Azure Stack技術方案介紹

1、Azure Stack技術方案介紹日程安排Azure Stack基礎架構原理淺析Azure Stack驗證Azure Stack部署Azure Stack App ServiceAzure Stack和KubernetesAzure Stack常見配置Azure Stack基礎架構原理淺析Azure Stack架構概覽Templates/PowerShell/CLI, SDK, etcAzure Resource Manager (ARM)RP LAYERPARTITION REQUEST BROKERSRPNRPFRPCRPURPInfrastructure DeploymentBootst

2、rapPatch & UpdateScale OutFRURESETSTARTSTOPCOMPUTE CONTROLLERSTORAGE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERARM LAYERINFRASTRUCTURE CONTROL LAYERAzure Portal (UX)BuildsWorkflowsHRPPHYSICALNODEMANAGEMENTADFSDIRECTORY MGMTACSPHYSICAL NODE MGMTEDGE GATEWAYLB MUXINTERNAL DATA

3、STOREUPDATE MGMTCERTIFICATE MGMTINFRASTRUCTURE ROLESSTORAGE CONTROLLERCOMPUTE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERINFRA DEPLOYMENTPARTITION REQ BROKERINFRA MGMTCONTROLLERARMCOMPUTENETWORK (SWITCHES)STORAGEHARDWARE LAYERAzure Stack應用HA/DRNNNNScale-unitRegionCloudNNNNScal

4、e-unitRegionCloudAppsApps當前版本Scale-set with FD count = 3 and node level distributionScale-unit failover of VMs when a node failsScale-unit planned failover of VMs during P&UThree copies of all tenant data in a scale-unitAutomatic rebuild of data when a disk failsApp deployment across clouds for HA a

5、nd DR未來支持Scale-set supports scale-unit level distributionARM replication across regions within a cloudC/N/S RP data across scale-unitsApp deployment across regions for HA and DR and across cloudsNNNNScale-unitRNNNNSUAAppsAppsAzure Stack故障域和更新域故障域(FD)=3，意外災難停機的HA邏輯容器。在Azure上是Rack，而當前Azure Stack是Node更

6、新域(UD)=5，主動維護停機的HA邏輯容器。在Azure Stack底層更新時，VM會實時遷移，所以其實更新域只是一個兼容性的概念更新域和故障域由可用性集進行維護，不需要手動設置。/en-us/azure/azure-stack/azure-stack-key-features基礎架構虛擬機VMsNumber (in 4 node)FunctionComponents / ServicesWASP0 x1ARM TenantTenant PortalWAS0 x1ARM AdminWAP Cloud Tenant Control Pane / Admin PortalXRP0 x3Fabri

7、c RingMultiple foundational Services - Resource Providers (SF)ACS0 x3ACS RingAzure Consistent Storage (SF)NC0 x3NC RingNetwork Controller (SF)SLB0 x2SLB MUXSoftware Load Balancer MUXGwy0 x2GatewayRemote Access Services GatewayDC0 x2ADAD & DNSADFS0 x1ADFSADFSSQL0 x2SQLSQL for subscriptions, usage, et

8、cERCS0 x3ECEInternal Activity Management (SF)CA0 x1CACertificate AuthorityWDS0 x1基礎架構虛擬機WAS01XRP01ERCS01NC01DC01SQL01ACS01XRP03Gwy02DC02CA01SLB02NC03Gwy01SQL02ACS03ADFS01SLB01ERCS03WASP02XRP02ERCS02NC02WDS01ACS02擴展單元Azure Stack部署的時候，基礎架構虛擬機的多個實例會分攤在物理節(jié)點上，以確保冗余能力 基礎架構服務基礎架構服務基礎架構服務Service Fabric“環(huán)”擴展

9、單元Specific placement of VMs determined internally by Azure Stack to optimize scalability, resiliency, performance.基礎架構虛擬機基礎架構服務基礎架構服務基礎架構服務 Service Fabric“環(huán)” 基礎架構服務基礎架構服務基礎架構服務Service Fabric 環(huán)運行著關鍵的基礎架構微服務 (運行在基礎架構虛擬機上).在應用層、服務層上確?？捎眯?、冗余能力Azure Stack服務架構原理Templates/PowerShell/CLI, SDK, etcAzure Reso

