您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

运行测试故障转移(灾难恢复演练)到 AzureRun a test failover (disaster recovery drill) to Azure

本文介绍如何使用 Site Recovery 测试故障转移运行到 Azure 的灾难恢复演练。This article describes how to run a disaster recovery drill to Azure, using a Site Recovery test failover.

运行测试故障转移可以验证复制和灾难恢复策略,且不会丢失任何数据或造成停机。You run a test failover to validate your replication and disaster recovery strategy, without any data loss or downtime. 测试故障转移不会对正在进行的复制或生产环境造成任何影响。A test failover doesn't impact ongoing replication, or your production environment. 可在特定的虚拟机 (VM) 或者包含多个 VM 的恢复计划中运行测试故障转移。You can run a test failover on a specific virtual machine (VM), or on a recovery plan containing multiple VMs.

运行测试故障转移Run a test failover

本过程描述如何对恢复计划运行测试故障转移。This procedure describes how to run a test failover for a recovery plan. 如果要为单个 VM 运行测试故障转移,请按照此处所述的步骤进行操作If you want to run a test failover for a single VM, follow the steps described here

测试故障转移

  1. 在 Azure 门户上的“Site Recovery”中,单击“恢复计划” recoveryplan_name > ” “测试故障转移”。 > In Site Recovery in the Azure portal, click Recovery Plans > recoveryplan_name > Test Failover.

  2. 选择要故障转移到的“恢复点”。Select a Recovery Point to which to fail over. 可以使用以下选项之一:You can use one of the following options:

    • 最新处理:此选项将计划中的所有 VM 故障转移到由 Site Recovery 处理的最新恢复点。Latest processed: This option fails over all VMs in the plan to the latest recovery point processed by Site Recovery. 若要查看特定 VM 的最新恢复点,请检查 VM 设置中的“最新恢复点”。To see the latest recovery point for a specific VM, check Latest Recovery Points in the VM settings. 此选项提供低 RTO(恢复时间目标),因为无需费时处理未经处理的数据。This option provides a low RTO (Recovery Time Objective), because no time is spent processing unprocessed data.
    • 最新的应用一致:此选项将计划中的所有 VM 故障转移到由 Site Recovery 处理的最新应用程序一致恢复点。Latest app-consistent: This option fails over all the VMs in the plan to the latest application-consistent recovery point processed by Site Recovery. 若要查看特定 VM 的最新恢复点,请检查 VM 设置中的“最新恢复点”。To see the latest recovery point for a specific VM, check Latest Recovery Points in the VM settings.
    • 最新:此选项首先处理已发送到 Site Recovery 服务的所有数据,为每个 VM 创建恢复点,然后将其故障转移到该恢复点。Latest: This option first processes all the data that has been sent to Site Recovery service, to create a recovery point for each VM before failing over to it. 此选项提供最低的 RPO(恢复点目标),因为故障转移后创建的 VM 具有触发故障转移时复制到 Site Recovery 的所有数据。This option provides the lowest RPO (Recovery Point Objective), because the VM created after failover will have all the data replicated to Site Recovery when the failover was triggered.
    • 最新多 VM 已处理:此选项适用于包含一个或多个已启用多 VM 一致性的 VM 的恢复计划。Latest multi-VM processed: This option is available for recovery plans with one or more VMs that have multi-VM consistency enabled. 已启用该设置的 VM 会故障转移到最新的常用多 VM 一致恢复点。VMs with the setting enabled fail over to the latest common multi-VM consistent recovery point. 其他 VM 故障转移到最新的已处理恢复点。Other VMs fail over to the latest processed recovery point.
    • 最新多 VM 应用一致性:此选项适用于包含一个或多个已启用多 VM 一致性的 VM 的恢复计划。Latest multi-VM app-consistent: This option is available for recovery plans with one or more VMs that have multi-VM consistency enabled. 属于复制组的 VM 会故障转移到最新的常用多 VM 应用程序一致恢复点。VMs that are part of a replication group fail over to the latest common multi-VM application-consistent recovery point. 其他 VM 故障转移到其最新的应用程序一致恢复点。Other VMs fail over to their latest application-consistent recovery point.
    • 自定义:使用此选项可将特定的 VM 故障转移到特定的恢复点。Custom: Use this option to fail over a specific VM to a particular recovery point.
  3. 选择要在其中创建测试 VM 的 Azure 虚拟网络。Select an Azure virtual network in which test VMs will be created.

