Windows 7 PCs must be running one of the following editions of Windows:

    • Windows 7 專業版Windows 7 Professional

    • Windows7 旗艦版Windows 7 Ultimate

    • Windows 7 企業版Windows 7 Enterprise

  • Windows 7 電腦必須加入您組織的網域 (它們無法加入工作群組)。Windows 7 PCs must be joined to your organization's domain (they can't be joined to a workgroup).

  • 本機 NTFS 格式的磁碟機上具有足夠可用空間,可用來在工作資料夾中存放所有使用者的檔案,如果工作資料夾位於系統磁碟機,還需要額外 6 GB 的可用空間,如預設的指定。Enough free space on a local, NTFS-formatted drive to store all the user's files in Work Folders, plus an additional 6 GB of free space if Work Folders is located on the system drive, as it is by default. 工作資料夾預設會使用下列位置︰%USERPROFILE%\Work FoldersWork Folders uses the following location by default: %USERPROFILE%\Work Folders

    不過,使用者在設定期間可以變更位置 (支援的位置包括 microSD 記憶卡和使用 NTFS 檔案系統格式化的 USB 磁碟機,如果磁碟機被移除,則會停止同步)。However, users can change the location during setup (microSD cards and USB drives formatted with the NTFS file system are supported locations, though sync will stop if the drives are removed).

    個別檔案的預設大小上限為 10 GB。The maximum size for individual files is 10 GB by default. 每個使用者的儲存空間沒有限制,但是系統管理員可以使用檔案伺服器資源管理員的配額功能來實作配額。There is no per-user storage limit, although administrators can use the quotas functionality of File Server Resource Manager to implement quotas.

  • 工作資料夾不支援復原用戶端虛擬機器的虛擬機器狀態。Work Folders doesn't support rolling back the virtual machine state of client virtual machines. 請改為使用系統映像備份或其他備份應用程式,從用戶端虛擬機器內部執行備份和還原作業。Instead perform backup and restore operations from inside the client virtual machine by using System Image Backup or another backup app.

注意

請務必在所有工作資料夾伺服器上和任何執行 Windows 8.1 或 Windows Server 2012 R2 的用戶端電腦上安裝 Windows 8.1 和 Windows Server 2012 R2 一般可用性更新彙總套件。Make sure to install the Windows 8.1 and Windows Server 2012 R2 General Availability update rollup on all Work Folders servers and any client computers running Windows 8.1 or Windows Server 2012 R2. 如需詳細資訊,請參閱 Microsoft 知識庫文章 2883200For more information, see article 2883200 in the Microsoft Knowledge Base.

部署案例Deployment scenarios

工作資料夾可在客戶環境內任意數量的檔案伺服器上實作。Work Folders can be implemented on any number of file servers within a customer environment. 這種方式可允許工作資料夾實作根據客戶需求進行調整,而產生高度個人化部署。This allows Work Folders implementations to scale based on customer needs and can result in highly individualized deployments. 不過,大部分的部署都屬於下列三個基本案例的其中一種。However, most deployments will fall into one of the following three basic scenarios.

單一站台部署Single-Site Deployment

在單一站台部署中,檔案伺服器裝載於客戶基礎結構的中央站台內。In a single-site deployment, file servers are hosted within a central site in the customer infrastructure. 這種部署類型最常見於具有高度集中式基礎結構或分公司數量較少而不維護當地檔案伺服器的客戶。This deployment type is seen most often in customers with a highly centralized infrastructure or with smaller branch offices that do not maintain local file servers. 這種部署模型易於 IT 人員管理,因為所有伺服器資產都在本機,而且網際網路入口/出口通常都集中在這個位置。This deployment model can be easier for IT staff to administer, since all server assets are local, and internet ingress/egress is likely centralized at this location as well. 不過,這種部署模型也依賴中央站台與任何分公司之間良好的 WAN 連線,而分公司的使用者會因為網路狀況而容易發生服務中斷的情形。However, this deployment model also relies on good WAN connectivity between the central site and any branch offices, and users in branch offices are vulnerable to an interruption of service due to network conditions.

