備份 Azure Stack Hub 上的儲存體帳戶Back up your storage accounts on Azure Stack Hub

本文探討如何保護和復原 Azure Stack Hub 上的 Azure 儲存體帳戶內的儲存體帳戶。This article looks at protection and recovery of storage accounts within an Azure Storage accounts on Azure Stack Hub.

解決方案的元素Elements of the solution

本節探討解決方案的整體結構和主要部分。This section looks at the overall structure of the solution and major parts.

此圖顯示 Azure Stack Hub 儲存體備份的整體結構。

應用程式層Application layer

您可以發出多個 PUT Blob放置區塊作業將物件寫入至多個位置,以在不同 Azure Stack Hub 縮放單位上的儲存體帳戶之間複寫資料。Data can be replicated between storage accounts on separate Azure Stack Hub scale units by issuing multiple PUT Blob or Put Block operations to write objects to multiple locations. 或者,應用程式也可以發出複製 Blob 作業,以便在主要帳戶的放置作業完成後,將 Blob 複製到裝載於不同縮放單位上的儲存體帳戶。Alternatively, the application can issue the Copy Blob operation to copy the Blob to a storage account hosted on a separate scale unit after the Put operation to the primary account completes.

排定的複製工作Scheduled copy task

AzCopy 是絕佳的工具,可用來複製本機檔案系統、Azure 雲端儲存體、Azure Stack Hub 儲存體和 s3 中的資料。AzCopy is an excellent tool that can be utilized to copy data from local filesystems, Azure Cloud Storage, Azure Stack Hub Storage, and s3. 目前,AzCopy 無法在兩個 Azure Stack Hub 儲存體帳戶之間複製資料。Currently, AzCopy cannot copy data between two Azure Stack Hub Storage Accounts. 要將物件從來源 Azure Stack Hub 儲存體帳戶複製到目標 Azure Stack Hub 儲存體帳戶,必須要有中繼本機檔案系統。Copying objects from a source Azure Stack Hub Storage account to a target Azure Stack Hub Storage account requires an intermediary local filesystem.

如需詳細資訊,請參閱使用 Azure Stack Hub 儲存體中的資料傳輸工具一文中的 AzCopy。For more information, see the AzCopy in the Use data transfer tools in Azure Stack Hub Storage article.

Azure Stack Hub (來源)Azure Stack Hub (source)

這是您想要備份的儲存體帳戶資料來源。This is the source of the storage account data you would like to back up.

您將需要來源儲存體帳戶 URL 和 SAS 權杖。You will need to the Source Storage Account URL and SAS Token. 如需如何使用儲存體帳戶的指示,請參閱開始使用 Azure Stack Hub 儲存體開發工具For instruction on working with a storage account, see Get started with Azure Stack Hub storage development tools.

Azure Stack Hub (目標)Azure Stack Hub (target)

這是將用來儲存所要備份帳戶資料的目標。This is the target that will store the account data you would like to back up. 目標 Azure Stack Hub 執行個體必須與目標 Azure Stack Hub 位於不同的位置。The target Azure Stack Hub instance must be in a different location from your target Azure Stack Hub. 而來源則必須能夠連線至目標。And the source will need to be able to connect to the target.

您將需要來源儲存體帳戶 URL 和 SAS 權杖。You will need to the Source Storage Account URL and SAS Token. 如需如何使用儲存體帳戶的指示,請參閱開始使用 Azure Stack Hub 儲存體開發工具For instruction on working with a storage account, see Get started with Azure Stack Hub storage development tools.

中繼本機檔案系統Intermediary local filesystem

您需要有地方可供執行 AzCopy,以及在從來源複製並寫入到目標 Azure Stack Hub 時用來儲存資料。You will need a place to run AzCopy and to store data when copying from your source and then writing to your target Azure Stack Hub. 這是來源 Azure Stack Hub 中的中繼伺服器。This is an intermediate server in your source Azure Stack Hub.

您可以建立 Linux 或 Windows 伺服器來作為中繼伺服器。You can create a Linux or Windows server as your intermediate server. 伺服器必須有足夠的空間,才能儲存來源儲存體帳戶容器中的所有物件。The server will need to have enough space to store all of the objects in the source Storage account containers.

設定好 Windows Server 之後,您必須安裝 Azure Stack Hub PowerShellAzure Stack Hub 工具Once you have set up your Windows Server, you will need to install Azure Stack Hub PowerShell and Azure Stack Hub Tools.

設定儲存體帳戶的備份Set up backup for storage accounts

  1. 擷取來源和目標儲存體帳戶的 Blob 端點。Retrieve the Blob Endpoint for the source and target storage accounts.

    顯示來源和目標儲存體帳戶之主要 blob 端點的螢幕擷取畫面。

  2. 建立並記錄來源和目標儲存體帳戶的 SAS 權杖。Create and record SAS Tokens for the source and target storage accounts.

    Azure Stack Hub 儲存體備份

  3. 在中繼伺服器上安裝 AzCopy,並將 [API 版本] 設定為 Azure Stack Hub 儲存體帳戶的帳戶。Install AzCopy on the intermediary server and set the API Version to account for Azure Stack Hub Storage Accounts.

