Azure 自动化简介An introduction to Azure Automation

Azure 自动化提供基于云的自动化和配置服务,用于跨 Azure 环境和非 Azure 环境进行一致的管理。Azure Automation delivers a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments. 它包含流程自动化、更新管理和配置功能。It consists of process automation, update management, and configuration features. 可以通过 Azure 自动化在工作负荷和资源的部署、操作和解除授权过程中进行完全的控制。Azure Automation provides complete control during deployment, operations, and decommissioning of workloads and resources. 本文概述了 Azure 自动化并回答了一些常见问题。This article provides a brief overview of Azure Automation and answers some common questions. 有关不同功能的详细信息,请访问本概述中提供的链接。For more information about the different capabilities, visit the links throughout this overview.

Azure 自动化功能Azure Automation capabilities

自动化功能概述

流程自动化Process automation

可以通过 Azure 自动化自动完成频繁进行的、耗时的、易出错的云管理任务。Azure Automation provides you the ability to automate frequent, time-consuming, and error-prone cloud management tasks. 有了这样的自动化,你就可以专注于能够让业务增值的工作。This automation helps you focus on work that adds business value. 还可以通过自动化来减少错误和提升效率,从而降低运营成本。By reducing errors and boosting efficiency, it also helps to lower your operational costs. 可以将 Azure 服务和其他公用系统集成,这些系统是部署、配置和管理端到端流程所必需的。You can integrate Azure services and other public systems that are required in deploying, configuring, and managing your end to end processes. 可以在 PowerShell 或 Python 中使用此服务以图形方式创作 RunbookThe service allows you to author runbooks graphically, in PowerShell, or Python. 可以使用混合 Runbook 辅助角色跨本地环境进行协调,实现统一管理。By using a hybrid Runbook worker, you can unify management by orchestrating across on-premises environments. 可以通过 Webhook 从 ITSM、DevOps 和监视系统触发自动化,从而满足相关请求并确保持续交付和操作。Webhooks provide a way to fulfill requests and ensure continuous delivery and operations by triggering automation from ITSM, DevOps, and monitoring systems.

配置管理Configuration management

Azure 自动化 Desired State Configuration 是一个针对 PowerShell DSC 的基于云的解决方案,可提供企业环境所需的服务。Azure Automation desired state configuration is a cloud-based solution for PowerShell DSC that provides services required for enterprise environments. 可以在 Azure 自动化中管理 DSC 资源,并将配置应用于 Azure 云的 DSC 拉取服务器中的虚拟机或物理机。Manage your DSC resources in Azure Automation and apply configurations to virtual or physical machines from a DSC Pull Server in the Azure cloud. 它提供各种报告,告知各种重要的事件,例如节点何时没有遵循其指定配置。It provides rich reports that inform you of important events such as when nodes have deviated from their assigned configuration. 可以在云中或本地监视并自动更新物理机和虚拟机的计算机配置,不管操作系统是Windows 还是 Linux。You can monitor and automatically update machine configuration across physical and virtual machines, Windows or Linux, in the cloud or on-premises.

可以获取有关来宾内资源的清单,了解已安装的应用程序和其他配置项。You can get inventory about in-guest resources for visibility into installed applications and other configuration items. 可以通过丰富的报告和搜索功能快速查找详细信息,了解操作系统中的具体配置。A rich reporting and search capabilities are available to quickly find detailed information to help understand what is configured within the operating system. 可以跨服务、守护程序、软件、注册表和文件跟踪更改,快速确定问题原因。You can track changes across services, daemons, software, registry, and files to quickly identify what might be causing issues. 另外,当环境中出现不需要的更改时,还可以使用 DSC 的诊断和警报功能。Additionally, DSC can help you diagnose and alert when unwanted changes occur in your environment.

更新管理Update management

通过 Azure 自动化跨混合环境更新 Windows 和 Linux 系统。Update Windows and Linux systems across hybrid environments with Azure Automation. 可以在 Azure 中、本地和其他云中了解更新符合性。You get visibility of update compliance across Azure, on-premises, and other clouds. 可以创建计划性部署,在定义的维护时段协调各种更新的安装。You can create schedule deployments to orchestrate the installation of updates within a defined maintenance window. 如果不应在计算机上安装某个更新,可以将该更新从部署中排除。If an update should not be installed on a machine, you can exclude those updates from a deployment.

共享资源Shared resources

Azure 自动化包含一组共享资源,方便用户大规模地完成环境的自动化操作和配置。Azure Automation consists of a set of shared resources that make it easier to automate and configure your environments at scale.