多站台部署Multiple-Site Deployment

在多站台部署中,檔案伺服器裝載於客戶基礎結構內的多個位置。In a multiple-site deployment, file servers are hosted in multiple locations within the customer's infrastructure. 這表示多個資料中心或分公司維護個別的檔案伺服器。This could mean multiple datacenters or it could mean that branch offices maintain individual file servers. 這種部署類型最常見於較大規模的客戶環境或具有多個規模較大的分公司維護當地伺服器資產的客戶。This deployment type is seen most often in larger customer environments or in customers that have several larger branch offices that maintain local server assets. 這種部署模型對於 IT 人員管理而言較為複雜,而且它仰賴謹慎協調的資料存放區與 Active Directory Domain Services (AD DS) 的維護,以確保使用者為工作資料夾使用正確的同步伺服器。This deployment model is more complex for IT personnel to administer, and relies on careful coordination of data storage and maintenance of Active Directory Domain Services (AD DS) to ensure that users are using the correct sync server for Work Folders.

託管型部署Hosted Deployment

在託管型部署中,同步伺服器是部署於 IAAS (基礎結構做為服務) 解決方案 (如 Windows Azure VM) 中。In a hosted deployment, sync servers are deployed in an IAAS (Infrastructure-as-a-Service) solution such as Windows Azure VM. 這種部署方法的優點在於能夠讓檔案伺服器的可用性,較不依賴客戶企業內的 WAN 連線能力。This deployment method has the advantage of making the availability of file servers less dependent on WAN connectivity within a customer's business. 如果裝置能夠連線到網際網路,就能連線到它的同步伺服器。If a device is able to connect to the Internet, it can get to its sync server. 不過,部署在託管型環境中的伺服器,仍然必須能夠連線組織的 Active Directory 網域以便驗證使用者,而且客戶是用內部部署基礎結構需求換取維護該連線的額外複雜性。However, the servers deployed in the hosted environment still need to be able to reach the organization's Active Directory domain to authenticate users, and the customer trades infrastructure requirements on-premises for additional complexity in maintaining that connection.

部署技術Deployment technologies

工作資料夾部署是由數種技術組合而成,它們共同搭配為內部和外部網路上的裝置提供服務。Work Folders deployments consist of a number of technologies that work together to provide service to devices on both the internal and external networks. 設計工作資料夾部署之前,客戶應當熟悉下列每種技術的需求。Before designing a Work Folders deployment, customers should be familiar with the requirements of each of the following technologies.

Active Directory Domain ServicesActive Directory Domain Services

AD DS 在工作資料夾部署中提供兩個重要的服務。AD DS provides two important services in a Work Folders deployment. 第一個,做為 Windows 驗證的後端,AD DS 提供安全性和驗證服務,用來授與使用者資料的存取權。First, as the back-end for Windows authentication, AD DS provides the security and authentication services that are used to grant access to user data. 如果無法連線網域控制站,檔案伺服器就無法驗證傳入的要求,裝置也不能存取存放於該檔案伺服器上同步共用中的任何資料。If a domain controller cannot be reached, a file server will be unable to authenticate an incoming request and the device will not be able to access any data stored in that file server's sync share.

第二個,AD DS (包含 Windows Server 2012 R2 架構更新) 維護每個使用者的 msDS-SyncServerURL 屬性,用來自動將使用者導向到適當的同步伺服器。Second, AD DS (with the Windows Server 2012 R2 schema update) maintains the msDS-SyncServerURL attribute on each user, which is used to automatically direct users to the appropriate sync server.

檔案伺服器File Servers

執行 Windows Server 2012 R2 或 Windows Server 2016 的檔案伺服器裝載了「工作資料夾」角色服務,也裝載了存放使用者「工作資料夾」資料的同步共用。File servers running Windows Server 2012 R2 or Windows Server 2016 host the Work Folders role service, and host the sync shares that store users' Work Folders data. 檔案伺服器也可以裝載在內部網路上操作之其他技術存放的資料 (如檔案共用),這些檔案伺服器也可以形成叢集,為使用者資料提供容錯。File servers can also host data stored by other technologies operating on the internal network (such as file shares), and can be clustered to provide fault tolerance for user data.

群組原則 Group Policy

若您的環境中有 Windows 7 電腦,我們建議下列方式:If you have Windows 7 PCs in your environment, we recommend the following:

  • 使用群組原則來控制已加入網域且使用「工作資料夾」之電腦的密碼原則。Use Group Policy to control password policies for all domain-joined PCs that use Work Folders.

