Azure 虛擬機器規模設定 (VMSS) 提供部署和管理一組相同虛擬機器的能力。虛擬機器的數量可以根據可配置的縮放規則自動增加或減少。欲了解詳細資訊,請參閱 Azure 中的虛擬機器規模設定是什麼?
您可以設置您的 VMSS 以包含已預先安裝和預先啟動代理程式的基本 VM 映像。隨著 VMSS 擴展,擴展集中新的 VM 實例將自動包含代理程式。
將代理程式新增到您的 VMSS:
步驟 1:將您的 Azure 訂閱新增至 Cloud Accounts
趨勢科技 建議使用 Cloud Accounts 連接您的 Azure 訂閱。通過連接到雲端帳戶,您可以獲得 Trend Vision One 中可用的最新雲端安全功能。此外,伺服器與工作負載保護 監控您的 Azure 實例,並可以在您擴展或縮減您的擴展集時,自動從 Computers 和 Endpoint Inventory 中添加或移除虛擬機。單獨添加到 伺服器與工作負載保護 的實例在您縮減時不會自動從清單中移除。
伺服器與工作負載保護 將 Azure 實例新增到您的清單中,無論虛擬機器是否已安裝代理程式。未安裝代理程式的實例狀態為無代理程式。在您的實例上安裝並啟用代理程式後,狀態會變更為已管理(在線)。
要了解有關添加 Azure 訂閱的更多信息,請參閱 連接和更新 Azure 訂閱。
步驟 2:準備部署程式檔
您可以從Endpoint Inventory配置並下載具有伺服器與工作負載保護功能的Trend Vision One 端點安全代理部署程式檔。欲了解有關使用部署程式檔的詳細資訊,請參閱執行部署程式檔。
以下資訊僅供參考使用。
在 伺服器與工作負載保護 中,準備一個部署程式檔。說明請參閱 使用部署程式檔來新增和保護電腦。此部署程式檔將在您接下來配置的自訂程式碼擴充中被引用。
要使用以下 VMSS 腳本執行自訂腳本,必須將腳本存儲在 Azure Blob 儲存體或任何其他可通過有效 URL 訪問的位置資訊中。有關如何將文件上傳到 Azure
Blob 儲存體的說明,請參閱 使用 Azure PowerShell 執行 Azure Blob 儲存體操作。
步驟 3:透過自訂腳本擴充功能將代理程式新增到您的 VMSS 實例
以下是使用 PowerShell 添加代理的範例:
兩個範例:
- 使用
Add-AzureRmVmssExtensionCmdlet 將擴展新增至 VMSS - 使用 Azure PowerShell 版本 5.1.1
有關使用 PowerShell cmdlet 建立新 VMSS 的指示,請參閱 此 Microsoft 教程。對於 Linux 平台,請參閱 https://github.com/Azure/custom-script-extension-linux。
範例 1:建立包含代理程式的新 VMSS
$resourceGroupName = <The resource group of the VMSS>
$vmssname = <The name of the VMSS>
# Create ResourceGroup
New-AzureRmResourceGroup -ResourceGroupName $resourceGroupName -Location EastUS
# Create a config object
$vmssConfig = New-AzureRmVmssConfig `
-Location EastUS `
-SkuCapacity 2 `
-SkuName Standard_DS2 `
-UpgradePolicyMode Automatic
# Define the script for your Custom Script Extension to run on the Windows Platform
$customConfig = @{
"fileUris" = (,"A URL of your copy of deployment script, ex. deploymentscript.ps1");
"commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File deploymentscript.ps1"
}
# Define the script for your Custom Script Extension to run on the Linux Platform
#$customConfig = @{
# "fileUris" = (,"A URL of your copy of deployment script, ex. deploymentscript.sh");
# "commandToExecute" = "bash deploymentscript.sh"
#}
# The section is required only if deploymentscript has been located within Azure StorageAccount
$storageAccountName = <StorageAccountName if deploymentscript is locate in Azure Storage>
$key = (Get-AzureRmStorageAccountKey -Name $storageAccountName -ResourceGroupName $resourceGroupName).Value[0]
$protectedConfig = @{
"storageAccountName" = $storageAccountName;
"storageAccountKey" = $key
}
# Use Custom Script Extension to install the agent (Windows)
Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmssConfig `
-Name "customScript" `
-Publisher "Microsoft.Compute" `
-Type "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-Setting $customConfig `
-ProtectedSetting $protectedConfig
# Use Custom Script Extension to install the agent (Linux)
#Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmssConfig `
# -Name "customScript" `
# -Publisher "Microsoft.Azure.Extensions" `
# -Type "customScript" `
# -TypeHandlerVersion 2.0 `
# -Setting $customConfig `
# -ProtectedSetting $protectedConfig
# Create a public IP address
# Create a frontend and backend IP pool
# Create the load balancer
# Create a load balancer health probe on port 80
# Create a load balancer rule to distribute traffic on port 80
# Update the load balancer configuration
# Reference a virtual machine image from the gallery
# Set up information for authenticating with the virtual machine
# Create the virtual network resources
# Attach the virtual network to the config object
# Create the scale set with the config object (this step might take a few minutes)
New-AzureRmVmss `
-ResourceGroupName $resourceGroupName `
-Name $vmssname `
-VirtualMachineScaleSet $vmssConfig
範例 2:將代理程式新增到現有的 VMSS
$resourceGroupName = <The resource group of the VMSS>
$vmssname = <The name of the VMSS>
# Get the VMSS model
$vmssobj = Get-AzureRmVmss -ResourceGroupName $resourceGroupName -VMScaleSetName $vmssname
# Show model data if you prefer
# Write-Output $vmssobj
# Define the script for your Custom Script Extension to run on the Windows platform
$customConfig = @{
"fileUris" = (,"A URL of your copy of deployment script, ex. deploymentscript.ps1");
"commandToExecute" = "powershell -ExecutionPolicy Unrestricted -File deploymentscript.ps1"
}
# Define the script for your Custom Script Extension to run on the Linux platform
#$customConfig = @{
# "fileUris" = (,"A URL of your copy of deployment script, ex. deploymentscript.sh");
# "commandToExecute" = "bash deploymentscript.sh"
#}
# The section is required only if deploymentscript has been located within Azure StorageAccount
$storageAccountName = <StorageAccountName if deploymentscript is locate in Azure Storage>
$key= (Get-AzureRmStorageAccountKey -Name $storageAccountName -ResourceGroupName $resourceGroupName).Value[0]
$protectedConfig = @{
"storageAccountName" = $storageAccountName;
"storageAccountKey" = $key
}
# Use Custom Script Extension to install the agent (Windows)
$newvmssobj = Add-AzureRmVmssExtension `
-VirtualMachineScaleSet $vmssobj `
-Name "customScript" `
-Publisher "Microsoft.Compute" `
-Type "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-Setting $customConfig `
-ProtectedSetting $protectedConfig
# Use Custom Script Extension to install the agent (Linux)
#$newvmssobj = Add-AzureRmVmssExtension `
# -VirtualMachineScaleSet $vmssobj `
# -Name "customScript" `
# -Publisher "Microsoft.Azure.Extensions" `
# -Type "customScript" `
# -TypeHandlerVersion 2.0 `
# -Setting $customConfig `
# -ProtectedSetting $protectedConfig
# Update the virtual machine scale set model
Update-AzureRmVmss -ResourceGroupName $resourceGroupName -name $vmssname -VirtualMachineScaleSet $newvmssobj -Verbose
# Get Instance ID for all instances in this VMSS, and decide which instance you'd like to update
# Get-AzureRmVmssVM -ResourceGroupName $resourceGroupName -VMScaleSetName $vmssname
# Now start updating instances
# If upgradePolicy is Automatic in the VMSS, do NOT execute the next command Update-AzureRmVmssInstance. Azure will auto-update the VMSS.
# There's no PowerShell command to update all instances at once. But you could refer to the output of Update-AzureRmVmss, and loop all instances into this command.
Update-AzureRmVmssInstance -ResourceGroupName $resourceGroupName -VMScaleSetName $vmssname -InstanceId 0