Azure Stack Hub 操作员访问工作站Azure Stack Hub Operator Access Workstation
操作员访问工作站 (OAW) 用于在 Azure Stack Hub 的硬件生命周期主机 (HLH) 上或运行 Microsoft Hyper-V 的任何其他计算机上部署虚拟机 (VM)。The Operator Access Workstation (OAW) is used to deploy a virtual machine (VM) on an Azure Stack Hub's--Hardware Lifecycle Host (HLH) or any other machine that runs Microsoft Hyper-V. 它确实需要与 Azure Stack Hub 终结点进行网络连接才能用于操作员场景或用户场景。It does require network connectivity to the Azure Stack Hub endpoints to be used for operator or user scenarios.
OAW VM 是一个可选虚拟机,不是运行 Azure Stack Hub 所必需的。The OAW VM is an optional virtual machine that isn't required by Azure Stack Hub to function. 它的用途是在操作员或用户与 Azure Stack Hub 进行交互时为其提供最新的工具。Its purpose is to provide the latest tools to operators or user as they interact with Azure Stack Hub.
OAW 方案OAW scenarios
下表列出了 OAW 的常见方案。The following tables list common scenarios for the OAW. 使用远程桌面连接到 OAW。Use Remote Desktop to connect to the OAW.
| 方案Scenario | 说明Description |
|---|---|
| 访问管理门户Access the Administration portal | 执行管理操作。Perform administrative operations. |
| 访问 PEPAccess PEP | 日志收集和上传:Log collection and upload: 在 HLH 上-创建 SMB 共享以便从 Azure Stack Hub 进行文件传输。-Create an SMB share on the HLH for file transfer from Azure Stack Hub. -使用 Azure 存储资源管理器上传保存到 SMB 共享中的日志。-Use Azure Storage Explorer to upload logs saved to the SMB share. |
| 注册 Azure Stack HubRegister Azure Stack Hub | 若要重新注册,请从管理门户获取以前的注册名称和资源组。For re-registration, get previous Registration Name and Resource Group from the Administration portal. |
| 市场联合Marketplace syndication | 在 HLH 上创建 SMB 共享以存储下载的映像或扩展。Create an SMB share on the HLH to store the downloaded image or extension. |
| 创建虚拟机Create Virtual Machines | 使用 CLI 创建虚拟机。Create virtual machines using CLI. |
| 管理 AKSManage AKS | 管理 AKS 群集,例如,进行缩放或升级。Manage AKS clusters, for example, scale or upgrade. |
预安装的软件Pre-installed software
下表列出 OAW VM 上的预安装软件。The following table lists the pre-installed software on the OAW VM.
| 软件名称Software Name | 位置Location |
|---|---|
| Microsoft Edge for BusinessMicrosoft Edge for Business | [SystemDrive]\Program Files (x86)\Microsoft\Edge\Application[SystemDrive]\Program Files (x86)\Microsoft\Edge\Application |
| Az 模块Az Modules | [SystemDrive]\ProgramFiles\WindowsPowerShell\Modules[SystemDrive]\ProgramFiles\WindowsPowerShell\Modules |
| PowerShell 7PowerShell 7 | [SystemDrive]\Program Files\PowerShell\7[SystemDrive]\Program Files\PowerShell\7 |
| Azure 命令行接口 (CLI)Azure Command-Line Interface (CLI) | [SystemDrive]\Program Files (x86)\Microsoft SDKs\Azure\CLI2[SystemDrive]\Program Files (x86)\Microsoft SDKs\Azure\CLI2 |
| Microsoft Azure 存储资源管理器Microsoft Azure Storage Explorer | [SystemDrive]\Program Files (x86)\Microsoft Azure Storage Explorer[SystemDrive]\Program Files (x86)\Microsoft Azure Storage Explorer |
| AzCopyAzCopy | [SystemDrive]\VMSoftware\azcopy_windows_amd64_10.3.4[SystemDrive]\VMSoftware\azcopy_windows_amd64_10.3.4 |
| AzureStack-ToolsAzureStack-Tools | [SystemDrive]\VMSoftware\AzureStack-Tools[SystemDrive]\VMSoftware\AzureStack-Tools |
下载文件Download files
若要获取文件以创建 OAW VM,请在此处下载。To get the files to create the OAW VM, download here. 下载之前,请务必查看 Azure 隐私声明和法律条款。Be sure to review the Azure Privacy Statement and Legal Terms before you download.