  • 在未加入網域的電腦上,請使用「工作資料夾」的 [自動鎖定畫面,並要求輸入密碼] 原則。Use the Work Folders Automatically lock screen, and require a password policy on PCs that aren't joined to your domain.

    您也可以使用群組原則將「工作資料夾」伺服器指定到已加入網域的電腦。You can also use Group Policy to specify a Work Folders server to domain-joined PCs. 這可以稍微簡化工作資料夾的設定,否則使用者必須輸入他們的公司電子郵件地址來查詢設定 (假設工作資料夾已正確設定),或是輸入您透過電子郵件或其他通訊方式明確提供給他們的工作資料夾 URL。This simplifies Work Folders setup a little bit– users would otherwise need to enter their work email address to lookup the settings (assuming that Work Folders is set up properly), or enter the Work Folders URL that you explicitly provided them via email or another means of communication.

    您也可以使用群組原則,強制為每個使用者或每個電腦設定工作資料夾,但是這樣做會導致使用者登入的每個電腦進行工作資料夾同步 (使用每個使用者原則設定時),並阻止使用者為自己電腦上的工作資料夾指定其他位置 (例如,指定 microSD 記憶卡以節省主要磁碟機上的空間)。You can also use Group Policy to forcibly set up Work Folders on a per-user or per-computer basis, though doing so causes Work Folders to sync on every PC a user signs in to (when using the per-user policy setting), and prevents users from specifying an alternate location for Work Folders on their PC (such as on a microSD card to conserve space on the primary drive). 建議您強制進行自動設定之前,先審慎評估使用者的需求。We suggest carefully evaluating your user's needs before forcing automatic setup.

Windows IntuneWindows Intune

Windows Intune 也為未加入網域的裝置提供安全性和管理能力等級,否則將不會顯示這些裝置。Windows Intune also provides a layer of security and manageability for non-domain-joined devices that would not otherwise be present. 您可以使用 Windows Intune 來設定和管理使用者透過網際網路連線到工作資料夾的個人裝置 (如平板電腦)。You can use Windows Intune to configure and manage users' personal devices such as tablets that connect to Work Folders from across the Internet. Windows Intune 可以為裝置提供所使用的同步伺服器 URL - 否則使用者必須輸入自己的公司電子郵件地址來查詢設定 (如果您以 https://workfolders.contoso.com 的格式發佈公用工作資料夾 URL),或直接輸入同步伺服器 URL。Windows Intune can provide devices with the sync server URL to use – otherwise users must enter their work email address to lookup the settings (if you publish a public Work Folders URL in the form of https://workfolders.contoso.com), or enter the sync server URL directly.

如果不使用 Windows Intune 部署,使用者必須手動設定外部裝置,這會增加客戶對支援工程師人員的需求。Without a Windows Intune deployment, users must configure external devices manually, which can result in increased demands on a customer's help desk staff.

您也可以使用 Windows Intune 選擇性從使用者裝置上的工作資料夾清除資料,而不會影響其餘的資料 – 如果使用者從您的公司離職或他們的裝置被偷,這個方式相當方便。You can also use Windows Intune to selectively wipe the data from Work Folders on a user's device without affecting the rest of their data – handy for if a user leaves your organization or has their device stolen.

Web 應用程式 Proxy/Azure AD 應用程式 ProxyWeb Application Proxy/Azure AD Application Proxy

工作資料夾是以允許連線網際網路的裝置從內部網路安全地擷取商業資料的概念而建置的,允許使用者在平板電腦和裝置上「隨身攜帶資料」,而這些裝置通常無法存取工作檔案。Work Folders is built around the concept of allowing Internet-connected devices to retrieve business data securely from the internal network, which allows users to "take their data with them" on their tablets and devices that would not normally be able to access work files. 若要這樣做,必須使用反向 Proxy 來發佈同步伺服器 URL 並讓它們能夠供網際網路用戶端使用。To do this, a reverse proxy must be used to publish sync server URLs and make them available to Internet clients.

