使用 Azure 导入/导出服务将数据导入到 Azure Blob 存储Use the Azure Import/Export service to import data to Azure Blob Storage

本文提供了有关如何使用 Azure 导入/导出服务安全地将大量数据导入到 Azure Blob 存储的分步说明。This article provides step-by-step instructions on how to use the Azure Import/Export service to securely import large amounts of data to Azure Blob storage. 若要将数据导入到 Azure Blob,此服务要求你将包含数据的已加密磁盘驱动器寄送到某个 Azure 数据中心。To import data into Azure Blobs, the service requires you to ship encrypted disk drives containing your data to an Azure datacenter.

先决条件Prerequisites

在创建导入作业来将数据传输到 Azure Blob 存储之前,请仔细查看并完成此服务的以下先决条件列表。Before you create an import job to transfer data into Azure Blob Storage, carefully review and complete the following list of prerequisites for this service. 必须具备以下条件:You must:

步骤 1:准备驱动器Step 1: Prepare the drives

此步骤生成一个日志文件。This step generates a journal file. 日志文件存储着驱动器序列号、加密密钥和存储帐户详细信息等基本信息。The journal file stores basic information such as drive serial number, encryption key, and storage account details.

请执行以下步骤来准备驱动器。Perform the following steps to prepare the drives.

  1. 通过 SATA 连接器将磁盘驱动器连接到 Windows 系统。Connect your disk drives to the Windows system via SATA connectors.

  2. 在每个驱动器上创建一个 NTFS 卷。Create a single NTFS volume on each drive. 为卷分配驱动器号。Assign a drive letter to the volume. 不要使用装入点。Do not use mountpoints.

  3. 在 NTFS 卷上启用 BitLocker 加密。Enable BitLocker encryption on the NTFS volume. 如果使用某个 Windows Server 系统,请使用如何在 Windows Server 2012 R2 上启用 BitLocker 中的说明。If using a Windows Server system, use the instructions in How to enable BitLocker on Windows Server 2012 R2.

  4. 将数据复制到加密的卷。Copy data to encrypted volume. 可使用拖放或 Robocopy 或任何类似的复制工具。Use drag and drop or Robocopy or any such copy tool. 在运行该工具的同一文件夹中会创建一个日志 (.jrn) 文件。A journal (.jrn) file is created in the same folder where you run the tool.

    如果驱动器已锁定并且需要解锁,不同用例的解锁步骤可能不同。If the drive is locked and you need to unlock the drive, the steps to unlock may be different depending on your use case.

    • 如果已将数据添加到预加密驱动器(并非使用 WAImportExport 工具来加密),请使用弹出窗口中的 BitLocker 密钥(你指定的数字密码)来解锁驱动器。If you have added data to a pre-encrypted drive (WAImportExport tool was not used for encryption), use the BitLocker key (a numerical password that you specify) in the popup to unlock the drive.

    • 如果已将数据添加到由 WAImportExport 工具加密的驱动器,请使用以下命令解锁该驱动器:If you have added data to a drive that was encrypted by WAImportExport tool, use the following command to unlock the drive:

      WAImportExport Unlock /externalKey:<BitLocker key (base 64 string) copied from journal (*.jrn*) file>

  5. 使用管理权限打开 PowerShell 或命令行窗口。Open a PowerShell or command line window with administrative privileges. 若要将目录切换到解压缩的文件夹,请运行以下命令:To change directory to the unzipped folder, run the following command:

    cd C:\WaImportExportV1

  6. 若要获取驱动器的 BitLocker 密钥,请运行以下命令:To get the BitLocker key of the drive, run the following command:

    manage-bde -protectors -get <DriveLetter>: 获取 BitLocker 密钥manage-bde -protectors -get <DriveLetter>: Get BitLocker Key

  7. 若要准备磁盘,请运行以下命令。To prepare the disk, run the following command. 这可能要花费几小时到几天时间,具体取决于数据大小。Depending on the data size, this may take several hours to days.

    ./WAImportExport.exe PrepImport /j:<journal file name> /id:session<session number> /t:<Drive letter> /bk:<BitLocker key> /srcdir:<Drive letter>:\ /dstdir:<Container name>/ /blobtype:<BlockBlob or PageBlob> /skipwrite
    

    在运行该工具的同一文件夹中会创建一个日志文件。A journal file is created in the same folder where you ran the tool. 还会创建两个其他文件 - 一个 .xml 文件(您在其中运行工具的文件夹)和一个 drive-manifest.xml 文件(数据所在的文件夹)。Two other files are also created - an .xml file (folder where you run the tool) and a drive-manifest.xml file (folder where data resides).

    下表介绍了所使用的参数:The parameters used are described in the following table:

    选项Option 说明Description
    /j:/j: 带有 .jrn 扩展名的日志文件的名称。The name of the journal file, with the .jrn extension. 会为每个驱动器生成一个日志文件。A journal file is generated per drive. 建议使用磁盘序列号作为日志文件名。We recommend that you use the disk serial number as the journal file name.
    /id:/id: 会话 ID。The session ID. 请为该命令的每个实例使用唯一的会话编号。Use a unique session number for each instance of the command.
    /t:/t: 要寄送的磁盘的驱动器号。The drive letter of the disk to be shipped. 例如,驱动器 DFor example, drive D.
    /bk:/bk: 驱动器的 BitLocker 密钥。The BitLocker key for the drive. 其数字密码来自 manage-bde -protectors -get D: 的输出Its numerical password from output of manage-bde -protectors -get D:
    /srcdir:/srcdir: 要寄送的磁盘的驱动器号后跟 :\The drive letter of the disk to be shipped followed by :\. 例如,D:\For example, D:\.
    /dstdir:/dstdir: Azure 存储中的目标容器的名称。The name of the destination container in Azure Storage.
    /blobtype:/blobtype: 此选项指定要将数据导入到的 Blob 的类型。This option specifies the type of blobs you want to import the data to. 对于块 blob,此项为 BlockBlob;对于页 blob,此项为 PageBlobFor block blobs, this is BlockBlob and for page blobs, it is PageBlob.
    /skipwrite:/skipwrite: 此选项指定没有需要复制的新数据并且要准备磁盘上的现有数据。The option that specifies that there is no new data required to be copied and existing data on the disk is to be prepared.
    /enablecontentmd5:/enablecontentmd5: 启用此选项时,将确保计算 MD5 并将其设置为每个 blob 上的 Content-md5 属性。The option when enabled, ensures that MD5 is computed and set as Content-md5 property on each blob. 仅当希望在将数据上传到 Azure 后使用 Content-md5 字段时,才使用此选项。Use this option only if you want to use the Content-md5 field after the data is uploaded to Azure.
    此选项不影响数据完整性检查(默认情况下会进行)。This option does not affect the data integrity check (that occurs by default). 此设置确实会增加将数据上传到云所需的时间。The setting does increase the time taken to upload data to cloud.
  8. 为需要寄送的每个磁盘重复前面的步骤。Repeat the previous step for each disk that needs to be shipped. 每次运行该命令行时,都会使用所提供的名称创建一个日志文件。A journal file with the provided name is created for every run of the command line.

    重要

    • 与日志文件一起,还会在工具所在的同一文件夹中创建一个 <Journal file name>_DriveInfo_<Drive serial ID>.xml 文件。Together with the journal file, a <Journal file name>_DriveInfo_<Drive serial ID>.xml file is also created in the same folder where the tool resides. 如果日志文件太大,在创建作业时会使用该 .xml 文件而不使用日志文件。The .xml file is used in place of journal file when creating a job if the journal file is too big.

步骤 2:创建导入作业Step 2: Create an import job

在 Azure 门户中执行以下步骤来创建导入作业。Perform the following steps to create an import job in the Azure portal.

  1. 登录到 https://portal.azure.cn/Log on to https://portal.azure.cn/.

  2. 转到“所有服务”>“存储”>“导入/导出作业”。Go to All services > Storage > Import/export jobs.

    转到导入/导出作业

  3. 单击“创建导入/导出作业”。Click Create Import/export Job.

    单击“创建导入/导出作业”

  4. 在“基本信息”中:In Basics:

    • 选择“导入到 Azure”。Select Import into Azure.

    • 输入导入作业的描述性名称。Enter a descriptive name for the import job. 可使用此名称来跟踪作业进度。Use the name to track the progress of your jobs.

      • 此名称可以包含大写和小写字母、数字、连字符。The name may contain both higher and lower case letters, numbers, hyphens.
      • 此名称必须以字母开头,并且不得包含空格。The name must start with a letter, and may not contain spaces.
    • 选择一个订阅。Select a subscription.

    • 输入或选择一个资源组。Enter or select a resource group.

      创建导入作业 - 步骤 1

  5. 在“作业详细信息”中:In Job details:

    • 上传你在驱动器准备步骤中获取的驱动器日志文件。Upload the drive journal files that you obtained during the drive preparation step. 如果使用了 waimportexport.exe version1,请为你准备的每个驱动器上传一个文件。If waimportexport.exe version1 was used, upload one file for each drive that you prepared. 如果日志文件大小超过了 2 MB,则可以使用随日志文件创建的 <Journal file name>_DriveInfo_<Drive serial ID>.xmlIf the journal file size exceeds 2 MB, then you can use the <Journal file name>_DriveInfo_<Drive serial ID>.xml also created with the journal file.
    • 选择将用来存放数据的目标存储帐户。Select the destination storage account where data will reside.
    • 放置位置会根据选定存储帐户所属的区域自动进行填充。The dropoff location is automatically populated based on the region of the storage account selected.

    创建导入作业 - 步骤 2

  6. 在“回寄信息”中:In Return shipping info:

    • 从下拉列表中选择承运商。Select the carrier from the dropdown list.

    • 输入你已在该承运商那里创建的有效承运商帐户编号。Enter a valid carrier account number that you have created with that carrier. 当导入作业完成后,我们使用此帐户寄回驱动器。We use this account to ship the drives back to you once your import job is complete. 如果没有帐户编号,请创建一个 EMS 承运商帐户。If you do not have an account number, create a EMS carrier account.

    • 提供完整、有效的联系人姓名、电话号码、电子邮件地址、街道地址、城市、邮政编码、省/自治区/直辖市和国家/地区。Provide a complete and valid contact name, phone, email, street address, city, zip, state/province and country/region.

      提示

      请提供组电子邮件,而非为单个用户指定电子邮件地址。Instead of specifying an email address for a single user, provide a group email. 这可确保即使管理员离开也会收到通知。This ensures that you receive notifications even if an admin leaves.

      创建导入作业 - 步骤 3

  7. 在“摘要”中:In the Summary:

    • 在摘要中复查提供的作业信息。Review the job information provided in the summary. 记下作业名称和 Azure 数据中心送货地址,以便将将磁盘寄回 Azure。Make a note of the job name and the Azure datacenter shipping address to ship disks back to Azure. 稍后将在发货标签中使用此信息。This information is used later on the shipping label.

    • 单击“确定”以创建导入作业。Click OK to create the import job.

      创建导入作业 - 步骤 4

步骤 3(可选):配置客户管理的密钥Step 3 (Optional): Configure customer managed key

如果要使用 Microsoft 托管密钥保护驱动器的 BitLocker 密钥,请跳过此步骤并转到下一步。Skip this step and go to the next step if you want to use the Microsoft managed key to protect your BitLocker keys for the drives. 要配置自己的密钥以保护 BitLocker 密钥,请按照在 Azure 门户中使用用于 Azure 导入/导出的 Azure 密钥保管库配置客户管理的密钥中的说明进行操作To configure your own key to protect the BitLocker key, follow the instructions in Configure customer-managed keys with Azure Key Vault for Azure Import/Export in the Azure portal

步骤 4:寄送驱动器Step 4: Ship the drives

可以使用 EMS 将包裹寄送到 Azure 数据中心。EMS can be used to ship the package to Azure datacenter.

  • 提供 Azure 将用于寄回驱动器的有效 EMS 运营商帐号。Provide a valid EMS carrier account number that Azure will use to ship the drives back.

步骤 5:使用跟踪信息更新作业Step 5: Update the job with tracking information

寄送磁盘后,请返回到 Azure 门户中的“导入/导出” 页面。After shipping the disks, return to the Import/Export page on the Azure portal.

重要

如果在创建作业后的 2 周内未更新跟踪号,该作业会过期。If the tracking number is not updated within 2 weeks of creating the job, the job expires.

若要更新跟踪号,请执行以下步骤。To update the tracking number, perform the following steps.

  1. 选择并单击作业。Select and click the job.
  2. 单击“寄送驱动器后更新作业状态和跟踪信息” 。Click Update job status and tracking info once drives are shipped.
  3. 选中“标记为已寄送” 旁的复选框。Select the checkbox against Mark as shipped.
  4. 提供承运商信息 和跟踪号码 (例如 ID:000000000000000000;SN:00000000000000)。Provide the Carrier and Tracking number (e.g.ID:000000000000000000;SN:00000000000000).
    • 对于跟踪号码:For tracking numbers:
    • 如果通过快递寄送,请键入有效的快递单号码 + 设备序列号。If ship by courier, please type valid courier numbers + Device serial numbers.
    • 如果自己发运,请键入 ID 号 + 设备序列号。If ship by yourself, please type ID numbers + Device serial numbers.
  5. 在门户仪表板上跟踪作业进度。Track the job progress on the portal dashboard. 有关每个作业状态的说明,请转到查看作业状态For a description of each job state, go to View your job status.

步骤 6:验证 Azure 中的数据上传Step 6: Verify data upload to Azure

跟踪作业直至完成。Track the job to completion. 作业完成后,验证数据已上传到 Azure。Once the job is complete, verify that your data has uploaded to Azure. 仅在已确认上传成功后才删除本地数据。Delete the on-premises data only after you have verified that upload was successful.

后续步骤Next steps