使用 Azure Data Box 进行 Azure 备份脱机备份Azure Backup offline backup by using Azure Data Box

可以使用 Azure Data Box 将大量初始 Azure 恢复服务 (MARS) 备份以脱机方式(不使用网络)植入到恢复服务保管库。You can use Azure Data Box to seed your large initial Azure Recovery Services (MARS) backups offline (without using network) to a Recovery Services vault. 此过程可节省通过高延迟网络联机移动大量备份数据所需的时间和网络带宽。This process saves time and network bandwidth that would otherwise be consumed moving large amounts of backup data online over a high-latency network. 此增强功能目前为预览版。This enhancement is currently in preview. 基于 Azure 导入/导出服务的脱机备份相比,基于 Azure Data Box 的脱机备份具有两个明显优势:Offline backup based on Azure Data Box provides two distinct advantages over offline backup based on the Azure Import/Export service:

  • 无需购买你自己的与 Azure 兼容的磁盘和连接器。There's no need to procure your own Azure-compatible disks and connectors. Azure Data Box 随附与选定 Data Box SKU 关联的磁盘。Azure Data Box ships the disks associated with the selected Data Box SKU.
  • Azure 备份(MARS 代理)可以直接将备份数据写入支持的 Azure Data Box SKU。Azure Backup (MARS Agent) can directly write backup data onto the supported SKUs of Azure Data Box. 此功能使你无需为初始备份数据预配暂存位置。This capability eliminates the need for you to provision a staging location for your initial backup data. 也不需要使用实用工具来格式化数据并将其复制到磁盘上。You also don't need utilities to format and copy that data onto the disks.

将 Azure Data Box 与 MARS 代理配合使用Azure Data Box with the MARS Agent

本文介绍如何使用 Azure Data Box 以脱机方式将较大初始备份数据从 MARS 代理植入到恢复服务保管库。This article explains how you can use Azure Data Box to seed large initial backup data offline from the MARS Agent to a Recovery Services vault.

支持的平台Supported platforms

以下 Windows SKU 支持通过 Azure Data Box 从 MARS 代理植入数据的过程。The process to seed data from the MARS Agent by using Azure Data Box is supported on the following Windows SKUs.

OSOS SKUSKU
工作站Workstation
Windows 10 64 位Windows 10 64 bit Enterprise、Pro、HomeEnterprise, Pro, Home
Windows 8.1 64 位Windows 8.1 64 bit Enterprise、ProEnterprise, Pro
Windows 8 64 位Windows 8 64 bit Enterprise、ProEnterprise, Pro
Windows 7 64 位Windows 7 64 bit Ultimate、Enterprise、Professional、Home Premium、Home Basic、StarterUltimate, Enterprise, Professional, Home Premium, Home Basic, Starter
ServerServer
Windows Server 2019 64 位Windows Server 2019 64 bit Standard、Datacenter、EssentialsStandard, Datacenter, Essentials
Windows Server 2016 64 位Windows Server 2016 64 bit Standard、Datacenter、EssentialsStandard, Datacenter, Essentials
Windows Server 2012 R2 64 位Windows Server 2012 R2 64 bit Standard、Datacenter、FoundationStandard, Datacenter, Foundation
Windows Server 2012 64 位Windows Server 2012 64 bit Datacenter、Foundation、StandardDatacenter, Foundation, Standard
Windows Storage Server 2016 64 位Windows Storage Server 2016 64 bit Standard、WorkgroupStandard, Workgroup
Windows Storage Server 2012 R2 64 位Windows Storage Server 2012 R2 64 bit Standard、Workgroup、EssentialStandard, Workgroup, Essential
Windows Storage Server 2012 64 位Windows Storage Server 2012 64 bit Standard、WorkgroupStandard, Workgroup
Windows Server 2008 R2 SP1 64 位Windows Server 2008 R2 SP1 64 bit Standard、Enterprise、Datacenter、FoundationStandard, Enterprise, Datacenter, Foundation
Windows Server 2008 SP2 64 位Windows Server 2008 SP2 64 bit Standard、Enterprise、DatacenterStandard, Enterprise, Datacenter

备份数据大小和支持的 Data Box SKUBackup data size and supported Data Box SKUs

每个服务器的备份数据大小(通过 MARS 压缩后)*Backup data size (post-compression by MARS)* per server 支持的 Azure Data Box SKUSupported Azure Data Box SKU
<=7.2 TB<=7.2 TB Azure Data Box DiskAzure Data Box disk

*典型的压缩率在 10% 到 20% 之间变化。*Typical compression rates vary between 10% and 20%.

