更新、備份與還原軟體定義的網路基礎結構Update, Backup, and Restore Software Defined Networking Infrastructure

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

更新 SDN 基礎結構Updating the SDN Infrastructure

更新是所有的作業系統系統元件的軟體定義網路 (SDN) 上安裝 Windows 更新的處理程序。Updating is the process of installing Windows updates on all of the operating system components of the Software Defined Networking (SDN) system. 這包括 SDN HYPER-V 主機的網路控制器 Vm、 軟體負載平衡器 Mux Vm 和 RAS 閘道 Vm 的支援。This includes the SDN enabled Hyper-V hosts, Network Controller VMs, Software Load Balancer Mux VMs and RAS Gateway VMs. 很重要的所有的這些元件有完全相同設定安裝的更新。It is critical that all of these components have the exact same set of Updates installed. 如果使用 System Center 一樣 Manager 也建議您,您也更新的最新更新彙總套件,以及。If System Center Virtual Machine Manager is used it is also recommended that you also update it with the latest Update Rollups as well.

每個元件更新安裝 windows 更新使用的任何標準方法執行,步驟如下所述的但是請務必依照以確保最低下時間工作負載,並確保 Network Controller 資料庫的完整性。Updating of each component is performed using any of the standard methods for installing windows updates, however the steps described below must be followed to ensure minimal down time for workloads, and to ensure the integrity of the Network Controller database.

步驟 1: 更新管理主機Step 1: Update the management consoles

在每一部電腦,您可以使用的網路控制器 Powershell 模組安裝必要更新。Install necessary updates on each of the computers where you use the Network Controller Powershell module. 這任何位置點一下包含您已經安裝本身 RSAT-NetworkController 角色。This includes anywhere that you have the RSAT-NetworkController role installed by itself. 這會包括網路控制器 Vm 本身不為他們將會更新中執行 「 步驟 2。This does not including the Network Controller VMs themselves as they will be updated in Step 2.

步驟 2: 更新網路控制器Step 2: Update the Network Controllers

每個網路控制器 VM 必須更新,並會完全回 online 中的下一個之前 Network Controller 叢集後,這是在更新循環最重要的步驟。This is the most critical step in the update cycle since each Network Controller VM must be updated and be fully back online in the Network Controller cluster before proceeding to the next one.

開始一個網路控制器 VM 並安裝所有所需的更新。Start with one Network Controller VM and install all necessary updates. 如有需要,請重新開機 VM。Restart the VM if necessary.

之前的下一個網路控制器 VM 使用取得-networkcontrollernode 檢查更新] 節點狀態並重新開機。Before proceeding to the next Network Controller VM use get-networkcontrollernode to check the status of the node that was Updated and rebooted. 等待在重新開機循環後,再回來一次 Network Controller 節點。Wait for the Network Controller node to go down during the reboot cycle and then come back up again. VM 重新開機之後,仍可能需要幾分鐘來回復到上狀態。After the VM has rebooted, it can still take several minutes for it to go back into the Up state.

範例: 若要查看的網路控制器節點狀態使用取得-networkcontrollernodeExample: Using get-networkcontrollernode to check the status of Network Controller nodes

此範例中顯示執行取得-networkcontrollernode 的其中一個網路控制器 Vm 中的輸出。This example shows the output from running get-networkcontrollernode from within one of the Network Controller VMs. 它會顯示舒適地在兩個節點時,NCNode1.contoso.com 已關閉。It shows that NCNode1.contoso.com is Down while the other two nodes are healthy. 您必須等待幾分鐘的時間之前狀態該節點變更為向上之前的更新的任何其他節點。You must wait up to several minutes until the status for that node changes to Up before proceeding with Updating any additional nodes.

PS C:\> get-networkcontrollernode
Name            : NCNode1.contoso.com
Server          : NCNode1.Contoso.com
FaultDomain     : fd:/NCNode1.Contoso.com
RestInterface   : Ethernet
NodeCertificate :
Status          : Down

Name            : NCNode2.Contoso.com
Server          : NCNode2.contoso.com
FaultDomain     : fd:/ NCNode2.Contoso.com
RestInterface   : Ethernet
NodeCertificate :
Status          : Up

Name            : NCNode3.Contoso.com
Server          : NCNode3.Contoso.com
FaultDomain     : fd:/ NCNode3.Contoso.com
RestInterface   : Ethernet
NodeCertificate :
Status          : Up

僅限所有網路控制器節點上狀態之後可以您重複這些步驟針對每個其他的 Network Controller 節點。Only after all Network Controller nodes are in the Up state can you repeat these steps for each additional Network Controller node. 繼續其中每個節點更新一次。Continue to update each node one at a time.

