使用 DPM 來備份及還原 VMware 虛擬機器Use DPM to back up and restore VMware virtual machines

重要

已不再支援此版本的 Data Protection Manager (DPM),建議升級至 DPM 2019This version of Data Protection Manager (DPM) has reached the end of support, we recommend you to upgrade to DPM 2019.

本文說明如何使用 Data Protection Manager (DPM) 1801 版與更新版本,來備份在 VMWare vCenter 與 vSphere Hypervisor (ESXi) 的 5.5、6.0、6.5 或 6.7 版本上執行的虛擬機器。This article explains how to use Data Protection Manager (DPM) version 1801 and later, to back up virtual machines running on the 5.5, 6.0, 6.5 or 6.7 versions of VMware vCenter and vSphere Hypervisor (ESXi).

支援的 VMware 功能Supported VMware features

DPM 1801 與更新版本會在備份 VMware 虛擬機器時提供下列功能:DPM 1801 and later provides the following features when backing up VMware virtual machines:

注意

DPM 2019 支援備份至磁帶。Backup to tape is supported from DPM 2019.

  • 無代理程式備份:DPM 不需要在 vCenter 或 ESXi 伺服器上安裝代理程式來備份虛擬機器。Agentless backup: DPM does not require an agent to be installed on the vCenter or ESXi server, to back up the virtual machine. 而是只會提供 IP 位址或完整網域名稱 (FQDN),以及透過 DPM 用來驗證 VMware 伺服器的登入認證。Instead, just provide the IP address or fully qualified domain name (FQDN), and login credentials used to authenticate the VMware server with DPM.
  • 雲端整合式備份:DPM 會保護磁碟、磁帶和雲端的工作負載。Cloud Integrated Backup: DPM protects workloads to disk, tape and cloud. DPM 的備份和復原工作流程可協助您管理長期保留和異地備份。DPM's backup and recovery workflow helps you manage long-term retention and offsite backup.
  • 偵測並保護 vCenter 受控 VM:DPM 會偵測並保護部署於 VMware 伺服器 (vCenter 或 ESXi 伺服器) 上的 VM。Detect and protect VMs managed by vCenter: DPM detects and protects VMs deployed on a VMware server (vCenter or ESXi server). 當您的部署大小增加時,請使用 vCenter 來管理 VMware 環境。As your deployment size grows, use vCenter to manage your VMware environment. DPM 也會偵測 vCenter 所管理的 VM,讓您能夠保護大型部署。DPM also detects VMs managed by vCenter, allowing you to protect large deployments.
  • 資料夾等級的自動保護:vCenter 讓您能夠組織 VM 資料夾中的 VM。Folder level auto protection: vCenter lets you organize your VMs in VM folders. DPM 會偵測這些資料夾,讓您能夠以資料夾等級保護 VM,並包含所有子資料夾。DPM detects these folders and lets you protect VMs at the folder level and includes all subfolders. 保護資料夾時,DPM 不只會保護該資料夾中的 VM,也會保護後續新增的 VM。When protecting folders, DPM not only protects the VMs in that folder, but also protects VMs added later. DPM 每日都會偵測新的 VM,並自動保護它們。DPM detects new VMs on a daily basis and protects them automatically. 當您在遞迴資料夾中組織 VM 時,DPM 會自動偵測並保護部署於遞迴資料夾中的新 VM。As you organize your VMs in recursive folders, DPM automatically detects and protects the new VMs deployed in the recursive folders.
  • DPM 會保護儲存於本機磁碟、網路檔案系統 (NFS) 或叢集存放區上的 VM。DPM protects VMs stored on a local disk, network file system (NFS), or cluster storage.
  • DPM 會保護要移轉以進行負載平衡的 VM:移轉 VM 以進行負載平衡時,DPM 會自動偵測並繼續保護 VM。DPM protects VMs migrated for load balancing: As VMs are migrated for load balancing, DPM automatically detects and continues VM protection.
  • DPM 可以從 Windows VM 復原檔案/資料夾,而不需復原整個 VM,有助於更快速地復原所需的檔案。DPM can recover files/folders from a Windows VM without recovering the entire VM, which helps recover necessary files faster.

必要條件和限制Prerequisites and Limitations

開始備份 VMware 虛擬機器之前,請先檢閱下列的限制和必要條件清單。Before you start backing up a VMware virtual machine, review the following list of limitations and prerequisites.

  • 如果已使用 DPM 保護在 Windows 上執行的 vCenter Server (以 Windows Server 形式),則無法使用伺服器 FQDN 對其進行保護 (以 VMware 伺服器形式)。If you have been using DPM to protect vCenter server (running on Windows) as Windows Server, you cannot protect that as VMware server using FQDN of the server.
    • 您可使用 vCenter Server 的靜態 IP 位址作為因應措施。You can use static IP address of vCenter Server as a workaround.
    • 如果想要使用 FQDN,則應該停止以 Windows Server 形式進行保護、移除保護代理程式,然後將其新增為使用 FQDN 的 VMware 伺服器。If you want to use FQDN, you should stop the protection as Windows Server, remove the protection agent, and then add as VMware Server using FQDN.
  • 如果是使用 FQDN 來保護在 Windows 上執行的 vCenter Server (以 VMware 伺服器形式),即無法以 Windows Server 形式來保護 vCenter Server。If you are protecting vCenter Server (running on Windows) using FQDN as VMware Server, you cannot protect the vCenter Server as Windows Server.
  • 如果您使用 vCenter 來管理環境中的 ESXi 伺服器,請將 vCenter (和非 ESXi) 新增到 DPM 保護群組。If you use vCenter to manage ESXi servers in your environment, add vCenter (and not ESXi) to the DPM protection group.
  • DPM 無法保護到次要 DPM 伺服器的 VMWare VM。DPM cannot protect VMware VMs to a secondary DPM server.
  • 您無法在第一次 DPM 備份之前備份使用者快照集。You cannot back up user snapshots before the first DPM backup. 當 DPM 完成第一次備份之後,您接著就能備份使用者快照集。Once DPM completes the first backup, then you can back up user snapshots.
  • DPM 無法保護具有傳遞磁碟和實體原始裝置對應 (pRDM) 的 VMware VM。DPM cannot protect VMware VMs with pass-through disks and physical raw device mappings (pRDM).
  • DPM 無法偵測或保護 VMware vApps。DPM cannot detect or protect VMware vApps.
  • DPM 無法使用現有的快照集來保護 VMware VM。DPM cannot protect VMware VMs with existing snapshots.
  • 確認下列網路連接埠已開放:Ensure the following network ports are open:
    • MABS 與 vCenter 之間的 TCP 443TCP 443 between MABS and vCenter
    • MABS 與 ESXi 主機之間的 TCP 443 與 TCP 902TCP 443 and TCP 902 between MABS and ESXi host

設定 DPM 以保護 VMwareConfigure DPM to protect VMware

下列資訊詳細說明如何設定 VMware 以進行 DPM 保護。The following information details how to configure VMware for DPM protection. 若要建立 DPM 與 VMware 伺服器之間的通訊,請設定 VMware 認證,並建立 DPM 與 VMware vCenter Server 或 VMware vSphere Hypervisor (ESXi) 伺服器之間的安全連線。To establish communication between DPM and the VMware server, configure the VMware credentials and establish a secure connection between DPM and the VMware vCenter Server or VMware vSphere Hypervisor (ESXi) server. 如果您使用 vCenter Server 和 ESXi 伺服器,僅需設定 vCenter 來使用 DPM。If you use both vCenter Server and ESXi server, configure only the vCenter Server to work with DPM. 您不需將 ESXi 伺服器新增到 DPM。You don't need to add ESXi servers to DPM. 為了管理 VMware 伺服器,DPM 需要有效的認證來存取 VMware 伺服器。To manage a VMware server, DPM needs valid credentials to access VMware servers.

認證管理Credential management

DPM 不會使用代理程式來與 VMware 伺服器通訊。DPM does not use an agent to communicate with a VMware server. DPM 會改用使用者名稱和密碼認證,來驗證它與 VMware 伺服器的遠端通訊。Instead, DPM uses a user name and password credential to authenticate its remote communication with the VMware server. 每當 DPM 與 VMware 伺服器通訊時,就必須驗證 DPM。Each time DPM communicates with a VMware server, DPM must be authenticated. 如果需要變更認證,而且一個資料中心可以有多部需要唯一認證的 vCenter 伺服器,則追蹤這些認證可能會是個問題。As it can be necessary to change credentials, and a data center can have multiple vCenter servers requiring unique credentials, tracking these credentials can be a problem. 不過,DPM 提供「管理 VMware 認證」功能,來安全地儲存和管理認證。However, DPM has a Manage VMware Credentials feature to securely store and manage credentials.

請注意下列關於認證的詳細資料:Note the following details about credentials:

  • 一個認證可以用來驗證多部 VMware 伺服器。One credential can be used to authenticate multiple VMware servers.
  • 一旦更新認證詳細資料 (例如:描述、使用者名稱和密碼) 之後,DPM 就會使用這些認證來與所有 VMware 伺服器通訊。Once credential details such as: Description, User name, and Password are updated, DPM uses these credentials to communicate with all VMware servers.
  • 只有在不使用認證來驗證 VMware 伺服器時,才能刪除該認證。A credential can be deleted only if it is not being used to authenticate a VMware server.

