Azure Stack Hub 操作员访问工作站Azure Stack Hub Operator Access Workstation
操作员访问工作站 (OAW) 用于在运行版本2005 或更高版本的硬件生命周期主机 (HLH) 上部署 jumpbox 虚拟机 (VM),以便 Azure Stack Hub 操作员可以访问特权终结点 (PEP) 和管理员门户以了解支持方案。The Operator Access Workstation (OAW) is used to deploy a jump box virtual machine (VM) on a Hardware Lifecycle Host (HLH) that runs version 2005 or later so an Azure Stack Hub operator can access the privileged endpoint (PEP) and the Administrator portal for support scenarios.
当操作员执行新任务时,应创建 OAW VM。The OAW VM should be created when an operator performs a new task. VM 内的必需任务完成之后,应关闭并删除 VM,因为 Azure Stack Hub 不需要始终运行它。After a required task inside the VM is completed, the VM should be shut down and removed as Azure Stack Hub doesn't need to always run it.
OAW 方案OAW scenarios
下表列出了 OAW 的常见方案,但这不是独有的。The following tables lists common scenarios for the OAW, but this is not exclusive. 建议使用远程桌面连接到 OAW。It is recommended to use Remote Desktop to connect to the OAW.
| 方案Scenario | 说明Description |
|---|---|
| 访问管理门户Access the Administration portal | 执行管理操作Perform administrative operations |
| 访问 PEPAccess PEP | 日志收集和上传:Log collection and upload: 在 HLH 上-创建 SMB 共享以便从 Azure Stack Hub 进行文件传输-Create an SMB share on the HLH for file transfer from Azure Stack Hub -使用 Azure 存储资源管理器上传保存到 SMB 共享中的日志-Use Azure Storage Explorer to upload logs saved to the SMB share |
| 注册 Azure Stack HubRegister Azure Stack Hub | 对于重新注册,从管理门户获取以前的注册名称和资源组For re-registration, get previous Registration Name and Resource Group from the Administration portal |
| 市场联合Marketplace syndication | 在 HLH 上创建 SMB 共享以存储下载的映像或扩展Create an SMB share on the HLH to store the downloaded image or extension |
下载文件Download files
若要获取文件以创建 OAW VM,请在此处下载。To get the files to create the OAW VM, download here. 下载之前,请务必查看 Azure 隐私声明和法律条款。Please be sure to review the Azure Privacy Statement and Legal Terms prior to download.
由于解决方案的无状态性质,没有适用于 OAW VM 的更新。Due to the stateless nature of the solution, there are no updates for the OAW VM. 对于每个里程碑,都会发行 VM 映像文件的新版本。For each milestone, a new version of the VM image file will be released. 使用最新版本创建新 OAW VM。Use the latest version to create a new OAW VM. 映像文件基于最新 Windows Server 2019 版本。The image file is based on the latest Windows Server 2019 version. 安装之后,可以使用 Windows 更新来应用更新(包括所有关键更新)。After installation, you can apply updates, including any critical updates, using Windows Update.
验证下载的 OAW.zip 文件的哈希,以确保在使用它创建 OAW VM 之前未对它进行修改。Validate the hash of the downloaded OAW.zip file to make sure it has not been modified before using it to create the OAW VM. 运行下面的 PowerShell 脚本。Run the following PowerShell script. 如果返回值为 True,则可以使用下载的 OAW.zip:If the return value is True, you can use the downloaded OAW.zip:
param(
[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()]
[ValidateScript({Test-Path $_ -PathType Leaf})]
[string]
$DownloadedOAWZipFilePath
)
$expectedHash = '459D8BA232E4315372FCE7CDD705057D051C1BD60772FC36E0136C741C27A273'
$actualHash = (Get-FileHash -Path $DownloadedOAWZipFilePath).Hash
Write-Host "Expected hash: $expectedHash"
if ($expectedHash -eq $actualHash)
{
Write-Host 'SUCCESS: OAW.zip file hash matches.'
}
else
{
Write-Error 'ERROR: OAW.zip file hash does not match! It is not safe to use it, please download it again.'