10、urce Manager (ARM)RP LAYERPARTITION REQUEST BROKERSRPNRPFRPCRPURPInfrastructure DeploymentBootstrapPatch & UpdateScale OutFRURESETSTARTSTOPCOMPUTE CONTROLLERSTORAGE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERARM LAYERINFRASTRUCTURE CONTROL LAYERAzure Portal (UX)BuildsWorkflows

11、HRPPHYSICALNODEMANAGEMENTADFSDIRECTORY MGMTACSPHYSICAL NODE MGMTEDGE GATEWAYLB MUXINTERNAL DATA STOREUPDATE MGMTCERTIFICATE MGMTINFRASTRUCTURE ROLESSTORAGE CONTROLLERCOMPUTE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERINFRA DEPLOYMENTPARTITION REQ BROKERINFRA MGMTCONTROLLERARMC

12、OMPUTENETWORK (SWITCHES)STORAGEHARDWARE LAYERAzure Stack驗證Azure Stack驗證協(xié)議和Azure驗證模式兼容支持AAD和AD FS部署時指定，不能再改使用OpenID Connect Protocol 和JSON Web Tokens (JWT)支持PowerShell, CLI, VS等支持ADAL驗證協(xié)議活動目錄證書服務 (ADCS)Azure StackAzure Stack with AAD Multi TenantedAdmin PortalAdmin ARMPublic PortalPublic ARMResource

13、ProvidersAzure Active DirectoryRAD FS(on-prem)Use cases: CSP, Shared HostingFAzure Stack with AD FSAzure StackPortalARM and RPsApplicationsStamp ADadfs.azurestack.localAD GraphStampADFSProduction TopologyCustomer ADCustomer ADFSUse cases: Enterprises, Dedicated HostingAzure Stack部署Azure連接賬戶實體庫計費模式客戶

14、信息環(huán)境信息網絡設置Azure Stack 部署工作表Azure Stack部署參數淺析Azure Stack 多節(jié)點部署HLHThe Hardware Lifecycle Host is an additional physical machine used for the deployment and other services from the Hardware Vendor. DVMThe Deployment Virtual Machine is a virtual machine running on the HLH where the Azure Stack deploymen

15、t will be triggered.During the deployment, the DVM will become AD DC, WDS, DHCP.部署過程DVMHLH上部署的虛擬機Azure Stack部署過程從DVM上發(fā)起部署時，DVM承載臨時的AD、WDS、DHCP和其他角色部署好第一臺節(jié)點，這些臨時角色會轉移到其上的虛擬機部署過程 .InitializeAzureStackDeployment.ps1 -ComputerName -LocalAdministratorPassword -IPAddress -DVMHostMACAddress -NetMask -Defau

16、ltGateway -VlanId -OemIsoPath -Verbose DVM創(chuàng)建ParameterDescriptionComputerName*Name of the DVM VMLocalAdministratorPasswordLocal Administrator PasswordIPAddressIP-Address of the DVM NetMaskSubnetmask of the DVMDefaultGatewayDefault GatewayVlanIdVLAN ID for DVMOemIsoPathOEM ISO Path (Driver Disk)Verbos

17、eRun Script in Verbose Mode創(chuàng)建DVMAzure Stack部署過程Install Active Directory on the DVM Reboot DVM - Log back in as domain adminBare Metal all hosts - can take 1 hourCreate Networking via DSC resourcesCreate StorageCreate Management VMsInstall Management ServicesInstall Azure Stack ScriptInstall Fabric R

18、ing ServicesMigrate AD and ECE StoreTotal Deployment Time can take up to 6 -8hours todayInitialize Azure Stack ScriptInstall Azure StackThe deployment will be started from the DVMThe driver package is specified at DVM creationDifferent parameters for ADFS and AAD deploymentsPass configuration using

19、parameters or JSONInstall Azure Stack.InstallAzureStack.ps1 -InfraAzureEnvironment AzureCloud -CompanyName -InfraAzureDirectoryTenantName . -InfraAzureDirectoryTenantAdminCredential -DomainFQDN -DomainAdminCredential -BareMetalCredential -NamingPrefix -TimeZone -TimeServer -EnvironmentDNS -TORSwitch

