在 Azure HDInsight 中使用安全传输存储帐户创建 Apache Hadoop 群集Apache Hadoop clusters with secure transfer storage accounts in Azure HDInsight

需要安全传输功能强制提交到帐户的所有请求都通过安全连接来进行,从而增强 Azure 存储帐户的安全性。The Secure transfer required feature enhances the security of your Azure Storage account by enforcing all requests to your account through a secure connection. 仅 HDInsight 群集 3.6 或更高版本支持此功能和 wasbs 方案。This feature and the wasbs scheme are only supported by HDInsight cluster version 3.6 or newer.

Important

在创建群集后启用安全存储传输可能会导致使用存储帐户时出错,因此不建议这样做。Enabling secure storage transfer after creating a cluster can result in errors using your storage account and is not recommended. 最好使用已启用安全传输的存储帐户创建新群集。It is better to create a new cluster using a storage account with secure transfer already enabled.

存储帐户Storage accounts

Azure 门户Azure portal

默认情况下,在 Azure 门户中创建存储帐户时,会启用“需要安全传输”属性。By default, the secure transfer required property is enabled when you create a storage account in Azure portal.

若要使用 Azure 门户更新现有存储帐户,请参阅需要使用 Azure 门户进行安全传输To update an existing storage account with Azure portal, see Require secure transfer with Azure portal.

PowerShellPowerShell

对于 PowerShell cmdlet New-AzStorageAccount,请确保将参数 -EnableHttpsTrafficOnly 设为 1For the PowerShell cmdlet New-AzStorageAccount, ensure parameter -EnableHttpsTrafficOnly is set to 1.

若要使用 PowerShell 更新现有存储帐户,请参阅需要使用 PowerShell 进行安全传输To update an existing storage account with PowerShell, see Require secure transfer with PowerShell.

Azure CLIAzure CLI

对于 Azure CLI 命令 az storage account create,请确保将参数 --https-only 设为 trueFor the Azure CLI command az storage account create, ensure parameter --https-only is set to true.

若要使用 Azure CLI 更新现有存储帐户,请参阅需要使用 Azure CLI 进行安全传输To update an existing storage account with Azure CLI, see Require secure transfer with Azure CLI.

添加其他存储帐户Add additional storage accounts

可以通过多个选项添加其他启用安全传输的存储帐户:There are several options to add additional secure transfer enabled storage accounts:

  • 修改上一部分的 Azure 资源管理器模板。Modify the Azure Resource Manager template in the last section.
  • 使用 Azure 门户创建一个群集,并指定关联的存储帐户。Create a cluster using the Azure portal and specify linked storage account.
  • 使用脚本操作,将其他启用安全传输的存储帐户添加到现有的 HDInsight 群集。Use script action to add additional secure transfer enabled storage accounts to an existing HDInsight cluster. 有关详细信息,请参阅将其他存储帐户添加到 HDInsightFor more information, see Add additional storage accounts to HDInsight.

后续步骤Next steps