使用 PowerShell 部署和管理 Windows Server/Windows 客户端的 Azure 备份Deploy and manage backup to Azure for Windows Server/Windows Client using PowerShell

本文说明如何使用 PowerShell 在 Windows Server 或 Windows 客户端上设置 Azure 备份,以及管理备份和恢复。This article shows you how to use PowerShell for setting up Azure Backup on Windows Server or a Windows client, and managing backup and recovery.

安装 Azure PowerShellInstall Azure PowerShell

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

若要开始操作,请安装最新的 PowerShell 版本To get started, install the latest PowerShell release.

创建恢复服务保管库Create a recovery services vault

以下步骤引导用户创建恢复服务保管库。The following steps lead you through creating a Recovery Services vault. 恢复服务保管库不同于备份保管库。A Recovery Services vault is different than a Backup vault.

  1. 首次使用 Azure 备份时,必须使用 Register-AzResourceProvider cmdlet 将 Azure 恢复服务提供程序注册到订阅。If you are using Azure Backup for the first time, you must use the Register-AzResourceProvider cmdlet to register the Azure Recovery Service provider with your subscription.

    Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"
    
  2. 恢复服务保管库是一种 ARM 资源,因此需要将它放在资源组中。The Recovery Services vault is an ARM resource, so you need to place it within a Resource Group. 可以使用现有资源组,也可以创建新组。You can use an existing resource group, or create a new one. 创建新的资源组时,请指定资源组的名称和位置。When creating a new resource group, specify the name and location for the resource group.

    New-AzResourceGroup –Name "test-rg" –Location "ChinaNorth"
    
  3. 使用 New-AzRecoveryServicesVault cmdlet 创建新的保管库。Use the New-AzRecoveryServicesVault cmdlet to create the new vault. 确保为保管库指定的位置与用于资源组的位置是相同的。Be sure to specify the same location for the vault as was used for the resource group.

    New-AzRecoveryServicesVault -Name "testvault" -ResourceGroupName " test-rg" -Location "ChinaNorth"
    
  4. 指定要使用的存储冗余类型;可以使用本地冗余存储 (LRS)异地冗余存储 (GRS)Specify the type of storage redundancy to use; you can use Locally Redundant Storage (LRS) or Geo Redundant Storage (GRS). 以下示例显示,testVault 的 -BackupStorageRedundancy 选项设置为 GeoRedundant。The following example shows the -BackupStorageRedundancy option for testVault is set to GeoRedundant.

    提示

    许多 Azure 备份 cmdlet 要求使用恢复服务保管库对象作为输入。Many Azure Backup cmdlets require the Recovery Services vault object as an input. 因此,在变量中存储备份恢复服务保管库对象可提供方便。For this reason, it is convenient to store the Backup Recovery Services vault object in a variable.

    $Vault1 = Get-AzRecoveryServicesVault –Name "testVault"
    Set-AzRecoveryServicesBackupProperties -Vault $Vault1 -BackupStorageRedundancy GeoRedundant
    

在订阅中查看保管库View the vaults in a subscription

使用 Get-AzRecoveryServicesVault 查看当前订阅中所有保管库的列表。Use Get-AzRecoveryServicesVault to view the list of all vaults in the current subscription. 可以使用此命令来查看是否创建了新的保管库,或者查看订阅中的可用保管库。You can use this command to check that a new vault was created, or to see what vaults are available in the subscription.

运行 Get-AzRecoveryServicesVault 命令即可列出订阅中的所有保管库。Run the command, Get-AzRecoveryServicesVault, and all vaults in the subscription are listed.

Get-AzRecoveryServicesVault
Name              : Contoso-vault
ID                : /subscriptions/1234
Type              : Microsoft.RecoveryServices/vaults
Location          : ChinaNorth
ResourceGroupName : Contoso-docs-rg
SubscriptionId    : 1234-567f-8910-abc
Properties        : Microsoft.Azure.Commands.RecoveryServices.ARSVaultProperties

