使用 Azure 备份服务器备份 VMware VMBack up VMware VMs with Azure Backup Server

本文介绍如何使用 Azure 备份服务器将 VMware ESXi 主机/vCenter 服务器上运行的 VMware VM 备份到 Azure。This article explains how to back up VMware VMs running on VMware ESXi hosts/vCenter Server to Azure using Azure Backup Server.

本文介绍如何执行以下操作:This article explains how to:

  • 设置一个安全通道,使 Azure 备份服务器能够通过 HTTPS 来与 VMware 服务器通信。Set up a secure channel so that Azure Backup Server can communicate with VMware servers over HTTPS.
  • 设置一个可供 Azure 备份服务器用来访问 VMware 服务器的 VMware 帐户。Set up a VMware account that Azure Backup Server uses to access the VMware server.
  • 将帐户凭据添加到 Azure 备份。Add the account credentials to Azure Backup.
  • 将 vCenter 或 ESXi 服务器添加到 Azure 备份服务器。Add the vCenter or ESXi server to Azure Backup Server.
  • 设置一个包含要备份的 VMware VM 的保护组,指定备份设置,并计划备份。Set up a protection group that contains the VMware VMs you want to back up, specify backup settings, and schedule the backup.

开始之前Before you start

  • 验证运行的是否是支持备份的 vCenter/ESXi 版本。Verify that you're running a version of vCenter/ESXi that's supported for backup. 请参阅此处的支持矩阵。Refer to the support matrix here.
  • 确保已设置 Azure 备份服务器。Make sure you've set up Azure Backup Server. 如果没有,请在开始之前进行设置If you haven't, do that before you start. 应运行装有最新更新的 Azure 备份服务器。You should be running Azure Backup Server with the latest updates.
  • 确保以下网络端口处于打开状态:Ensure the following network ports are open:
    • MABS 与 vCenter 之间的 TCP 443TCP 443 between MABS and vCenter
    • MABS 与 ESXi 主机之间的 TCP 443 和 TCP 902TCP 443 and TCP 902 between MABS and ESXi host

与 vCenter 服务器建立安全连接Create a secure connection to the vCenter Server

默认情况下,Azure 备份服务器通过 HTTPS 来与 VMware 服务器通信。By default, Azure Backup Server communicates with VMware servers over HTTPS. 若要设置 HTTPS 连接,请下载 VMware 证书颁发机构 (CA) 证书,并将其导入到 Azure 备份服务器。To set up the HTTPS connection, download the VMware Certificate Authority (CA) certificate, and import it on the Azure Backup Server.

准备阶段Before you begin

  • 如果不想使用 HTTPS,可以对所有 VMware 服务器禁用 HTTPS 证书验证If you don't want to use HTTPS, you can disable HTTPS certificate validation for all VMware servers.
  • 通常,你会使用 vSphere Web 客户端从 Azure 备份服务器计算机上的浏览器连接到 vCenter/ESXi 服务器。You typically connect from a browser on the Azure Backup Server machine to the vCenter/ESXi server using the vSphere Web Client. 首次执行此操作时,连接并不安全,会显示以下消息。The first time you do this, the connection isn't secure and will show the following.
  • 必须了解 Azure 备份服务器处理备份的方式。It's important to understand how Azure Backup Server handles backups.
    • Azure 备份服务器首先将数据备份到本地磁盘存储。As a first step Azure Backup Server backs up data to local disk storage. 对于保护的数据,Azure 备份服务器将使用存储池,即,Azure 备份服务器用来存储磁盘恢复点的一组磁盘和卷。Azure Backup Server uses a storage pool, a set of disks and volumes on which Azure Backup Server stores disk recovery points for its protected data. 该存储池可以是直接附加存储 (DAS)、光纤通道 SAN,或者 iSCSI 存储设备或 SAN。The storage pool can be directly attached storage (DAS), a fiber channel SAN, or iSCSI storage device or SAN. 必须确保为 VMware VM 数据的本地备份提供足够的存储空间。It's important to ensure that you have sufficient storage for local backup of your VMware VM data.
    • 然后,Azure 备份服务器会从本地磁盘存储备份到 Azure。Azure Backup Server then backs up from the local disk storage to Azure.
    • 获取测算所需存储空间量的帮助Get help to figure out how much storage space you need. 该信息适用于 DPM,但也适用于 Azure 备份服务器。The information is for DPM but can be used for Azure Backup Server too.

设置证书Set up the certificate

按如下所述设置安全通道:Set up a secure channel as follows:

  1. 在 Azure 备份服务器上的浏览器中,输入 vSphere Web 客户端 URL。In the browser on Azure Backup Server, enter the vSphere Web Client URL. 如果登录页未显示,请验证连接和浏览器代理设置。If the login page doesn't appear, verify the connection and browser proxy settings.

    vSphere Web 客户端

  2. 在 vSphere Web 客户端登录页上,单击“下载受信任的根 CA 证书”。On the vSphere Web Client login page, click Download trusted root CA certificates.

    下载受信任的根 CA 证书

  3. 随后将下载名为 download 的文件。A file named download is downloaded. 根据所用的浏览器,此时会出现一条消息,询问是打开还是保存该文件。Depending on your browser, you receive a message that asks whether to open or save the file.

