使用 System Center DPM 准备将工作负载备份到 AzurePrepare to back up workloads to Azure with System Center DPM

本文介绍如何使用 Azure 备份服务准备将 System Center Data Protection Manager (DPM) 备份到 Azure。This article explains how to prepare for System Center Data Protection Manager (DPM) backups to Azure, using the Azure Backup service.

本文将提供:The article provides:

  • 使用 Azure 备份部署 DPM 的概述。An overview of deploying DPM with Azure Backup.
  • 将 Azure 备份与 DPM 结合使用的先决条件和限制。Prerequisites and limitations for using Azure Backup with DPM.
  • 准备 Azure 的步骤,包括设置恢复服务备份保管库,以及视需要修改保管库的 Azure 存储类型。Steps for preparing Azure, including setting up a Recovery Services Backup vault, and optionally modifying the type of Azure storage for the vault.
  • 准备 DPM 服务器的步骤,包括下载保管库凭据,安装 Azure 备份代理,以及在保管库中注册 DPM 服务器。Steps for preparing the DPM server, including downloading vault credentials, installing the Azure Backup agent, and registering the DPM server in the vault.
  • 常见错误的故障排除提示。Troubleshooting tips for common errors.

为什么将 DPM 备份到 Azure?Why back up DPM to Azure?

System Center DPM 备份文件和应用程序数据。System Center DPM backs up file and application data. DPM 可与 Azure 备份交互,如下所述:DPM interacts with Azure Backup as follows:

  • 在物理服务器或本地 VM 上运行的 DPM - 除了使用磁盘和磁带来备份数据,还可以在 Azure 中将数据备份到备份保管库。DPM running on a physical server or on-premises VM - You can back up data to a Backup vault in Azure, in addition to disk and tape backup.
  • 在 Azure VM 上运行的 DPM - 从 System Center 2012 R2 Update 3 或更高版本起,可以在 Azure VM 上部署 DPM。DPM running on an Azure VM - From System Center 2012 R2 with Update 3 or later, you can deploy DPM on an Azure VM. 可以将数据备份到附加到 VM 的 Azure 磁盘,或使用 Azure 备份将数据备份到备份保管库。You can back up data to Azure disks attached to the VM, or use Azure Backup to back up the data to a Backup vault.

将 DPM 服务器备份到 Azure 所带来的业务好处包括:The business benefits of backing up DPM servers to Azure include:

  • 若是本地 DPM,Azure 备份可以取代长期的磁带部署。For on-premises DPM, Azure Backup provides an alternative to long-term deployment to tape.
  • 若是 Azure VM 上运行的 DPM,Azure 备份允许你卸载 Azure 磁盘中的存储。For DPM running on an Azure VM, Azure Backup allows you to offload storage from the Azure disk. 通过将较旧的数据存储在备份保管库中,可以将新数据存储到磁盘,从而纵向扩展业务。Storing older data in a Backup vault allows you to scale up your business by storing new data to disk.

先决条件和限制Prerequisites and limitations

设置Setting 要求Requirement
Azure VM 上的 DPMDPM on an Azure VM System Center 2012 R2 DPM 2012 R2 更新汇总 3 或更高版本。System Center 2012 R2 with DPM 2012 R2 Update Rollup 3 or later.
物理服务器上的 DPMDPM on a physical server System Center 2012 SP1 或更高版本;System Center 2012 R2。System Center 2012 SP1 or later; System Center 2012 R2.
Hyper-V VM 上的 DPMDPM on a Hyper-V VM System Center 2012 SP1 或更高版本;System Center 2012 R2。System Center 2012 SP1 or later; System Center 2012 R2.
VMware VM 上的 DPMDPM on a VMware VM System Center 2012 R2 更新汇总 5 或更高版本。System Center 2012 R2 with Update Rollup 5 or later.
组件Components DPM 服务器上应已安装 Windows PowerShell 和 .NET Framework 4.5。The DPM server should have Windows PowerShell and .NET Framework 4.5 installed.
支持的应用Supported apps 了解 DPM 可以进行哪些备份。Learn what DPM can back up.
支持的文件类型Supported file types 使用 Azure 备份,可以备份下列文件类型:These file types can be backed up with Azure Backup:
  • 加密(仅限完整备份)Encrypted (full backups only)
  • 压缩(支持增量备份)Compressed (incremental backups supported)
  • 稀疏(支持增量备份)Sparse (incremental backups supported)
  • 压缩和稀疏(视为稀疏)Compressed and sparse (treated as sparse)
  • 不受支持的文件类型Unsupported file types
  • 区分大小写的文件系统上的服务器Servers on case-sensitive file systems
  • 硬链接(跳过)hard links (skipped)
  • 重分析点(跳过)reparse points (skipped)
  • 加密和压缩(跳过)encrypted and compressed (skipped)
  • 加密和稀疏(跳过)encrypted and sparse (skipped)
  • 压缩流Compressed stream
  • 分析流parse stream
  • 本地存储Local storage 在每台要备份的计算机上,可用的本地存储必须至少是要备份的数据大小的 5%。Each machine you want to back up must have local free storage that's at least 5% of the size of the data that's being backed up. 例如,如果要备份 100 GB 的数据,则暂存位置至少需要 5 GB 的可用空间。For example, backing up 100 GB of data requires a minimum of 5 GB of free space in the scratch location.
    保管库存储Vault storage 可以备份到 Azure 备份保管库的数据量没有限制,但数据源(例如虚拟机或数据库)的大小不应超过 54,400 GB。There’s no limit to the amount of data you can back up to an Azure Backup vault, but the size of a data source (for example a virtual machine or database) shouldn’t exceed 54,400 GB.
    Azure ExpressRouteAzure ExpressRoute 可以使用公共对等互连(适用于旧线路)和 Microsoft 对等互连通过 Azure ExpressRoute 备份数据。You can back up your data over Azure ExpressRoute with public peering (available for old circuits) and Microsoft peering. 不支持通过专用对等互连进行备份。Backup over private peering isn't supported.