Write-Error "Actual hash: $actualHash"
}
用户帐户策略User account policy
以下用户帐户策略会应用于 OAW VM:The following user account policy is applied to the OAW VM:
- 内置管理员用户名:AdminUserBuilt-in Administrator username: AdminUser
- MinimumPasswordLength = 14MinimumPasswordLength = 14
- PasswordComplexity 已启用PasswordComplexity is enabled
- MinimumPasswordAge = 1(天)MinimumPasswordAge = 1 (day)
- MaximumPasswordAge = 42(天)MaximumPasswordAge = 42 (days)
- NewGuestName = GUser(默认情况下禁用)NewGuestName = GUser (disabled by default)
预安装的软件Pre-installed software
下表列出 OAW VM 上的预安装软件。The following table lists the pre-installed software on the OAW VM.
| 软件名称Software Name | 位置Location |
|---|---|
| Microsoft Edge for BusinessMicrosoft Edge for Business | [SystemDrive]\Program Files (x86)\Microsoft\Edge\Application[SystemDrive]\Program Files (x86)\Microsoft\Edge\Application |
| Az 模块Az Modules | [SystemDrive]\ProgramFiles\WindowsPowerShell\Modules[SystemDrive]\ProgramFiles\WindowsPowerShell\Modules |
| PowerShell 7PowerShell 7 | [SystemDrive]\Program Files\PowerShell\7[SystemDrive]\Program Files\PowerShell\7 |
| Azure 命令行接口 (CLI)Azure Command-Line Interface (CLI) | [SystemDrive]\Program Files (x86)\Microsoft SDKs\Azure\CLI2[SystemDrive]\Program Files (x86)\Microsoft SDKs\Azure\CLI2 |
| Microsoft Azure 存储资源管理器Microsoft Azure Storage Explorer | [SystemDrive]\Program Files (x86)\Microsoft Azure Storage Explorer[SystemDrive]\Program Files (x86)\Microsoft Azure Storage Explorer |
| AzCopyAzCopy | [SystemDrive]\VMSoftware\azcopy_windows_amd64_10.3.4[SystemDrive]\VMSoftware\azcopy_windows_amd64_10.3.4 |
| AzureStack-ToolsAzureStack-Tools | [SystemDrive]\VMSoftware\AzureStack-Tools[SystemDrive]\VMSoftware\AzureStack-Tools |
检查 HLH 版本Check HLH version
使用凭据登录 HLH。Log onto the HLH with your credentials.
打开 PowerShell ISE 并运行以下脚本:Open PowerShell ISE and run the following script:
'C:\Version\Get-Version.ps1'例如:For example:
使用脚本创建 OAW VMCreate the OAW VM using a script
以下脚本准备好虚拟机以作为操作员访问工作站 (OAW),它用于 Azure Stack Hub 以进行管理和诊断。The following script prepares the virtual machine as the Operator Access Workstation (OAW), which is used to access Azure Stack Hub for administration and diagnostics.
- 使用凭据登录 HLH。Log onto the HLH with your credentials.
- 下载 OAW.zip 并提取文件。Download OAW.zip and extract the files.
- 打开提升的 PowerShell 会话。Open an elevated PowerShell session.
- 导航到 OAW.zip 文件的已提取内容。Navigate to the extracted contents of the OAW.zip file.
- 运行 New-OAW.ps1 脚本。Run the New-OAW.ps1 script.
例如,若要使用 Azure Stack Hub 版本 2005 或更高版本在 HLH 上创建 OAW VM 而不进行任何自定义,请只使用 -LocalAdministratorPassword 参数运行 New-OAW.ps1 脚本:For example, to create the OAW VM on the HLH without any customization using Azure Stack Hub version 2005 or later, run the New-OAW.ps1 script with only the -LocalAdministratorPassword parameter:
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword
若要在具有与 Azure Stack Hub 的网络连接的主机上创建 OAW VM:To create the OAW VM on a host with network connection to Azure Stack Hub:
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
-IPAddress '192.168.0.20' `
-SubnetMask '255.255.255.0' `
-DefaultGateway '192.168.0.1' `
-DNS '192.168.0.10'
若要从 AzureStackStampInformation.json 文件检索 ERCS VM 的 IP 地址,请执行以下代码:To retrieve the IP address of the ERCS VM from the AzureStackStampInformation.json file:
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
-AzureStackCertificatePath 'F:\certroot.cer' `
-DeploymentDataFilePath 'F:\DeploymentData.json' `
-AzSStampInfoFilePath 'F:\AzureStackStampInformation.json'
若要使用 DeploymentData.json 在 HLH 上创建 OAW VM:To create the OAW VM on the HLH with DeploymentData.json:
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
-DeploymentDataFilePath 'D:\AzureStack\DeploymentData.json'
如果 DeploymentData.json 文件包含 OAW VM 的命名前缀,则该值将用于 VirtualMachineName 参数。If the DeploymentData.json file includes the Naming Prefix for OAW VM, that value will be used for the VirtualMachineName parameter. 否则,默认名称是 AzSOAW 或用户指定的任何名称。Otherwise, the default name is AzSOAW or whatever name specified is by the user.
