更改存储访问密钥后更新媒体服务Update Media Services after rolling storage access keys

创建新的 Azure 媒体服务 (AMS) 帐户时,系统还会要求选择用于存储媒体内容的 Azure 存储帐户。When you create a new Azure Media Services (AMS) account, you are also asked to select an Azure Storage account that is used to store your media content. 可将多个存储帐户添加到媒体服务帐户。You can add more than one storage accounts to your Media Services account. 本文介绍如何轮换存储密钥。This article shows how to rotate storage keys. 此外,介绍如何将存储帐户添加到媒体帐户。It also shows how to add storage accounts to a media account.

若要执行本文所述的操作,应使用 Azure 资源管理器 APIPowershellTo perform the actions described in this article, you should be using Azure Resource Manager APIs and Powershell. 有关详细信息,请参阅如何使用 PowerShell 和 Resource Manager 管理 Azure 资源For more information, see How to manage Azure resources with PowerShell and Resource Manager.

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

概述Overview

创建新的存储帐户后,Azure 会生成两个 512 位存储访问密钥,用于对对存储帐户的访问进行身份验证。When a new storage account is created, Azure generates two 512-bit storage access keys, which are used to authenticate access to your storage account. 为保持存储连接更加安全,建议定期重新生成并轮转存储访问密钥。To keep your storage connections more secure, it is recommended to periodically regenerate and rotate your storage access key. 将提供两个访问密钥(主密钥和辅助密钥),以便在你重新生成其中一个访问密钥时,始终能够使用另一个访问密钥连接到存储帐户。Two access keys (primary and secondary) are provided in order to enable you to maintain connections to the storage account using one access key while you regenerate the other access key. 此过程也称为“轮转访问密钥”。This procedure is also called "rolling access keys".

媒体服务依赖于向其提供的存储密钥。Media Services depends on a storage key provided to it. 具体而言,用于流式处理或下载资产的定位符依赖于指定的存储访问密钥。Specifically, the locators that are used to stream or download your assets depend on the specified storage access key. 创建 AMS 帐户时,媒体服务默认依赖于主存储访问密钥,但用户可以更新 AMS 的存储密钥。When an AMS account is created, it takes a dependency on the primary storage access key by default but as a user you can update the storage key that AMS has. 必须遵照本文中所述的步骤,确保媒体服务知晓要使用的密钥。You must make sure to let Media Services know which key to use by following steps described in this article.

备注

若有多个存储帐户,请对每个存储帐户执行此过程。If you have multiple storage accounts, you would perform this procedure with each storage account. 存储密钥的轮换顺序不是固定的。The order in which you rotate storage keys is not fixed. 可以先轮换辅助密钥,并再轮换主密钥,反之亦然。You can rotate the secondary key first and then the primary key or vice versa.

在对生产帐户执行本文中所述的步骤之前,请确保对生产前帐户测试这些步骤。Before executing steps described in this article on a production account, make sure to test them on a pre-production account.

轮换存储密钥的步骤Steps to rotate storage keys

  1. 通过 PowerShell cmdlet 或 Azure 门户更改存储帐户主密钥。Change the storage account Primary key through the powershell cmdlet or Azure portal.

  2. 使用适当的参数调用 Sync-AzMediaServiceStorageKeys cmdlet,强制媒体帐户选取存储帐户密钥Call Sync-AzMediaServiceStorageKeys cmdlet with appropriate params to force media account to pick up storage account keys

    以下示例演示了如何将密钥同步到存储帐户。The following example shows how to sync keys to storage accounts.

     Sync-AzMediaServiceStorageKeys -ResourceGroupName $resourceGroupName -AccountName $mediaAccountName -StorageAccountId $storageAccountId
    
  3. 等待一小时左右。Wait an hour or so. 验证流式处理方案是否正常工作。Verify the streaming scenarios are working.

  4. 通过 PowerShell cmdlet 或 Azure 门户更改存储帐户辅助密钥。Change storage account secondary key through the powershell cmdlet or Azure portal.

  5. 使用适当的参数调用 Sync-AzMediaServiceStorageKeys powershell,强制媒体帐户选取新的存储帐户密钥。Call Sync-AzMediaServiceStorageKeys powershell with appropriate params to force media account to pick up new storage account keys.

  6. 等待一小时左右。Wait an hour or so. 验证流式处理方案是否正常工作。Verify the streaming scenarios are working.

PowerShell cmdlet 示例A powershell cmdlet example

以下示例演示了如何获取存储帐户并通过 AMS 帐户将其同步。The following example demonstrates how to get the storage account and sync it with the AMS account.

$regionName = "China East"
$resourceGroupName = "SkyMedia-ChinaEast-App"
$mediaAccountName = "sky"
$storageAccountName = "skystorage"
$storageAccountId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Storage/storageAccounts/$storageAccountName"

Sync-AzMediaServiceStorageKeys -ResourceGroupName $resourceGroupName -AccountName $mediaAccountName -StorageAccountId $storageAccountId

将存储帐户添加到 AMS 帐户的步骤Steps to add storage accounts to your AMS account

以下文章介绍了如何将存储帐户添加到 AMS 帐户:将多个存储帐户附加到一个媒体服务帐户The following article shows how to add storage accounts to your AMS account: Attach multiple storage accounts to a Media Services account.

媒体服务学习路径Media Services learning paths

媒体服务 v3(最新版本)Media Services v3 (latest)

查看最新版本的 Azure 媒体服务!Check out the latest version of Azure Media Services!

媒体服务 v2(旧版)Media Services v2 (legacy)