Azure 云服务(经典)的配置和管理问题:常见问题 (FAQ)Configuration and management issues for Azure Cloud Services (classic): Frequently asked questions (FAQs)

本文包含有关 Azure 云服务的配置和管理的常见问题。This article includes frequently asked questions about configuration and management issues for Azure Cloud Services. 还可以参阅云服务 VM 大小页面,了解大小信息。You can also consult the Cloud Services VM Size page for size information.

如果本文未解决你的 Azure 问题,请访问 MSDN 和 CSDN 上的 Azure 论坛。If your Azure issue is not addressed in this article, visit the Azure forums on MSDN and CSDN. 可以在这些论坛上发布问题。You can post your issue in these forums. 还可提交 Azure 支持请求。You also can submit an Azure support request. 若要提交支持请求,请在 Azure 支持页上提交。To submit a support request, on the Azure support page.

CertificatesCertificates

监视和日志记录Monitoring and logging

网络配置Network configuration

权限Permissions

缩放Scaling

常规Generic

证书Certificates

云服务 TLS/SSL 证书的证书链为何不完整?Why is the certificate chain of my Cloud Service TLS/SSL certificate incomplete?

我们建议客户安装完整的证书链(叶证书、中间证书和根证书),而不要只安装叶证书。We recommend that customers install the full certificate chain (leaf cert, intermediate certs, and root cert) instead of just the leaf certificate. 如果只是安装叶证书,则要依赖 Windows 通过遍历 CTL 来构建证书链。When you install just the leaf certificate, you rely on Windows to build the certificate chain by walking the CTL. 当 Windows 尝试验证证书时,如果 Azure 或 Windows 更新中发生间歇性网络问题或 DNS 问题,可能会将该证书视为无效。If intermittent network or DNS issues occur in Azure or Windows Update when Windows is trying to validate the certificate, the certificate may be considered invalid. 如果安装完整的证书链,则可避免此问题。By installing the full certificate chain, this problem can be avoided. 博客 How to install a chained SSL certificate(如何安装链接的 SSL 证书)中介绍了操作方法。The blog at How to install a chained SSL certificate shows how to do this.

“用于扩展的 Azure 工具加密证书”有何用途?What is the purpose of the "Azure Tools Encryption Certificate for Extensions"?

每次将扩展添加到云服务中时,就会自动创建这些证书。These certificates are automatically created whenever an extension is added to the Cloud Service. 在大多数情况下,这是 WAD 扩展或 RDP 扩展,但也可能是其他扩展,例如反恶意软件或日志收集器扩展。Most commonly, this is the WAD extension or the RDP extension, but it could be others, such as the Antimalware or Log Collector extension. 这些证书仅用于加密和解密扩展的专用配置。These certificates are only used for encrypting and decrypting the private configuration for the extension. 系统永远不会检查过期日期,因此,证书是否已过期并不重要。The expiration date is never checked, so it doesn’t matter if the certificate is expired.

可以忽略这些证书。You can ignore these certificates. 如果想要清理证书,可以尝试删除所有证书。If you want to clean up the certificates, you can try deleting them all. 如果你尝试删除正在使用的证书,Azure 将引发错误。Azure will throw an error if you try to delete a certificate that is in use.

如何在不通过 RDP 连接到实例的情况下生成证书签名请求 (CSR)?How can I generate a Certificate Signing Request (CSR) without "RDP-ing" in to the instance?

请参阅以下指导文档:See the following guidance document:

获取用于 Azure 网站 (WAWS) 的证书Obtaining a certificate for use with Azure Web Sites (WAWS)

CSR 只是一个文本文件。The CSR is just a text file. 无需从最终使用此证书的计算机中创建它。It does not have to be created from the machine where the certificate will ultimately be used. 尽管本文档是针对应用服务编写的,但 CSR 创建过程是通用的,同样适用于云服务。 Although this document is written for an App Service, the CSR creation is generic and applies also for Cloud Services.

