在 Azure Stack Hub 中委托套餐Delegate offers in Azure Stack Hub

作为 Azure Stack Hub 操作员,你可能希望让其他人负责注册用户和创建订阅。As an Azure Stack Hub operator, you might want to put other people in charge of signing up users and creating subscriptions. 例如,服务提供商可能需要经销商来代表他们注册和管理客户。For example, if you're a service provider, you might want resellers to sign up customers and manage them on your behalf. 或者,如果你是企业的中心 IT 小组的成员,则可能需要委托其他 IT 工作人员来注册用户。Or, if you're part of a central IT group in an enterprise, you might want to delegate user sign-up to other IT staff.

委托比你自己进行更容易联系和管理更多的用户,如下图所示:Delegation makes it easier to reach and manage more users than you can by yourself, as shown in the following figure:

Azure Stack Hub 中的委托级别

借助委托,委托的提供商可以管理套餐(称为“委托套餐”**),最终客户可获取该套餐中的订阅,而无需系统管理员介入。With delegation, the delegated provider manages an offer (called a delegated offer), and end customers obtain subscriptions under that offer without involvement from the system admin.

委托角色Delegation roles

以下角色是委托的一部分:The following roles are part of delegation:

  • Azure Stack Hub 操作员管理 Azure Stack Hub 基础结构并创建套餐模板。**The Azure Stack Hub operator manages the Azure Stack Hub infrastructure and creates an offer template. 操作员委托他人向其租户提供套餐。The operator delegates others to provide offers to their tenant.

  • 委托的 Azure Stack Hub 操作员是名为“委托的提供商”的订阅中拥有“所有者”或“参与者”权限的用户。** ** **The delegated Azure Stack Hub operators are users with Owner or Contributor rights in the subscriptions called delegated providers. 他们可能属于其他组织,例如其他 Azure Active Directory (Azure AD) 租户。They can belong to other organizations, such as other Azure Active Directory (Azure AD) tenants.

  • ** 用户可以注册并使用产品/服务来管理其工作负荷、创建 VM、存储数据,等等。Users sign up for the offers and use them for managing their workloads, creating VMs, storing data, and so on.

委托步骤Delegation steps

设置委托的过程包括两个步骤:There are two steps to setting up delegation:

  1. 创建委托的提供商订阅:让用户订阅仅包含订阅服务的套餐。Create a delegated provider subscription: Subscribe a user to an offer containing only the subscription service. 然后,订阅此套餐的用户可通过为其他用户注册委托的套餐,将这些套餐扩展到其他用户。Users who subscribe to this offer can then extend the delegated offers to other users by signing them up for those offers.

  2. 将套餐委托给受委托的提供商:此套餐可让委托的提供商创建订阅,或将套餐扩展到其用户。Delegate an offer to the delegated provider: This offer enables the delegated provider to create subscriptions or to extend the offer to their users. 委托的提供商现在可以接受该套餐,并将其提供给其他用户。The delegated provider can now take the offer and extend it to other users.

下图显示设置委托的步骤:The following figure shows the steps for setting up delegation:

在 Azure Stack Hub 中创建委托的提供商并允许其注册用户的步骤

委托的提供商要求Delegated provider requirements

若要充当委托的提供商,用户需要通过创建订阅来与主要提供商建立关系。To act as a delegated provider, a user establishes a relationship with the main provider by creating a subscription. 此订阅表明委托的提供商有权代表主提供商提供委托的套餐。This subscription identifies the delegated provider as having the right to present the delegated offers on behalf of the main provider.

建立这种关系后,Azure Stack Hub 操作员就可以将套餐委托给受委托的提供商。After this relationship is established, the Azure Stack Hub operator can delegate an offer to the delegated provider. 委托的提供商可以接受该套餐,将其重命名(但不更改其实质)并提供给客户。The delegated provider can take the offer, rename it (but not change its substance), and offer it to its customers.

委托演练Delegation walkthrough

以下部分介绍建立受委托提供商的步骤,委托一项套餐,然后验证用户是否可以注册委托的套餐。The following sections describe the steps to set up a delegated provider, delegate an offer, and verify that users can sign up for the delegated offer.

