什么是 Azure 备份服务?What is the Azure Backup service?

Azure 备份服务将数据备份到 Microsoft Azure 云。The Azure Backup service backs up data to the Microsoft Azure cloud. 可以备份本地计算机和工作负荷,以及 Azure 虚拟机 (VM)。You can back up on-premises machines and workloads, and Azure virtual machines (VMs).

为何使用 Azure 备份?Why use Azure Backup?

Azure 备份具有以下主要优势:Azure Backup delivers these key benefits:

  • 卸载本地备份:Azure 备份提供一个简单的解决方案,可以将本地资源备份到云。Offload on-premises backup: Azure Backup offers a simple solution for backing up your on-premises resources to the cloud. 获取短期和长期备份,不需部署复杂的本地备份解决方案。Get short and long-term backup without the need to deploy complex on-premises backup solutions.
  • 备份 Azure IaaS VM:Azure 备份提供独立且隔离的备份,可以防范原始数据的意外破坏。Back up Azure IaaS VMs: Azure Backup provides independent and isolated backups to guard against accidental destruction of original data. 备份存储在可以对恢复点进行内置托管的恢复服务保管库中。Backups are stored in a Recovery Services vault with built-in managed of recovery points. 配置和可伸缩性很简单,备份经过优化,可以轻松地根据需要还原。Configuration and scalability are simple, backups are optimized, and you can easily restore as needed.
  • 轻松缩放 - Azure 备份利用 Azure 云的基础功能和无限缩放功能实现高可用性 - 无需维护,也无需监视开销。Scale easily - Azure Backup uses the underlying power and unlimited scale of the Azure cloud to deliver high-availability with no maintenance or monitoring overhead.
  • 无限数据传输:Azure 备份不会限制传输的入站或出站数据量,不会对传输的数据收费。Get unlimited data transfer: Azure Backup does not limit the amount of inbound or outbound data you transfer, or charge for the data that is transferred.
    • 出站数据是指还原操作期间从恢复服务保管库传输的数据。Outbound data refers to data transferred from a Recovery Services vault during a restore operation.
    • 如果使用 Azure 导入/导出服务执行脱机初始备份以导入大量数据,则入站数据将产生相关费用。If you perform an offline initial backup using the Azure Import/Export service to import large amounts of data, there is a cost associated with inbound data. 了解详细信息Learn more.
  • 保护数据安全:Azure 备份为保护传输中数据和静态数据提供解决方案。Keep data secure: Azure Backup provides solutions for securing data in transit and at rest.
  • 获取应用一致性备份:应用程序一致性备份意味着恢复点包含还原备份副本所需的所有数据。Get app-consistent backups: An application-consistent backup means a recovery point has all required data to restore the backup copy. Azure 备份提供了应用程序一致性备份,确保了还原数据时无需额外的修补程序。Azure Backup provides application-consistent backups, which ensure additional fixes are not required to restore the data. 还原应用程序一致型数据可减少还原时间,因此可快速恢复到运行状态。Restoring application-consistent data reduces the restoration time, allowing you to quickly return to a running state.
  • 保留短期和长期数据:可将恢复服务保管库用于短期和长期数据保留。Retain short and long-term data: You can use Recovery Services vaults for short-term and long-term data retention. Azure 不会限制恢复服务保管库中数据的保留时间长度。Azure doesn't limit the length of time data can remain in a Recovery Services vault. 可将数据保留任意时间。You can keep it for as long as you like. Azure 备份的限制为每个受保护实例仅限 9999 个恢复点。Azure Backup has a limit of 9999 recovery points per protected instance.
  • 自动存储管理 - 混合环境常常需要异类存储(部分在本地,部分在云)。Automatic storage management - Hybrid environments often require heterogeneous storage - some on-premises and some in the cloud. 通过 Azure 备份,使用本地存储设备时无需付费。With Azure Backup, there is no cost for using on-premises storage devices. Azure 备份会自动分配和管理备份存储,且采用即用即付模型,因此,你只需为消耗的存储付费。Azure Backup automatically allocates and manages backup storage, and it uses a pay-as-you-use model, so that you only pay for the storage you consume. 详细了解定价情况。Learn more about pricing.
  • 多个存储选项 - Azure 备份提供两种类型的复制来保持存储/数据的高可用性。Multiple storage options - Azure Backup offers two types of replication to keep your storage/data highly available.
    • 本地冗余存储 (LRS) 将数据中心的存储缩放单元中的数据复制三次(创建三个数据副本)。Locally redundant storage (LRS) replicates your data three times (it creates three copies of your data) in a storage scale unit in a datacenter. 数据的所有副本存在于同一区域。All copies of the data exist within the same region. LRS 是一个低成本选项,可在本地硬件故障时保护数据。LRS is a low-cost option for protecting your data from local hardware failures.
    • 异地冗余存储 (GRS) 是默认的和推荐的复制选项。Geo-redundant storage (GRS) is the default and recommended replication option. GRS 将数据复制到离源数据主位置数英里之外的次要区域中。GRS replicates your data to a secondary region (hundreds of miles away from the primary location of the source data). GRS 的成本比 LRS 的高,但 GRS 可让数据更为持久,即使出现区域性中断也是如此。GRS costs more than LRS, but GRS provides a higher level of durability for your data, even if there is a regional outage.