New-OAW 可以使用两个参数集。Two parameter sets are available for New-OAW. 可选参数显示在括号中。Optional parameters are shown in brackets.
New-OAW
-LocalAdministratorPassword <Security.SecureString> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-DNS <String[]>] `
[-DeploymentDataFilePath <String>] `
[-SkipNetworkConfiguration] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]
New-OAW
-LocalAdministratorPassword <Security.SecureString> `
-IPAddress <String> `
-SubnetMask <String> `
-DefaultGateway <String> `
-DNS <String[]> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]
下表列出了每个参数的定义。The following table lists the definition for each parameter.
| 参数Parameter | 必需/可选Required/Optional | 说明Description |
|---|---|---|
| LocalAdministratorPasswordLocalAdministratorPassword | 必须Required | 虚拟机本地管理员帐户 AdminUser 的密码。Password for the virtual machine's local administrator account AdminUser. |
| IPAddressIPAddress | 必须Required | 用于在虚拟机上配置 TCP/IP 的静态 IPv4 地址。The static IPv4 address to configure TCP/IP on the virtual machine. |
| SubnetMaskSubnetMask | 必须Required | 用于在虚拟机上配置 TCP/IP 的 IPv4 子网掩码。The IPv4 subnet mask to configure TCP/IP on the virtual machine. |
| DefaultGatewayDefaultGateway | 必须Required | 用于在虚拟机上配置 TCP/IP 的默认网关的 IPv4 地址。IPv4 address of the default gateway to configure TCP/IP on the virtual machine. |
| DNSDNS | 必须Required | 用于在虚拟机上配置 TCP/IP 的 DNS 服务器。DNS server(s) to configure TCP/IP on the virtual machine. |
| ImageFilePathImageFilePath | 可选Optional | Microsoft 提供的 OAW.vhdx 的路径。Path of OAW.vhdx provided by Microsoft. 默认值为此脚本的相同父文件夹下的 OAW.vhdx。Default value is OAW.vhdx under the same parent folder of this script. |
| VirtualMachineNameVirtualMachineName | 可选Optional | 要分配给虚拟机的名称。The name to be assigned to the virtual machine. 如果可在 DeploymentData.json 文件中找到命名前缀,则将它用作默认名称。If the Naming Prefix can be found in the DeploymentData.json file, it will be used as the default name. 否则,AzSOAW 将用作默认名称。Otherwise, AzSOAW will be used as the default name. 可以指定另一个名称以覆盖默认值。You can specify another name to overwrite the default value. |
| VirtualMachineMemoryVirtualMachineMemory | 可选Optional | 要分配给虚拟机的内存。Memory to be assigned to the virtual machine. 默认值为 4GB。Default value is 4GB. |
| VirtualProcessorCountVirtualProcessorCount | 可选Optional | 要分配给虚拟机的虚拟处理器数量。Number of virtual processors to be assigned to the virtual machine. 默认值为 8。Default value is 8. |
| VirtualMachineDiffDiskPathVirtualMachineDiffDiskPath | 可选Optional | 管理 VM 处于活动状态期间用于存储临时差异磁盘文件的路径。Path to store temporary diff disk files while the management VM was active. 默认值为此脚本的相同父文件夹下的 DiffDisks 子目录。Default value is DiffDisks subdirectory under the same parent folder of this script. |
| AzureStackCertificatePathAzureStackCertificatePath | 可选Optional | 要导入到虚拟机以进行 Azure Stack Hub 访问的证书的路径。Path of certificates to be imported to the virtual machine for Azure Stack Hub access. |
| AzSStampInfoFilePathAzSStampInfoFilePath | 可选Optional | AzureStackStampInformation.json 文件的路径,脚本可以从该文件中检索 ERCS VM 的 IP。Path of AzureStackStampInformation.json file where the script can retrieve the IPs of the ERCS VM. |
| CertificatePasswordCertificatePassword | 可选Optional | 要导入到虚拟机以进行 Azure Stack Hub 访问的证书的密码。Password of certificate to be imported to the virtual machine for Azure Stack Hub access. |