    • Site Recovery 尝试在子网中创建测试 VM,该子网的名称与 IP 地址与 VM 的“计算和网络”设置中提供的值相同。Site Recovery attempts to create test VMs in a subnet with the same name and same IP address as that provided in the Compute and Network settings of the VM.
    • 如果用于测试故障转移的 Azure 虚拟网络中没有同名的子网,则会按字母顺序在第一个子网中创建测试 VM。If a subnet with the same name isn't available in the Azure virtual network used for test failover, then the test VM is created in the first subnet alphabetically.
    • 如果该子网中没有相同的 IP 地址,则 VM 会接收该子网中的另一个可用 IP 地址。If same IP address isn't available in the subnet, then the VM receives another available IP address in the subnet. 了解详细信息Learn more.
  4. 如果要故障转移到 Azure 并且启用了数据加密,请在“加密密钥”中,选择在安装提供程序期间启用加密时颁发的证书。If you're failing over to Azure and data encryption is enabled, in Encryption Key, select the certificate that was issued when you enabled encryption during Provider installation. 如果未启用加密,则可以忽略此步骤。You can ignore this step if encryption isn't enabled.

  5. 在 "作业" 选项卡上跟踪故障转移进度。你应该能够在 Azure 门户中看到测试副本计算机。Track failover progress on the Jobs tab. You should be able to see the test replica machine in the Azure portal.

  6. 若要通过 RDP 与 Azure VM 发起连接,需在故障转移的 VM 的网络接口上添加公共 IP 地址To initiate an RDP connection to the Azure VM, you need to add a public IP address on the network interface of the failed over VM.

  7. 如果一切符合预期,请单击“清理测试故障转移”。When everything is working as expected, click Cleanup test failover. 这会删除在执行测试故障转移期间创建的 VM。This deletes the VMs that were created during test failover.

  8. 在“说明”中,记录并保存与测试性故障转移相关联的任何观测结果。In Notes, record and save any observations associated with the test failover.

测试故障转移

触发测试故障转移时,会发生以下情况:When a test failover is triggered, the following occurs:

  1. 先决条件:运行先决条件检查,确保符合故障转移所需的所有条件。Prerequisites: A prerequisites check runs to make sure that all conditions required for failover are met.
  2. 故障转移:故障转移会处理并准备好数据,以便能够基于这些数据创建 Azure VM。Failover: The failover processes and prepared the data, so that an Azure VM can be created from it.
  3. 最新:如果选择了最新的恢复点,则会基于发送到服务的数据创建恢复点。Latest: If you have chosen the latest recovery point, a recovery point is created from the data that's been sent to the service.
  4. 开始:此步骤使用上一步骤中处理的数据创建 Azure 虚拟机。Start: This step creates an Azure virtual machine using the data processed in the previous step.

故障转移时间Failover timing

在以下情况下,故障转移需要执行额外的中间步骤,这通常需要花费大约 8 到 10 分钟才能完成:In the following scenarios, failover requires an extra intermediate step that usually takes around 8 to 10 minutes to complete:

  • VMware VM 运行的移动服务版本低于 9.8VMware VMs running a version of the Mobility service older than 9.8
  • 物理服务器Physical servers
  • VMware Linux VMVMware Linux VMs
  • 作为物理服务器受到保护的 Hyper-V VMHyper-V VM protected as physical servers
  • 其中的下列驱动程序不是启动驱动程序的 VMware VM:VMware VM where the following drivers aren't boot drivers:
    • storvscstorvsc
    • vmbusvmbus
    • storfltstorflt
    • intelideintelide
    • atapiatapi
  • 未启用 DHCP 的 VMware VM,无论它们使用的是 DHCP 还是静态 IP 地址。VMware VM that don't have DHCP enabled , irrespective of whether they are using DHCP or static IP addresses.

在其他所有情况下,不需要执行中间步骤,因此故障转移花费的时间大大减少。In all the other cases, no intermediate step is not required, and failover takes significantly less time.

创建用于测试故障转移的网络Create a network for test failover

对于测试故障转移,我们建议选择与每个 VM 的“计算和网络”设置中指定的生产恢复站点网络相互独立的网络。We recommended that for test failover, you choose a network that's isolated from the production recovery site network specific in the Compute and Network settings for each VM. 默认情况下,创建 Azure 虚拟网络时,该网络独立于其他网络。By default, when you create an Azure virtual network, it is isolated from other networks. 测试网络应模拟生产网络:The test network should mimic your production network:

  • 测试网络中的子网数目应与生产网络中的子网数目相同。The test network should have same number of subnets as your production network. 这些子网的名称应该相同。Subnets should have the same names.
  • 测试网络应使用相同的 IP 地址范围。The test network should use the same IP address range.
  • 使用“计算和网络”设置中为 DNS VM 指定的 IP 地址更新测试网络的 DNS。Update the DNS of the test network with the IP address specified for the DNS VM in Compute and Network settings. 有关更多详细信息,请参阅 Active Directory 的测试性故障转移注意事项Read test failover considerations for Active Directory for more details.

