您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 备份功能概述Overview of the features in Azure Backup

Azure 备份是基于 Azure 的服务,可用于备份(或保护)和还原 Microsoft 云端数据。Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud. Azure 备份将现有的本地或异地备份解决方案替换为安全可靠、性价比高的云端解决方案。Azure Backup replaces your existing on-premises or off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive. Azure 备份提供多个组件,可将其下载并部署到适当的计算机、服务器或云中。Azure Backup offers multiple components that you download and deploy on the appropriate computer, server, or in the cloud. 依据要保护的内容选择部署的组件或代理。The component, or agent, that you deploy depends on what you want to protect. 无论是保护本地数据还是云端数据,所有 Azure 备份组件均可用于将数据备份到 Azure 的恢复服务保管库中。All Azure Backup components (no matter whether you're protecting data on-premises or in the cloud) can be used to back up data to a Recovery Services vault in Azure. 请参阅本文稍后部分的 Azure 备份组件表格,了解保护特定数据、应用程序或工作负荷所用的组件。See the Azure Backup components table (later in this article) for information about which component to use to protect specific data, applications, or workloads.

观看 Azure 备份概述视频Watch a video overview of Azure Backup

为何使用 Azure 备份?Why use Azure Backup?

传统的备份解决方案已演变成将云端视为类似于磁盘/磁带的终结点或静态存储目标。Traditional backup solutions have evolved to treat the cloud as an endpoint, or static storage destination, similar to disks or tape. 该方法很简单,但用途有限,不能充分利用基础云平台,由此变成了一种效率低的昂贵解决方案。While this approach is simple, it is limited and doesn't take full advantage of an underlying cloud platform, which translates to an expensive, inefficient solution. 其他解决方案也很昂贵,你最终会为错误的存储类型或不需要的存储支付费用。Other solutions are expensive because you end up paying for the wrong type of storage, or storage that you don't need. 其他解决方案的效率通常不高,因为它们不会提供所需的存储类型/存储量,或者管理任务需要耗费太多时间。Other solutions are often inefficient because they don't offer you the type or amount of storage you need, or administrative tasks require too much time. 与此相反,Azure 备份具有以下主要优势:In contrast, Azure Backup delivers these key benefits:

自动存储管理 - 混合环境常常需要异类存储(部分在本地,部分在云端)。Automatic storage management - Hybrid environments often require heterogeneous storage - some on-premises and some in the cloud. 通过 Azure 备份,使用本地存储设备时无需付费。With Azure Backup, there is no cost for using on-premises storage devices. Azure 备份会自动分配和管理备份存储,且采用即用即付模型。Azure Backup automatically allocates and manages backup storage, and it uses a pay-as-you-use model. 即用即付是指只需为所用的存储付费。Pay-as-you-use means that you only pay for the storage that you consume. 有关详细详细,请参阅 Azure 定价文章For more information, see the Azure pricing article.

无限缩放 - Azure 备份利用 Azure 云的基础功能和无限缩放功能实现高可用性 - 无需维护或监视开销。Unlimited scaling - Azure Backup uses the underlying power and unlimited scale of the Azure cloud to deliver high-availability - with no maintenance or monitoring overhead. 可设置警报来获取相关事件信息,但无需担忧云端数据的高可用性。You can set up alerts to provide information about events, but you don't need to worry about high-availability for your data in the cloud.

多个存储选项 - 高可用性的一个方面是存储复制。Multiple storage options - An aspect of high-availability is storage replication. Azure 备份提供两种类型的复制:本地冗余存储异地冗余存储Azure Backup offers two types of replication: locally redundant storage and geo-redundant storage. 根据需要选择备份存储选项:Choose the backup storage option based on need:

  • 本地冗余存储 (LRS) 将数据中心的存储缩放单元中的数据复制三次(创建三个数据副本)。Locally redundant storage (LRS) replicates your data three times (it creates three copies of your data) in a storage scale unit in a datacenter. 数据的所有副本存在于同一区域。All copies of the data exist within the same region. LRS 是一种低成本选项,用于保护数据免受本地硬件故障的影响。LRS is a low-cost option for protecting your data from local hardware failures.

  • 异地冗余存储 (GRS) 是默认的和推荐的复制选项。Geo-redundant storage (GRS) is the default and recommended replication option. GRS 将数据复制到次要区域,该次要区域是 Azure 配对区域(距离源数据的主要位置数百英里)。GRS replicates your data to a secondary region which is Azure paired regions (hundreds of miles away from the primary location of the source data). GRS 的成本比 LRS 的高,但 GRS 可让数据更为持久,即使出现区域性故障也是如此。GRS costs more than LRS, but GRS provides a higher level of durability for your data, even if there is a regional outage.

无限数据传输 - Azure 备份不会限制传输的入站或出站数据量。Unlimited data transfer - Azure Backup does not limit the amount of inbound or outbound data you transfer. Azure 备份也不会对传输的数据收费。Azure Backup also does not charge for the data that is transferred. 但如果使用 Azure 导入/导出服务来导入大量数据,则入站数据将产生相关费用。However, if you use the Azure Import/Export service to import large amounts of data, there is a cost associated with inbound data. 有关此费用的详细信息,请参阅 Azure 备份中的脱机备份工作流For more information about this cost, see Offline-backup workflow in Azure Backup. 出站数据是指还原操作期间从恢复服务保管库传输的数据。Outbound data refers to data transferred from a Recovery Services vault during a restore operation.