升级 MARS 代理Upgrade the MARS agent

低于 2.0.9083.0 的 Azure 恢复服务 (MARS) 代理版本依赖于 Azure 访问控制服务 (ACS)。Versions of the Azure Recovery Service (MARS) agent below 2.0.9083.0 have a dependency on the Azure Access Control service (ACS). MARS 代理也称为 Azure 备份代理。The MARS agent is also referred to as the Azure Backup agent. 在 2018 年,Azure deprecated the Azure Access Control service (ACS)In 2018, Azure deprecated the Azure Access Control service (ACS). 从 2018 年 3 月 19 日开始,低于 2.0.9083.0 的所有 MARS 代理版本会遇到备份失败。Beginning March 19, 2018, all versions of the MARS agent below 2.0.9083.0 will experience backup failures. 若要避免或解决备份失败,请将 MARS 代理升级到最新版本To avoid or resolve backup failures, upgrade your MARS agent to the latest version. 若要确定需要 MARS 代理升级的服务器,请按照用于升级 MARS 代理的备份博客中的步骤操作。To identify servers that require a MARS agent upgrade, follow the steps in the Backup blog for upgrading MARS agents. MARS 代理用于将文件、文件夹和系统状态数据备份到 Azure。The MARS agent is used to back up files and folders, and system state data to Azure. System Center DPM 和 Azure 备份服务器使用 MARS 代理将数据备份到 Azure。System Center DPM and Azure Backup Server use the MARS agent to back up data to Azure.

安装 Azure 备份代理Installing the Azure Backup agent

在安装 Azure 备份代理之前,必须先将安装程序下载到 Windows Server 上。Before you install the Azure Backup agent, you need to have the installer downloaded and present on the Windows Server. 可以从下载中心或恢复服务保管库的“仪表板”页获取最新版本的安装程序。You can get the latest version of the installer from the Download Center or from the Recovery Services vault's Dashboard page. 将安装程序保存到方便访问的位置,例如 *C:\Downloads*。Save the installer to an easily accessible location like *C:\Downloads*.

或者,使用 PowerShell 获取下载程序:Alternatively, use PowerShell to get the downloader:

$MarsAURL = 'https://aka.ms/Azurebackup_Agent'
$WC = New-Object System.Net.WebClient
$WC.DownloadFile($MarsAURL,'C:\downloads\MARSAgentInstaller.EXE')
C:\Downloads\MARSAgentInstaller.EXE /q

若要安装代理,请在已提升权限的 PowerShell 控制台中运行以下命令:To install the agent, run the following command in an elevated PowerShell console:

MARSAgentInstaller.exe /q

这会以所有默认选项安装代理。This installs the agent with all the default options. 安装在几分钟内在后台完成。The installation takes a few minutes in the background. 如果没有指定 /nu 选项,则安装结束时,会打开“Windows 更新”窗口,检查是否有任何更新。If you do not specify the /nu option then the Windows Update window will open at the end of the installation to check for any updates. 安装之后,代理会显示在已安装程序列表中。Once installed, the agent will show in the list of installed programs.

若要查看已安装的程序列表,请转到“控制面板”“ > 程序 > ”“程序和功能”。To see the list of installed programs, go to Control Panel > Programs > Programs and Features.

已安装代理

安装选项Installation options

若要查看可通过命令行运行的所有选项,请使用以下命令:To see all the options available via the command-line, use the following command:

MARSAgentInstaller.exe /?

可用选项包括:The available options include:

选项Option 详细信息Details 默认Default
/q/q 静默安装Quiet installation -
/p:"location"/p:"location" Azure 备份代理的安装文件夹路径。Path to the installation folder for the Azure Backup agent. C:\Program Files\Microsoft Azure Recovery Services AgentC:\Program Files\Microsoft Azure Recovery Services Agent
/s:"location"/s:"location" Azure 备份代理的缓存文件夹路径。Path to the cache folder for the Azure Backup agent. C:\Program Files\Microsoft Azure Recovery Services Agent\ScratchC:\Program Files\Microsoft Azure Recovery Services Agent\Scratch
/m/m 选择启用 Microsoft UpdateOpt-in to Microsoft Update -
/nu/nu 安装完成后不要检查更新Do not Check for updates after installation is complete -
/d/d 卸载 Microsoft Azure 恢复服务代理Uninstalls Microsoft Azure Recovery Services Agent -
/ph/ph 代理主机地址Proxy Host Address -
/po/po 代理主机端口号Proxy Host Port Number -
/pu/pu 代理主机用户名Proxy Host UserName -
/pw/pw 代理密码Proxy Password -

将 Windows Server 或 Windows 客户端计算机注册到恢复服务保管库Registering Windows Server or Windows client machine to a Recovery Services Vault

创建恢复服务保管库后,请下载最新的代理和保管库凭据,并将其存储在一个方便访问的位置(如 C:\Downloads)。After you created the Recovery Services vault, download the latest agent and the vault credentials and store it in a convenient location like C:\Downloads.

