物理服务器到 Azure 的灾难恢复体系结构Physical server to Azure disaster recovery architecture

本文介绍了使用 Azure Site Recovery 服务在本地站点与 Azure 之间对物理 Windows 和 Linux 服务器进行复制、故障转移和恢复时使用的体系结构和过程。This article describes the architecture and processes used when you replicate, fail over, and recover physical Windows and Linux servers between an on-premises site and Azure, using the Azure Site Recovery service.

体系结构组件Architectural components

下面的表和图提供了用于将物理服务器复制到 Azure 的组件的概要视图。The following table and graphic provides a high-level view of the components used for physical server replication to Azure.

组件Component 要求Requirement 详细信息Details
AzureAzure Azure 订阅和 Azure 网络。An Azure subscription and an Azure network. 从本地物理计算机器复制的数据存储在 Azure 托管磁盘中。Replicated data from on-premises physical machines is stored in Azure managed disks. 运行从本地到 Azure 的故障转移时,将使用复制的数据创建 Azure VM。Azure VMs are created with the replicated data when you run a failover from on-premises to Azure. 创建 Azure VM 后,它们将连接到 Azure 虚拟网络。The Azure VMs connect to the Azure virtual network when they're created.
进程服务器Process server 默认与配置服务器安装在一起。Installed by default together with the configuration server. 充当复制网关。Acts as a replication gateway. 接收复制数据,通过缓存、压缩和加密对其进行优化,然后将数据发送到 Azure 存储。Receives replication data, optimizes it with caching, compression, and encryption, and sends it to Azure storage.

进程服务器还在要复制的服务器上安装移动服务。The process server also installs the Mobility service on servers you want to replicate.

随着部署扩大,可以另外添加单独的进程服务器来处理更大的复制流量。As your deployment grows, you can add additional, separate process servers to handle larger volumes of replication traffic.
主目标服务器Master target server 默认与配置服务器安装在一起。Installed by default together with the configuration server. 处理从 Azure 进行故障回复期间产生的复制数据。Handles replication data during fail back from Azure.

对于大型部署,可以另外添加一个单独的主目标服务器用于故障回复。For large deployments, you can add an additional, separate master target server for failback.
复制的服务器Replicated servers 移动服务安装在复制的每台服务器上。The Mobility service is installed on each server you replicate. 建议允许从进程服务器自动安装。We recommend you allow automatic installation from the process server. 也可手动安装此服务,或者使用 Configuration Manager 等自动部署方法。Or, you can install the service manually, or use an automated deployment method such as Configuration Manager.

物理机到 Azure 体系结构Physical to Azure architecture

组件

设置出站网络连接Set up outbound network connectivity

若要使 Site Recovery 按预期工作,需修改出站网络连接以使环境进行复制。For Site Recovery to work as expected, you need to modify outbound network connectivity to allow your environment to replicate.

备注

Site Recovery 不支持使用身份验证代理来控制网络连接。Site Recovery doesn't support using an authentication proxy to control network connectivity.

URL 的出站连接Outbound connectivity for URLs

如果使用基于 URL 的防火墙代理来控制出站连接,请允许访问以下 URL:If you're using a URL-based firewall proxy to control outbound connectivity, allow access to these URLs:

名称Name Azure 中国世纪互联Azure China 21Vianet 说明Description
存储Storage *.blob.core.chinacloudapi.cn 允许将数据从 VM 写入源区域中的缓存存储帐户。Allows data to be written from the VM to the cache storage account in the source region.
Azure Active DirectoryAzure Active Directory login.chinacloudapi.cn 向 Site Recovery 服务 URL 提供授权和身份验证。Provides authorization and authentication to Site Recovery service URLs.
复制Replication *.hypervrecoverymanager.windowsazure.cn 允许 VM 与 Site Recovery 服务进行通信。Allows the VM to communicate with the Site Recovery service.
服务总线Service Bus *.servicebus.chinacloudapi.cn 允许 VM 写入 Site Recovery 监视和诊断数据。Allows the VM to write Site Recovery monitoring and diagnostics data.

复制过程Replication process

  1. 创建部署,包括本地和 Azure 组件。You set up the deployment, including on-premises and Azure components. 在恢复服务保管库中,指定复制源和目标,设置配置服务器,创建复制策略并启用复制。In the Recovery Services vault, you specify the replication source and target, set up the configuration server, create a replication policy, and enable replication.

  2. 计算机使用复制策略进行复制,服务器数据的初始副本复制到 Azure 存储中。Machines replicate using the replication policy, and an initial copy of the server data is replicated to Azure storage.

  3. 完成初始复制后,开始将增量更改复制到 Azure。After initial replication finishes, replication of delta changes to Azure begins. 计算机的受跟踪更改保存在扩展名为 .hrl 的文件中。Tracked changes for a machine are held in a file with the .hrl extension.

    • 计算机在 HTTPS 入站端口 443 上与配置服务器通信,进行复制管理。Machines communicate with the configuration server on HTTPS port 443 inbound, for replication management.
    • 计算机在 HTTPS 入站端口 9443(可修改)上将复制数据发送到进程服务器。Machines send replication data to the process server on HTTPS port 9443 inbound (can be modified).
    • 配置服务器通过 HTTPS 出站端口 443 与 Azure 协调复制管理。The configuration server orchestrates replication management with Azure over HTTPS port 443 outbound.
    • 进程服务器从源计算机接收数据、优化和加密数据,然后通过 HTTPS 出站端口 443 将其发送到 Azure 存储。The process server receives data from source machines, optimizes and encrypts it, and sends it to Azure storage over HTTPS port 443 outbound.
    • 如果启用了多 VM 一致性,则复制组中的计算机将通过端口 20004 相互通信。If you enable multi-VM consistency, machines in the replication group communicate with each other over port 20004. 如果将多台计算机分组到复制组,并且这些组在故障转移时共享崩溃一致且应用一致的恢复点,请使用多 VM 方案。Multi-VM is used if you group multiple machines into replication groups that share crash-consistent and app-consistent recovery points when they fail over. 如果计算机运行相同的工作负载并需要保持一致,则这些组非常有用。These groups are useful if machines are running the same workload and need to be consistent.
  4. 流量通过 Internet 复制到 Azure 存储公共终结点。Traffic is replicated to Azure storage public endpoints, over the internet. 或者,可以使用 Azure ExpressRoute 公共对等互连Alternately, you can use Azure ExpressRoute public peering.

    备注

    不支持使用站点到站点 VPN 通过本地站点或 Azure ExpressRoute 专用对等互连进行复制。Replication isn't supported over a site-to-site VPN from an on-premises site or Azure ExpressRoute private peering.

物理机到 Azure 的复制过程Physical to Azure replication process

复制过程

故障转移和故障回复过程Failover and failback process

在设置复制后,可以运行故障恢复演练(测试性故障转移)来检查是否一切都符合预期。After replication is set up, you can run a disaster recovery drill (test failover) to check that everything works as expected. 然后,可以根据需要进行故障转移和故障回复。Then, you can fail over and fail back as needed. 请考虑以下事项:Consider the following items:

  • 不支持计划内故障转移。Planned failover isn't supported.
  • 必须故障回复到本地 VMware VM。Fail back to an on-premises VMware VM is necessary. 即使在将本地物理服务器复制到 Azure 的时候,也需要本地 VMware 基础结构。You need an on-premises VMware infrastructure, even when you replicate on-premises physical servers to Azure.
  • 对单台计算机进行故障转移,或者创建恢复计划来同时对多台计算机进行故障转移。You fail over a single machine, or create recovery plans, to fail over multiple machines together.
  • 运行故障转移时,使用 Azure 存储中复制的数据创建 Azure VM。When you run a failover, Azure VMs are created from replicated data in Azure storage.
  • 触发初始故障转移之后,提交它即可开始访问 Azure VM 中的工作负载。After the initial failover is triggered, you commit it to start accessing the workload from the Azure VM.
  • 当本地主站点再次可用时,便可以故障回复。When your primary on-premises site is available again, you can fail back.
  • 设置故障回复基础结构,其中包括:Set up a failback infrastructure that includes:
    • Azure 中的临时进程服务器:若要从 Azure 进行故障回复,需要设置用作进程服务器的 Azure VM,以处理从 Azure 进行的复制。Temporary process server in Azure: To fail back from Azure, you set up an Azure VM to act as a process server, to handle replication from Azure. 故障回复完成后,可以删除此 VM。You can delete this VM after fail back finishes.
    • VPN 连接:若要进行故障回复,需要设置从 Azure 网络到本地站点的 VPN 连接(或 Azure ExpressRoute)。VPN connection: To fail back, you need a VPN connection (or Azure ExpressRoute) from the Azure network to the on-premises site.
    • 单独的主目标服务器:默认情况下,故障回复由本地 VMware VM 上与配置服务器一起安装的主目标服务器处理。Separate master target server: By default, the fail back is handled by the master target server that was installed with the configuration server on the on-premises VMware VM. 如需对大量流量进行故障回复,应设置独立的本地主目标服务器。If you need to fail back large volumes of traffic, you should set up a separate on-premises master target server.
    • 故障回复策略:若要复制回到本地站点,需要创建故障回复策略。Failback policy: To replicate back to your on-premises site, you need a failback policy. 此策略是在创建从本地到 Azure 的复制策略时自动创建的。The policy was automatically created when you created your replication policy from on-premises to Azure.
    • VMware 基础结构:若要进行故障回复,需要 VMware 基础结构。VMware infrastructure: To fail back, you need a VMware infrastructure. 不能故障回复到物理服务器。You can't fail back to a physical server.
  • 组件就位后,故障回复分三个阶段进行:After the components are in place, fail back occurs in three stages:
    • 第 1 阶段:重新保护 Azure VM,以便它们可以从 Azure 复制回本地 VMware VM。Stage 1: Reprotect the Azure VMs so that they replicate from Azure back to the on-premises VMware VMs.
    • 第 2 阶段:运行到本地站点的故障转移。Stage 2: Run a failover to the on-premises site.
    • 第 3 阶段:在工作负荷进行故障回复后,重新启用复制。Stage 3: After workloads have failed back, you reenable replication.

从 Azure 进行 VMware 故障回复VMware failback from Azure

故障回复

后续步骤Next steps

若要设置从物理服务器到 Azure 的灾难恢复,请参阅操作指南To set up disaster recovery for physical servers to Azure, see the how-to guide.