在恢复站点中执行到生产网络的测试故障转移Test failover to a production network in the recovery site

尽管我们建议选择与生产网络不同的测试网络,但是,如果确实想要测试到生产网络的灾难恢复演练,请注意以下几点:Although we recommended that you use a test network separate from your production network, if you do want to test a disaster recovery drill into your production network, note the following:

  • 确保在运行测试故障转移时主 VM 已关闭。Make sure that the primary VM is shut down when you run the test failover. 否则,同一网络中会同时运行两个具有相同标识的 VM。Otherwise there will be two VMs with the same identity, running in the same network at the same time. 这可能会导致意外的后果。This can lead to unexpected consequences.
  • 清理故障转移时,为测试故障转移创建的 VM 发生的任何更改都会丢失。Any changes to VMs created for test failover are lost when you clean up the failover. 这些更改不会复制回到主 VM。These changes are not replicated back to the primary VM.
  • 在生产环境中执行测试会导致生产应用程序关闭。Testing in your production environment leads to a downtime of your production application. 测试故障转移正在进行时,用户不应使用 VM 上运行的应用。Users shouldn't use apps running on VMs when the test failover is in progress.

准备 Active Directory 和 DNSPrepare Active Directory and DNS

若要运行测试故障转移以进行应用程序测试,需在测试环境中创建 Active Directory 生产环境的副本。To run a test failover for application testing, you need a copy of your production Active Directory environment in your test environment. 有关详细信息,请参阅 Active Directory 的测试性故障转移注意事项Read test failover considerations for Active Directory to learn more.

准备在故障转移后连接到 Azure VMPrepare to connect to Azure VMs after failover

如果想要在故障转移后使用 RDP/SSH 连接到 Azure VM,请遵照表格中汇总的要求。If you want to connect to Azure VMs using RDP/SSH after failover, follow the requirements summarized in the table.

故障转移Failover 位置Location 操作Actions
运行 Windows 的 Azure VMAzure VM running Windows 故障转移之前的本地计算机On-premises machine before failover 若要通过 Internet 访问 Azure VM,请启用 RDP,并确保已针对“公共”添加 TCP 和 UDP 规则,并在“Windows 防火墙” > “允许的应用”中针对所有配置文件允许 RDP。To access the Azure VM over the internet, enable RDP, and make sure that TCP and UDP rules are added for Public, and that RDP is allowed for all profiles in Windows Firewall > Allowed Apps.

若要通过站点到站点连接访问 Azure VM,请在计算机上启用 RDP,并确保在“Windows 防火墙” -> “允许的应用和功能”中针对“域和专用”网络允许 RDP。To access the Azure VM over a site-to-site connection, enable RDP on the machine, and ensure that RDP is allowed in the Windows Firewall -> Allowed apps and features, for Domain and Private networks.

确保操作系统 SAN 策略已设置为 OnlineAllMake sure the operating system SAN policy is set to OnlineAll. 了解详细信息Learn more.

在触发故障转移时,请确保 VM 上没有处于挂起状态的 Windows 更新。Make sure there are no Windows updates pending on the VM when you trigger a failover. Windows 更新可能会在故障转移时启动,在更新完成之前,无法登录到 VM。Windows update might start when you fail over, and you won't be able to log onto the VM until the update completes.
运行 Windows 的 Azure VMAzure VM running Windows 故障转移后的 Azure VMAzure VM after failover 为 VM 添加公共 IP 地址Add a public IP address for the VM.

已故障转移的 VM(及其连接到的 Azure 子网)上的网络安全组规则需要允许与 RDP 端口建立传入连接。The network security group rules on the failed over VM (and the Azure subnet to which it is connected) need to allow incoming connections to the RDP port.

选中“启动诊断”可查看 VM 的屏幕截图。Check Boot diagnostics to verify a screenshot of the VM.

如果无法连接,请检查 VM 是否正在运行,并查看这些故障排除提示If you can't connect, check that the VM is running, and review these troubleshooting tips.
运行 Linux 的 Azure VMAzure VM running Linux 故障转移之前的本地计算机On-premises machine before failover 确保 VM 上的安全外壳服务已设置为在系统引导时自动启动。Ensure that the Secure Shell service on the VM is set to start automatically on system boot.

确保防火墙规则允许 SSH 连接。Check that firewall rules allow an SSH connection to it.
运行 Linux 的 Azure VMAzure VM running Linux 故障转移后的 Azure VMAzure VM after failover 已故障转移的 VM(及其连接到的 Azure 子网)上的网络安全组规则需要允许与 SSH 端口建立传入连接。The network security group rules on the failed over VM (and the Azure subnet to which it is connected) need to allow incoming connections to the SSH port.

为 VM 添加公共 IP 地址Add a public IP address for the VM.

选中“启动诊断”可查看 VM 的屏幕截图。Check Boot diagnostics for a screenshot of the VM.

按照此处所述步骤对故障转移后的任何连接问题进行故障排除。Follow the steps described here to troubleshoot any connectivity issues post failover.

后续步骤Next steps

完成灾难恢复演练后,详细了解其他类型的故障转移After you've completed a disaster recovery drill, learn more about other types of failover.