開啟 [管理 VMware 認證] 功能Open the Manage VMware Credentials feature

  1. 在 DPM 管理主控台中,按一下 [管理]。In the DPM Administrator Console, click Management.

    開啟的步驟steps to open

  2. 在要管理的資產清單中,按一下 [實際執行伺服器]。In the list of assets to manage, click Production Servers.

  3. 在工具功能區中,按一下 [管理 VMware 認證]。In the tool ribbon, click Manage VMware Credentials. [管理認證] 對話方塊隨即開啟。The Manage Credentials dialog opens. 使用 [管理認證] 對話方塊,您可以新增、更新或刪除認證。Using the Manage Credentials dialog, you can add, update, or delete credentials. 開啟 [管理認證] 對話方塊open Manage Credentials dialog

    如需新增、更新或刪除認證的詳細資訊,請參閱下列各節。See the following sections for detailed information on adding, updating, or deleting credentials.

新增 VMware 伺服器認證Add VMware server credentials

您可以將認證新增到 DPM 伺服器,以便將它與 VMware 伺服器上的認證配對。You add a credential to the DPM server so you can pair it up with credential on the VMware server. 請記住,DPM 伺服器上的認證必須與 VMware 伺服器上的認證完全相同。Remember, the credential on the DPM server must be identical to the credential on the VMware server. 若要新增認證,在 [管理認證] 對話方塊中:To add a credential, in the Manage Credentials dialog:

  1. 按一下 [新增] 開啟 [新增認證] 對話方塊。Click Add to open the Add Credential dialog. 開啟 [新增認證] 對話方塊open Add Credentials dialog

  2. 在 [名稱]、[描述]、[使用者名稱] 和 [密碼] 欄位中輸入您的資訊。Type your information in the Name, Description, User name, and Password fields. 當您在必要欄位中新增文字之後,[新增] 按鈕就會變成作用中狀態。Once you've added text in the required fields, the Add button becomes active.

    • [名稱] 就是 [管理認證] 對話方塊之 [認證] 資料行中顯示的內容。Name is what appears in the Credential column of the Manage Credentials dialog. [名稱] 是必要欄位,且為認證的識別碼。Name is a required field and is the identifier for the credentials. 此欄位後續無法編輯。This field cannot be edited later. 如果您想要變更認證的名稱,就必須新增認證。If you want to change the name of a credential, you must add a new credential.
    • [描述] 是描述性文字或替代名稱,讓您能夠辨識或區分 [管理認證] 對話方塊中的認證。Description is descriptive text or an alternate name so you can recognize or distinguish the credentials in the Manage Credentials dialog. [描述] 文字是選擇性欄位,顯示於 [管理認證] 對話方塊的 [描述] 資料行中。The Description text is an optional field and appears in the Description column of the Manage Credentials dialog.
    • [使用者名稱] 和 [密碼] 是用來存取伺服器之使用者帳戶的使用者名稱和密碼。User name and Password are the user name and password for the user account used to access the server. 這兩個都是必要欄位。Both fields are required.
  3. 按一下 [新增] 以儲存您的新認證。Click Add to save your new credentials. 當您建立認證之後,就可以使用它們來向 VMware 伺服器驗證。Once you have created credentials, you can use them to authenticate with a VMware server.

更新 VMware 伺服器認證Update VMware server credentials

大多數的組織都需要基於安全性緣故或人員變更來更新認證。Most organizations need to update credentials due to security reasons or personnel changes. 當 VMware 伺服器認證變更時,DPM 所使用的認證也需要更新。When VMware server credentials are changed, the credentials used by DPM also need to be updated. 如果變更了 VMware 伺服器的認證 (使用者名稱和密碼),您必須在 DPM 中新增相符的認證。If a VMware server's credentials (user name and password) have changed, you must add matching credentials in DPM.

一旦您在 DPM 中擁有相符的認證之後,請使用下列步驟來更新 VMware 伺服器認證:Once you have matching credentials in DPM, update the VMware server credentials using the following steps:

  1. 在 DPM 管理主控台中,按一下 [管理]。In the DPM Administrator console, click Management.

  2. 在要管理的資產清單中,按一下 [實際執行伺服器]。In the list of assets to manage, click Production Servers.

  3. 在電腦清單中,選取需要更新認證的 VMware 伺服器。In the list of computers, select the VMware server whose credentials need to be updated. 在範例影像中,demovcenter1.Contoso.com 是認證已毀損的 VMware 伺服器。In the example image, demovcenter1.Contoso.com is the VMware server with broken credentials. 開啟 [新增認證] 對話方塊open Add Credentials dialog

  4. 在管理主控台的工具功能區上,按一下 [變更設定]。On the Administrator console tool ribbon, click Change Settings. [變更設定] 對話方塊隨即開啟。The Change Settings dialog opens. 它會顯示 DPM 伺服器上的所有認證。It displays all credentials on the DPM server. 在範例影像中,demovcenter_002 是要與 demovcenter1.Contoso.com 配對的 DPM 認證。In the example image, demovcenter_002 is the DPM credential to pair with demovcenter1.Contoso.com.

    開啟 [新增認證] 對話方塊

  5. 從清單中選取 DPM 伺服器上符合 VMware 認證的認證,然後按一下 [更新]。From the list, select the credential on the DPM server to match the VMware credential and click Update. 在影像中,請注意 demovcenter_002 會驗證實際執行伺服器,而 demovcenter1.Contoso.com 目前受到保護。In the image, notice demovcenter_002 authenticates a production server, and demovcenter1.Contoso.com is now protected. 開啟 [新增認證] 對話方塊open Add Credentials dialog

刪除 VMware 伺服器認證Delete VMware server credentials

當您刪除認證時,正在從 DPM 伺服器上的清單中移除認證。When you delete credentials, you are removing the credential from the list on the DPM server. DPM 不允許您刪除用來驗證實際執行伺服器的認證。DPM doesn't allow you to delete a credential that is used to authenticate a production server.

刪除認證To delete a credential

  1. 在 DPM 管理主控台中,依序按一下 [管理] 和 [實際執行伺服器],然後在工具功能區中,按一下 [管理 VMware 認證]。In the DPM Administrator Console, click Management, click Production Servers, and in the tool ribbon, click Manage VMware Credentials.
  2. 在 [管理認證] 對話方塊中選取認證。In the Manage Credentials dialog, select the credential. 確定該認證並未與任何實際執行伺服器相關聯。Make sure the credential is not associated with any Production Servers.
  3. 按一下 [刪除] 以從清單中移除該認證。Click Delete to remove the credential from the list.

設定 DPM 和 VMware 伺服器之間的安全通訊Set up secure communication between DPM and a VMware server

DPM 會透過 HTTPS 通道,安全地與 VMware 伺服器通訊。DPM communicates with the VMware server securely over an HTTPS channel. 若要建立安全通訊,請同時在 VMware 伺服器和 DPM 伺服器上安裝信任的憑證。To create the secure communication, install a trusted certificate on both the VMware server and DPM server. 如果與您 vCenter 的連線不安全,您可以藉由在 DPM 伺服器上安裝憑證來進行保護。If the connection to your vCenter is not secure, you can secure it by installing a certificate on the DPM server. 使用相同的憑證來與 VMware 伺服器建立安全的連線。Use the same certificate to make a secure connection with the VMware server.

若要確認 DPM 和 vCenter 之間具有安全的通訊通道,請開啟 DPM 伺服器上的瀏覽器,然後存取 VMware 伺服器。To verify there is a secure communication channel between DPM and vCenter, open a browser on the DPM server and access the VMware server. 如果您使用的是 Chrome,而且您不具有效憑證,則會在 URL 中看見刪除線,如下列範例所示:If you are using Chrome, and you do not have a valid certificate you see the strikethrough in the URL, like this example:

沒有安全的通訊通道no secure communication channel

如果您使用的是 Internet Explorer,而且您不具有效憑證,則會在存取 URL 時看到此訊息:If you are using Internet Explorer, and you don't have a valid certificate, you see this message when you access the URL:

沒有安全的通訊通道no secure communication channel

若要修正錯誤,請在 DPM 伺服器和 VMware 伺服器上安裝有效憑證。To fix the error, install a valid certificate on the DPM server and the VMware server. 在先前的影像中,DPM 伺服器具備有效憑證,但該憑證不在信任的根憑證授權單位存放區中。In the previous images, the DPM server has a valid certificate, but the certificate is not in the trusted root certification authority store. 若要修正這種情況,請將該憑證新增到 VMware 伺服器。To fix this situation, add the certificate to the VMware server.

  1. 在 [憑證] 對話方塊的 [憑證路徑] 索引標籤上,按一下 [檢視憑證]。On the Certificate dialog, on the Certification Path tab, click View Certificate.

    開啟 [檢視憑證] 對話方塊open View Certificate dialog

  2. 在新的 [憑證] 對話方塊中,按一下 [詳細資料] 索引標籤,然後按一下 [複製到檔案] 以開啟 [憑證匯出精靈]。In the new Certificate dialog, click the Details tab, and then click Copy to File to open the Certificate Export Wizard.