设置角色Set up roles

若要使用此演练,除了 Azure Stack Hub 操作员帐户以外,还需要两个 Azure AD 帐户。To use this walkthrough, you need two Azure AD accounts in addition to your Azure Stack Hub operator account. 如果没有这两个帐户,则必须创建这些帐户。If you don't have these two accounts, you must create them. 这些帐户可以属于任何 Azure AD 用户,称为委托的提供商和用户** **。The accounts can belong to any Azure AD user and are referred to as the delegated provider and the user.

角色Role 组织权限Organizational rights
委托的提供商Delegated provider UserUser
UserUser UserUser

Note

对于 CSP 经销商,若要创建此委托的提供商,这些用户必须在租户目录(用户 Azure AD)中存在。In the case of a CSP-reseller, creating this delegated provider requires that these users are in the tenant directory (the user Azure AD). Azure Stack Hub 操作员必须先载入该租户 Azure AD,然后遵循这些步骤设置用量和计费。The Azure Stack Hub operator must first onboard that tenant Azure AD, and then set up usage and billing by following these steps.

确定委托的提供商Identify the delegated provider

  1. 以 Azure Stack Hub 操作员身份登录到管理员门户。Sign in to the administrator portal as an Azure Stack Hub operator.

  2. 创建可让用户成为委托提供商的套餐:To create an offer that enables a user to become a delegated provider:

    a.a. 创建计划Create a plan. 此计划应该只包括订阅服务。This plan should include only the subscription service. 本文使用名为 PlanForDelegation 的计划作为示例。This article uses a plan named PlanForDelegation as an example.

    b.b. 根据此计划创建套餐Create an offer based on this plan. 本文使用名为 OfferToDP 的套餐作为示例。This article uses an offer named OfferToDP as an example.

    c.c. 依次选择“订阅”、“添加”、“新建租户订阅”,将委托的提供商作为订阅方添加到此套餐。**** **** ****Add the delegated provider as a subscriber to this offer by selecting Subscriptions, then Add, then New Tenant Subscription.

    在 Azure Stack Hub 管理员门户中将委托的提供商添加为订户

    Note

    对于所有 Azure Stack Hub 套餐,可以选择将其公开给用户注册,也可以选择不公开,让 Azure Stack Hub 操作员管理注册。As with all Azure Stack Hub offers, you have the option of making the offer public and letting users sign up for it, or keeping it private and letting the Azure Stack Hub operator manage the sign-up. 委托的提供商通常是一个小的组。Delegated providers are usually a small group. 需要控制其成员,因此大多数情况下不应公开此产品/服务。You want to control who is admitted to it, so keeping this offer private makes sense in most cases.

Azure Stack Hub 操作员创建委托的套餐Azure Stack Hub operator creates the delegated offer

下一步是创建要委托的可供用户使用的计划和套餐。The next step is to create the plan and offer that you're going to delegate, and that your users will use. 最好是将此套餐定义成想要用户看到的那种规格,因为委托的提供商不能更改该套餐中包括的计划和配额。It's a good idea to define this offer as you want users to see it because the delegated provider can't change the plans and quotas it includes.

  1. 以 Azure Stack Hub 操作员的身份创建计划以及基于该计划的套餐As an Azure Stack Hub operator, create a plan and an offer based on the plan. 本文使用名为 DelegatedOffer 的套餐作为示例。This article uses an offer named DelegatedOffer as an example.

    Note

    此套餐不必是公共套餐,但可将其设置为公共套餐。This offer doesn't have to be public, but you can make it public. 但是,在大多数情况下,你只希望委托的提供商有权访问该套餐。However, in most cases, you only want delegated providers to have access to the offer. 在你按照以下步骤中的说明委托专用产品/服务以后,委托的提供商即可对其进行访问。After you delegate a private offer as described in the following steps, the delegated provider has access to it.

  2. 委托套餐。Delegate the offer. 转到“DelegatedOffer”。****Go to DelegatedOffer. 在“设置”下,依次选择“委托的提供商”、“添加”。**** **** ****Under Settings, select Delegated Providers, then select Add.

  3. 从下拉列表中选择委托的提供商的订阅,然后选择“委托”。****Select the subscription for the delegated provider from the drop-down list, and then select Delegate.

    在 Azure Stack Hub 管理员门户中添加委托的提供商

委托的提供商自定义产品/服务Delegated provider customizes the offer

以委托的提供商身份登录到用户门户,然后使用委托的套餐作为模板来创建新的产品/服务。Sign in to the user portal as the delegated provider and then create a new offer by using the delegated offer as a template.