数据加密Data encryption:

  • 使用 AES256 在本地计算机上对本地传输数据进行加密。On-premises, data in transit is encrypted on the on-premises machine using AES256. 传输的数据受存储和备份之间的 HTTPS 保护。The data transmitted is protected by HTTPS between storage and backup. iSCSI 协议可保护在备份和用户计算机之间传输的数据。The iSCSI protocol secures the data transmitted between backup and the user machine. 安全隧道用于保护 iSCSI 通道。Secure tunneling is used to protect the iSCSI channel.
  • 进行从本地到 Azure 的备份时,使用你在设置备份时提供的通行短语对 Azure 中的数据进行静态加密。For on-premises to Azure backup, data in Azure is encrypted at-rest using the passphrase you provide when you set up backup. 通行短语或密钥绝不会传输或存储到 Azure 中。The passphrase or key it is never transmitted or stored in Azure. 如有必要还原任何数据,只需具有加密密码或密钥即可。If it is necessary to restore any of the data, only you have encryption passphrase, or key.
  • 对于 Azure VM,使用存储服务加密 (SSE) 对数据进行静态加密。For Azure VMs, data is encrypted at-reset using Storage Service Encryption (SSE). 备份会在存储数据之前自动加密数据。Backup automatically encrypts data before storing it. Azure 备份会在检索数据之前解密数据。Azure Storage decrypts data before retrieving it.
  • 备份也支持使用 Azure 磁盘加密 (ADE) 进行加密的 Azure VM。Backup also supports Azure VMs encrypted using Azure Disk Encryption (ADE). 了解详细信息Learn more.

应用程序一致性备份 - 应用程序一致性备份意味着恢复点包含还原备份副本所需的所有数据。Application-consistent backup - An application-consistent backup means a recovery point has all required data to restore the backup copy. Azure 备份提供了应用程序一致性备份,确保了还原数据时无需额外的修补程序。Azure Backup provides application-consistent backups, which ensure additional fixes are not required to restore the data. 还原应用程序一致型数据可减少还原时间,因此可快速恢复到运行状态。Restoring application-consistent data reduces the restoration time, allowing you to quickly return to a running state.

长期保留 - 可以将恢复服务保管库用于短期和长期数据保留。Long-term retention - You can use Recovery Services vaults for short-term and long-term data retention. Azure 不会限制恢复服务保管库中数据的保留时间长度。Azure doesn't limit the length of time data can remain in a Recovery Services vault. 可以根据需要设置数据在保管库中的保留时间。You can keep data in a vault for as long as you like. Azure 备份的限制为每个受保护实例仅限 9999 个恢复点。Azure Backup has a limit of 9999 recovery points per protected instance. 请参阅本文的备份和保留部分,了解此限制对用户备份需求的影响。See the Backup and retention section in this article for an explanation of how this limit may impact your backup needs.

应使用哪些 Azure 备份组件?Which Azure Backup components should I use?

通过下表了解可以对每个 Azure 备份组件进行保护的内容。Use the following table for information about what you can protect with each Azure Backup component.

组件Component 优点Benefits 限制Limits 保护哪些内容?What is protected? 备份存储在何处?Where are backups stored?
Azure 备份 (MARS) 代理Azure Backup (MARS) agent
  • 将文本和文件夹备份到物理或虚拟 Windows OS(VM 可以在本地或在 Azure 中)Back up files and folders on physical or virtual Windows OS (VMs can be on-premises or in Azure)
  • 无需单独的备份服务器。No separate backup server required.
  • 每天备份三次Backup 3x per day
  • 不感知应用程序;仅支持文件、文件夹和卷级别的还原,Not application aware; file, folder, and volume-level restore only,
  • 不支持 Linux。No support for Linux.
  • 文件、Files,
  • 文件夹、Folders,
  • 系统状态System State
  • 恢复服务保管库Recovery Services vault
    System Center DPMSystem Center DPM
  • 应用程序感知快照 (VSS)Application-aware snapshots (VSS)
  • 在备份时间上完全灵活Full flexibility for when to take backups
  • 恢复粒度(全部)Recovery granularity (all)
  • 可以使用恢复服务保管库Can use Recovery Services vault
  • Hyper-V 和 VMware VM 对 Linux 的支持Linux support on Hyper-V and VMware VMs
  • 使用 DPM 2012 R2 备份和还原 VMware VMBack up and restore VMware VMs using DPM 2012 R2
  • 无法备份 Oracle 工作负荷。Cannot back up Oracle workload.
  • 文件、Files,
  • 文件夹、Folders,
  • 卷、Volumes,
  • VM、VMs,
  • 应用程序、Applications,
  • 工作负荷Workloads
  • 系统状态System State
  • 恢复服务保管库、Recovery Services vault,
  • 本地附加磁盘、Locally attached disk,
  • 磁带(仅限本地)Tape (on-premises only)
  • Azure 备份服务器Azure Backup Server
  • 应用程序感知快照 (VSS)Application-aware snapshots (VSS)
  • 在备份时间上完全灵活Full flexibility for when to take backups
  • 恢复粒度(全部)Recovery granularity (all)
  • 可以使用恢复服务保管库Can use Recovery Services vault
  • Hyper-V 和 VMware VM 对 Linux 的支持Linux support on Hyper-V and VMware VMs
  • 备份和还原 VMware VMBack up and restore VMware VMs
  • 不需要 System Center 许可证Does not require a System Center license
  • 无法备份 Oracle 工作负荷。Cannot back up Oracle workload.
  • 始终需要实时 Azure 订阅Always requires live Azure subscription
  • 不支持磁带备份No support for tape backup
  • 文件、Files,
  • 文件夹、Folders,
  • 卷、Volumes,
  • VM、VMs,
  • 应用程序、Applications,
  • 工作负荷、Workloads,
  • 系统状态System State
  • 恢复服务保管库、Recovery Services vault,
  • 本地附加磁盘Locally attached disk
  • Azure IaaS VM 备份Azure IaaS VM Backup
  • 应用程序感知快照 (VSS)Application-aware snapshots (VSS)
  • 针对 Windows/Linux 的本地备份Native backups for Windows/Linux
  • 无需安装特定代理No specific agent installation required
  • 无需使用备份基础结构进行结构级备份Fabric-level backup with no backup infrastructure needed
  • 每天备份 VM 一次Back up VMs once-a-day
  • 仅在磁盘级还原 VMRestore VMs only at disk level
  • 无法本地备份Cannot back up on-premises
  • VM、VMs,
  • 所有磁盘(使用 PowerShell)All disks (using PowerShell)
  • 恢复服务保管库Recovery Services vault

