针对本地物理服务器设置到 Azure 的灾难恢复Set up disaster recovery to Azure for on-premises physical servers

Azure Site Recovery 服务可管理和协调本地计算机和 Azure 虚拟机 (VM) 的复制、故障转移和故障回复,进而有利于灾难恢复策略。The Azure Site Recovery service contributes to your disaster recovery strategy by managing and orchestrating replication, failover, and failback of on-premises machines, and Azure virtual machines (VMs).

本教程演示如何对本地物理 Windows 和 Linux 服务器设置到 Azure 的灾难恢复。This tutorial shows you how to set up disaster recovery of on-premises physical Windows and Linux servers to Azure. 在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 设置 Azure 和本地先决条件Set up Azure and on-premises prerequisites
  • 为 Site Recovery 创建恢复服务保管库Create a Recovery Services vault for Site Recovery
  • 设置源和目标复制环境Set up the source and target replication environments
  • 创建复制策略Create a replication policy
  • 为服务器启用复制Enable replication for a server

必备条件Prerequisites

完成本教程:To complete this tutorial:

  • 请确保了解此方案的体系结构和组件Make sure that you understand the architecture and components for this scenario.
  • 查看所有组件的支持要求Review the support requirements for all components.
  • 请确保想要复制的服务器符合 Azure VM 要求Make sure that the servers you want to replicate comply with Azure VM requirements.
  • 准备 Azure。Prepare Azure. 需要 Azure 订阅、Azure 虚拟网络和存储帐户。You need an Azure subscription, an Azure virtual network, and a storage account.
  • 准备一个帐户用于在要复制的每个服务器上自动安装移动服务。Prepare an account for automatic installation of the Mobility service on each server you want to replicate.

在开始之前,请注意:Before you begin, note that:

  • 故障转移到 Azure 后,物理服务器将不能故障回复到本地物理计算机。After failover to Azure, physical servers can't be failed back to on-premises physical machines. 只能故障回复到 VMware VM。You can only fail back to VMware VMs.
  • 本教程使用最简单的设置设置到 Azure 的物理服务器灾难恢复。This tutorial sets up physical server disaster recovery to Azure with the simplest settings. 如果想要了解其他选项,请通读我们的操作方法指南:If you want to learn about other options, read through our How To guides:

设置 Azure 帐户Set up an Azure account

获取 Azure 帐户Get an Azure account.

验证 Azure 帐户权限Verify Azure account permissions

请确保 Azure 帐户具有将 VM 复制到 Azure 的权限。Make sure your Azure account has permissions for replication of VMs to Azure.

设置 Azure 网络Set up an Azure network

设置 Azure 网络Set up an Azure network.

  • 在故障转移后创建 Azure VM 时,Azure VM 将置于此网络中。Azure VMs are placed in this network when they're created after failover.
  • 该网络应位于与恢复服务保管库相同的区域The network should be in the same region as the Recovery Services vault

设置 Azure 存储帐户Set up an Azure storage account

设置 Azure 存储帐户Set up an Azure storage account.

  • Site Recovery 将本地计算机复制到 Azure 存储。Site Recovery replicates on-premises machines to Azure storage. 发生故障转移后,将从存储中创建 Azure VM。Azure VMs are created from the storage after failover occurs.
  • 存储帐户必须位于与恢复服务保管库相同的区域。The storage account must be in the same region as the Recovery Services vault.

准备一个帐户用于安装移动服务Prepare an account for Mobility service installation

必须在要复制的每个服务器上安装 Mobility Service。The Mobility service must be installed on each server you want to replicate. 为服务器启用复制后,Site Recovery 会自动安装此服务。Site Recovery installs this service automatically when you enable replication for the server. 若要自动安装,需要准备一个由 Site Recovery 用于访问服务器的帐户。To install automatically, you need to prepare an account that Site Recovery will use to access the server.

  • 可以使用域或本地帐户You can use a domain or local account
  • 对于 Windows VM,如果使用的不是域帐户,则在本地计算机上禁用远程用户访问控制。For Windows VMs, if you're not using a domain account, disable Remote User Access control on the local machine. 为此,请在注册表中的 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 下添加值为 1 的 DWORD 项 LocalAccountTokenFilterPolicyTo do this, in the register under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy, with a value of 1.
  • 若要添加注册表项以禁用 CLI 中的设置,请键入:REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1.To add the registry entry to disable the setting from a CLI, type: REG ADD HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1.
  • 对于 Linux,该帐户应是源 Linux 服务器上的根。For Linux, the account should be root on the source Linux server.