    開啟 [檢視憑證] 對話方塊open View Certificate dialog

  3. 在 [憑證匯出精靈] 中,按 [下一步]、在 [匯出檔案格式] 畫面上選取 [DER 編碼二位元 X.509 (.CER)],然後按 [下一步]。In the Certificate Export Wizard, click Next, and on the Export File Format screen, select DER encoded binary X.509 (.CER), then click Next.

  4. 在 [要匯出的檔案] 畫面上,輸入您的憑證名稱,然後按 [下一步]。On the File to Export screen, type a name for your certificate and click Next.

  5. 按一下 [完成] 以完成 [憑證匯出精靈]。Click Finish to complete the Certificate Export Wizard.

  6. 找出匯出的憑證。Locate the exported certificate. 以滑鼠右鍵按一下憑證,然後選取 [安裝憑證] 以開啟 [憑證匯入精靈]。Right-click the certificate and select Install Certificate to open the Certificate Import Wizard.

    按一下 [安裝憑證]click install Certificate

  7. 在 [憑證匯入精靈] 中,按一下 [本機電腦],然後按 [下一步]。In the Certificate Import wizard, click Local Machine and then click Next.

  8. 若要尋找您想要放置憑證的位置,在 [憑證存放區] 畫面上,按一下 [將所有憑證放入以下的存放區],然後按一下 [瀏覽]。To find the location where you want to place the certificateOn the Certificate Store screen, click Place all certificates in the following store and click Browse.

  9. 在 [選取憑證存放區] 對話方塊中,選取 [信任的根憑證授權單位],然後按一下 [確定]。In the Select Certificate Store dialog, select Trusted Root Authority Certificate and click OK. 按一下 [安裝憑證]click install Certificate

  10. 按 [下一步],然後按一下 [完成] 以成功匯入憑證。Click Next and then click Finish to import the certificate successfully.

  11. 新增憑證之後,請登入 vCenter 伺服器以確認連線很安全。Once you have added the certificate, sign into your vCenter server to verify the connection is secure. 按一下 [安裝憑證]click install Certificate

在 VMware 伺服器中新增使用者帳戶Add a new user account in VMware server

DPM 會使用您的使用者名稱和密碼作為認證,來與 VMware 伺服器進行通訊和驗證。DPM uses your user name and password as credentials for communicating and authenticating with VMware server. vCenter 使用者帳戶至少具備下列權限,需要有這些權限才能成功保護 VM。A vCenter user account has, at least the following privileges, which are required for successfully protecting a VM.

下表會針對您所建立的使用者帳戶,擷取您需要指派的權限:The following table captures the privileges that you need to assign to the user account that you create:

vCenter 6.5 使用者帳戶的權限Privileges for vCenter 6.5 user account vCenter 6.7 使用者帳戶的權限Privileges for vCenter 6.7 user account
資料存放區叢集。設定資料存放區叢集Datastore cluster.Configure a datastore cluster 資料存放區叢集。設定資料存放區叢集Datastore cluster.Configure a datastore cluster
Datastore.AllocateSpaceDatastore.AllocateSpace Datastore.AllocateSpaceDatastore.AllocateSpace
資料存放區。瀏覽資料存放區Datastore.Browse datastore 資料存放區。瀏覽資料存放區Datastore.Browse datastore
資料存放區。低層級檔案作業Datastore.Low-level file operations 資料存放區。低層級檔案作業Datastore.Low-level file operations
全域。停用方法Global.Disable methods 全域。停用方法Global.Disable methods
全域。啟用方法Global.Enable methods 全域。啟用方法Global.Enable methods
全域。授權Global.Licenses 全域。授權Global.Licenses
全域。記錄事件Global.Log event 全域。記錄事件Global.Log event
全域。管理自訂屬性Global.Manage custom attributes 全域。管理自訂屬性Global.Manage custom attributes
全域。設定自訂屬性Global.Set custom attribute 全域。設定自訂屬性Global.Set custom attribute
本機。本機作業。建立虛擬機器Host.Local operations.Create virtual machine 本機。本機作業。建立虛擬機器Host.Local operations.Create virtual machine
網路。指派網路Network.Assign network 網路。指派網路Network.Assign network
資源。Resource. 將虛擬機器指派給資源集區Assign virtual machine to resource pool 資源。Resource. 將虛擬機器指派給資源集區Assign virtual machine to resource pool
vApp。新增虛擬機器vApp.Add virtual machine vApp。新增虛擬機器vApp.Add virtual machine
vApp。指派資源集區vApp.Assign resource pool vApp。指派資源集區vApp.Assign resource pool
vApp。取消註冊vApp.Unregister vApp。取消註冊vApp.Unregister
VirtualMachine.Configuration.VirtualMachine.Configuration. 新增或移除裝置Add Or Remove Device VirtualMachine.Configuration.VirtualMachine.Configuration. 新增或移除裝置Add Or Remove Device
虛擬機器。設定。磁碟租用Virtual machine.Configuration.Disk lease 虛擬機器。設定。取得磁碟租用Virtual machine.Configuration.Acquire disk lease
虛擬機器。設定。新增磁碟Virtual machine.Configuration.Add new disk 虛擬機器。設定。新增磁碟Virtual machine.Configuration.Add new disk
虛擬機器。設定。進階Virtual machine.Configuration.Advanced 虛擬機器。設定。進階設定Virtual machine.Configuration.Advanced configuration
虛擬機器。設定。磁碟變更追蹤Virtual machine.Configuration.Disk change tracking 虛擬機器。設定。切換磁碟變更追蹤Virtual machine.Configuration.Toggle disk change tracking
虛擬機器。設定。裝載 USB 裝置Virtual machine.Configuration.Host USB device 虛擬機器。設定。設定裝載 USB 裝置Virtual machine.Configuration.Configure Host USB device
虛擬機器。設定。延伸虛擬磁碟Virtual machine.Configuration.Extend virtual disk 虛擬機器。設定。延伸虛擬磁碟Virtual machine.Configuration.Extend virtual disk
虛擬機器。設定。查詢未知的檔案Virtual machine.Configuration.Query unowned files 虛擬機器。設定。查詢未知的檔案Virtual machine.Configuration.Query unowned files
虛擬機器。設定。交換檔放置Virtual machine.Configuration.Swapfile placement 虛擬機器。設定。變更交換檔放置Virtual machine.Configuration.Change Swapfile placement
虛擬機器。客體作業。客體作業程式執行Virtual machine.Guest Operations.Guest Operation Program Execution 虛擬機器。客體作業。客體作業程式執行Virtual machine.Guest Operations.Guest Operation Program Execution
虛擬機器。客體作業。客體作業修改Virtual machine.Guest Operations.Guest Operation Modifications 虛擬機器。客體作業。客體作業修改Virtual machine.Guest Operations.Guest Operation Modifications
虛擬機器。客體作業。客體作業查詢Virtual machine.Guest Operations.Guest Operation Queries 虛擬機器。客體作業。客體作業查詢Virtual machine.Guest Operations.Guest Operation Queries
虛擬機器。互動。裝置連線Virtual machine .Interaction .Device connection 虛擬機器。互動。裝置連線Virtual machine .Interaction .Device connection
虛擬機器。互動。由 VIX API 進行的客體作業系統管理Virtual machine .Interaction .Guest operating system management by VIX API 虛擬機器。互動。由 VIX API 進行的客體作業系統管理Virtual machine .Interaction .Guest operating system management by VIX API
虛擬機器。互動。關閉電源Virtual machine .Interaction .Power Off 虛擬機器。互動。關閉電源Virtual machine .Interaction .Power Off
虛擬機器。清查。建立新的Virtual machine .Inventory.Create new 虛擬機器。清查。建立新的Virtual machine .Inventory.Create new
虛擬機器。清查。移除Virtual machine .Inventory.Remove 虛擬機器。清查。移除Virtual machine .Inventory.Remove
虛擬機器。清查。註冊Virtual machine .Inventory.Register 虛擬機器。清查。註冊Virtual machine .Inventory.Register
虛擬機器。佈建。允許磁碟存取Virtual machine .Provisioning.Allow disk access 虛擬機器。佈建。允許磁碟存取Virtual machine .Provisioning.Allow disk access
虛擬機器。佈建。允許檔案存取Virtual machine .Provisioning.Allow file access 虛擬機器。佈建。允許檔案存取Virtual machine .Provisioning.Allow file access
虛擬機器。佈建。允許唯讀磁碟存取Virtual machine .Provisioning.Allow read-only disk access 虛擬機器。佈建。允許唯讀磁碟存取Virtual machine .Provisioning.Allow read-only disk access
虛擬機器。佈建。允許虛擬機器下載Virtual machine .Provisioning.Allow virtual machine download          虛擬機器。佈建。允許虛擬機器下載Virtual machine .Provisioning.Allow virtual machine download         
虛擬機器。快照集管理。Virtual machine .Snapshot management. 建立快照集Create snapshot 虛擬機器。快照集管理。Virtual machine .Snapshot management. 建立快照集Create snapshot
虛擬機器。快照集管理。移除快照集Virtual machine .Snapshot management.Remove Snapshot 虛擬機器。快照集管理。移除快照集Virtual machine .Snapshot management.Remove Snapshot
虛擬機器。快照集管理。還原為快照集Virtual machine .Snapshot management.Revert to snapshot 虛擬機器。快照集管理。還原為快照集Virtual machine .Snapshot management.Revert to snapshot