Azure 备份与 Azure Site Recovery 的区别是什么?What's the difference between Azure Backup and Azure Site Recovery?

Azure 备份和 Azure Site Recovery 服务有助于企业实现业务连续性和灾难恢复 (BCDR) 策略。Both the Azure Backup and Azure Site Recovery services contribute to a business continuity and disaster recovery (BCDR) strategy in your business. BCDR 包含两个主要目的:BCDR consists of two broad aims:

  • 在出现故障时确保业务数据的安全和可恢复性。Keep your business data safe and recoverable when outages occur.
  • 在计划内和计划外停机期间确保应用和工作负荷启动并运行。Keep your apps and workloads up and running during planned and unplanned downtimes.

两项服务都提供不同但互补的功能。Both services provide complementary but different functionality.

  • Azure Site Recovery:Site Recovery 为本地计算机和 Azure VM 提供灾难恢复解决方案。Azure Site Recovery: Site Recovery provides a disaster recovery solution for on-premises machines, and for Azure VMs. 可以将计算机从主位置复制到辅助位置。You replicate machines from a primary location to a secondary. 出现灾难时,可以将计算机故障转移到辅助位置,从辅助位置访问它们。When disaster strikes, you fail machines over to the secondary location, and access them from there. 一切恢复正常后,可以对计算机执行故障回复,在主站点恢复它们。When everything's up and running normally again, you fail machines back to recover them in the primary site.
  • Azure 备份:Azure 备份服务可以从本地计算机和 Azure VM 备份数据。Azure Backup: The Azure Backup service backs up data from on-premises machines, and Azure VMs. 可以在粒度级别备份和恢复数据,包括对文件、文件夹和计算机系统状态进行备份,以及进行应用感知型数据备份。Data can be backed up and recovered at a granular level, including backup of files, folders, machine system state, and app-aware data backup. Azure 备份处理数据时所在的粒度级别比 Site Recovery 更细。Azure Backup handles data at a more granular level than Site Recovery. 例如,如果便携式计算机上的演示文稿损坏,则可使用 Azure 备份来还原该演示文稿。As an example, if a presentation on your laptop became corrupted, you could use Azure Backup to restore the presentation. 若要确保 VM 配置和数据的安全性和可访问性,则可使用 Site Recovery。If you want to keep a VM configuration and data safe and accessible, you could use Site Recovery.

以表格的形式列出 BCDR 需求。Use the table points to help figure out your BCDR needs.

