Azure Stack 遥测Azure Stack telemetry

Azure Stack 系统数据或遥测数据通过互连用户体验自动上传到 Azure。Azure Stack system data, or telemetry, is automatically uploaded to Azure via the Connected User Experience. Azure 团队主要使用从 Azure Stack 遥测收集的数据来改善客户体验。Data gathered from Azure Stack telemetry is used by Azure teams primarily to improve our customer experience. 此数据还用于安全性、运行状况、质量和性能分析。It's also used for security, health, quality, and performance analysis.

遥测可为 Azure Stack 操作员提供宝贵的见解来让他们洞察企业部署,并提供有助于构思 Azure Stack 新版本的看法。As an Azure Stack operator, telemetry can provide valuable insights into enterprise deployments and gives you a voice that helps shape future versions of Azure Stack.

Azure Stack 遥测基于 Windows Server 2016 互连用户体验与遥测组件,该组件使用 Windows 事件跟踪 (ETW) 跟踪日志记录技术来收集和存储遥测事件与数据。 Azure Stack telemetry is based on the Windows Server 2016 Connected User Experience and Telemetry component, which uses the Event Tracing for Windows (ETW) trace logging technology to gather and store telemetry events and data. Azure Stack 组件使用相同的日志记录技术,发布使用公共操作系统事件日志记录和跟踪 API 收集的事件与数据。Azure Stack components use the same logging technology to publish events and data that are gathered by using public operating system event logging and tracing APIs. Azure Stack 组件的示例包括网络资源提供程序、存储资源提供程序、监视资源提供程序和更新资源提供程序。Examples of Azure Stack components include Network Resource Provider, Storage Resource Provider, Monitoring Resource Provider, and Update Resource Provider. 互连用户体验与遥测组件使用 SSL 加密数据,并使用证书关联通过 HTTPS 将遥测数据传输到 Microsoft 数据管理服务。The Connected User Experience and Telemetry component encrypts data using SSL and uses certificate pinning to transmit telemetry data over HTTPS to the Microsoft Data Management service.

Note

若要支持遥测数据流,必须在网络中开放端口 443 (HTTPS)。To support telemetry data flow, port 443 (HTTPS) must be open in your network. 互连用户体验与遥测组件连接到 Microsoft 数据管理服务 (https://v10.vortex-win.data.microsoft.com) 和https://settings-win.data.microsoft.com 来下载配置信息。The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at https://v10.vortex-win.data.microsoft.com and also to https://settings-win.data.microsoft.com to download configuration info.

隐私注意事项Privacy considerations

ETW 服务将遥测数据发回到受保护的云存储。The ETW service routes send telemetry data back to protected cloud storage. 最小特权原则支配遥测数据的访问。The principle of least privileged guides access to telemetry data. 只有具有有效业务需求的 Azure 人员才能访问遥测数据。Only Azure personnel with a valid business need are permitted access to the telemetry data. 除非客户自行要求,或者符合 Azure Stack 隐私声明中所述的受限目的,否则 Azure 不会与第三方共享客户的个人数据。Azure doesn't share our customer's personal data with third parties, except at the customer's discretion or for the limited purposes described in the Azure Stack Privacy Statement. 我们与 OEM 和合作伙伴共享业务报告,其中包含匿名的聚合遥测信息。We do share business reports with OEMs and partners that include aggregated, anonymized telemetry info. 数据共享决策由 Azure 内部团队(包括隐私、法律和数据管理利益干系人)做出。Data sharing decisions are made by an internal Azure team including privacy, legal, and data management stakeholders.

Azure 相信并实行信息最小化。Azure believes in and practices information minimization. 我们尽量只收集所需的信息,并且只在服务所需或进行分析时才存储这些信息。We strive to gather only the info that we need, and we store it for only as long as it's needed to provide a service or for analysis. 许多有关 Azure Stack 系统和 Azure 服务工作原则的信息在六个月内删除。Much of the info on how the Azure Stack system and Azure services are functioning is deleted within six months. 汇总或聚合的数据保留更长一段时间。Summarized or aggregated data are kept for a longer period.

我们了解客户信息的隐私和安全都很重要。We understand that the privacy and security of our customers' info is important. 我们采用深思熟虑的综合方法,通过 Azure Stack 保护客户隐私和客户数据。We've taken a thoughtful and comprehensive approach to customer privacy and the protection of customer data with Azure Stack. IT 管理员随时可以控制功能和隐私的自定义设置。IT admins have controls to customize features and privacy settings at any time. 我们对于透明度和信任的承诺很明确:Our commitment to transparency and trust is clear:

  • 我们向客户公开我们收集的数据类型。We're open with customers about the types of data we gather.
  • 企业客户有控制权 — 他们可以自定义自己的隐私设置。We put enterprise customers in control—they can customize their own privacy settings.
  • 我们将客户隐私和安全放在第一位。We put customer privacy and security first.
  • 我们以公开透明的方式使用遥测。We're transparent about how telemetry gets used.
  • 我们使用遥测来改善客户体验。We use telemetry to improve customer experiences.

Azure 无意收集敏感信息,例如信用卡号、用户名和密码、电子邮件地址。Azure doesn't intend to gather sensitive info, such as credit card numbers, usernames and passwords, email addresses. 如果我们确定敏感信息是无意中收集到的,我们会予以删除。If we determine that sensitive info has been inadvertently received, we delete it.

Azure 如何使用遥测数据的示例Examples of how Azure uses the telemetry data

遥测起着重要作用,可帮助我们快速找到并解决客户部署和配置的严重可靠性问题。Telemetry plays an important role in helping us quickly identify and fix critical reliability issues in our customers' deployments and configurations. 洞察我们收集的遥测数据可帮助我们快速找到服务或硬件配置的问题。Insights into the telemetry data that we gather help us quickly identify issues with services or hardware configurations. Azure 从客户那里获取此数据以及推动生态系统改进的能力,有助于提高我们的集成式 Azure Stack 解决方案的质量。Azure's ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of our integrated Azure Stack solutions.

遥测还能帮助 Azure 进一步了解客户如何部署组件、使用功能以及使用服务来实现业务目标。Telemetry also helps Azure to better understand how customers deploy components, use features, and use services to achieve their business goals. 从数据获取见解可帮助我们在直接影响客户体验和工作负荷的领域中指定工程投资的优先级。Getting insights from that data helps prioritize engineering investments in areas that can directly impact our customers' experiences and workloads.

示例包括:与 Azure Stack 角色关联的容器、存储用量和网络配置的客户用量。Some examples include customer usage of containers, storage, and networking configurations that are associated with Azure Stack roles. 我们还使用见解来推动某些管理和监视解决方案的改善与智能化。We also use the insights to drive improvements and intelligence into some of our management and monitoring solutions. 此项改进可以帮助客户诊断质量问题,减少向 Azure 拨打支持电话的次数,从而节省资金。This improvement helps customers diagnose quality issues and save money by making fewer support calls to Azure.

管理遥测数据的收集Manage telemetry collection

我们不建议在组织中关闭遥测,因为遥测可以提供推动产品功能和稳定性改进的数据。We don't recommend that you turn off telemetry in your organization as telemetry provides data that drives improved product functionality and stability. 但我们认识到,在某些情况下有必要关闭遥测。We do recognize however, that in some scenarios this may be necessary.

在这些情况下,可以使用部署前的注册表设置或使用部署后的遥测终结点,配置发送给 Azure 的遥测级别。In these instances, you can configure the telemetry level sent to Azure by using registry settings pre- deployment or using the Telemetry Endpoints post deployment.

在 Windows 注册表中设置遥测级别Set telemetry level in the Windows registry

在部署 Azure Stack 之前,可以使用 Windows 注册表编辑器在物理主计算机上手动设置遥测级别。The Windows Registry Editor is used to manually set the telemetry level on the physical host computer before deploying Azure Stack. 如果管理策略(例如组策略)已存在,它会覆盖此注册表设置。If a management policy already exists, such as Group Policy, it overrides this registry setting.

在 ASDK 主机上部署 Azure Stack 之前,请先引导至 CloudBuilder.vhdx,然后在权限提升的 PowerShell 窗口中运行以下脚本:Before deploying Azure Stack on the ASDK host, boot into the CloudBuilder.vhdx and run the following script in an elevated PowerShell window:

### Get current AllowTelemetry value on DVM Host
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry
### Set & Get updated AllowTelemetry value for ASDK-Host
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name "AllowTelemetry" -Value '0' # Set this value to 0,1,2,or3.  
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry

遥测级别可累积,分类为四个级别 (0-3):The telemetry levels are cumulative and categorized into four levels (0-3):

0(安全) :仅限安全数据。0 (Security): Security data only. 帮助保护操作系统所需的信息,包括互连用户体验与遥测组件设置和 Windows Defender 相关的数据。Info that's required to help keep the operating system secure, including data about the Connected User Experience and Telemetry component settings and Windows Defender. 在此级别不会发出任何 Azure Stack 特定的遥测数据。No Azure Stack specific telemetry is emitted at this level.

1(基本) :安全数据,以及基本运行状况和质量数据。1 (Basic): Security data, and basic health and quality data. 基本设备信息,包括:质量相关的数据、应用兼容性、应用用量数据,以及来自“安全”级别的数据。Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level. 将遥测级别设置为“基本”可启用 Azure Stack 遥测。Setting your telemetry level to Basic enables Azure Stack telemetry. 在此级别收集的数据包括:The data gathered at this level includes:

  • 基本设备信息,帮助了解生态系统中本机和虚拟化 Windows Server 2016 实例的类型与配置,其中包括:Basic device info that helps provide an understanding about the types and configurations of native and virtualized Windows Server 2016 instances in the ecosystem, including:
    • 计算机属性,例如 OEM 和型号。Machine attributes, such as the OEM and model.
    • 网络属性,例如网络适配器的数目和速度。Networking attributes, such as the number and speed of network adapters.
    • 处理器和内存属性,例如核心数、内存大小。Processor and memory attributes, such as the number of cores and memory size.
    • 存储属性,例如驱动器数目、类型和大小。Storage attributes, such as the number of drives, type, and size.
  • 遥测功能,包括已上传事件、已删除事件的百分比,以及上次上传时间。Telemetry Functionality, including percent of uploaded events, dropped events, and the last upload time.
  • 质量相关信息,帮助 Azure 基本了解 Azure Stack 的运行情况。Quality-related info that helps Azure develop a basic understanding of how Azure Stack is performing. 示例是针对特定硬件配置发出的严重警报计数。An example is the count of critical alerts on a particular hardware configuration.
  • 兼容性数据,帮助了解系统和 VM 上已安装哪些资源提供程序,以及识别潜在的兼容性问题。Compatibility data, which helps provide an understanding about which resource providers are installed on a system and VM and identifies potential compatibility problems.

2(增强) :其他见解,包括操作系统和其他 Azure Stack 服务的用法、运行状况、高级可靠性数据,以及来自“基本”和“安全”级别的数据。2 (Enhanced): Additional insights, including how the operating system and other Azure Stack services are used, how they perform, advanced reliability data, and data from both the Basic and Security levels.

3(完整) :识别及帮助解决问题所需的全部数据,加上来自“安全”、“基本”和“增强”级别的数据。3 (Full): All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.

Note

默认遥测级别值为 2(增强)。The default telemetry level value is 2 (enhanced).

关闭 Windows 和 Azure Stack 遥测会禁用 SQL 遥测。Turning off Windows and Azure Stack telemetry disables SQL telemetry. 有关 Windows Server 遥测设置的含义的详细信息,请参阅 Windows 遥测白皮书For additional info on the implications of the Windows Server telemetry settings, reference the Windows Telemetry Whitepaper.

Important

这些遥测级别只适用于 Microsoft Azure Stack 组件。These telemetry levels only apply to Azure Stack components. Azure Stack 硬件合作伙伴在硬件生命周期主机中运行的非 Azure 软件组件和服务可能与这些遥测级别以外的云服务通信。Non-Azure software components and services that are running in the Hardware Lifecycle Host from Azure Stack hardware partners may communicate with their cloud services outside of these telemetry levels. 应该咨询 Azure Stack 硬件解决方案提供商,以了解其遥测策略,以及如何启用或禁用。You should work with your Azure Stack hardware solution provider to understand their telemetry policy, and how you can opt in or opt out.

在部署后启用或禁用遥测Enable or disable telemetry after deployment

若要在部署之后启用或禁用遥测,必须能够访问 ERCS VM 上公开的特权终结点 (PEP)。To enable or disable telemetry after deployment, you need to have access to the Privileged End Point (PEP) which is exposed on the ERCS VMs.

  1. 若要启用:Set-Telemetry -EnableTo Enable: Set-Telemetry -Enable
  2. 若要禁用:Set-Telemetry -DisableTo Disable: Set-Telemetry -Disable

PARAMETER 详细信息:PARAMETER Detail:

.PARAMETER Enable - 启用遥测数据上传.PARAMETER Enable - Turn On telemetry data upload

.PARAMETER Disable - 禁用遥测数据上传.PARAMETER Disable - Turn Off telemetry data upload

用于启用遥测的脚本:Script to enable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Enable}
if($psSession)
{
    Remove-PSSession $psSession
}

用于禁用遥测的脚本:Script to disable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Disable}
if($psSession)
{
    Remove-PSSession $psSession
}

后续步骤Next steps

启动和停止 ASDKStart and stop the ASDK