    每个组件适用哪些部署方案?What are the deployment scenarios for each component?

    组件Component 可以在 Azure 中部署吗?Can be deployed in Azure? 可以在本地部署吗?Can be deployed on-premises? 支持的目标存储Target storage supported
    Azure 备份 (MARS) 代理Azure Backup (MARS) agent

    Yes

    Azure 备份代理可在 Azure 中运行的任意 Windows Server VM 上进行部署。The Azure Backup agent can be deployed on any Windows Server VM that runs in Azure.

    Yes

    备份代理可在任意 Windows Server VM 或物理计算机上进行部署。The Backup agent can be deployed on any Windows Server VM or physical machine.

    恢复服务保管库Recovery Services vault

    System Center DPMSystem Center DPM

    Yes

    深入了解如何使用 System Center DPM 保护 Azure 中的工作负荷Learn more about how to protect workloads in Azure by using System Center DPM.

    Yes

    深入了解如何保护数据中心内的工作负荷和 VMLearn more about how to protect workloads and VMs in your datacenter.

    本地附加磁盘、Locally attached disk,

    恢复服务保管库、Recovery Services vault,

    磁带(仅限本地)tape (on-premises only)

    Azure 备份服务器Azure Backup Server

    Yes

    深入了解如何使用 Azure 备份服务器保护 Azure 中的工作负荷Learn more about how to protect workloads in Azure by using Azure Backup Server.

    Yes

    深入了解如何使用 Azure 备份服务器保护 Azure 中的工作负荷Learn more about how to protect workloads in Azure by using Azure Backup Server.

    本地附加磁盘、Locally attached disk,

    恢复服务保管库Recovery Services vault

    Azure IaaS VM 备份Azure IaaS VM Backup

    Yes

    Azure 结构的一部分Part of Azure fabric

    专用于备份 Azure 基础结构即服务 (IaaS) 虚拟机Specialized for backup of Azure infrastructure as a service (IaaS) virtual machines.

    No

    使用 System Center DPM 备份数据中心内的虚拟机。Use System Center DPM to back up virtual machines in your datacenter.

    恢复服务保管库Recovery Services vault

    可以备份哪些应用程序和工作负荷?Which applications and workloads can be backed up?

    下表提供了可使用 Azure 备份保护的数据和工作负荷的矩阵。The following table provides a matrix of the data and workloads that can be protected using Azure Backup. Azure 备份解决方案列具有该解决方案部署文档的链接。The Azure Backup solution column has links to the deployment documentation for that solution.

    数据或工作负荷Data or Workload 源环境Source environment Azure 备份解决方案Azure Backup solution
    文件和文件夹Files and folders Windows ServerWindows Server

    Azure 备份代理Azure Backup agent,

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    文件和文件夹Files and folders Windows 计算机Windows computer

    Azure 备份代理Azure Backup agent,

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Hyper-V 虚拟机 (Windows)Hyper-V virtual machine (Windows) Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Hyper-V 虚拟机 (Linux)Hyper-V virtual machine (Linux) Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    VMware 虚拟机VMware virtual machine Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Microsoft SQL ServerMicrosoft SQL Server Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Microsoft SharePointMicrosoft SharePoint Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Microsoft ExchangeMicrosoft Exchange Windows ServerWindows Server

    System Center DPM(带 Azure 备份代理)、System Center DPM (+ the Azure Backup agent),

    Azure 备份服务器(带 Azure 备份代理)Azure Backup Server (includes the Azure Backup agent)

    Azure IaaS VM (Windows)Azure IaaS VMs (Windows) 在 Azure 中运行running in Azure Azure 备份(VM 扩展)Azure Backup (VM extension)
    Azure IaaS VM (Linux)Azure IaaS VMs (Linux) 在 Azure 中运行running in Azure Azure 备份(VM 扩展)Azure Backup (VM extension)

    Linux 支持Linux support

    下表显示了 Linux 支持的 Azure 备份组件。The following table shows Azure Backup components supported for Linux.