由于解决方案的无状态性质,没有适用于 OAW VM 的更新。Because of the stateless nature of the solution, there are no updates for the OAW VM. 对于每个里程碑,都会发行 VM 映像文件的新版本。For each milestone, a new version of the VM image file is released. 使用最新版本创建新 OAW VM。Use the latest version to create a new OAW VM. 映像文件基于最新 Windows Server 2019 版本。The image file is based on the latest Windows Server 2019 version. 安装之后,可以使用 Windows 更新来应用更新(包括所有关键更新)。After installation, you can apply updates, including any critical updates, using Windows Update.
验证下载的 OAW.zip 文件的哈希,以确保在使用它创建 OAW VM 之前未对它进行修改。Validate the hash of the downloaded OAW.zip file to make sure it hasn't been modified before using it to create the OAW VM. 运行下面的 PowerShell 脚本。Run the following PowerShell script. 如果返回值为 True,则可以使用下载的 OAW.zip:If the return value is True, you can use the downloaded OAW.zip:
备注
提取下载内容后取消阻止脚本文件。Unblock the script files after extracting the download.
param(
[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()]
[ValidateScript({Test-Path $_ -PathType Leaf})]
[string]
$DownloadedOAWZipFilePath
)
$expectedHash = '2B268EFB113A3BEDA008FCF382A5EF2F2D4E5DCC7FD0D12DB061E37F9671D3A7'
$actualHash = (Get-FileHash -Path $DownloadedOAWZipFilePath).Hash
Write-Host "Expected hash: $expectedHash"
if ($expectedHash -eq $actualHash)
{
Write-Host 'SUCCESS: OAW.zip file hash matches.'
}
else
{
Write-Error 'ERROR: OAW.zip file hash does not match! It isn't safe to use it, please download it again.'
Write-Error "Actual hash: $actualHash"
}
检查 HLH 版本Check HLH version
备注
若要确定是否在使用 Microsoft 映像或 OEM 映像部署的 HLH 上部署 OAW,必须执行此步骤。This step is important to determine if you deploy the OAW on a HLH that was deployed using a Microsoft image or an OEM image. 如果在常规 Microsoft Hyper-V 上部署 OAW,则可以跳过此步骤。If you deploy the OAW on a general Microsoft Hyper-V, you can skip this step.
使用你的凭据登录到 HLH。Sign in to the HLH with your credentials.
打开 PowerShell ISE 并运行以下脚本:Open PowerShell ISE and run the following script:
C:\Version\Get-Version.ps1例如:For example:
备注
在使用 OEM 映像部署的 HLH 上可能未提供此 PowerShell cmdlet。This PowerShell cmdlet might not be present on a HLH that was deployed using an OEM image.
使用脚本创建 OAW VMCreate the OAW VM using a script
以下脚本将准备用作操作员访问工作站 (OAW) 的虚拟机,该工作站用来访问 Azure Stack Hub。The following script prepares the virtual machine as the Operator Access Workstation (OAW), which is used to access Azure Stack Hub.
使用你的凭据登录到 HLH。Sign in to the HLH with your credentials.
下载 OAW.zip 并提取文件。Download OAW.zip and extract the files.
打开提升的 PowerShell 会话。Open an elevated PowerShell session.
导航到 OAW.zip 文件的已提取内容。Navigate to the extracted contents of the OAW.zip file.
运行 New-OAW.ps1 脚本。Run the New-OAW.ps1 script.