我的云服务管理证书即将过期。My Cloud Service Management Certificate is expiring. 如何续订?How to renew it?

可使用以下 PowerShell 命令续订管理证书:You can use following PowerShell commands to renew your Management Certificates:

Add-AzureAccount -Environment AzureChinaCloud
Select-AzureSubscription -Current -SubscriptionName <your subscription name>
Get-AzurePublishSettingsFile -Environment AzureChinaCloud

AzurePublishSettingsFile 将在 Azure 门户上的“订阅” > “管理证书”中创建新的管理证书。The Get-AzurePublishSettingsFile will create a new management certificate in Subscription > Management Certificates in the Azure portal. 新证书的名称类似于“[订阅名称]-[当前日期]-credentials”。The name of the new certificate looks like "YourSubscriptionNam]-[CurrentDate]-credentials".

如何自动安装主要 TLS/SSL 证书 (.pfx) 和中间证书 (.p7b)?How to automate the installation of main TLS/SSL certificate(.pfx) and intermediate certificate(.p7b)?

可以使用启动脚本 (batch/cmd/PowerShell) 自动完成此任务,并将该启动脚本注册到服务定义文件中。You can automate this task by using a startup script (batch/cmd/PowerShell) and register that startup script in the service definition file. 将启动脚本和证书(.p7b 文件)添加到启动脚本所在的同一目录中的项目文件夹。Add both the startup script and certificate(.p7b file) in the project folder of the same directory of the startup script.

“用于 MachineKey 的 Azure 服务管理”证书有何用途?What is the purpose of the "Azure Service Management for MachineKey" certificate?

此证书用于加密 Azure Web 角色的计算机密钥。This certificate is used to encrypt machine keys on Azure Web Roles. 若要了解详细信息,请查看此公告To learn more, check out this advisory.

有关详细信息,请参阅以下文章:For more information, see the following articles:

监视和日志记录Monitoring and logging

Azure 门户中即将推出的可帮助管理和监视应用程序的云服务功能是什么?What are the upcoming Cloud Service capabilities in the Azure portal which can help manage and monitor applications?

即将推出为远程桌面协议 (RDP) 生成新证书的功能。Ability to generate a new certificate for Remote Desktop Protocol (RDP) is coming soon. 或者,可运行以下脚本:Alternatively, you can run this script:

$cert = New-SelfSignedCertificate -DnsName yourdomain.chinacloudapp.cn -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 20 48 -KeySpec "KeyExchange"
$password = ConvertTo-SecureString -String "your-password" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath ".\my-cert-file.pfx" -Password $password

选择 blob 或本地作为 csdef 和 cscfg 上传位置的功能即将推出。Ability to choose blob or local for your csdef and cscfg upload location is coming soon. 使用 New-AzureDeployment,可以设置每个位置值。Using New-AzureDeployment, you can set each location value.

能够监视实例级别的指标。Ability to monitor metrics at the instance level. 其他监视功能在如何监视云服务中提供。Additional monitoring capabilities are available in How to Monitor Cloud Services.

IIS 为何阻止写入日志目录?Why does IIS stop writing to the log directory?

与写入日志目录相关的本地存储配额已用完。You have exhausted the local storage quota for writing to the log directory. 若要解决此问题,可采取以下三种措施之一: To correct this, you can do one of three things:

  • 为 IIS 启用诊断,并定期将诊断信息移到 Blob 存储。Enable diagnostics for IIS and have the diagnostics periodically moved to blob storage.
  • 从日志目录中手动删除日志文件。Manually remove log files from the logging directory.
  • 提高本地资源的配额限制。Increase quota limit for local resources.

有关详细信息,请参阅以下文档:For more information, see the following documents:

如何为云服务启用 WAD 日志记录?How do I enable WAD logging for Cloud Services?

可以通过以下选项启用 Azure 诊断 (WAD) 日志记录:You can enable Azure Diagnostics (WAD) logging through following options:

  1. 从 Visual Studio 启用Enable from Visual Studio
  2. 通过 .NET 代码启用Enable through .NET code
  3. 通过 PowerShell 启用Enable through PowerShell

若要获取云服务的当前 WAD 设置,可以使用 Get-AzureServiceDiagnosticsExtensions PowerShell cmd,也可以通过门户从“云服务 - > 扩展”边栏选项卡查看它。In order to get the current WAD settings of your Cloud Service, you can use Get-AzureServiceDiagnosticsExtensions PowerShell cmd or you can view it through portal from “Cloud Services --> Extensions” blade.

网络配置Network configuration

如何为 Azure 负载均衡器设置空闲超时?How do I set the idle timeout for Azure load balancer?

可以在服务定义 (csdef) 文件中指定超时,如下所示:You can specify the timeout in your service definition (csdef) file like this:

<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="mgVS2015Worker" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
  <WorkerRole name="WorkerRole1" vmsize="Small">
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
    </ConfigurationSettings>
    <Imports>
      <Import moduleName="RemoteAccess" />
      <Import moduleName="RemoteForwarder" />
    </Imports>
    <Endpoints>
      <InputEndpoint name="Endpoint1" protocol="tcp" port="10100"   idleTimeoutInMinutes="30" />
    </Endpoints>
  </WorkerRole>

请参阅新增功能:Azure 负载均衡器可配置空闲超时,了解详细信息。See New: Configurable Idle Timeout for Azure Load Balancer for more information.

如何将静态 IP 地址关联到云服务?How do I associate a static IP address to my Cloud Service?

若要设置静态 IP 地址,需要创建保留 IP。To set up a static IP address, you need to create a reserved IP. 该保留 IP 可以关联到新的云服务或现有部署。This reserved IP can be associated to a new Cloud Service or to an existing deployment. 请参阅以下文档了解详细信息:See the following documents for details:

Azure 基本 IPS/IDS 和 DDOS 提供哪些特性和功能?What are the features and capabilities that Azure basic IPS/IDS and DDOS provides?

Azure 在数据中心物理服务器上使用 IPS/IDS 来抵御威胁。Azure has IPS/IDS in datacenter physical servers to defend against threats. 此外,客户可以部署第三方安全解决方案,例如 Web 应用程序防火墙、网络防火墙、反恶意软件、入侵检测、防护系统 (IDS/IPS),等等。In addition, customers can deploy third-party security solutions, such as web application firewalls, network firewalls, antimalware, intrusion detection, prevention systems (IDS/IPS), and more. 有关详细信息,请参阅保护数据和资产并遵守全局安全标准For more information, see Protect your data and assets and comply with global security standards.

Microsoft 会持续监视服务器、网络和应用程序以检测威胁。Microsoft continuously monitors servers, networks, and applications to detect threats. Azure 的全方位威胁管理方法使用入侵检测、分布式拒绝服务 (DDoS) 攻击防护、渗透测试、行为分析、异常检测和机器学习来不断增强其防御能力并降低风险。Azure's multipronged threat-management approach uses intrusion detection, distributed denial-of-service (DDoS) attack prevention, penetration testing, behavioral analytics, anomaly detection, and machine learning to constantly strengthen its defense and reduce risks. 适用于 Azure 的 Microsoft 反恶意软件可以保护 Azure 云服务和虚拟机。Microsoft Antimalware for Azure protects Azure Cloud Services and virtual machines. 此外,你可以选择部署第三方安全解决方案,例如 Web 应用程序防火墙、网络防火墙、反恶意软件、入侵检测和防护系统 (IDS/IPS),等等。You have the option to deploy third-party security solutions in addition, such as web application fire walls, network firewalls, antimalware, intrusion detection and prevention systems (IDS/IPS), and more.

如何在云服务 VM 上启用 HTTP/2?How to enable HTTP/2 on Cloud Services VM?