  • 计划 - 用在服务中,在预定义的时间触发自动化。Schedules - Used in the service to trigger automation on predefined times.
  • Python 2 包 - 将 Python 2 包添加到自动化帐户以在 Python runbook 中使用。Python 2 packages - Add Python 2 packages to your automation account to use in your Python runbooks.
  • 凭据 - 安全地存储可供 Runbook 和配置在运行时使用的敏感信息。Credentials - Securely store sensitive information that can be used by runbooks and configurations at runtime.
  • 连接 - 以名称/值对的形式存储信息。在连接资源中连接到系统时,需要使用其中包含的常用信息。Connections - Store a name / value pairs of information that contains common information when connecting to systems in connection resources. 连接由模块作者定义,在运行时的 Runbook 和配置中使用。Connections are defined by the module author for use at runtime in runbooks and configurations.
  • 证书 - 存储证书,使之在运行时可供用于身份验证,确保已部署资源的安全。Certificates - Store and make available at runtime so they can be used for authentication and securing deployed resources.
  • 变量 - 通过变量来保存那些可以跨 Runbook 和配置使用的内容。Variables - Provide a way to hold content that can be used across runbooks and configurations. 可以更改值而不需修改引用这些值的 Runbook 和配置。You can change values without having to modify any of the runbooks and configurations that reference them.

源代码管理集成Source control integration

Azure 自动化能够与源代码管理集成,这会在可将 runbook 或配置签入源代码管理系统的情况下,改进代码配置。Azure Automation has the ability to integrate with source control which promotes configuration as code where runbooks or configurations can be checked into a source control system.

基于角色的访问控制Role based access control

Azure 自动化支持基于角色的访问控制来控制对自动化帐户及其资源的访问。有关自动化帐户、runbook 和作业的配置 RBAC 的详细信息,请参阅适用于 Azure 自动化的基于角色的访问控制Azure Automation supports Role Based Access Control to control access to the Automation Account and its resources, to learn more about configuration RBAC on your Automation Account,runbooks, and jobs, see Role-based access control for Azure Automation.

Windows 和 LinuxWindows and Linux

根据设计,Azure 自动化可以在混合云环境中使用,且同时适用于 Windows 和 Linux。Azure Automation is designed to work across your hybrid cloud environment and also for Windows & Linux. 可以通过它对部署的工作负荷及其运行时所依赖的操作系统进行一致的自动化操作和配置。It delivers a consistent way to automate and configure workloads deployed and the operating system they are running on.

常用自动化方案Common scenarios for Automation

Azure 自动化可以在基础结构和应用程序的整个生命周期中进行管理。Azure Automation manages across the lifecycle of your infrastructure and applications. 可以将有关组织如何交付和维护工作负荷的知识传输到系统中;Transfer knowledge into the system on how the organization delivers and maintains workloads. 可以使用 PowerShell、Desired State Configuration、Python、图形 Runbook 等常用语言进行创作;Author in common languages like PowerShell, desired state configuration, Python, and graphical runbooks. 可以获取已部署资源的完整清单,以便进行针对性操作、完成相关报告并了解符合性情况;Get a complete inventory of deployed resources for targeting, reporting, and compliance. 确定哪些更改可能导致配置错误,哪些更改可以改进操作符合性。Identify changes that can cause misconfiguration and improve operational compliance.

  • 生成/部署资源 - 使用 Runbook 和 Azure 资源管理器模板在混合环境中部署 VM。Build / Deploy resources - Deploy VMs across a hybrid environment using Runbooks and Azure Resource Manager templates. 可以集成到 Jenkins 和 Azure DevOps 之类的开发工具中。Integrate into development tools like Jenkins and Azure DevOps.
  • 配置 VM - 使用基础结构和应用程序所需的配置评估和配置 Windows 和 Linux 计算机。Configure VMs - Assess and configure Windows and Linux machines with the desired configuration for the infrastructure and application.
  • 监视 - 确定计算机上那些导致问题的更改,进行相应的补救,或者将其升级到管理系统。Monitor - Identify changes on machines that are causing issues and remediate or escalate to management systems.
  • 保护 - 在已引发安全警报的情况下隔离 VM。Protect - Quarantine VM if security alert is raised. 设置来宾内要求。Set in-guest requirements.
  • 管控 - 为团队设置基于角色的访问控制。Govern - Set up role-based access control for teams. 恢复未使用的资源。Recover unused resources.

自动化定价Pricing for Automation

可以在定价页查看 Azure 自动化的价格。You can review the price for Azure Automation on the pricing page.

后续步骤Next steps