    下载 CA 证书

  4. 以 .zip 扩展名将该文件保存在 Azure 备份服务器计算机上。Save the file on the Azure Backup Server machine with a .zip extension.

  5. 右键单击“download.zip”并选择“全部解压缩”。 Right-click download.zip > Extract All. .zip 文件的内容将解压缩到 certs 文件夹,其中包含:The .zip file extracts its contents to the certs folder, which contains:

    • 根证书文件的扩展名以类似 .0 和 .1 的编号顺序开头。The root certificate file with an extension that begins with a numbered sequence like .0 and .1.
    • CRL 文件的扩展名以类似 .r0 或 .r1 的序列开头。The CRL file has an extension that begins with a sequence like .r0 or .r1. CRL 文件与证书关联。The CRL file is associated with a certificate.

    下载的证书

  6. certs 文件夹中,右键单击根证书文件并选择“重命名”。In the certs folder, right-click the root certificate file > Rename.

    重命名根证书

  7. 将根证书的扩展名更改为 .crt,并确认。Change the root certificate's extension to .crt, and confirm. 文件图标将更改为表示根证书的图标。The file icon changes to one that represents a root certificate.

  8. 右键单击根证书,然后在弹出菜单中选择“安装证书”。Right-click the root certificate and from the pop-up menu, select Install Certificate.

  9. 在“证书导入向导”中,选择“本地计算机”作为证书的目标,然后单击“下一步”。 In Certificate Import Wizard, select Local Machine as the destination for the certificate, and then click Next. 如果系统询问是否要允许对计算机所做的更改,请确认。Confirm if you're asked if you want to allow changes to the computer.

    向导中的“欢迎使用”

  10. 在“证书存储”页上,选择“将所有的证书都放入下列存储”,然后单击“浏览”以选择证书存储。 On the Certificate Store page, select Place all certificates in the following store, and then click Browse to choose the certificate store.

    证书存储

  11. 在“选择证书存储”中,选择“受信任的根证书颁发机构”作为证书的目标文件夹,然后单击“确定”。 In Select Certificate Store, select Trusted Root Certification Authorities as the destination folder for the certificates, and then click OK.

    证书目标文件夹

  12. 在“正在完成证书导入向导”中检查文件夹,然后单击“完成”。 In Completing the Certificate Import Wizard, verify the folder, and then click Finish.

    验证证书是否位于正确的文件夹中

  13. 确认导入证书后,登录到 vCenter 服务器以确认连接安全。After the certificate import is confirmed, sign in to the vCenter Server to confirm that your connection is secure.

禁用 HTTPS 证书验证Disable HTTPS certificate validation

如果你在组织中创建了安全边界并且不想要在 VMware 服务器与 Azure 备份服务器计算机之间使用 HTTPS 协议,请按如下所述禁用 HTTPS:If you have secure boundaries within your organization, and don't want to use the HTTPS protocol between VMware servers and the Azure Backup Server machine, disable HTTPS as follows:

  1. 将以下文本复制并粘贴到 .txt 文件中。Copy and paste the following text into a .txt file.

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]
    "IgnoreCertificateValidation"=dword:00000001
    
  2. 使用文件名 DisableSecureAuthentication.reg 将该文件保存在 Azure 备份服务器计算机上。Save the file on the Azure Backup Server machine with the name DisableSecureAuthentication.reg.

  3. 双击文件激活注册表项。Double-click the file to activate the registry entry.

创建 VMware 角色Create a VMware role

Azure 备份服务器需要一个有权访问 V-Center 服务器/ESXi 主机的用户帐户。The Azure Backup Server needs a user account with permissions to access v-Center Server/ESXi host. 创建一个具有特定特权的 VMware 角色,然后将某个用户帐户关联到该角色。Create a VMware role with specific privileges, and then associate a user account with the role.

  1. 登录到 vCenter 服务器(如果不使用 vCenter 服务器,则登录到 ESXi 主机)。Sign in to the vCenter Server (or ESXi host if you're not using vCenter Server).

  2. 在“导航器”面板中,单击“管理”。 In the Navigator panel, click Administration.

    管理

  3. 在“管理” > “角色”中,单击“添加角色”图标(加号)。 In Administration > Roles, click the add role icon (the + symbol).

    添加角色

  4. 在“创建角色” > “角色名称”中,输入 BackupAdminRoleIn Create Role > Role name, enter BackupAdminRole. 角色名称可以是所需的任何名称,但应有助于识别该角色。The role name can be whatever you like, but it should be recognizable for the role's purpose.

  5. 选择下表中汇总的特权,然后单击“确定”。Select the privileges as summarized in the table below, and then click OK. 新角色随即显示在“角色”窗格中的列表内。The new role appears on the list in the Roles panel.

    • 单击父标签旁的图标展开父级,并查看子级特权。Click the icon next to the parent label to expand the parent and view the child privileges.
    • 若要选择 VirtualMachine 权限,需跳转几个级别转到父子层次结构。To select the VirtualMachine privileges, you need to go several levels into the parent child hierarchy.
    • 不需要选择父特权中的所有子特权。You don't need to select all child privileges within a parent privilege.

    父子权限层次结构

角色权限Role permissions

vCenter 6.7 用户帐户的特权Privileges for vCenter 6.7 user account vCenter 6.5 用户帐户的特权Privileges for vCenter 6.5 user account
Datastore cluster.Configure a datatstore clusterDatastore cluster.Configure a datatstore cluster Datastore cluster.Configure a datatstore clusterDatastore cluster.Configure a datatstore cluster
Datastore.AllocateSpaceDatastore.AllocateSpace Datastore.AllocateSpaceDatastore.AllocateSpace
Datastore.Browse datastoreDatastore.Browse datastore Datastore.Browse datastoreDatastore.Browse datastore
Datastore.Low-level file operationsDatastore.Low-level file operations Datastore.Low-level file operationsDatastore.Low-level file operations
Global.Disable methodsGlobal.Disable methods Global.Disable methodsGlobal.Disable methods
Global.Enable methodsGlobal.Enable methods Global.Enable methodsGlobal.Enable methods
Global.LicensesGlobal.Licenses Global.LicensesGlobal.Licenses
Global.Log eventGlobal.Log event Global.Log eventGlobal.Log event
Global.Manage custom attributesGlobal.Manage custom attributes Global.Manage custom attributesGlobal.Manage custom attributes
Global.Set custom attributeGlobal.Set custom attribute Global.Set custom attributeGlobal.Set custom attribute
Host.Local operations.Create virtual machineHost.Local operations.Create virtual machine Host.Local operations.Create virtual machineHost.Local operations.Create virtual machine
Network.Assign networkNetwork.Assign network Network.Assign networkNetwork.Assign network
Resource.Resource. Assign virtual machine to resource poolAssign virtual machine to resource pool Resource.Resource. Assign virtual machine to resource poolAssign virtual machine to resource pool
vApp.Add virtual machinevApp.Add virtual machine vApp.Add virtual machinevApp.Add virtual machine
vApp.Assign resource poolvApp.Assign resource pool vApp.Assign resource poolvApp.Assign resource pool
vApp.UnregistervApp.Unregister vApp.UnregistervApp.Unregister
VirtualMachine.Configuration.VirtualMachine.Configuration. Add Or Remove DeviceAdd Or Remove Device VirtualMachine.Configuration.VirtualMachine.Configuration. Add Or Remove DeviceAdd Or Remove Device
Virtual machine.Configuration.Acquire disk leaseVirtual machine.Configuration.Acquire disk lease Virtual machine.Configuration.Disk leaseVirtual machine.Configuration.Disk lease
Virtual machine.Configuration.Add new diskVirtual machine.Configuration.Add new disk Virtual machine.Configuration.Add new diskVirtual machine.Configuration.Add new disk
Virtual machine.Configuration.Advanced configurationVirtual machine.Configuration.Advanced configuration Virtual machine.Configuration.AdvancedVirtual machine.Configuration.Advanced
Virtual machine.Configuration.Toggle disk change trackingVirtual machine.Configuration.Toggle disk change tracking Virtual machine.Configuration.Disk change trackingVirtual machine.Configuration.Disk change tracking
Virtual machine.Configuration.Configure Host USB deviceVirtual machine.Configuration.Configure Host USB device Virtual machine.Configuration.Host USB deviceVirtual machine.Configuration.Host USB device
Virtual machine.Configuration.Extend virtual diskVirtual machine.Configuration.Extend virtual disk Virtual machine.Configuration.Extend virtual diskVirtual machine.Configuration.Extend virtual disk
Virtual machine.Configuration.Query unowned filesVirtual machine.Configuration.Query unowned files Virtual machine.Configuration.Query unowned filesVirtual machine.Configuration.Query unowned files
Virtual machine.Configuration.Change Swapfile placementVirtual machine.Configuration.Change Swapfile placement Virtual machine.Configuration.Swapfile placementVirtual machine.Configuration.Swapfile placement
Virtual machine.Guest Operations.Guest Operation Program ExecutionVirtual machine.Guest Operations.Guest Operation Program Execution Virtual machine.Guest Operations.Guest Operation Program ExecutionVirtual machine.Guest Operations.Guest Operation Program Execution
Virtual machine.Guest Operations.Guest Operation ModificationsVirtual machine.Guest Operations.Guest Operation Modifications Virtual machine.Guest Operations.Guest Operation ModificationsVirtual machine.Guest Operations.Guest Operation Modifications
Virtual machine.Guest Operations.Guest Operation QueriesVirtual machine.Guest Operations.Guest Operation Queries Virtual machine.Guest Operations.Guest Operation QueriesVirtual machine.Guest Operations.Guest Operation Queries
Virtual machine.Interaction.Device connectionVirtual machine .Interaction .Device connection Virtual machine.Interaction.Device connectionVirtual machine .Interaction .Device connection
Virtual machine.Interaction.Guest operating system management by VIX APIVirtual machine .Interaction .Guest operating system management by VIX API Virtual machine.Interaction.Guest operating system management by VIX APIVirtual machine .Interaction .Guest operating system management by VIX API
Virtual machine.Interaction.Power OffVirtual machine .Interaction .Power Off Virtual machine.Interaction.Power OffVirtual machine .Interaction .Power Off
Virtual machine.Inventory.Create newVirtual machine .Inventory.Create new Virtual machine.Inventory.Create newVirtual machine .Inventory.Create new
Virtual machine .Inventory.RemoveVirtual machine .Inventory.Remove Virtual machine .Inventory.RemoveVirtual machine .Inventory.Remove
Virtual machine .Inventory.RegisterVirtual machine .Inventory.Register Virtual machine .Inventory.RegisterVirtual machine .Inventory.Register
Virtual machine.Provisioning.Allow disk accessVirtual machine .Provisioning.Allow disk access Virtual machine.Provisioning.Allow disk accessVirtual machine .Provisioning.Allow disk access
Virtual machine.Provisioning.Allow file accessVirtual machine .Provisioning.Allow file access Virtual machine.Provisioning.Allow file accessVirtual machine .Provisioning.Allow file access
Virtual machine.Provisioning.Allow read-only disk accessVirtual machine .Provisioning.Allow read-only disk access Virtual machine.Provisioning.Allow read-only disk accessVirtual machine .Provisioning.Allow read-only disk access
Virtual machine.Provisioning.Allow virtual machine downloadVirtual machine .Provisioning.Allow virtual machine download Virtual machine.Provisioning.Allow virtual machine downloadVirtual machine .Provisioning.Allow virtual machine download
Virtual machine .Snapshot management.Virtual machine .Snapshot management. 创建快照Create snapshot Virtual machine .Snapshot management.Virtual machine .Snapshot management. 创建快照Create snapshot
Virtual machine.Snapshot management.Remove SnapshotVirtual machine .Snapshot management.Remove Snapshot Virtual machine.Snapshot management.Remove SnapshotVirtual machine .Snapshot management.Remove Snapshot
Virtual machine.Snapshot management.Revert to snapshotVirtual machine .Snapshot management.Revert to snapshot Virtual machine.Snapshot management.Revert to snapshotVirtual machine .Snapshot management.Revert to snapshot