注意

下列表格列出 vCenter 6.0 與 vCenter 5.5 使用者帳戶的權限。The following table lists the privileges for vCenter 6.0 and vCenter 5.5 user accounts.

vCenter 6.0 使用者帳戶的權限Privileges for vCenter 6.0 user account vCenter 5.5 使用者帳戶的權限Privileges for vCenter 5.5 user account
Datastore.AllocateSpaceDatastore.AllocateSpace Network.AssignNetwork.Assign
全域。管理自訂屬性Global.Manage custom attributes Datastore.AllocateSpaceDatastore.AllocateSpace
全域。設定自訂屬性Global.Set custom attribute VirtualMachine.Config.ChangeTrackingVirtualMachine.Config.ChangeTracking
本機。本機作業。建立虛擬機器Host.Local operations.Create virtual machine VirtualMachine.State.RemoveSnapshotVirtualMachine.State.RemoveSnapshot
網路。Network. 指派網路Assign network VirtualMachine.State.CreateSnapshotVirtualMachine.State.CreateSnapshot
資源。Resource. 將虛擬機器指派給資源集區Assign virtual machine to resource pool VirtualMachine.Provisioning.DiskRandomReadVirtualMachine.Provisioning.DiskRandomRead
虛擬機器。設定。新增磁碟Virtual machine.Configuration.Add new disk VirtualMachine.Interact.PowerOffVirtualMachine.Interact.PowerOff
虛擬機器。設定。進階Virtual machine.Configuration.Advanced VirtualMachine.Inventory.CreateVirtualMachine.Inventory.Create
虛擬機器。設定。磁碟變更追蹤Virtual machine.Configuration.Disk change tracking VirtualMachine.Config.AddNewDiskVirtualMachine.Config.AddNewDisk
虛擬機器。設定。裝載 USB 裝置Virtual machine.Configuration.Host USB device VirtualMachine.Config.HostUSBDeviceVirtualMachine.Config.HostUSBDevice
虛擬機器。設定。查詢未知的檔案Virtual machine.Configuration.Query unowned files VirtualMachine.Config.AdvancedConfigVirtualMachine.Config.AdvancedConfig
虛擬機器。設定。交換檔放置Virtual machine.Configuration.Swapfile placement VirtualMachine.Config.SwapPlacementVirtualMachine.Config.SwapPlacement
虛擬機器。互動。關閉電源Virtual machine.Interaction.Power Off Global.ManageCustomFieldsGlobal.ManageCustomFields
虛擬機器。清查。Virtual machine.Inventory. 新建Create new
虛擬機器。佈建。允許磁碟Virtual machine.Provisioning.Allow disk access
虛擬機器。佈建。Virtual machine.Provisioning. 允許唯讀磁碟存取Allow read-only disk access
虛擬機器。快照集管理。建立快照集Virtual machine.Snapshot management.Create snapshot
虛擬機器。快照集管理。移除快照集Virtual machine.Snapshot management.Remove Snapshot

指派這些權限的建議步驟:The recommended steps for assigning these privileges:

建立角色,例如 BackupAdminRoleCreate a role, for example, BackupAdminRole

  1. 在 vSphere Web 用戶端中,從 [導覽] 功能表,按一下 [管理] > [角色]。In the vSphere Web Client, from the Navigator menu, click Administration > Roles.
  2. 從 [角色提供者] 下拉式功能表,選取要套用角色的 vCenter Server。From the Roles provider drop-down menu, select the vCenter Server to which the role applies.
  3. 在 [角色] 窗格中,按一下 [+] 以開啟 [建立角色] 對話方塊並建立角色。On the Roles pane, click '+' to open the Create Role dialog and create a role. 建立新的角色create a new role
  4. 將角色命名為 BackupAdminRoleName the role, BackupAdminRole.
  5. 為角色選取 (前述項目符號清單中所識別的) 權限,然後按一下 [確定]。Select the privileges (identified in the preceding bulleted list) for the role and click OK.

建立新的使用者,例如 BackupAdminCreate a new user, for example, BackupAdmin

當您建立使用者時,該使用者必須與您想要保護的物件位於相同網域。When you create a user, that user must be in the same domain as the objects you want to protect.

  1. 在 vSphere Web 用戶端中,於 [導覽] 功能表上,按一下 [管理]。In the vSphere Web Client, on the Navigator menu, click Administration.
  2. 在 [管理] 功能表上,按一下 [使用者和群組]。In the Administration menu, click Users and Groups.
  3. 若要建立新的使用者,在 [使用者] 索引標籤上,按一下 [+] 以開啟 [新增使用者] 對話方塊。To create a new user, on the Users tab, click '+' to open the New User dialog.
  4. 提供角色的使用者名稱密碼Provide a User name and password for the role. 使用 BackupAdmin 作為使用者名稱。Use BackupAdmin as the User name. 其他資訊是選擇性的。Additional information is optional.

將角色 BackupAdminRole 指派給使用者 BackupAdminAssign the role, BackupAdminRole, to the user, BackupAdmin

  1. 在 vSphere Web 用戶端中,於 [導覽] 功能表上,按一下 [管理]。In the vSphere Web Client, on the Navigator menu, click Administration.
  2. 在 [管理] 功能表上,按一下 [ 全域權限]。In the Administration menu, click Global Permissions.
  3. 在 [全域權限] 窗格中,按一下 [管理] 索引標籤。On the Global Permissions pane, click the Manage tab.
  4. 在 [管理] 索引標籤上,按一下 [+] 以開啟 [新增權限] 對話方塊。On the Manage tab, click '+' to open the Add Permission dialog.
  5. 在 [新增權限] 對話方塊中,按一下 [新增]。In the Add Permissions dialog, click Add.
  6. 在 [選取使用者/群組] 對話方塊中,從 [網域] 功能表選擇正確的網域,接著在 [使用者/群組] 資料行中選取 [BackupAdmin],然後按一下 [新增]。In the Select Users/Groups dialog, choose the correct domain from the Domain menu, then in the User/Group column select BackupAdmin, and click Add. 使用者名稱會以下列格式出現在 [使用者] 欄位中:domain\BackupAdmin。The user name appears in the Users field in the format: domain\BackupAdmin.
  7. 按一下 [確定] 以返回 [新增權限] 對話方塊。Click OK to return to the Add Permissions dialog.
  8. 在 [指派角色] 區域中,從下拉式功能表選取角色 BackupAdminRole,然後按一下 [確定]。In the Assigned Role area, from the drop-down menu, select the role, BackupAdminRole, and click OK. 新的使用者和角色關聯會出現在 [管理] 索引標籤中。The new user and role association appears in the Manage tab.

將 VMware 伺服器新增到 DPMAdd a VMware server to DPM

  1. 在 DPM 管理主控台中,按一下 [管理] > [實際執行伺服器] > [新增],以開啟 [實際執行伺服器新增精靈]。In the DPM Administrator Console, click Management > Production Servers > Add to open the Production Server Addition Wizard.

    開啟 [實際執行伺服器新增精靈]open the Production Server Addition wizard

  2. 在 [選取實際執行伺服器類型] 畫面上,選取 [VMware 伺服器],然後按一下 [下一步]。On the Select Production Server type screen, select VMware Servers, and click Next. 選取 VMware 伺服器select VMware server

  3. 在 [選取電腦] 畫面上,提供下列資訊:On the Select Computers screen, provide the following information:

    • 伺服器名稱/IP 位址:輸入 VMware 伺服器的完整網域名稱 (fQDN) 或 IP 位址。Server Name/IP Address: enter the VMware server fully qualified domain name (fQDN) or IP address.
    • SSL 連接埠:選取用來與 VMware 伺服器通訊的 SSL 連接埠號碼。SSL Port: select the SSL port number used to communicate with the VMware server. DPM 會使用 Https,透過安全連線來與 VMware 伺服器通訊。DPM uses Https to communicate with VMware servers over a secured connection. 為了與 VMware 伺服器順利進行通訊,DPM 需要針對該 VMware 伺服器設定的 SSL 連接埠號碼。To successfully communicate with VMware servers, DPM requires the SSL port number configured for that VMware server. 如果並未明確地使用不同的 SSL 連接埠來設定 VMware 伺服器,請繼續使用預設連接埠 443。If the VMware servers are not explicitly configured with different SSL ports, continue with default port, 443.
    • 指定認證:選取向此 VMware 伺服器驗證所需的認證。Specify Credential: Select the credential needed to authenticate with this VMware server. 如果尚未將必要的認證新增到 DPM,請選擇 [新增認證]。If the required credential has not yet been added to DPM, choose Add New Credential. 然後提供認證的名稱、描述、使用者名稱和密碼。Then, provide the Name, Description, User name, and Password for the credential. 當您填妥欄位之後,按一下 [新增],以將伺服器新增到 VMware 伺服器清單。Once you have filled out the fields, click Add to add the server to the list of VMware Servers. 如果您想要將更多 VMware 伺服器新增到清單,請重複執行此步驟。If you would like to add more VMware servers to the list, repeat this step. 如果您完成將伺服器新增到清單,按 [下一步]。If you are finished adding servers to the list, click Next.
  4. 在 [摘要] 畫面上選取要新增的伺服器,然後按一下 [新增]。On the Summary screen, select the server you want to add, and click Add. 將 VMware 伺服器新增到 DPM 之後,請參閱設定備份,以取得可用保護方法的相關資訊。After adding the VMware servers to DPM, see Configure Backup for information about the available methods of protection.