示例:在使用 Microsoft 映像的 HLH 上进行部署Example: Deploy on HLH using a Microsoft Image
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword
示例:在使用 OEM 映像的 HLH 上进行部署Example: Deploy on HLH using an OEM Image
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
-AzureStackCertificatePath 'F:\certroot.cer' `
-DeploymentDataFilePath 'F:\DeploymentData.json' `
-AzSStampInfoFilePath 'F:\AzureStackStampInformation.json'
如果 DeploymentData.json 文件包含 OAW VM 的命名前缀,则该值将用于 VirtualMachineName 参数。If the DeploymentData.json file includes the Naming Prefix for OAW VM, that value will be used for the VirtualMachineName parameter. 否则,默认名称是 AzSOAW 或用户指定的任何名称。Otherwise, the default name is AzSOAW or whatever name specified is by the user.
备注
仅当使用企业证书颁发机构颁发的证书部署 Azure Stack Hub 时,才应使用参数 AzureStackCertificatePath。The parameter AzureStackCertificatePath should only be used when Azure Stack Hub was deployed using certificates issued from an enterprise certificate authority.
示例:在 Microsoft Hyper-V 上进行部署Example: Deploy on Microsoft Hyper-V
运行 Microsoft Hyper-V 的计算机需要四个核心和 4 GB 可用内存。The machine running Microsoft Hyper-V does requires four cores and four GB of available memory.
$securePassword = Read-Host -Prompt "Enter password for Azure Stack OAW's local administrator" -AsSecureString
New-OAW.ps1 -LocalAdministratorPassword $securePassword `
-AzureStackCertificatePath 'F:\certroot.cer' `
-SkipNetworkConfiguration `
-VirtualSwitchName Example
备注
仅当使用企业证书颁发机构颁发的证书部署 Azure Stack Hub 时,才应使用参数 AzureStackCertificatePath。The parameter AzureStackCertificatePath should only be used when Azure Stack Hub was deployed using certificates issued from an enterprise certificate authority. OAW 虚拟机将在不带网络配置的情况下进行部署。The OAW virtual machine will be deployed without a network configuration. 你可以配置静态 IP 地址,也可以通过 DHCP 检索 IP 地址。You can configure a static IP address or retrieve an IP address via DHCP.
用户帐户策略User account policy
以下用户帐户策略会应用于 OAW VM:The following user account policy is applied to the OAW VM:
- 内置管理员用户名:AdminUserBuilt-in Administrator username: AdminUser
- MinimumPasswordLength = 14MinimumPasswordLength = 14
- PasswordComplexity 已启用PasswordComplexity is enabled
- MinimumPasswordAge = 1(天)MinimumPasswordAge = 1 (day)
- MaximumPasswordAge = 42(天)MaximumPasswordAge = 42 (days)
- NewGuestName = GUser(默认情况下禁用)NewGuestName = GUser (disabled by default)
New-OAW cmdlet 参数New-OAW cmdlet parameters
New-OAW 可以使用两个参数集。Two parameter sets are available for New-OAW. 可选参数显示在括号中。Optional parameters are shown in brackets.
New-OAW
-LocalAdministratorPassword <Security.SecureString> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-DNS <String[]>] `
[-DeploymentDataFilePath <String>] `
[-SkipNetworkConfiguration] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]
New-OAW
-LocalAdministratorPassword <Security.SecureString> `
-IPAddress <String> `
-SubnetMask <String> `
-DefaultGateway <String> `
-DNS <String[]> `
[-AzureStackCertificatePath <String>] `
[-AzSStampInfoFilePath <String>] `
[-CertificatePassword <Security.SecureString>] `
[-ERCSVMIP <String[]>] `
[-ImageFilePath <String>] `
[-VirtualMachineName <String>] `
[-VirtualMachineMemory <int64>] `
[-VirtualProcessorCount <int>] `
[-VirtualMachineDiffDiskPath <String>] `
[-PhysicalAdapterMACAddress <String>] `
[-VirtualSwitchName <String>] `
[-ReCreate] `
[-AsJob] `
[-Passthru] `
[-WhatIf] `
[-Confirm] `
[<CommonParameters>]
下表列出了每个参数的定义。The following table lists the definition for each parameter.