vCenter 6.0 用户帐户的特权Privileges for vCenter 6.0 user account vCenter 5.5 用户帐户的特权Privileges for vCenter 5.5 user account
Datastore.AllocateSpaceDatastore.AllocateSpace Network.AssignNetwork.Assign
Global.Manage custom attributesGlobal.Manage custom attributes Datastore.AllocateSpaceDatastore.AllocateSpace
Global.Set custom attributeGlobal.Set custom attribute VirtualMachine.Config.ChangeTrackingVirtualMachine.Config.ChangeTracking
Host.Local operations.Create virtual machineHost.Local operations.Create virtual machine VirtualMachine.State.RemoveSnapshotVirtualMachine.State.RemoveSnapshot
Network.Network. Assign networkAssign network VirtualMachine.State.CreateSnapshotVirtualMachine.State.CreateSnapshot
Resource.Resource. Assign virtual machine to resource poolAssign virtual machine to resource pool VirtualMachine.Provisioning.DiskRandomReadVirtualMachine.Provisioning.DiskRandomRead
Virtual machine.Configuration.Add new diskVirtual machine.Configuration.Add new disk VirtualMachine.Interact.PowerOffVirtualMachine.Interact.PowerOff
Virtual machine.Configuration.AdvancedVirtual machine.Configuration.Advanced VirtualMachine.Inventory.CreateVirtualMachine.Inventory.Create
Virtual machine.Configuration.Disk change trackingVirtual machine.Configuration.Disk change tracking VirtualMachine.Config.AddNewDiskVirtualMachine.Config.AddNewDisk
Virtual machine.Configuration.Host USB deviceVirtual machine.Configuration.Host USB device VirtualMachine.Config.HostUSBDeviceVirtualMachine.Config.HostUSBDevice
Virtual machine.Configuration.Query unowned filesVirtual machine.Configuration.Query unowned files VirtualMachine.Config.AdvancedConfigVirtualMachine.Config.AdvancedConfig
Virtual machine.Configuration.Swapfile placementVirtual machine.Configuration.Swapfile placement VirtualMachine.Config.SwapPlacementVirtualMachine.Config.SwapPlacement
Virtual machine.Interaction.Power OffVirtual machine.Interaction.Power Off Global.ManageCustomFieldsGlobal.ManageCustomFields
Virtual machine.Inventory.Virtual machine.Inventory. 新建Create new
Virtual machine.Provisioning.Allow disk accessVirtual machine.Provisioning.Allow disk access
Virtual machine.Provisioning.Virtual machine.Provisioning. Allow read-only disk accessAllow read-only disk access
Virtual machine.Snapshot management.Create snapshotVirtual machine.Snapshot management.Create snapshot
Virtual machine.Snapshot management.Remove SnapshotVirtual machine.Snapshot management.Remove Snapshot

创建 VMware 帐户Create a VMware account

  1. 在 vCenter 服务器的“导航器”面板中,单击“用户和组”。 In vCenter Server Navigator panel, click Users and Groups. 如果不使用 vCenter 服务器,请在相应的 ESXi 主机上创建帐户。If you don't use vCenter Server, create the account on the appropriate ESXi host.

    “用户和组”选项

    此时会显示“vCenter 用户和组”面板。The vCenter Users and Groups panel appear.

  2. 在“vCenter 用户和组”面板中,选择“用户”选项卡,然后单击“添加用户”图标(加号)。 In the vCenter Users and Groups panel, select the Users tab, and then click the add users icon (the + symbol).

    “vCenter 用户和组”面板

  3. 在“新建用户”对话框中,添加用户信息并选择“确定”。 In New User dialog box, add the user information > OK. 在此过程中,用户名是 BackupAdmin。In this procedure, the username is BackupAdmin.