$CredsPath = "C:\downloads"
$CredsFilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $Vault1 -Path $CredsPath

使用 PS Az 模块注册Registering using the PS Az module

备注

生成保管库证书时的 bug 已在 Az 3.5.0 版中修复。A bug with generation of vault certificate is fixed in Az 3.5.0 release. 请使用 Az 3.5.0 版或更高版本下载保管库证书。Use Az 3.5.0 release version or greater to download a vault certificate.

在 Powershell 的最新 Az 模块中,由于底层平台限制,下载保管库凭据需要自签名证书。In the latest Az module of Powershell, due to underlying platform limitations, downloading the vault credentials requires a self-signed certificate. 以下示例演示如何提供自签名证书并下载保管库凭据。The following example shows how to provide a self-signed certificate and download the vault credentials.

$dt = $(Get-Date).ToString("M-d-yyyy")
$cert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -FriendlyName 'test-vaultcredentials' -subject "Windows Azure Tools" -KeyExportPolicy Exportable -NotAfter $(Get-Date).AddHours(48) -NotBefore $(Get-Date).AddHours(-24) -KeyProtection None -KeyUsage None -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -Provider "Microsoft Enhanced Cryptographic Provider v1.0"
$certficate = [convert]::ToBase64String($cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx))
$CredsFilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $Vault -Path $CredsPath -Certificate $certficate

在 Windows Server 或 Windows 客户端计算机上,运行 Start-OBRegistration cmdlet 以将计算机注册到保管库。On the Windows Server or Windows client machine, run the Start-OBRegistration cmdlet to register the machine with the vault. 此 cmdlet 和用于备份的其他 cmdlet 都来自 Mars AgentInstaller 在安装过程中添加的 MSONLINE 模块。This, and other cmdlets used for backup, are from the MSONLINE module, which the Mars AgentInstaller added as part of the installation process.

代理安装程序不会更新 $Env:PSModulePath 变量。The Agent installer does not update the $Env:PSModulePath variable. 这意味着模块自动加载失败。This means module auto-load fails. 若要解决此问题,请尝试执行以下操作:To resolve this you can do the following:

$Env:PSModulePath += ';C:\Program Files\Microsoft Azure Recovery Services Agent\bin\Modules'

或者,可在脚本中手动加载模块,如下所示:Alternatively, you can manually load the module in your script as follows:

Import-Module -Name 'C:\Program Files\Microsoft Azure Recovery Services Agent\bin\Modules\MSOnlineBackup'

加 Online Backup cmdlet 后便可注册保管库凭据:Once you load the Online Backup cmdlets, you register the vault credentials:

Start-OBRegistration -VaultCredentials $CredsFilename.FilePath -Confirm:$false
CertThumbprint      : 7a2ef2caa2e74b6ed1222a5e89288ddad438df2
SubscriptionID      : ef4ab577-c2c0-43e4-af80-af49f485f3d1
ServiceResourceName : testvault
Region              :ChinaNorth
Machine registration succeeded.

重要

请勿使用相对路径来指定保管库凭据文件。Do not use relative paths to specify the vault credentials file. 必须提供绝对路径作为 cmdlet 的输入。You must provide an absolute path as an input to the cmdlet.

网络设置Networking settings

如果 Windows 计算机通过代理服务器连接到 Internet,则也可以向代理提供代理设置。When the connectivity of the Windows machine to the internet is through a proxy server, the proxy settings can also be provided to the agent. 此示例未使用代理服务器,因此我们会显式清除任何与代理相关的信息。In this example, there is no proxy server, so we are explicitly clearing any proxy-related information.

也可以针对给定的一组星期日期,使用 work hour bandwidthnon-work hour bandwidth 选项控制带宽使用。Bandwidth usage can also be controlled with the options of work hour bandwidth and non-work hour bandwidth for a given set of days of the week.

使用 Set-OBMachineSetting cmdlet 即可设置代理和带宽详细信息:Setting the proxy and bandwidth details is done using the Set-OBMachineSetting cmdlet:

Set-OBMachineSetting -NoProxy
Server properties updated successfully.
Set-OBMachineSetting -NoThrottle
Server properties updated successfully.

加密设置Encryption settings

发送到 Azure 备份的备份数据会加密,以保护数据的机密性。The backup data sent to Azure Backup is encrypted to protect the confidentiality of the data. 加密通行短语是在还原时用于解密数据的“密码”。The encryption passphrase is the "password" to decrypt the data at the time of restore.