| ERCSVMIPERCSVMIP | 可选Optional | 要添加到虚拟机的受信任主机列表的 Azure Stack Hub ERCS VM 的 IP。IP of Azure Stack Hub ERCS VM(s) to be added to trusted host list of the virtual machine. 如果设置了 -SkipNetworkConfiguration,则不会生效。Won't take effect if -SkipNetworkConfiguration is set. |
| SkipNetworkConfigurationSkipNetworkConfiguration | 可选Optional | 跳过虚拟机的网络配置,使用户可以在以后配置。Skips network configuration for the virtual machine so user can configure later. |
| DeploymentDataFilePathDeploymentDataFilePath | 可选Optional | DeploymentData.json 的路径。Path of DeploymentData.json. 如果设置了 -SkipNetworkConfiguration,则不会生效。Won't take effect if -SkipNetworkConfiguration is set. |
| PhysicalAdapterMACAddressPhysicalAdapterMACAddress | 可选Optional | 用于将虚拟机连接到的主机网络适配器的 MAC 地址。The MAC address of the host's network adapter that will be used to connect the virtual machine to. - 如果只有一个物理网络适配器,则不需要此参数,将使用唯一的网络适配器。- If there is only one physical network adapter, this parameter is not needed and the only network adapter will be used. - 如果有多个物理网络适配器,则需要使用此参数来指定要使用的适配器。- If there is more than one physical network adapter, this parameter is required to specify which one to use. |
| VirtualSwitchNameVirtualSwitchName | 可选Optional | 需要在 Hyper-V 中为虚拟机配置的虚拟交换机的名称。The name of virtual switch that needs to be configured in Hyper-V for the virtual machine. - 如果存在具有所提供名称的 VMSwitch,则会选择此类 VMSwitch。- If there is VMSwitch with the provided name, such VMSwitch will be selected. - 如果不存在具有所提供名称的 VMSwitch,则会使用提供的名称创建 VMSwitch。- If there is no VMSwitch with the provided name, a VMSwitch will be created with the provided name. |
| ReCreateReCreate | 可选Optional | 如果已存在具有相同名称的虚拟机,则删除并重新创建虚拟机。Removes and re-creates the virtual machine if there is already an existed virtual machine with the same name. |
检查 OAW VM 版本Check the OAW VM version
使用凭据登录 OAW VM。Log onto the OAW VM with your credentials.
打开 PowerShell ISE 并运行以下脚本:Open PowerShell ISE and run the following script:
'C:\Version\Get-Version.ps1'例如:For example:
在 HLH 与 OAW 之间传输文件Transfer files between the HLH and OAW
如果需要在 HLH 与 OAW 之间传输文件,请使用 New-SmbShare cmdlet 创建 SMB 共享。If you need to transfer files between the HLH and the OAW, create an SMB share by using the New-SmbShare cmdlet. New-SmbShare 会将文件系统文件夹作为服务器消息块 (SMB) 共享公开给远程客户端。New-SmbShare exposes a file system folder to remote clients as a Server Message Block (SMB) share. 例如:For example:
若要删除通过此 cmdlet 创建的共享,请使用 Remove-SmbShare cmdlet。To delete a share that was created by this cmdlet, use the Remove-SmbShare cmdlet. 例如:For example:
删除 OAW VMRemove the OAW VM
以下脚本会删除用于访问 Azure Stack Hub 以进行管理和诊断的 OAW VM。The following script removes the OAW VM, which is used to access Azure Stack Hub for administration and diagnostics. 此脚本还会删除与 VM 关联的磁盘文件和保护者。This script also removes the disk files and the guardian associated with the VM.
使用凭据登录 HLH。Log onto the HLH with your credentials.
打开提升的 PowerShell 会话。Open an elevated PowerShell session.
导航到已安装 OAW.zip 文件的已提取内容。Navigate to the extracted contents of the installed OAW.zip file.
通过运行 Remove-OAW.ps1 脚本来删除 VM:Remove the VM by running the Remove-OAW.ps1 script:
Remove-OAW.ps1 -VirtualMachineName <name>其中 <name> 是要删除的虚拟机的名称。Where <name> is the name of the virtual machine to be removed. 默认情况下,名称是 AzSOAW。By default, the name is AzSOAW.
例如:For example:
Remove-OAW.ps1 -VirtualMachineName AzSOAW