| 参数Parameter | 必需/可选Required/Optional | 说明Description |
|---|---|---|
| LocalAdministratorPasswordLocalAdministratorPassword | 必须Required | 虚拟机本地管理员帐户 AdminUser 的密码。Password for the virtual machine's local administrator account AdminUser. |
| IPAddressIPAddress | 必须Required | 用于在虚拟机上配置 TCP/IP 的静态 IPv4 地址。The static IPv4 address to configure TCP/IP on the virtual machine. |
| SubnetMaskSubnetMask | 必须Required | 用于在虚拟机上配置 TCP/IP 的 IPv4 子网掩码。The IPv4 subnet mask to configure TCP/IP on the virtual machine. |
| DefaultGatewayDefaultGateway | 必须Required | 用于在虚拟机上配置 TCP/IP 的默认网关的 IPv4 地址。IPv4 address of the default gateway to configure TCP/IP on the virtual machine. |
| DNSDNS | 必须Required | 用于在虚拟机上配置 TCP/IP 的 DNS 服务器。DNS server(s) to configure TCP/IP on the virtual machine. |
| ImageFilePathImageFilePath | 可选Optional | Microsoft 提供的 OAW.vhdx 的路径。Path of OAW.vhdx provided by Microsoft. 默认值为此脚本的相同父文件夹下的 OAW.vhdx。Default value is OAW.vhdx under the same parent folder of this script. |
| VirtualMachineNameVirtualMachineName | 可选Optional | 要分配给虚拟机的名称。The name to be assigned to the virtual machine. 如果可在 DeploymentData.json 文件中找到命名前缀,则将它用作默认名称。If the Naming Prefix can be found in the DeploymentData.json file, it will be used as the default name. 否则,会将 AzSOAW 用作默认名称。Otherwise, AzSOAW will be used as the default name. 可以指定另一个名称以覆盖默认值。You can specify another name to overwrite the default value. |
| VirtualMachineMemoryVirtualMachineMemory | 可选Optional | 要分配给虚拟机的内存。Memory to be assigned to the virtual machine. 默认值为 4 GB。Default value is 4 GB. |
| VirtualProcessorCountVirtualProcessorCount | 可选Optional | 要分配给虚拟机的虚拟处理器数量。Number of virtual processors to be assigned to the virtual machine. 默认值为 8。Default value is 8. |
| VirtualMachineDiffDiskPathVirtualMachineDiffDiskPath | 可选Optional | 管理 VM 处于活动状态期间用于存储临时差异磁盘文件的路径。Path to store temporary diff disk files while the management VM was active. 默认值为此脚本的相同父文件夹下的 DiffDisks 子目录。Default value is DiffDisks subdirectory under the same parent folder of this script. |
| AzureStackCertificatePathAzureStackCertificatePath | 可选Optional | 要导入到虚拟机以进行 Azure Stack Hub 访问的证书的路径。Path of certificates to be imported to the virtual machine for Azure Stack Hub access. |
| AzSStampInfoFilePathAzSStampInfoFilePath | 可选Optional | AzureStackStampInformation.json 文件的路径,脚本可以从该文件中检索 ERCS VM 的 IP。Path of AzureStackStampInformation.json file where the script can retrieve the IPs of the ERCS VM. |
| CertificatePasswordCertificatePassword | 可选Optional | 要导入到虚拟机以进行 Azure Stack Hub 访问的证书的密码。Password of certificate to be imported to the virtual machine for Azure Stack Hub access. |
| ERCSVMIPERCSVMIP | 可选Optional | 要添加到虚拟机的受信任主机列表的 Azure Stack Hub ERCS VM 的 IP。IP of Azure Stack Hub ERCS VM(s) to be added to trusted host list of the virtual machine. 如果设置了 -SkipNetworkConfiguration,则不会生效。Won't take effect if -SkipNetworkConfiguration is set. |