    • 若為 Windows Server:For a Windows server:
    set AZCOPY_DEFAULT_SERVICE_API_VERSION=2017-11-09 PowerShell use: $env:AZCOPY_DEFAULT_SERVICE_API_VERSION="2017-11-09"
    
    • 若為 Linux (Ubuntu) 伺服器:For a Linux (Ubuntu) server:
    export AZCOPY_DEFAULT_SERVICE_API_VERSION=2017-11-09
    
  4. 在中繼伺服器上建立指令碼。On your intermediate server, create script. 使用您的 儲存體帳戶SAS 金鑰本機目錄路徑 來更新此命令。Update this command with your storage account, SAS key, and local directory path. 您將會執行指令碼,以累加方式從 來源 儲存體帳戶複製資料。You'll run the script to copy data incrementally from the source storage account.

    azcopy sync "https:/<storagaccount>/<container>?<SAS Key>" "C:\\myFolder" --recursive=true --delete-destination=true
    
  5. 輸入 儲存體帳戶SAS 金鑰本機目錄路徑Enter the storage account,SAS key, and local directory path. 您將會使用此資訊,以累加方式將資料複製到 目標 儲存體帳戶You'll will use this to copy data incrementally to the target storage account

    azcopy sync "C:\\myFolder" "https:// <storagaccount>/<container>?<SAS Key>" --recursive=true --delete-destination=true
    
  6. 使用 Cron 或 Windows 工作排程器,來排程從來源 Azure Stack Hub 儲存體帳戶複製到中繼伺服器上的本機儲存體的作業。Use Cron or Windows Task Scheduler to schedule the copy from the source Azure Stack Hub storage account to Local Storage on the intermediate server. 然後,從中繼伺服器中的本機儲存體複製到目標 Azure Stack Hub 儲存體帳戶。Then copy from local storage in the intermediate server to the target Azure Stack Hub storage account.

    您可以使用此解決方案達到的 RPO,將取決於 /MO 參數值,以及來源帳戶與中繼伺服器和中繼伺服器與目標帳戶之間的網路頻寬。The RPO you can achieve with this solution will be determined by the /MO parameter value and the network bandwidth between the source account and the intermediary server and the intermediary server and the target account.

    • 若為 Linux (Ubuntu) 伺服器:For a Linux (Ubuntu) server:
    schtasks /CREATE /SC minute /MO 5 /TN "AzCopy Script" /TR C:\\&lt;script name>.bat
    
    參數Parameter 附註Note
    /SC/SC 使用分鐘排程。Use a minute schedule.
    /MO/MO XX 分鐘的間隔。An interval of XX minutes.
    /TN/TN 工作名稱。The task name.
    /TR/TR script.bat 檔案的路徑。The path to the script.bat file.
    • 若為 Windows Server:For a Windows server:

    如需如何使用 Windows 工作排程的相關資訊,請參閱適用於開發人員的工作排程器For information on using the Windows Task schedule, see Task Scheduler for developers

在災害中使用您的儲存體帳戶Use your storage account in a disaster

每個 Azure Stack Hub 儲存體帳戶都擁有唯一的 DNS 名稱,此名稱衍生自 Azure Stack Hub 區域本身的名稱,例如 https://krsource.blob.east.asicdc.com/Each Azure Stack Hub Storage account possesses a unique DNS name derived from the name of the Azure Stack Hub region itself, for example, https://krsource.blob.east.asicdc.com/. 當災害期間必須用到目標帳戶 (例如,https://krtarget.blob.west.asicdc.com/) 時,透過此 DNS 名稱寫入和讀取的應用程式將必須符合儲存體帳戶的 DNS 名稱變更。Applications writing to and reading from this DNS Name will need to accommodate the storage account DNS name change when the target account, for example, https://krtarget.blob.west.asicdc.com/ needs to be used during a disaster.

在對帳戶宣告發生災害之後可以修改應用程式連接字串以便重新放置物件,或者,如果在對來源和目標儲存體帳戶進行前端處理的負載平衡器前面使用 CNAME 記錄,則可以為負載平衡器設定手動容錯移轉演算法,以便讓系統管理員宣告目標Application connection strings can be modified after a disaster is declared to account for the relocation of the objects or, if a CNAME record is used in front of a load balancer front-ending the source and target storage accounts, the load balancer can be configured with a manual failover algorithm that will allow the administrator to declare the target

如果是應用程式而非 AAD 或 AD FS 在使用 SAS,則上述方法不適用,而且必須使用針對目標儲存體帳戶所產生的目標儲存體帳戶 URL 和 SAS 金鑰來更新應用程式連接字串。If SAS is used by the application rather than AAD or AD FS, the above method will not work and application connection strings will need to be updated with the target storage account URL and the SAS key(s) generated for the target storage account.

後續步驟Next steps

開始使用 Azure Stack Hub 儲存體開發工具Get started with Azure Stack Hub storage development tools