您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

准备本地 VMware 服务器用于灾难恢复到 AzurePrepare on-premises VMware servers for disaster recovery to Azure

本文介绍如何准备本地 VMware 服务器使用 Azure Site Recovery 服务灾难恢复到 Azure。This article describes how to prepare on-premises VMware servers for disaster recovery to Azure using the Azure Site Recovery services.

这是本系列的第二个教程,演示如何为本地 VMware VM 设置到 Azure 的灾难恢复。This is the second tutorial in a series that shows you how to set up disaster recovery to Azure for on-premises VMware VMs. 在第一个教程中,我们设置了 VMware 灾难恢复所需的 Azure 组件In the first tutorial, we set up the Azure components needed for VMware disaster recovery.

在本文中,学习如何:In this article, you learn how to:

  • 在 vCenter 服务器或 vSphere ESXi 主机上准备一个帐户,用于自动发现 VM。Prepare an account on the vCenter server or vSphere ESXi host, to automate VM discovery.
  • 准备一个帐户用于在 VMware VM 上自动安装移动服务。Prepare an account for automatic installation of the Mobility service on VMware VMs.
  • 查看 VMware 服务器和 VM 要求与支持。Review VMware server and VM requirements and support.
  • 准备在故障转移后连接到 Azure VM。Prepare to connect to Azure VMs after failover.

备注

教程介绍了某个方案的最简单部署路径。Tutorials show you the simplest deployment path for a scenario. 它们尽可能使用默认选项,并且不显示所有可能的设置和路径。They use default options where possible, and don't show all possible settings and paths. 有关详细说明,请查看 Site Recovery 目录的“操作指南”部分所列的文章。For detailed instructions, review the article in the How To section of the Site Recovery Table of Contents.

开始之前Before you start

请确保按照本系列中的第一个教程中的说明准备好 Azure。Make sure you've prepared Azure as described in the first tutorial in this series.

为自动发现准备帐户Prepare an account for automatic discovery

Site Recovery 需要访问 VMware 服务器,才能够:Site Recovery needs access to VMware servers to:

  • 自动发现 VM。Automatically discover VMs. 至少需要一个只读帐户。At least a read-only account is required.
  • 安排复制、故障转移和故障回复。Orchestrate replication, failover, and failback. 你需要一个可以运行诸如创建和删除磁盘、打开 VM 等操作的帐户。You need an account that can run operations such as creating and removing disks, and powering on VMs.

按如下所述创建此帐户:Create the account as follows:

  1. 若要使用专用帐户,请 vCenter 级别创建一个角色。To use a dedicated account, create a role at the vCenter level. 为该角色指定一个名称,例如 Azure_Site_Recovery 。Give the role a name such as Azure_Site_Recovery.
  2. 为该角色分配下表中汇总的权限。Assign the role the permissions summarized in the table below.
  3. 在 vCenter 服务器或 vSphere 主机上创建一个用户。Create a user on the vCenter server or vSphere host. 向该用户分配角色。Assign the role to the user.

VMware 帐户权限VMware account permissions

任务Task 角色/权限Role/Permissions 详细信息Details
VM 发现VM discovery 至少一个只读用户At least a read-only user

数据中心对象 –> 传播到子对象、角色=只读Data Center object –> Propagate to Child Object, role=Read-only
在数据中心级别分配的对数据中心内所有对象具有访问权限的用户。User assigned at datacenter level, and has access to all the objects in the datacenter.

