设置配置服务器,以便将物理服务器灾难恢复到 AzureSet up the configuration server for disaster recovery of physical servers to Azure

本文介绍如何设置本地环境,以便开始将运行 Windows 或 Linux 的物理服务器复制到 Azure。This article describes how to set up your on-premises environment to start replicating physical servers running Windows or Linux into Azure.


本文假设已具有:The article assumes that you already have:

  • Azure 门户中的恢复服务保管库。A Recovery Services vault in the Azure portal.
  • 安装配置服务器的物理计算机。A physical computer on which to install the configuration server.
  • 如果已在要安装配置服务器的计算机上禁用了 TLS 1.0,请确保该计算机上已启用 TLS 1.2 并已安装 .NET Framework 4.6 或更高版本(已启用强加密)。If you've disabled TLS 1.0 on the machine on which you're installing the configuration server, make sure that TLs 1.2 is enabled, and that the .NET Framework version 4.6 or later is installed on the machine (with strong cryptography enabled). 了解详细信息Learn more.

配置服务器的最低要求Configuration server minimum requirements

下表列出了配置服务器的最低硬件、软件和网络要求。The following table lists the minimum hardware, software, and network requirements for a configuration server.

配置和进程服务器要求Configuration and process server requirements

硬件要求Hardware requirements

组件Component 要求Requirement
CPU 核心数CPU cores 88
磁盘数目Number of disks 3,包括操作系统磁盘、进程服务器缓存磁盘和用于故障回复保留驱动器3, including the OS disk, process server cache disk, and retention drive for failback
可用磁盘空间(进程服务器缓存)Free disk space (process server cache) 600 GB600 GB
可用磁盘空间(保留磁盘)Free disk space (retention disk) 600 GB600 GB

软件要求Software requirements

组件Component 要求Requirement
操作系统Operating system Windows Server 2012 R2Windows Server 2012 R2
Windows Server 2016Windows Server 2016
操作系统区域设置Operating system locale 英语 (en-*)English (en-*)
Windows Server 角色Windows Server roles 请勿启用以下角色:Don't enable these roles:
- Active Directory 域服务- Active Directory Domain Services
- Internet Information Services- Internet Information Services
- Hyper-V- Hyper-V
组策略Group policies 请勿启用以下组策略:Don't enable these group policies:
- 阻止访问命令提示符。- Prevent access to the command prompt.
- 阻止访问注册表编辑工具。- Prevent access to registry editing tools.
- 信任文件附件的逻辑。- Trust logic for file attachments.
- 打开脚本执行。- Turn on Script Execution.
了解详细信息Learn more
IISIIS - 无预先存在的默认网站- No pre-existing default website
- 端口 443 上没有预先存在的网站/应用程序侦听- No pre-existing website/application listening on port 443
- 启用匿名身份验证- Enable anonymous authentication
- 启用 FastCGI 设置- Enable FastCGI setting
FIPS(联邦信息处理标准)FIPS (Federal Information Processing Standards) 不要启用 FIPS 模式Do not enable FIPS mode