创建保管库Create a vault

  1. 登录到 Azure 门户 > 恢复服务Sign in to the Azure portal > Recovery Services.

  2. 单击“创建资源” > “监视 + 管理” > “备份和站点恢复” 。Click Create a resource > Monitoring + Management > Backup and Site Recovery.

  3. 在“名称” 中,指定一个友好名称以标识该保管库。In Name, specify a friendly name to identify the vault. 如果有多个订阅,请选择合适的一个。If you have more than one subscription, select the appropriate one.

  4. 创建一个资源组或选择现有的资源组。Create a resource group, or select an existing one. 指定 Azure 区域。Specify an Azure region.

  5. 要从仪表板快速访问保管库,请单击“固定到仪表板” > “创建” 。To quickly access the vault from the dashboard, click Pin to dashboard > Create.

    新保管库

    新保管库会显示在“仪表板” “所有资源”中,以及“恢复服务保管库”主页面上。 > The new vault will appear on the Dashboard > All resources, and on the main Recovery Services vaults page.

选择保护目标Select a protection goal

选择要复制的内容以及要将内容复制到的位置。Select what to replicate, and to replicate it to.

  1. 单击“恢复服务保管库” > 保管库。Click Recovery Services vaults > vault.
  2. 在“资源”菜单中,依次单击“Site Recovery” > “准备基础结构” > “保护目标” 。In the Resource Menu, click Site Recovery > Prepare Infrastructure > Protection goal.
  3. 在“保护目标” 中,选择“到 Azure” > “未虚拟化/其他” 。In Protection goal, select To Azure > Not virtualized/Other.

设置源环境Set up the source environment

设置配置服务器,将它注册到保管库中,并且发现 VM。Set up the configuration server, register it in the vault, and discover VMs.

  1. 单击“Site Recovery” > “准备基础结构” > “源” 。Click Site Recovery > Prepare Infrastructure > Source.

  2. 如果没有配置服务器,请单击“+配置服务器” 。If you don't have a configuration server, click +Configuration server.

  3. 在“添加服务器”中,检查“配置服务器”是否已显示在“服务器类型”中。 In Add Server, check that Configuration Server appears in Server type.

  4. 下载站点恢复统一安装程序安装文件。Download the Site Recovery Unified Setup installation file.

  5. 下载保管库注册密钥。Download the vault registration key. 运行统一安装程序时需要用到此密钥。You need this when you run Unified Setup. 生成的密钥有效期为 5 天。The key is valid for five days after you generate it.

    设置源

在保管库中注册配置服务器Register the configuration server in the vault

开始之前,请执行以下操作:Do the following before you start:

验证时间准确性Verify time accuracy

在配置服务器计算机上,确保将系统时钟与时间服务器进行同步。On the configuration server machine, make sure that the system clock is synchronized with a Time Server. 它应与之匹配。It should match. 如果它提前或落后 15 分钟,安装程序可能会失败。If it's 15 minutes in front or behind, setup might fail.

验证连接性Verify connectivity

确保计算机可以根据你的环境访问这些 URL:Make sure the machine can access these URLs based on your environment:

名称Name 中国云 URLChina Cloud URL 说明Description
Azure Active DirectoryAzure Active Directory login.partner.microsoftonline.cn 由 Azure Active Directory 用于访问控制和标识管理。Used for access control and identity management by using Azure Active Directory.
备份Backup *.backup.windowsazure.cn 用于复制数据传输和协调Used for replication data transfer and coordination
复制Replication *.hypervrecoverymanager.windowsazure.cn 用于复制管理操作和协调Used for replication management operations and coordination
存储Storage *.blob.core.chinacloudapi.cn 用于访问存储所复制数据的存储帐户Used for access to the storage account that stores replicated data
遥测(可选)Telemetry (optional) dc.services.visualstudio.com 用于遥测Used for telemetry
时间同步Time synchronization time.windows.com 用于检查所有部署中的系统时间与全球时间之间的时间同步。Used to check time synchronization between system and global time in all deployments.

基于 IP 地址的防火墙规则应允许通过 HTTPS (443) 端口与上面列出的所有 Azure URL 进行通信。IP address-based firewall rules should allow communication to all of the Azure URLs that are listed above over HTTPS (443) port. 为了简化和限制 IP 范围,建议进行 URL 筛选。To simplify and limit the IP Ranges, it is recommended that URL filtering be done.

运行安装程序Run setup

以本地管理员身份运行统一安装程序,安装配置服务器。Run Unified Setup as a Local Administrator, to install the configuration server. 进程服务器和主目标服务器也默认安装在配置服务器上。The process server and the master target server are also installed by default on the configuration server.

