Azure Stack Hub 集成系统的 Azure 联网部署规划决策Azure-connected deployment planning decisions for Azure Stack Hub integrated systems

在决定如何将 Azure Stack Hub 集成到混合云环境后,即可完成 Azure Stack Hub 部署决策。After you've decided how you'll integrate Azure Stack Hub into your hybrid cloud environment, you can finalize your Azure Stack Hub deployment decisions.

部署连接到 Azure 的 Azure Stack Hub 意味着可以将 Azure Active Directory (Azure AD) 或 Active Directory 联合身份验证服务 (AD FS) 用于标识存储。Deploying Azure Stack Hub connected to Azure means that you can have either Azure Active Directory (Azure AD) or Active Directory Federation Services (AD FS) for your identity store. 也可从以下计费模式进行选择:即用即付或按容量付费。You can also choose from either billing model: pay-as-you-use or capacity-based. 联网部署是默认选项,因为它可以让客户充分利用 Azure Stack Hub,尤其是在使用涉及到 Azure 和 Azure Stack Hub 的混合云方案的情况下。A connected deployment is the default option because it allows customers to get the most value out of Azure Stack Hub, particularly for hybrid cloud scenarios that involve both Azure and Azure Stack Hub.

选择标识存储Choose an identity store

使用连接型部署时,可以选择将 Azure AD 或 AD FS 用于标识存储。With a connected deployment, you can choose between Azure AD or AD FS for your identity store. 没有 Internet 连接的断开连接型部署只能使用 AD FS。A disconnected deployment, with no internet connectivity, can only use AD FS.

所做的标识存储选择不影响租户虚拟机 (VM)。Your identity store choice has no bearing on tenant virtual machines (VMs). 租户 VM 可以选择要连接到的标识存储,具体取决于其将来的配置情况:Azure AD、加入 Windows Server Active Directory 域、工作组,等等。Tenant VMs may choose which identity store they want to the connect to depending on how they'll be configured: Azure AD, Windows Server Active Directory domain-joined, workgroup, and so on. 这与 Azure Stack Hub 标识提供者决策无关。This is unrelated to the Azure Stack Hub identity provider decision.

例如,如果在 Azure Stack Hub 基础上部署 IaaS 租户 VM,需要它们加入公司 Active Directory 域并使用其中的帐户,则仍可这样做。For example, if you deploy IaaS tenant VMs on top of Azure Stack Hub, and want them to join a Corporate Active Directory Domain and use accounts from there, you still can. 不需将此处选择的 Azure AD 标识存储用于这些帐户。You aren't required to use the Azure AD identity store you select here for those accounts.

Azure AD 标识存储Azure AD identity store

将 Azure AD 用于标识存储时,需要两个 Azure AD 帐户:全局管理员帐户和计费帐户。Using Azure AD for your identity store requires two Azure AD accounts: a global admin account and a billing account. 这两个帐户可以相同,也可以不同。These accounts can be the same accounts, or different accounts. 虽然使用同一用户帐户可能更简单,适用于 Azure 帐户数有限的情况,但考虑到业务需求,某些情况下也可能需要使用两个帐户:While using the same user account might be simpler and useful if you have a limited number of Azure accounts, your business needs might suggest using two accounts:

  1. 全局管理员帐户(仅连接型部署需要)Global admin account (only required for connected deployments). 这种 Azure 帐户用于为 Azure AD 中的 Azure Stack Hub 基础结构服务创建应用和服务主体。This is an Azure account that's used to create apps and service principals for Azure Stack Hub infrastructure services in Azure AD. 此帐户必须拥有 Azure Stack Hub 系统部署时所在目录的管理员权限。This account must have directory admin permissions to the directory that your Azure Stack Hub system will be deployed under. 它将成为 Azure AD 用户的“云操作员”全局管理员,用于以下任务:It will become the "cloud operator" Global Admin for the Azure AD user and is used for the following tasks:

    • 为所有需要与 Azure AD 和图形 API 交互的 Azure Stack Hub 服务预配和委托应用和服务主体。To provision and delegate apps and service principals for all Azure Stack Hub services that need to interact with Azure AD and Graph API.
    • 充当服务管理员帐户。As the Service Administrator account. 此帐户是默认提供商订阅(可以稍后更改)的所有者。This account is the owner of the default provider subscription (which you can later change). 可以使用此帐户登录到 Azure Stack Hub 管理员门户,并且可以使用它在 Azure Stack Hub 中创建套餐和计划、设置配额,以及执行其他管理功能。You can log into the Azure Stack Hub administrator portal with this account, and can use it to create offers and plans, set quotas, and perform other administrative functions in Azure Stack Hub.


