在 SharePoint Server 中備份 Secure Store ServiceBack up the Secure Store Service in SharePoint Server

摘要:了解如何在 SharePoint Server 2016 和 SharePoint Server 2013 中備份 Secure Store Service 應用程式。Summary: Learn how to back up the Secure Store Service Application in SharePoint Server 2016 and SharePoint Server 2013.

您可使用 SharePoint 管理中心網站或 Microsoft PowerShell 備份 Secure Store Service。使用的備份工具須視以下條件而定:部署的環境、備份排程需求及您與組織的服務等級協定。You can back up the Secure Store Service by using the SharePoint Central Administration website, or Microsoft PowerShell. The backup tool that you use depends on the kind of environment that you have deployed, your backup schedule requirements, and service level agreements that you have made with your organization.

開始之前Before you begin

Secure Store Service 提供安全儲存認證集的功能,以及將認證與特定身分識別或一組身分識別建立關聯的功能。 每次輸入新的複雜密碼時,SharePoint Server 都會建立新的主要金鑰,然後使用該金鑰重新加密認證集。複雜密碼可讓您存取 SharePoint Server 所建立的主要金鑰,以用於加密認證集。The Secure Store Service provides the capability of securely storing credential sets and associating credentials to specific identities or a group of identities. Every time that you enter a new passphrase, SharePoint Server creates a new Master Key and re-encrypts the credentials sets with that key. The passphrase gives you access to the Master Key created by SharePoint Server that is used to encrypt the credential sets.

您應在第一次設定 Secure Store Service 之後,備份 Secure Store Service 並記錄複雜密碼,然後在每次對 Secure Store Service 進行設定變更或重新加密認證資訊時,再執行一次。You should back up the Secure Store Service and record the passphrase after the Secure Store Service is first configured and again every time that you make configuration changes to the Secure Store Service or re-encrypt the credential information.

開始這項作業之前,請先檢閱下列資訊:Before you begin this operation, review the following information:

  • 您必須在本機電腦或網路上建立儲存備份的資料夾。若要取得較佳的效能,建議您備份至本機電腦,然後再將備份檔案移至網路資料夾。You must create a folder on the local computer or the network in which to store the backups. For better performance, we recommend that you back up to the local computer and then move the backup files to a network folder.

  • 記錄複雜密碼。當您存取還原的 Secure Store Service 時,會需要複雜密碼。Record the passphrase. You will need the passphrase when you access the restored Secure Store Service.

  • 確定每次變更或重新整理主要金鑰時,都會備份 Secure Store Service。變更或重新整理主要金鑰時,即會自動使用新的金鑰重新加密資料庫。備份 Secure Store Service 可確保資料庫與主要金鑰同步。Ensure that you back up the Secure Store Service every time that you change or refresh the Master Key. When you change or refresh the Master key, the database is automatically re-encrypted with the new key. Backing up the Secure Store Service makes sure that the database and the Master key are synchronized.

  • 將複雜密碼保存在安全的位置。Keep the passphrase in a secure location.

使用 PowerShell 備份 SharePoint 的 Secure Store ServiceUse PowerShell to back up the Secure Store Service in SharePoint

您可以使用 PowerShell 手動備份 Secure Store Service,或以指令碼的部分形態,安排定期執行。You can use PowerShell to back up the Secure Store Service manually or as part of a script that can be run at scheduled intervals.

使用 PowerShell 備份 Secure Store ServiceTo back up the Secure Store Service by using PowerShell

  1. 確認您具備下列成員資格:Verify that you have the following memberships:

    • SQL Server 執行個體上的 securityadmin 固定伺服器角色。securityadmin fixed server role on the SQL Server instance.

    • 所有要更新之資料庫上的 db_owner 固定資料庫角色。db_owner fixed database role on all databases that are to be updated.

    • 正在執行 PowerShell Cmdlet 之所在伺服器上的系統管理員群組。Administrators group on the server on which you are running the PowerShell cmdlets.

      可使用 Add-SPShellAdmin Cmdlet 授與使用 SharePoint 2016 產品 Cmdlet 之權限的系統管理員。An administrator can use the Add-SPShellAdmin cmdlet to grant permissions to use SharePoint 2016 Products cmdlets.

      注意

      [!附註] 如果您不具備上述權限,請連絡安裝程式系統管理員或 SQL Server 系統管理員要求權限。如需 PowerShell 權限的其他資訊,請參閱 Add-SPShellAdminIf you do not have permissions, contact your Setup administrator or SQL Server administrator to request permissions. For additional information about PowerShell permissions, see Add-SPShellAdmin.