    “新建用户”对话框

  4. 若要将用户帐户与角色关联,请在“导航器”面板中单击“全局权限”。 To associate the user account with the role, in the Navigator panel, click Global Permissions. 在“全局权限”面板中选择“管理”选项卡,然后单击“添加”图标(加号)。 In the Global Permissions panel, select the Manage tab, and then click the add icon (the + symbol).

    “全局权限”面板

  5. 在“全局权限 Root - 添加权限”中,单击“添加”选择用户或组。 In Global Permission Root - Add Permission, click Add to choose the user or group.

    选择用户或组

  6. 在“选择用户/组”中,选择“BackupAdmin” > “添加”。 In Select Users/Groups, choose BackupAdmin > Add. 在“用户”中,用户帐户采用“域\用户名”格式。In Users, the domain\username format is used for the user account. 若要使用其他域,请从“域”列表中选择该域。If you want to use a different domain, choose it from the Domain list. 单击“确定”,将选定的用户添加到“添加权限”对话框中。 Click OK to add the selected users to the Add Permission dialog box.

    添加 BackupAdmin 用户

  7. 在“分配的角色”的下拉列表中,选择“BackupAdminRole” > “确定”。 In Assigned Role, from the drop-down list, select BackupAdminRole > OK.

    向角色分配用户

新用户帐户和关联的角色显示在“全局权限”面板的“管理”选项卡的列表中。 On the Manage tab in the Global Permissions panel, the new user account and the associated role appear in the list.

在 Azure 备份服务器上添加帐户Add the account on Azure Backup Server

  1. 打开 Azure 备份服务器。Open Azure Backup Server. 如果在桌面上找不到该图标,请从应用列表中打开“Azure 备份”。If you can't find the icon on the desktop, open Azure Backup from the apps list.

    Azure 备份服务器图标

  2. 在 Azure 备份服务器控制台中,单击“管理” > “生产服务器” > “管理 VMware”。 In the Azure Backup Server console, click Management > Production Servers > Manage VMware.

    Azure 备份服务器控制台

  3. 在“管理证书”对话框中,单击“添加”。 In the Manage Credentials dialog box, click Add.

    Azure 备份服务器的“管理凭据”对话框

  4. 在“添加凭据”中,输入新凭据的名称和说明,并指定在 VMware 服务器上定义的用户名和密码。In Add Credential, enter a name and a description for the new credential, and specify the username and password you defined on the VMware server. 名称 Contoso Vcenter credential 用于标识此过程中的凭据。The name, Contoso Vcenter credential is used to identify the credential in this procedure. 如果 VMware 服务器和 Azure 备份服务器不在同一个域中,请在用户名中指定域。If the VMware server and Azure Backup Server aren't in the same domain, specify the domain in the user name.

    Azure 备份服务器的“添加凭据”对话框

  5. 单击“添加”以添加新凭据。Click Add to add the new credential.

    Azure 备份服务器的“管理凭据”对话框

添加 vCenter 服务器Add the vCenter Server

将 vCenter 服务器添加到 Azure 备份服务器。Add the vCenter Server to Azure Backup Server.

  1. 在 Azure 备份服务器控制台中,单击“管理” > “生产服务器” > “添加”。 In the Azure Backup Server console, click Management > Production Servers > Add.

    打开生产服务器添加向导

  2. 在“生产服务器添加向导” > “选择生产服务器类型”页中,选择“VMware 服务器”,然后单击“下一步”。 In Production Server Addition Wizard > Select Production Server type page, select VMware Servers, and then click Next.

    生产服务器添加向导

  3. 在“选择计算机”>“服务器名称/IP 地址”中,指定 VMware 服务器的 FQDN 或 IP 地址。 In Select Computers Server Name/IP Address, specify the FQDN or IP address of the VMware server. 如果所有 ESXi 服务器由同一个 vCenter 管理,请指定 vCenter 名称。If all the ESXi servers are managed by the same vCenter, specify the vCenter name. 否则请添加 ESXi 主机。Otherwise, add the ESXi host.

    指定 VMware 服务器

  4. 在“SSL 端口”中,输入用于与 VMware 服务器通信的端口。In SSL Port, enter the port that's used to communicate with the VMware server. 443 是默认端口,但如果 VMware 服务器在不同的端口上侦听,则你可以更改端口。443 is the default port, but you can change it if your VMware server listens on a different port.

  5. 在“指定凭据”中,选择先前创建的凭据。In Specify Credential, select the credential that you created earlier.

    指定凭据

  6. 单击“添加”将 VMware 服务器添加到服务器列表。Click Add to add the VMware server to the servers list. Then click Next.

    添加 VMWare 服务器和凭据

  7. 在“摘要”页中单击“添加”,将 VMware 服务器添加到 Azure 备份服务器。 In the Summary page, click Add to add the VMware server to Azure Backup Server. 新服务器会立即添加,无需在 VMware 服务器上安装代理。The new server is added immediately, no agent is needed on the VMware server.

    将 VMware 服务器添加到 Azure 备份服务器

  8. 在“完成”页上检查设置。Verify settings on the Finish page.

    “完成”页

如果有多个 ESXi 主机不受 vCenter 服务器的管理,或者有多个 vCenter 服务器实例,则需要重新运行向导来添加服务器。If you have multiple ESXi hosts that aren't managed by vCenter server, or you have multiple instances of vCenter Server, you need to rerun the wizard to add the servers.

