Azure Stack技术方案介绍

1、Azure Stack技术方案介绍日程安排Azure Stack基础架构原理浅析Azure Stack验证Azure Stack部署Azure Stack App ServiceAzure Stack和KubernetesAzure Stack常见配置Azure Stack基础架构原理浅析Azure Stack架构概览Templates/PowerShell/CLI, SDK, etcAzure Resource Manager (ARM)RP LAYERPARTITION REQUEST BROKERSRPNRPFRPCRPURPInfrastructure DeploymentBootst

2、rapPatch & UpdateScale OutFRURESETSTARTSTOPCOMPUTE CONTROLLERSTORAGE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERARM LAYERINFRASTRUCTURE CONTROL LAYERAzure Portal (UX)BuildsWorkflowsHRPPHYSICALNODEMANAGEMENTADFSDIRECTORY MGMTACSPHYSICAL NODE MGMTEDGE GATEWAYLB MUXINTERNAL DATA

3、STOREUPDATE MGMTCERTIFICATE MGMTINFRASTRUCTURE ROLESSTORAGE CONTROLLERCOMPUTE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERINFRA DEPLOYMENTPARTITION REQ BROKERINFRA MGMTCONTROLLERARMCOMPUTENETWORK (SWITCHES)STORAGEHARDWARE LAYERAzure Stack应用HA/DRNNNNScale-unitRegionCloudNNNNScal

4、e-unitRegionCloudAppsApps当前版本Scale-set with FD count = 3 and node level distributionScale-unit failover of VMs when a node failsScale-unit planned failover of VMs during P&UThree copies of all tenant data in a scale-unitAutomatic rebuild of data when a disk failsApp deployment across clouds for HA a

5、nd DR未来支持Scale-set supports scale-unit level distributionARM replication across regions within a cloudC/N/S RP data across scale-unitsApp deployment across regions for HA and DR and across cloudsNNNNScale-unitRNNNNSUAAppsAppsAzure Stack故障域和更新域故障域(FD)=3，意外灾难停机的HA逻辑容器。在Azure上是Rack，而当前Azure Stack是Node更

6、新域(UD)=5，主动维护停机的HA逻辑容器。在Azure Stack底层更新时，VM会实时迁移，所以其实更新域只是一个兼容性的概念更新域和故障域由可用性集进行维护，不需要手动设置。/en-us/azure/azure-stack/azure-stack-key-features基础架构虚拟机VMsNumber (in 4 node)FunctionComponents / ServicesWASP0 x1ARM TenantTenant PortalWAS0 x1ARM AdminWAP Cloud Tenant Control Pane / Admin PortalXRP0 x3Fabri

7、c RingMultiple foundational Services - Resource Providers (SF)ACS0 x3ACS RingAzure Consistent Storage (SF)NC0 x3NC RingNetwork Controller (SF)SLB0 x2SLB MUXSoftware Load Balancer MUXGwy0 x2GatewayRemote Access Services GatewayDC0 x2ADAD & DNSADFS0 x1ADFSADFSSQL0 x2SQLSQL for subscriptions, usage, et

8、cERCS0 x3ECEInternal Activity Management (SF)CA0 x1CACertificate AuthorityWDS0 x1基础架构虚拟机WAS01XRP01ERCS01NC01DC01SQL01ACS01XRP03Gwy02DC02CA01SLB02NC03Gwy01SQL02ACS03ADFS01SLB01ERCS03WASP02XRP02ERCS02NC02WDS01ACS02扩展单元Azure Stack部署的时候，基础架构虚拟机的多个实例会分摊在物理节点上，以确保冗余能力 基础架构服务基础架构服务基础架构服务Service Fabric“环”扩展

9、单元Specific placement of VMs determined internally by Azure Stack to optimize scalability, resiliency, performance.基础架构虚拟机基础架构服务基础架构服务基础架构服务 Service Fabric“环” 基础架构服务基础架构服务基础架构服务Service Fabric 环运行着关键的基础架构微服务 (运行在基础架构虚拟机上).在应用层、服务层上确保可用性、冗余能力Azure Stack服务架构原理Templates/PowerShell/CLI, SDK, etcAzure Reso

10、urce Manager (ARM)RP LAYERPARTITION REQUEST BROKERSRPNRPFRPCRPURPInfrastructure DeploymentBootstrapPatch & UpdateScale OutFRURESETSTARTSTOPCOMPUTE CONTROLLERSTORAGE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERARM LAYERINFRASTRUCTURE CONTROL LAYERAzure Portal (UX)BuildsWorkflows

11、HRPPHYSICALNODEMANAGEMENTADFSDIRECTORY MGMTACSPHYSICAL NODE MGMTEDGE GATEWAYLB MUXINTERNAL DATA STOREUPDATE MGMTCERTIFICATE MGMTINFRASTRUCTURE ROLESSTORAGE CONTROLLERCOMPUTE CONTROLLERNETWORK CONTROLLERINFRA ROLE CONTROLLERHEALTH CONTROLLERINFRA DEPLOYMENTPARTITION REQ BROKERINFRA MGMTCONTROLLERARMC

12、OMPUTENETWORK (SWITCHES)STORAGEHARDWARE LAYERAzure Stack验证Azure Stack验证协议和Azure验证模式兼容支持AAD和AD FS部署时指定，不能再改使用OpenID Connect Protocol 和JSON Web Tokens (JWT)支持PowerShell, CLI, VS等支持ADAL验证协议活动目录证书服务 (ADCS)Azure StackAzure Stack with AAD Multi TenantedAdmin PortalAdmin ARMPublic PortalPublic ARMResource

13、ProvidersAzure Active DirectoryRAD FS(on-prem)Use cases: CSP, Shared HostingFAzure Stack with AD FSAzure StackPortalARM and RPsApplicationsStamp ADadfs.azurestack.localAD GraphStampADFSProduction TopologyCustomer ADCustomer ADFSUse cases: Enterprises, Dedicated HostingAzure Stack部署Azure连接账户实体库计费模式客户

14、信息环境信息网络设置Azure Stack 部署工作表Azure Stack部署参数浅析Azure Stack 多节点部署HLHThe Hardware Lifecycle Host is an additional physical machine used for the deployment and other services from the Hardware Vendor. DVMThe Deployment Virtual Machine is a virtual machine running on the HLH where the Azure Stack deploymen

15、t will be triggered.During the deployment, the DVM will become AD DC, WDS, DHCP.部署过程DVMHLH上部署的虚拟机Azure Stack部署过程从DVM上发起部署时，DVM承载临时的AD、WDS、DHCP和其他角色部署好第一台节点，这些临时角色会转移到其上的虚拟机部署过程 .InitializeAzureStackDeployment.ps1 -ComputerName -LocalAdministratorPassword -IPAddress -DVMHostMACAddress -NetMask -Defau

16、ltGateway -VlanId -OemIsoPath -Verbose DVM创建ParameterDescriptionComputerName*Name of the DVM VMLocalAdministratorPasswordLocal Administrator PasswordIPAddressIP-Address of the DVM NetMaskSubnetmask of the DVMDefaultGatewayDefault GatewayVlanIdVLAN ID for DVMOemIsoPathOEM ISO Path (Driver Disk)Verbos

17、eRun Script in Verbose Mode创建DVMAzure Stack部署过程Install Active Directory on the DVM Reboot DVM - Log back in as domain adminBare Metal all hosts - can take 1 hourCreate Networking via DSC resourcesCreate StorageCreate Management VMsInstall Management ServicesInstall Azure Stack ScriptInstall Fabric R

18、ing ServicesMigrate AD and ECE StoreTotal Deployment Time can take up to 6 -8hours todayInitialize Azure Stack ScriptInstall Azure StackThe deployment will be started from the DVMThe driver package is specified at DVM creationDifferent parameters for ADFS and AAD deploymentsPass configuration using

19、parameters or JSONInstall Azure Stack.InstallAzureStack.ps1 -InfraAzureEnvironment AzureCloud -CompanyName -InfraAzureDirectoryTenantName . -InfraAzureDirectoryTenantAdminCredential -DomainFQDN -DomainAdminCredential -BareMetalCredential -NamingPrefix -TimeZone -TimeServer -EnvironmentDNS -TORSwitch

20、BGPASN -SoftwareBGPASN -TORSwitchBGPPeerIP -InfrastructureNetwork Subnet= -StorageNetwork Subnet=; vlanId= -InfrastructureExtendedNetwork Subnet= -ExternalNetwork Subnet= -RegionName -PhysicalNodes ( Name=.; BMCIPAddress=; MACAddress=, Name=.; BMCIPAddress=; MACAddress= , Name=.; BMCIPAddress=; MACA

21、ddress= , Name=.; BMCIPAddress=; MACAddress= )Install run inside the DVM Install Azure Stack (with ADFS) InstallAzureStack.ps1 -DomainAdminCredential $domainCred -BMCCredential $bmcCred -CompanyName -RegionName -ExternalDomainFQDN -DomainFQDN -DNSForwarder (, ) -TimeServer -TORSwitchBGPASN -Software

22、BGPASN -TORSwitchBGPPeerIP -StorageNetwork Subnet = ; VlanId = 1 -InfrastructureNetwork Subnet = -ExternalNetwork Subnet = -InfrastructureExtendedNetwork Subnet = -PhysicalNodes ( Name=.; BMCIPAddress=; MACAddress=, Name=.; BMCIPAddress=; MACAddress= , Name=.; BMCIPAddress=; MACAddress= , Name=.; BM

23、CIPAddress=; MACAddress= ) -UseADFS Install Azure StackParameterDescriptionInfraAzureEnvironmentDefault AzureCloud“InfraAzureDirectoryTenantNameTenant NameInfraAzureDirectoryTenantAdminCredentialTenant CredentialsCompanyName Company NameDomainFQDNMAS int. Resource DomainDomainAdminCredentialAdmin Cr

24、edentialsBMCCredentialBMC CredentialsNamingPrefix* VM PrefixTimeZone*Pacific Standard TimeTimeServer*UseADFS*Using ADFS instead of AADExternalDomainFQDNDNS Zone for all endpointsDNSForwarderExisting DNS serversParameterDescriptionEnvironmentDNSExt. DNS-ServersTORSwitchBGPASNASN for TOR Switch BGPSof

25、twareBGPASNASN for Software BGPTORSwitchBGPPeerIP TOR Switch BGP IP-AddressesInfrastructureNetwork Internal MAS VMs (ADDS, CA, .)StorageNetworkCSV, S2D, (not routed)ExternalNetworkVIPs e.g. for Azure PortalInfrastructureExtendedNetworkInfrastructure Extended NetworkPhysicalNodessee node definitionVe

26、rboseRun in Verbose ModeRegionNameAzure Stack Region NamePublicCertificatePathpublic facing endpoint certificatesReRun*Rerun Deployment (w/o other param)AAD Deployment only* optional$node1 = Name=CPEC-Lenovo1; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-62 $node2 = Name=CPEC-Lenovo2; BmcIPAddress=; Mac

27、Address=E4-1D-2D-C9-C2-F6 $node3 = Name=CPEC-Lenovo3; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-6A $node4 = Name=CPEC-Lenovo4; BmcIPAddress=; MacAddress=E4-1D-2D-C9-C2-66. $physicalNodes = ( $node1, $node2, $node3, $node4, .) Install Azure StackNode definition Physical nodesInitial release 1 Scale Un

28、it with 4 nodes, 8 nodes, or 12 nodesAzure Stack App Service为什么要App Service？Web应用可以按照业务需求扩展的Web应用API应用快速构建和使用云端应用的APIFunctions无服务器，基于事件的平台，有助于快速开发云应用 App Service：一个群集服务所有租户 IaaS：租户有自己的独立虚机App Service：租户无需操心运维 IaaS：租户必须自己负责虚机的运维App Service：管理员无需操心运维App Service基础架构Web Worker VMSS，基于IIS，处理客户端的Web请求Front End VMSS，基于IIS(ARR)，接受客户端的请求，并转交给Web Worker，以及把响应回送给客户端Publisher VMSS，FTP/Git/Github/OneDrive等发布方式Management- VMSS，REST API 服务器，支持ARMDatabase 独立，支持Alwayson等，App Service的配置数据File Server 独立，支持File Cluster，存放租户的网站内容 Controller 最多两台(A/P)，非VMSS，创建和管理App Service