  1. 运行统一安装程序安装文件。Run the Unified Setup installation file.

  2. 在“开始之前”中,选择“安装配置服务器和进程服务器”。 In Before You Begin, select Install the configuration server and process server.

    开始之前

  3. 在“第三方软件许可证”中单击“我接受”,下载并安装 MySQL。 In Third Party Software License, click I Accept to download and install MySQL.

    第三方软件

  4. 在“注册”中,选择从保管库下载的注册密钥。 In Registration, select the registration key you downloaded from the vault.

    注册

  5. 在“Internet 设置”中,指定配置服务器上运行的提供程序如何通过 Internet 连接到 Azure Site Recovery。 In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. 确保已允许所需的 URL。Make sure you've allowed the required URLs.

    • 如果想要使用当前已在计算机上设置的代理进行连接,请选择“使用代理服务器连接到 Azure Site Recovery”。 If you want to connect with the proxy that's currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
    • 如果希望提供程序直接进行连接,请选择“在不使用代理服务器的情况下直接连接到 Azure Site Recovery” 。If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
    • 如果现有代理要求身份验证,或者你想要使用自定义代理进行提供程序连接,请选择“使用自定义代理设置进行连接”,并指定地址、端口和凭据。 If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings, and specify the address, port, and credentials. FirewallFirewall
  6. 在“先决条件检查”设置中运行检查,确保安装可以运行。 In Prerequisites Check, Setup runs a check to make sure that installation can run. 如果看到有关全局时间同步检查的警告,请检查系统时钟的时间(“日期和时间”设置)是否与时区相同。 If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.

    必备条件

  7. 在“MySQL 配置”中,创建用于登录到要安装的 MySQL 服务器实例的凭据。 In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

    MySQL

  8. 在“环境详细信息” 中,如果要复制 Azure Stack VM 或物理服务器,请选择“否”。In Environment Details, select No if you're replicating Azure Stack VMs or physical servers.

  9. 在“安装位置”中,选择要安装二进制文件和存储缓存的位置。 In Install Location, select where you want to install the binaries and store the cache. 所选驱动器必须至少有 5 GB 的可用磁盘空间,但我们建议选择至少有 600 GB 可用空间的缓存驱动器。The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.

    安装位置

  10. 在“网络选择”中,首先选择内置进程服务器用于发现的 NIC,将移动服务的安装推送到源计算机上,然后选择配置服务器用来与 Azure 连接的 NIC 。In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. 端口 9443 是用于发送和接收复制流量的默认端口,但可以根据环境的要求修改此端口号。Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. 除了端口 9443 以外,还要打开端口 443,Web 服务器将使用该端口协调复制操作。In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. 请不要使用端口 443 来发送或接收复制流量。Do not use port 443 for sending or receiving replication traffic.

    网络选择

  11. 在“摘要”中复查信息,并单击“安装”。 In Summary, review the information and click Install. 安装完成后,将生成通行短语。When installation finishes, a passphrase is generated. 启用复制时需要用到它,因此请复制并将它保存在安全的位置。You will need this when you enable replication, so copy it and keep it in a secure location.

    总结

注册完成后,服务器会显示在保管库的“设置” > “服务器” 边栏选项卡中。After registration finishes, the server is displayed on the Settings > Servers blade in the vault.

注册完成后,配置服务器会显示在保管库的“设置” > “服务器”页中。After registration finishes, the configuration server is displayed on the Settings > Servers page in the vault.

设置目标环境Set up the target environment

选择并验证目标资源。Select and verify target resources.

  1. 单击“准备基础结构” > “目标”,然后选择要使用的 Azure 订阅。Click Prepare infrastructure > Target, and select the Azure subscription you want to use.

  2. 指定目标部署模型。Specify the target deployment model.

  3. Site Recovery 会检查是否有一个或多个兼容的 Azure 存储帐户和网络。Site Recovery checks that you have one or more compatible Azure storage accounts and networks.

    目标

创建复制策略Create a replication policy

  1. 若要创建新的复制策略,请单击“Site Recovery 基础结构” > “复制策略” > “+复制策略”。To create a new replication policy, click Site Recovery infrastructure > Replication Policies > +Replication Policy.

  2. 在“创建复制策略” 中指定策略名称。In Create replication policy, specify a policy name.

  3. 在“RPO 阈值”中,指定恢复点目标 (RPO) 限制 。In RPO threshold, specify the recovery point objective (RPO) limit. 此值指定创建数据恢复点的频率。This value specifies how often data recovery points are created. 如果连续复制超出此限制,将生成警报。An alert is generated if continuous replication exceeds this limit.

  4. 在“恢复点保留期”中,指定每个恢复点的保留期时长(以小时为单位) 。In Recovery point retention, specify how long (in hours) the retention window is for each recovery point. 可以将复制的虚拟机恢复到窗口中的任何点。Replicated VMs can be recovered to any point in a window. 复制到高级存储的计算机最多支持 24 小时的保留期,复制到标准存储的计算机最多支持 72 小时的保留期。Up to 24 hours retention is supported for machines replicated to premium storage, and 72 hours for standard storage.

  5. 在“应用一致性快照频率”中,指定创建包含应用程序一致性快照的恢复点的频率(以分钟为单位)。 In App-consistent snapshot frequency, specify how often (in minutes) recovery points containing application-consistent snapshots will be created. 单击“确定”创建该策略。 Click OK to create the policy.

    复制策略

此策略自动与配置服务器关联。The policy is automatically associated with the configuration server. 默认情况下会自动创建一个匹配策略以用于故障回复。By default, a matching policy is automatically created for failback. 例如,如果复制策略是 rep-policy,则创建故障回复策略 rep-policy-failback 。For example, if the replication policy is rep-policy then a failback policy rep-policy-failback is created. 从 Azure 启动故障回复之前,不会使用此策略。This policy isn't used until you initiate a failback from Azure.

启用复制Enable replication

为每个服务器启用复制。Enable replication for each server.

  • 启用复制后,Site Recovery 会安装移动服务。Site Recovery will install the Mobility service when replication is enabled.
  • 为服务器启用复制后,可能要等 15 分钟或更长时间,更改才会生效并显示在门户中。When you enable replication for a server, it can take 15 minutes or longer for changes to take effect, and appear in the portal.
  1. 单击“复制应用程序” > “源”。Click Replicate application > Source.
  2. 在“源”中选择配置服务器。 In Source, select the configuration server.
  3. 在“计算机类型”中,选择“物理计算机” 。In Machine type, select Physical machines.
  4. 选择进程服务器(配置服务器)。Select the process server (the configuration server). 然后单击“确定” 。Then click OK.
  5. 在“目标”中,选择故障转移后要在其中创建 Azure VM 的订阅和资源组。 In Target, select the subscription and the resource group in which you want to create the Azure VMs after failover. 选择要在 Azure 中使用的部署模型(经典或资源管理)。Choose the deployment model that you want to use in Azure (classic or resource management).
  6. 选择要用于复制数据的 Azure 存储帐户。Select the Azure storage account you want to use for replicating data.
  7. 选择 Azure VM 在故障转移后创建时所要连接的 Azure 网络和子网。Select the Azure network and subnet to which Azure VMs will connect, when they're created after failover.
  8. 选择“立即为选定的计算机配置” ,将网络设置应用到选择保护的所有计算机。Select Configure now for selected machines, to apply the network setting to all machines you select for protection. 选择“稍后配置”以选择每个计算机的 Azure 网络。 Select Configure later to select the Azure network per machine.
  9. 在“物理计算机”中,单击“+物理计算机” 。In Physical Machines, and click +Physical machine. 指定名称和 IP 地址。Specify the name and IP address. 选择要复制的计算机的操作系统。Select the operating system of the machine you want to replicate. 发现和列出服务器需要几分钟的时间。It takes a few minutes for the servers to be discovered and listed.
  10. 在“属性” > “配置属性”中,选择进程服务器在计算机上自动安装移动服务时使用的帐户。In Properties > Configure properties, select the account that will be used by the process server to automatically install the Mobility service on the machine.
  11. 在“复制设置” > “配置复制设置”中,检查是否选择了正确的复制策略。In Replication settings > Configure replication settings, verify that the correct replication policy is selected.
  12. 单击“启用复制”。 Click Enable Replication. 可以在“设置” > “作业” > “Site Recovery 作业”中,跟踪“启用保护”作业的进度。You can track progress of the Enable Protection job in Settings > Jobs > Site Recovery Jobs. 在“完成保护”作业运行之后,计算机就可以进行故障转移了。 After the Finalize Protection job runs the machine is ready for failover.

若要监视添加的服务器,可在“配置服务器” > “上次联系位置”查看上次发现服务器的时间。To monitor servers you add, you can check the last discovered time for them in Configuration Servers > Last Contact At. 若要添加计算机而不想要等待计划的发现时间,请突出显示配置服务器(不要单击它),并单击“刷新” 。To add machines without waiting for a scheduled discovery time, highlight the configuration server (don't click it), and click Refresh.

后续步骤Next steps

运行灾难恢复演练Run a disaster recovery drill.