Azure 自动化网络配置详细信息Azure Automation network configuration details

本页提供混合 Runbook 辅助角色和 State Configuration 以及更新管理所需的网络详细信息。This page provides networking details that are required for Hybrid Runbook Worker and State Configuration, and for Update Management.

混合 Runbook 辅助角色和 State ConfigurationHybrid Runbook Worker and State Configuration

混合 Runbook 辅助角色和 Automation State Configuration 需要以下端口和 URL 才能与 Azure 自动化通信。The following port and URLs are required for the Hybrid Runbook Worker, and for Automation State Configuration to communicate with Azure Automation.

  • 端口:只需使用 443 即可进行出站 Internet 访问Port: Only 443 required for outbound internet access
  • 全局 URL:*.azure-automation.cnGlobal URL: *.azure-automation.cn
  • 代理服务:https://<workspaceId>.agentsvc.azure-automation.cnAgent service: https://<workspaceId>.agentsvc.azure-automation.cn

混合 Runbook 辅助角色的网络规划Network planning for Hybrid Runbook Worker

要使系统或用户混合 Runbook 辅助角色连接并注册 Azure 自动化,必须让其有权访问此部分所述的端口号和 URL。For either a system or user Hybrid Runbook Worker to connect to and register with Azure Automation, it must have access to the port number and URLs described in this section. 辅助角色还必须有权访问 Log Analytics 代理所需的端口和 URL,以便能够连接到 Azure Monitor Log Analytics 工作区。The worker must also have access to the ports and URLs required for the Log Analytics agent to connect to the Azure Monitor Log Analytics workspace.

配置 State Configuration 的专用网络Configuration of private networks for State Configuration

如果节点位于专用网络中,则需要上文中定义的端口和 URL。If your nodes are located in a private network, the port and URLs defined above are required. 这些资源为托管节点提供网络连接,并允许 DSC 与 Azure 自动化功能通信。These resources provide network connectivity for the managed node and allow DSC to communicate with Azure Automation.

如果使用在节点之间传递的 DSC 资源(如 WaitFor* 资源),还需要允许节点之间产生流量。If you are using DSC resources that communicate between nodes, such as the WaitFor* resources, you also need to allow traffic between nodes. 请参阅每个 DSC 资源的文档以了解这些网络要求。See the documentation for each DSC resource to understand these network requirements.

若要了解 TLS 1.2 的客户端要求,请参阅强制 Azure 自动化执行 TLS 1.2To understand client requirements for TLS 1.2, see TLS 1.2 enforcement for Azure Automation.

更新管理Update Management

更新管理需要此表中的地址。The addresses in this table are required for Update Management. 该表后面的段落同样适用于这两者。The paragraph following the table also applies to both.

与这些地址的通信使用端口 443。Communication to these addresses uses port 443.

Azure 中国云Azure China Cloud
*.ods.opinsights.azure.cn*.ods.opinsights.azure.cn
*.oms.opinsights.azure.cn*.oms.opinsights.azure.cn
*.blob.core.chinacloudapi.cn*.blob.core.chinacloudapi.cn
*.azure-automation.cn*.azure-automation.cn

创建网络组安全规则或配置 Azure 防火墙以允许流量流向自动化服务和 Log Analytics 工作区时,请使用服务标记 GuestAndHybridManagement 和 AzureMonitor 。When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. 这样可简化网络安全规则的日常管理。This simplifies the ongoing management of your network security rules. 若要获取当前服务标记和范围信息,并将其包含为本地防火墙配置的一部分,请参阅可下载的 JSON 文件To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.

后续步骤Next steps