配置保护组Configure a protection group

添加要备份的 VMware VM。Add VMware VMs for backup. 保护组收集多个 VM,并将相同的数据保留和备份设置应用到组中的所有 VM。Protection groups gather multiple VMs and apply the same data retention and backup settings to all VMs in the group.

  1. 在 Azure 备份服务器控制台中,单击“保护”>“新建”。 In the Azure Backup Server console, click Protection, > New.

    打开“创建新保护组”向导

  2. 在“新建保护组”向导的欢迎页中,单击“下一步”。 In the Create New Protection Group wizard welcome page, click Next.

    “创建新保护组”向导对话框

  3. 在“选择保护组类型”页上选择“服务器”,然后单击“下一步”。 On the Select Protection group type page, select Servers and then click Next. 此时会显示“选择组成员”页。The Select group members page appears.

  4. 在“选择组成员”中,选择要备份的 VM(或 VM 文件夹)。In Select group members, select the VMs (or VM folders) that you want to back up. Then click Next.

    • 选择某个文件夹时,也会选择该文件夹中的 VM 或子文件夹进行备份。When you select a folder, or VMs or folders inside that folder are also selected for backup. 可以取消选中不想要备份的文件夹或 VM。You can uncheck folders or VMs you don't want to back up.
  5. 如果 VM 或文件夹已在备份,则无法选择它。If a VM or folder is already being backed up, you can't select it. 这可以确保不会为 VM 创建重复的恢复点。This ensures that duplicate recovery points aren't created for a VM.

    选择组成员

  6. 在“选择数据保护方法”页中,输入保护组的名称和保护设置。In Select Data Protection Method page, enter a name for the protection group, and protection settings. 若要备份到 Azure,请将短期保护设置为“磁盘”,并启用联机保护。To back up to Azure, set short-term protection to Disk and enable online protection. Then click Next.

    选择数据保护方法

  7. 在“指定短期目标”中,指定要在磁盘中备份数据多长时间。In Specify Short-Term Goals, specify how long you want to keep data backed up to disk.

    • 在“保留期”中,指定保留磁盘恢复点的天数。In Retention Range, specify how many days disk recovery points should be kept.
    • 在“同步频率”中,指定创建磁盘恢复点的频率。In Synchronization frequency, specify how often disk recovery points are taken.
      • 如果不想要设置备份间隔,可以选中“紧靠在恢复点之前”,以便计划每个恢复点之前的那一刻运行备份。If you don't want to set a backup interval, you can check Just before a recovery point so that a backup runs just before each recovery point is scheduled.

      • 短期备份是完整备份而不是增量备份。Short-term backups are full backups and not incremental.

      • 单击“修改”以更改执行短期备份的时间/日期。Click Modify to change the times/dates when short-term backups occur.

        指定短期目标

  8. 在“检查磁盘分配”中,检查为 VM 备份提供的磁盘空间。In Review Disk Allocation, review the disk space provided for the VM backups. 对于 VM。for the VMs.

    • 建议的磁盘分配基于指定的保留期、工作负荷类型,以及受保护数据的大小。The recommended disk allocations are based on the retention range you specified, the type of workload, and the size of the protected data. 做出所需的任何更改,然后单击“下一步”。Make any changes required, and then click Next.
    • 数据大小: 保护组中数据的大小。Data size: Size of the data in the protection group.
    • 磁盘空间: 为保护组建议的磁盘空间量。Disk space: The recommended amount of disk space for the protection group. 若要修改此设置,所分配的总空间应比每个数据源预计增长量略大。If you want to modify this setting, you should allocate total space that is slightly larger than the amount that you estimate each data source grows.
    • 共置数据: 如果启用共置,受保护的多个数据源可以映射到单个副本和恢复点卷。Colocate data: If you turn on colocation, multiple data sources in the protection can map to a single replica and recovery point volume. 并非所有工作负荷都支持归置。Colocation isn't supported for all workloads.
    • 自动增长: 如果启用此设置,当受保护组中的数据超过初始分配时,Azure 备份服务器会尝试将磁盘大小增加 25%。Automatically grow: If you turn on this setting, if data in the protected group outgrows the initial allocation, Azure Backup Server tries to increase the disk size by 25 percent.
    • 存储池详细信息: 显示存储池的状态,包括总磁盘大小和剩余磁盘大小。Storage pool details: Shows the status of the storage pool, including total and remaining disk size.

    查看磁盘分配

  9. 在“选择副本创建方法”页中指定如何创建初始备份,然后单击“下一步”。 In Choose Replica Creation Method page, specify how you want to take the initial backup, and then click Next.

    • 默认设置为“自动通过网络”和“立即”。 The default is Automatically over the network and Now.
    • 若使用默认设置,则建议指定非高峰时间。If you use the default, we recommend that you specify an off-peak time. 选择“稍后”并指定日期和时间。Choose Later and specify a day and time.
    • 如果数据量很大或者网络状态欠佳,请考虑使用可移动介质脱机复制数据。For large amounts of data or less-than-optimal network conditions, consider replicating the data offline by using removable media.

    选择副本创建方法

  10. 在“一致性检查选项”中,选择如何以及何时自动执行一致性检查。In Consistency Check Options, select how and when to automate the consistency checks. Then click Next.

