为基于 IIS 的多层 Web 应用程序设置灾难恢复Set up disaster recovery for a multi-tier IIS-based web application

应用程序软件是组织中业务生产力的引擎。Application software is the engine of business productivity in an organization. 各种 Web 应用程序可在组织中发挥不同的作用。Various web applications can serve different purposes in an organization. 某些应用程序,例如工资单处理应用程序、财务应用程序和面向客户的网站,对于组织而言可能至关重要。Some applications, like applications used for payroll processing, financial applications, and customer-facing websites, might be critical to an organization. 组织必须不间断地运转这些应用程序以防止工作中断。To prevent loss of productivity, it's important for the organization to have these applications continuously up and running. 更重要的是,使这些应用程序保持连续运行有助于防止组织的品牌形象受到损害。More importantly, having these applications consistently available can help prevent damage to the brand or image of the organization.

关键的 Web 应用程序通常设置为多层应用程序,其 Web、数据库和应用程序分别位于不同的层。Critical web applications are typically set up as multi-tier applications: the web, database, and application are on different tiers. 除了分散在不同的层以外,应用程序还可以在每个层中使用多个服务器来对流量进行负载均衡。In addition to being spread across various tiers, the applications might also use multiple servers in each tier to load balance the traffic. 此外,各个层之间以及 Web 服务器上的映射可以基于静态 IP 地址。Moreover, the mappings between various tiers and on the web server might be based on static IP addresses. 故障转移时,其中的某些映射需要更新,尤其是在 Web 服务器上配置了多个网站时。On failover, some of these mappings need to be updated, especially if multiple websites are configured on the web server. 如果 Web 应用程序使用 SSL,则必须更新证书绑定。If web applications use SSL, you must update certificate bindings.

不是以复制为基础的传统恢复方法涉及到备份各种配置文件、注册表设置、绑定、自定义组件(COM 或 .NET)、内容和证书。Traditional recovery methods that aren't based on replication involve backing up various configuration files, registry settings, bindings, custom components (COM or .NET), content, and certificates. 此外,需要通过一系列手动步骤恢复文件。Files are recovered through a set of manual steps. 传统的文件备份和手动恢复方法非常繁琐、容易出错且没有弹性。The traditional recovery methods of backing up and manually recovering files are cumbersome, error-prone, and not scalable. 例如,我们经常忘记备份证书。For example, you might easily forget to back up certificates. 故障转移后,我们别无他法,只能为服务器购买新证书。After failover, you're left with no choice but to buy new certificates for the server.

良好的灾难恢复解决方案支持对复杂应用程序体系结构的恢复计划建模。A good disaster recovery solution supports modeling recovery plans for complex application architectures. 此外,我们还能在恢复计划中添加自定义步骤,用于处理各个层级之间的应用程序映射。You should also be able to add customized steps to the recovery plan to handle application mappings between tiers. 如果发生灾难,只需按一下鼠标,应用程序映射就能彻底解决问题,帮助降低 RTO。If there is a disaster, application mappings provide a single-click, sure-shot solution that helps lead to a lower RTO.

本文介绍如何使用 Azure Site Recovery 保护基于 Internet Information Services (IIS) 的 Web 应用程序。This article describes how to protect a web application that's based on Internet Information Services (IIS) by using Azure Site Recovery. 内容包括如何将基于 IIS 的三层 Web 应用程序复制到 Azure、如何执行灾难恢复演练,以及如何将应用程序故障转移到 Azure 的最佳做法。The article covers best practices for replicating a three-tier, IIS-based web application to Azure, how to do a disaster recovery drill, and how to fail over the application to Azure.

先决条件Prerequisites

开始之前,请确保自己知道如何执行以下任务:Before you begin, ensure that you know how to do the following tasks:

部署模式Deployment patterns

基于 IIS 的 Web 应用程序通常遵循以下部署模式之一:An IIS-based web application typically follows one of the following deployment patterns:

部署模式 1Deployment pattern 1

包含应用程序请求路由 (ARR)、IIS 服务器和 SQL Server 的基于 IIS 的 Web 场。An IIS-based web farm with Application Request Routing (ARR), an IIS server, and SQL Server.

包含三个层的基于 IIS 的 Web 场示意图

部署模式 2Deployment pattern 2

包含 ARR、IIS 服务器、应用程序服务器和 SQL Server 的基于 IIS 的 Web 场。An IIS-based web farm with ARR, an IIS server, an application server, and SQL Server.

包含四个层的基于 IIS 的 Web 场示意图

Site Recovery 支持Site Recovery support

本文中的示例在 Windows Server 2012 R2 Enterprise 上使用装有 IIS 7.5 的 VMware 虚拟机。For the examples in this article, we use VMware virtual machines with IIS 7.5 on Windows Server 2012 R2 Enterprise. 由于 Site Recovery 复制不区分应用程序,因此本文中的建议应该也适用于下表中所列的方案以及不同版本的 IIS。Because Site Recovery replication isn't application-specific, the recommendations in this article are expected to apply in the scenarios listed in the following table, and for different versions of IIS.

源和目标Source and target

方案Scenario 到辅助站点To a secondary site 到 AzureTo Azure
Hyper-VHyper-V Yes Yes
VMwareVMware Yes Yes
物理服务器Physical server No Yes
AzureAzure 不可用NA Yes

复制虚拟机Replicate virtual machines

若要开始将所有 IIS Web 场虚拟机复制到 Azure,请遵照在 Site Recovery 中执行到 Azure 的测试故障转移中的指导。To start replicating all the IIS web farm virtual machines to Azure, follow the guidance in Test failover to Azure in Site Recovery.

如果使用的是静态 IP,可以指定希望虚拟机采用的 IP 地址。If you are using a static IP address, you can specify the IP address that you want the virtual machine to take. 若要设置 IP 地址,请转到“计算和网络设置” > “目标 IP”。To set the IP address, go to Compute and Network settings > TARGET IP.

演示如何在 Site Recovery 的“计算和网络”窗格中设置目标 IP 的屏幕截图

创建恢复计划Create a recovery plan

恢复计划支持在故障转移期间将多层应用程序中的各个层排序。A recovery plan supports the sequencing of various tiers in a multi-tier application during a failover. 排序有助于保持应用程序一致性。Sequencing helps maintain application consistency. 为多层 Web 应用程序创建恢复计划时,请完成使用 Site Recovery 创建恢复计划中所述的步骤。When you create a recovery plan for a multi-tier web application, complete the steps described in Create a recovery plan by using Site Recovery.

将虚拟机添加到故障转移组Add virtual machines to failover groups

典型的多层 IIS Web 应用程序由以下组件构成:A typical multi-tier IIS web application consists of the following components:

  • 包含 SQL 虚拟机的数据库层。A database tier that has SQL virtual machines.
  • 由 IIS 服务器和应用程序层构成的 Web 层。The web tier, which consists of an IIS server and an application tier.

根据层将虚拟机添加到不同的组中:Add virtual machines to different groups based on the tier:

  1. 创建恢复计划。Create a recovery plan. 在组 1 下面添加数据库层虚拟机。Add the database tier virtual machines under Group 1. 这可以确保最后关闭、最先启动数据库层虚拟机。This ensures that database tier virtual machines are shut down last and brought up first.
  2. 在组 2 下面添加应用程序层虚拟机。Add the application tier virtual machines under Group 2. 这可以确保在启动数据库层后启动应用程序层虚拟机。This ensures that application tier virtual machines are brought up after the database tier has been brought up.
  3. 在组 3 下面添加 Web 层虚拟机。Add the web tier virtual machines in Group 3. 这可以确保在启动应用程序层后启动 Web 层虚拟机。This ensures that web tier virtual machines are brought up after the application tier has been brought up.
  4. 在组 4 下面添加负载均衡虚拟机。Add load balance virtual machines in Group 4. 这可以确保在启动 Web 层后启动负载均衡虚拟机。This ensures that load balance virtual machines are brought up after the web tier has been brought up.

将脚本添加到恢复计划Add a script to the recovery plan

在故障转移后或测试故障转移期间,可能需要在 Azure 虚拟机上执行一些操作才能让 IIS Web 场正常工作。For the IIS web farm to function correctly, you might need to do some operations on the Azure virtual machines post-failover or during a test failover. 可将某些故障转移后的操作自动化。You can automate some post-failover operations. 例如,可在恢复计划中添加相应的脚本,来更新 DNS 条目、更改站点绑定或更改连接字符串。For example, you can update the DNS entry, change a site binding, or change a connection string by adding corresponding scripts to the recovery plan.

DNS 更新DNS update

如果为 DNS 配置了动态 DNS 更新,则虚拟机在启动时,通常会使用新的 IP 地址更新 DNS。If DNS is configured for dynamic DNS update, virtual machines usually update the DNS with the new IP address when they start. 如果想要添加一个明确的步骤来使用虚拟机的新 IP 地址更新 DNS,请添加这个用于更新 DNS 中的 IP 的脚本,作为恢复计划组中的故障转移后操作。If you want to add an explicit step to update DNS with the new IP addresses of the virtual machines, add a script to update IP in DNS as a post-failover action on recovery plan groups.

应用程序 web.config 中的连接字符串Connection string in an application's web.config

连接字符串指定与网站通信的数据库。The connection string specifies the database that the website communicates with. 如果连接字符串包含数据库虚拟机的名称,则故障转移后无需进行其他步骤。If the connection string carries the name of the database virtual machine, no further steps are needed post-failover. 应用程序可自动与数据库通信。The application can automatically communicate with the database. 此外,如果数据库虚拟机的 IP 地址得到保留,则不需要更新连接字符串。Also, if the IP address for the database virtual machine is retained, it doesn't be need to update the connection string.

如果连接字符串指向使用某个 IP 地址的数据库虚拟机,则故障转移后需要更新该字符串。If the connection string refers to the database virtual machine by using an IP address, it needs to be updated post-failover. 例如,以下连接字符串指向 IP 地址为 127.0.1.2 的数据库:For example, the following connection string points to the database with the IP address 127.0.1.2:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <connectionStrings>
    <add name="ConnStringDb1" connectionString="Data Source= 127.0.1.2\SqlExpress; Initial Catalog=TestDB1;Integrated Security=False;" />
    </connectionStrings>
    </configuration>

若要更新 Web 层中的连接字符串,可以通过恢复计划中的“组 3”后面添加 IIS 连接更新脚本To update the connection string in the web tier, add an IIS connection update script after Group 3 in the recovery plan.

应用程序的站点绑定Site bindings for the application

每个站点包含绑定信息。Every site consists of binding information. 绑定信息包括绑定类型、IIS 服务器侦听站点请求所用的 IP 地址、端口号和站点的主机名。The binding information includes the type of binding, the IP address at which the IIS server listens to the requests for the site, the port number, and the host names for the site. 在故障转移期间,如果与这些绑定关联的 IP 地址发生更改,则可能需要更新这些绑定。During the failover, you might need to update these bindings if there's a change in the IP address that's associated with them.

Note

如果将站点绑定设置为“全部取消分配”,则故障转移后不需要更新此绑定。If you set the site binding to All unassigned, you don't need to update this binding post-failover. 此外,如果与站点关联的 IP 地址在故障转移后未发生未更改,则不需要更新站点绑定。Also, if the IP address associated with a site isn't changed post-failover, you don't need to update the site binding. (能否保留 IP 地址取决于网络体系结构以及分配给主站点和恢复站点的子网。(The retention of the IP address depends on the network architecture and subnets assigned to the primary and recovery sites. 因此,在组织中不一定能够使用绑定。)Updating them might not be feasible for your organization.)

演示如何设置 SSL 绑定的屏幕截图

如果将 IP 地址关联到了某个站点,请使用新 IP 地址更新所有站点绑定。If you associated the IP address with a site, update all site bindings with the new IP address. 若要更改站点绑定,请在恢复计划中的“组 3”后面添加 IIS Web 层更新脚本To change the site bindings, add an IIS web tier update script after Group 3 in the recovery plan.

更新负载均衡器 IP 地址Update the load balancer IP address

如果使用 ARR 虚拟机,请在“组 4”后面添加 IIS ARR 故障转移脚本来更新 IP 地址。If you have an ARR virtual machine, to update the IP address, add an IIS ARR failover script after Group 4.

用于 HTTPS 连接的 SSL 证书绑定SSL certificate binding for an HTTPS connection

网站可与 SSL 证书关联,帮助确保在 Web 服务器与用户浏览器之间实现安全通信。A website might have an associated SSL certificate that helps ensure a secure communication between the web server and the user's browser. 如果网站有一个 HTTPS 连接,并且将一个 HTTPS 站点绑定关联到了具有 SSL 证书绑定的 IIS 服务器的 IP 地址,则故障转移后,必须使用 IIS 虚拟机的 IP 地址来为证书添加新的站点绑定。If the website has an HTTPS connection, and also has an associated HTTPS site binding to the IP address of the IIS server with an SSL certificate binding, you must add a new site binding for the certificate with the IP address of the IIS virtual machine post-failover.

可针对以下组件颁发 SSL 证书:The SSL certificate can be issued against these components:

  • 网站的完全限定域名。The fully qualified domain name of the website.
  • 服务器的名称。The name of the server.
  • 域名的通配符证书。A wildcard certificate for the domain name.
  • IP 地址。An IP address. 如果 SSL 证书是针对 IIS 服务器的 IP 地址颁发的,则需要针对 Azure 站点上 IIS 服务器的 IP 地址颁发另一个 SSL 证书。If the SSL certificate is issued against the IP address of the IIS server, another SSL certificate needs to be issued against the IP address of the IIS server on the Azure site. 需要为此证书创建另一个 SSL 绑定。An additional SSL binding for this certificate needs to be created. 因此,我们建议不要使用针对 IP 地址颁发的 SSL 证书。Because of this, we recommend not using an SSL certificate issued against the IP address. 此选项不太常用,根据新证书颁发机构/浏览器论坛中所述的更改,此选项即将停用。This option is less widely used and will soon be deprecated in accordance with new certificate authority/browser forum changes.

更新 Web 层与应用层之间的依赖关系Update the dependency between the web tier and the application tier

如果存在基于虚拟机 IP 地址的应用程序特定依赖关系,则故障转移后必须更新此依赖关系。If you have an application-specific dependency that's based on the IP address of the virtual machines, you must update this dependency post-failover.

运行测试故障转移Run a test failover

  1. 在 Azure 门户中,选择恢复服务保管库。In the Azure portal, select your Recovery Services vault.
  2. 选择针对 IIS Web 场创建的恢复计划。Select the recovery plan that you created for the IIS web farm.
  3. 选择“测试故障转移”。Select Test Failover.
  4. 若要启动测试故障转移过程,请选择恢复点和 Azure 虚拟网络。To start the test failover process, select the recovery point and the Azure virtual network.
  5. 当辅助环境启动时,可以执行验证。When the secondary environment is up, you can perform validations.
  6. 完成验证后,选择“验证完成”可清理测试故障转移环境。When validations are complete, to clean the test failover environment, select Validations complete.

有关详细信息,请参阅在 Site Recovery 中执行到 Azure 的测试故障转移For more information, see Test failover to Azure in Site Recovery.

运行故障转移Run a failover

  1. 在 Azure 门户中,选择恢复服务保管库。In the Azure portal, select your Recovery Services vault.
  2. 选择针对 IIS Web 场创建的恢复计划。Select the recovery plan that you created for the IIS web farm.
  3. 选择“故障转移”。Select Failover.
  4. 若要启动故障转移过程,请选择恢复点。To start the failover process, select the recovery point.

有关详细信息,请参阅 Site Recovery 中的故障转移For more information, see Failover in Site Recovery.

后续步骤Next steps