工作資料夾支援使用 Web 應用程式 Proxy、Azure AD 應用程式 Proxy 或協力廠商反向 Proxy 解決方案:Work Folders supports using Web Application Proxy, Azure AD Application Proxy or 3rd party reverse proxy solutions:

其他設計考量Additional design considerations

除了了解以上所述的每個元件以外,客戶還需要花時間在設計上,思考運作的同步伺服器和同步共用的數量,以及是否要利用容錯移轉叢集,以便在這些同步伺服器上提供容錯。In addition to understanding each of the components noted above, customers need to spend time in their design thinking about the number of sync servers and shares to operate, and whether or not to leverage failover clustering to provide fault tolerance on those sync servers

同步伺服器的數量Number of Sync Servers

客戶可以在一個環境中運作多個同步伺服器。It is possible for a customer to operate multiple sync servers in an environment. 這可能是適用的設定,原因有下列幾種:This can be a desirable configuration for several reasons:

  • 使用者的地理分佈 – 例如,分公司檔案伺服器或區域性資料中心Geographic distribution of users – for example, branch office files servers or regional datacenters

  • 資料存放區需求 – 特定業務部門可能具有特定資料存放區或使用專用伺服器較容易執行的處理需求。Data storage requirements – certain business departments might have specific data storage or handling requirements that are easier with a dedicated server

  • 負載平衡 – 在大型環境中,將使用者資料存放於多個伺服器可能會增加伺服器的效能和執行時間。Load balancing – in large environments, storing user data on multiple servers can increase server performance and uptime.

    如需工作資料夾伺服器擴充和效能的相關資訊,請參閱工作資料夾部署的效能考量 (英文)。For information on Work Folders server scaling and performance, see Performance Considerations for Work Folders Deployments.

注意

使用多個同步伺服器時,建議為使用者設定自動伺服器探索。When using multiple sync servers, we recommend setting up automatic server discovery for users. 這個程序需要設定 AD DS 中每個使用者帳戶上的屬性。This process relies upon the configuration of an attribute on each user account in AD DS. 這個屬性的名稱為 msDS-SyncServerURL,將 Windows Server 2012 R2 網域控制站新增到網域或套用 Active Directory 架構更新之後,使用者帳戶上即可使用該屬性。The attribute is named msDS-SyncServerURL and becomes available on user accounts after a Windows Server 2012 R2 domain controller is added to the domain or the Active Directory schema updates are applied. 您應該為每個使用者設定這個屬性,以確保使用者連線至適當的同步伺服器。This attribute should be set for each user to ensure that users connect to the appropriate sync server. 透過使用自動伺服器探索,組織即可在「易記的」URL (如 https://workfolders.contoso.com) 幕後發佈工作資料夾,不論運作的同步伺服器數量有多少。By using automatic server discovery, organizations can publish Work Folders behind a "friendly" URL such as https://workfolders.contoso.com, regardless of the number of sync servers in operation.

同步共用的數量Number of Sync Shares

個別同步伺服器可以維護多個同步共用。Individual sync servers can maintain multiple sync shares. 這相當實用,原因如下:This can be useful for the following reasons:

  • 稽核和安全性需求 – 如果特定部門使用的資料必須經常稽核或保留較長一段時間,個別的同步共用可協助系統管理員將不同稽核層級的使用者資料夾分開。Auditing and security requirements – If data used by a certain department must be more heavily audited or retained for a longer period of time, separate sync shares can help administrators keep user folders with differing audit levels separated.

  • 不同的配額或檔案檢測 – 如果您想要針對不同的使用者群組,在工作資料夾中允許的檔案類型 (檔案檢測) 上設定不同的儲存配額或限制,則分開同步共用會有幫助。Differing quotas or file screens – If you want to set different storage quotas or limits on which file types are allowed in Work Folders (file screens) for different groups of users, separate sync shares can help.

  • 部門控制 – 如果管理責任是依部門而分配的,為不同的部門利用分開的共用可協助系統管理員強制執行配額或其他原則。Departmental control – If administrative duties are distributed by department, utilizing separate shares for different departments can aid administrators in enforcing quotas or other policies.

  • 不同的裝置原則 – 如果組織需要為不同的使用者群組維護多個裝置原則 (例如,加密工作資料夾),請使用多個共用來完成這個工作。Differing device policies –If an organization needs to maintain multiple device policies (such as encrypting Work Folders) for different groups of users, using multiple shares enables this.