重要

单个服务器的初始备份数据必须包含在单个 Azure Data Box 实例或 Azure Data Box 磁盘中,不能在相同或不同 SKU 的多个设备之间共享。Initial backup data from a single server must be contained within a single Azure Data Box instance or Azure Data Box disk and can't be shared between multiple devices of the same or different SKUs. 但 Azure Data Box 设备可以包含来自多个服务器的初始备份。But an Azure Data Box device can contain initial backups from multiple servers.

先决条件Prerequisites

Azure 订阅和所需权限Azure subscription and required permissions

  • 此过程需要 Azure 订阅。The process requires an Azure subscription.
  • 此过程要求被指定执行脱机备份策略的用户是 Azure 订阅的所有者。The process requires that the user designated to perform the offline backup policy is an owner of the Azure subscription.
  • Data Box 作业和恢复服务保管库(需将数据植入到的位置)必须位于同一订阅中。The Data Box job and the Recovery Services vault (to which the data needs to be seeded) are required to be in the same subscriptions.
  • 建议目标存储帐户(与 Azure Data Box 作业关联)和恢复服务保管库位于同一区域。We recommend that the target storage account associated with the Azure Data Box job and the Recovery Services vault are in the same region. 但这不是必需的。However, this isn't necessary.

获取 Azure PowerShell 3.7.0Get Azure PowerShell 3.7.0

这是此过程最重要的先决条件。This is the most important prerequisite for the process. 在安装 Azure PowerShell 版本 3.7.0 之前,请执行以下检查。Before you install Azure PowerShell, version 3.7.0, perform the following checks.

步骤 1:检查 PowerShell 版本Step 1: Check the PowerShell version

  1. 打开 Windows PowerShell,运行以下命令:Open Windows PowerShell, and run the following command:

    Get-Module -ListAvailable AzureRM*
    
  2. 如果输出显示的版本高于 3.7.0,则执行“步骤 2”。If the output displays a version higher than 3.7.0, do "Step 2." 否则,请跳至“步骤 3”。Otherwise, skip to "Step 3."

步骤 2:卸载 PowerShell 版本Step 2: Uninstall the PowerShell version

卸载 PowerShell 的当前版本。Uninstall the current version of PowerShell.

  1. 通过在 PowerShell 中运行以下命令来删除依赖模块:Remove the dependent modules by running the following command in PowerShell:

    foreach ($module in (Get-Module -ListAvailable AzureRM*).Name |Get-Unique)  { write-host "Removing Module $module" Uninstall-module $module }
    
  2. 若要确保成功删除所有依赖模块,请运行以下命令:To ensure the successful deletion of all the dependent modules, run the following command:

    Get-Module -ListAvailable AzureRM*
    

步骤 3:安装 PowerShell 版本 3.7.0Step 3: Install PowerShell version 3.7.0

确认任何 AzureRM 模块都不存在之后,请使用以下方法之一安装版本 3.7.0:After you've verified that no AzureRM modules are present, install version 3.7.0 by using one of the following methods:

或者可以:Or you can:

  • 在 PowerShell 窗口中运行以下命令:Run the following command in the PowerShell window:

    Install-Module -Name AzureRM -RequiredVersion 3.7.0
    

也可以使用 msi 文件安装 Azure PowerShell。Azure PowerShell could have also been installed by using an msi file. 若要删除它,请使用控制面板中的“卸载程序”选项将其卸载。To remove it, uninstall it by using the Uninstall programs option in Control Panel.

订购并接收 Data Box 设备Order and receive the Data Box device

使用 MARS 和 Azure Data Box 的脱机备份过程要求 Data Box 设备在你使用 MARS 代理触发脱机备份之前处于“已交货”状态。The offline backup process using MARS and Azure Data Box requires the Data Box devices to be in a Delivered state before you trigger offline backup by using the MARS Agent. 若要订购最符合要求的 SKU,请参阅备份数据大小和支持的 Data Box SKUTo order the most suitable SKU for your requirement, see Backup data size and supported Data Box SKUs. 教程:订购 Azure Data Box 磁盘中的步骤订购和接收 Data Box 设备。Follow the steps in Tutorial: Order an Azure Data Box disk to order and receive your Data Box devices.

重要

请勿选择“BlobStorage”作为“帐户类型”。Don't select BlobStorage for the Account kind. MARS 代理需要一个支持页 blob 的帐户,而在选择 BlobStorage 的情况下,此需求无法满足。The MARS Agent requires an account that supports page blobs, which isn't supported when BlobStorage is selected. 为 Azure Data Box 作业创建目标存储帐户时,请选择“存储 V2 (常规用途 V2)”作为“帐户类型”。 Select Storage V2 (general purpose v2) as the Account kind when you create the target storage account for your Azure Data Box job.

在实例详细信息中选择帐户类型

安装和设置 MARS 代理Install and set up the MARS Agent

  1. 确保卸载以前安装的任何 MARS 代理。Make sure you uninstall any previous installations of the MARS Agent.

  2. 此网站下载最新的 MARS 代理。Download the latest MARS Agent from this website.

  3. 运行 MARSAgentInstaller.exe,只执行安装并注册代理所需的步骤,以便将代理注册到要在其中存储备份的恢复服务保管库。Run MARSAgentInstaller.exe, and do only the steps to install and register the agent to the Recovery Services vault where you want your backups to be stored.

    备注

    恢复服务保管库必须与 Azure Data Box 作业位于同一订阅中。The Recovery Services vault must be in the same subscription as the Azure Data Box job.

    将代理注册到恢复服务保管库后,请按后续部分的步骤操作。After the agent is registered to the Recovery Services vault, follow the steps in the next sections.

设置 Azure Data Box 设备Set up Azure Data Box devices

请根据订购的 Azure Data Box SKU 执行下述相应部分所述的步骤。Depending on the Azure Data Box SKU you ordered, do the steps covered in the appropriate sections that follow. 这些步骤说明了如何为 MARS 代理设置和准备 Data Box 设备,以标识和传输初始备份数据。The steps show you how to set up and prepare the Data Box devices for the MARS Agent to identify and transfer the initial backup data.

设置 Azure Data Box 磁盘Set up Azure Data Box disks

如果订购了一个或多个 Azure Data Box 磁盘(每个磁盘最多 8 TB),请按照此处提到的步骤拆开 Data Box 磁盘的包装并连接和解锁 Data Box 磁盘If you ordered one or more Azure Data Box disks (up to 8 TB each), follow the steps mentioned here to unpack, connect, and unlock your Data Box disk.

备注

带有 MARS 代理的服务器可能没有 USB 端口。It's possible that the server with the MARS Agent doesn't have a USB port. 在这种情况下,可以将 Azure Data Box 磁盘连接到另一个服务器或客户端,并将设备的根目录作为网络共享公开。In that situation, you can connect your Azure Data Box disk to another server or client and expose the root of the device as a network share.

将初始备份数据传输到 Azure Data Box 设备Transfer initial backup data to Azure Data Box devices

  1. 在服务器上打开 Azure 备份应用程序。Open the Azure Backup application on your server.

  2. 在“操作”窗格中,选择“计划备份”。 On the Actions pane, select Schedule Backup.

    选择“计划备份”

  3. 按照计划备份向导中的步骤操作。Follow the steps in the Schedule Backup Wizard.

  4. 通过选择“添加项”按钮来添加项。Add items by selecting the Add Items button. 请将项的总大小保持在你订购并接收的 Azure Data Box SKU 支持的大小限制内。Keep the total size of the items within the size limits supported by the Azure Data Box SKU that you ordered and received.

    添加要备份的项

  5. 选择与“文件和文件夹”和“系统状态”相对应的备份计划和保留策略。 Select the appropriate backup schedule and retention policy for Files and Folders and System State. 系统状态仅适用于 Windows Server,不适用于 Windows 客户端。System state is applicable only for Windows Servers and not for Windows clients.

  6. 在向导的“选择初始备份类型(文件和文件夹)”页上选择“使用 Azure Data Box 磁盘进行传输”选项,然后选择“下一步”。 。On the Choose Initial Backup Type (Files and Folders) page of the wizard, select the option Transfer using Azure Data Box disks and select Next.

    选择初始备份类型

  7. 当系统进行提示时,请使用对 Azure 订阅拥有“所有者”访问权限的用户凭据登录到 Azure。Sign in to Azure when prompted by using the user credentials that have Owner access on the Azure subscription. 成功执行此操作后,会看到如下所示的页面。After you succeed in doing so, you should see a page that resembles this one.

    创建资源并应用所需权限

    然后,MARS 代理会提取订阅中处于“已交货”状态的 Data Box 作业。The MARS Agent then fetches the Data Box jobs in the subscription that are in the Delivered state.

    提取与订阅 ID 相对应的 Data Box 作业

  8. 选择已拆开包装并进行了连接和解锁的 Data Box 磁盘的相应 Data Box 订单。Select the correct Data Box order for which you've unpacked, connected, and unlocked your Data Box disk. 选择“下一步” 。Select Next.

    选择 Data Box 订单

  9. 在“Data Box 设备检测”页上选择“检测设备”。 Select Detect Device on the Data Box Device Detection page. 此操作使 MARS 代理扫描本地连接的 Azure Data Box 磁盘并检测它们。This action makes the MARS Agent scan for locally attached Azure Data Box disks and detect them.

    Data Box 设备检测

    重要

    提供指向 Azure Data Box Disk 的根目录的网络路径。Provide the network path to the root directory of the Azure Data Box disk. 此目录必须包含名为 PageBlob 的目录。This directory must contain a directory by the name PageBlob.

    Azure Data Box 磁盘的根目录

    例如,如果磁盘的路径是 \\mydomain\myserver\disk1\,且 disk1 包含一个名为 PageBlob 的目录,则在 MARS 代理向导页上输入的路径为 \\mydomain\myserver\disk1\For example, if the path of the disk is \\mydomain\myserver\disk1\ and disk1 contains a directory called PageBlob, the path you enter on the MARS Agent wizard page is \\mydomain\myserver\disk1\.

  10. 选择“下一步”,然后在下一页上选择“完成”,以便保存备份和保留策略,其中包含通过使用 Azure Data Box 进行脱机备份的配置。Select Next, and select Finish on the next page to save the backup and retention policy with the configuration of offline backup by using Azure Data Box.

    以下页面确认策略已成功保存。The following page confirms that the policy is saved successfully.

    策略已成功保存

  11. 在上一页上选择“关闭”。Select Close on the previous page.

  12. 在 MARS 代理控制台的“操作”窗格中选择“立即备份”。 Select Back Up Now in the Actions pane of the MARS Agent console. 在向导页上选择“备份”。Select Back Up on the wizard page.

    “立即备份”向导

MARS 代理开始将你选择的数据备份到 Azure Data Box 设备。The MARS Agent starts backing up the data you selected to the Azure Data Box device. 此过程可能需要几小时到几天的时间。This process might take from several hours to a few days. 时间长短取决于文件数,以及装有 MARS 代理的服务器与 Azure Data Box 磁盘之间的连接速度。The amount of time depends on the number of files and connection speed between the server with the MARS Agent and the Azure Data Box disk.

数据备份完成后,MARS 代理上会显示一个如下所示的页面。After the backup of the data is finished, you'll see a page on the MARS Agent that resembles this one.

显示的备份进度

备份后步骤Post-backup steps

此部分介绍在成功地将数据备份到 Azure Data Box Disk 之后要执行的步骤。This section explains the steps to take after the backup of the data to the Azure Data Box Disk is successful.

  • 按照此文中的步骤将 Azure Data Box 磁盘寄送到 AzureFollow the steps in this article to ship the Azure Data Box disk to Azure.

  • 在 Azure 门户中监视 Data Box 作业Monitor the Data Box job in the Azure portal. Azure Data Box 作业完成后,MARS 代理会在下一次执行计划的备份时自动将数据从存储帐户移动到恢复服务保管库。After the Azure Data Box job is finished, the MARS Agent automatically moves the data from the storage account to the Recovery Services vault at the time of the next scheduled backup. 然后,它会将备份作业标记为“作业已完成”(如果成功创建了恢复点)。It then marks the backup job as Job Completed if a recovery point is successfully created.

    备注

    MARS 代理会在创建策略期间按计划的时间触发备份。The MARS Agent triggers backups at the times scheduled during policy creation. 这些作业在完成之前带有“等待 Azure Data Box 作业完成”标记。These jobs flag "Waiting for Azure Data Box job to be completed" until the time the job is finished.

  • 在 MARS 代理成功创建对应于初始备份的恢复点之后,你可以删除与 Azure Data Box 作业关联的存储帐户或特定内容。After the MARS Agent successfully creates a recovery point that corresponds to the initial backup, you can delete the storage account or specific contents associated with the Azure Data Box job.

故障排除Troubleshooting

Azure 恢复服务 (MARS) 代理会在租户中为你创建一个 Azure Active Directory (Azure AD) 应用程序。The Azure Recovery Services (MARS) Agent creates an Azure Active Directory (Azure AD) application for you in your tenant. 此应用程序需要使用在你配置脱机种子设定策略时创建和上传的证书,来进行身份验证。This application requires a certificate for authentication that's created and uploaded when you configure an offline seeding policy. 我们使用 Azure PowerShell 创建证书并将其上传到 Azure AD 应用程序。We use Azure PowerShell to create and upload the certificate to the Azure AD application.

问题Problem

由于 Azure PowerShell cmdlet 中存在 bug,你可能会在配置脱机备份时面临问题。When you configure offline backup, you might face a problem because of a bug in the Azure PowerShell cmdlet. 你可能无法将多个证书添加到 MAB 代理创建的同一个 Azure AD 应用程序中。You might be unable to add multiple certificates to the same Azure AD application created by the MAB Agent. 如果你为相同或不同的服务器配置了脱机种子设定策略,此问题会对你造成影响。This problem will affect you if you configured an offline seeding policy for the same or a different server.

验证问题是否由这个特定的根本原因导致Verify if the problem is caused by this specific root cause

若要了解你的问题是否与前面所述的问题相同,请执行以下步骤之一。To see if your problem is the same as the one previously described, do one of the following steps.

验证步骤 1Step 1 of verification

查看当配置脱机备份时以下错误消息是否显示在 MAB 控制台中。Check to see if the following error message appears in the MAB console when you configured offline backup.

无法为当前 Azure 帐户创建脱机备份策略

验证步骤 2Step 2 of verification

  1. 在安装路径中打开 Temp 文件夹。Open the Temp folder in the installation path. 默认临时文件夹路径为 C:\Program Files\Azure Recovery Services Agent\Temp。查找 CBUICurr 文件,然后打开该文件。The default temp folder path is C:\Program Files\Azure Recovery Services Agent\Temp. Look for the CBUICurr file, and open the file.

  2. 在 CBUICurr 文件中滚动到最后一行,查看问题是否与以下错误消息中的问题相同:Unable to create an Azure AD application credential in customer's account. Exception: Update to existing credential with KeyId <some guid> is not allowedIn the CBUICurr file, scroll to the last line and check to see if the problem is the same as the one in this error message: Unable to create an Azure AD application credential in customer's account. Exception: Update to existing credential with KeyId <some guid> is not allowed.

解决方法Workaround

若要解决此问题,请执行以下步骤,然后重试策略配置。As a workaround to resolve this problem, do the following steps and retry the policy configuration.

解决方法的步骤 1Step 1 of workaround

使用在要创建导入或导出作业的订阅上具有管理员访问权限的另一个帐户,登录到 MAB UI 上显示的 PowerShell。Sign in to PowerShell that appears on the MAB UI by using a different account with admin access on the subscription that will have the import or export job created.

解决方法的步骤 2Step 2 of workaround

如果任何其他服务器均未配置脱机种子设定,而且任何其他服务器均不依赖于 AzureOfflineBackup_<Azure User Id> 应用程序,请删除此应用程序。If no other server has offline seeding configured and no other server is dependent on the AzureOfflineBackup_<Azure User Id> application, delete this application. 选择“Azure 门户” > “Azure Active Directory” > “应用注册”。 Select Azure portal > Azure Active Directory > App registrations.

备注

查看 AzureOfflineBackup_<Azure User Id> 应用程序是否未配置任何其他脱机种子设定,以及是否任何其他服务器均不依赖于此应用程序。Check to see if the AzureOfflineBackup_<Azure User Id> application doesn't have any other offline seeding configured and also if no other server is dependent on this application. 转到“公钥”部分下的“设置” > “密钥”。 Go to Settings > Keys under the Public Keys section. 应该还没有添加任何其他公钥。It shouldn't have any other public keys added. 请参阅下面的屏幕截图。See the following screenshot for reference.

公钥

步骤 3Step 3

在你尝试进行脱机备份配置的服务器中,执行以下操作。From the server you're trying to configure for offline backup, perform the following actions.

  1. 转到“管理计算机证书应用程序” > “个人”选项卡,找到名称为 CB_AzureADCertforOfflineSeeding_<ResourceId> 的证书。 Go to the Manage computer certificate application > Personal tab, and look for the certificate with the name CB_AzureADCertforOfflineSeeding_<ResourceId>.

  2. 选择该证书,右键单击“所有任务”并选择“导出”,以 .cer 格式导出不包含私钥的证书。 Select the certificate, right-click All Tasks, and select Export without a private key in the .cer format.

  3. 转到步骤 2 中提到的 Azure 脱机备份应用程序。Go to the Azure offline backup application mentioned in step 2. 选择“设置” > “密钥” > “上传公钥” 。Select Settings > Keys > Upload Public Key. 上传在上一步骤中导出的证书。Upload the certificate you exported in the previous step.

    上传公钥

  4. 在服务器的“运行”窗口中,输入 regedit 以打开注册表。In the server, open the registry by entering regedit in the run window.

  5. 转到注册表项 Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Backup\Config\CloudBackupProvider。Go to the registry Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Backup\Config\CloudBackupProvider. 右键单击“CloudBackupProvider”并添加名称为 AzureADAppCertThumbprint_<Azure User Id> 的新字符串值。Right-click CloudBackupProvider, and add a new string value with the name AzureADAppCertThumbprint_<Azure User Id>.

    备注

    若要获取 Azure 用户 ID,请执行以下操作之一:To get the Azure user ID, perform one of these actions:

    • 在已连接到 Azure 的 PowerShell 中运行 Get-AzureRmADUser -UserPrincipalName "Account Holder's email as defined in the portal" 命令。From the Azure-connected PowerShell, run the Get-AzureRmADUser -UserPrincipalName "Account Holder's email as defined in the portal" command.
    • 转到名称为 CurrentUserId 的注册表路径 Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Backup\DbgSettings\OnlineBackupGo to the registry path Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Backup\DbgSettings\OnlineBackup with the name CurrentUserId.
  6. 右键单击在上一步骤中添加的字符串并选择“修改”。Right-click the string added in the previous step, and select Modify. 在该值中,提供在步骤 2 中导出的证书的指纹。In the value, provide the thumbprint of the certificate you exported in step 2. 选择“确定” 。Select OK.

  7. 若要获取指纹值,请双击该证书。To get the value of the thumbprint, double-click the certificate. 选择“详细信息”选项卡,并向下滚动,直到看到指纹字段。Select the Details tab, and scroll down until you see the thumbprint field. 选择“指纹”并复制其值。Select Thumbprint, and copy the value.

    证书的指纹字段