必须在 Azure 门户的“恢复服务保管库” 部分的“设置” > “属性” > “安全 PIN” 下选择“生成” 来生成一个安全 PIN。You must generate a security pin by selecting Generate, under Settings > Properties > Security PIN in the Recovery Services vault section of the Azure portal. 然后,将其用作命令中的 generatedPINThen, use this as the generatedPIN in the command:

$PassPhrase = ConvertTo-SecureString -String "Complex!123_STRING" -AsPlainText -Force
Set-OBMachineSetting -EncryptionPassPhrase $PassPhrase -SecurityPin "<generatedPIN>"
Server properties updated successfully

重要

请妥善保管设置好的通行短语,并保证其安全。Keep the passphrase information safe and secure once it is set. 如果没有此通行短语,将无法从 Azure 还原数据。You can't restore data from Azure without this passphrase.

备份文件和文件夹Back up files and folders

从 Windows Server 和客户端到 Azure 备份的所有备份由策略控制。All backups from Windows Servers and clients to Azure Backup are governed by a policy. 策略由三个部分组成:The policy comprises three parts:

  1. 备份计划 ,用于指定需要备份并与服务保持同步的时间。A backup schedule that specifies when backups need to be taken and synchronized with the service.
  2. 保留计划 ,用于指定要在 Azure 中保留恢复点的时长。A retention schedule that specifies how long to retain the recovery points in Azure.
  3. 文件包含/排除规范 ,用于指示应备份的内容。A file inclusion/exclusion specification that dictates what should be backed up.

在本文档中,由于自动备份,因此假设尚未配置任何选项。In this document, since we're automating backup, we'll assume nothing has been configured. 首先,使用 New-OBPolicy cmdlet 创建新的备份策略。We begin by creating a new backup policy using the New-OBPolicy cmdlet.

$NewPolicy = New-OBPolicy

该策略暂时为空,需要使用其他 cmdlet 来定义要包含或排除的项、运行备份的时间,以及备份的存储位置。At this time the policy is empty and other cmdlets are needed to define what items will be included or excluded, when backups will run, and where the backups will be stored.

配置备份计划Configuring the backup schedule

在策略的 3 个组成部分中,第 1 个部分是备份计划,它是使用 New-OBSchedule cmdlet 创建的。The first of the 3 parts of a policy is the backup schedule, which is created using the New-OBSchedule cmdlet. 备份计划将定义何时需要备份。The backup schedule defines when backups need to be taken. 创建计划时,需要指定两个输入参数:When creating a schedule you need to specify 2 input parameters:

  • 应运行备份的“星期日期”。Days of the week that the backup should run. 可以只选一天或选择一周的每天运行备份作业,或选择星期日期的任意组合。You can run the backup job on just one day, or every day of the week, or any combination in between.
  • 日期时间Times of the day when the backup should run. 最多可以定义一天的 3 个不同日期时间来触发备份You can define up to 3 different times of the day when the backup will be triggered.

例如,可以配置在每个星期六和星期日下午 4 点运行备份策略。For instance, you could configure a backup policy that runs at 4PM every Saturday and Sunday.

$Schedule = New-OBSchedule -DaysOfWeek Saturday, Sunday -TimesOfDay 16:00

备份计划需要与策略相关联,这可以使用 Set-OBSchedule cmdlet 来实现。The backup schedule needs to be associated with a policy, and this can be achieved by using the Set-OBSchedule cmdlet.

Set-OBSchedule -Policy $NewPolicy -Schedule $Schedule
BackupSchedule : 4:00 PM Saturday, Sunday, Every 1 week(s) DsList : PolicyName : RetentionPolicy : State : New PolicyState : Valid

配置保留策略Configuring a retention policy

保留策略定义基于备份作业创建的恢复点的保留时间。The retention policy defines how long recovery points created from backup jobs are retained. 使用 New-OBRetentionPolicy cmdlet 创建新的保留策略时,可以使用 Azure 备份来指定需要保留备份恢复点的天数。When creating a new retention policy using the New-OBRetentionPolicy cmdlet, you can specify the number of days that the backup recovery points need to be retained with Azure Backup. 以下示例将保留策略设置为 7 天。The example below sets a retention policy of seven days.