停用安全傳輸通訊協定Disable secure communication protocol

如果您的組織不想使用安全傳輸通訊協定 (HTTPS),您可以建立登錄機碼來停用它。If your organization does not want to use secure communication protocol (HTTPS), you can create a registry key to disable it. 建立這個登錄機碼:To create this registry key:

  1. 複製下列文字並貼至 .txt 檔案。Copy and paste the following text into a .txt file.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\VMWare]

    "IgnoreCertificateValidation"=dword:00000001

  2. 使用 DisableSecureAuthentication.reg 名稱,將檔案儲存到 DPM 伺服器。Save the file with the name, DisableSecureAuthentication.reg, to your DPM server.

  3. 按兩下檔案以啟動登錄項目。Double-click the file to activate the registry entry.

設定備份Configure Backup

當您將一或多部 VMware 伺服器新增到 DPM 之後,幾乎就可開始在 DPM 中進行保護。Once you've added the VMware server(s) to DPM, you're almost ready to start protection in DPM. 不過,開始保護之前,您需要配置 DPM 可用於短期儲存體的磁碟儲存體。However, before you begin protection, you need to allocate disk storage that DPM can use for short-term storage. 如需新增儲存體的指引,請參閱將儲存體新增到 DPMFor guidance on adding storage, see Adding Storage to DPM. 當您新增儲存體之後,就已準備好使用 [建立新保護群組] 精靈來建立 VMware VM 的保護群組。Once you have added storage, you are ready to use the Create New Protection Group wizard to create a protection group for the VMware VMs.

資料夾等級的保護Folder-level protection

VMware 提供 VM 資料夾,讓您能夠隨意組織 VM。VMware provides VM folders that let you organize VMs as you like.

DPM 可以保護個別的 VM,以及包含 VM 之資料夾的階層式等級。DPM can protect individual VMs, as well as cascading levels of folders that contain VMs. 當您選取要保護的資料夾之後,系統就會自動偵測並保護此資料夾內的所有資料夾 (和 VM)。Once you select a folder for protection, all folders (and VMs) within this folder are automatically detected and protected. 這稱為資料夾等級的保護。This is called folder-level protection. DPM 會在上午 12 點 (以 DPM 伺服器的本地時區為根據),偵測並設定 VM 的保護。DPM detects and configures protection for the VMs at 12 AM (based on the DPM server's local timezone). 當 DPM 偵測到已建立新的 VM 時,DPM 就會在那一天結束時設定保護。When DPM detects that new VMs have been created, DPM configures protection by end of that day.

擴增對叢集 VMware 伺服器的保護Scale out protection of clustered VMware servers

在大型 VMware 部署中,單部 vCenter 伺服器可以管理數千部 VM。In large VMware deployments, a single vCenter server can manage thousands of VMs. DPM 支援相應放大對 VMware 伺服器叢集的保護。DPM supports scale-out protection of VMware server clusters. 新的相應放大功能會移除 VMware 叢集與 DPM 伺服器之間一對一關聯性的限制。The new scale-out feature removes the limit of a one-to-one relationship between a VMware cluster and a DPM server. 您可以將 VM 新增至任何可辨識之 DPM 伺服器上的保護群組。You can add a VM to a protection group on any of the recognized DPM servers. 多部 DPM 伺服器可以用來保護單部 vCenter 伺服器所管理的 VM。Multiple DPM servers can be used to protect VMs managed by a single vCenter server. 不過,只有一部 DPM 伺服器可以在任何指定時間保護 VM 或資料夾。However, only one DPM server can protect a VM or folder at any given time. 已經受到某部 DPM 伺服器保護的 VM 和資料夾,無法讓另一部 DPM 伺服器加以選取。VMs and folders that are already protected by one DPM server cannot be selected by another DPM server. 若要部署相應放大的保護,至少必須有兩部 DPM 伺服器。To deploy scale-out protection, there must be a minimum of two DPM servers. 在下列範例圖中,節點 N1、N2、N3、N4 上裝載的所有虛擬機器均可看見 D1 和 D2。In the following example graphic, D1 and D2 are visible to all virtual machines hosted on nodes N1, N2, N3, and N4. 在 D1 或 D2 上建立保護群組時,可以新增任何虛擬機器。When protection groups on D1 or D2 are created, any virtual machine can be added.

相應放大伺服器陣列的概念圖conceptual diagram of a scale-out farm

將虛擬機器備份至磁碟、磁帶或雲端Backing up virtual machines to a disk, tape or cloud

DPM 可以將 VMWare VM 備份至磁碟、磁帶和 Azure 雲端。DPM can back up VMware VMs to disk, tape and to the Azure cloud. 您會在建立新的保護群組時指定保護方法。You specify the protection method while creating the new Protection Group.

對於所有操作復原案例 (例如意外刪除或損毀案例),請備份至磁碟。For all operational recovery scenarios like accidental deletion or corruption scenarios, back up to disk. 對於長期保留或異地備份需求,請備份至磁帶雲端For long-term retention or offsite backup requirements, back up to tape or cloud.

DPM 會為 Windows VM 提供應用程式一致的備份,並為 Linux VM 提供檔案一致的備份 (前提是您要在客體上安裝 VMware 工具)。DPM provides application-consistent backups of Windows VMs and file-consistent backups of Linux VMs (provided you install VMware tools on the guest).

將虛擬機器備份至磁帶Back up virtual machine to Tape

注意

適用於 DPM 2019Applicable to DPM 2019

為了在 VMWare 備份資料內部部署上長期保留,您現在可以啟用 VMWare 備份至磁帶。For long term retention on VMware backup data on-premises, you can now enable VMware backups to tape. 您可以根據磁帶磁碟機上的保留範圍 (範圍為 1-99 年) 來選取備份頻率。The backup frequency can be selected based on the retention range (which will vary from 1-99 years) on tape drives. 磁帶磁碟機上的資料可能會同時壓縮和加密。The data on tape drives could be both compressed and encrypted. DPM 2019 同時支援 OLR (原始位置復原) 和 ALR (替代位置復原) 來還原受保護的 VM。DPM 2019 supports both OLR (Original Location Recovery) & ALR (Alternate Location Recovery) for restoring the protected VM.

使用下列程序Use the following procedure:

  1. 在 [DPM 系統管理員主控台] 中按一下 [保護] > [建立保護群組],開啟 [建立新保護群組精靈]。In the DPM Administrator console, click Protection > Create protection group to open the Create New Protection Group wizard.
  2. 在 [選取群組成員] 頁面上,選取您想要保護的 VMWare VM。On the Select Group Members page, select the VMWare VMs you want to protect.
  3. 在 [選取資料保護方式] 頁面上,選取 [我想要以磁帶長期保護]。On the Select Data Protection Method page, select I want long-term protection using tape.
  4. 在 [指定長期目標] > [保留範圍] 中,指定磁帶資料的保留年限 (1-99 年)。In Specify Long-Term Goals > Retention range, specify how long you want to keep your tape data (1-99 years). 在 [備份頻率] 中選取您想要的備份頻率。In Frequency of backup, select the backup frequency that you want.
  5. 請在 [選取磁帶和媒體櫃詳細資料] 頁面上,指定用於備份此保護群組的磁帶和媒體櫃。On the Select Tape and Library Details page, specify the tape and library that'll be used for back up of this protection group. 您也可以指定是否要壓縮或加密備份資料。You can also specify whether to compress or encrypt the backup data.

建立 VMware VM 的保護群組Create a Protection Group for VMware VMs

  1. 在管理主控台中,按一下 [保護]。In the Administrator Console, click Protection.

  2. 在工具功能區上,按一下 [新增] 以開啟 [建立新保護群組] 精靈。On the tool ribbon, click New to open the Create New Protection Group wizard.

  3. 在 [選取保護群組類型] 畫面上,選取 [伺服器],然後按 [下一步]。In the Select Protection Group Type screen, select Servers and click Next. 建立新保護群組create new protection group

  4. 在 [選擇群組成員] 畫面上,展開 [可用成員] 資料夾、選取要保護的資料夾,然後按 [下一步]。In the Select Group Members screen, expand the Available members folders and select the folders to protect and click Next. 一旦選取資料夾之後,就會將成員新增到 [選取的成員] 清單。Once you select a folder, the member is added to the Selected members list. 您無法再次選取已受到 DPM 伺服器保護的項目。Items already protected by a DPM server cannot be selected again. 藉由將滑鼠放在 [可用成員] 清單中的項目上方,來檢視保護該項目的 DPM 伺服器。View the DPM server that protects an item by hovering over the item in the Available members list.