    • 当副本数据变得不一致时,可以运行一致性检查;也可以根据设置的计划运行该检查。You can run consistency checks when replica data becomes inconsistent, or on a set schedule.
    • 如果不想配置自动一致性检查,可运行手动检查。If you don't want to configure automatic consistency checks, you can run a manual check. 为此,请右键单击保护组并选择“执行一致性检查”。To do this, right-click the protection group > Perform Consistency Check.
  11. 在“指定联机保护数据”页中,选择要备份的 VM 或 VM 文件夹。In Specify Online Protection Data page, select the VMs or VM folders that you want to back up. 可以选择单个成员,或者单击“全选”选择所有成员。You can select the members individually, or click Select All to choose all members. Then click Next.

    指定在线保护数据

  12. 在“指定联机备份计划”页中,指定将数据从本地存储备份到 Azure 的频率。On the Specify Online Backup Schedule page, specify how often you want to back up data from local storage to Azure.

    • 将根据计划生成数据的云恢复点。Cloud recovery points for the data will be generated according to the schedule. Then click Next.
    • 生成恢复点后,该恢复点将传输到 Azure 中的恢复服务保管库。After the recovery point is generated, it is transferred to the Recovery Services vault in Azure.

    指定联机备份计划

  13. 在“指定联机保留策略”页中,指明要在 Azure 中将通过每天/每周/每月/每年备份创建的恢复点保留多长时间。On the Specify Online Retention Policy page, indicate how long you want to keep the recovery points that are created from the daily/weekly/monthly/yearly backups to Azure. 然后单击“下一步”。then click Next.

    • 在 Azure 中保留数据的时间长短没有限制。There's no time limit for how long you can keep data in Azure.
    • 唯一的限制是每个受保护实例的恢复点不可超过 9999 个。The only limit is that you can't have more than 9999 recovery points per protected instance. 在本示例中,受保护的实例是 VMware 服务器。In this example, the protected instance is the VMware server.

    指定联机保留策略

  14. 在“摘要”页中检查设置,然后单击“创建组”。 On the Summary page, review the settings, and then click Create Group.

    保护组成员和设置摘要

VMware 并行备份VMware parallel backups

Note

此功能适用于 MABS V3 UR1。This feature is applicable for MABS V3 UR1.

早期版本的 MABS 仅跨保护组执行并行备份。With earlier versions of MABS, parallel backups were performed only across protection groups. 借助 MABS V3 UR1,单个保护组中的所有 VMWare VM 备份将并行进行,从而提高 VM 备份速度。With MABS V3 UR1, all your VMWare VMs backups within a single protection group are parallel, leading to faster VM backups. 所有 VMWare 增量复制作业将并行运行。All VMWare delta replication jobs run in parallel. 默认情况下,并行运行的作业数设置为 8。By default, the number of jobs to run in parallel is set to 8.

你可以如下所示使用注册表项来修改作业数(默认情况下不存在此注册表项,你需要添加它):You can modify the number of jobs by using the registry key as shown below (not present by default, you need to add it):

注册表项路径Software\Microsoft\Microsoft Data Protection Manager\Configuration\ MaxParallelIncrementalJobs\VMWareKey Path: Software\Microsoft\Microsoft Data Protection Manager\Configuration\ MaxParallelIncrementalJobs\VMWare
注册表项类型:DWORD(32 位)值。Key Type: DWORD (32-bit) value.

Note

你可以将作业数修改为较高的值。You can modify the number of jobs to a higher value. 如果将作业数设置为 1,则复制作业将按顺序运行。If you set the jobs number to 1, replication jobs run serially. 若要将此数量增加到更大的值,则必须考虑 VMWare 性能。To increase the number to a higher value, you must consider the VMWare performance. 考虑 VMWare vSphere Server 上正在使用的资源数量和所需的额外使用量,并确定要并行运行的增量复制作业的数量。Consider the number of resources in use and additional usage required on VMWare vSphere Server, and determine the number of delta replication jobs to run in parallel. 此外,此更改将仅影响新创建的保护组。Also, this change will affect only the newly created protection groups. 对于现有保护组,你必须临时向保护组中添加另一个 VM。For existing protection groups you must temporarily add another VM to the protection group. 这会相应地更新保护组配置。This should update the protection group configuration accordingly. 完成此过程后,可以从保护组中删除此 VM。You can remove this VM from the protection group after the procedure is completed.

VMWare vSphere 6.7VMWare vSphere 6.7

若要备份 vSphere 6.7,请执行以下操作:To back up vSphere 6.7, do the following:

  • 在 DPM 服务器上启用 TLS 1.2Enable TLS 1.2 on DPM Server

Note

VMWare 6.7 及更高版本已启用 TLS 作为通信协议。VMWare 6.7 onwards had TLS enabled as communication protocol.

  • 按如下所示设置注册表项:Set the registry keys as follows:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001

从 VMware VM 备份中排除磁盘Exclude disk from VMware VM backup

Note

此功能适用于 MABS V3 UR1。This feature is applicable for MABS V3 UR1.