20、BGPASN -SoftwareBGPASN -TORSwitchBGPPeerIP -InfrastructureNetwork Subnet= -StorageNetwork Subnet=; vlanId= -InfrastructureExtendedNetwork Subnet= -ExternalNetwork Subnet= -RegionName -PhysicalNodes ( Name=.; BMCIPAddress=; MACAddress=, Name=.; BMCIPAddress=; MACAddress= , Name=.; BMCIPAddress=; MACA

21、ddress= , Name=.; BMCIPAddress=; MACAddress= )Install run inside the DVM Install Azure Stack (with ADFS) InstallAzureStack.ps1 -DomainAdminCredential $domainCred -BMCCredential $bmcCred -CompanyName -RegionName -ExternalDomainFQDN -DomainFQDN -DNSForwarder (, ) -TimeServer -TORSwitchBGPASN -Software

22、BGPASN -TORSwitchBGPPeerIP -StorageNetwork Subnet = ; VlanId = 1 -InfrastructureNetwork Subnet = -ExternalNetwork Subnet = -InfrastructureExtendedNetwork Subnet = -PhysicalNodes ( Name=.; BMCIPAddress=; MACAddress=, Name=.; BMCIPAddress=; MACAddress= , Name=.; BMCIPAddress=; MACAddress= , Name=.; BM

23、CIPAddress=; MACAddress= ) -UseADFS Install Azure StackParameterDescriptionInfraAzureEnvironmentDefault AzureCloud“InfraAzureDirectoryTenantNameTenant NameInfraAzureDirectoryTenantAdminCredentialTenant CredentialsCompanyName Company NameDomainFQDNMAS int. Resource DomainDomainAdminCredentialAdmin Cr

24、edentialsBMCCredentialBMC CredentialsNamingPrefix* VM PrefixTimeZone*Pacific Standard TimeTimeServer*UseADFS*Using ADFS instead of AADExternalDomainFQDNDNS Zone for all endpointsDNSForwarderExisting DNS serversParameterDescriptionEnvironmentDNSExt. DNS-ServersTORSwitchBGPASNASN for TOR Switch BGPSof

25、twareBGPASNASN for Software BGPTORSwitchBGPPeerIP TOR Switch BGP IP-AddressesInfrastructureNetwork Internal MAS VMs (ADDS, CA, .)StorageNetworkCSV, S2D, (not routed)ExternalNetworkVIPs e.g. for Azure PortalInfrastructureExtendedNetworkInfrastructure Extended NetworkPhysicalNodessee node definitionVe

26、rboseRun in Verbose ModeRegionNameAzure Stack Region NamePublicCertificatePathpublic facing endpoint certificatesReRun*Rerun Deployment (w/o other param)AAD Deployment only* optional$node1 = Name=CPEC-Lenovo1; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-62 $node2 = Name=CPEC-Lenovo2; BmcIPAddress=; Mac

27、Address=E4-1D-2D-C9-C2-F6 $node3 = Name=CPEC-Lenovo3; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-6A $node4 = Name=CPEC-Lenovo4; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-66. $physicalNodes = ( $node1, $node2, $node3, $node4, .) Install Azure StackNode definition Physical nodesInitial release 1 Scale Un

28、it with 4 nodes, 8 nodes, or 12 nodesAzure Stack App Service為什么要App Service？Web應用可以按照業(yè)務需求擴展的Web應用API應用快速構建和使用云端應用的APIFunctions無服務器，基于事件的平臺，有助于快速開發(fā)云應用 App Service：一個群集服務所有租戶 IaaS：租戶有自己的獨立虛機App Service：租戶無需操心運維 IaaS：租戶必須自己負責虛機的運維App Service：管理員無需操心運維App Service基礎架構Web Worker VMSS，基于IIS，處理客戶端的Web請求Front End VMSS，基于IIS(ARR)，接受客戶端的請求，并轉交給Web Worker，以及把響應回送給客戶端Publisher VMSS，F(xiàn)TP/Git/Github/OneDrive等發(fā)布方式Management- VMSS，REST API 服務器，支持ARMDatabase 獨立，支持Alwayson等，App Service的配置數據File Server 獨立，支持File Cluster，存放租戶的網站內容 Controller 最多兩臺(A/P)，非VMSS，創(chuàng)建和管理App Service