    使用公共对等互连:确保访问以下域/地址:With public peering: Ensure access to the following domains/addresses:

    - http://www.msftncsi.com/ncsi.txt

    - microsoft.com




    使用 Microsoft 对等互连,选择以下服务/区域和相关社区值:With Microsoft peering, select the following services/regions and relevant community values:

    - Azure Active Directory (12076:5060)- Azure Active Directory (12076:5060)

    - Azure 区域(取决于恢复服务保管库的位置)- Azure Region (according to the location of your Recovery Services vault)

    - Azure 存储(取决于恢复服务保管库的位置)- Azure Storage (according to the location of your Recovery Services vault)

    有关详细信息,请参阅 ExpressRoute 路由要求For more information, see ExpressRoute routing requirements.

    注意:对于新线路,公共对等互连已弃用。Note: Public peering is deprecated for new circuits.
    Azure 备份代理Azure Backup agent 如果 DPM 正在 System Center 2012 SP1 上运行,请安装 DPM SP1 汇总 2 或更高版本。If DPM is running on System Center 2012 SP1, install Rollup 2 or later for DPM SP1. 这是代理安装所必需的。This is required for agent installation.

    本文介绍如何部署最新版本的 Azure 备份代理,也称 Azure 恢复服务 (MARS) 代理。This article describes how to deploy the latest version of the Azure Backup agent, also known as the Azure Recovery Service (MARS) agent. 如果已部署早期版本,请更新到最新版本以确保备份按预期运行。If you have an earlier version deployed, update to the latest version to ensure that backup works as expected.

    在开始之前,需要一个启用了 Azure 备份功能的 Azure 帐户。Before you start, you need an Azure account with the Azure Backup feature enabled. 如果没有帐户,可以创建一个试用帐户,只需几分钟即可完成。If you don't have an account, you can create a trial account in just a couple of minutes. 阅读 Azure 备份定价的相关信息。Read about Azure Backup pricing.

    创建恢复服务保管库Create a Recovery Services vault

    恢复服务保管库是用于存储在不同时间创建的备份和恢复点的实体。A Recovery Services vault is an entity that stores the backups and recovery points created over time. 恢复服务保管库还包含与受保护虚拟机关联的备份策略。The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines.

    若要创建恢复服务保管库,请执行以下操作:To create a Recovery Services vault:

    1. Azure 门户中登录到自己的订阅。Sign in to your subscription in the Azure portal.

    2. 在左侧菜单中,选择“所有服务”。On the left menu, select All services.


    3. 在“所有服务”对话框中,输入“恢复服务”。In the All services dialog box, enter Recovery Services. 资源列表根据输入进行筛选。The list of resources filters according to your input. 在资源列表中,选择“恢复服务保管库”。In the list of resources, select Recovery Services vaults.


      此时会显示订阅中的恢复服务保管库列表。The list of Recovery Services vaults in the subscription appears.

    4. 在“恢复服务保管库”仪表板上,选择“添加”。On the Recovery Services vaults dashboard, select Add.