  • 全局管理员帐户不是运行 Azure Stack Hub 所必需的,可以在部署后禁用。The global administrator account is not required to run Azure Stack Hub and can be disabled post-deployment.
  • 按照此处记录的最佳做法保护全局管理员帐户。Secure the global administrator account following the best practices documented here.
  1. 计费帐户(连接型部署和断开连接型部署都需要)。Billing account (required for both connected and disconnected deployments). 此 Azure 帐户用来在 Azure Stack Hub 集成系统和 Azure 商务后端之间建立计费关系。This Azure account is used to establish the billing relationship between your Azure Stack Hub integrated system and the Azure commerce backend. 这是将对其收取 Azure Stack Hub 费用的帐户。This is the account that's billed for Azure Stack Hub fees. 此帐户还将用于提供市场中的项目和其他混合方案。This account will also be used for offering items in the marketplace and other hybrid scenarios.

AD FS 标识存储AD FS identity store

如果需要将自己的标识存储(例如公司 Active Directory)用于服务管理员帐户,请选择此选项。Choose this option if you want to use your own identity store, such as your corporate Active Directory, for your Service Administrator accounts.

选择计费模型Choose a billing model

可以选择“预付费”或“容量”计费模型。You can choose either Pay-in-advance or the Capacity billing model. “预付费”计费模型部署必须能够通过到 Azure 的连接报告使用情况,每 30 天至少报告一次。Pay-in-advance billing model deployments must be able to report usage through a connection to Azure at least once every 30 days. 因此,“预付费”计费模型仅适用于连接型部署。Therefore, the pay-in-advance billing model is only available for connected deployments.


使用“预付费”计费模型时,你会收到 Azure 额度,其金额等于你添加到帐户的资金额。With the Pay-in-advance billing model, you will receive Azure Credits equal to the amount of funds you add to your account. 如果这是决定要用的模型,则需一个 Azure 订阅,以及与该订阅相关联的帐户 ID(例如,。If this is the model you decide on, you'll need an Azure subscription and the account ID associated with that subscription (for example, 支持 EA、CSP、CSL 订阅。EA, CSP, and CSL subscriptions are supported. 使用情况报告在 Azure Stack Hub 注册期间配置。Usage reporting is configured during Azure Stack Hub registration.


大多数情况下,企业客户会使用 EA 订阅,服务提供商会使用 CSP 或 CSL 订阅。In most cases, Enterprise customers will use EA subscriptions, and service providers will use CSP or CSL subscriptions.

若要使用 CSP 订阅,请查看下表以确定要使用的 CSP 订阅,因为正确的方法取决于具体的 CSP 方案:If you're going to use a CSP subscription, review the table below to identify which CSP subscription to use, as the correct approach depends on the exact CSP scenario:

方案Scenario 域和订阅选项Domain and subscription options
你是 直接 CSP 合作伙伴间接 CSP 提供商,并将操作 Azure Stack HubYou're a Direct CSP Partner or an Indirect CSP Provider, and you'll operate the Azure Stack Hub 使用 CSL(通用服务层)订阅。Use a CSL (Common Service Layer) subscription.
在合作伙伴中心创建带描述性名称的 Azure AD 租户。Create an Azure AD tenant with a descriptive name in Partner Center. 例如,<你的组织>CSPAdmin,带有关联的 Azure CSP 订阅。For example, <your organization>CSPAdmin with an Azure CSP subscription associated with it.
你是 间接 CSP 经销商,并将操作 Azure Stack HubYou're an Indirect CSP Reseller, and you'll operate the Azure Stack Hub 要求间接 CSP 提供商使用合作伙伴中心为你的组织创建一个 Azure AD 租户,带有关联的 Azure CSP 订阅。Ask your indirect CSP Provider to create an Azure AD tenant for your organization with an Azure CSP subscription associated with it using Partner Center.

基于容量的计费Capacity-based billing

如果决定使用容量计费模型,则必须根据系统的容量购买 Azure Stack Hub 容量计划 SKU。If you decide to use the capacity billing model, you must purchase an Azure Stack Hub Capacity Plan SKU based on the capacity of your system. 需要知道 Azure Stack Hub 中的物理核心数才能确保购买的数量是正确的。You need to know the number of physical cores in your Azure Stack Hub to purchase the correct quantity.

容量计费需要企业协议 (EA) Azure 订阅才能注册。Capacity billing requires an Enterprise Agreement (EA) Azure subscription for registration. 原因是注册设置了市场中项目的可用性,这需要 Azure 订阅。The reason is that registration sets up the availability of items in the Marketplace, which requires an Azure subscription. 此订阅不适用于 Azure Stack Hub 使用情况。The subscription isn't used for Azure Stack Hub usage.

了解详细信息Learn more

  • 有关用例、购买、合作伙伴和 OEM 硬件供应商的信息,请参阅 Azure Stack Hub 产品页。For information about use cases, purchasing, partners, and OEM hardware vendors, see the Azure Stack Hub product page.
  • 有关 Azure Stack Hub 集成系统的路线图和上市区域的信息,请参阅白皮书:Azure Stack Hub:Azure 的扩展For information about the roadmap and geo-availability for Azure Stack Hub integrated systems, see the white paper: Azure Stack Hub: An extension of Azure.

后续步骤Next steps

数据中心网络集成Datacenter network integration