$RetentionPolicy = New-OBRetentionPolicy -RetentionDays 7

必须使用 cmdlet Set-OBRetentionPolicy 将保留策略与主要策略相关联:The retention policy must be associated with the main policy using the cmdlet Set-OBRetentionPolicy:

Set-OBRetentionPolicy -Policy $NewPolicy -RetentionPolicy $RetentionPolicy
BackupSchedule  : 4:00 PM
                  Saturday, Sunday,
                  Every 1 week(s)
DsList          :
PolicyName      :
RetentionPolicy : Retention Days : 7

                  WeeklyLTRSchedule :
                  Weekly schedule is not set

                  MonthlyLTRSchedule :
                  Monthly schedule is not set

                  YearlyLTRSchedule :
                  Yearly schedule is not set

State           : New
PolicyState     : Valid

包含和排除要备份的文件Including and excluding files to be backed up

OBFileSpec 对象定义要在备份中包含与排除的文件。An OBFileSpec object defines the files to be included and excluded in a backup. 这组规则可划分出计算机上要保护的文件和文件夹。This is a set of rules that scope out the protected files and folders on a machine. 可以设置任意数量的文件包含或排除规则,并将其与策略相关联。You can have as many file inclusion or exclusion rules as required, and associate them with a policy. 创建新的 OBFileSpec 对象时,可执行以下操作:When creating a new OBFileSpec object, you can:

  • 指定要包含的文件和文件夹Specify the files and folders to be included
  • 指定要排除的文件和文件夹Specify the files and folders to be excluded
  • 指定要递归备份文件夹中的数据,或是否仅备份指定文件夹中的顶级文件。Specify recursive backup of data in a folder (or) whether only the top-level files in the specified folder should be backed up.

可以在 New-OBFileSpec 命令中使用 -NonRecursive 标志来完成后一种指定。The latter is achieved by using the -NonRecursive flag in the New-OBFileSpec command.

在以下示例中,备份卷 C: 和 D:,并排除 Windows 文件夹和任何临时文件夹中的操作系统二进制文件。In the example below, we'll back up volume C: and D: and exclude the OS binaries in the Windows folder and any temporary folders. 为此,我们将使用 New-OBFileSpec cmdlet 创建两个文件规范 - 一个用于包含,一个用于排除。To do so we'll create two file specifications using the New-OBFileSpec cmdlet - one for inclusion and one for exclusion. 创建文件规范后,使用 Add-OBFileSpec cmdlet 将它们与策略相关联。Once the file specifications have been created, they're associated with the policy using the Add-OBFileSpec cmdlet.

$Inclusions = New-OBFileSpec -FileSpec @("C:\", "D:\")
$Exclusions = New-OBFileSpec -FileSpec @("C:\windows", "C:\temp") -Exclude
Add-OBFileSpec -Policy $NewPolicy -FileSpec $Inclusions
BackupSchedule  : 4:00 PM
                  Saturday, Sunday,
                  Every 1 week(s)
DsList          : {DataSource
                  DatasourceId:0
                  Name:C:\
                  FileSpec:FileSpec
                  FileSpec:C:\
                  IsExclude:False
                  IsRecursive:True

                  , DataSource
                  DatasourceId:0
                  Name:D:\
                  FileSpec:FileSpec
                  FileSpec:D:\
                  IsExclude:False
                  IsRecursive:True

                  }
PolicyName      :
RetentionPolicy : Retention Days : 7

                  WeeklyLTRSchedule :
                  Weekly schedule is not set

                  MonthlyLTRSchedule :
                  Monthly schedule is not set

                  YearlyLTRSchedule :
                  Yearly schedule is not set

State           : New
PolicyState     : Valid
Add-OBFileSpec -Policy $NewPolicy -FileSpec $Exclusions
BackupSchedule  : 4:00 PM
                  Saturday, Sunday,
                  Every 1 week(s)
DsList          : {DataSource
                  DatasourceId:0
                  Name:C:\
                  FileSpec:FileSpec
                  FileSpec:C:\
                  IsExclude:False
                  IsRecursive:True
                  ,FileSpec
                  FileSpec:C:\windows
                  IsExclude:True
                  IsRecursive:True
                  ,FileSpec
                  FileSpec:C:\temp
                  IsExclude:True
                  IsRecursive:True

                  , DataSource
                  DatasourceId:0
                  Name:D:\
                  FileSpec:FileSpec
                  FileSpec:D:\
                  IsExclude:False
                  IsRecursive:True