Windows 10 和 Windows Server 2016 随附了对客户端和服务器端上的 HTTP/2 的支持。Windows 10 and Windows Server 2016 come with support for HTTP/2 on both client and server side. 如果客户端(浏览器)通过 TLS(通过 TLS 扩展协商 HTTP/2)连接到 IIS 服务器,则不需要在服务器端进行任何更改。If your client (browser) is connecting to the IIS server over TLS that negotiates HTTP/2 via TLS extensions, then you do not need to make any change on the server-side. 这是因为,默认情况下会通过 TLS 来发送指定使用 HTTP/2 的 h2-14 标头。This is because, over TLS, the h2-14 header specifying use of HTTP/2 is sent by default. 如果在另一方面,客户端要发送升级标头以升级到 HTTP/2,则需要在服务器端进行以下更改,确保能够正常进行升级,并最终建立 HTTP/2 连接。If on the other hand your client is sending an Upgrade header to upgrade to HTTP/2, then you need to make the change below on the server side to ensure that the Upgrade works and you end up with an HTTP/2 connection.

  1. 运行 regedit.exe。Run regedit.exe.
  2. 浏览到注册表项:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters。Browse to registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters.
  3. 创建名为 DuoEnabled 的新 DWORD 值。Create a new DWORD value named DuoEnabled.
  4. 将其值设置为 1。Set its value to 1.
  5. 重启服务器。Restart your server.
  6. 转到“默认网站”,在“绑定”下,使用刚刚创建的自签名证书创建新的 TLS 绑定。Go to your Default Web Site and under Bindings, create a new TLS binding with the self-signed certificate just created.

有关详细信息,请参阅:For more information, see:

可通过启动任务自动完成这些步骤,这样,每次创建新的 PaaS 实例后,都可以在系统注册表中执行上述更改。These steps could be automated via a startup task, so that whenever a new PaaS instance gets created, it can do the changes above in the system registry. 有关详细信息,请参阅如何配置和运行云服务的启动任务For more information, see How to configure and run startup tasks for a Cloud Service.

完成此过程后,可使用以下方法之一验证是否已启用 HTTP/2:Once this has been done, you can verify whether the HTTP/2 has been enabled or not by using one of the following methods:

  • 在 IIS 日志中启用协议版本,并查看 IIS 日志。Enable Protocol version in IIS logs and look into the IIS logs. 日志中会显示 HTTP/2。It will show HTTP/2 in the logs.
  • 在 Internet Explorer 或 Microsoft Edge 中启用 F12 开发人员工具,并切换到“网络”选项卡来验证协议。Enable F12 Developer Tool in Internet Explorer or Microsoft Edge and switch to the Network tab to verify the protocol.

有关详细信息,请参阅 IIS 上的 HTTP/2For more information, see HTTP/2 on IIS.

权限Permissions

如何为云服务实现基于角色的访问?How can I implement role-based access for Cloud Services?

云服务不支持 Azure 基于角色的访问控制 (Azure RBAC) 模型,因为它不是基于 Azure 资源管理器的服务。Cloud Services doesn't support the Azure role-based access control (Azure RBAC) model, as it's not an Azure Resource Manager based service.

请参阅了解 Azure 中的不同角色See Understand the different roles in Azure.

远程桌面Remote desktop

没有权限的 Microsoft 内部工程师能否通过远程桌面连接到云服务实例?Can Microsoft internal engineers remote desktop to Cloud Service instances without permission?

Microsoft 遵循严格的流程,未经所有者或其被委派者书面许可(电子邮件或其他书面通信),不允许内部工程师通过远程桌面连接到云服务。Microsoft follows a strict process that will not allow internal engineers to remote desktop into your Cloud Service without written permission (email or other written communication) from the owner or their designee.