    選取新保護群組的成員select members for the new protection group

  5. 在 [選擇資料保護方式] 畫面上,輸入保護群組名稱,然後選取保護方式。On the Select Data Protection Method screen, type a Protection group name, and then select the protection method. 針對保護方式,您可以選擇:對硬碟進行短期保護、對磁帶進行長期備份或對雲端進行線上保護。For protection method, you can choose: short-term protection to a hard drive, long term backup to tape, or online protection to the cloud. 選取保護方式之後,按 [下一步]。Once you've selected your protection method, click Next.

    如果您有獨立的磁帶或連接至 DPM 伺服器的磁帶媒體櫃,您將能夠選取 [我要使用磁帶執行長期保護]。If you have a standalone tape or tape library connected to the DPM server, you'll be able to select I want long-term protection using tape.

  6. 在 [指定短期目標] 畫面上,針對 [保留範圍] 指定磁碟上資料的保留天數。On the Specify Short-Term Goals screen, for the Retention Range specify the number of days your data is kept on disk. 如果您想要在取得應用程式復原點時變更排程,按一下 [修改]。If you want to change the schedule when application recovery points are taken, click Modify. 在 [快速完整備份] 索引標籤中,選擇新的排程,設定要在一週的哪些時間和哪幾天取得快速完整備份。On the Express Full Backup tab, choose a new schedule for the time(s) and days of the week when Express Full Backups are taken. 預設為每日下午 8 點 (DPM 伺服器的當地時間)。The default is daily at 8 PM, local time for the DPM server. 當您具備所需的短期目標時,按 [下一步]。When you have the short-term goals you like, click Next.

  7. 如果想要將資料長期儲存在磁帶中,請在 [指定長期目標] 中指定磁帶資料的保留年限 (1-99 年)。If you want to store data on tape for long-term storage in Specify long-term goals, indicate how long you want to keep tape data (1-99 years). 在 [備份頻率] 中指定磁帶備份應執行的頻率。In Frequency of backup, specify how often backups to tape should run. 頻率是根據您指定的保留範圍而定︰The frequency is based on the retention range you've specified:

    • 當保留範圍是 1 到 99 年時,您可以選取以下備份頻率:每日、每週、每兩週、每月、每季、每半年或每年。When the retention range is 1-99 years, you can select backups to occur daily, weekly, bi-weekly, monthly, quarterly, half-yearly, or yearly.
    • 當保留範圍是 1 到 11 個月時,您可以選取以下備份頻率:每天、每週、每兩週或每月。When the retention range is 1-11 months, you can select backups to occur daily, weekly, bi-weekly, or monthly.
    • 當保留範圍是 1 到 4 週時,您可以選取以下備份頻率:每日或每週。When the retention range is 1-4 weeks, you can select backups to occur daily or weekly.

在獨立磁帶機上,對於單一保護群組,DPM 會使用相同的磁帶來進行每日備份,直到該磁帶上的空間不足。On a stand-alone tape drive, for a single protection group, DPM uses the same tape for daily backups until there is insufficient space on the tape. 您也可以在磁帶上共置不同保護群組的資料。You can also collocate data from different protection groups on tape.

在 [選取磁帶和媒體櫃詳細資料] 頁面中,指定要使用的磁帶/媒體櫃,以及是否應該壓縮與加密磁帶資料。On the Select Tape and Library Details page, specify the tape/library to use, and whether data should be compressed and encrypted on tape.

  1. [檢閱磁碟配置] 畫面會顯示建議的磁碟配置。On the Review Disk Allocation screen, recommended disk allocations are displayed. 系統會根據保留範圍、工作負載類型及受保護資料大小提出建議。Recommendations are based on the retention range, the type of workload and the size of the protected data. 按一下 [下一步] 。Click Next.
  2. 在 [選擇複本的建立方式] 畫面上,指定如何執行保護群組中資料的初始複寫。On the Choose Replica Creation Method screen, specify how the initial replication of data in the protection group is performed. 如果您選擇透過網路複寫,我們建議您選擇離峰時間。If you choose to replicate over the network, we recommended you choose an off-peak time. 若是大量資料或網路狀況不佳,請考慮使用卸除式媒體離線複寫資料。For large amounts of data or less than optimal network conditions, consider replicating the data offline using removable media.
  3. 在 [一致性檢查選項] 畫面上,選取自動執行一致性檢查的方式。On the Consistency Check Options screen, select how you want to automate consistency checks. 只有當複本資料變得不一致,或是排程指示時,您才能執行檢查。You can enable a check to run only when replica data becomes inconsistent, or according to a schedule. 如果不想設定自動一致性檢查,您可以執行手動檢查。If you don’t want to configure automatic consistency checking, you can run a manual check. 若要執行手動檢查,以滑鼠右鍵按一下 DPM 主控台上 [保護] 區域中的保護群組,然後選取 [執行一致性檢查]。To run a manual check, right-click the protection group in the Protection area of the DPM console, and select Perform Consistency Check.
  4. 在 [指定線上保護資料] 畫面上,選取想要保護的資料來源。On the Specify Online Protection Data screen, select the data source(s) that you want to protect.
  5. 在 [指定線上備份排程] 畫面上,指定想要將磁碟備份的備份帶到 Azure 的頻率。On the Specify Online Backup Schedule screen, specify how often you want to take a backup from the disk backup to Azure. 每次執行備份時,都會建立復原點。A recovery point is created each time a backup is taken.
  6. 在 [指定線上保留原則] 畫面上,指定想要在 Azure 中保留資料的時間長度。On the Specify Online Retention Policy screen, specify how long you want to retain your data in Azure. 使用 Azure 備份來備份 DPM 工作負載一文中,閱讀將 DPM 備份至 Azure 的詳細資訊。Read more about backing up DPM to Azure in the article, Backup DPM workloads with Azure Backup.
  7. 在 [選擇線上複寫] 畫面上,選擇您用來建立初始備份複本的方法。On the Choose Online Replication screen, choose your method for creating your initial backup copy. 預設選項是透過網路來傳送資料的初始備份複本。The default choice is to send the initial backup copy of your data over the network. 不過,如果您有大量的資料,可能要更及時地使用離線備份功能。However, if you have a large amount of data, it may be more timely to use the Offline Backup feature. 如需詳細資訊 (包括逐步解說),請參閱 Azure 中的離線備份文章。See the Offline Backup article in Azure for more information, including a step-by-step walkthrough.
  8. 在 [摘要] 畫面上檢閱設定。On the Summary screen, review the settings. 如果您有興趣了解如何將保護群組的效能最佳化,請參閱最佳化會影響效能的 DPM 作業 (英文) 一文。If you are interested in optimizing performance of the protection group, see the article, Optimizing DPM operations that affect performance. 當您滿意保護群組的所有設定之後,按一下 [建立群組],以建立保護群組並觸發初始備份複本。Once you are satisfied with all settings for the protection group, click Create Group to create the protection group and trigger the initial backup copy.

[狀態] 畫面隨即出現,並為您提供用以建立保護群組的更新,以及初始備份的狀態。The Status screen appears and gives you an update on the creation of your protection group, and the state of your initial backup.

還原 VMware 虛擬機器Restore VMware virtual machines

本節說明如何使用 DPM 來還原 VMware VM 復原點This section explains how to use DPM to restore VMware VM recovery points. 如需使用 DPM 來復原資料的概觀,請參閱復原受保護的資料For an overview on using DPM to recover data, see Recover protected data. 在 DPM 管理主控台中,有兩種方式來尋找可復原的資料:搜尋或瀏覽。In the DPM Administrator Console, there are two ways to find recoverable data - search or browse. 復原資料時,您不一定會將資料或 VM 還原到相同的位置。When recovering data, you may, or may not want to restore data or a VM to the same location. 基於這個理由,DPM 支援三個適用於 VMware VM 備份的復原選項。For this reason DPM supports three recovery options for VMware VM backups.

  • 原始位置復原 (OLR) :使用 OLR,將受保護的 VM 還原至其原始位置。Original location recovery (OLR) - Use OLR to restore a protected VM to its original location. 因為已發生備份,所以,只有在未新增或刪除任何磁碟時,您才能將 VM 還原至其原始位置。You can restore a VM to its original location only if no disks have been added or deleted, since the back up occurred. 如果已新增或刪除磁碟,您必須使用替代位置復原。If disks have been added or deleted, you must use alternate location recovery.
  • 替代位置復原 (ALR) :當原始 VM 遺失或您不想干擾原始 VM 時,請將 VM 復原到替代位置。Alternate location recovery (ALR) - When the original VM is missing, or you don't want to disturb the original VM, recover the VM to an alternate location. 若要將 VM 復原到替代位置,您必須提供 ESXi 主機的位置、資源集區、資料夾,以及儲存體資料存放區和路徑。To recover a VM to an alternate location, you must provide the location of an ESXi host, resource pool, folder, and the storage datastore and path. 為了協助區別還原的 VM 和原始 VM,DPM 會在 VM 名稱之後附加 "-Recovered"。To help differentiate the restored VM from the original VM, DPM appends "-Recovered" to the name of the VM.
  • 個別檔案位置復原 (ILR) :如果受保護的 VM 是一部 Windows Server VM,則 VM 內的個別檔案/資料夾只能使用 DPM 的 ILR 功能來復原。Individual file location recovery (ILR) - If the protected VM is a Windows Server VM, individual files/folders inside the VM can be recovered using DPM’s ILR capability. 若要復原個別檔案,請參閱本文稍後的程序。To recover individual files, see the procedure later in this article.

還原復原點Restore a recovery point

  1. 在 DPM 管理主控台中,按一下 [復原] 檢視。In the DPM Administrator Console, click Recovery view.
  2. 使用 [瀏覽] 窗格,瀏覽或篩選以尋找您想要復原的 VM。Using the Browse pane, browse or filter to find the VM you want to recover. 一旦選取 VM 或資料夾之後,[下列項目的復原點] 窗格就會顯示可用的復原點。Once you select a VM or folder, the Recovery points for pane displays the available recovery points. 開啟復原點面板open recovery points panel
  3. 在 [下列項目的復原點] 欄位中,使用行事曆和下拉式功能表來選擇取得復原點的日期。In the Recovery points for field, use the calendar and drop-down menus to select a date when a recovery point was taken. 粗體的行事曆日期具備可用的復原點。Calendar dates in bold have available recovery points.
  4. 在工具功能區上,按一下 [復原] 以開啟 [復原精靈]。On the tool ribbon, click Recover to open the Recovery Wizard. 開啟 [復原精靈]open Recovery wizard
  5. 按 [下一步] 以前進到 [指定復原選項] 畫面。Click Next to advance to the Specify Recovery Options screen.
  6. 在 [指定復原選項] 畫面上,如果您想要啟用網路頻寬節流設定,按一下 [修改]。On the Specify Recovery Options screen, if you want to enable network bandwidth throttling, click Modify. 若要讓網路節流設定保留停用狀態,按 [下一步]。To leave network throttling disabled, click Next. 此精靈畫面上沒有任何其他選項適用於 VMware VM。No other options on this wizard screen are available for VMware VMs. 如果您選擇修改網路頻寬節流設定,在 [節流處理] 對話方塊中,選取 [啟用網路頻寬使用節流設定] 來開啟它。If you choose to modify the network bandwidth throttle, in the Throttle dialog, select Enable network bandwidth usage throttling to turn it on. 啟用之後,進行設定工作排程的設定。Once enabled, configure the Settings and Work Schedule.
  7. 在 [選擇復原類型] 畫面上,選擇是否要復原到原始執行個體或新的位置,然後按 [下一步]。On the Select Recovery Type screen, choose whether to recover to the original instance, or to a new location, and click Next.
    • 如果您選擇 [復原到原始執行個體],就不需在精靈中進行任何更多選擇。If you choose Recover to original instance, you don't need to make any more choices in the wizard. 系統會使用原始執行個體的資料。The data for the original instance is used.
    • 如果您選擇 [在任何主機上依虛擬機器復原],則可在 [指定目的地] 畫面上,提供 ESXi 主機資源集區資料夾路徑的資訊。If you choose Recover as virtual machine on any host, then on the Specify Destination screen, provide the information for ESXi Host, Resource Pool, Folder, and Path. 開啟 [復原精靈]open Recovery wizard
  8. 在 [摘要] 畫面上檢閱您的設定,然後按一下 [復原] 以開始復原程序。On the Summary screen, review your settings and click Recover to start the recovery process. [復原狀態] 畫面會顯示復原作業的進度。The Recovery status screen shows the progression of the recovery operation.

從 VM 還原個別檔案Restore an individual file from a VM

注意

若要從 VM 備份還原個別檔案,只能從磁碟復原點還原。Restore of an individual file from a VM backup is possible only from the disk recovery points.

您可以從受保護的 VM 復原點還原個別檔案。You can restore individual files from a protected VM recovery point. 這項功能僅適用於 Windows Server VM。This feature is only available for Windows Server VMs. 還原個別檔案類似於還原整個 VM,不同之處在於您要先瀏覽到 VMDK 並尋找所需的檔案,然後再開始復原程序。Restoring individual files is similar to restoring the entire VM, except you browse into the VMDK and find the file(s) you want, before starting the recovery process. 從 Windows Server VM 復原個別檔案或選取檔案:To recover an individual file or select files from a Windows Server VM:

  1. 在 DPM 管理主控台中,按一下 [復原] 檢視。In the DPM Administrator Console, click Recovery view.

  2. 使用 [瀏覽] 窗格,瀏覽或篩選以尋找您想要復原的 VM。Using the Browse pane, browse or filter to find the VM you want to recover. 一旦選取 VM 或資料夾之後,[下列項目的復原點] 窗格就會顯示可用的復原點。Once you select a VM or folder, the Recovery points for pane displays the available recovery points. 開啟復原點open Recovery points

  3. 在 [下列項目的復原點:] 窗格中,使用行事曆來選取包含所需復原點的日期。In the Recovery Points for: pane, use the calendar to select the date that contains the desired recovery point(s). 根據設定備份原則的方式,日期可以有多個復原點。Depending on how the backup policy has been configured, dates can have more than one recovery point. 當您選取了取得復原點的日期之後,請確定您選擇了正確的復原時間。Once you've selected the day when the recovery point was taken, make sure you've chosen the correct Recovery time. 如果選取的日期有多個復原點,在 [復原時間] 下拉式功能表中選取您的復原點。If the selected date has multiple recovery points, choose your recovery point by selecting it in the Recovery time drop-down menu. 選擇復原點之後,可復原的項目清單就會出現在 [路徑:] 窗格中。Once you chose the recovery point, the list of recoverable items appears in the Path: pane.

  4. 若要尋找您想要復原的檔案,在 [路徑] 窗格中,按兩下 [可復原的項目] 資料行中的項目來開啟它。To find the files you want to recover, in the Path pane, double-click the item in the Recoverable item column to open it. 選取您想要復原的一或多個檔案或是資料夾。Select the file, files, or folders you want to recover. 若要選取多個項目,在選取每個項目的同時按住 Ctrl 鍵。To select multiple items, press the Ctrl key while selecting each item. 使用 [路徑] 窗格,來搜尋要在 [可復原的項目] 資料行中出現的檔案或資料夾清單。Use the Path pane to search the list of files or folders appearing in the Recoverable Item column. [搜尋下列清單] 不會搜尋到子資料夾。Search list below does not search into subfolders. 若要搜尋所有子資料夾,請按兩下該資料夾。To search through subfolders, double-click the folder. 使用 [向上] 按鈕,從子資料夾移至上層資料夾。Use the Up button to move from a child folder into the parent folder. 您可以選取多個項目 (檔案和資料夾),但它們必須位於同一個上層資料夾。You can select multiple items (files and folders), but they must be in the same parent folder. 您無法在同一個復原作業中復原多個資料夾的項目。You cannot recover items from multiple folders in the same recovery job.

  5. 當您選取要復原的項目之後,在管理主控台的工具功能區中,按一下 [復原] 以開啟 [復原精靈]。When you have selected the item(s) for recovery, in the Administrator Console tool ribbon, click Recover to open the Recovery Wizard. 在 [復原精靈] 中,[檢閱復原選項] 畫面會顯示要復原的選取項目。In the Recovery Wizard, the Review Recovery Selection screen shows the selected items to be recovered.

    檢閱復原點review Recovery points

  6. 在 [指定復原選項] 畫面上,如果您想要啟用網路頻寬節流設定,按一下 [修改]。On the Specify Recovery Options screen, if you want to enable network bandwidth throttling, click Modify. 若要讓網路節流設定保留停用狀態,按 [下一步]。To leave network throttling disabled, click Next. 此精靈畫面上沒有任何其他選項適用於 VMware VM。No other options on this wizard screen are available for VMware VMs. 如果您選擇修改網路頻寬節流設定,在 [節流處理] 對話方塊中,選取 [啟用網路頻寬使用節流設定] 來開啟它。If you choose to modify the network bandwidth throttle, in the Throttle dialog, select Enable network bandwidth usage throttling to turn it on. 啟用之後,進行設定工作排程的設定。Once enabled, configure the Settings and Work Schedule.

  7. 在 [選擇復原類型] 畫面上,按 [下一步]。On the Select Recovery Type screen, click Next. 您只能將檔案或資料夾復原到網路資料夾。You can only recover your file(s) or folder(s) to a network folder.

  8. 在 [指定目的地] 畫面上,按一下 [瀏覽] 以尋找檔案或資料夾的網路位置。On the Specify Destination screen, click Browse to find a network location for your files or folders. DPM 會建立要在其中複製所有已復原項目的資料夾。DPM creates a folder where all recovered items are copied. 資料夾名稱含有前置詞 DPM_day-month-year。The folder name has the prefix, DPM_day-month-year. 當您選取已復原檔案或資料夾的位置時,即會提供該位置的詳細資料 (目的地、目的地路徑和可用空間)。When you select a location for the recovered files or folder, the details for that location (Destination, Destination path, and available space) are provided. 指定檔案或資料夾的目的地specify destination for files or folders

  9. 在 [指定復原選項] 畫面上,選擇要套用的安全性設定。On the Specify Recovery Options screen, choose which security setting to apply. 您可以選擇修改網路頻寬使用節流設定,但預設會停用節流設定。You can opt to modify the network bandwidth usage throttling, but throttling is disabled by default. 此外,不會啟用 [SAN 復原] 和 [通知]。Also, SAN Recovery and Notification are not enabled.