                  }
PolicyName      :
RetentionPolicy : Retention Days : 7

                  WeeklyLTRSchedule :
                  Weekly schedule is not set

                  MonthlyLTRSchedule :
                  Monthly schedule is not set

                  YearlyLTRSchedule :
                  Yearly schedule is not set

State           : New
PolicyState     : Valid

应用策略Applying the policy

现在已完成策略对象,并且具有关联的备份计划、保留策略及文件包含/排除列表。Now the policy object is complete and has an associated backup schedule, retention policy, and an inclusion/exclusion list of files. 现在可以提交此策略以供 Azure 备份使用。This policy can now be committed for Azure Backup to use. 应用新建策略之前,请使用 Remove-OBPolicy cmdlet 确保没有任何现有备份策略与服务器相关联。Before you apply the newly created policy, ensure that there are no existing backup policies associated with the server by using the Remove-OBPolicy cmdlet. 删除策略时,系统会提示用户确认。Removing the policy will prompt for confirmation. 若要跳过确认,请在 cmdlet 中使用 -Confirm:$false 标志。To skip the confirmation, use the -Confirm:$false flag with the cmdlet.

Get-OBPolicy | Remove-OBPolicy
21Vianet Azure Backup Are you sure you want to remove this backup policy? This will delete all the backed up data. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):

使用 Set-OBPolicy cmdlet 可以提交策略对象。Committing the policy object is done using the Set-OBPolicy cmdlet. 这也会提示用户确认。This will also ask for confirmation. 若要跳过确认,请在 cmdlet 中使用 -Confirm:$false 标志。To skip the confirmation, use the -Confirm:$false flag with the cmdlet.

Set-OBPolicy -Policy $NewPolicy
Microsoft Azure Backup Do you want to save this backup policy ? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
BackupSchedule : 4:00 PM Saturday, Sunday, Every 1 week(s)
DsList : {DataSource
         DatasourceId:4508156004108672185
         Name:C:\
         FileSpec:FileSpec
         FileSpec:C:\
         IsExclude:False
         IsRecursive:True,

         FileSpec
         FileSpec:C:\windows
         IsExclude:True
         IsRecursive:True,

         FileSpec
         FileSpec:C:\temp
         IsExclude:True
         IsRecursive:True,

         DataSource
         DatasourceId:4508156005178868542
         Name:D:\
         FileSpec:FileSpec
         FileSpec:D:\
         IsExclude:False
         IsRecursive:True
    }
PolicyName : c2eb6568-8a06-49f4-a20e-3019ae411bac
RetentionPolicy : Retention Days : 7
              WeeklyLTRSchedule :
              Weekly schedule is not set

              MonthlyLTRSchedule :
              Monthly schedule is not set

              YearlyLTRSchedule :
              Yearly schedule is not set
State : Existing PolicyState : Valid

可以使用 Get-OBPolicy cmdlet 来查看现有备份策略的详细信息。You can view the details of the existing backup policy using the Get-OBPolicy cmdlet. 可以使用 Get-OBSchedule cmdlet(适用于备份计划)和 Get-OBRetentionPolicy cmdlet(适用于保留策略)向下钻取You can drill down further using the Get-OBSchedule cmdlet for the backup schedule and the Get-OBRetentionPolicy cmdlet for the retention policies

Get-OBPolicy | Get-OBSchedule
SchedulePolicyName : 71944081-9950-4f7e-841d-32f0a0a1359a
ScheduleRunDays : {Saturday, Sunday}
ScheduleRunTimes : {16:00:00}
State : Existing
Get-OBPolicy | Get-OBRetentionPolicy
RetentionDays : 7
RetentionPolicyName : ca3574ec-8331-46fd-a605-c01743a5265e
State : Existing
Get-OBPolicy | Get-OBFileSpec
FileName : *
FilePath : \?\Volume{b835d359-a1dd-11e2-be72-2016d8d89f0f}\
FileSpec : D:\
IsExclude : False
IsRecursive : True

FileName : *
FilePath : \?\Volume{cdd41007-a22f-11e2-be6c-806e6f6e6963}\
FileSpec : C:\
IsExclude : False
IsRecursive : True

FileName : *
FilePath : \?\Volume{cdd41007-a22f-11e2-be6c-806e6f6e6963}\windows
FileSpec : C:\windows
IsExclude : True
IsRecursive : True

FileName : *
FilePath : \?\Volume{cdd41007-a22f-11e2-be6c-806e6f6e6963}\temp
FileSpec : C:\temp
IsExclude : True
IsRecursive : True

执行按需备份Performing an on-demand backup

设置备份策略之后,会根据计划进行备份。Once a backup policy has been set the backups will occur per the schedule. 也可以使用 Start-OBBackup cmdlet 来触发即席备份:Triggering an ad hoc backup is also possible using the Start-OBBackup cmdlet:

Get-OBPolicy | Start-OBBackup
Initializing
Taking snapshot of volumes...
Preparing storage...
Generating backup metadata information and preparing the metadata VHD...
Data transfer is in progress. It might take longer since it is the first backup and all data needs to be transferred...
Data transfer completed and all backed up data is in the cloud. Verifying data integrity...
Data transfer completed
In progress...
Job completed.
The backup operation completed successfully.