无法使用 RDP 文件通过远程桌面连接到云服务 VM。I cannot remote desktop to Cloud Service VM by using the RDP file. 收到以下错误:发生身份验证错误(代码:0x80004005)I get following error: An authentication error has occurred (Code: 0x80004005)

如果在已加入 Azure Active Directory 的计算机上使用 RDP 文件,则可能会发生此错误。This error may occur if you use the RDP file from a machine that is joined to Azure Active Directory. 若要解决此问题,请执行以下步骤:To resolve this issue, follow these steps:

  1. 右键单击下载的 RDP 文件,然后选择“编辑”。Right-click the RDP file you downloaded and then select Edit.
  2. 在用户名的前面添加“\”前缀。Add "\" as prefix before the username. 例如,使用 .\username 而不要使用 usernameFor example, use .\username instead of username.

扩展Scaling

无法扩展到 X 个实例以上I cannot scale beyond X instances

Azure 订阅对可以使用的内核数存在限制。Your Azure Subscription has a limit on the number of cores you can use. 如果已使用所有可用的内核,缩放无法执行。Scaling will not work if you have used all the cores available. 例如,如果限制为 100 个核心,则意味着云服务可以有 100 个 A1 大小的虚拟机实例或 50 个 A2 大小的虚拟机实例。For example, if you have a limit of 100 cores, this means you could have 100 A1 sized virtual machine instances for your Cloud Service, or 50 A2 sized virtual machine instances.

如何基于内存指标配置自动缩放?How can I configure Auto-Scale based on Memory metrics?

当前不支持基于内存指标为云服务配置自动缩放。Auto-scale based on Memory metrics for a Cloud Services is not currently supported.

若要解决此问题,可以使用 Application Insights。To work around this problem, you can use Application Insights. 自动缩放支持将 Application Insights 作为指标源,可以基于“内存”等来宾指标缩放角色实例计数。Auto-Scale supports Application Insights as a Metrics Source and can scale the role instance count based on guest metric like "Memory". 必须在云服务项目包文件 (*.cspkg) 中配置 Application Insights 并对该服务启用 Azure 诊断扩展,才能实现此功能。You have to configure Application Insights in your Cloud Service project package file (*.cspkg) and enable Azure Diagnostics extension on the service to implement this feat.

有关如何在云服务上通过 Application Insights 利用自定义指标来配置自动缩放的更多详细信息,请参阅在 Azure 中根据自定义指标自动缩放入门For more details on how to utilize a custom metric via Application Insights to configure Auto-Scale on Cloud Services, see Get started with auto scale by custom metric in Azure

有关如何针对云服务将 Azure 诊断与 Application Insights 集成的详细信息,请参阅将云服务、虚拟机或 Service Fabric 诊断数据发送到 Application InsightsFor more information on how to integrate Azure Diagnostics with Application Insights for Cloud Services, see Send Cloud Service, Virtual Machine, or Service Fabric diagnostic data to Application Insights

有关如何为云服务启用 Application Insights 的详细信息,请参阅适用于 Azure 云服务的 Application InsightsFor more information about to enable Application Insights for Cloud Services, see Application Insights for Azure Cloud Services

有关如何为云服务启用 Azure 诊断日志记录的详细信息,请参阅为 Azure 云服务和虚拟机设置诊断For more information about how to enable Azure Diagnostics Logging for Cloud Services, see Set up diagnostics for Azure Cloud Services and virtual machines

泛型Generic

如何将 nosniff 添加到网站?How do I add nosniff to my website?

若要防止客户端探查 MIME 类型,请在 web.config 文件中添加设置。To prevent clients from sniffing the MIME types, add a setting in your web.config file.

<configuration>
   <system.webServer>
      <httpProtocol>
         <customHeaders>
            <add name="X-Content-Type-Options" value="nosniff" />
         </customHeaders>
      </httpProtocol>
   </system.webServer>
</configuration>

也可以将此项作为 IIS 中的设置添加。You can also add this as a setting in IIS. 使用常见启动任务一文中的以下命令。Use the following command with the common startup tasks article.