目标Objective 详细信息Details 比较Comparison
数据备份/保留Data backup/retention 可以根据符合性要求,将备份数据保留和存储数天、数月甚至数年。Backup data can be retained and stored for days, months, or even years if required from a compliance perspective. 可以通过 Azure 备份之类的备份解决方案细致地选取要备份的数据,并对备份和保留策略进行优化。Backup solutions like Azure Backup allow you to finely pick data you want to back up, and finely tune backup and retention policies.

Site Recovery 不允许这样细致的优化。Site Recovery doesn't allow the same fine-tuning.
恢复点目标 (RPO)Recovery point objective (RPO) 在需要执行恢复的情况下可接受的数据丢失量。The amount of acceptable data loss if a recovery needs to be done. 备份的 RPO 的可变性更高。Backups have more variable RPO.

VM 备份的 RPO 通常为一天,而数据库备份的 RPO 可以低至 15 分钟。VM backups usually have an RPO of a day, while database backups have RPOs as low as 15 minutes.

Site Recovery 提供的 RPO 低是因为复制持续且频繁,因此源和副本之间的差异小。Site Recovery provides a low RPO since replication is continuous or frequent, so that the delta between the source and replica copy is small.
恢复时间目标 (RTO)Recovery time objective (RTO) 完成恢复或还原所需的时间量。The amount of time that it takes to complete a recovery or restore. 由于 RPO 较大,备份解决方案需要处理的数据量通常更多,这会导致 RTO 较长。Because of the larger RPO, the amount of data that a backup solution needs to process is typically much higher, which leads to longer RTOs. 例如,根据从异地转送磁带所需的时间,从磁带还原数据可能需要数天的时间。For example, it can take days to restore data from tapes, depending on the time it takes to transport the tape from an off-site location.

支持哪些备份方案?What backup scenarios are supported?

Azure 备份可以备份本地计算机和 Azure VM。Azure Backup can back up both on-premises machines, and Azure VMs.

计算机Machine 备份方案Back up scenario
本地备份On-premises backup 1) 在本地 Windows 计算机上运行 Azure 备份世纪互联 Azure 恢复服务 (MARS) 代理,以备份单个文件和系统状态。1) Run the Azure Backup 21Vianet Azure Recovery Services (MARS) agent on on-premises Windows machines to back up individual files and system state.

2) 将本地计算机备份到备份服务器(System Center Data Protection Manager (DPM) 或世纪互联 Azure 备份服务器 (MABS)),然后将备份服务器配置为备份到 Azure 中的 Azure 备份恢复服务保管库。2) Back up on-premises machines to a backup server (System Center Data Protection Manager (DPM) or 21Vianet Azure Backup Server (MABS)), and then configure the backup server to back up to an Azure Backup Recovery Services vault in Azure.
Azure VMAzure VMs 1) 为单个 Azure VM 启用备份。1) Enable backup for individual Azure VMs. 启用备份时,Azure 备份会在 VM 上运行的 Azure VM 代理中安装一个扩展。When you enable backup, Azure Backup installs an extension to the Azure VM agent that's running on the VM. 该代理备份整个 VM。The agent backs up the entire VM.

2) 在 Azure VM 上运行 MARS 代理。2) Run the MARS agent on an Azure VM. 若要备份 VM 上的单个文件和文件夹,此功能将十分有用。This is useful if you want to back up individual files and folders on the VM.

3) 将 Azure VM 备份到 Azure 中运行的 DPM 服务器或 MABS。3) Back up an Azure VM to a DPM server or MABS running in Azure. 然后使用 Azure 备份将 DPM 服务器/MABS 备份到保管库。Then back up the DPM server/MABS to a vault using Azure Backup.

为何要使用备份服务器?Why use a backup server?