      此时会打开“恢复服务保管库”对话框。The Recovery Services vault dialog box opens. 提供“名称”、“订阅”、“资源组”和“位置”的值。Provide values for the Name, Subscription, Resource group, and Location.


      • 名称:输入一个友好名称以标识此保管库。Name: Enter a friendly name to identify the vault. 名称对于 Azure 订阅必须是唯一的。The name must be unique to the Azure subscription. 指定的名称应至少包含 2 个字符,最多不超过 50 个字符。Specify a name that has at least two, but not more than 50 characters. 名称必须以字母开头且只能包含字母、数字和连字符。The name must start with a letter and consist only of letters, numbers, and hyphens.

      • 订阅:选择要使用的订阅。Subscription: Choose the subscription to use. 如果你仅是一个订阅的成员,则会看到该名称。If you're a member of only one subscription, you'll see that name. 如果不确定要使用哪个订阅,请使用默认的(建议的)订阅。If you're not sure which subscription to use, use the default (suggested) subscription. 仅当工作或学校帐户与多个 Azure 订阅关联时,才会显示多个选项。There are multiple choices only if your work or school account is associated with more than one Azure subscription.

      • 资源组:使用现有资源组或创建新组。Resource group: Use an existing resource group or create a new one. 要查看订阅中可用的资源组列表,请选择“使用现有资源”,然后从下拉列表框中选择一个资源。To see the list of available resource groups in your subscription, select Use existing, and then select a resource from the drop-down list box. 若要创建新资源组,请选择“新建”,然后输入名称。To create a new resource group, select Create new and enter the name. 有关资源组的完整信息,请参阅 Azure 资源管理器概述For complete information about resource groups, see Azure Resource Manager overview.

      • 位置:选择保管库的地理区域。Location: Select the geographic region for the vault. 要创建保管库以保护虚拟机,保管库必须与虚拟机位于同一区域中。To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.


        如果不确定 VM 的位置,请关闭对话框。If you're not sure of the location of your VM, close the dialog box. 转到门户中的虚拟机列表。Go to the list of virtual machines in the portal. 如果虚拟机位于多个区域,请在每个区域中创建一个恢复服务保管库。If you have virtual machines in several regions, create a Recovery Services vault in each region. 先在第一个位置创建保管库,然后再为其他位置创建保管库。Create the vault in the first location, before you create the vault for another location. 无需指定存储帐户即可存储备份数据。There's no need to specify storage accounts to store the backup data. 恢复服务保管库和 Azure 备份服务会自动处理这种情况。The Recovery Services vault and the Azure Backup service handle that automatically.

    5. 准备好创建恢复服务保管库后,选择“创建”。When you're ready to create the Recovery Services vault, select Create.


      创建恢复服务保管库可能需要一段时间。It can take a while to create the Recovery Services vault. 可在门户右上角“通知”区域监视状态通知。Monitor the status notifications in the Notifications area at the upper-right corner of the portal. 创建保管库后,它会显示在“恢复服务保管库”的列表中。After your vault is created, it's visible in the list of Recovery Services vaults. 如果未看到创建的保管库,请选择“刷新”。If you don't see your vault, select Refresh.


    修改存储设置Modify storage settings

    可以在异地冗余存储与本地冗余存储之间进行选择。You can choose between geo-redundant storage and locally redundant storage.

    • 默认情况下,保管库具有异地冗余存储。By default, your vault has geo-redundant storage.
    • 如果保管库是主要备份,请将选项保持设置为异地冗余存储。If the vault is your primary backup, leave the option set to geo-redundant storage. 如果想要一个更便宜、但持久性不太高的选项,请使用以下过程配置本地冗余存储。If you want a cheaper option that isn't quite as durable, use the following procedure to configure locally redundant storage.
    • 了解 Azure 存储,以及异地冗余本地冗余存储选项。Learn about Azure storage, and the geo-redundant and locally redundant storage options.
    • 在初始备份之前修改存储设置。Modify storage settings before the initial backup. 如果已备份某个项,请先停止在保管库备份该项,再修改存储设置。If you've already backed up an item, stop backing it up in the vault before you modify storage settings.

    若要编辑存储复制设置,请执行以下操作:To edit the storage replication setting:

    1. 打开保管库仪表板。Open the vault dashboard.

    2. 在“设置”中,选择“属性” 。In Settings, select Properties.

    3. 在“备份配置”**** 菜单中,为保管库选择存储选项。In Backup Configuration menu, select a storage option for the vault.


    下载保管库凭据Download vault credentials

    在保管库中注册 DPM 服务器时使用保管库凭据。You use vault credentials when you register the DPM server in the vault.

    • 保管库凭据文件是门户为每个备份保管库生成的证书。The vault credentials file is a certificate generated by the portal for each backup vault.
    • 然后,门户会将公钥上传到访问控制服务 (ACS)。The portal then uploads the public key to the Access Control Service (ACS).
    • 在执行计算机注册工作流期间,证书的私钥将可供用户使用,它用来对计算机进行身份验证。During the machine registration workflow, the certificate's private key is made available to the user, which authenticates the machine.
    • Azure 备份服务根据身份验证将数据发送到所标识的保管库。Based on the authentication, the Azure Backup service sends data to the identified vault.

    保管库凭据的最佳做法Best practices for vault credentials

    若要获取凭据,请从 Azure 门户通过安全通道下载保管库凭据文件:To obtain the credentials, download the vault credential file through a secure channel from the Azure portal:

    • 保管库凭据仅在注册工作流的过程中使用。The vault credentials are used only during the registration workflow.
    • 你需负责确保保管库凭据文件安全且不会泄露。It's your responsibility to ensure that the vault credentials file is safe, and not compromised.
      • 如果失去了对凭据的控制权,则保管库凭据可能会被用来向保管库注册其他计算机。If control of the credentials is lost, the vault credentials can be used to register other machines to vault.
      • 但是,备份数据是使用属于你的通行短语加密的,所以现有的备份数据不会泄露。However, backup data is encrypted using a passphrase that belongs to you, so existing backup data can't be compromised.
    • 确保将文件保存在可从 DPM 服务器访问的位置。Ensure that file is saved in a location that can be accessed from the DPM server. 如果将它存储在文件共享/SMB 中,请检查访问权限。If it's stored in a file share/SMB, check for the access permissions.
    • 保管库凭据会在 48 小时后过期。Vault credentials expire after 48 hours. 可以根据需要任意下载新的保管库凭据。You can download new vault credentials as many times as needed. 不过,在注册工作流中只能使用最新的保管库凭据文件。However, only the latest vault credential file can be used during the registration workflow.
    • Azure 备份服务不知道证书的私钥,并且私钥在门户或服务中不可用。The Azure Backup service isn't aware of the certificate's private key, and the private key isn't available in the portal or the service.

    按如下方式将保管库凭据文件下载到本地计算机:Download the vault credentials file to a local machine as follows:

    1. 登录到 Azure 门户Sign in to the Azure portal.

    2. 打开要在其中注册 DPM 服务器的保管库。Open the vault in which you want to register the DPM server.

    3. 在“设置”中,选择“属性” 。In Settings, select Properties.


    4. 在“属性” > “备份凭据”中,选择“下载” 。In Properties > Backup Credentials, select Download. 该门户使用保管库名称和当前日期的组合生成保管库凭据文件,并使其可供下载。The portal generates the vault credential file using a combination of the vault name and current date, and makes it available for download.


    5. 选择“保存”以将保管库凭据下载到文件夹,或选择“另存为”并指定位置 。Select Save to download the vault credentials to folder, or Save As and specify a location. 生成文件最长需要一分钟时间。It will take up to a minute for the file to be generated.

    安装备份代理Install the Backup Agent

    通过 Azure 备份来备份的每个计算机必须安装有备份代理(也称为 Azure 恢复服务 (MARS) 代理)。Every machine that's backed up by Azure Backup must have the Backup agent (also known as the Azure Recovery Service (MARS) agent) installed on it. 按如下方式在 DPM 服务器上安装代理:Install the agent on the DPM server as follows:

    1. 打开要在其中注册 DPM 服务器的保管库。Open the vault to which you want to register the DPM server.

    2. 在“设置”中,选择“属性” 。In Settings, select Properties.


    3. 在“属性”页上,下载 Azure 备份代理。On the Properties page, download the Azure Backup Agent.


    4. 下载后,运行 MARSAgentInstaller.exe。After downloading, run MARSAgentInstaller.exe. 以在 DPM 计算机上安装代理。to install the agent on the DPM machine.

    5. 为代理选择安装文件夹和缓存文件夹。Select an installation folder and cache folder for the agent. 缓存位置的可用空间必须至少为备份数据的 5%。The cache location free space must be at least 5% of the backup data.

    6. 如果使用代理服务器连接到 Internet,请在“代理配置”屏幕中,输入代理服务器详细信息。If you use a proxy server to connect to the internet, in the Proxy configuration screen, enter the proxy server details. 如果使用已经过身份验证的代理,请在此屏幕中输入用户名和密码详细信息。If you use an authenticated proxy, enter the user name and password details in this screen.

    7. Azure 备份代理将安装 .NET Framework 4.5 和 Windows PowerShell(如果未安装)以完成安装。The Azure Backup agent installs .NET Framework 4.5 and Windows PowerShell (if they're not installed) to complete the installation.

    8. 安装代理后,关闭该窗口。After the agent is installed, Close the window.


    在保管库中注册 DPM 服务器Register the DPM server in the vault

    1. 在 DPM 管理员控制台中单击“管理”,然后选择“联机” 。In the DPM Administrator console > Management, select Online. 选择“注册”。Select Register. 此时会打开注册服务器向导。It will open the Register Server Wizard.

    2. 在“代理配置”中,根据需要指定代理设置。In Proxy Configuration, specify the proxy settings as required.


    3. 在“备份保管库”中,浏览到已下载的保管库凭据文件并选择该文件。In Backup Vault, browse to and select the vault credentials file that you downloaded.


    4. 在“限制设置”中,可以选择性地为备份启用带宽限制。In Throttling Setting, you can optionally enable bandwidth throttling for backups. 可以为指定的工作小时和天数设置速度限制。You can set the speed limits for specify work hours and days.


    5. 在“恢复文件夹设置”中,指定可在数据恢复期间使用的位置。In Recovery Folder Setting, specify a location that can be used during data recovery.

      • Azure 备份将此位置用作已恢复数据的临时保存区域。Azure Backup uses this location as a temporary holding area for recovered data.
      • 完成数据恢复后,Azure 备份将清除此区域中的数据。After finishing data recovery, Azure Backup will clean up the data in this area.
      • 该位置必须有足够的空间来容纳你预计会并行恢复的项。The location must have enough space to hold items that you expect to recover in parallel.


    6. 在“加密设置”中,生成或提供通行短语。In Encryption setting, generate or provide a passphrase.

      • 通行短语用于加密向云中进行的备份。The passphrase is used to encrypt the backups to cloud.
      • 至少指定 16 个字符.Specify a minimum of 16 characters.
      • 将文件保存在安全的位置以便进行恢复。Save the file in a secure location, it's needed for recovery.



      加密通行短语由你拥有,Microsoft 无法看到该通行短语。You own the encryption passphrase and Microsoft doesn't have visibility into it. 如果丢失或遗忘了该通行短语,Microsoft 无法协助恢复备份数据。If the passphrase is lost or forgotten, Microsoft can't help in recovering the backup data.

    7. 选择“注册”,以将 DPM 服务器注册到保管库。Select Register to register the DPM server to the vault.

    将服务器成功注册到保管库后,现在可以备份到 Azure 了。After the server is registered successfully to the vault, you're now ready to start backing up to Azure. 需要在 DPM 控制台中配置保护组,以将工作负荷备份到 Azure。You'll need to configure the protection group in the DPM console to backup workloads to Azure. 了解如何部署保护组。Learn how to deploy protection groups.

    对保管库凭据进行故障排除Troubleshoot vault credentials

    过期错误Expiration error

    保管库凭据文件有效期仅为 48 小时(从将其从门户中下载后算起)。The vault credentials file is valid only for 48 hours (after it’s downloaded from the portal). 如果此屏幕中显示任何错误(例如“提供的保管库凭据文件已过期”),请登录到 Azure 门户,并再次下载保管库凭据文件。If you encounter any error in this screen (for example, “Vault credentials file provided has expired”), sign in to the Azure portal and download the vault credentials file again.

    访问错误Access error

    确保将保管库凭据文件放置在安装应用程序可访问的位置。Ensure that the vault credentials file is available in a location that can be accessed by the setup application. 如果用户遇到访问相关的错误,请将保管库凭据文件复制到此计算机中的临时位置,并重试操作。If you encounter access related errors, copy the vault credentials file to a temporary location in this machine and retry the operation.

    凭据无效错误Invalid credentials error

    如果遇到保管库凭据无效错误(例如“提供的保管库凭据无效”),则表明该文件已损坏,或者没有与恢复服务关联的最新凭据。If you encounter an invalid vault credential error (for example, “Invalid vault credentials provided") the file is either corrupted or doesn't have the latest credentials associated with the recovery service.

    • 请在从门户下载新的保管库凭据文件后重试该操作。Retry the operation after downloading a new vault credential file from the portal.
    • 如果在 Azure 门户中快速地连续两次选择“下载保管库凭据”选项,通常会出现此错误。This error is typically seen when you select the Download vault credential option in the Azure portal, twice in quick succession. 在这种情况下,只有第二个保管库凭据文件有效。In this case, only the second vault credential file is valid.