在 Azure HDInsight 中配置网络虚拟设备Configure network virtual appliance in Azure HDInsight

重要

仅当所要配置的网络虚拟设备 (NVA) 不是 Azure 防火墙时,才需要以下信息。The following information is only required if you wish to configure a network virtual appliance (NVA) other than Azure Firewall.

对于许多常见的重要方案,Azure 防火墙已自动配置为允许流量。Azure Firewall is automatically configured to allow traffic for many of the common important scenarios. 使用另一个网络虚拟设备将需要配置一些其他功能。Using another network virtual appliance will require you to configure a number of additional features. 配置网络虚拟设备时请注意以下因素:Keep the following factors in mind as you configure your network virtual appliance:

  • 应在支持服务终结点的服务中配置服务终结点。Service Endpoint capable services should be configured with service endpoints.
  • IP 地址依赖项适用于非 HTTP/S 流量(TCP 和 UDP 流量)。IP Address dependencies are for non-HTTP/S traffic (both TCP and UDP traffic).
  • 可将 FQDN HTTP/HTTPS 终结点放在 NVA 设备中。FQDN HTTP/HTTPS endpoints can be placed in your NVA device.
  • 通配符 HTTP/HTTPS 终结点是可以根据许多限定符变化的依赖项。Wildcard HTTP/HTTPS endpoints are dependencies that can vary based on a number of qualifiers.
  • 将创建的路由表分配到 HDInsight 子网。Assign the route table that you create to your HDInsight subnet.

支持服务终结点的依赖项Service endpoint capable dependencies

终结点Endpoint
Azure SQLAzure SQL
Azure 存储Azure Storage
Azure Active DirectoryAzure Active Directory

IP 地址依赖项IP address dependencies

终结点Endpoint 详细信息Details
*:123*:123 NTP 时钟检查。NTP clock check. 在端口 123 上的多个终结点中检查流量Traffic is checked at multiple endpoints on port 123
此处发布的 IPIPs published here 这些 IP 是 HDInsight 服务These IPs are HDInsight service
群集的 AAD-DS 专用 IPAAD-DS private IPs for clusters
*:16800,用于 KMS Windows 激活*:16800 for KMS Windows Activation
*12000,用于 Log Analytics*12000 for Log Analytics

FQDN HTTP/HTTPS 依赖项FQDN HTTP/HTTPS dependencies

重要

以下列表仅提供了一些最重要的 FQDN。The list below only gives a few of the most important FQDNs. 可以获取其他 FQDN(主要是 Azure 存储和 Azure 服务总线)用于在此文件中配置 NVA。You can get additional FQDNs (mostly Azure Storage and Azure Service Bus) for configuring your NVA in this file.

终结点Endpoint
azure.archive.ubuntu.com:80azure.archive.ubuntu.com:80
security.ubuntu.com:80security.ubuntu.com:80
ocsp.msocsp.com:80ocsp.msocsp.com:80
ocsp.digicert.com:80ocsp.digicert.com:80
wawsinfraprodbay063.blob.core.windows.net:443wawsinfraprodbay063.blob.core.windows.net:443
registry-1.docker.io:443registry-1.docker.io:443
auth.docker.io:443auth.docker.io:443
production.cloudflare.docker.com:443production.cloudflare.docker.com:443
download.docker.com:443download.docker.com:443
us.archive.ubuntu.com:80us.archive.ubuntu.com:80
download.mono-project.com:80download.mono-project.com:80
packages.treasuredata.com:80packages.treasuredata.com:80
security.ubuntu.com:80security.ubuntu.com:80
azure.archive.ubuntu.com:80azure.archive.ubuntu.com:80
ocsp.msocsp.com:80ocsp.msocsp.com:80
ocsp.digicert.com:80ocsp.digicert.com:80

后续步骤Next steps