所有節點 Network Controller 的更新之後,Network Controller 將更新 microservices Network Controller 叢集中執行中一小時。Once all of the Network Controller nodes are updated, the Network Controller will update the microservices running within the Network Controller cluster within one hour. 您可以立即更新使用的更新-networkcontroller cmdlet 觸發程序。You can trigger an immediate update using the update-networkcontroller cmdlet.

範例: 使用更新-networkcontroller 強制 Network Controller 更新Example: Using update-networkcontroller to force Network Controller to update

並不會顯示剩餘安裝更新時,此命令顯示更新-networkcontroller 的結果。This command shows the result of update-networkcontroller when there are not updates remaining to be installed.

PS C:\> update-networkcontroller
NetworkControllerClusterVersion NetworkControllerVersion
------------------------------- ------------------------
10.1.1                          10.1.15

步驟 3: 更新 SLB MuxesStep 3: Update SLB Muxes

在每個 SLB Mux VM 一個安裝更新,來確保連續負載平衡器基礎結構一次。Install updates on each SLB Mux VM one at a time to ensure continuous availability of the load balancer infrastructure.

步驟 4: 更新 HYPER-V 主機和 RAS 閘道Step 4: Update Hyper-V Hosts and RAS Gateways

不會中斷連接承租人移轉 RAS 閘道 Vm 不能動態,因為小心以該承租人連接將會移轉到新的 RAS 閘道更新期間減少的次數。Because RAS Gateway VMs can't be live migrated without losing tenant connections, care must be taken in order to minimize the number of times that tenant connections will be failed over to a new RAS gateways during the Updating cycle. 協調更新主機和 RAS 閘道每個承租人將只容錯移轉至少一次。By coordinating the Updating of the hosts and RAS gateways each tenant will only fail-over at most one time.

為每個主機,包含 RAS 閘道待命模式中的主機開始,請依照下列步驟:Follow these steps for each host, starting with the hosts that contain the RAS Gateways that are in Standby mode:

  1. 逃離 Vm 即時移轉的支援的主機。Evacuate the host of VMs that are capable of live migration. RAS 閘道 Vm 應維持在主機上。RAS Gateway VMs should remain on the host.
  2. 在每個閘道 VM,該主機上安裝的更新。Install updates on each Gateway VM on this host.
  3. 如果更新需要重新開機,然後重新開機 VM VM 閘道。If update requires the gateway VM to reboot then reboot the VM.
  4. 包含閘道 VM 只是更新主機上安裝的更新。Install updates on the host containing the gateway VM that was just Updated.
  5. 如果所需的更新,請重新開機主機。Reboot the host if required by the updates.
  6. 重複包含待命閘道每個額外的主機。Repeat for each additional host containing a standby gateway. 如果仍未待命閘道,然後依照其餘的所有主機相同的步驟。If no standby gateways remain, then follow these same steps for all remaining hosts.

備份 SDN 基礎結構Backup the SDN infrastructure

定期備份 Network Controller 資料庫非常重要確保業務持續性發生嚴重損壞或資料遺失。Regular backups of the Network Controller database are critical to ensure business continuity in the event of a disaster or data loss. 備份網路控制器 Vm 不足,因為不確定該仲裁維護跨多個網路控制器節點。Backing up the Network Controller VMs is insufficient because it does not ensure that quorum is maintained across the multiple Network Controller nodes. 需求:Requirements:

  • 在 SMB 共用和認證的權限讀取/寫入共用和檔案系統。A SMB share and credentials with Read/Write permissions to the share and file system.
  • 您也可以使用 Network Controller 的安裝方向是使用 GMSA,以及群組管理服務 Account (GMSA)。You can optionally use a Group Managed Service Account (GMSA) if the Network Controller was installed using a GMSA as well.