从 Azure 备份还原数据Restore data from Azure Backup

本部分引导用户完成自动从 Azure 备份恢复数据的步骤。This section will guide you through the steps for automating recovery of data from Azure Backup. 此过程涉及以下步骤:Doing so involves the following steps:

  1. 选取源卷Pick the source volume
  2. 选择要还原的备份点Choose a backup point to restore
  3. 指定要还原的项Specify an item to restore
  4. 触发还原过程Trigger the restore process

选取源卷Picking the source volume

若要从 Azure 备份还原某个项,需要先识别该项的源。In order to restore an item from Azure Backup, you first need to identify the source of the item. 由于我们要在 Windows Server 或 Windows 客户端的上下文中执行命令,因此已识别了计算机。Since we're executing the commands in the context of a Windows Server or a Windows client, the machine is already identified. 识别源的下一步是识别它所在的卷。The next step in identifying the source is to identify the volume containing it. 运行 Get-OBRecoverableSource cmdlet 可以检索正在从此计算机备份的卷或源的列表。A list of volumes or sources being backed up from this machine can be retrieved by executing the Get-OBRecoverableSource cmdlet. 此命令返回从此服务器/客户端备份的所有源的数组。This command returns an array of all the sources backed up from this server/client.

$Source = Get-OBRecoverableSource
$Source
FriendlyName : C:\
RecoverySourceName : C:\
ServerName : myserver.microsoft.com

FriendlyName : D:\
RecoverySourceName : D:\
ServerName : myserver.microsoft.com

选择要从中还原的备份点Choosing a backup point from which to restore

结合适当的参数运行 Get-OBRecoverableItem cmdlet 可检索备份点列表。You retrieve a list of backup points by executing the Get-OBRecoverableItem cmdlet with appropriate parameters. 在本示例中,我们选择源卷 D: 的最新备份点,并使用它还原特定的文件。In our example, we’ll choose the latest backup point for the source volume D: and use it to recover a specific file.

$Rps = Get-OBRecoverableItem $Source[0]
$Rps

IsDir                : False
ItemNameFriendly     : C:\
ItemNameGuid         : \\?\Volume{297cbf7a-0000-0000-0000-401f00000000}\
LocalMountPoint      : C:\
MountPointName       : C:\
Name                 : C:\
PointInTime          : 10/17/2019 7:52:13 PM
ServerName           : myserver.microsoft.com
ItemSize             :
ItemLastModifiedTime :

IsDir                : False
ItemNameFriendly     : C:\
ItemNameGuid         : \\?\Volume{297cbf7a-0000-0000-0000-401f00000000}\
LocalMountPoint      : C:\
MountPointName       : C:\
Name                 : C:\
PointInTime          : 10/16/2019 7:00:19 PM
ServerName           : myserver.microsoft.com
ItemSize             :
ItemLastModifiedTime :

对象 $Rps 是备份点数组。The object $Rps is an array of backup points. 第一个元素是最新备份点,第 N 个元素是最旧的备份点。The first element is the latest point and the Nth element is the oldest point. 为了选择最新的点,我们会使用 $Rps[0]To choose the latest point, we will use $Rps[0].

指定要还原的项Specifying an item to restore

若要还原特定文件,请指定与根卷相关的文件名。To restore a specific file, specify the file name relative to the root volume. 例如,若要检索 C:\Test\Cat.job,请执行以下命令。For example, to retrieve C:\Test\Cat.job, execute the following command.

