基础结构备份服务最佳做法Infrastructure Backup Service best practices

适用于:Azure Stack 集成系统和 Azure Stack 开发工具包Applies to: Azure Stack integrated systems and Azure Stack Development Kit

在数据中心内部署和管理 Azure Stack 时可以遵守一些最佳做法,以便在发生灾难性故障时帮助减轻数据损失。You can follow best practices when you deploy and manage Azure Stack in your datacenter to help mitigate data loss in the event of a catastrophic failure.

应当定期复查最佳做法以验证当对操作流进行了更改时你的安装是否仍然符合最佳做法。You should review the best practices at a regular interval to verify that your installation is still in compliance when changes are made to the operation flow. 如果实现这些最佳做法时遇到任何问题,请联系 Azure 支持部门来寻求帮助。Should you encounter any issues while implementing these best practices, contact Azure Support for help.

配置最佳实践Configuration best practices

部署Deployment

在部署每个 Azure Stack 云后启用基础结构备份Enable Infrastructure Backup after deployment of each Azure Stack Cloud. 可以使用 Azure Stack PowerShell 通过访问操作员管理 API 终结点从任何客户端/服务器来计划备份。Using Azure Stack PowerShell you can schedule backups from any client/server with access to the operator management API endpoint.

网络Networking

路径的通用命名约定 (UNC) 字符串必须使用完全限定的域名 (FQDN)。The Universal Naming Convention (UNC) string for the path must use a fully qualified domain name (FQDN). 如果无法使用名称解析,可以使用 IP 地址。IP address is possible if name resolution is not possible. UNC 字符串指定资源(例如共享文件或设备)的位置。A UNC string specifies the location of resources such as shared files or devices.

EncryptionEncryption

版本 1901 及更新版本Version 1901 and newer

加密证书用来对导出到外部存储的备份数据进行加密。The encryption certificate is used to encrypt backup data that gets exported to external storage. 证书可以是自签名证书,因为证书仅用于传输密钥。The certificate can be a self-signed certificate since the certificate is only used to transport keys. 有关如何创建证书的更多信息,请参阅 New-SelfSignedCertificate。Refer to New-SelfSignedCertificate for more information on how to create a certificate.
密钥必须存储在安全位置(例如,全局 Azure 密钥保管库证书)。The key must be stored in a secure location (for example, global Azure Key Vault certificate). CER 格式的证书用于加密数据。The CER format of the certificate is used to encrypt data. 在 Azure Stack 的云恢复部署期间,必须使用 PFX 格式来解密备份数据。The PFX format must be used during cloud recovery deployment of Azure Stack to decrypt backup data.

将证书存储在安全位置。

1811 版及更低版本1811 and older

加密密钥用来对导出到外部存储的备份数据进行加密。The encryption key is used to encrypt backup data that gets exported to external storage. 密钥将在使用 PowerShell 为 Azure Stack 启用备份的过程中生成。The key is generated as part of enabling backup for Azure Stack with PowerShell.

密钥必须存储在安全位置(例如,全局 Azure 密钥保管库机密)。The key must be stored in a secure location (for example, global Azure Key Vault secret). 在重新部署 Azure Stack 期间,必须使用此密钥。This key must be used during redeployment of Azure Stack.

将密钥存储在一个安全位置。

操作最佳实践Operational best practices

备份Backups

  • 备份作业在系统正在运行时执行,因此,管理体验和用户应用程序不会经历停机时间。Backup jobs execute while the system is running so there is no downtime to the management experiences or user applications. 对于负载合理的解决方案,备份作业预计要花费 20-40 分钟。Expect the backup jobs to take 20-40 minutes for a solution that is under reasonable load.
  • 根据 OEM 提供的说明,手动备份网络交换机,并且硬件生命周期主机 (HLH) 应当存储在基础结构备份控制器在其中存储控制层备份数据的同一备份共享中。Using OEM provided instructions, manually backup network switches and the hardware lifecycle host (HLH) should be stored on the same backup share where the Infrastructure Backup Controller stores control plane backup data. 请考虑将交换机和 HLH 配置存储在区域文件夹中。Consider storing switch and HLH configurations in the region folder. 如果在同一区域中有多个 Azure Stack 实例,请考虑为属于某个缩放单元的每个配置使用一个标识符。If you have multiple Azure Stack instances in the same region, consider using an identifier for each configuration that belongs to a scale unit.

文件夹名称Folder Names

  • 基础结构会自动创建 MASBACKUP 文件夹。Infrastructure creates MASBACKUP folder automatically. 这是由 Microsoft 管理的一个共享。This is a Microsoft-managed share. 你可以在与 MASBACKUP 相同的级别创建共享。You can create shares at the same level as MASBACKUP. 建议不要在不是由 Azure Stack 创建的 MASBACKUP 内创建文件夹或存储数据。It is not recommended creating folders or storage data inside of MASBACKUP that Azure Stack does not create.
  • 在文件夹名称中使用 FQDN 和区域来区分来自不同云的备份数据。User FQDN and region in your folder name to differentiate backup data from different clouds. Azure Stack 部署和终结点的完全限定的域名 (FQDN) 是区域参数和外部域名参数的组合。The fully qualified domain name (FQDN) of your Azure Stack deployment and endpoints is the combination of the Region parameter and the External Domain Name parameter. 有关详细信息,请参阅 Azure Stack 数据中心集成 - DNSFor more information, see Azure Stack datacenter integration - DNS.

例如,备份共享是 fileserver01.contoso.com 上托管的 AzSBackups。For example, the backup share is AzSBackups hosted on fileserver01.contoso.com. 在该文件共享中,每个 Azure Stack 部署可能有一个使用外部域名的文件夹和一个使用区域名称的子文件夹。In that file share there may be a folder per Azure Stack deployment using the external domain name and a subfolder that uses the region name.

FQDN:contoso.comFQDN: contoso.com
区域:nycRegion: nyc

\\fileserver01.contoso.com\AzSBackups
\\fileserver01.contoso.com\AzSBackups\contoso.com
\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc
\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\MASBackup

MASBackup 文件夹是 Azure Stack 存储其备份数据的地方。MASBackup folder is where Azure Stack stores its backup data. 不应使用此文件夹来存储你自己的数据。You should not use this folder to store your own data. OEM 也不应使用此文件夹来存储任何备份数据。OEM should not use this folder to store any backup data either.

建议 OEM 将其组件的备份数据存储在区域文件夹下。OEMs are encouraged to store backup data for their components under the region folder. 每台网络交换机、硬件生命周期主机 (HLH) 等等可以存储在其自己的子文件夹中。Each network switches, hardware lifecycle host (HLH), and so on, may be stored in its own subfolder. 例如:For example:

\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\HLH
\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\Switches
\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\DeploymentData
\\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\Registration

监视Monitoring

系统支持以下警报:The following alerts are supported by the system:

警报Alert 说明Description 补救Remediation
备份由于文件共享中的容量不足而失败Backup failed because the file share is out of capacity 文件共享中的容量不足,并且备份控制器无法将备份文件导出到此位置。File share is out of capacity and backup controller cannot export backup files to the location. 增加更多存储容量并重试备份。Add more storage capacity and try back up again. 删除现有的备份(从最旧的备份开始)以释放空间。Delete existing backups (starting from oldest first) to free up space.
备份由于连接问题而失败。Backup failed due to connectivity problems. Azure Stack 与文件共享之间的网络出现了问题。Network between Azure Stack and the file share is experiencing issues. 解决网络问题,然后重试备份。Address the network issue and try backup again.
备份由于路径中的错误而失败Backup failed due to a fault in the path 无法解析文件共享路径The file share path cannot be resolved 从另一台计算机映射共享,以确保共享可供访问。Map the share from a different computer to ensure the share is accessible. 如果路径不再有效,可能需要更新路径。You may need to update the path if it is no longer valid.
备份由于身份验证问题而失败Backup failed due to authentication issue 可能存在影响身份验证的凭据问题或网络问题。There might be an issue with the credentials or a network issue that impacts authentication. 从另一台计算机映射共享,以确保共享可供访问。Map the share from a different computer to ensure the share is accessible. 如果凭据不再有效,可能需要更新凭据。You may need to update credentials if they are no longer valid.
备份由于一般错误而失败Backup failed due to a general fault 请求失败可能是由间歇性问题导致的。The failed request could be due to an intermittent issue. 重试备份。Try back up again. 致电支持人员Call support

后续步骤Next steps

查看基础结构备份服务的参考资料Review the reference material for the Infrastructure Backup Service

启用基础结构备份服务Enable the Infrastructure Backup Service