  1. 依次选择“+ 创建资源”、“租户套餐 + 计划”、“套餐”。**** **** ****Select + Create a resource, then Tenant Offers + Plans, then select Offer.

    在 Azure Stack Hub 用户门户中创建新套餐

  2. 为产品/服务指定一个名称。Assign a name to the offer. 本示例使用 ResellerOfferThis example uses ResellerOffer. 选择委托的套餐作为模板,然后选择“创建”。****Select the delegated offer on which to base it, and then select Create.

    在 Azure Stack Hub 用户门户中分配名称

    Important

    必须知道,委托的提供商只能选择委托给他们的套餐。It's important to understand that delegated providers can only choose offers that are delegated to them. 他们无法更改这些套餐;只有 Azure Stack Hub 操作员可以更改这些套餐。They cannot make changes to those offers; only an Azure Stack Hub operator can change these offers. 例如,只有操作员可以更改其计划和配额。For example, only an operator can change their plans and quotas. 委托的提供商不会根据基础计划和附加计划来构造套餐。A delegated provider does not construct an offer from base plans and add-on plans.

  3. 委托的提供商通过自己的门户 URL 公开这些套餐。The delegated provider can make these offers public through their own portal URL. 若要公开套餐,请依次选择“浏览”、“套餐”。**** ****To make the offer public, select Browse, and then Offers. 选择产品/服务,然后选择“更改状态”。****Select the offer, and then select Change State.

  4. 目前,只能通过委托门户查看公开的已委托套餐。The public delegated offers are now visible only through the delegated portal. 若要查找和更改此 URL,请执行以下操作:To find and change this URL:

    a.a. 依次选择“浏览”、“所有服务”,然后在“常规”类别下面选择“订阅”。**** **** **** ****Select Browse, then All services, and then under the GENERAL category, select Subscriptions. 选择委托的提供商订阅(例如 DPSubscription),然后选择“属性”。****Select the delegated provider subscription (for example, DPSubscription), then Properties.

    b.b. 将门户 URL 复制到单独的位置,例如记事本。Copy the portal URL to a separate location, such as Notepad.

    在 Azure Stack Hub 用户门户中选择委托的提供商订阅

    现已完成创建委托的套餐作为委托的提供商的过程。You've finished creating a delegated offer as a delegated provider. 以委托的提供商身份注销,并关闭浏览器窗口。Sign out as the delegated provider and close the browser window.

注册产品/服务Sign up for the offer

  1. 在新的浏览器窗口中,转到上一步保存的委托的门户 URL。In a new browser window, go to the delegated portal URL that you saved in the previous step. 以用户身份登录到门户。Sign in to the portal as a user.

    Note

    除非使用委托的门户,否则委托的套餐不可见。The delegated offers are not visible unless you use the delegated portal.

  2. 在仪表板中,选择“获取订阅”****。In the dashboard, select Get a subscription. 可以看到,只向用户提供由委托的提供商创建的委托的套餐。You'll see that only the delegated offers that were created by the delegated provider are presented to the user.

    在 Azure Stack Hub 用户门户中查看并选择套餐

委托套餐的过程已完成。The process of delegating an offer is finished. 现在,用户可以通过获取套餐订阅来注册此套餐。Now a user can sign up for this offer by getting a subscription to it.

在委托的提供商之间移动订阅Move subscriptions between delegated providers

如果需要,可在属于同一目录租户的新的或现有委托的提供商订阅之间移动订阅。If needed, a subscription can be moved between new or existing delegated provider subscriptions that belong to the same directory tenant. 可以使用 PowerShell cmdlet Move-AzsSubscription 移动它们。You can move them using the PowerShell cmdlet Move-AzsSubscription.

在以下情况下可以移动订阅:Moving subscriptions is useful when:

  • 登记将要充当委托的提供商角色的新团队成员,并想要将以前在“默认提供商订阅”中创建的用户订阅分配给此团队成员。You onboard a new team member that will take on the delegated provider role and you want to assign to this team member user subscriptions that were previously created in the default provider subscription.
  • 有多个委托的提供商订阅在同一目录租户 (Azure AD) 中,并需要在这些订阅之间移动用户订阅。You have multiple delegated providers subscriptions in the same directory tenant (Azure AD) and need to move user subscriptions between them. 当团队成员在团队之间移动,并且必须将其订阅分配给新团队时,可能会发生这种情况。This scenario could occur when a team member moves between teams and their subscription must be allocated to the new team.

后续步骤Next steps