請依照下列步驟來執行備份:Follow these steps to perform a backup:

  1. 備份網路控制器 Vm 使用 VM 備份方法您選擇,或使用 HYPER-V 匯出每個網路控制器 VM 的複本。Backup the Network Controller VMs using the VM backup method of your choice, or use Hyper-V to export a copy of each Network Controller VM. 這樣可確保,包括還原 Vm 的基礎結構完整重建執行時,如果解密資料庫必要的憑證有。This will ensure that if a full rebuild including restoration of the infrastructure VMs is performed, the necessary certificates for decrypting the database are present.
  2. 如果您使用 System Center 一樣管理員 (SCVMM),停止 SCVMM 服務,透過確保任何更新對這期間,無法建立的備份 Network Controller 和 SCVMM 一致 SCVMM SQL Server 備份。If you are using System Center Virtual Machine Manager (SCVMM), stop the SCVMM service and back it up via SQL Server to ensure that no updates are made to SCVMM during this time which could create an inconsistency between the Network Controller backup and SCVMM. 請不要重新開始 SCVMM 服務 Network Controller 備份之前完成。Do not re-start the SCVMM service until the Network Controller backup is complete.
  3. 備份 Network Controller 資料庫中使用新 networkcontrollerbackup。Backup the Network Controller database using new-networkcontrollerbackup.

    範例: Network Controller 資料庫備份Example: Backing up the Network Controller database

    $URI = "https://NC.contoso.com"
    $Credential = Get-Credential
    # Get or Create Credential object for File share user
    $ShareUserResourceId = "BackupUser"
    $ShareCredential = Get-NetworkControllerCredential -ConnectionURI $URI -Credential $Credential | Where {$_.ResourceId -eq $ShareUserResourceId }
    If ($ShareCredential -eq $null) {
        $CredentialProperties = New-Object Microsoft.Windows.NetworkController.CredentialProperties
        $CredentialProperties.Type = "usernamePassword"
        $CredentialProperties.UserName = "contoso\alyoung"
        $CredentialProperties.Value = "<Password>"
        $ShareCredential = New-NetworkControllerCredential -ConnectionURI $URI -Credential $Credential -Properties $CredentialProperties -ResourceId $ShareUserResourceId -Force
    # Create backup
    $BackupTime = (get-date).ToString("s").Replace(":", "_")
    $BackupProperties = New-Object Microsoft.Windows.NetworkController.NetworkControllerBackupProperties
    $BackupProperties.BackupPath = "\\fileshare\backups\NetworkController\$BackupTime"
    $BackupProperties.Credential = $ShareCredential
    $Backup = New-NetworkControllerBackup -ConnectionURI $URI -Credential $Credential -Properties $BackupProperties -ResourceId $BackupTime -Force
  4. 使用取得-networkcontrollerbackup 檢查完成和成功的備份。Use get-networkcontrollerbackup to check for completion and success of the backup.

    範例: 檢查備份 Network Controller 的狀態Example: Checking the status of a Network Controller backup operation

    PS C:\ > Get-NetworkControllerBackup -ConnectionUri $URI -Credential $Credential -ResourceId $Backup.ResourceId
    | ConvertTo-JSON -Depth 10
        "Tags":  null,
        "ResourceRef":  "/networkControllerBackup/2017-04-25T16_53_13",
        "InstanceId":  "c3ea75ae-2892-4e10-b26c-a2243b755dc8",
        "Etag":  "W/\"0dafea6c-39db-401b-bda5-d2885ded470e\"",
        "ResourceMetadata":  null,
        "ResourceId":  "2017-04-25T16_53_13",
        "Properties":  {
                        "BackupPath":  "\\\\fileshare\backups\NetworkController\\2017-04-25T16_53_13",
                        "ErrorMessage":  "",
                        "FailedResourcesList":  [
                        "SuccessfulResourcesList":  [
                        "InProgressResourcesList":  [
                        "ProvisioningState":  "Succeeded",
                        "Credential":  {
                                            "Tags":  null,
                                            "ResourceRef":  "/credentials/BackupUser",
                                            "InstanceId":  "00000000-0000-0000-0000-000000000000",
                                            "Etag":  null,
                                            "ResourceMetadata":  null,
                                            "ResourceId":  null,
                                            "Properties":  null
  5. 如果使用 SCVMM 就可以開始 SCVMM 服務。If using SCVMM you can now start SCVMM service.

從備份還原 SDN 基礎結構Restore the SDN infrastructure from a backup

還原 」 是從 SDN 環境回到操作狀態的備份還原所有的必要元件程序。Restore is the process of restoring all necessary components from backup to return an SDN environment to an operational state. 步驟會根據元件正在還原量稍微而有所不同。The steps will vary slightly depending on the amount of components that are being restored.