  • 儲存容量 – 如果檔案伺服器具有多個磁碟區,則可以使用其他共用來利用這些其他磁碟區。Storage capacity –If a file server has multiple volumes, additional shares can be used to take advantage of these additional volumes. 個別共用只能存取裝載它的磁碟區,而且無法利用檔案伺服器上的其他磁碟區。An individual share has access to only the volume that it is hosted on, and is unable to take advantage of additional volumes on a file server.

存取同步共用Access to Sync Shares

使用者存取的同步伺服器是由在使用者用戶端上輸入的 URL 來決定的 (或者,如果是使用伺服器自動探索,則由為 AD DS 中使用者發佈的 URL 來決定),而存取個別同步共用是由共用上存在的權限來決定的。While the sync server that a user accesses is determined by the URL entered at their client (or the URL published for that user in AD DS when using server automatic discovery), access to individual sync shares is determined by the permissions present on the share.

因此,如果客戶在同一個伺服器上裝載多個同步共用,則必須小心以確保個別使用者具有只能存取這些其中一個共用的權限。As a result, if a customer is hosting multiple sync shares on the same server, care must be taken to ensure that individual users have permissions to access only one of those shares. 否則,在使用者連線到伺服器時,他們的用戶端可能會連線到錯誤的共用。Otherwise, when users connect to the server, their client may connect to the wrong share. 只要為每個同步共用建立個別的安全性群組,即可完成這項作業。This can be accomplished by creating a separate security group for each sync share.

不僅如此,存取同步共用內個別使用者資料夾是由資料夾上的擁有權來決定。Further, access to an individual user's folder inside a sync share is determined by ownership rights on the folder. 建立同步共用時,工作資料夾預設會授與使用者對自己檔案的獨佔存取權 (停用繼承並讓他們成為自己個別資料夾的擁有者)。When creating a sync share, Work Folders by default grants users exclusive access to their files (disabling inheritance and making them the owner of their individual folders).

設計檢查清單Design checklist

下列一組設計問題旨在協助客戶設計最適合他們環境的工作資料夾實作。The following set of design questions is intended to aid customers in designing a Work Folders implementation that best serves their environment. 客戶應該在嘗試部署伺服器之前先閱讀這整份檢查清單。Customers should work through this checklist prior to attempting to deploy servers.

  • 適用的使用者Intended Users

    • 哪些使用者會使用工作資料夾?Which users will use Work Folders?

    • 使用者的組織方式為何?How are users organized? (依地理區域、依辦公室、依部門等等)(Geographically, by office, by department, etc)

    • 有任何使用者對資料存放區、安全性或保留方面有特殊需求嗎?Do any users have special requirements for data storage, security, or retention?

    • 有任何使用者有特定的裝置原則需求 (例如加密) 嗎?Do any users have specific device policy requirements, such as encryption?

    • 您需要支援哪些用戶端電腦及裝置?Which client computers and devices do you need to support? (Windows 8.1、Windows RT 8.1、Windows 7)(Windows 8.1, Windows RT 8.1, Windows 7)

      若您要支援 Windows 7 電腦,且想要使用密碼原則,請將存放其電腦帳戶的網域從「工作資料夾」密碼原則排除,並改為針對該網域中已加入網域的電腦使用群組原則密碼原則。If you're supporting Windows 7 PCs and want to use password policies, exclude the domain storing their computer accounts from the Work Folders password policy, and instead use Group Policy password policies for domain-joined PCs in that domain.

    • 您需要與其他使用者資料管理解決方案 (如資料夾重新導向) 相互操作或從這些解決方案移轉嗎?Do you need to interoperate with or migrate from other user data management solutions such as Folder Redirection?

    • 多個網域的使用者需要透過網際網路與單一伺服器同步嗎?Do users from multiple domains need to sync across the Internet with a single server?

    • 您需要支援在加入網域的電腦上不屬於本機系統管理員群組成員的使用者嗎?Do you need to support users who aren't members of the Local Administrators group on their domain-joined PCs? (如果需要,您必須從工作資料夾裝置原則 (如加密和密碼原則) 排除相關網域)(If so, you'll need to exclude the relevant domains from Work Folders device policies such as encryption and password policies)

  • 基礎結構和容量規劃Infrastructure and Capacity Planning

    • 同步伺服器應該位於網路上的哪些站台?In what sites should sync servers be located on the network?