%windir%\system32\inetsrv\appcmd set config /section:httpProtocol /+customHeaders.[name='X-Content-Type-Options',value='nosniff']

如何自定义 Web 角色的 IISHow do I customize IIS for a web role?

使用常见启动任务一文中的 IIS 启动脚本。Use the IIS startup script from the common startup tasks article.

什么是云服务配额限制?What is the quota limit for my Cloud Service?

请参阅服务特定的限制See Service-specific limits.

云服务 VM 上的驱动器为何显示可用磁盘空间不足?Why does the drive on my Cloud Service VM show very little free disk space?

这是预期的行为,不会导致应用程序出现任何问题。This is expected behavior, and it shouldn't cause any issue to your application. 为 Azure PaaS VM 中的 %approot% 驱动器启用了日记,因此,占用的空间量在实际上是文件平时占用的空间量的两倍。Journaling is turned on for the %approot% drive in Azure PaaS VMs, which essentially consumes double the amount of space that files normally take up. 但是,有几个因素会在本质上消除此状态造成的问题。However there are several things to be aware of that essentially turn this into a non-issue.

%approot% 驱动器大小的计算方法是 <.cspkg 的大小 + 日记最大大小 + 备用可用空间> 或 1.5 GB 两者中较大的一个。The %approot% drive size is calculated as <size of .cspkg + max journal size + a margin of free space>, or 1.5 GB, whichever is larger. VM 大小对于计算结果没有任何影响。The size of your VM has no bearing on this calculation. (VM 大小只会影响临时 C: 驱动器的大小。)(The VM size only affects the size of the temporary C: drive.)

不支持写入 %approot% 驱动器。It is unsupported to write to the %approot% drive. 如果要写入 Azure VM,必须在临时 LocalStorage 资源中执行此操作(或使用其他选项,例如 Blob 存储、Azure 文件,等等)。If you are writing to the Azure VM, you must do so in a temporary LocalStorage resource (or other option, such as Blob storage, Azure Files, etc.). 因此,%approot% 文件夹的可用空间量没有意义。So the amount of free space on the %approot% folder is not meaningful. 如果不确定应用程序是否写入 %approot% 驱动器,始终可以让服务运行数日,然后比较“之前”和“之后”的大小。If you are not sure if your application is writing to the %approot% drive, you can always let your service run for a few days and then compare the "before" and "after" sizes.

Azure 不会将任何数据写入 %approot% 驱动器。Azure will not write anything to the %approot% drive. .cspkg 创建 VHD 并将其装载到 Azure VM 之后,就只有你的应用程序可能会写入此驱动器。Once the VHD is created from your .cspkg and mounted into the Azure VM, the only thing that might write to this drive is your application.

日记设置不可配置,因此无法将其禁用。The journal settings are non-configurable, so you can't turn it off.

如何以自动化方法为云服务添加反恶意软件扩展?How can I add an Antimalware extension for my Cloud Services in an automated way?

可在启动任务中使用 PowerShell 脚本启用反恶意软件扩展。You can enable Antimalware extension using PowerShell script in the Startup Task. 请遵循以下文章中的步骤实现此目的:Follow the steps in these articles to implement it:

有关反恶意软件部署方案以及如何在门户中启用此类方案的详细信息,请参阅反恶意软件部署方案For more information about Antimalware deployment scenarios and how to enable it from the portal, see Antimalware Deployment Scenarios.

如何为云服务启用服务器名称指示 (SNI)?How to enable Server Name Indication (SNI) for Cloud Services?