  1. 如有需要,重新部署 HYPER-V 主機和必要的儲存空間。If necessary, redeploy Hyper-V hosts and the necessary storage.

  2. 如有需要,請從備份還原網路控制器 Vm、 RAS 閘道 Vm 和 Mux Vm。If necessary, restore the Network Controller VMs, RAS Gateway VMs and Mux VMs from backup.

  3. 所有 HYPER-V 主機上停止 NC 主機代理程式和 SLB 主機代理程式Stop NC Host Agent and SLB Host Agent on all Hyper-V hosts

    stop-service slbhostagent
    stop-service nchostagent
  4. 停止 RAS 閘道 VmStop RAS Gateway VMs

  5. 停止 SLB Mux VmStop SLB Mux VMs

  6. 還原使用新 networkcontrollerrestore cmdlet 網路控制器。Restore the Network Controller using the new-networkcontrollerrestore cmdlet.

    範例: 還原 Network Controller 資料庫Example: Restoring a Network Controller database

    $URI = "https://NC.contoso.com"
    $Credential = Get-Credential
    $ShareUserResourceId = "BackupUser"
    $ShareCredential = Get-NetworkControllerCredential -ConnectionURI $URI -Credential $Credential | Where {$_.ResourceId -eq $ShareUserResourceId }
    $RestoreProperties = New-Object Microsoft.Windows.NetworkController.NetworkControllerRestoreProperties
    $RestoreProperties.RestorePath = "\\fileshare\backups\NetworkController\2017-04-25T16_53_13"
    $RestoreProperties.Credential = $ShareCredential
    $RestoreTime = (Get-Date).ToString("s").Replace(":", "_")
    New-NetworkControllerRestore -ConnectionURI $URI -Credential $Credential -Properties $RestoreProperties -ResourceId $RestoreTime -Force
  7. 請了解當還原已成功完成 ProvisioningState 還原。Check the restore ProvisioningState to know when the restore had completed successfully.

    範例: 檢查 Network Controller 資料庫還原的狀態Example: Checking the status of a Network Controller database restore

    PS C:\ > get-networkcontrollerrestore -connectionuri $uri -credential $cred -ResourceId $restoreTime | convertto-json -depth 10
        "Tags":  null,
        "ResourceRef":  "/networkControllerRestore/2017-04-26T15_04_44",
        "InstanceId":  "22edecc8-a613-48ce-a74f-0418789f04f6",
        "Etag":  "W/\"f14f6b84-80a7-4b73-93b5-59a9c4b5d98e\"",
        "ResourceMetadata":  null,
        "ResourceId":  "2017-04-26T15_04_44",
        "Properties":  {
                        "RestorePath":  "\\\\sa18fs\\sa18n22\\NetworkController\\2017-04-25T16_53_13",
                        "ErrorMessage":  null,
                        "FailedResourcesList":  null,
                        "SuccessfulResourcesList":  null,
                        "ProvisioningState":  "Succeeded",
                        "Credential":  null
  8. 如果使用 SCVMM,還原 SCVMM 資料庫中使用與 Network Controller 備份同時所建立的備份。If using SCVMM, restore the SCVMM database using the backup that was created at the same time as the Network Controller backup.

  9. 工作負載 Vm 正在從備份還原,如果您可以立即執行。If workload VMs are being restored from backup, you can do that now.

  10. 用於偵錯-networkcontrollerconfigurationstate cmdlet 檢查您的系統的健康狀態。Use the debug-networkcontrollerconfigurationstate cmdlet to check the health of your system.

$cred = Get-Credential
Debug-NetworkControllerConfigurationState -NetworkController "https://NC.contoso.com" -Credential $cred

Fetching ResourceType:     accessControlLists
Fetching ResourceType:     servers
Fetching ResourceType:     virtualNetworks
Fetching ResourceType:     networkInterfaces
Fetching ResourceType:     virtualGateways
Fetching ResourceType:     loadbalancerMuxes
Fetching ResourceType:     Gateways

資訊可能會出現的設定狀態訊息,請查看進行疑難排解的 Windows Server 2016 軟體定義網路堆疊For information on configuration state messages that may appear, see Troubleshoot the Windows Server 2016 Software Defined Networking Stack.