    组件Component Linux(Azure 认可)Linux (Azure endorsed)
    Azure 备份 (MARS) 代理Azure Backup (MARS) agent 否(仅限基于 Windows 的代理)No (Windows-based agent only)
    System Center DPMSystem Center DPM 在 Hyper-V 和 VMWare 上对 Linux 来宾 VM 进行文件一致性备份File-consistent backup of Linux Guest VMs on Hyper-V and VMWare

    对 Hyper-V 和 VMWare Linux 来宾 VM 进行 VM 还原VM restores of Hyper-V and VMWare Linux Guest VMs

    文件一致性备份不适用于 Azure VMFile-consistent backup not available for Azure VMs
    Azure 备份服务器Azure Backup Server 在 Hyper-V 和 VMWare 上对 Linux 来宾 VM 进行文件一致性备份File-consistent backup of Linux Guest VMs on Hyper-V and VMWare

    对 Hyper-V 和 VMWare Linux 来宾 VM 进行 VM 还原VM restore of Hyper-V and VMWare Linux guest VMs

    文件一致性备份不适用于 Azure VMFile-consistent backup not available for Azure VMs
    Azure IaaS VM 备份Azure IaaS VM Backup 应用一致性备份,使用前脚本和后脚本框架App-consistent backup using the pre-script and post-script framework

    文件级恢复File-level recovery

    从还原的磁盘创建 VMCreate a VM from a restored disk

    从恢复点创建 VMCreate a VM from a recovery point.

    将高级存储 VM 与 Azure 备份配合使用Using premium storage VMs with Azure Backup

    Azure 备份会保护高级存储 VM。Azure Backup protects premium storage VMs. Azure 高级存储是基于固态硬盘 (SSD) 的存储,用于支持 I/O 密集型工作负荷。Azure premium storage is solid-state drive (SSD)-based storage designed to support I/O-intensive workloads. 高级存储很适合虚拟机 (VM) 工作负荷。Premium Storage is attractive for virtual machine (VM) workloads. 有关高级存储和其他磁盘类型的详细信息,请参阅选择磁盘类型一文。For more information about Premium Storage and other disk types, see the article, select a disk type.

    备份高级存储 VMBack up premium storage VMs

    在备份高级存储 VM 时,备份服务在高级存储帐户中创建名为“AzureBackup-”的临时暂存位置。While backing up Premium Storage VMs, the Backup service creates a temporary staging location, named "AzureBackup-", in the premium Storage account. 暂存位置大小与恢复点快照大小相同。The size of the staging location is equal to the size of the recovery point snapshot. 请确保高级存储帐户有足够的可用空间,可以容纳临时暂存位置。Be sure the premium Storage account has adequate free space to accommodate the temporary staging location. 有关详细信息,请参阅 Azure 存储可伸缩性目标中的文章。For more information, see the article on Azure storage scalability targets. 备份作业完成后,将删除暂存位置。Once the backup job finishes, the staging location is deleted. 用于暂存位置的存储的价格与所有 高级存储定价一致。The price of storage used for the staging location is consistent with all Premium storage pricing.

    备注

    请不要修改或编辑暂存位置。Do not modify or edit the staging location.

    还原高级存储 VMRestore premium storage VMs

    可将高级存储 VM 还原到高级存储或标准存储中。You can restore Premium Storage VMs to either Premium Storage or to Standard Storage. 将高级存储 VM 的恢复点还原到高级存储是典型的过程。Restoring a Premium Storage VM recovery point back to Premium Storage is the typical process. 但是,在需要 VM 的一部分文件的情况下,将高级存储 VM 的恢复点还原到标准存储更符合成本效益。However, it can be cost effective to restore a Premium Storage VM recovery point to Standard Storage if you need a subset of files from the VM.

    将托管磁盘 VM 与 Azure 备份结合使用Using managed disk VMs with Azure Backup

    Azure 备份保护托管磁盘 VM。Azure Backup protects managed disk VMs. 使用托管磁盘,用户就不需要管理虚拟机的存储帐户,大大简化 VM 预配。Managed disks free you from managing storage accounts of virtual machines and greatly simplify VM provisioning.

    备份托管磁盘 VMBack up managed disk VMs

    在托管磁盘上备份 VM 与备份 Resource Manager VM 并无不同。Backing up VMs on managed disks is no different than backing up Resource Manager VMs. 在 Azure 门户中,可以直接从虚拟机视图或恢复服务保管库视图中配置备份作业。In the Azure portal, you can configure the backup job directly from the Virtual Machine view or from the Recovery Services vault view. 通过基于托管磁盘的 RestorePoint 收集,可以在托管磁盘上备份 VM。You can back up VMs on managed disks through RestorePoint collections built on top of managed disks. Azure 备份也支持备份使用 Azure 磁盘加密 (ADE) 加密的托管磁盘 VM。Azure Backup also supports backing up managed disk VMs encrypted using Azure Disk encryption(ADE).

    还原托管磁盘 VMRestore managed disk VMs

    Azure 备份可以还原使用托管磁盘的完整 VM,或者将托管磁盘还原到存储帐户。Azure Backup allows you to restore a complete VM with managed disks, or restore managed disks to a storage account. 在还原过程中,Azure 管理托管磁盘。Azure manages the managed disks during the restore process. 你(客户)管理作为还原过程的一部分创建的存储帐户。You (the customer) manage the storage account created as part of the restore process. 若要还原托管的已加密 VM,则在启动还原操作之前,必须确保 VM 的密钥和机密已存在于密钥保管库中。When restoring managed encrypted VMs, the VM's keys and secrets should exist in the key vault prior to starting the restore operation.

    每个备份组件有哪些功能?What are the features of each Backup component?

    以下各节提供了相关表格,总结了每个 Azure 备份组件中各种功能是否可用或受支持。The following sections provide tables that summarize the availability or support of various features in each Azure Backup component. 请参阅各表格后的额外支持信息或详细信息。See the information following each table for additional support or details.

    存储Storage

    FeatureFeature Azure 备份代理Azure Backup agent System Center DPMSystem Center DPM Azure 备份服务器Azure Backup Server Azure IaaS VM 备份Azure IaaS VM Backup
    恢复服务保管库Recovery Services vault 是 是 是 是
    磁盘存储Disk storage 是 是
    表存储Tape storage 是
    压缩Compression
    (在恢复服务保管库中)(in Recovery Services vault)
    是 是 是
    增量备份Incremental backup 是 是 是 是
    磁盘重复数据删除Disk deduplication 部分 部分

    表键

    恢复服务保管库是所有组件中首选的存储目标。The Recovery Services vault is the preferred storage target across all components. System Center DPM 和 Azure 备份服务器还提供生成本地磁盘副本的选项。System Center DPM and Azure Backup Server also provide the option to have a local disk copy. 但是,System Center DPM 提供将数据写入磁带存储设备的选项。However, only System Center DPM provides the option to write data to a tape storage device.

    压缩Compression

    备份经过压缩以减少所需的存储空间。Backups are compressed to reduce the required storage space. 唯一不进行压缩的组件为 VM 扩展。The only component that does not use compression is the VM extension. VM 扩展可将所有备份数据从存储帐户复制到同一区域中的恢复服务保管库。The VM extension copies all backup data from your storage account to the Recovery Services vault in the same region. 传输数据时不使用压缩。No compression is used when transferring the data. 传输数据但不压缩会稍微增加所用的存储空间。Transferring the data without compression slightly inflates the storage used. 但是,存储数据而不压缩可加快还原,实现特定的恢复点目标。However, storing the data without compression allows for faster restoration, should you need that recovery point.

    磁盘重复数据删除Disk Deduplication

    Hyper-V 虚拟机上部署 System Center DPM 或 Azure 备份服务器时,可使用重复数据删除。You can take advantage of deduplication when you deploy System Center DPM or Azure Backup Server on a Hyper-V virtual machine. Windows Server 会在以备份存储形式附加到虚拟机的虚拟硬盘 (VHD) 上执行主机级别的重复数据删除。Windows Server performs data deduplication (at the host level) on virtual hard disks (VHDs) that are attached to the virtual machine as backup storage.

    备注

    重复数据删除不适用于 Azure 中的所有备份组件。Deduplication is not available in Azure for any Backup component. 如果 System Center DPM 和备份服务器部署在 Azure 中,则附加到 VM 的存储磁盘无法进行重复数据删除。When System Center DPM and Backup Server are deployed in Azure, the storage disks attached to the VM cannot be deduplicated.

    增量备份说明Incremental backup explained

    无论目标存储(磁盘、磁带、恢复服务保管库)如何,每个 Azure 备份组件都支持增量备份。Every Azure Backup component supports incremental backup regardless of the target storage (disk, tape, Recovery Services vault). 增量备份仅传输自上次备份以来所做的更改,从而可以确保备份在存储空间和时间方面高效。Incremental backup ensures that backups are storage and time efficient, by transferring only those changes made since the last backup.

    比较完整备份、差异备份和增量备份Comparing Full, Differential and Incremental backup

    存储消耗、恢复时间目标 (RTO) 和网络消耗因每种备份方法而异。Storage consumption, recovery time objective (RTO), and network consumption varies for each type of backup method. 为了降低备份总拥有成本 (TCO),需要了解如何选择最佳备份解决方案。To keep the backup total cost of ownership (TCO) down, you need to understand how to choose the best backup solution. 下图对完整备份、差异备份和增量备份进行了比较。The following image compares Full Backup, Differential Backup, and Incremental Backup. 在图中,数据源 A 由 10 个每月备份的存储块 A1-A10 组成。In the image, data source A is composed of 10 storage blocks A1-A10, which are backed up monthly. 第一个月,存储块 A2、A3、A4 和 A9 变化,第二个月,存储块 A5 变化。Blocks A2, A3, A4, and A9 change in the first month, and block A5 changes in the next month.

    备份方法比较图

    借助完整备份,每个备份副本包含整个数据源。With Full Backup, each backup copy contains the entire data source. 完整备份将占用大量的网络带宽和存储,每次传输一份备份副本。Full backup consumes a large amount of network bandwidth and storage, each time a backup copy is transferred.

    差异备份仅存储自初始完整备份后发生变化的数据块,这会占用较少的网络、消耗较少的存储。Differential backup stores only the blocks that changed since the initial full backup, which results in a smaller amount of network and storage consumption. 差异备份不保留无变化数据的冗余副本。Differential backups don't retain redundant copies of unchanged data. 但是,由于会传输并存储后续备份之间保持不变的数据块,所以差异备份的效率比较低。However, because the data blocks that remain unchanged between subsequent backups are transferred and stored, differential backups are inefficient. 第二个月,对已更改的存储块 A2、A3、A4 和 A9 进行备份。In the second month, changed blocks A2, A3, A4, and A9 are backed up. 第三个月,会再次备份这些相同的存储块,以及已更改的存储块 A5。In the third month, these same blocks are backed up again, along with changed block A5. 下次进行完整备份之前,将继续对已更改的存储块进行备份。The changed blocks continue to be backed up until the next full backup happens.

    增量备份通过仅存储上次备份后更改的数据块,从而实现高存储效率和高网络效率。Incremental Backup achieves high storage and network efficiency by storing only the blocks of data that changed since the previous backup. 采用增量备份,没有必要进行定期的完整备份。With incremental backup, there is no need to take regular full backups. 在示例中,第一个月进行完整备份后,存储块 A2、A3、A4 和 A9 将标记为“已更改”,然后转移到第二个月。In the example, after taking the full backup in the first month, blocks A2, A3, A4, and A9 are marked as changed, and transferred to the second month. 在第三个月,仅标记已更改的存储块 A5,并进行传输。In the third month, only changed block A5 is marked and transferred. 移动较少的数据可以节省存储和网络资源,从而降低 TCO。Moving less data saves storage and network resources, which decreases TCO.

    安全Security

    FeatureFeature Azure 备份代理Azure Backup agent System Center DPMSystem Center DPM Azure 备份服务器Azure Backup Server Azure IaaS VM 备份Azure IaaS VM Backup
    网络安全Network security
    (到 Azure)(to Azure)
    是 是 是 是
    数据安全Data security
    (在 Azure 中)(in Azure)
    是 是 是 是

    表键

    网络安全Network security

    从服务器到恢复服务保管库的所有备份流量均通过高级加密标准 256 进行加密。All backup traffic from your servers to the Recovery Services vault is encrypted using Advanced Encryption Standard 256. 备份数据通过安全 HTTPS 链接进行发送。The backup data is sent over a secure HTTPS link. 备份数据还会以加密格式存储在恢复服务保管库中。The backup data is also stored in the Recovery Services vault in encrypted form. 只有 Azure 客户具有解锁此数据的通行短语。Only you, the Azure customer, have the passphrase to unlock this data. Microsoft 无法解密任何位置的备份数据。Microsoft cannot decrypt the backup data at any point.

    警告

    建立恢复服务保管库后,只有你才能访问加密密钥。Once you establish the Recovery Services vault, only you have access to the encryption key. Microsoft 绝不会保留加密密钥副本,且没有访问该密钥的权限。Microsoft never maintains a copy of your encryption key, and does not have access to the key. 如果客户丢失了密钥,Microsoft 无法恢复备份数据。If the key is misplaced, Microsoft cannot recover the backup data.

    数据安全Data security

    备份 Azure VM 时,需要在虚拟机 内部 设置加密。Backing up Azure VMs requires setting up encryption within the virtual machine. Azure 备份支持 Azure 磁盘加密,后者在 Windows 虚拟机上使用 BitLocker,在 Linux 虚拟机上使用 dm-cryptAzure Backup supports Azure Disk Encryption, which uses BitLocker on Windows virtual machines and dm-crypt on Linux virtual machines. 在后端,Azure 备份使用 Azure 存储服务加密来保护静态数据。On the back end, Azure Backup uses Azure Storage Service encryption, which protects data at rest.

    网络Network

    FeatureFeature Azure 备份代理Azure Backup agent System Center DPMSystem Center DPM Azure 备份服务器Azure Backup Server Azure IaaS VM 备份Azure IaaS VM Backup
    网络压缩Network compression
    (到备份服务器(to backup server)
    是 是
    网络压缩Network compression
    (到恢复服务保管库(to Recovery Services vault)
    是 是 是
    网络协议Network protocol
    (到备份服务器(to backup server)
    TCPTCP TCPTCP
    网络协议Network protocol
    (到恢复服务保管库(to Recovery Services vault)
    HTTPSHTTPS HTTPSHTTPS HTTPSHTTPS HTTPSHTTPS

    表键

    IaaS VM 上的 VM 扩展会通过存储网络直接读取 Azure 存储帐户中的数据,因此无需优化此流量。The VM extension (on the IaaS VM) reads the data directly from the Azure storage account over the storage network, so it is not necessary to compress this traffic.

    如果使用 System Center DPM 服务器或 Azure 备份服务器作为辅助备份服务器,请压缩从主服务器传输到备份服务器的数据。If you use a System Center DPM server or Azure Backup Server as a secondary backup server, compress the data going from the primary server to the backup server. 在备份到 DPM 或 Azure 备份服务器之前压缩数据可以节省带宽。Compressing data before back up to DPM or Azure Backup Server, saves bandwidth.

    网络限制Network Throttling

    Azure 备份代理提供网络限制功能,可用于控制数据传输期间的网络带宽使用方式。The Azure Backup agent offers network throttling, which allows you to control how network bandwidth is used during data transfer. 如果需要在上班时间内备份数据,但不希望备份程序干扰其他 Internet 流量,限制会很有帮助。Throttling can be helpful if you need to back up data during work hours but do not want the backup process to interfere with other internet traffic. 数据传输的限制适用于备份和还原活动。Throttling for data transfer applies to back up and restore activities.

    备份和保留Backup and retention

    Azure 备份针对每个受保护实例实施 9999 个恢复点(也称为备份副本或快照)的限制。Azure Backup has a limit of 9999 recovery points, also known as backup copies or snapshots, per protected instance. 受保护的实例是计算机、服务器(物理或虚拟)或配置为向 Azure 备份数据的工作负荷。A protected instance is a computer, server (physical or virtual), or workload configured to back up data to Azure. 有关详细信息,请参阅什么是受保护实例部分。For more information, see the section, What is a protected instance. 保存数据的备份副本时,将保护实例。An instance is protected once a backup copy of data has been saved. 数据的备份副本是保护项。The backup copy of data is the protection. 如果源数据丢失或损坏,备份副本可还原源数据。If the source data was lost or became corrupt, the backup copy could restore the source data. 下表显示了每个组件的最大备份频率。The following table shows the maximum backup frequency for each component. 备份策略配置确定了恢复点的消耗速度。Your backup policy configuration determines how quickly you consume the recovery points. 例如,如果每天创建一个恢复点,可以保留恢复点 27 年,27 年后配额会耗尽。如果每月创建一个恢复点,可以保留恢复点 833 年。备份服务未针对恢复点实施过期时间限制。For example, if you create a recovery point each day, then you can retain recovery points for 27 years before you run out. If you take a monthly recovery point, you can retain recovery points for 833 years before you run out. The Backup service does not set an expiration time limit on a recovery point.

    Azure 备份代理Azure Backup agent System Center DPMSystem Center DPM Azure 备份服务器Azure Backup Server Azure IaaS VM 备份Azure IaaS VM Backup
    备份频率Backup frequency
    (到恢复服务保管库)(to Recovery Services vault)
    每天三次备份Three backups per day 每天两次备份Two backups per day 每天两次备份Two backups per day 每天一次备份One backup per day
    备份频率Backup frequency
    (到磁盘)(to disk)
    不适用Not applicable
  • SQL Server 每隔 15 分钟Every 15 minutes for SQL Server
  • 其他工作负荷每隔 1 小时Every hour for other workloads
  • SQL Server 每隔 15 分钟Every 15 minutes for SQL Server
  • 其他工作负荷每隔 1 小时Every hour for other workloads

  • 不适用Not applicable
    保留期选项Retention options 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly 每日、每周、每月、每年Daily, weekly, monthly, yearly
    每个受保护实例的恢复点数上限Maximum recovery points per protected instance 99999999 99999999 99999999 99999999
    最长数据保留期Maximum retention period 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency 取决于备份频率Depends on backup frequency
    本地磁盘上的恢复点Recovery points on local disk 不适用Not applicable
  • 对于文件服务器为 64,64 for File Servers,
  • 对于应用程序服务器为 448448 for Application Servers
  • 对于文件服务器为 64,64 for File Servers,
  • 对于应用程序服务器为 448448 for Application Servers
  • 不适用Not applicable
    磁带上的恢复点Recovery points on tape 不适用Not applicable 不受限制Unlimited 不适用Not applicable 不适用Not applicable

    什么是受保护实例What is a protected instance

    受保护的实例是对 Windows 计算机、服务器(物理或虚拟)或已配置为备份到 Azure 的 SQL 数据库的一般引用。A protected instance is a generic reference to a Windows computer, a server (physical or virtual), or SQL database that has been configured to back up to Azure. 为计算机、服务器或数据库配置备份策略并创建数据的备份副本后,实例会受到保护。An instance is protected once you configure a backup policy for the computer, server, or database, and create a backup copy of the data. 该受保护实例的备份数据的后续副本(称为恢复点)增加了所使用的存储量。Subsequent copies of the backup data for that protected instance (which are called recovery points), increase the amount of storage consumed. 最多可为受保护实例创建 9999 个恢复点。You can create up to 9999 recovery points for a protected instance. 如果从存储中删除恢复点,则不会计入 9999 个恢复点总数。If you delete a recovery point from storage, it does not count against the 9999 recovery point total. 受保护实例的一些常见示例为虚拟机、应用程序服务器、数据库和运行 Windows 操作系统的个人计算机。Some common examples of protected instances are virtual machines, application servers, databases, and personal computers running the Windows operating system. 例如:For example:

    • 运行 Hyper-V 或 Azure IaaS 虚拟机监控程序结构的虚拟机。A virtual machine running the Hyper-V or Azure IaaS hypervisor fabric. 虚拟机的来宾操作系统可以是 Windows Server 或 Linux。The guest operating systems for the virtual machine can be Windows Server or Linux.
    • 应用程序服务器:应用程序服务器可为运行 Windows Server 和工作负荷(具有需备份的数据)的物理计算机或虚拟机。An application server: The application server can be a physical or virtual machine running Windows Server and workloads with data that needs to be backed up. 常见的工作负荷有 Microsoft SQL Server、Microsoft Exchange 服务器、Microsoft SharePoint 服务器和 Windows Server 上的文件服务器角色。Common workloads are Microsoft SQL Server, Microsoft Exchange server, Microsoft SharePoint server, and the File Server role on Windows Server. 若要备份这些工作负荷,需要 System Center Data Protection Manager (DPM) 或 Azure 备份服务器。To back up these workloads you need System Center Data Protection Manager (DPM) or Azure Backup Server.
    • 运行 Windows 操作系统的个人计算机、工作站或笔记本电脑。A personal computer, workstation, or laptop running the Windows operating system.

    什么是恢复服务保管库?What is a Recovery Services vault?

    恢复服务保管库是 Azure 中的联机存储实体,用于保存备份副本、恢复点、备份策略之类的数据。A Recovery Services vault is an online storage entity in Azure used to hold data such as backup copies, recovery points, and backup policies. 可以使用恢复服务保管库,为 Azure 服务以及本地服务器和工作站保存备份数据。You can use Recovery Services vaults to hold backup data for Azure services and on-premises servers and workstations. 使用恢复服务保管库可以方便地组织备份数据,并将管理开销降至最低。Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead. 在每个 Azure 订阅中,每个 Azure 区域最多可以创建 500 个恢复服务保管库。Within each Azure subscription, you can create up to 500 Recovery Services vaults per Azure region. 在考虑存储数据的位置时,并非所有区域都是相同的。When considering where to store your data, not all regions are the same. 请参阅异地冗余存储,了解区域配对和其他存储注意事项。See Geo-redundant storage for information about region pairings and additional storage considerations.

    基于 Azure Service Manager 的备份保管库是第一个版本的保管库。Backup vaults, which were based on Azure Service Manager, were the first version of the vault. 恢复服务保管库增加了 Azure 资源管理器模型功能,是第二个版本的保管库。Recovery Services vaults, which add the Azure Resource Manager model features, are the second version of the vault. 请参阅恢复服务保管库概述一文,了解对功能差异的完整说明。See the Recovery Services vault overview article for a full description of the feature differences. 无法再创建备份保管库,所有现有的备份保管库都已升级到恢复服务保管库。You can no longer create Backup vaults, and all existing Backup vaults have been upgraded to Recovery Services vaults. 可以使用 Azure 门户管理已升级到恢复服务保管库的保管库。You can use the Azure portal to manage the vaults that were upgraded to Recovery Services vaults.

    Azure 备份与 Azure Site Recovery 有何不同?How does Azure Backup differ from Azure Site Recovery?

    Azure 备份和 Azure Site Recovery 均备份数据,均可还原数据。Azure Backup and Azure Site Recovery are related in that both services back up data and can restore that data. 但是,在为企业提供业务连续性和灾难恢复功能方面,这些服务的用途不一样。However, these services serve different purposes in providing business continuity and disaster recovery in your business. 使用 Azure 备份在更高粒度级别保护和还原数据。Use Azure Backup to protect and restore data at a more granular level. 例如,如果便携式计算机上的演示文稿损坏,则可使用 Azure 备份来还原该演示文稿。For example, if a presentation on a laptop became corrupted, you would use Azure Backup to restore the presentation. 若要跨数据中心复制 VM 上的配置和数据,则可使用 Azure Site Recovery。If you wanted to replicate the configuration and data on a VM across another datacenter, use Azure Site Recovery.

    Azure 备份保护本地和云端的数据。Azure Backup protects data on-premises and in the cloud. Azure Site Recovery 就虚拟机和物理服务器的复制、故障转移和故障回复进行协调。Azure Site Recovery coordinates virtual-machine and physical-server replication, failover, and failback. Azure Site Recovery 就虚拟机和物理服务器的复制、故障转移和故障恢复进行协调。这两个服务都很重要,因为灾难恢复解决方案需要让数据保持安全且可恢复(备份),同时在服务中断时使工作负荷保持可用 (Site Recovery)。Both services are important because your disaster recovery solution needs to keep your data safe and recoverable (Backup) and keep your workloads available (Site Recovery) when outages occur.

    以下概念可帮助你做出有关备份和灾难恢复的重要决策。The following concepts can help you make important decisions around backup and disaster recovery.

    概念Concept 详细信息Details 备份Backup 灾难恢复 (DR)Disaster recovery (DR)
    恢复点目标 (RPO)Recovery point objective (RPO) 在需要执行恢复的情况下可接受的数据丢失量。The amount of acceptable data loss if a recovery needs to be done. 备份解决方案的可接受 RPO 存在很大差异。Backup solutions have wide variability in their acceptable RPO. 虚拟机备份的 RPO 通常为一天,而数据库备份的 RPO 只有 15 分钟。Virtual machine backups usually have an RPO of one day, while database backups have RPOs as low as 15 minutes. 灾难恢复解决方案的 RPO 较低。Disaster recovery solutions have low RPOs. DR 复制可以落后几秒钟或几分钟时间。The DR copy can be behind by a few seconds or a few minutes.
    恢复时间目标 (RTO)Recovery time objective (RTO) 完成恢复或还原所需的时间量。The amount of time that it takes to complete a recovery or restore. 由于 RPO 较大,备份解决方案需要处理的数据量通常更多,这会导致 RTO 较长。Because of the larger RPO, the amount of data that a backup solution needs to process is typically much higher, which leads to longer RTOs. 例如,根据从异地转送磁带所需的时间,从磁带还原数据可能需要数天的时间。For example, it can take days to restore data from tapes, depending on the time it takes to transport the tape from an off-site location. 由于灾难恢复解决方案与源之间的同步程度更高,因此其 RTO 更小,Disaster recovery solutions have smaller RTOs because they are more in sync with the source. 需要处理的更改也更少。Fewer changes need to be processed.
    保留Retention 数据需要存储多久How long data needs to be stored 对于需要进行操作恢复的情况(数据损坏、文件意外删除、OS 故障),备份数据通常会保留 30 天或更短时间。For scenarios that require operational recovery (data corruption, inadvertent file deletion, OS failure), backup data is typically retained for 30 days or less.
    从合规性角度来看,数据可能需要存储数月甚至数年。From a compliance standpoint, data might need to be stored for months or even years. 在这种情况下,备份数据非常适合存档。Backup data is ideally suited for archiving in such cases.
    灾难恢复只需操作性恢复数据,通常只需几个小时或最多一天的数据。Disaster recovery needs only operational recovery data, which typically takes a few hours or up to a day. 由于 DR 解决方案中使用了精细数据捕获,因此不建议长期保留 DR 数据。Because of the fine-grained data capture used in DR solutions, using DR data for long-term retention is not recommended.

    后续步骤Next steps

    请参阅下述某个教程,详细了解在 Windows Server 上保护数据或在 Azure 中保护虚拟机 (VM) 的分步说明。Use one of the following tutorials for detailed, step-by-step, instructions for protecting data on Windows Server, or protecting a virtual machine (VM) in Azure:

    若要详细了解如何保护其他工作负荷,请尝试以下某篇文章:For details about protecting other workloads, try one of these articles: