管理 Azure 自动化数据Managing Azure Automation data

本文包含有关管理 Azure 自动化环境的多个主题。This article contains multiple topics for managing an Azure Automation environment.

数据保留Data retention

在删除 Azure 自动化中的某个资源时,该资源在被永久删除之前保留 90 天以供审核。When you delete a resource in Azure Automation, it is retained for 90 days for auditing purposes before being removed permanently. 在此期间,无法查看或使用该资源。You can't see or use the resource during this time. 此策略也适用于属于已删除的自动化帐户的资源。This policy also applies to resources that belong to an automation account that is deleted.

Azure 自动化会自动删除并永久移除 90 天之前的作业。Azure Automation automatically deletes and permanently removes jobs older than 90 days.

下表汇总了各种资源的保留策略。The following table summarizes the retention policy for different resources.

数据Data 策略Policy
帐户Accounts 在帐户被用户删除 90 天后将其永久移除。Permanently removed 90 days after the account is deleted by a user.
资产Assets 在资产被用户删除 90 天后或者在包含该资产的帐户被用户删除 90 天后将其永久移除。Permanently removed 90 days after the asset is deleted by a user, or 90 days after the account that holds the asset is deleted by a user.
模块Modules 在模块被用户删除 90 天后或者在包含该模块的帐户被用户删除 90 天后将其永久移除。Permanently removed 90 days after the module is deleted by a user, or 90 days after the account that holds the module is deleted by a user.
RunbookRunbooks 在资源被用户删除 90 天后或者在包含该资源的帐户被用户删除 90 天后将其永久移除。Permanently removed 90 days after the resource is deleted by a user, or 90 days after the account that holds the resource is deleted by a user.
作业Jobs 在上次修改 90 天后删除并永久移除。Deleted and permanently removed 90 days after last being modified. 这可能发生在作业已完成、已停止或已暂停之后。This could be after the job completes, is stopped, or is suspended.
节点配置/MOF 文件Node Configurations/MOF Files 生成新节点配置 90 天后,会永久删除旧节点配置。Old node configuration is permanently removed 90 days after a new node configuration is generated.
DSC 节点DSC Nodes 在使用 Azure 门户或 Windows PowerShell 中的 Unregister-AzureRMAutomationDscNode cmdlet 从自动化帐户中取消注册节点 90 天后,永久删除该节点。Permanently removed 90 days after the node is unregistered from Automation Account using Azure portal or the Unregister-AzureRMAutomationDscNode cmdlet in Windows PowerShell. 在用户删除保存节点的帐户 90 天后,也会永久删除该节点。Nodes are also permanently removed 90 days after the account that holds the node is deleted by a user.
节点报告Node Reports 在生成该节点的新报告 90 天后永久删除Permanently removed 90 days after a new report is generated for that node

保留策略应用于所有用户并且当前无法自定义。The retention policy applies to all users and currently cannot be customized.

但是,如果需要将数据保留更长一段时间,可以将 Runbook 作业日志转发到 Azure Monitor 日志。However, if you need to retain data for a longer period of time, you can forward runbook job logs to Azure Monitor logs. 有关详细信息,请参阅将 Azure 自动化作业数据转发到 Azure Monitor 日志For further information, review forward Azure Automation job data to Azure Monitor logs.

备份 Azure 自动化Backing up Azure Automation

删除 Azure 中的某个自动化帐户时,该帐户中的所有对象都会被删除,包括 Runbook、模块、配置、设置、作业和资产。When you delete an automation account in Azure, all objects in the account are deleted including runbooks, modules, configurations, settings, jobs, and assets. 在删除帐户后,这些对象不可恢复。The objects cannot be recovered after the account is deleted. 在删除自动化帐户之前,可以参考以下信息来备份该帐户的内容。You can use the following information to backup the contents of your automation account before deleting it.

RunbookRunbooks

可以使用 Azure 门户或 Windows PowerShell 中的 Get-AzureAutomationRunbookDefinition cmdlet 将 Runbook 导出到脚本文件。You can export your runbooks to script files using either the Azure portal or the Get-AzureAutomationRunbookDefinition cmdlet in Windows PowerShell. 可以根据创建或导入 Runbook 中所述,将这些脚本文件导入另一个自动化帐户。These script files can be imported into another automation account as discussed in Creating or Importing a Runbook.

集成模块Integration modules

无法从 Azure 自动化导出集成模块。You cannot export integration modules from Azure Automation. 必须确保这些模块可在自动化帐户外部使用。You must ensure that they are available outside of the automation account.

资产Assets

无法从 Azure 自动化导出 资产You cannot export assets from Azure Automation. 使用 Azure 门户时,必须记下变量、凭据、证书、连接和计划的详细信息。Using the Azure portal, you must note the details of variables, credentials, certificates, connections, and schedules. 然后,必须手动创建用户导入到另一个自动化中的 Runbook 使用的任何资产。You must then manually create any assets that are used by runbooks that you import into another automation.

但可以使用 Azure cmdlet 检索未加密资产的详细信息,然后保存这些资产供将来参考,或在另一个自动化帐户中创建等效的资产。You can use Azure cmdlets to retrieve details of unencrypted assets and either save them for future reference or create equivalent assets in another automation account.

无法使用 cmdlet 检索已加密变量或凭据密码字段的值。You cannot retrieve the value for encrypted variables or the password field of credentials using cmdlets. 如果不知道这些值,可以使用 Get-AutomationVariableGet-AutomationPSCredential 活动从 Runbook 中检索这些值。If you don't know these values, then you can retrieve them from a runbook using the Get-AutomationVariable and Get-AutomationPSCredential activities.

无法从 Azure 自动化导出证书。You cannot export certificates from Azure Automation. 必须确保所有证书在 Azure 外部可用。You must ensure that any certificates are available outside of Azure.

DSC 配置DSC configurations

可以使用 Azure 门户或 Windows PowerShell 中的 Export-AzureRmAutomationDscConfiguration cmdlet 将配置导出到脚本文件。You can export your configurations to script files using either the Azure portal or the Export-AzureRmAutomationDscConfiguration cmdlet in Windows PowerShell. 可以在另一个自动化帐户中导入并使用这些配置。These configurations can be imported and used in another automation account.

Azure 自动化中的异地复制Geo-replication in Azure Automation

Azure 自动化帐户中标配的异地复制可将帐户数据备份到其他地理区域以实现冗余。Geo-replication, standard in Azure Automation accounts, backs up account data to a different geographical region for redundancy. 用户可以在设置帐户时选择主要区域,会自动向它分配次要区域。You can choose a primary region when setting up your account, and then a secondary region is assigned to it automatically. 从主要区域复制的辅助数据会持续更新,以防数据丢失。The secondary data, copied from the primary region, is continuously updated in case of data loss.

如果主要区域发生数据丢失(这种情况很少见),Azure 将尝试恢复数据。In the unlikely event that a primary region data is lost, Azure attempts to recover it. 如果无法恢复主数据,则执行异地故障转移,并通过受影响用户的订阅向其通知此项操作。If the primary data cannot be recovered, then geo-failover is performed and the affected customers will be notified about this through their subscription.