    • 有任何同步伺服器會被基礎結構做為服務 (IaaS) 提供者 (如 Azure VM) 託管嗎?Will any sync servers be hosted by an Infrastructure as a Service (IaaS) provider such as in an Azure VM?

    • 有任何特定使用者群組需要專用的伺服器嗎,如果需要,每個專用伺服器上有多少位使用者?Will dedicated servers be needed for any specific user groups, and if so, how many users for each dedicated server?

    • 網路上網際網路入口/出口點在哪裡?Where are the Internet ingress/egress points on the network?

    • 同步伺服器會因為容錯而叢集化嗎?Will sync servers be clustered for fault-tolerance?

    • 同步伺服器需要維護多個資料磁碟區來裝載使用者資料嗎?Will sync servers need to maintain multiple data volumes to host user data?

  • 資料安全性Data Security

    • 需要在任何同步伺服器上建立多個同步共用嗎?Will multiple sync shares need to be created on any sync servers?

    • 將使用哪些群組來提供存取同步共用?What groups will be used to provide access to sync shares?

    • 如果您使用多個同步伺服器,您要為委派能力建立哪個安全性群組來修改使用者物件的 msDS-SyncServerURL 屬性?If you're using multiple sync servers, what security group will you create for the delegated ability to modify the msDS-SyncServerURL property of user objects?

    • 個別同步共用有任何特殊安全性或稽核需求嗎?Are there any special security or auditing requirements for individual sync shares?

    • 需要多因素驗證 (MFA) 嗎?Is multi-factor authentication (MFA) required?

    • 您需要能夠從電腦和裝置遠端清除工作資料夾的資料嗎?Do you need the ability to remotely wipe Work Folders data from PCs and devices?

  • 裝置存取Device Access

    • 要使用哪個 URL 為以網際網路為基礎的裝置提供存取 (電子郵件型自動伺服器探索所需的預設 URL 是 workfolders.domainname)?What URL will be used to provide access for Internet-based devices (the default URL that is required for email-based automatic server discovery is workfolders.domainname)?

    • 如何將 URL 發佈到網際網路?How will the URL be published to the Internet?

    • 會使用自動伺服器探索嗎?Will automatic server discovery be used?

    • 會使用群組原則來設定加入網域的電腦嗎?Will Group Policy be used to configure domain-joined PCs?

    • 會使用 Windows Intune 來設定外部裝置嗎?Will Windows Intune be used to configure external devices?

    • 裝置需要裝置註冊才能連線嗎?Will Device Registration be required for devices to connect?

後續步驟Next steps

設計工作資料夾實作之後,就該部署工作資料夾了。After designing your Work Folders implementation, it's time to deploy Work Folders. 如需詳細資訊,請參閱部署工作資料夾For more information, see Deploying Work Folders.

另請參閱See also

如需其他相關資訊,請參閱下列資源。For additional related information, see the following resources.

內容類型Content type 參考References
產品評估Product evaluation - 工作資料夾- Work Folders
- 適用於 Windows 7 的工作資料夾 (部落格文章) (英文)- Work Folders for Windows 7 (blog post)
部署Deployment - 設計工作資料夾實作- Designing a Work Folders Implementation
- 部署工作資料夾- Deploying Work Folders
- 搭配 AD FS 與 Web 應用程式 Proxy (WAP) 部署工作資料夾- Deploying Work Folders with AD FS and Web Application Proxy (WAP)
- 搭配 Azure AD 應用程式 Proxy 部署工作資料夾- Deploying Work Folders with Azure AD Application Proxy
- 工作資料夾部署的效能考量- Performance Considerations for Work Folders Deployments
- 適用於 Windows 7 的工作資料夾 (64 位元下載)- Work Folders for Windows 7 (64 bit download)
- 適用於 Windows 7 的工作資料夾 (32 位元下載)- Work Folders for Windows 7 (32 bit download)
- 工作資料夾測試實驗室部署 (部落格文章)- Work Folders Test Lab Deployment (blog post)