连接到 ASDKConnect to the ASDK

若要管理资源,必须先连接到 Azure Stack 开发工具包 (ASDK)。To manage resources, you must first connect to the Azure Stack Development Kit (ASDK). 本文介绍使用以下连接选项连接到 ASDK 所要执行的步骤:In this article, we describe the steps that you take to connect to the ASDK by using the following connection options:

  • 远程桌面连接 (RDP):使用远程桌面连接进行连接时,单个用户可以快速连接到 ASDK。Remote Desktop Connection (RDP): When you connect by using Remote Desktop Connection, a single user can quickly connect to the ASDK.
  • 虚拟专用网络 (VPN):使用 VPN 进行连接时,多个用户可以同时从 Azure Stack 基础结构外部的客户端连接到 Azure Stack 门户。Virtual Private Network (VPN): When you connect by using a VPN, multiple users can concurrently connect to the Azure Stack portals from clients outside the Azure Stack infrastructure. VPN 连接需要一些设置。A VPN connection requires some setup.

使用 RDP 连接到 Azure StackConnect to Azure Stack using RDP

单个并发用户可以在 Azure Stack 管理员门户或用户门户中,通过远程桌面连接直接从 ASDK 主计算机管理资源。A single concurrent user can manage resources in the Azure Stack administrator portal or the user portal through Remote Desktop Connection directly from the ASDK host computer.

提示

此选项还可让你在已登录到 ASDK 主计算机的情况下,再次使用 RDP 登录到在 ASDK 主计算机上创建的虚拟机 (VM)。This option also enables you to use RDP again while signed into the ASDK host computer to sign in to virtual machines (VMs) created on the ASDK host computer.

  1. 打开远程桌面连接 (mstc.exe) 并连接到 ASDK 主计算机 IP 地址。Open Remote Desktop Connection (mstc.exe) and connect to the ASDK host computer IP address. 请确保使用有权远程登录到 ASDK 主计算机的帐户。Make sure you use an account authorized to sign in remotely to the ASDK host computer. 默认情况下,AzureStack\AzureStackAdmin 有权远程登录到 ASDK 主机。By default, AzureStack\AzureStackAdmin has permissions to remote in to the ASDK host computer.

  2. 在 ASDK 主计算机上,打开服务器管理器 (ServerManager.exe)。On the ASDK host computer, open Server Manager (ServerManager.exe). 选择“本地服务器”,禁用“IE 增强的安全配置”,然后关闭服务器管理器。 Select Local Server, turn off IE Enhanced Security Configuration, and close Server Manager.

  3. AzureStack\CloudAdmin 身份或使用其他 Azure Stack 操作员凭据登录到管理员门户。Sign in to the administrator portal as AzureStack\CloudAdmin or use other Azure Stack Operator credentials. ASDK 管理员门户地址为 https://adminportal.local.azurestack.externalThe ASDK administrator portal address is https://adminportal.local.azurestack.external.

  4. AzureStack\CloudAdmin 身份或使用其他 Azure Stack 用户凭据登录到用户门户。Sign in to the user portal as AzureStack\CloudAdmin or use other Azure Stack user credentials. ASDK 用户门户地址为 https://portal.local.azurestack.externalThe ASDK user portal address is https://portal.local.azurestack.external.

备注

有关何时使用哪个帐户的详细信息,请参阅 ASDK 管理基础知识For more info on when to use which account, see ASDK admin basics.

使用 VPN 连接到 Azure StackConnect to Azure Stack using VPN

可与 ASDK 主机建立拆分隧道 VPN 连接,以访问 Azure Stack 门户和本地安装的工具(例如 Visual Studio 和 PowerShell)。You can establish a split tunnel VPN connection to an ASDK host computer to access the Azure Stack portals and locally installed tools like Visual Studio and PowerShell. 多个用户可以使用 VPN 连接同时连接到 ASDK 托管的 Azure Stack 资源。Using VPN connections, multiple users can connect at the same time to Azure Stack resources hosted by the ASDK.

