Azure Stack Hub 集成系统的 Azure 非联网部署计划决策Azure disconnected deployment planning decisions for Azure Stack Hub integrated systems

在决定如何将 Azure Stack Hub 集成到混合云环境后,即可完成 Azure Stack Hub 部署决策。After you've decided how you'll integrate Azure Stack Hub into your hybrid cloud environment, you can finish your Azure Stack Hub deployment decisions.

无需连接到 Internet 即可部署和使用 Azure Stack Hub。You can deploy and use Azure Stack Hub without a connection to the internet. 但是,使用断开连接部署,你将受限于一个 Active Directory 联合身份验证服务(AD FS) 标识存储和基于容量的计费模型。However, with a disconnected deployment, you're limited to an Active Directory Federation Services (AD FS) identity store and the capacity-based billing model. 由于多租户需要使用 Azure Active Directory (Azure AD),因此离线部署不支持多租户。Because multitenancy requires the use of Azure Active Directory (Azure AD), multitenancy isn't supported for disconnected deployments.

适用情况:Choose this option if:

  • 存在要求你在未连接到 Internet 的环境中部署 Azure Stack Hub 的安全性或其他限制。You have security or other restrictions that require you to deploy Azure Stack Hub in an environment that isn't connected to the internet.
  • 想要阻止将数据(包括使用情况数据)发送到 Azure。You want to block data (including usage data) from being sent to Azure.
  • 希望单纯将 Azure Stack Hub 用作部署到公司 Intranet 的私有云解决方案,并且不考虑在混合方案中使用。You want to use Azure Stack Hub purely as a private cloud solution that's deployed to your corporate intranet, and aren't interested in hybrid scenarios.

提示

有时候,这种类型的环境也称为“潜艇方案” 。Sometimes, this kind of environment is also referred to as a submarine scenario.

非联网部署不会限制你以后将 Azure Stack Hub 实例连接到 Azure 以实现混合租户 VM 方案。A disconnected deployment doesn't restrict you from later connecting your Azure Stack Hub instance to Azure for hybrid tenant VM scenarios. 它只意味着在部署期间不连接到 Azure,或者不希望使用 Azure AD 作为标识存储。It means that you don't have connectivity to Azure during deployment or you don't want to use Azure AD as your identity store.

在断开连接部署中被削弱或不可用的功能Features that are impaired or unavailable in disconnected deployments

Azure Stack Hub 设计为在连接到 Azure 的情况下功能最佳,因此请务必注意,在离线模式下,有些功能被损坏或完全不可用。Azure Stack Hub was designed to work best when connected to Azure, so it's important to note that there are some features and functionality that are either impaired or completely unavailable in the disconnected mode.

功能Feature 断开连接模式的影响Impact in Disconnected mode
VM 部署(带有用于配置 VM 后期部署的 DSC 扩展)VM deployment with DSC extension to configure VM post deployment 被削弱 - DSC 扩展从 Internet 查找最新 WMF。Impaired - DSC extension looks to the internet for the latest WMF.
VM 部署(带有用于运行 Docker 命令的 Docker 扩展)VM deployment with Docker Extension to run Docker commands 被削弱 - Docker 将检查 Internet 来查找最新版本并且此检查将失败。Impaired - Docker will check the internet for the latest version and this check will fail.
Azure Stack Hub 门户中的文档链接Documentation links in the Azure Stack Hub Portal 不可用 -“提供反馈”、“帮助”、“快速入门”之类的使用 Internet URL 的链接将不起作用。Unavailable - Links like Give Feedback, Help, and Quickstart that use an internet URL won't work.
引用联机修正指南的警报修正/缓解Alert remediation/mitigation that references an online remediation guide 不可用 - 使用 Internet URL 的任何警报修正链接都不起作用。Unavailable - Any alert remediation links that use an internet URL won't work.
市场 - 直接从 Azure 市场中选择并添加库包的能力Marketplace - The ability to select and add Gallery packages directly from Azure Marketplace 被损坏 - 在离线模式下部署 Azure Stack Hub 时,不能通过 Azure Stack Hub 门户下载市场项。Impaired - When you deploy Azure Stack Hub in a disconnected mode, you can't download marketplace items by using the Azure Stack Hub portal. 但是,可以使用市场联合工具将市场项下载到有 Internet 连接的计算机,然后再将这些项转移到 Azure Stack Hub 环境。However, you can use the marketplace syndication tool to download the marketplace items to a machine that has internet connectivity and then transfer them to your Azure Stack Hub environment.
使用 Azure AD 联合身份验证帐户管理 Azure Stack Hub 部署Using Azure AD federation accounts to manage an Azure Stack Hub deployment 不可用 - 此功能要求连接到 Azure。Unavailable - This feature requires connectivity to Azure. 必须改用具有本地 Active Directory 实例的 AD FS。AD FS with a local Active Directory instance must be used instead.
应用服务App Services 被损坏 - WebApps 可能需要访问 Internet 以获取更新的内容。Impaired - WebApps may require internet access for updated content.
命令行界面 (CLI)Command Line Interface (CLI) 被削弱 - CLI 在对服务主体进行身份验证和预配方面的功能已减弱。Impaired - CLI has reduced functionality for authentication and provisioning of service principals.
Visual Studio - Cloud discoveryVisual Studio - Cloud discovery 被削弱 - Cloud Discovery 将发现不同的云或根本不工作。Impaired - Cloud Discovery will either discover different clouds or won't work at all.
Visual Studio - AD FSVisual Studio - AD FS 被削弱 - 仅 Visual Studio Enterprise 和 Visual Studio Code 支持 AD FS 身份验证。Impaired - Only Visual Studio Enterprise and Visual Studio Code support AD FS authentication.
遥测Telemetry 不可用 - Azure Stack Hub 的遥测数据以及依赖于遥测数据的任何第三方库包。Unavailable - Telemetry data for Azure Stack Hub and any third-party gallery packages that depend on telemetry data.
证书Certificates 不可用 - 在 HTTPS 上下文中,证书吊销列表 (CRL) 和在线证书状态协议 (OSCP) 服务需要使用 Internet 连接。Unavailable - internet connectivity is required for Certificate Revocation List (CRL) and Online Certificate Status Protocol (OSCP) services in the context of HTTPS.
密钥保管库Key Vault 被削弱 - Key Vault 的一个常见用例是让应用在运行时读取机密。Impaired - A common use case for Key Vault is to have an app read secrets at runtime. 对于此用例,应用需要目录中的一个服务主体。For this use case, the app needs a service principal in the directory. 在 Azure AD 中,默认情况下允许常规用户(非管理员)添加服务主体。In Azure AD, regular users (non-admins) are by default allowed to add service principals. 在 Azure AD(使用 AD FS)中,不允许上述操作。In Azure AD (using AD FS), they're not. 此限制妨碍了端对端体验,因为用户必须始终通过目录管理员来添加任何应用。This impairment places a hurdle in the end-to-end experience because one must always go through a directory admin to add any app.

了解详细信息Learn more

  • 有关用例、购买、合作伙伴和 OEM 硬件供应商的信息,请参阅 Azure Stack Hub 产品页。For information about use cases, purchasing, partners, and OEM hardware vendors, see the Azure Stack Hub product page.
  • 有关 Azure Stack Hub 集成系统的路线图和上市区域的信息,请参阅白皮书:Azure Stack Hub:Azure 的扩展For information about the roadmap and geo-availability for Azure Stack Hub integrated systems, see the white paper: Azure Stack Hub: An extension of Azure.

后续步骤Next steps

数据中心网络集成Datacenter network integration