将计算机和应用备份到 MABS/DPM 存储,然后将 DPM/MABS 存储备份到保管库的优点如下所述:The advantages of backing up machines and apps to MABS/DPM storage, and then backing up DPM/MABS storage to a vault are as follows:

  • 备份到 MABS/DPM 可以在文件/文件夹/卷备份以及计算机状态备份(裸机、系统状态)的基础上提供应用感知型备份,后者已针对常用应用(例如 SQL Server、Exchange 和 SharePoint)进行优化。Backing up to MABS/DPM provides app-aware backups optimized for common apps such as SQL Server, Exchange, and SharePoint, in additional to file/folder/volume backups, and machine state backups (bare-metal, system state).
  • 对于本地计算机,不需在要备份的每台计算机上安装 MARS 代理。For on-premises machines, you don't need to install the MARS agent on each machine you want to back up. 每台计算机运行 DPM/MABS 保护代理,而 MARS 代理只在 MABS/DPM 上运行。Each machine runs the DPM/MABS protection agent, and the MARS agent runs on the MABS/DPM only.
  • 有更多适合运行备份的灵活性和粒度计划选项。You have more flexibility and granular scheduling options for running backups.
  • 可以管理多台计算机的备份,这些计算机已在单个控制台中集中到保护组。You can manage backups for multiple machines that you gather into protection groups in a single console. 当应用的分层跨越多台计算机,而你需要将它们一起进行备份时,此方法特别有用。This is particularly useful when apps are tiered over multiple machines and you want to back them up together.

可以备份哪些内容?What can I back up?

计算机Machine 备份方法Backup method 备份Back up
本地 Windows VMOn-premises Windows VMs 运行 MARS 代理Run MARS agent 备份文件、文件夹、系统状态。Back up files, folders, system state.

不支持 Linux 计算机。Linux machines not supported.
本地计算机On-premises machines 备份到 DPM/MABSBack up to DPM/MABS 备份受 DPMMABS 保护的任何内容,包括文件/文件夹/共享/卷以及特定于应用的数据。Back up anything that's protected by DPM or MABS, including files/folders/shares/volumes, and app-specific data.
Azure VMAzure VMs 运行 Azure VM 代理备份扩展Run Azure VM agent backup extension 备份整个 VMBack up entire VM
Azure VMAzure VMs 运行 MARS 代理Run MARS agent 备份文件、文件夹、系统状态。Back up files, folders, system state.

不支持 Linux 计算机。Linux machines not supported.
Azure VMAzure VMs 备份到 Azure 中运行的 MABS/DPMBack up to MABS/DPM running in Azure 备份受 MABSDPM 保护的任何内容,包括文件/文件夹/共享/卷以及特定于应用的数据。Back up anything that's protected by MABS or DPM including files/folders/shares/volumes, and app-specific data.

我需要什么样的备份代理?What backup agents do I need?

方案Scenario 代理Agent
备份 Azure VMBack up Azure VMs 不需要代理。No agent needed. 运行首次 Azure VM 备份时,将在 Azure VM 上安装用于备份的 Azure VM 扩展。Azure VM extension for backup is installed on the Azure VM when you run the first Azure VM backup.

提供 Windows 和 Linux 支持。Support for Windows and Linux support.
备份本地 Windows 计算机Back up of on-premises Windows machines 在计算机上直接下载、安装和运行 MARS 代理。Download, install, and run the MARS agent directly on the machine.
使用 MARS 代理备份 Azure VMBack up Azure VMs with the MARS agent 在计算机上直接下载、安装和运行 MARS 代理。Download, install, and run the MARS agent directly on the machine. MARS 代理可与备份扩展一同运行。The MARS agent can run alongside the backup extension.
将本地计算机和 Azure VM 备份到 DPM/MABSBack up on-premises machines and Azure VMs to DPM/MABS DPM 或 MABS 保护代理在要保护的计算机上运行。The DPM or MABS protection agent runs on the machines you want to protect. MARS 代理在要备份到 Azure 的 DPM 服务器/MABS 上运行。The MARS agent runs on the DPM server/MABS to back up to Azure.

我应该使用哪个备份代理?Which backup agent should I use?

备份Backup 解决方案Solution 限制Limitation
我要备份整个 Azure VMI want to back up an entire Azure VM 为 VM 启用备份。Enable backup for the VM. 备份扩展会在 Windows 或 Linux Azure VM 上自动配置。The backup extension will automatically be configured on the Windows or Linux Azure VM. 备份整个 VMEntire VM is backed up

就 Windows VM 来说,备份为应用一致性备份。For Windows VMs the backup is app-consistent. 就 Linux 来说,备份为文件一致性备份。for Linux the backup is file-consistent. 如果需要对 Linux VM 进行应用感知的备份,则必须使用自定义脚本进行相应配置。If you need app-aware for Linux VMs you have to configure this with custom scripts.
我想要备份 Azure VM 上的特定文件/文件夹I want to back up specific files/folders on Azure VM 在 VM 上部署 MARS 代理。Deploy the MARS agent on the VM.
我想要直接备份本地 Windows 计算机I want to directly back on-premises Windows machines 在计算机上安装 MARS 代理。Install the MARS agent on the machine. 可以将文件、文件夹和系统状态备份到 Azure。You can back up files, folders, and system state to Azure. 备份不是应用感知型。Backups aren't app-aware.
我想要直接备份本地 Linux 计算机I want to directly back up on-premises Linux machines 需先部署 DPM 或 MABS,然后才能将内容备份到 Azure。You need to deploy DPM or MABS to back up to Azure.
我想要备份本地运行的应用I want to back up apps running on on-premises 若要进行应用感知的备份,计算机必须受 DPM 或 MABS 的保护。For app-aware backups machines must be protected by DPM or MABS.
我想要对 Azure VM 使用精细且灵活的备份和恢复设置I want granular and flexible backup and recovery settings for Azure VMs 使用在 Azure 中运行的 MABS/DPM 来保护 Azure VM,这样可以在备份计划方面获得更大的灵活性,并在保护和还原文件、文件夹、卷、应用和系统状态方面获得最大的灵活性。Protect Azure VMs with MABS/DPM running in Azure for additional flexibility in backup scheduling, and full flexibility for protecting and restoring files, folder, volumes, apps, and system state.

备份和保留Backup and retention

Azure 备份针对每个受保护实例实施 9999 个恢复点(也称为备份副本或快照)的限制。 Azure Backup has a limit of 9999 recovery points, also known as backup copies or snapshots, per protected instance.

  • 受保护的实例是计算机、服务器(物理或虚拟)或配置为向 Azure 备份数据的工作负荷。A protected instance is a computer, server (physical or virtual), or workload configured to back up data to Azure. 保存数据的备份副本时,将保护实例。An instance is protected once a backup copy of data has been saved.
  • 数据的备份副本就是保障。The backup copy of data is the protection. 如果源数据丢失或损坏,备份副本可还原源数据。If the source data was lost or became corrupt, the backup copy could restore the source data.

下表显示每个组件的最大备份频率。The following table shows the maximum backup frequency for each component. 备份策略配置决定使用恢复点的速度。Your backup policy configuration determines how quickly you consume the recovery points. 例如,如果每天创建恢复点,那么恢复点可保留 27 年才到期。如果每月创建恢复点,那么恢复点可保留 833 年才到期。备份服务不会为恢复点设置到期时间限制。For example, if you create a recovery point each day, then you can retain recovery points for 27 years before you run out. If you take a monthly recovery point, you can retain recovery points for 833 years before you run out. The Backup service does not set an expiration time limit on a recovery point.