要限制访问权限,请在选中“传播到子对象”的情况下将“无访问权”角色分配给子对象(vSphere 主机、数据存储、VM 和网络) 。To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs and networks).
完全复制、故障转移、故障回复Full replication, failover, failback 创建一个拥有所需权限的角色 (Azure_Site_Recovery),然后将该角色分配到 VMware 用户或组Create a role (Azure_Site_Recovery) with the required permissions, and then assign the role to a VMware user or group

数据中心对象 – 传播到子对象、角色=Azure_Site_RecoveryData Center object –> Propagate to Child Object, role=Azure_Site_Recovery

数据存储->分配空间、浏览数据存储、低级别文件操作、删除文件、更新虚拟机文件Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files

网络 -> 网络分配Network -> Network assign

资源 -> 将 VM 分配到资源池、迁移关闭的 VM、迁移打开的 VMResource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM

任务 -> 创建任务、更新任务Tasks -> Create task, update task

虚拟机 -> 配置Virtual machine -> Configuration

虚拟机 -> 交互 -> 回答问题、设备连接、配置 CD 媒体、配置软盘媒体、关闭电源、打开电源、安装 VMware 工具Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install

虚拟机 -> 清单 -> 创建、注册、取消注册Virtual machine -> Inventory -> Create, register, unregister

虚拟机 -> 预配 -> 允许虚拟机下载、允许虚拟机文件上传Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload

虚拟机 -> 快照 -> 删除快照Virtual machine -> Snapshots -> Remove snapshots
在数据中心级别分配的对数据中心内所有对象具有访问权限的用户。User assigned at datacenter level, and has access to all the objects in the datacenter.

要限制访问权限,请在选中“传播到子对象”的情况下将“无访问权”角色分配给子对象(vSphere 主机、数据存储、VM 和网络) 。To restrict access, assign the No access role with the Propagate to child object, to the child objects (vSphere hosts, datastores, VMs and networks).

准备一个帐户用于安装移动服务Prepare an account for Mobility service installation

必须在要复制的计算机上安装移动服务。The Mobility service must be installed on machines you want to replicate. 为计算机启用了复制时,Site Recovery 可以执行此服务的推送安装,你也可以手动安装或使用安装工具安装。Site Recovery can do a push installation of this service when you enable replication for a machine, or you can install it manually, or using installation tools.

  • 在本教程中,我们将使用推送安装来安装移动服务。In this tutorial, we're going to install the Mobility service with the push installation.
  • 若要执行此推送安装,需要准备 Site Recovery 可用于访问 VM 的帐户。For this push installation, you need to prepare an account that Site Recovery can use to access the VM. 在 Azure 控制台中设置灾难恢复时,你将指定此帐户。You specify this account when you set up disaster recovery in the Azure console.

按如下所述准备此帐户:Prepare the account as follows:

准备一个在 VM 上具有安装权限的域或本地帐户。Prepare a domain or local account with permissions to install on the VM.

  • Windows VM:若要在 Windows VM 上安装,如果使用的不是域帐户,则需在本地计算机上禁用远程用户访问控制。Windows VMs: To install on Windows VMs if you're not using a domain account, disable Remote User Access control on the local machine. 为此,请在注册表 > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 中添加值为 1 的 DWORD 项 LocalAccountTokenFilterPolicyTo do this, in the registry > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, add the DWORD entry LocalAccountTokenFilterPolicy, with a value of 1.
  • Linux VM:若要在 Linux VM 上安装,则需在源 Linux 服务器上准备一个根帐户。Linux VMs: To install on Linux VMs, prepare a root account on the source Linux server.

检查 VMware 要求Check VMware requirements

确保 VMware 服务器和 VM 符合要求。Make sure VMware servers and VMs comply with requirements.

  1. 验证 VMware 服务器要求。Verify VMware server requirements.
  2. 对于 Linux VM,请检查文件系统和存储要求。For Linux VMs, check file system and storage requirements.
  3. 检查本地网络存储支持。Check on-premises network and storage support.
  4. 故障转移后,检查 Azure 网络存储计算支持的功能。Check what's supported for Azure networking, storage, and compute, after failover.
  5. 复制到 Azure 的本地 VM 必须符合 Azure VM 要求Your on-premises VMs you replicate to Azure must comply with Azure VM requirements.
  6. 在 Linux 虚拟机中,设备名称或装入点名称都应具有唯一性。In Linux virtual machines, device name or mount point name should be unique. 请确保没有两个设备/装入点具有相同名称。Ensure that no two devices/mount points have the same names. 请注意,名称不区分大小写。Note that name aren't case-sensitive. 例如,不允许将同一 VM 的两个设备命名为 device1 和 Device1 。For example, naming two devices for the same VM as device1 and Device1 isn't allowed.