  2. 啟動 SharePoint 管理命令介面。Start the SharePoint Management Shell.

  3. 在 PowerShell 命令提示字元處,輸入下列命令:At the PowerShell command prompt, type the following command:

    Backup-SPFarm -Directory  <BackupFolder> -BackupMethod Full -Item <SecureStoreService > [-Verbose]
    

    其中:Where:

    • <備份資料夾> 是您要用以儲存備份之本機電腦或網路上的資料夾路徑。<BackupFolder> is the path of a folder on the local computer or on the network in which you want to store the backups.

    • <SecureStoreService> 是要備份的 Secure Store Service 應用程式名稱。<SecureStoreService> is the name of the Secure Store Service application that you want to back up.

      注意

      [!附註] 您必須使用 Full 選項備份 Secure Store Service。You must use the Full option to back up the Secure Store Service.

如需詳細資訊,請參閱<Backup-SPFarm>。For more information, see Backup-SPFarm.

注意

[!附註] 建議您在執行命令列管理工作時使用 Windows PowerShell。Stsadm 命令列工具已過時,但為與舊版產品相容,仍會隨附提供。We recommend that you use Microsoft PowerShell when performing command-line administrative tasks. The Stsadm command-line tool has been deprecated, but is included to support compatibility with previous product versions.

使用 管理中心 在 SharePoint 中備份 Secure Store ServiceUse Central Administration to back up the Secure Store Service in SharePoint

您可使用管理中心備份 Secure Store Service。You can use Central Administration to back up the Secure Store Service.

使用 管理中心 備份 Secure Store ServiceTo back up the Secure Store Service by using Central Administration

  1. 確認執行此程序的使用者帳戶為SharePoint 伺服器陣列管理員群組的成員。Verify that the user account that performs this procedure is a member of the Farm Administrators SharePoint group.

  2. 啟動管理中心。Start Central Administration.

  3. 在管理中心首頁上,按一下 [備份與還原] 區段中的 [執行備份]。In Central Administration, on the home page, in the Backup and Restore section, click Perform a backup.

  4. 在 [執行備份-步驟 2 之 1: 選取的元件備份 」 頁面上,依序展開 [共用服務應用程式] 節點、 從的元件] 清單中選取 [Secure Store Service 應用程式,然後按 [下一步On the Perform a Backup — Step 1 of 2: Select Component to Back Up page, expand the Shared Services Applications node, select the Secure Store Service application from the list of components, and then click Next.

    注意

    [!附註] Secure Store Service 應用程式可能包含數項元件。您必須選取頂層元件。The Secure Store Service application might consist of several components. You must select the top-level component.

  5. 在 [開始備份-步驟 2 之 2: 選取備份選項] 頁面的 [備份類型] 區段中,選取完整On the Start Backup — Step 2 of 2: Select Backup Options page, in the Backup Type section, select Full.

  6. 在 [備份檔案位置] 區段的 [備份位置] 方塊中,輸入備份資料夾的路徑,然後按一下 [開始備份]。In the Backup File Location section, in the Backup location box, type the path of the backup folder, and then click Start Backup.

  7. 您可以在 [備份與還原工作狀態] 頁面上方的 [整備] 區段中,檢視所有備份工作的一般狀態。在同頁面底部的 [備份] 區段中,則可檢視目前備份工作的狀態。狀態頁面每 30 秒會自動更新。只要按一下 [重新整理],即可手動更新狀態詳細資料。備份與復原都是計時器服務工作。因此,數秒之後才會開始備份。You can view the general status of all backup jobs at the top of the Backup and Restore Job Status page in the Readiness section. You can view the status for the current backup job in the lower part of the page in the Backup section. The status page updates every 30 seconds automatically. You can manually update the status details by clicking Refresh. Backup and recovery are Timer service jobs. Therefore, it may take several seconds for the backup to start.

    如有收到錯誤,可以檢閱 [備份與還原工作狀態] 頁面的 [失敗訊息] 欄。也可以在步驟 5 所指定之 UNC 路徑下的 Spbackup.log 檔案中,找到詳細資料。If you receive any errors, you can review them in the Failure Message column of the Backup and Restore Job Status page. You can also find more details in the Spbackup.log file at the UNC path that you specified in step 5.

另請參閱See also

概念Concepts

在 SharePoint Server 中還原Secure Store Service 應用程式Restore Secure Store Service applications in SharePoint Server