| SkipNetworkConfigurationSkipNetworkConfiguration | 可选Optional | 跳过虚拟机的网络配置,使用户可以在以后配置。Skips network configuration for the virtual machine so user can configure later. |
| DeploymentDataFilePathDeploymentDataFilePath | 可选Optional | DeploymentData.json 的路径。Path of DeploymentData.json. 如果设置了 -SkipNetworkConfiguration,则不会生效。Won't take effect if -SkipNetworkConfiguration is set. |
| PhysicalAdapterMACAddressPhysicalAdapterMACAddress | 可选Optional | 用于将虚拟机连接到的主机网络适配器的 MAC 地址。The MAC address of the host's network adapter that will be used to connect the virtual machine to. - 如果只有一个物理网络适配器,则不需要此参数,将使用唯一的网络适配器。- If there's only one physical network adapter, this parameter isn't needed and the only network adapter will be used. - 如果有多个物理网络适配器,则需要使用此参数来指定要使用的适配器。- If there's more than one physical network adapter, this parameter is required to specify which one to use. |
| VirtualSwitchNameVirtualSwitchName | 可选Optional | 需要在 Hyper-V 中为虚拟机配置的虚拟交换机的名称。The name of virtual switch that needs to be configured in Hyper-V for the virtual machine. - 如果存在具有所提供名称的 VMSwitch,则会选择此类 VMSwitch。- If there's VMSwitch with the provided name, such VMSwitch will be selected. - 如果不存在具有所提供名称的 VMSwitch,则会使用提供的名称创建 VMSwitch。- If there's no VMSwitch with the provided name, a VMSwitch will be created with the provided name. |
| Re-CreateRe-Create | 可选Optional | 如果已存在具有相同名称的虚拟机,则删除并重新创建虚拟机。Removes and re-creates the virtual machine if there's already an existed virtual machine with the same name. |
检查 OAW VM 版本Check the OAW VM version
使用你的凭据登录到 OAW VM。Sign into the OAW VM with your credentials.
打开 PowerShell ISE 并运行以下脚本:Open PowerShell ISE and run the following script:
C:\\Version\\Get-Version.ps1例如:For example:
在 HLH 与 OAW 之间传输文件Transfer files between the HLH and OAW
如果需要在 HLH 与 OAW 之间传输文件,请使用 New-SmbShare cmdlet 创建 SMB 共享。If you need to transfer files between the HLH and the OAW, create an SMB share by using the New-SmbShare cmdlet. New-SmbShare 会将文件系统文件夹作为服务器消息块 (SMB) 共享公开给远程客户端。New-SmbShare exposes a file system folder to remote clients as a Server Message Block (SMB) share. 例如:For example:
若要删除通过此 cmdlet 创建的共享,请使用 Remove-SmbShare cmdlet。To delete a share that was created by this cmdlet, use the Remove-SmbShare cmdlet.
删除 OAW VMRemove the OAW VM
以下脚本会删除用于访问 Azure Stack Hub 以进行管理和诊断的 OAW VM。The following script removes the OAW VM, which is used to access Azure Stack Hub for administration and diagnostics. 此脚本还会删除与 VM 关联的磁盘文件和保护者。This script also removes the disk files and the guardian associated with the VM.
使用你的凭据登录到 HLH。Sign into the HLH with your credentials.
打开提升的 PowerShell 会话。Open an elevated PowerShell session.
导航到已安装 OAW.zip 文件的已提取内容。Navigate to the extracted contents of the installed OAW.zip file.
通过运行 Remove-OAW.ps1 脚本来删除 VM:Remove the VM by running the Remove-OAW.ps1 script:
Remove-OAW.ps1 -VirtualMachineName \<name\>其中 <name> 是要删除的虚拟机的名称。Where <name> is the name of the virtual machine to be removed. 默认情况下,名称是 AzSOAW。By default, the name is AzSOAW.
例如:For example:
Remove-OAW.ps1 -VirtualMachineName AzSOAW