基礎結構備份服務的最佳做法Infrastructure Backup Service best practices

在部署和管理 Azure Stack Hub 時,請遵循這些最佳做法,以在發生重大失敗時降低資料遺失的風險。Follow these best practices when you deploy and manage Azure Stack Hub to help mitigate data loss if there's a catastrophic failure.

請定期檢閱最佳做法,以確認對作業流程進行變更後,您的安裝仍然遵照最佳做法。Review the best practices regularly to verify that your installation is still in compliance when changes are made to the operation flow. 若在實作這些最佳做法時遇到任何問題,請連絡 Microsoft 支援服務以取得協助。If you come across any issues while implementing these best practices, contact Microsoft Support for help.

組態的最佳作法Configuration best practices

部署Deployment

在部署每個 Azure Stack Hub 雲端後,啟用基礎結構備份。Enable Infrastructure Backup after deployment of each Azure Stack Hub Cloud. 您可以使用 Azure Stack Hub PowerShell,從任何可存取操作員管理 API 端點的用戶端/伺服器來排程備份。Using Azure Stack Hub PowerShell, you can schedule backups from any client/server with access to the operator management API endpoint.

網路功能Networking

路徑的通用命名慣例 (UNC) 字串必須使用完整網域名稱 (FQDN)。The Universal Naming Convention (UNC) string for the path must use a fully qualified domain name (FQDN). 如果無法進行名稱解析,則可以使用 IP 位址。IP address can be used if name resolution isn't possible. UNC 字串會指定資源的位置,例如共用的檔案或裝置。A UNC string specifies the location of resources such as shared files or devices.

加密Encryption

1901 版和更新版本Version 1901 and newer

加密憑證用於將匯出到外部儲存位置的備份資料加密。The encryption certificate is used to encrypt backup data that gets exported to external storage. 由於憑證僅用來傳輸金鑰,因此憑證可以是自我簽署的憑證。The certificate can be a self-signed certificate since the certificate is only used to transport keys. 如需如何建立憑證的詳細資訊,請參閱 New-SelfSignedCertificate。Refer to New-SelfSignedCertificate for more info on how to create a certificate.

金鑰必須儲存在安全的位置 (例如,全域 Azure Key Vault 憑證中)。The key must be stored in a secure location (for example, global Azure Key Vault certificate). 會使用 CER 格式的憑證來加密資料。The CER format of the certificate is used to encrypt data. 在 Azure Stack Hub 的雲端復原部署期間必須使用 PFX 格式解密備份資料。The PFX format must be used during cloud recovery deployment of Azure Stack Hub to decrypt backup data.

在安全的位置儲存憑證。

1811 和較舊版本1811 and older

加密金鑰用於將匯出到外部儲存位置的備份資料加密。The encryption key is used to encrypt backup data that gets exported to external storage. 金鑰會在使用 PowerShell 為 Azure Stack Hub 啟用備份的過程中產生。The key is generated as part of enabling backup for Azure Stack Hub with PowerShell.

金鑰必須儲存在安全的位置 (例如,全域 Azure Key Vault 祕密中)。The key must be stored in a secure location (for example, global Azure Key Vault secret). 在重新部署 Azure Stack Hub 期間,必須使用此金鑰。This key must be used during redeployment of Azure Stack Hub.

請將金鑰儲存在安全的位置。

作業的最佳作法Operational best practices

備份Backups

  • 備份作業會在系統正在執行時進行,因此對管理體驗或使用者應用程式來說,不會有停機時間。Backup jobs execute while the system is running so there's no downtime to the management experiences or user apps. 對於合理負載下的解決方案,備份作業預計會花費 20-40 分鐘。Expect the backup jobs to take 20-40 minutes for a solution that's under reasonable load.
  • 在修補和更新和 FRU 作業期間,將不會啟動自動備份。Automatic backups will not start during patch and update and FRU operations. 排程的備份作業預設會略過。Scheduled backups jobs will get skipped by default. 在這些作業期間,也會封鎖備份的隨選要求。On-demand requests for backups are blocked as well during these operations.
  • 請使用 OEM 所提供的指示,手動備份網路交換器,此外硬體生命週期主機 (HLH) 應該儲存在與基礎結構備份控制器用以儲存控制平面備份資料相同的備份共用上。Using OEM provided instructions, manually backed up network switches and the hardware lifecycle host (HLH) should be stored on the same backup share where the Infrastructure Backup Controller stores control plane backup data. 請考慮將交換器和 HLH 設定儲存在區域資料夾中。Consider storing switch and HLH configurations in the region folder. 若您在相同區域中有多個 Azure Stack Hub 執行個體,請考慮針對屬於同一個縮放單位的每組設定使用一組識別碼。If you have multiple Azure Stack Hub instances in the same region, consider using an identifier for each configuration that belongs to a scale unit.