使用 MABS V3 UR1,你可以从 VMware VM 备份中排除特定的磁盘。With MABS V3 UR1, you can exclude the specific disk from VMware VM backup. 配置脚本 ExcludeDisk.ps1 位于 C:\Program Files\Azure Backup Server\DPM\DPM\bin folder 中。The configuration script ExcludeDisk.ps1 is located in the C:\Program Files\Azure Backup Server\DPM\DPM\bin folder.

若要配置磁盘排除,请执行以下步骤:To configure the disk exclusion, follow the steps below:

识别要排除的 VMWare VM 和磁盘详细信息Identify the VMWare VM and disk details to be excluded

  1. 在 VMware 控制台上,转到你要为其排除磁盘的 VM 设置。On the VMware console, go to VM settings for which you want to exclude the disk.

  2. 选择要排除的磁盘并记下该磁盘的路径。Select the disk that you want to exclude and note the path for that disk.

    例如,从 TestVM4 中排除硬盘 2 时,硬盘 2 的路径是 [datastore1] TestVM4/TestVM4_1.vmdkFor example, to exclude the Hard Disk 2 from the TestVM4, the path for Hard Disk 2 is [datastore1] TestVM4/TestVM4_1.vmdk.

    要排除的硬盘

配置 MABS 服务器Configure MABS Server

导航到为 VMware VM 配置了保护的 MABS 服务器,以配置磁盘排除。Navigate to the MABS server where the VMware VM is configured for protection to configure disk exclusion.

  1. 获取在 MABS 服务器上受保护的 VMware 主机的详细信息。Get the details of the VMware host that is protected on the MABS server.

    $psInfo = get-DPMProductionServer
    $psInfo
    
    ServerName   ClusterName     Domain            ServerProtectionState
    ----------   -----------     ------            ---------------------
    Vcentervm1                   Contoso.COM       NoDatasourcesProtected
    
  2. 选择 VMware 主机,并列出 VMware 主机的 VM 保护。Select the VMware host and list the VMs protection for the VMware host.

    $vmDsInfo = get-DPMDatasource -ProductionServer $psInfo[0] -Inquire
    $vmDsInfo
    
    Computer     Name     ObjectType
    --------     ----     ----------
    Vcentervm1  TestVM2      VMware
    Vcentervm1  TestVM1      VMware
    Vcentervm1  TestVM4      VMware
    
  3. 选择要为其排除磁盘的 VM。Select the VM for which you want to exclude a disk.

    $vmDsInfo[2]
    
    Computer     Name      ObjectType
    --------     ----      ----------
    Vcentervm1   TestVM4   VMware
    
  4. 若要排除磁盘,请导航到 Bin 文件夹,并使用以下参数运行 ExcludeDisk.ps1 脚本:To exclude the disk, navigate to the Bin folder and run the ExcludeDisk.ps1 script with the following parameters:

    Note

    在运行此命令之前,请在 MABS 服务器上停止 DPMRA 服务。Before running this command, stop the DPMRA service on the MABS server. 否则,该脚本将返回成功,但不会更新排除列表。Otherwise, the script returns success, but does not update the exclusion list. 在停止服务之前,请确保没有正在进行的作业。Ensure there are no jobs in progress before stopping the service.

    若要在排除中添加/删除磁盘,请运行以下命令:To add/remove the disk from exclusion, run the following command:

    ./ExcludeDisk.ps1 -Datasource $vmDsInfo[0] [-Add|Remove] "[Datastore] vmdk/vmdk.vmdk"
    

    示例Example:

    若要为 TestVM4 添加磁盘排除,请运行以下命令:To add the disk exclusion for TestVM4, run the following command:

    C:\Program Files\Azure Backup Server\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -Add "[datastore1] TestVM4/TestVM4\_1.vmdk"
    
     Creating C:\Program Files\Azure Backup Server\DPM\DPM\bin\excludedisk.xml
     Disk : [datastore1] TestVM4/TestVM4\_1.vmdk, has been added to disk exclusion list.
    
  5. 验证是否已添加要排除的磁盘。Verify that the disk has been added for exclusion.

    若要查看特定 VM 的现有排除,请运行以下命令:To view the existing exclusion for specific VMs, run the following command:

    ./ExcludeDisk.ps1 -Datasource $vmDsInfo[0] [-view]
    

    示例Example

    C:\Program Files\Azure Backup Server\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -view
    
    <VirtualMachine>
    <UUID>52b2b1b6-5a74-1359-a0a5-1c3627c7b96a</UUID>
    <ExcludeDisk>[datastore1] TestVM4/TestVM4\_1.vmdk</ExcludeDisk>
    </VirtualMachine>
    

    为此 VM 配置保护后,在保护期间将不会列出已排除的磁盘。Once you configure the protection for this VM, the excluded disk won't be listed during protection.

    Note

    如果为已受保护的 VM 执行这些步骤,则需在添要排除的磁盘后手动运行一致性检查。If you are performing these steps for an already protected VM, you need to run the consistency check manually after adding the disk for exclusion.

从排除中删除磁盘Remove the disk from exclusion

若要从排除中删除磁盘,请运行以下命令:To remove the disk from exclusion, run the following command:

C:\Program Files\Azure Backup Server\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -Remove "[datastore1] TestVM4/TestVM4\_1.vmdk"

后续步骤Next steps

设置备份时若要排查问题,请查看 Azure 备份服务器的故障排除指南For troubleshooting issues when setting up backups, review the troubleshooting guide for Azure Backup Server.