配置 Azure Stack Hub 遥测Configure Azure Stack Hub telemetry

Azure Stack Hub 遥测通过互连用户体验将系统数据自动上传到 Azure。Azure Stack Hub telemetry automatically uploads system data to Azure via the Connected User Experience. Azure 团队使用 Azure Stack Hub 遥测收集的数据来改进客户体验。Azure teams use the data that Azure Stack Hub telemetry gathers to improve customer experiences. 此数据也用于安全性、运行状况、质量和性能分析。This data is also used for security, health, quality, and performance analysis.

遥测可为 Azure Stack Hub 操作员提供宝贵的见解来让他们洞察企业部署,并提供有助于构思 Azure Stack Hub 新版本的看法。For an Azure Stack Hub operator, telemetry can provide valuable insights into enterprise deployments and gives you a voice that helps shape future versions of Azure Stack Hub.

Azure Stack Hub 遥测基于 Windows Server 2016 互连用户体验与遥测组件。Azure Stack Hub telemetry is based on the Windows Server 2016 Connected User Experience and Telemetry component. 此组件使用 Windows 事件跟踪 (ETW) 跟踪日志记录技术来收集和存储遥测事件与数据。This component uses the Event Tracing for Windows (ETW) TraceLogging technology to gather and store events and data. Azure Stack 组件使用相同的技术,发布使用公共操作系统事件日志记录和跟踪 API 收集的事件与数据。Azure Stack components use the same technology to publish events and data gathered by using public operating system event logging and tracing APIs. 这些 Azure Stack Hub 组件的示例包括以下提供程序:网络资源、存储资源、监视资源和更新资源。Examples of these Azure Stack Hub components include these providers: Network Resource, Storage Resource, Monitoring Resource, and Update Resource. 互连用户体验与遥测组件使用 SSL 加密数据,并使用证书关联通过 HTTPS 将数据传输到 Microsoft 数据管理服务。The Connected User Experience and Telemetry component encrypts data using SSL and uses certificate pinning to transmit data over HTTPS to the Microsoft Data Management service.

重要

若要启用遥测数据流,必须在网络中开放端口 443 (HTTPS)。To enable telemetry data flow, port 443 (HTTPS) must be open in your network. 互连用户体验与遥测组件连接到 Microsoft 数据管理服务(位于 https://v10.events.data.microsoft.com)。The Connected User Experience and Telemetry component connects to the Microsoft Data Management service at https://v10.events.data.microsoft.com. 互连用户体验与遥测组件还连接到 https://settings-win.data.microsoft.com 来下载配置信息。The Connected User Experience and Telemetry component also connects to https://settings-win.data.microsoft.com to download configuration information. 其他诊断数据服务连接 https://watson.telemetry.microsoft.com 来报告错误。Other diagnostic data services connect https://watson.telemetry.microsoft.com for error reporting.

隐私注意事项Privacy considerations

ETW 服务将遥测数据发回到受保护的云存储。The ETW service routes telemetry data back to protected cloud storage. 最小特权原则指导对遥测数据的访问。The principal of least privilege guides access to telemetry data. 只有具有有效业务需求的 Azure 人员才能访问遥测数据。Only Azure personnel with a valid business need are given access to the telemetry data. 除非客户自行要求,或者符合 Azure 隐私声明中所述的受限目的,否则 Azure 不会与第三方共享客户个人数据。Azure doesn't share personal customer data with third parties, except at the customer's discretion or for the limited purposes described in the Azure Privacy Statement. 与 OEM 和合作伙伴共享的业务报告包含聚合的匿名数据。Business reports that are shared with OEMs and partners include aggregated, anonymized data. 数据共享决策由 Azure 内部团队(包括隐私、法律和数据管理利益干系人)做出。Data sharing decisions are made by an internal Azure team including privacy, legal, and data management stakeholders.

Azure 相信并实行信息最小化。Azure believes in, and practices information minimization. 我们尽量只收集所需的信息,并且只在服务所需或进行分析时才存储这些信息。We strive to gather only the information that's needed, and store it for only as long as necessary to provide a service or for analysis. 许多有关 Azure Stack Hub 系统和 Azure 服务工作原则的信息在六个月内删除。Much of the information about how the Azure Stack Hub system and Azure services are functioning is deleted within six months. 汇总或聚合的数据保留更长一段时间。Summarized or aggregated data will be kept for a longer period.

我们了解客户信息的隐私和安全都很重要。We understand that the privacy and security of customer information is important. Azure 采用深思熟虑的综合方法,在 Azure Stack Hub 中保护客户隐私和客户数据。Azure takes a thoughtful and comprehensive approach to customer privacy and the protection of customer data in Azure Stack Hub. IT 管理员随时可以控制功能和隐私的自定义设置。IT administrators have controls to customize features and privacy settings at any time. 我们对于透明度和信任的承诺很明确:Our commitment to transparency and trust is clear:

  • 我们向客户公开我们收集的数据类型。We're open with customers about the types of data we gather.
  • 企业客户有控制权 — 他们可以自定义自己的隐私设置。We put enterprise customers in control — they can customize their own privacy settings.
  • 我们将客户隐私和安全放在第一位。We put customer privacy and security first.
  • 我们以公开透明的方式使用遥测数据。We're transparent about how telemetry data gets used.
  • 我们使用遥测数据来改进客户体验。We use telemetry data to improve customer experiences.