  10. 在 [摘要] 畫面上檢閱您的設定,然後按一下 [復原] 以開始復原程序。On the Summary screen, review your settings and click Recover to start the recovery process. [復原狀態] 畫面會顯示復原作業的進度The Recovery status screen shows the progression of the recovery operation.

VMWare 平行備份VMware parallel backups

使用舊版的 DPM,只能跨保護群組執行平行備份。With earlier versions of DPM, parallel backups were performed only across protection groups. 有了 DPM 2019,單一保護群組中所有 VMWare VM 備份都是平行處理,可加快 VM 備份的速度。With DPM 2019, all your VMWare VMs backup within a single protection group would be parallel, leading to faster VM backups. 所有 VMWare 差異複寫作業應會平行執行。All VMWare delta replication jobs would run in parallel. 平行執行的作業數預設為 8。By default, number of jobs to run in parallel is set to 8.

您可以如下所示,使用登錄機碼 (預設不存在,您需要新增),來修改作業數:You can modify the number of jobs by using the registry key as shown below (not present by default, you need to add):

機碼路徑:Software\Microsoft\Microsoft Data Protection Manager\Configuration\ MaxParallelIncrementalJobs\VMWare Key Type:DWORD (32 位元) 值。Key Path : Software\Microsoft\Microsoft Data Protection Manager\Configuration\ MaxParallelIncrementalJobs\VMWare Key Type : DWORD (32-bit) value.

注意

您可以將作業數修改為較高的值。You can modify the number of jobs to a higher value. 如果您將作業數設定為 1,複寫作業就會循序執行。If you set the jobs number to 1, replication jobs run serially. 若要將數目增加至較高的值,您必須考慮 VMWare 的效能。To increase the number to a higher value, you must consider the VMWare performance. 考慮使用中的資源數以及 VMWare vSphere Server 上所需的其他用量,您應判斷要平行執行的差異複寫作業數。Considering the number of resources in use and additional usage required on VMWare vSphere Server, you should determine the number of delta replication jobs to run in parallel. 此外,此變更只會影響新建立的保護群組。Also, this change will affect only the newly created Protection Groups. 針對現有的保護群組,您必須暫時將另一個 VM 新增到保護群組。For existing Protection groups you must temporarily add another VM to the protection group. 這應該會相應地更新保護群組設定。This should update the Protection Group configuration accordingly. 在此程序完成之後,您可以將此 VM 從保護群組移除。You can remove this VM from the Protection Group after the procedure is completed.

VMWare vSphere 6.7VMWare vSphere 6.7

若要備份 vSphere 6.7,請執行下列動作:To backup vSphere 6.7 do the following:

  • 在 DPM Server 上啟用 TLS 1.2Enable TLS 1.2 on DPM Server

    注意

    VMWare 6.7 以後的版本已啟用 TLS 做為通訊協定。VMWare 6.7 onwards had enabled TLS as communication protocol.

  • 設定登錄機碼,如下所示:Set the registry keys as follows:

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    "SystemDefaultTlsVersions"=dword:00000001
    "SchUseStrongCrypto"=dword:00000001
    

從 VMware VM 備份中排除磁碟Exclude disk from VMware VM backup

注意

此功能適用於 DPM 2019 UR1 和更新版本。This feature is applicable for DPM 2019 UR1 and later.

在 DPM 2019 UR1 中,您可以從 VMware VM 備份中排除特定磁碟。With DPM 2019 UR1, you can exclude the specific disk from VMware VM backup. 設定指令碼 ExcludeDisk.ps1 位於 C:\Program Files\Microsoft System Center\DPM\DPM\bin 資料夾。The configuration script ExcludeDisk.ps1 is located at C:\Program Files\Microsoft System Center\DPM\DPM\bin folder.

若要設定磁碟排除,請依照下列步驟執行:To configure the disk exclusion, follow the steps below:

識別要排除的 VMWare VM 與磁碟詳細資料Identify the VMWare VM and disk details to be excluded

  1. 在 VMware 主控台上,移至您要排除磁碟之 VM 的 VM 設定。On the VMware console, go to VM settings for which, you want to exclude the disk.

  2. 選取您要排除的磁碟,並記下該磁碟的路徑。Select the disk that you want to exclude and note the path for that disk.

    例如,若要從 TestVM4 排除硬碟 2,硬碟 2 的路徑是 [datastore1] TestVM4/TestVM4_1.vmdkFor example, to exclude the Hard Disk 2 from the TestVM4, the path for Hard Disk 2 is [datastore1] TestVM4/TestVM4_1.vmdk.

    測試 VM

設定 DPM 伺服器Configure DPM Server

瀏覽至已設定 VMware VM 保護的 DPM 伺服器以設定磁碟排除。Navigate to DPM server where the VMware VM is configured for protection to configure disk exclusion.

  1. 取得 DPM 伺服器所保護之 VMware 主機的詳細資料。Get the details of VMware host that is protected on the DPM server.

    PS C:\>$psInfo = get-DPMProductionServer
    PS C:\> $psInfo
    
    ServerName   ClusterName    Domain         ServerProtectionState
    ----------    -----------   ------         ---------------------
    Vcentervm1                Contoso.COM     NoDatasourcesProtected
    
  2. 選取 VMware 主機並列出該 VMware 主機的 VM 保護。Select the VMware host and list the VMs protection for the VMware host.

    PS C:\> $vmDsInfo = get-DPMDatasource -ProductionServer $psInfo[0] -Inquire
    PS C:\> $vmDsInfo
    
    Computer     Name     ObjectType
    --------     ----     ----------
    Vcentervm1  TestVM2      VMware
    Vcentervm1  TestVM1      VMware
    Vcentervm1  TestVM4      VMware
    
  3. 選取您要排除磁碟的 VM。Select the VM for which you want to exclude a disk.

    PS C:\>$vmDsInfo[2]
    
    Computer     Name    ObjectType
    --------     ----    ----------
    Vcentervm1  TestVM4  VMware
    
  4. 若要排除磁碟,請瀏覽至 [Bin] 資料夾並搭配下列參數執行 ExcludeDisk.ps1 指令碼:To exclude disk, navigate to Bin folder and run the ExcludeDisk.ps1 script with the following parameters:

    注意

    在執行此命令之前,請停止 DPM 伺服器上的 DPMRA 服務。Before running this command, stop the DPMRA service on the DPM server. 否則,指令碼將會傳回成功,但不會更新排除清單。Else, the script returns success, but does not update the exclusion list. 在停止服務之前,請確定沒有進行中的作業。Ensure there are no jobs in progress before stopping the service.

    使用 DPM 2019 UR2 可改善此體驗。With DPM 2019 UR2, this experience is improved. 您可以執行指令碼,而不需要停止 DPMRA 服務。You can run the script without stopping the DPMRA service.

    若要新增/移除要排除的磁碟,請執行下列命令:To add/remove the disk from exclusion, run the following command:

    ./ExcludeDisk.ps1 -Datasource $vmDsInfo[0] [-Add|Remove] "[Datastore] vmdk/vmdk.vmdk"
    

    範例:若要針對 TestVM4 新增磁碟排除,請執行下列命令Example: To add the disk exclusion for TestVM4, run the following command

    PS C:\Program Files\Microsoft System Center\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -Add "[datastore1] TestVM4/TestVM4\_1.vmdk"
    Creating C:\Program Files\Microsoft System Center\DPM\DPM\bin\excludedisk.xml
    Disk : [datastore1] TestVM4/TestVM4\_1.vmdk, has been added to disk exclusion list.
    
  5. 確認已新增要排除的磁碟Verify that the disk has been added for exclusion

    若要檢視特定 VM 的現有排除,請執行下列命令:To view the existing exclusion for specific VMs, run the following command:

    ./ExcludeDisk.ps1 -Datasource $vmDsInfo[0] [-view]
    

    範例Example

    PS C:\Program Files\Microsoft System Center\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -view
    <VirtualMachine>
    <UUID>52b2b1b6-5a74-1359-a0a5-1c3627c7b96a</UUID>
    <ExcludeDisk>[datastore1] TestVM4/TestVM4\_1.vmdk</ExcludeDisk>
    </VirtualMachine>
    

在您設定此 VM 的保護之後,系統將不會在保護期間列出排除的磁碟。Once you configure the protection for this VM, excluded disk will not be listed during protection.

注意

如果您是針對已保護的 VM 執行這些步驟,您必須在新增要排除的磁碟之後手動執行一致性檢查。If you are performing these steps for already protected VM, you need to run the consistency check manually after adding the disk for exclusion.

從排除移除磁碟Remove the disk from exclusion

若要從排除移除磁碟,請執行下列命令:To remove the disk from exclusion run the following command:

PS C:\Program Files\Microsoft System Center\DPM\DPM\bin> ./ExcludeDisk.ps1 -Datasource $vmDsInfo[2] -Remove "[datastore1] TestVM4/TestVM4\_1.vmdk"