Azure AD 部署和 Active Directory 联合身份验证服务 (AD FS) 部署都支持 VPN 连接。VPN connectivity is supported for both Azure AD and Active Directory Federation Services (AD FS) deployments.

备注

使用 VPN 无法连接到 Azure Stack VM。A VPN connection does not provide connectivity to Azure Stack VMs. 通过 VPN 建立连接时,无法使用 RDP 连接到 Azure Stack VM。You won't be able to RDP into Azure Stack VMs while connected via VPN.

先决条件Prerequisites

在设置 ASDK 的 VPN 连接之前,请确保满足以下先决条件:Before setting up a VPN connection to the ASDK, ensure you've met the following prerequisites:

设置 VPN 连接Set up VPN connectivity

若要与 ASDK 建立 VPN 连接,请在基于 Windows 的本地计算机上,以管理员身份打开 PowerShell。To create a VPN connection to the ASDK, open PowerShell as an admin on your local Windows-based computer. 然后,运行以下脚本(更新环境的 IP 地址和密码值):Then, run the following script (update the IP address and password values for your environment):

# Change directories to the default Azure Stack tools directory
cd C:\AzureStack-Tools-master

# Configure Windows Remote Management (WinRM), if it's not already configured.
winrm quickconfig  

Set-ExecutionPolicy RemoteSigned

# Import the Connect module.
Import-Module .\Connect\AzureStack.Connect.psm1

# Add the ASDK host computer's IP address as the ASDK certificate authority (CA) to the list of trusted hosts. Make sure you update the IP address and password values for your environment.

$hostIP = "<Azure Stack host IP address>"

$Password = ConvertTo-SecureString `
  "<operator's password provided when deploying Azure Stack>" `
  -AsPlainText `
  -Force

Set-Item wsman:\localhost\Client\TrustedHosts `
  -Value $hostIP `
  -Concatenate

# Create a VPN connection entry for the local user.
Add-AzsVpnConnection `
  -ServerAddress $hostIP `
  -Password $Password

如果设置成功,Azure Stack 将出现在 VPN 连接列表中:If the setup succeeds, Azure Stack appears in your list of VPN connections:

网络连接

连接到 Azure StackConnect to Azure Stack

使用以下方法之一连接到 Azure Stack 实例:Connect to the Azure Stack instance by using one of the following methods:

  • 使用 Connect-AzsVpn 命令:Use the Connect-AzsVpn command:

    Connect-AzsVpn `
      -Password $Password
    
  • 在本地计算机上,选择“网络设置” > “VPN” > “Azure Stack” > “连接”。On your local computer, select Network Settings > VPN > Azure Stack > connect. 在登录提示符下,输入用户名 (AzureStack\AzureStackAdmin) 和密码。At the sign-in prompt, enter the user name (AzureStack\AzureStackAdmin) and your password.

首次连接时,系统会提示在本地计算机的证书存储中安装来自 AzureStackCertificateAuthority 的 Azure Stack 根证书。The first time you connect, you'll be prompted to install the Azure Stack root certificate from AzureStackCertificateAuthority in your local computer's certificate store. 此步骤将 ASDK 证书颁发机构 (CA) 添加到受信任的主机列表。This step adds the ASDK certificate authority (CA) to the list of trusted hosts. 单击“是”以安装证书。Click Yes to install the certificate.

根证书

重要

提示可能会被 PowerShell 窗口或其他应用隐藏。The prompt might be hidden by the PowerShell window or other apps.

测试 VPN 连接Test VPN connectivity

若要测试门户连接,请打开浏览器,然后转到用户门户 https://portal.local.azurestack.external/ 或管理员门户 https://adminportal.local.azurestack.external/To test the portal connection, open a browser, and then go to either the user portal at https://portal.local.azurestack.external/ or the administrator portal https://adminportal.local.azurestack.external/.

使用相应的订阅凭据登录,以创建和管理资源。Sign in with the appropriate subscription credentials to create and manage resources.

后续步骤Next steps

故障排除Troubleshooting