网络要求Network requirements

组件Component 要求Requirement
IP 地址类型IP address type 静态Static
端口Ports 443(控制通道协调)443 (Control channel orchestration)
9443(数据传输)9443 (Data transport)
NIC 类型NIC type VMXNET3(如果配置服务器是 VMware VM)VMXNET3 (if the configuration server is a VMware VM)
Internet 访问(服务器需要访问以下 URL,不管是直接进行访问还是通过代理进行访问):Internet access (the server needs access to the following URLs, directly or via proxy):
*.backup.windowsazure.cn*.backup.windowsazure.cn 用于复制的数据传输和协调Used for replicated data transfer and coordination
*.blob.core.chinacloudapi.cn*.blob.core.chinacloudapi.cn 用于访问可存储已复制数据的存储帐户。Used to access storage account that stores replicated data. 可以提供缓存存储帐户的特定 URL。You can provide the specific URL of your cache storage account.
*.hypervrecoverymanager.windowsazure.cn*.hypervrecoverymanager.windowsazure.cn 用于复制管理操作和协调Used for replication management operations and coordination
https://login.chinacloudapi.cnhttps://login.chinacloudapi.cn 用于复制管理操作和协调Used for replication management operations and coordination
time.nist.govtime.nist.gov 用于检查系统时间与全球时间之间的时间同步Used to check time synchronization between system and global time
time.windows.comtime.windows.com 用于检查系统时间与全球时间之间的时间同步Used to check time synchronization between system and global time
  • https://management.chinacloudapi.cnhttps://management.chinacloudapi.cn
  • https://secure.aadcdn.microsoftonline-p.comhttps://secure.aadcdn.microsoftonline-p.com
  • https://login.live.comhttps://login.live.com
  • https://microsoftgraph.chinacloudapi.cnhttps://microsoftgraph.chinacloudapi.cn
  • https://login.chinacloudapi.cnhttps://login.chinacloudapi.cn
  • *.services.visualstudio.com(可选)*.services.visualstudio.com (Optional)
  • https://www.live.comhttps://www.live.com
  • https://www.microsoft.comhttps://www.microsoft.com
OVF 安装程序需要访问这些附加 URL。OVF setup needs access to these additional URLs. 它们由 Azure Active Directory 用于访问控制和标识管理。They're used for access control and identity management by Azure Active Directory.
https://dev.mysql.com/get/Downloads/MySQLInstaller/mysql-installer-community- 完成 MySQL 下载。To complete MySQL download.
在某些区域中,下载可能会被重定向到 CDN URL。In a few regions, the download might be redirected to the CDN URL. 如果需要,请确保 CDN URL 也列入允许列表。Ensure that the CDN URL is also whitelisted, if necessary.

所需软件Required software

组件Component 要求Requirement
VMware vSphere PowerCLIVMware vSphere PowerCLI 如果配置服务器在 VMware VM 上运行,则应安装 PowerCLI 版本 6.0PowerCLI version 6.0 should be installed if the Configuration Server is running on a VMware VM.
MYSQLMYSQL 应安装 MySQL。MySQL should be installed. 可以手动安装,或者让 Site Recovery 进行安装。You can install manually, or Site Recovery can install it. (有关详细信息,请参阅配置设置(Refer to configure settings for more information)

大小和容量要求Sizing and capacity requirements

下表汇总了配置服务器的容器要求。The following table summarizes capacity requirements for the configuration server. 若要复制多个 VMware VM,请查看容量规划注意事项,然后运行 Azure Site Recovery 部署规划器工具If you're replicating multiple VMware VMs, review the capacity planning considerations and run the Azure Site Recovery Deployment Planner tool.

CPUCPU 内存Memory 缓存磁盘Cache disk 数据更改率Data change rate 复制的计算机Replicated machines
8 个 vCPU8 vCPUs

2 个插槽 * 4 个核心 @ 2.5 GHz2 sockets * 4 cores @ 2.5 GHz
16 GB16 GB 300 GB300 GB 500 GB 或更少500 GB or less < 100 台计算机< 100 machines
12 个 vCPU12 vCPUs

2 个插槽 * 6 个核心 @ 2.5 GHz2 socks * 6 cores @ 2.5 GHz
18 GB18 GB 600 GB600 GB 500 GB-1 TB500 GB-1 TB 100 到 150 台计算机100 to 150 machines
16 个 vCPU16 vCPUs

2 个插槽 * 8 个核心 @ 2.5 GHz2 socks * 8 cores @ 2.5 GHz
32 GB32 GB 1 TB1 TB 1-2 TB1-2 TB 150 -200 台计算机150 -200 machines


配置服务器不支持基于 HTTPS 的代理服务器。HTTPS-based proxy servers are not supported by the configuration server.

选择保护目标Choose your protection goals

  1. 在 Azure 门户中,转到“恢复服务保管库” 边栏选项卡,然后选择保管库。In the Azure portal, go to the Recovery Services vaults blade and select your vault.

  2. 在保管库的“资源” 菜单中,单击“开始使用” > “Site Recovery” > “步骤 1: 准备基础结构” > “保护目标” 。In the Resource menu of the vault, click Getting Started > Site Recovery > Step 1: Prepare Infrastructure > Protection goal.


  3. 在“保护目标” 中,依次选择“到 Azure” 和“未虚拟化/其他” ,并单击“确定” 。In Protection goal, select To Azure and Not virtualized/Other, and then click OK.


设置源环境Set up the source environment

  1. 如果没有配置服务器,请在“准备源”中单击“+配置服务器”添加一个。 In Prepare source, if you don't have a configuration server, click +Configuration server to add one.


  2. 在“添加服务器”边栏选项卡中,检查“配置服务器”是否已出现在“服务器类型”中。 In the Add Server blade, check that Configuration Server appears in Server type.

  3. 下载站点恢复统一安装程序安装文件。Download the Site Recovery Unified Setup installation file.

  4. 下载保管库注册密钥。Download the vault registration key. 运行统一安装程序时,需要注册密钥。You need the registration key when you run Unified Setup. 生成的密钥有效期为 5 天。The key is valid for five days after you generate it.


  5. 在用作配置服务器的计算机上,运行 Azure Site Recovery 统一安装程序安装配置服务器、进程服务器和主目标服务器。On the machine you're using as the configuration server, run Azure Site Recovery Unified Setup to install the configuration server, the process server, and the master target server.

运行 Azure Site Recovery 统一安装程序Run Azure Site Recovery Unified Setup


如果计算机上的系统时钟时间与本地时间相差 5 分钟以上,则配置服务器注册会失败。Configuration server registration fails if the time on your computer's system clock is more than five minutes off of local time. 开始安装前,请将系统时钟与时间服务器同步。Synchronize your system clock with a time server before starting the installation.

  1. 运行统一安装程序安装文件。Run the Unified Setup installation file.

  2. 在“开始之前”中,选择“安装配置服务器和进程服务器”。In Before You Begin, select Install the configuration server and process server.


  3. 在“第三方软件许可证”中单击“我接受”,下载并安装 MySQL。In Third Party Software License, click I Accept to download and install MySQL.


  4. 在“注册”中,选择从保管库下载的注册密钥。In Registration, select the registration key you downloaded from the vault.


  5. 在“Internet 设置”中,指定配置服务器上运行的提供程序如何通过 Internet 连接到 Azure Site Recovery。In Internet Settings, specify how the Provider running on the configuration server connects to Azure Site Recovery over the Internet. 确保已允许所需的 URL。Make sure you've allowed the required URLs.

    • 如果想要使用当前已在计算机上设置的代理进行连接,请选择“使用代理服务器连接到 Azure Site Recovery”。If you want to connect with the proxy that's currently set up on the machine, select Connect to Azure Site Recovery using a proxy server.
    • 如果希望提供程序直接进行连接,请选择“在不使用代理服务器的情况下直接连接到 Azure Site Recovery” 。If you want the Provider to connect directly, select Connect directly to Azure Site Recovery without a proxy server.
    • 如果现有代理要求身份验证,或者你想要使用自定义代理进行提供程序连接,请选择“使用自定义代理设置进行连接”,并指定地址、端口和凭据。If the existing proxy requires authentication, or if you want to use a custom proxy for the Provider connection, select Connect with custom proxy settings, and specify the address, port, and credentials. 统一设置中“Internet 设置”屏幕的屏幕截图。
  6. 在“先决条件检查”设置中运行检查,确保安装可以运行。In Prerequisites Check, Setup runs a check to make sure that installation can run. 如果看到有关全局时间同步检查的警告,请检查系统时钟的时间(“日期和时间”设置)是否与时区相同。If a warning appears about the Global time sync check, verify that the time on the system clock (Date and Time settings) is the same as the time zone.


  7. 在“MySQL 配置”中,创建用于登录到要安装的 MySQL 服务器实例的凭据。In MySQL Configuration, create credentials for logging on to the MySQL server instance that is installed.

    统一设置中“MySQL 配置”屏幕的屏幕截图。

  8. 在“环境详细信息” 中,如果要复制 Azure Stack VM 或物理服务器,请选择“否”。In Environment Details, select No if you're replicating Azure Stack VMs or physical servers.

  9. 在“安装位置”中,选择要安装二进制文件和存储缓存的位置。In Install Location, select where you want to install the binaries and store the cache. 所选驱动器必须至少有 5 GB 的可用磁盘空间,但我们建议选择至少有 600 GB 可用空间的缓存驱动器。The drive you select must have at least 5 GB of disk space available, but we recommend a cache drive with at least 600 GB of free space.


  10. 在“网络选择”中,首先选择内置进程服务器用于发现的 NIC,将移动服务的安装推送到源计算机上,然后选择配置服务器用来与 Azure 连接的 NIC 。In Network Selection, first select the NIC that the in-built process server uses for discovery and push installation of mobility service on source machines, and then select the NIC that Configuration Server uses for connectivity with Azure. 端口 9443 是用于发送和接收复制流量的默认端口,但可以根据环境的要求修改此端口号。Port 9443 is the default port used for sending and receiving replication traffic, but you can modify this port number to suit your environment's requirements. 除了端口 9443 以外,还要打开端口 443,Web 服务器将使用该端口协调复制操作。In addition to the port 9443, we also open port 443, which is used by a web server to orchestrate replication operations. 请不要使用端口 443 来发送或接收复制流量。Do not use port 443 for sending or receiving replication traffic.


  11. 在“摘要”中复查信息,并单击“安装”。In Summary, review the information and click Install. 安装完成后,将生成通行短语。When installation finishes, a passphrase is generated. 启用复制时需要用到它,因此请复制并将它保存在安全的位置。You will need this when you enable replication, so copy it and keep it in a secure location.


注册完成后,服务器会显示在保管库的“设置” > “服务器” 边栏选项卡中。After registration finishes, the server is displayed on the Settings > Servers blade in the vault.


可通过命令行安装配置服务器。The configuration server can be installed via a command line. 了解详细信息Learn more.

常见问题Common issues

安装失败Installation failures

示例错误消息Sample error message 建议的操作Recommended action
错误...未能加载帐户。ERROR Failed to load Accounts. 错误: System.IO.IOException: 安装和注册 CS 服务器时无法从传输连接读取数据。Error: System.IO.IOException: Unable to read data from the transport connection when installing and registering the CS server. 确保在计算机上启用 TLS 1.0。Ensure that TLS 1.0 is enabled on the computer.

注册失败Registration failures

可以通过查看 %ProgramData%\ASRLogs 文件夹中的日志来调试注册失败。Registration failures can be debugged by reviewing the logs in the %ProgramData%\ASRLogs folder.

示例错误消息Sample error message 建议的操作Recommended action
09:20:06:InnerException.Type: SrsRestApiClientLib.AcsException,InnerException。09:20:06:InnerException.Type: SrsRestApiClientLib.AcsException,InnerException.
消息: ACS50008: SAML 令牌无效。Message: ACS50008: SAML token is invalid.
跟踪 ID: 1921ea5b-4723-4be7-8087-a75d3f9e1072Trace ID: 1921ea5b-4723-4be7-8087-a75d3f9e1072
相关 ID: 62fea7e6-2197-4be4-a2c0-71ceb7aa2d97>Correlation ID: 62fea7e6-2197-4be4-a2c0-71ceb7aa2d97>
时间戳: 2016-12-12 14:50:08Z
Timestamp: 2016-12-12 14:50:08Z
确保系统时钟上的时间与本地时间之间的偏差不超过 15 分钟。Ensure that the time on your system clock is not more than 15 minutes off the local time. 重新运行安装程序完成注册。Rerun the installer to complete the registration.
09:35:27: 尝试获取选定证书的所有灾难恢复保管库时发生 DRRegistrationException:: 引发了 Exception.Type:Microsoft.DisasterRecovery.Registration.DRRegistrationException,Exception.Message: ACS50008: SAML 令牌无效。09:35:27 :DRRegistrationException while trying to get all disaster recovery vault for the selected certificate: : Threw Exception.Type:Microsoft.DisasterRecovery.Registration.DRRegistrationException, Exception.Message: ACS50008: SAML token is invalid.
跟踪 ID: e5ad1af1-2d39-4970-8eef-096e325c9950Trace ID: e5ad1af1-2d39-4970-8eef-096e325c9950
相关 ID: abe9deb8-3e64-464d-8375-36db9816427aCorrelation ID: abe9deb8-3e64-464d-8375-36db9816427a
时间戳: 2016-05-19 01:35:39ZTimestamp: 2016-05-19 01:35:39Z
确保系统时钟上的时间与本地时间之间的偏差不超过 15 分钟。Ensure that the time on your system clock is not more than 15 minutes off the local time. 重新运行安装程序完成注册。Rerun the installer to complete the registration.
06:28:45: 未能创建证书06:28:45:Failed to create certificate
06:28:45: 安装无法继续。06:28:45:Setup cannot proceed. 无法创建用于在 Site Recovery 中进行身份验证的证书。A certificate required to authenticate to Site Recovery cannot be created. 重新运行安装程序Rerun Setup
确保以本地管理员的身份运行安装程序。Ensure you are running setup as a local administrator.

后续步骤Next steps

下一步涉及在 Azure 中设置目标环境Next step involves setting up your target environment in Azure.