可使用以下方法之一在云服务中启用 SNI:You can enable SNI in Cloud Services by using one of the following methods:

方法 1:使用 PowerShellMethod 1: Use PowerShell

可在启动任务中使用 PowerShell cmdlet New-WebBinding 为云服务角色实例配置 SNI 绑定,如下所示:The SNI binding can be configured using the PowerShell cmdlet New-WebBinding in a startup task for a Cloud Service role instance as below:

New-WebBinding -Name $WebsiteName -Protocol "https" -Port 443 -IPAddress $IPAddress -HostHeader $HostHeader -SslFlags $sslFlags

此文所述,$sslFlags 可为以下值之一:As described here, the $sslFlags could be one of the values as the following:

Value 含义Meaning
00 没有 SNINo SNI
11 已启用 SNISNI Enabled
22 使用中心证书存储的非 SNI 绑定Non SNI binding which uses Central Certificate Store
33 使用中心证书存储的 SNI 绑定SNI binding which uses Central Certificate store

方法 2:使用代码Method 2: Use code

也可以根据此博客文章中所述,通过角色启动中的代码配置 SNI 绑定:The SNI binding could also be configured via code in the role startup as described on this blog post:

//<code snip> 
                var serverManager = new ServerManager(); 
                var site = serverManager.Sites[0]; 
                var binding = site.Bindings.Add(":443:www.test1.com", newCert.GetCertHash(), "My"); 
                binding.SetAttributeValue("sslFlags", 1); //enables the SNI 
                serverManager.CommitChanges(); 
//</code snip>

使用上述任一方法时,必须先使用启动任务或通过代码在角色实例上安装特定主机名的相应证书 (*.pfx),这样才能使 SNI 绑定生效。Using any of the approaches above, the respective certificates (*.pfx) for the specific hostnames have to be first installed on the role instances using a startup task or via code in order for the SNI binding to be effective.

如何将标记添加到 Azure 云服务?How can I add tags to my Azure Cloud Service?

云服务是一个经典资源。Cloud Service is a Classic resource. 只有通过 Azure 资源管理器创建的资源才支持标记。Only resources created through Azure Resource Manager support tags. 无法将标记应用到云服务等经典资源。You cannot apply tags to Classic resources such as Cloud Service.

Azure 门户不显示我的云服务的 SDK 版本。The Azure portal doesn't display the SDK version of my Cloud Service. 如何查看版本?How can I get that?

我们正努力在 Azure 门户中实现此功能。We are working on bringing this feature on the Azure portal. 在此同时,你可以使用以下 PowerShell 命令获取 SDK 版本:Meanwhile, you can use following PowerShell commands to get the SDK version:

Get-AzureService -ServiceName "<Cloud Service name>" | Get-AzureDeployment | Where-Object -Property SdkVersion -NE -Value "" | select ServiceName,SdkVersion,OSVersion,Slot

我想要关闭云服务几个月。I want to shut down the Cloud Service for several months. 如何在不丢失 IP 地址的情况下降低云服务的计费成本?How to reduce the billing cost of Cloud Service without losing the IP address?

已部署的云服务使用的计算和存储资源会产生费用。An already deployed Cloud Service gets billed for the Compute and Storage it uses. 因此,即使关闭 Azure VM,也仍要支付存储费用。So even if you shut down the Azure VM, you will still get billed for the Storage.

下面是可以在不丢失服务 IP 地址的情况下节省费用的办法:Here is what you can do to reduce your billing without losing the IP address for your service:

  1. 在删除部署之前保留 IP 地址Reserve the IP address before you delete the deployments. 这样,就只需支付此 IP 地址的费用。You will only be billed for this IP address. 有关 IP 地址计费的详细信息,请参阅 IP 地址定价For more information about IP address billing, see IP addresses pricing.
  2. 删除部署。Delete the deployments. 不要删除 xxx.chinacloudapp.cn,以备将来使用。Don’t delete the xxx.chinacloudapp.cn, so that you can use it for future.
  3. 如果想要使用订阅中的相同保留 IP 来重新部署云服务,请参阅云服务和虚拟机的保留 IP 地址If you want to redeploy the Cloud Service by using the same reserve IP that you reserved in your subscription, see Reserved IP addresses for Cloud Services and Virtual Machines.