Azure 无意收集敏感数据,例如信用卡号、用户名和密码、电子邮件地址或类似的敏感信息。Azure doesn't intend to gather sensitive data, like credit card numbers, usernames and passwords, email addresses, or similar sensitive information. 如果我们确定敏感信息是无意中收集到的,我们会予以删除。If we determine that sensitive information has been inadvertently received, we delete it.

Azure 如何使用遥测数据的示例Examples of how Azure uses the telemetry data

遥测起着重要作用,可帮助我们快速找到并解决客户部署和配置的严重可靠性问题。Telemetry plays an important role in helping to quickly identify and fix critical reliability issues in customer deployments and configurations. 基于遥测数据的见解可帮助我们识别服务或硬件配置的问题。Insights from telemetry data can help identify issues with services or hardware configurations. Azure 从客户那里获取此数据以及推动生态系统改进的能力,可提高集成式 Azure Stack Hub 解决方案的质量。Azure's ability to get this data from customers and drive improvements to the ecosystem raises the bar for the quality of integrated Azure Stack Hub solutions.

遥测还能帮助 Azure 进一步了解客户如何部署组件、使用功能以及使用服务来实现业务目标。Telemetry also helps Azure to better understand how customers deploy components, use features, and use services to achieve their business goals. 这些见解有助于在直接影响客户体验和工作负荷的领域中指定工程投资的优先级。These insights help prioritize engineering investments in areas that can directly impact customer experiences and workloads.

示例包括:与 Azure Stack Hub 角色关联的容器、存储和网络配置的客户用法。Some examples include customer use of containers, storage, and networking configurations that are associated with Azure Stack Hub roles. 我们还使用见解来推动 Azure Stack Hub 管理和监视解决方案的改进与智能化。We also use the insights to drive improvements and intelligence into Azure Stack Hub management and monitoring solutions. 这些改进可让客户更轻松地诊断问题,减少向 Azure 拨打支持电话的次数,从而节省资金。These improvements make it easier for customers to diagnose issues and save money by making fewer support calls to Azure.

管理遥测数据的收集Manage telemetry collection

我们不建议在组织中关闭遥测。We don't recommend turning off telemetry in your organization. 但是,在某些情况下有必要关闭遥测。However, in some scenarios it may be necessary.

在这些情况下,可以在部署 Azure Stack Hub 之前使用注册表设置或者在部署 Azure Stack Hub 之后使用遥测终结点,来配置发送到 Azure 的遥测级别。In these scenarios, you can configure the telemetry level sent to Azure by using registry settings before you deploy Azure Stack Hub, or by using the Telemetry Endpoints after you deploy Azure Stack Hub.

遥测级别和数据收集Telemetry levels and data collection

在更改遥测设置之前,应该了解遥测级别和每个级别收集哪些数据。Before you change telemetry settings, you should understand the telemetry levels and what data is collected at each level.

遥测设置分为四个累积级别 (0-3),其分类如下:The telemetry settings are grouped into four levels (0-3) that are cumulative and categorized as the follows:

0(安全)0 (Security)
仅限安全数据。Security data only. 确保操作系统安全所需的信息。Information that's required to keep the operating system secure. 这包括有关互连用户体验和遥测组件设置以及 Windows Defender 的数据。This includes data about the Connected User Experience and Telemetry component settings, and Windows Defender. 在此级别不会发出任何特定于 Azure Stack Hub 的遥测数据。No telemetry specific to Azure Stack Hub is emitted at this level.

1(基本)1 (Basic)
安全数据,以及基本运行状况和质量数据。Security data, and Basic Health and Quality data. 基本设备信息,包括:质量相关的数据、应用兼容性、应用用量数据,以及来自“安全”级别的数据。 Basic device information, including: quality-related data, app compatibility, app usage data, and data from the Security level. 将遥测级别设置为“基本”可启用 Azure Stack Hub 遥测。Setting your telemetry level to Basic enables Azure Stack Hub telemetry. 在此级别收集的数据包括:The data gathered at this level includes:

  • 基本设备信息:提供生态系统中本机和虚拟 Windows Server 2016 实例的类型与配置相关的信息。Basic device information that provides an understanding about the types and configurations of native and virtual Windows Server 2016 instances in the ecosystem. 这包括:This includes:

    • 计算机属性,例如 OEM 和型号。Machine attributes, such as the OEM, and model.
    • 网络属性,例如网络适配器的数目和速度。Networking attributes, such as the number of network adapters and their speed.
    • 处理器和内存属性,例如核心数,以及安装的内存量。Processor and memory attributes, such as the number of cores, and amount of installed memory.
    • 存储属性,例如驱动器的数目、类型和大小。Storage attributes, such as the number of drives, type of drive, and drive size.
  • 遥测功能,包括已上传事件、已删除事件的百分比,以及数据上次上传时间。Telemetry functionality, including the percentage of uploaded events, dropped events, and the last data upload time.

  • 质量相关信息,帮助 Azure 基本了解 Azure Stack Hub 的运行情况。Quality-related information that helps Azure develop a basic understanding of how Azure Stack Hub is performing. 例如,针对特定硬件配置发出的严重警报计数。For example, the count of critical alerts on a particular hardware configuration.

  • 兼容性数据,帮助了解系统和虚拟机 (VM) 上已安装哪些资源提供程序。Compatibility data that helps provide an understanding about which Resource Providers are installed on a system and a virtual machine (VM). 此数据用于识别潜在的兼容性问题。This identifies potential compatibility problems.

2(增强)2 (Enhanced)
其他见解,包括:操作系统和 Azure Stack Hub 服务的用法、性能、高级可靠性数据,以及来自“安全”和“基本”级别的数据。 Additional insights, including: how the operating system and Azure Stack Hub services are used, how these services perform, advanced reliability data, and data from the Security and Basic levels.

备注

这是默认的遥测设置。This is the default telemetry setting.

3(完整)3 (Full)
识别及帮助解决问题所需的全部数据,加上来自“安全”、“基本”和“增强”级别的数据。 All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.

重要

这些遥测级别只适用于 Microsoft Azure Stack Hub 组件。These telemetry levels only apply to Azure Stack Hub components. Azure Stack Hub 硬件合作伙伴在硬件生命周期主机中运行的非 Azure 软件组件和服务可能与这些遥测级别以外的云服务通信。Non-Azure software components and services that are running in the Hardware Lifecycle Host from Azure Stack Hub hardware partners may communicate with their cloud services outside of these telemetry levels. 应该咨询 Azure Stack Hub 硬件解决方案提供商,以了解其遥测策略,以及如何启用或禁用。You should work with your Azure Stack Hub hardware solution provider to understand their telemetry policy, and how you can opt in or opt out.

关闭 Windows 和 Azure Stack Hub 遥测也会禁用 SQL 遥测。Turning off Windows and Azure Stack Hub telemetry also disables SQL telemetry. 有关 Windows Server 遥测设置的含义的详细信息,请参阅 Windows 遥测白皮书For more information about the implications of the Windows Server telemetry settings, see the Windows Telemetry Whitepaper.

ASDK:在 Windows 注册表中设置遥测级别ASDK: set the telemetry level in the Windows registry

在部署 Azure Stack Hub 之前,可以使用 Windows 注册表编辑器在物理主机上手动设置遥测级别。You can use the Windows Registry Editor to manually set the telemetry level on the physical host computer before you deploy Azure Stack Hub. 如果管理策略(例如组策略)已存在,它会覆盖此注册表设置。If a management policy already exists, such as Group Policy, it overrides this registry setting.

在开发工具包主机上部署 Azure Stack Hub 之前,请先引导至 CloudBuilder.vhdx,然后在权限提升的 PowerShell 窗口中运行以下脚本:Before you deploy Azure Stack Hub on the development kit host, boot into CloudBuilder.vhdx and run the following script in an elevated PowerShell window:

### Get current AllowTelemetry value on DVM Host
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry
### Set & Get updated AllowTelemetry value for ASDK-Host
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name "AllowTelemetry" -Value '0' # Set this value to 0,1,2,or3.  
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection" `
-Name AllowTelemetry).AllowTelemetry

ASDK 和多节点:在部署后启用或禁用遥测ASDK and Multi-Node: enable or disable telemetry after deployment

若要在部署之后启用或禁用遥测,需要能够访问 ERCS VM 上公开的特权终结点 (PEP)。To enable or disable telemetry after deployment, you need access to the privileged endpoint (PEP) which is exposed on the ERCS VMs.

  • 若要启用:Set-Telemetry -EnableTo Enable: Set-Telemetry -Enable
  • 若要禁用:Set-Telemetry -DisableTo Disable: Set-Telemetry -Disable

PARAMETER 详细信息:PARAMETER details:

  • .PARAMETER Enable - 启用遥测数据上传.PARAMETER Enable - Turn on telemetry data upload
  • .PARAMETER Disable - 禁用遥测数据上传.PARAMETER Disable - Turn off telemetry data upload

用于启用遥测的脚本:Script to enable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Enable}
if($psSession)
{
    Remove-PSSession $psSession
}

用于禁用遥测的脚本:Script to disable telemetry:

$ip = "<IP ADDRESS OF THE PEP VM>" # You can also use the machine name instead of IP here.
$pwd= ConvertTo-SecureString "<CLOUD ADMIN PASSWORD>" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("<DOMAIN NAME>\CloudAdmin", $pwd)
$psSession = New-PSSession -ComputerName $ip -ConfigurationName PrivilegedEndpoint -Credential $cred
Invoke-Command -Session $psSession {Set-Telemetry -Disable}
if($psSession)
{
    Remove-PSSession $psSession
}

后续步骤Next steps

将 Azure Stack Hub 注册到 AzureRegister Azure Stack Hub with Azure