資料夾名稱Folder Names

  • 基礎結構會自動建立 MASBACKUP 資料夾。Infrastructure creates MASBACKUP folder automatically. 這是 Microsoft 管理的共用。This is a Microsoft-managed share. 您可以在與 MASBACKUP 相同的層級建立共用。You can create shares at the same level as MASBACKUP. 不建議您在 MASBACKUP 資料夾內,建立 Azure Stack Hub 未建立的資料夾或儲存體資料。It's not recommended to create folders or storage data inside of MASBACKUP that Azure Stack Hub doesn't create.
  • 請使用資料夾名稱中的 FQDN 和區域,區分來自不同雲端的備份資料。User FQDN and region in your folder name to differentiate backup data from different clouds. 您 Azure Stack Hub 部署和端點的 FQDN 是「區域」參數和「外部網域名稱」參數的組合。The FQDN of your Azure Stack Hub deployment and endpoints is the combination of the Region parameter and the External Domain Name parameter. 如需詳細資訊,請參閱 Azure Stack Hub 資料中心整合 - DNSFor more info, see Azure Stack Hub datacenter integration - DNS.

例如,備份共用是裝載在 fileserver01.contoso.com 上的 AzSBackups。For example, the backup share is AzSBackups hosted on fileserver01.contoso.com. 在該檔案共用中,每個 Azure Stack Hub 部署可能都會有一個使用外部網域名稱的資料夾,和一個使用區域名稱的子資料。In that file share there may be a folder per Azure Stack Hub deployment using the external domain name and a subfolder that uses the region name.

FQDN:contoso.comFQDN: contoso.com
區域:nycRegion: nyc

    \\fileserver01.contoso.com\AzSBackups
    \\fileserver01.contoso.com\AzSBackups\contoso.com
    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc
    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\MASBackup

MASBackup 資料夾是 Azure Stack Hub 儲存其備份資料的地方。MASBackup folder is where Azure Stack Hub stores its backup data. 請勿使用此資料夾來儲存您自己的資料。Don't use this folder to store your own data. OEM 也不應該使用此資料夾來儲存任何備份資料。OEMs shouldn't use this folder to store any backup data either.

我們鼓勵 OEM 將其元件的備份資料,儲存在區域資料夾底下。OEMs are encouraged to store backup data for their components under the region folder. 每個網路交換器、硬體生命週期主機 (HLH) 等等,都可以儲存在其專屬的子資料夾中。Each network switch, hardware lifecycle host (HLH), and so on, may be stored in its own subfolder. 例如:For example:

    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\HLH
    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\Switches
    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\DeploymentData
    \\fileserver01.contoso.com\AzSBackups\contoso.com\nyc\Registration

監視Monitoring

系統支援下列警示:The following alerts are supported by the system:

警示Alert 描述Description 修復Remediation
由於檔案共用容量不足,因此備份失敗。Backup failed because the file share is out of capacity. 由於檔案共用容量不足,因此備份控制器無法將備份檔案匯出到該位置。File share is out of capacity and backup controller can't export backup files to the location. 請新增更多的儲存容量,然後重試備份。Add more storage capacity and try back up again. 請刪除現有的備份 (從最舊的備份開始) 以釋出空間。Delete existing backups (starting from oldest first) to free up space.
由於連線問題,因此備份失敗。Backup failed due to connectivity problems. Azure Stack Hub 與檔案共用之間的網路發生問題。Network between Azure Stack Hub and the file share is experiencing issues. 請解決網路問題,然後重試備份。Address the network issue and try backup again.
由於路徑有誤,因此備份失敗。Backup failed due to a fault in the path. 無法解析檔案共用路徑。The file share path can't be resolved. 請從不同的電腦對應共用,以確保共用是可存取的。Map the share from a different computer to ensure the share is accessible. 若路徑已不再有效,您可能會需要更新路徑。You may need to update the path if it's no longer valid.
由於驗證問題,因此備份失敗。Backup failed due to authentication issue. 認證可能有問題,或有網路問題影響驗證。There might be an issue with the credentials or a network issue that impacts authentication. 請從不同的電腦對應共用,以確保共用是可存取的。Map the share from a different computer to ensure the share is accessible. 若認證已不再有效,您可能會需要更新認證。You may need to update credentials if they're no longer valid.
由於一般錯誤,因此備份失敗。Backup failed due to a general fault. 可能是因為間歇性問題而導致要求失敗。The failed request could be due to an intermittent issue. 再次嘗試備份。Try to back up again. 請致電支援部門。Call support.

後續步驟Next steps

請檢閱基礎結構備份服務的參考資料。Review the reference material for the Infrastructure Backup Service.

啟用基礎結構備份服務Enable the Infrastructure Backup Service.