准备在故障转移后连接到 Azure VMPrepare to connect to Azure VMs after failover

故障转移后,可能需要通过本地网络连接到 Azure VM。After failover, you might want to connect to the Azure VMs from your on-premises network.

若要在故障转移后使用 RDP 连接到 Windows VM,请执行以下操作:To connect to Windows VMs using RDP after failover, do the following:

  • Internet 访问权限Internet access. 在故障转移之前,在本地 VM 上启用 RDP。Before failover, enable RDP on the on-premises VM before failover. 请确保为“公共”配置文件添加了 TCP 和 UDP 规则,并确保在“Windows 防火墙” > “允许的应用”中针对所有配置文件允许 RDP 。Make sure that TCP, and UDP rules are added for the Public profile, and that RDP is allowed in Windows Firewall > Allowed Apps, for all profiles.
  • 站点到站点 VPN 访问权限Site-to-site VPN access:
    • 在故障转移之前,在本地计算机上启用 RDP。Before failover, enable RDP on the on-premises machine.
    • 应在“Windows 防火墙” -> “允许的应用和功能”中针对“域和专用”网络允许 RDP 。RDP should be allowed in the Windows Firewall -> Allowed apps and features for Domain and Private networks.
    • 检查操作系统的 SAN 策略是否已设置为 OnlineAll 。Check that the operating system's SAN policy is set to OnlineAll. 了解详细信息Learn more.
  • 触发故障转移时,VM 上不应存在待处理的 Windows 更新。There should be no Windows updates pending on the VM when you trigger a failover. 如果存在,则在更新完成之前无法登录到虚拟机。If there are, you won't be able to sign in to the virtual machine until the update completes.
  • 在 Windows Azure VM 上执行故障转移后,请选中“启动诊断”,查看 VM 的屏幕截图 。On the Windows Azure VM after failover, check Boot diagnostics to view a screenshot of the VM. 如果无法连接,请检查 VM 是否正在运行,并查看这些故障排除技巧If you can't connect, check that the VM is running and review these troubleshooting tips.

若要在故障转移后使用 SSH 连接到 Linux VM,请执行以下操作:To connect to Linux VMs using SSH after failover, do the following:

  • 执行故障转移之前,请在本地计算机上确保安全外壳服务设置为在系统启动时自动启动。On the on-premises machine before failover, check that the Secure Shell service is set to start automatically on system boot.
  • 确保防火墙规则允许 SSH 连接。Check that firewall rules allow an SSH connection.
  • 在 Azure VM 上执行故障转移后,允许已故障转移的 VM 及其所连接 Azure 子网上的网络安全组规则与 SSH 端口建立传入连接。On the Azure VM after failover, allow incoming connections to the SSH port for the network security group rules on the failed over VM, and for the Azure subnet to which it's connected.
  • 为 VM 添加公共 IP 地址Add a public IP address for the VM.
  • 可选中“启动诊断”查看 VM 的屏幕截图 。You can check Boot diagnostics to view a screenshot of the VM.

故障回复要求Failback requirements

如果计划故障回复到本地站点,则有多个故障回复先决条件If you plan to fail back to your on-premises site, there are a number of prerequisites for failback. 现在可以准备这些先决条件,但不需要。You can prepare these now, but you don't need to. 可以在故障转移到 Azure 后准备。You can prepare after you fail over to Azure.

后续步骤Next steps

设置灾难恢复。Set up disaster recovery. 如果要复制多个 VM,请规划容量。If you're replicating multiple VMs, plan capacity.