Azure 备份代理Azure Backup agent System Center DPMSystem Center DPM Azure 备份服务器Azure Backup Server Azure IaaS VM 备份Azure IaaS VM Backup
备份频率Backup frequency
(到恢复服务保管库)(to Recovery Services vault)
每天三次备份Three backups per day 每天备份两次Two backups per day 每天备份两次Two backups per day 每天一次备份One backup per day
备份频率Backup frequency
(到磁盘)(to disk)
不适用Not applicable SQL Server 每隔 15 分钟Every 15 minutes for SQL Server

其他工作负荷每隔 1 小时Every hour for other workloads
SQL Server 每隔 15 分钟Every 15 minutes for SQL Server

其他工作负荷每隔 1 小时Every hour for other workloads
不适用Not applicable
保留期选项Retention options 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly
每个受保护实例的最大恢复点数Maximum recovery points per protected instance 99999999 99999999 99999999 99999999
最大保留期Maximum retention period 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency
本地磁盘上的恢复点Recovery points on local disk 不适用Not applicable 对于文件服务器为 6464 for File Servers

对于应用程序服务器为 448448 for Application Servers
对于文件服务器为 6464 for File Servers

对于应用程序服务器为 448448 for Application Servers
不适用Not applicable
磁带上的恢复点Recovery points on tape 不适用Not applicable 无限制Unlimited 不适用Not applicable 不适用Not applicable

Azure 备份如何使用加密?How does Azure Backup work with encryption?

加密Encryption 本地备份Back up on-premises 备份 Azure VMBack up Azure VMs 在 Azure VM 上备份 SQL ServerBack up SQL on Azure VMs
静态加密Encryption at rest
(对保留/存储的数据进行加密)(Encryption of data where it's persisted/stored)
客户指定的密码短语用于加密数据Customer-specified passphrase is used to encrypt data Azure 存储服务加密 (SSE) 用于加密存储在保管库中的数据。Azure Storage Service Encryption (SSE) is used to encrypt data stored in the vault.

备份会在存储数据之前自动加密数据。Backup automatically encrypts data before storing it. Azure 存储会在检索数据之前解密数据。Azure Storage decrypts data before retrieving it. 目前不支持使用客户托管的 SSE 密钥。Use of customer-managed keys for SSE is not currently supported.

可以将使用 Azure 磁盘加密 (ADE) 来加密 OS 和数据磁盘的 VM 进行备份。You can back up VMs that use Azure disk encryption (ADE) to encrypt OS and data disks. Azure 备份支持仅使用 BEK 加密的 VM 以及同时使用 BEK 和 KEK 加密的 VM。Azure Backup supports VMs encrypted with BEK-only, and with both BEK and KEK. 查看限制Review the limitations.
Azure 备份支持备份启用了 TDE 的 SQL Server 数据库或服务器。Azure Backup supports backup of SQL Server databases or server with TDE enabled. Azure 备份支持由 Azure 托管密钥的或由客户托管密钥 (BYOK) 的 TDE。Backup supports TDE with keys managed by Azure, or with customer-managed keys (BYOK).

Azure 备份不会在备份过程中执行任何 SQL 加密。Backup doesn't perform any SQL encryption as part of the backup process.
传输中加密Encryption in transit
(从一个位置向另一个位置移动的数据的加密)(Encryption of data moving from one location to another)
数据使用 AES256 加密,并通过 HTTPS 发送到 Azure 中的保管库Data is encrypted using AES256 and sent to the vault in Azure over HTTPS 在 Azure 中,Azure 存储与保管库之间传输的数据受 HTTPS 保护。Within Azure, data between Azure storage and the vault is protected by HTTPS. 此数据保留在 Azure 主干网络上。This data remains on the Azure backbone network.

对于文件恢复,iSCSI 会保护保管库和 Azure VM 之间传输的数据。For file recovery, iSCSI secures the data transmitted between the vault and the Azure VM. 安全隧道可保护 iSCSI 通道。Secure tunneling protects the iSCSI channel.
在 Azure 中,Azure 存储与保管库之间传输的数据受 HTTPS 保护。Within Azure, data between Azure storage and the vault is protected by HTTPS.

文件恢复与 SQL 无关。File recovery not relevant for SQL.

后续步骤Next steps