为 VMware VM 灾难恢复管理配置服务器Manage the configuration server for VMware VM disaster recovery

使用 Azure Site Recovery 进行 VMware VM 和物理服务器到 Azure 的灾难恢复时,需要设置本地配置服务器。You set up an on-premises configuration server when you use Azure Site Recovery for disaster recovery of VMware VMs and physical servers to Azure. 配置服务器协调本地 VMware 与 Azure 之间的通信并管理数据复制。The configuration server coordinates communications between on-premises VMware and Azure and manages data replication. 本文概述了在部署配置服务器后对其进行管理时要执行的常见任务。This article summarizes common tasks for managing the configuration server after it's deployed.

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

访问配置服务器Access configuration server

可以访问配置服务器,如下所示:You can access the configuration server as follows:

  • 登录到部署了配置服务器的 VM,然后从桌面快捷方式启动 Azure Site Recovery 配置管理器。 Sign in to the VM on which it's deployed, and Start Azure Site Recovery Configuration Manager from the desktop shortcut.
  • 或者,可以从 https://ConfigurationServerName/:44315/ 远程访问配置服务器。Alternatively, you can access the configuration server remotely from https://ConfigurationServerName/:44315/ . 使用管理员凭据登录。Sign in with administrator credentials.

修改 VMware 服务器设置Modify VMware server settings

  1. 若要将不同的 VMware 服务器与配置服务器相关联,请在登录后选择“添加 vCenter Server/vSphere ESXi 服务器”。 To associate a different VMware server with the configuration server, after sign-in, select Add vCenter Server/vSphere ESXi server.
  2. 输入详细信息,然后选择“确定” 。Enter the details, and then select OK.

修改用于自动发现的凭据Modify credentials for automatic discovery

  1. 若要更新用于连接到 VMware 服务器以便自动发现 VMware VM 的凭据,请在登录后选择帐户并单击“编辑”。 To update the credentials used to connect to the VMware server for automatic discovery of VMware VMs, after sign-in, choose the account and click Edit.

  2. 输入新凭据,然后选择“确定” 。Enter the new credentials, and then select OK.

    修改 VMware

此外,还可以通过 CSPSConfigtool.exe 修改凭据。You can also modify the credentials through CSPSConfigtool.exe.

  1. 登录配置服务器,并启动 CSPSConfigtool.exeLogin to the configuration server and launch CSPSConfigtool.exe
  2. 选择要修改的帐户,单击“编辑”。 Choose the account you wish to modify and click Edit.
  3. 输入修改后的凭据,单击“确定” Enter the modified credentials and click Ok

修改用于移动服务安装的凭据Modify credentials for Mobility Service installation

修改在为复制启用的 VMware VM 上自动安装移动服务时使用的凭据。Modify the credentials used to automatically install Mobility Service on the VMware VMs you enable for replication.

  1. 登录后,选择“管理虚拟机凭据” After sign-in, select Manage virtual machine credentials

  2. 选择要修改的帐户,单击“编辑” Choose the account you wish to modify and click Edit

  3. 输入新凭据,然后选择“确定” 。Enter the new credentials, and then select OK.

    修改移动服务凭据

还可以通过 CSPSConfigtool.exe 修改凭据。You can also modify credentials through CSPSConfigtool.exe.

  1. 登录配置服务器,并启动 CSPSConfigtool.exeLogin to the configuration server and launch CSPSConfigtool.exe
  2. 选择要修改的帐户,单击“编辑” Choose the account you wish to modify and click Edit
  3. 输入新凭据,单击“确定”。 Enter the new credentials and click Ok.

添加用于移动服务安装的凭据Add credentials for Mobility service installation

如果在配置服务器的 OVF 部署过程中错过了添加凭据,则If you missed adding credentials during OVF deployment of configuration server,

  1. 登录后,选择“管理虚拟机凭据”。 After sign-in, select Manage virtual machine credentials.
  2. 单击“添加虚拟机凭据”。 Click on Add virtual machine credentials. 添加虚拟机凭据add-mobility-credentials
  3. 输入新凭据,单击“添加”。 Enter the new credentials and click on Add.

还可以通过 CSPSConfigtool.exe 添加凭据。You can also add credentials through CSPSConfigtool.exe.

  1. 登录配置服务器,并启动 CSPSConfigtool.exeLogin to the configuration server and launch CSPSConfigtool.exe
  2. 单击“添加”,输入新凭据,单击“确定”。 Click Add, enter the new credentials and click Ok.

修改代理设置Modify proxy settings

修改配置服务器使用的代理设置,以实现对 Azure 的 Internet 访问。Modify the proxy settings used by the configuration server machine for internet access to Azure. 如果除了在配置服务器计算机上运行的默认进程服务器外,还存在其他进程服务器计算机,则同时修改这两台计算机上的设置。If you have a process server machine in addition to the default process server running on the configuration server machine, modify the settings on both machines.

  1. 登录到配置服务器后,选择“管理连接”。 After sign-in to the configuration server, select Manage connectivity.
  2. 更新代理值。Update the proxy values. 然后,选择“保存” 以更新设置。Then select Save to update the settings.

添加网络适配器Add a network adapter

开放虚拟化格式 (OVF) 模板部署具有单个网络适配器的配置服务器 VM。The Open Virtualization Format (OVF) template deploys the configuration server VM with a single network adapter.

  • 将其他适配器添加到 VM,但必须在将配置服务器注册到保管库之前添加它。You can add an additional adapter to the VM, but you must add it before you register the configuration server in the vault.
  • 在保管库中注册配置服务器之后,若要添加适配器,请在 VM 属性中添加适配器。To add an adapter after you register the configuration server in the vault, add the adapter in the VM properties. 然后,需要在保管库中重新注册服务器。Then you need to re-register the server in the vault.

在同一保管库中重新注册配置服务器Reregister a configuration server in the same vault

可根据需要在同一保管库中重新注册配置服务器。You can reregister the configuration server in the same vault if you need to. 如果除了在配置服务器计算机上运行的默认进程服务器外,还存在其他进程服务器计算机,请注册这两台计算机。If you have an additional process server machine, in addition to the default process server running on the configuration server machine, reregister both machines.

  1. 在保管库中,打开“管理” > “Site Recovery 基础结构” > “配置服务器” 。In the vault, open Manage > Site Recovery Infrastructure > Configuration Servers.

  2. 在“服务器”中,选择“下载注册密钥”以下载保管库凭据文件。 In Servers, select Download registration key to download the vault credentials file.

  3. 登录到配置服务器计算机。Sign in to the configuration server machine.

  4. 在 %ProgramData%\ASR\home\svsystems\bin 中,打开 cspsconfigtool.exe 。In %ProgramData%\ASR\home\svsystems\bin, open cspsconfigtool.exe.

  5. 在“保管库注册”选项卡上,单击“浏览”并找到你下载的保管库凭据文件。 On the Vault Registration tab, select Browse, and locate the vault credentials file that you downloaded.

  6. 按需提供代理服务器详细信息。If needed, provide proxy server details. 然后选择“注册” 。Then select Register.

  7. 打开管理员 PowerShell 命令窗口并运行以下命令:Open an admin PowerShell command window, and run the following command:

    $pwd = ConvertTo-SecureString -String MyProxyUserPassword
    Set-OBMachineSetting -ProxyServer http://myproxyserver.domain.com -ProxyPort PortNumber - ProxyUserName domain\username -ProxyPassword $pwd
    

    Note

    若要从配置服务器拉取最新的证书来横向扩展进程服务器,请执行命令 "<Installation Drive\Azure Site Recovery\agent\cdpcli.exe>" --registermtIn order to pull latest certificates from configuration server to scale-out process server execute the command "<Installation Drive\Azure Site Recovery\agent\cdpcli.exe>" --registermt

  8. 最后,通过执行以下命令重启 obengine。Finally, restart the obengine by executing the following command.

    net stop obengine
    net start obengine
    

将配置服务器注册到不同的保管库Register a configuration server with a different vault

Warning

以下步骤将配置服务器从当前保管库取消关联,并停止配置服务器下所有受保护虚拟机的复制。The following step disassociates the configuration server from the current vault, and the replication of all protected virtual machines under the configuration server is stopped.

  1. 登录到配置服务器。Log in to the configuration server.

  2. 打开管理员 PowerShell 命令窗口并运行以下命令:Open an admin PowerShell command window, and run the following command:

    reg delete "HKLM\Software\Microsoft\Azure Site Recovery\Registration"
    net stop dra
    
  3. 使用桌面上的快捷方式启动配置服务器设备浏览器门户。Launch the configuration server appliance browser portal using the shortcut on your desktop.

  4. 执行类似于新配置服务器注册的注册步骤。Perform the registration steps similar to a new configuration server registration.

升级配置服务器Upgrade the configuration server

运行更新汇总来更新配置服务器。You run update rollups to update the configuration server. 最多可以为 N-4 版本应用更新。Updates can be applied for up to N-4 versions. 例如:For example:

  • 如果运行的是 9.7、9.8、9.9 或 9.10 版,可以直接升级到 9.11 版。If you run 9.7, 9.8, 9.9, or 9.10, you can upgrade directly to 9.11.
  • 如果运行的是 9.6 版或更早版本并且想要升级到 9.11 版,则必须先升级到 9.7 版,If you run 9.6 or earlier and you want to upgrade to 9.11, you must first upgrade to version 9.7. 然后再升级到 9.11 版。before 9.11.

有关 Azure Site Recovery 组件支持声明的详细指南,请参阅此处For detailed guidance on Azure Site Recovery components support statement refer here. 此处提供了用于升级到配置服务器的所有版本的更新汇总的链接。Links to update rollups for upgrading to all versions of the configuration server are available here.

Important

对于每一新版“N”的已发布 Azure Site Recovery 组件,“N-4”以下的所有版本都被视为不受支持。With every new version 'N' of an Azure Site Recovery component that is released, all versions below 'N-4' is considered out of support. 始终建议升级到可用的最新版本。It is always advisable to upgrade to the latest versions available.
有关 Azure Site Recovery 组件支持声明的详细指南,请参阅此处For detailed guidance on Azure Site Recovery components support statement refer here.

按如下所示升级服务器:Upgrade the server as follows:

  1. 在保管库中,转到“管理” > “Site Recovery 基础结构” > “配置服务器” 。In the vault, go to Manage > Site Recovery Infrastructure > Configuration Servers.

  2. 如果有可用的更新,链接将显示在“代理版本” > 列中。If an update is available, a link appears in the Agent Version > column. 更新Update

  3. 将更新安装程序文件下载到配置服务器上。Download the update installer file to the configuration server.

    更新

  4. 双击以运行安装程序。Double-click to run the installer.

  5. 安装程序检测计算机上运行的当前版本。The installer detects the current version running on the machine. 单击“是” 开始升级。Click Yes to start the upgrade.

  6. 升级完成时,验证服务器配置。When the upgrade completes the server configuration validates.

    更新

  7. 单击“完成” 关闭安装程序。Click Finish to close the installer.

  8. 若要升级其余的 Site Recovery 组件,请参阅我们的升级指南To upgrade rest of the Site Recovery components, refer to our upgrade guidance.

从命令行升级配置服务器/进程服务器Upgrade configuration server/process server from the command line

如下所示运行安装文件:Run the installation file as follows:

UnifiedSetup.exe [/ServerMode <CS/PS>] [/InstallDrive <DriveLetter>] [/MySQLCredsFilePath <MySQL credentials file path>] [/VaultCredsFilePath <Vault credentials file path>] [/EnvType <VMWare/NonVMWare>] [/PSIP <IP address to be used for data transfer] [/CSIP <IP address of CS to be registered with>] [/PassphraseFilePath <Passphrase file path>]

示例用法Sample usage

MicrosoftAzureSiteRecoveryUnifiedSetup.exe /q /x:C:\Temp\Extracted
cd C:\Temp\Extracted
UNIFIEDSETUP.EXE /AcceptThirdpartyEULA /servermode "CS" /InstallLocation "D:\" /MySQLCredsFilePath "C:\Temp\MySQLCredentialsfile.txt" /VaultCredsFilePath "C:\Temp\MyVault.vaultcredentials" /EnvType "VMWare"

parametersParameters

参数名称Parameter Name 类型Type 说明Description Values
/ServerMode/ServerMode 必须Required 指定是要同时安装配置服务器和进程服务器,还是只安装进程服务器Specifies whether both the configuration and process servers should be installed, or the process server only CSCS
PSPS
/InstallLocation/InstallLocation 必须Required 用于安装组件的文件夹The folder in which the components are installed 计算机上的任意文件夹Any folder on the computer
/MySQLCredsFilePath/MySQLCredsFilePath 必须Required 存储 MySQL 服务器凭据的文件路径The file path in which the MySQL server credentials are stored 该文件应采用以下指定格式The file should be the format specified below
/VaultCredsFilePath/VaultCredsFilePath 必须Required 保管库凭据文件的路径The path of the vault credentials file 有效的文件路径Valid file path
/EnvType/EnvType 必须Required 要保护的环境类型Type of environment that you want to protect VMwareVMware
NonVMwareNonVMware
/PSIP/PSIP 必须Required 要用于复制数据传输的 NIC 的 IP 地址IP address of the NIC to be used for replication data transfer 任何有效的 IP 地址Any valid IP Address
/CSIP/CSIP 必须Required 配置服务器正在侦听的 NIC 的 IP 地址The IP address of the NIC on which the configuration server is listening on 任何有效的 IP 地址Any valid IP Address
/PassphraseFilePath/PassphraseFilePath 必须Required 密码文件位置的完整路径The full path to location of the passphrase file 有效的文件路径Valid file path
/BypassProxy/BypassProxy 可选Optional 指定配置服务器在不使用代理的情况下连接到 AzureSpecifies that the configuration server connects to Azure without a proxy 从 Venu 获取此值To do get this value from Venu
/ProxySettingsFilePath/ProxySettingsFilePath 可选Optional 代理设置(默认代理需要身份验证,或自定义代理)Proxy settings (The default proxy requires authentication, or a custom proxy) 该文件应采用以下指定格式The file should be in the format specified below
DataTransferSecurePortDataTransferSecurePort 可选Optional 用于复制数据的 PSIP 上的端口号Port number on the PSIP to be used for replication data 有效端口号(默认值为 9433)Valid Port Number (default value is 9433)
/SkipSpaceCheck/SkipSpaceCheck 可选Optional 跳过缓存磁盘的空间检查Skip space check for cache disk
/AcceptThirdpartyEULA/AcceptThirdpartyEULA 必须Required 该标志表示接受第三方 EULAFlag implies acceptance of third-party EULA
/ShowThirdpartyEULA/ShowThirdpartyEULA 可选Optional 显示第三方 EULA。Displays third-party EULA. 如果作为输入提供,将忽略所有其他参数If provided as input all other parameters are ignored

创建 MYSQLCredsFilePath 的文件输入Create file input for MYSQLCredsFilePath

MySQLCredsFilePath 参数使用某个文件作为输入。The MySQLCredsFilePath parameter takes a file as input. 创建使用以下格式的文件并将其作为输入 MySQLCredsFilePath 参数进行传递。Create the file using the following format and pass it as input MySQLCredsFilePath parameter.

[MySQLCredentials]
MySQLRootPassword = "Password>"
MySQLUserPassword = "Password"

创建 ProxySettingsFilePath 的文件输入Create file input for ProxySettingsFilePath

ProxySettingsFilePath 参数使用某个文件作为输入。ProxySettingsFilePath parameter takes a file as input. 创建使用以下格式的文件并将其作为输入 ProxySettingsFilePath 参数进行传递。Create the file using the following format and pass it as input ProxySettingsFilePath parameter.

[ProxySettings]
ProxyAuthentication = "Yes/No"
Proxy IP = "IP Address"
ProxyPort = "Port"
ProxyUserName="UserName"
ProxyPassword="Password"

删除或取消注册配置服务器Delete or unregister a configuration server

  1. 对配置服务器下的所有 VM 禁用保护Disable protection for all VMs under the configuration server.

  2. 从配置服务器中取消关联删除所有复制策略。Disassociate and delete all replication policies from the configuration server.

  3. 删除与配置服务器关联的所有 vCenters 服务器/vSphere 主机。Delete all vCenter servers/vSphere hosts that are associated with the configuration server.

  4. 在保管库中,打开“Site Recovery 基础结构” > “配置服务器”。 In the vault, open Site Recovery Infrastructure > Configuration Servers.

  5. 选择要删除的配置服务器。Select the configuration server that you want to remove. 然后,在“详细信息” 页上,选择“删除” 。Then, on the Details page, select Delete.

    删除配置服务器

使用 PowerShell 进行删除Delete with PowerShell

还可以选择使用 PowerShell 删除配置服务器。You can optionally delete the configuration server by using PowerShell.

  1. 安装 Azure PowerShell 模块。Install the Azure PowerShell module.

  2. 使用以下命令登录到 Azure 帐户:Sign in to your Azure account by using this command:

    Connect-AzAccount -Environment AzureChinaCloud

  3. 选择保管库订阅。Select the vault subscription.

    Get-AzSubscription -SubscriptionName <your subscription name> | Select-AzSubscription

  4. 设置保管库上下文。Set the vault context.

    $vault = Get-AzRecoveryServicesVault -Name <name of your vault>
    Set-AzSiteRecoveryVaultSettings -ARSVault $vault
    
  5. 检索配置服务器。Retrieve the configuration server.

    $fabric = Get-AzSiteRecoveryFabric -FriendlyName <name of your configuration server>

  6. 删除配置服务器。Delete the configuration server.

    Remove-AzSiteRecoveryFabric -Fabric $fabric [-Force]

Note

可使用 Remove-AzSiteRecoveryFabric 中的 -Force 选项强制删除配置服务器。You can use the -Force option in Remove-AzSiteRecoveryFabric for forced deletion of the configuration server.

生成配置服务器通行短语Generate configuration server Passphrase

  1. 登录配置服务器,并以管理员身份打开“命令提示符”窗口。Sign in to your configuration server, and then open a command prompt window as an administrator.
  2. 要将目录更改到 bin 文件夹,请执行命令 cd %ProgramData%\ASR\home\svsystems\bin To change the directory to the bin folder, execute the command cd %ProgramData%\ASR\home\svsystems\bin
  3. 要生成通行短语文件,请执行 genpassphrase.exe v > MobSvc.passphrase 。To generate the passphrase file, execute genpassphrase.exe -v > MobSvc.passphrase.
  4. 你的通行短语将存储在 %ProgramData%\ASR\home\svsystems\bin\MobSvc.passphrase 中。Your passphrase will be stored in the file located at %ProgramData%\ASR\home\svsystems\bin\MobSvc.passphrase.

续订 SSL 证书Renew SSL certificates

配置服务器具有一个内置的 Web 服务器,该服务器协调连接到配置服务器的移动服务、进程服务器和主目标服务器的活动。The configuration server has an inbuilt web server, which orchestrates activities of the Mobility Service, process servers, and master target servers connected to it. Web 服务器使用 SSL 证书对客户端进行身份验证。The web server uses an SSL certificate to authenticate clients. 该证书在三年后到期,并可随时续订。The certificate expires after three years and can be renewed at any time.

检查有效期Check expiry

对于 2016 年 5 月之前的配置服务器部署,证书有效期设置为一年。For configuration server deployments before May 2016, certificate expiry was set to one year. 如果证书即将到期,将出现以下情况:If you have a certificate that is going to expire, the following occurs:

  • 如果离到期日期有两个月或不到两个月,服务将开始在门户中发送通知以及通过电子邮件发送(如果订阅了 Site Recovery 通知)。When the expiry date is two months or less, the service starts sending notifications in the portal, and by email (if you subscribed to Site Recovery notifications).
  • 保管库资源页上将显示通知横幅。A notification banner appears on the vault resource page. 若要了解详细信息,请选择横幅。For more information, select the banner.
  • 如果看到了“立即升级” 按钮,则表示环境中有些组件尚未升级到 9.4.xxxx.x 或更高版本。If you see an Upgrade Now button, it indicates that some components in your environment haven't been upgraded to 9.4.xxxx.x or higher versions. 请在续订证书之前升级组件。Upgrade the components before you renew the certificate. 无法在旧版本中进行续订。You can't renew on older versions.

续订证书Renew the certificate

  1. 在保管库中,打开“Site Recovery 基础结构” > “配置服务器”。 In the vault, open Site Recovery Infrastructure > Configuration Server. 选择所需的配置服务器。Select the required configuration server.
  2. 到期日期显示在“配置服务器运行状况” 下。The expiry date appears under Configuration Server health.
  3. 选择“续订证书” 。Select Renew Certificates.

刷新配置服务器Refresh Configuration server

  1. 在 Azure 门户中,导航至“恢复服务保管库” > “管理” > “站点恢复基础结构” > “对于 VMware 和物理机” > “配置服务器” In the Azure portal, navigate to Recovery Services Vault > Manage > Site Recovery Infrastructure > For VMware & Physical machines > Configuration Servers
  2. 单击要刷新的配置服务器。Click on the configuration server you wish to refresh.
  3. 在包含所选配置服务器详细信息的边栏选项卡上,单击“更多” > “刷新服务器” 。On the blade with details of chosen configuration server, click More > Refresh Server.
  4. 在“恢复服务保管库” > “监控” > “站点恢复作业”下监控作业进度 。Monitor the progress of the job under Recovery Services Vault > Monitoring > Site Recovery jobs.

更新 Windows 许可证Update Windows license

通过 OVF 模板提供的许可证是有效期为 180 天的评估许可证。The license provided with the OVF template is an evaluation license valid for 180 days. 为确保不间断使用,必须使用采购的许可证来激活 Windows。For uninterrupted usage, you must activate Windows with a procured license.

故障回复要求Failback requirements

在重新保护和故障回复期间,本地配置服务器必须运行且处于连接状态。During reprotect and failback, the on-premises configuration server must be running and in a connected state. 要成功进行故障回复,要故障回复的虚拟机必须位于配置服务器数据库中。For successful failback, the virtual machine being failed back must exist in the configuration server database.

确保定期计划配置服务器备份。Ensure that you take regular scheduled backups of your configuration server. 如果发生灾难且配置服务器丢失,则必须首先从备份副本还原配置服务器,并确保已还原的配置服务器具有与其注册到保管库的 IP 地址相同的 IP 地址。If a disaster occurs and the configuration server is lost, you must first restore the configuration server from a backup copy and ensure that the restored configuration server has the same IP address with which it was registered to the vault. 如果为还原的配置服务器使用不同的 IP 地址,则故障回复将不起作用。Failback will not work if a different IP address is used for the restored configuration server.

后续步骤Next steps

查看有关设置 VMware VM 到 Azure 的灾难恢复的教程。Review the tutorials for setting up disaster recovery of VMware VMs to Azure.