$Item = New-OBRecoverableItem $Rps[0] "Test\cat.jpg" $FALSE
$Item
IsDir                : False
ItemNameFriendly     : C:\Test\cat.jpg
ItemNameGuid         :
LocalMountPoint      : C:\
MountPointName       : C:\
Name                 : cat.jpg
PointInTime          : 10/17/2019 7:52:13 PM
ServerName           : myserver.microsoft.com
ItemSize             :
ItemLastModifiedTime : 21-Jun-14 6:43:02 AM

触发还原过程Triggering the restore process

为了触发还原过程,首先需要指定恢复选项。To trigger the restore process, we first need to specify the recovery options. 这可以使用 New-OBRecoveryOption cmdlet 来完成。This can be done by using the New-OBRecoveryOption cmdlet. 在本示例中,我们假设要将文件还原到 C:\temp。此外,我们假设要跳过目标文件夹 C:\temp 中已存在的文件。若要创建此类恢复选项,请使用以下命令:For this example, let's assume that we want to restore the files to C:\temp. Let's also assume that we want to skip files that already exist on the destination folder C:\temp. To create such a recovery option, use the following command:

$RecoveryOption = New-OBRecoveryOption -DestinationPath "C:\temp" -OverwriteType Skip

现在,请对 Get-OBRecoverableItem cmdlet 输出中的选定 $Item 使用 Start-OBRecovery 命令来触发还原过程:Now trigger the restore process by using the Start-OBRecovery command on the selected $Item from the output of the Get-OBRecoverableItem cmdlet:

Start-OBRecovery -RecoverableItem $Item -RecoveryOption $RecoveryOption
Estimating size of backup items...
Estimating size of backup items...
Estimating size of backup items...
Estimating size of backup items...
Job completed.
The recovery operation completed successfully.

卸载 Azure 备份代理Uninstalling the Azure Backup agent

可以使用以下命令卸载 Azure 备份代理:Uninstalling the Azure Backup agent can be done by using the following command:

.\MARSAgentInstaller.exe /d /q

若要从计算机中卸载代理二进制文件,请注意以下部分后果:Uninstalling the agent binaries from the machine has some consequences to consider:

  • 这会从计算机中删除文件筛选器,并停止跟踪更改。It removes the file-filter from the machine, and tracking of changes is stopped.
  • 所有的策略信息将从计算机中删除,但服务中会继续存储这些策略信息。All policy information is removed from the machine, but the policy information continues to be stored in the service.
  • 所有备份计划都会被删除,且不会进一步创建备份。All backup schedules are removed, and no further backups are taken.

不过,根据设置的保留策略继续保留 Azure 中存储的数据。However, the data stored in Azure remains and is retained as per the retention policy setup by you. 较旧的恢复点会自动过时。Older points are automatically aged out.

远程管理Remote management

围绕 Azure 备份代理、策略和数据源的所有管理工作都可通过 Azure PowerShell 远程完成。All the management around the Azure Backup agent, policies, and data sources can be done remotely through PowerShell. 要远程管理的计算机需要经过适当的准备。The machine that will be managed remotely needs to be prepared correctly.

默认情况下,WinRM 服务已配置为手动启动。By default, the WinRM service is configured for manual startup. 必须将启动类型设置为“自动”,并且应该启动该服务。The startup type must be set to Automatic and the service should be started. 若要确认 WinRM 服务正在运行,“状态”属性的值应该是“正在运行” 。To verify that the WinRM service is running, the value of the Status property should be Running.

Get-Service -Name WinRM
Status   Name               DisplayName
------   ----               -----------
Running  winrm              Windows Remote Management (WS-Manag...

应该针对远程管理配置 PowerShell。PowerShell should be configured for remoting.

Enable-PSRemoting -Force
WinRM is already set up to receive requests on this computer.
WinRM has been updated for remote management.
WinRM firewall exception enabled.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

现在可以远程管理计算机 - 从代理的安装开始。The machine can now be managed remotely - starting from the installation of the agent. 例如,以下脚本会将代理复制到远程计算机并安装代理。For example, the following script copies the agent to the remote machine and installs it.

$DLoc = "\\REMOTESERVER01\c$\Windows\Temp"
$Agent = "\\REMOTESERVER01\c$\Windows\Temp\MARSAgentInstaller.exe"
$Args = "/q"
Copy-Item "C:\Downloads\MARSAgentInstaller.exe" -Destination $DLoc -Force

$Session = New-PSSession -ComputerName REMOTESERVER01
Invoke-Command -Session $Session -Script { param($D, $A) Start-Process -FilePath $D $A -Wait } -ArgumentList $Agent, $Args

后续步骤Next steps

有关适用于 Windows Server/客户端的 Azure 备份的详细信息,请参阅:For more information about Azure Backup for Windows Server/Client: