恢复服务保管库概述Recovery Services vaults overview

本文介绍恢复服务保管库的功能。This article describes the features of a Recovery Services vault. 恢复服务保管库是 Azure 中用于存储数据的存储实体。A Recovery Services vault is a storage entity in Azure that houses data. 数据通常是虚拟机 (VM)、工作负荷、服务器或工作站的数据或配置信息的副本。The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. 可以使用恢复服务保管库为各种 Azure 服务(例如 IaaS VM(Linux 或 Windows))和 Azure SQL 数据库存储备份数据。You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. 恢复服务保管库支持 System Center DPM、Windows Server、Azure 备份服务器等。Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. 使用恢复服务保管库可以方便地组织备份数据,并将管理开销降至最低。Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead. 恢复服务保管库基于 Azure 的 Azure 资源管理器模型,该模型提供如下功能:Recovery Services vaults are based on the Azure Resource Manager model of Azure, which provides features such as:

  • 有助于确保备份数据安全的增强功能:使用恢复服务保管库时,Azure 备份提供用于保护云备份的安全功能。Enhanced capabilities to help secure backup data: With Recovery Services vaults, Azure Backup provides security capabilities to protect cloud backups. 这些安全功能确保可以保护备份并安全地恢复数据,即使生产服务器和备份服务器受到危害。The security features ensure you can secure your backups, and safely recover data, even if production and backup servers are compromised. 了解详细信息Learn more

  • 针对混合 IT 环境进行集中监视:使用恢复服务保管库时,可以通过中心门户监视 Azure IaaS VM本地资产Central monitoring for your hybrid IT environment: With Recovery Services vaults, you can monitor not only your Azure IaaS VMs but also your on-premises assets from a central portal. 了解详细信息Learn more

  • Azure 基于角色的访问控制 (Azure RBAC) :Azure RBAC 在 Azure 中提供精细的访问管理控制。Azure role-based access control (Azure RBAC): Azure RBAC provides fine-grained access management control in Azure. Azure 提供各种内置角色,而 Azure 备份具有三个用于管理恢复点的内置角色Azure provides various built-in roles, and Azure Backup has three built-in roles to manage recovery points. 恢复服务保管库与 Azure RBAC 兼容,后者会限制对已定义用户角色集的备份和还原访问权限。Recovery Services vaults are compatible with Azure RBAC, which restricts backup and restore access to the defined set of user roles. 了解详细信息Learn more

  • 软删除:在使用软删除的情况下,即使恶意行动者删除了备份(或用户意外删除了备份数据),备份数据也仍会保留 14 天,因此可以恢复该备份项,而不会丢失数据。Soft Delete: With soft delete, even if a malicious actor deletes a backup (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. 以“软删除”状态将备份数据额外保留 14 天不会向你收取任何费用。The additional 14 days of retention for backup data in the "soft delete" state don't incur any cost to you. 了解详细信息Learn more.

  • 跨区域还原:跨区域还原 (CRR) 允许你在某个次要区域(Azure 配对区域)中还原 Azure VM。Cross Region Restore: Cross Region Restore (CRR) allows you to restore Azure VMs in a secondary region, which is an Azure paired region. 通过在保管库级别启用此功能,你可以随时选择还原次要区域中的复制数据。By enabling this feature at the vault level, you can restore the replicated data in the secondary region any time, when you choose. 这使你能够在出现中断时还原次要区域数据以实现审核合规性,而无需等待 Azure 声明出现灾难(与保险库的 GRS 设置不同)。This enables you to restore the secondary region data for audit-compliance, and during outage scenarios, without waiting for Azure to declare a disaster (unlike the GRS settings of the vault). 了解详细信息Learn more.

恢复服务保管库中的存储设置Storage settings in the Recovery Services vault

恢复服务保管库是用于存储在不同时间创建的备份和恢复点的实体。A Recovery Services vault is an entity that stores the backups and recovery points created over time. 恢复服务保管库还包含与受保护虚拟机关联的备份策略。The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines.

  • Azure 备份会自动处理保管库的存储。Azure Backup automatically handles storage for the vault. 查看如何更改存储设置See how storage settings can be changed.

  • 若要详细了解存储冗余,请参阅有关异地冗余和本地冗余的这些文章。To learn more about storage redundancy, see these articles on geo and local redundancy.

恢复服务保管库中的加密设置Encryption settings in the Recovery Services vault

本部分介绍可用于加密恢复服务保管库中存储的备份数据的选项。This section discusses the options available for encrypting your backup data stored in the Recovery Services vault.

使用平台托管的密钥加密备份数据Encryption of backup data using platform-managed keys

默认情况下,所有数据将使用平台托管的密钥进行加密。By default, all your data is encrypted using platform-managed keys. 无需从你的终端执行任何明确操作即可实现此加密。You don't need to take any explicit action from your end to enable this encryption. 这种加密适用于要备份到恢复服务保管库的所有工作负荷。It applies to all workloads being backed up to your Recovery Services vault.

Azure 顾问Azure Advisor

Azure 顾问是个性化的云顾问,可帮助优化 Azure 的使用。Azure Advisor is a personalized cloud consultant that helps optimize the use of Azure. 它会分析 Azure 的使用情况,并提供及时的建议来帮助优化和保护部署。It analyzes your Azure usage and provides timely recommendations to help optimize and secure your deployments. 它提供四个类别的建议:高可用性、安全性、性能和成本。It provides recommendations in four categories: High Availability, Security, Performance, and Cost.

Azure 顾问为未备份的 VM 提供每小时建议,因此,你永远不会错过备份重要的 VM。Azure Advisor provides hourly recommendations for VMs that aren't backed up, so you never miss backing up important VMs. 你还可以通过推迟建议来控制建议。You can also control the recommendations by snoozing them. 可选择建议,然后通过指定保管库(将在其中存储备份)和备份策略(备份计划和备份副本保留期)来在 VM 上启用内联备份。You can select the recommendation and enable backup on VMs in-line by specifying the vault (where backups will be stored) and the backup policy (schedule of backups and retention of backup copies).

Azure 顾问

其他资源Additional resources

后续步骤Next steps

使用以下文章了解相关操作:Use the following articles to: