您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

在从本地故障转移后连接到 Azure VmConnect to Azure VMs after failover from on-premises

本文介绍如何设置连接,以便在故障转移后能够成功连接到 Azure Vm。This article describes how to set up connectivity so that you can successfully connect to Azure VMs after failover.

将本地虚拟机(Vm)和物理服务器的灾难恢复设置为 Azure 时, Azure Site Recovery会开始将计算机复制到 azure。When you set up disaster recovery of on-premises virtual machines (VMs) and physical servers to Azure, Azure Site Recovery starts replicating machines to Azure. 然后,当发生中断时,可以从本地站点故障转移到 Azure。Then, when outages occur, you can fail over to Azure from your on-premises site. 发生故障转移时,Site Recovery 使用复制的本地数据创建 Azure Vm。When failover occurs, Site Recovery creates Azure VMs, using replicated on-premises data. 作为灾难恢复计划的一部分,你需要了解如何在故障转移后连接到在这些 Azure Vm 上运行的应用。As part of disaster recovery planning, you need to figure out how to connect to apps running on these Azure VMs after failover.

本文介绍如何执行以下操作:In this article you learn how to:

  • 在故障转移之前准备本地计算机。Prepare on-premises machines before failover.
  • 故障转移后准备 Azure Vm。Prepare Azure VMs after failover.
  • 故障转移后保留 Azure Vm 上的 IP 地址。Retain IP addresses on Azure VMs after failover.
  • 在故障转移后将新的 IP 地址分配给 Azure Vm。Assign new IP addresses to Azure VMs after failover.

准备本地计算机Prepare on-premises machines

若要确保连接到 Azure Vm,请在故障转移之前准备本地计算机。To ensure connectivity to Azure VMs, prepare your on-premises machines before failover.

准备 Windows 计算机Prepare Windows machines

在本地 Windows 计算机上执行以下操作:On on-premises Windows machines, do the following:

  1. 配置 Windows 设置。Configure Windows settings. 这包括删除任何静态持久路由或 WinHTTP 代理,并将磁盘 SAN 策略设置为OnlineAllThese include removing any static persistent routes or WinHTTP proxy, and setting the disk SAN policy to OnlineAll. 按照这些说明进行操作。Follow these instructions.

  2. 确保这些服务正在运行。Make sure these services are running.

  3. 启用远程桌面 (RDP),以便能够远程连接到本地计算机。Enable remote desktop (RDP) to allow remote connections to the on-premises machine. 了解如何使用 PowerShell 启用 RDP。Learn how to enable RDP with PowerShell.

  4. 若要在故障转移后通过 internet 访问 Azure VM,请在本地计算机上的 Windows 防火墙中,在公用配置文件中允许 TCP 和 UDP,并将 RDP 设置为适用于所有配置文件的允许的应用。To access an Azure VM over the internet after failover, in Windows Firewall on the on-premises machine, allow TCP and UDP in the Public profile, and set RDP as an allowed app for all profiles.

  5. 如果要在故障转移后通过站点到站点 VPN 访问 Azure VM,请在本地计算机上的 Windows 防火墙中,为域和专用配置文件允许 RDP。If you want to access an Azure VM over a site-to-site VPN after failover, in Windows Firewall on the on-premises machine, allow RDP for the Domain and Private profiles. 了解如何允许 RDP 流量。Learn how to allow RDP traffic.

  6. 在触发故障转移时,请确保在本地 VM 上没有任何 Windows 更新处于挂起状态。Make sure that there are no Windows updates pending on the on-premises VM when you trigger a failover. 如果有,则在故障转移后,更新可能会在 Azure VM 上开始安装,并且在更新完成之前,你将无法登录到 VM。If there are, updates might start installing on the Azure VM after failover, and you won't be able to sign into the VM until updates finish.

准备 Linux 计算机Prepare Linux machines

在本地 Linux 计算机上执行以下操作:On on-premises Linux machines, do the following:

  1. 检查安全外壳服务是否设置为在系统引导时自动启动。Check that the Secure Shell service is set to start automatically on system boot.
  2. 确保防火墙规则允许 SSH 连接。Check that firewall rules allow an SSH connection.

故障转移后配置 Azure VmConfigure Azure VMs after failover

故障转移后,请在创建的 Azure Vm 上执行以下操作。After failover, do the following on the Azure VMs that are created.

  1. 若要通过 Internet 连接到 VM,请将公共 IP 地址分配到该 VM。To connect to the VM over the internet, assign a public IP address to the VM. 不能将本地计算机所用的同一个公共 IP 地址用于 Azure VM。You can't use the same public IP address for the Azure VM that you used for your on-premises machine. 了解详细信息Learn more
  2. 检查 VM 上的网络安全组 (NSG) 规则是否允许与 RDP 或 SSH 端口建立传入连接。Check that network security group (NSG) rules on the VM allow incoming connections to the RDP or SSH port.
  3. 启动诊断中查看 VM。Check Boot diagnostics to view the VM.

备注

Azure Bastion 服务提供对 Azure VM 的 RDP 和 SSH 私密访问。The Azure Bastion service offers private RDP and SSH access to Azure VMs. 详细了解此服务。Learn more about this service.

设置公共 IP 地址Set a public IP address

作为将公共 IP 地址手动分配给 Azure VM 的替代方法,可以在故障转移过程中使用脚本或 Azure 自动化 runbook 在 Site Recovery恢复计划中分配该地址,也可以使用 Azure 流量管理器设置 DNS 级别的路由。As an alternative to assigning a public IP address manually to an Azure VM, you can assign the address during failover using a script or Azure automation runbook in a Site Recovery recovery plan, or you can set up DNS-level routing using Azure Traffic Manager. 了解有关设置公用地址的详细信息。Learn more about setting up a public address.

分配内部地址Assign an internal address

若要在故障转移后设置 Azure VM 的内部 IP 地址,可以使用以下几个选项:To set the internal IP address of an Azure VM after failover, you have a couple of options:

  • 保留相同的 ip 地址:你可以在 Azure VM 上使用与分配给本地计算机的 ip 地址相同的 ip 地址。Retain same IP address: You can use the same IP address on the Azure VM as the one allocated to the on-premises machine.
  • 使用不同的 ip 地址:可以为 Azure VM 使用不同的 ip 地址。Use different IP address: You can use a different IP address for the Azure VM.

保留 IP 地址Retain IP addresses

Site Recovery 使你可以在故障转移到 Azure 时保留相同的 IP 地址。Site Recovery lets you retain the same IP addresses when failing over to Azure. 保留相同的 IP 地址可避免在故障转移后出现潜在的网络问题,但这会带来一些复杂性。Retaining the same IP address avoids potential network issues after failover, but does introduce some complexity.

  • 如果目标 Azure VM 使用与本地站点相同的 IP 地址/子网,则无法使用站点到站点 VPN 连接或 ExpressRoute 在它们之间进行连接,因为地址重叠。If the target Azure VM uses the same IP address/subnet as your on-premises site, you can't connect between them using a site-to-site VPN connection or ExpressRoute, because of the address overlap. 子网必须是唯一的。Subnets must be unique.
  • 故障转移后,需要从本地连接到 Azure,以便可以在 Azure Vm 上使用应用。You need a connection from on-premises to Azure after failover, so that apps are available on Azure VMs. Azure 不支持延伸 Vlan,因此,如果想要保留 IP 地址,则除了本地计算机之外,还需要对整个子网进行故障转移,从而将 IP 空间通过故障转移到 Azure。Azure doesn't support stretched VLANs, so if you want to retain IP addresses you need to take the IP space over to Azure by failing over the entire subnet, in addition to the on-premises machine.
  • 子网故障转移可确保在本地和 Azure 中不能同时使用特定子网。Subnet failover ensures that a specific subnet isn't available simultaneously on-premises and in Azure.

保留 IP 地址需要执行以下步骤:Retaining IP addresses requires the following steps:

  • 在 "计算" & 复制项的网络属性中,为目标 Azure VM 设置网络和 IP 寻址以镜像本地设置。In the Compute & Network properties of the replicated item, set network and IP addressing for the target Azure VM to mirror the on-premises setting.
  • 在灾难恢复过程中,必须管理子网。Subnets must be managed as part of the disaster recovery process. 需要 Azure VNet 才能匹配本地网络,并且在故障转移后,必须修改故障转移网络路由,以反映子网已移动到 Azure 和新的 IP 地址位置。You need an Azure VNet to match the on-premises network, and after failover network routes must be modified to reflect that the subnet has moved to Azure, and new IP address locations.

故障转移示例Failover example

接下来举例说明。Let's look at an example.

  • 虚构的公司 Woodgrove Bank 在本地托管其业务应用程序,在 Azure 中托管其移动应用。The fictitious company Woodgrove Bank hosts their business apps on-premises They host their mobile apps in Azure.
  • 它们通过站点到站点 VPN 从本地连接到 Azure。They connect from on-premises to Azure over site-to-site VPN.
  • Woodgrove 正在使用 Site Recovery 将本地计算机复制到 Azure。Woodgrove is using Site Recovery to replicate on-premises machines to Azure.
  • 其本地应用使用硬编码的 IP 地址,因此他们想要在 Azure 中保留相同的 IP 地址。Their on-premises apps use hard-coded IP addresses, so they want to retain the same IP addresses in Azure.
  • 本地运行应用的计算机运行在三个子网中:On-premises the machines running the apps are running in three subnets:
    • 192.168.1.0/24。192.168.1.0/24.
    • 192.168.2.0/24192.168.2.0/24
    • 192.168.3.0/24192.168.3.0/24
  • 它们在 Azure 中运行的应用位于两个子网中的 Azure VNet Azure 网络中:Their apps running in Azure are located in the Azure VNet Azure Network in two subnets:
  • 172.16.1.0/24172.16.1.0/24
  • 172.16.2.0/24。172.16.2.0/24.

若要保留地址,请执行以下操作。In order to retain the addresses, here's what they do.

  1. 当它们启用复制时,它们指定计算机应复制到Azure 网络When they enable replication, they specify that machines should replicate to the Azure Network.

  2. 它们在 Azure 中创建恢复网络They create Recovery Network in Azure. 此 VNet 反映其本地网络中的 192.168.1.0/24 子网。This VNet mirrors the 192.168.1.0/24 subnet in their on-premises network.

  3. Woodgrove 设置两个网络之间的vnet 到 vnet 连接Woodgrove sets up a VNet-to-VNet connection between the two networks.

    备注

    根据应用程序的要求,可以在故障转移之前设置 VNet 到 VNet 连接,作为 Site Recovery恢复计划中的手动步骤/脚本步骤/Azure 自动化 runbook,或在故障转移完成后。Depending on application requirements, a VNet-to-VNet connection could be set up before failover, as a manual step/scripted step/Azure automation runbook in a Site Recovery recovery plan, or after failover is complete.

  4. 在故障转移之前,在 Site Recovery 中的计算机属性上,它们将目标 IP 地址设置为本地计算机的地址,如以下过程中所述。Before failover, on the machine properties in Site Recovery, they set the target IP address to the address of the on-premises machine, as described in the next procedure.

  5. 故障转移后,将创建具有相同 IP 地址的 Azure Vm。After failover, the Azure VMs are created with the same IP address. Woodgrove 使用 VNet 对等互连(启用了传输连接)从Azure 网络连接到恢复网络VNet。Woodgrove connects from Azure Network to Recovery Network VNet using VNet peering (with transit connectivity enabled).

  6. 在本地,Woodgrove 需要进行网络更改,包括修改路由,以反映 192.168.1.0/24 已移到 Azure。On-premises, Woodgrove needs to make network changes, including modifying routes to reflect that 192.168.1.0/24 has moved to Azure.

故障转移前的基础结构Infrastructure before failover

运行子网故障转移前

故障转移后的基础结构Infrastructure after failover

运行子网故障转移后

设置目标网络设置Set target network settings

在故障转移之前,请为目标 Azure VM 指定网络设置和 IP 地址。Before failover, specify the network settings and IP address for the target Azure VM.

  1. 在 "恢复服务保管库->复制的项" 中,选择 "本地计算机"。In the Recovery Services vault -> Replicated items, select the on-premises machine.
  2. 在计算机的 "计算和网络" 页中,单击 "编辑" 以配置目标 Azure VM 的网络和适配器设置。In the Compute and Network page for the machine, click Edit, to configure network and adapter settings for the target Azure VM.
  3. 在 "网络属性" 中,选择 Azure VM 在故障转移后创建时所在的目标网络。In Network properties, select the target network in which the Azure VM will be located when it's created after failover.
  4. 在 "网络接口" 中,配置目标网络中的网络适配器。In Network interfaces, configure the network adapters in the target network. 默认情况下 Site Recovery 显示本地计算机上检测到的所有 Nic。By default Site Recovery shows all detected NICs on the on-premises machine.
    • 目标网络接口类型中,你可以将每个 nic 设置为nic、辅助nic,如果不需要目标网络中的特定 nic,则不创建In Target network interface type you can set each NIC as Primary, Secondary, or Do not create if you don't need that specific NIC in the target network. 必须将一个网络适配器设置为故障转移的主网络。One network adapter must be set as primary for failover. 请注意,修改目标网络会影响 Azure VM 的所有 Nic。Note that modifying the target network affects all NICs for the Azure VM.
    • 单击 NIC 名称以指定将在其中部署 Azure VM 的子网。Click the NIC name to specify the subnet in which the Azure VM will be deployed.
    • 用要分配给目标 Azure VM 的专用 IP 地址覆盖动态Overwrite Dynamic with the private IP address you want to assign to target Azure VM. 如果未指定 IP 地址 Site Recovery 会在故障转移时将子网中的下一个可用 IP 地址分配给 NIC。If an IP address isn't specified Site Recovery will assign the next available IP address in the subnet to the NIC at failover.
    • 详细了解如何管理用于本地故障转移到 Azure 的 nic。Learn more about managing NICs for on-premises failover to Azure.

获取新的 IP 地址Get new IP addresses

在此方案中,Azure VM 在故障转移后获取新的 IP 地址。In this scenario, the Azure VM gets a new IP address after failover. DNS 更新,用于更新已故障转移的计算机的记录,使其指向 Azure VM 的 IP 地址。A DNS update to update records for failed over machines to point to the IP address of the Azure VM.

后续步骤Next steps

了解如何将本地 ACTIVE DIRECTORY 和 DNS 复制到 Azure。Learn about replicating on-premises Active Directory and DNS to Azure.