有关使用 Azure Database for PostgreSQL - 单一服务器确保业务连续性的概述Overview of business continuity with Azure Database for PostgreSQL - Single Server

本概述介绍了 Azure Database for PostgreSQL 针对业务连续性和灾难恢复所提供的功能。This overview describes the capabilities that Azure Database for PostgreSQL provides for business continuity and disaster recovery. 了解在发生破坏性事件后用于进行恢复的选项,破坏性事件可能导致数据丢失或者数据库和应用程序无法使用。Learn about options for recovering from disruptive events that could cause data loss or cause your database and application to become unavailable. 了解对一些情况的处理方式,包括用户或应用程序错误影响数据完整性、Azure 区域发生服务中断,或者应用程序需要维护。Learn what to do when a user or application error affects data integrity, an Azure region has an outage, or your application requires maintenance.

可用来提供业务连续性的功能Features that you can use to provide business continuity

制定业务连续性计划时,需了解应用程序在破坏性事件发生后完全恢复前的最大可接受时间,即恢复时间目标 (RTO)。As you develop your business continuity plan, you need to understand the maximum acceptable time before the application fully recovers after the disruptive event - this is your Recovery Time Objective (RTO). 此外,还需要了解从破坏性事件恢复时,应用程序可忍受丢失的最近数据更新(时间间隔)最大数量,即恢复点目标 (RPO)。You also need to understand the maximum amount of recent data updates (time interval) the application can tolerate losing when recovering after the disruptive event - this is your Recovery Point Objective (RPO).

Azure Database for PostgreSQL 提供了业务连续性功能,这些功能包括能够启动异地还原的异地冗余备份,以及将只读副本部署到不同区域中的功能。Azure Database for PostgreSQL provides business continuity features that include geo-redundant backups with the ability to initiate geo-restore, and deploying read replicas in a different region. 每种功能在恢复时间和可能丢失数据方面都有不同的特性。Each has different characteristics for the recovery time and the potential data loss. 启用异地还原功能时,可以使用从另一个区域复制的备份数据创建新的服务器。With Geo-restore feature, a new server is created using the backup data that is replicated from another region. 还原和恢复所需的总时间取决于数据库的大小和要恢复的日志数量。The overall time it takes to restore and recover depends on the size of the database and the amount of logs to recover. 建立服务器的总时间从几分钟到几小时不等。The overall time to establish the server varies from few minutes to few hours. 使用只读副本,来自主数据库的事务日志会以异步方式流式传输到副本。With read replicas, transaction logs from the primary are asynchronously streamed to the replica. 如果由于地区级或区域级故障导致主数据库中断,则故障转移到副本可提供较短的 RTO,并会减少数据丢失的情况。In the event of a primary database outage due to a zone-level or a region-level fault, failing over to the replica provides a shorter RTO and reduced data loss.

备注

主数据库和副本之间的延迟取决于站点之间的延迟以及要传输的数据量,最重要的是取决于主服务器的写入工作负载。The lag between the primary and the replica depends on the latency between the sites, the amount of data to be transmitted and most importantly on the write workload of the primary server. 大量写入工作负载可能会产生明显的延迟。Heavy write workloads can generate significant lag.

由于用于只读副本的复制技术具有异步特性,因此不应将它们视为高可用性 (HA) 解决方案,更高的延迟可能意味着 RTO 和 RPO 更高。Because of asynchronous nature of replication used for read-replicas, they should not be considered as a High Availability (HA) solution since the higher lags can mean higher RTO and RPO. 仅针对在工作负载高峰和非高峰时间延迟仍然较小的工作负载,只读副本才可以用作 HA 的替代方案。Only for workloads where the lag remains smaller through the peak and non-peak times of the workload, read replicas can act as a HA alternative. 否则,只读副本将用于真正的读取缩放,以应对频繁读取的工作负载和(灾难恢复)DR 场景。Otherwise read replicas are intended for true read-scale for ready heavy workloads and for (Disaster Recovery) DR scenarios.

下表比较了典型工作负载中的 RTO 和 RPO:The following table compares RTO and RPO in a typical workload scenario:

功能Capability 基本Basic 常规用途General Purpose 内存优化Memory optimized
从备份执行时间点还原Point in Time Restore from backup 保留期内的任何还原点Any restore point within the retention period 保留期内的任何还原点Any restore point within the retention period 保留期内的任何还原点Any restore point within the retention period
从异地复制的备份执行异地还原Geo-restore from geo-replicated backups 不支持Not supported RTO - 可变RTO - Varies
RPO < 1 小时RPO < 1 h
RTO - 可变RTO - Varies
RPO < 1 小时RPO < 1 h
只读副本Read replicas RTO - 几分钟*RTO - Minutes*
RPO < 5 分钟*RPO < 5 min*
RTO - 几分钟*RTO - Minutes*
RPO < 5 分钟*RPO < 5 min*
RTO - 几分钟*RTO - Minutes*
RPO < 5 分钟*RPO < 5 min*

* 在某些情况下,RTO 和 RPO 可能会更高,具体取决于各种因素(包括站点间的延迟,以及重要的主数据库写入工作负载)。* RTO and RPO can be much higher in some cases depending on various factors including latency between sites, the amount of data to be transmitted, and importantly primary database write workload.

在发生用户或应用程序错误之后恢复服务器Recover a server after a user or application error

可以使用服务的备份在发生各种破坏性事件后对服务器进行恢复。You can use the service's backups to recover a server from various disruptive events. 用户可能会不小心删除某些数据、无意中删除重要的表,甚至删除整个数据库。A user may accidentally delete some data, inadvertently drop an important table, or even drop an entire database. 应用程序可能因为自身缺陷,意外以错误数据覆盖正确数据,等等。An application might accidentally overwrite good data with bad data due to an application defect, and so on.

可以执行 时间点还原 来创建服务器在已知良好的时间点的副本。You can perform a point-in-time-restore to create a copy of your server to a known good point in time. 此时间点必须在为服务器配置的备份保留期内。This point in time must be within the backup retention period you have configured for your server. 在将数据还原到新服务器后,可以将原始服务器替换为新还原的服务器,或者将所需的数据从还原的服务器复制到原始服务器。After the data is restored to the new server, you can either replace the original server with the newly restored server or copy the needed data from the restored server into the original server.

重要

已删除的服务器 无法 还原。Deleted servers cannot be restored. 如果删除服务器,则属于该服务器的所有数据库也会被删除且不可恢复。If you delete the server, all databases that belong to the server are also deleted and cannot be recovered. 使用 Azure 资源锁帮助防止意外删除服务器。Use Azure resource lock to help prevent accidental deletion of your server.

从 Azure 数据中心服务中断进行恢复Recover from an Azure data center outage

Azure 数据中心会罕见地发生中断。Although rare, an Azure data center can have an outage. 发生中断时,可能仅导致业务中断持续几分钟,也可能持续数小时。When an outage occurs, it causes a business disruption that might only last a few minutes, but could last for hours.

一个选项是等待数据中心中断结束时,服务器重新联机。One option is to wait for your server to come back online when the data center outage is over. 这适用于可以承受服务器脱机一段时间的应用程序,例如开发环境。This works for applications that can afford to have the server offline for some period of time, for example a development environment. 当数据中心发生服务中断时,你不知道中断可能会持续多长时间,因此该选项仅在一段时间不需要服务器时才有效。When a data center has an outage, you do not know how long the outage might last, so this option only works if you don't need your server for a while.

异地还原Geo-restore

异地还原功能使用异地冗余备份来还原服务器。The geo-restore feature restores the server using geo-redundant backups. 备份托管在服务器的配对区域中。The backups are hosted in your server's paired region. 可以使用这些备份还原到任何其他区域。You can restore from these backups to any other region. 异地还原使用备份中的数据创建新的服务器。The geo-restore creates a new server with the data from the backups. 备份和还原概念文章详细了解异地还原。Learn more about geo-restore from the backup and restore concepts article.

重要

只有当为服务器预配了异地冗余备份存储时,异地还原才是可行的。Geo-restore is only possible if you provisioned the server with geo-redundant backup storage. 如果要从现有服务器的本地冗余切换到异地冗余备份,必须使用现有服务器的 pg_dump 进行转储,然后将其还原到配置了异地冗余的新建服务器中。If you wish to switch from locally redundant to geo-redundant backups for an existing server, you must take a dump using pg_dump of your existing server and restore it to a newly created server configured with geo-redundant backups.

跨区域只读副本Cross-region read replicas

可以使用跨区域只读副本来增强业务连续性和灾难恢复规划。You can use cross region read replicas to enhance your business continuity and disaster recovery planning. 只读副本使用 PostgreSQL 的物理复制技术进行异步更新,可能与主数据库之间存在延迟。Read replicas are updated asynchronously using PostgreSQL's physical replication technology, and may lag the primary. 只读副本概念文章详细了解有关只读副本、可用区域以及如何进行故障转移的信息。Learn more about read replicas, available regions, and how to fail over from the read replicas concepts article.

常见问题解答FAQ

Azure Database for PostgreSQL 将客户数据存储在何处?Where does Azure Database for PostgreSQL store customer data?

默认情况下,Azure Database for PostgreSQL 不会将客户数据移出部署的区域。By default, Azure Database for PostgreSQL doesn't move or store customer data out of the region it is deployed in. 但是,客户可以选择启用地域冗余备份或创建跨区域读取副本,以便在另一个区域存储数据。However, customers can optionally chose to enable geo-redundant backups or create cross-region read replica for storing data in another region.

后续步骤Next steps