Poznámka
Přístup k této stránce vyžaduje autorizaci. Můžete se zkusit přihlásit nebo změnit adresáře.
Přístup k této stránce vyžaduje autorizaci. Můžete zkusit změnit adresáře.
This article describes how to use PowerShell to set up Azure Backup on a DPM server, and to manage backup and recovery.
Set up the PowerShell environment
Before you can use PowerShell to manage backups from Data Protection Manager to Azure, you need to have the right environment in PowerShell. At the start of the PowerShell session, ensure that you run the following command to import the right modules and allow you to correctly reference the DPM cmdlets:
& "C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\bin\DpmCliInitScript.ps1"
Welcome to the DPM Management Shell!
Full list of cmdlets: Get-Command
Only DPM cmdlets: Get-DPMCommand
Get general help: help
Get help for a cmdlet: help <cmdlet-name> or <cmdlet-name> -?
Get definition of a cmdlet: Get-Command <cmdlet-name> -Syntax
Sample DPM scripts: Get-DPMSampleScript
Setup and Registration
Poznámka:
K interakci s Azure doporučujeme použít modul Azure Az PowerShell. Pokud chcete začít, přečtěte si téma Instalace Azure PowerShellu. Informace o tom, jak migrovat na modul Az PowerShell, najdete v tématu Migrace Azure PowerShellu z AzureRM na Az.
To begin, download the latest Azure PowerShell.
The following setup and registration tasks can be automated with PowerShell:
- Create a Recovery Services vault
- Instalace agenta Azure Backup
- Registering with the Azure Backup service
- Nastavení sítě
- Nastavení šifrování
Create a Recovery Services vault
The following steps lead you through creating a Recovery Services vault. Trezor služby Recovery Services se liší od trezoru služby Backup.
Pokud službu Azure Backup používáte poprvé, musíte k registraci poskytovatele služby Azure Recovery Service ve vašem předplatném použít rutinu Register-AzResourceProvider .
Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"The Recovery Services vault is an ARM resource, so you need to place it within a Resource Group. Můžete použít existující skupinu prostředků nebo vytvořit novou. Při vytváření nové skupiny prostředků zadejte název a umístění skupiny prostředků.
New-AzResourceGroup –Name "test-rg" –Location "West US"Use the New-AzRecoveryServicesVault cmdlet to create a new vault. Be sure to specify the same location for the vault as was used for the resource group.
New-AzRecoveryServicesVault -Name "testvault" -ResourceGroupName " test-rg" -Location "West US"Zadejte typ redundance úložiště, který se má použít. You can use Locally Redundant Storage (LRS), Geo-redundant Storage (GRS), or Zone-redundant storage (ZRS). The following example shows the BackupStorageRedundancy option for testVault set to GeoRedundant.
Návod
Řada rutin služby Azure Backup vyžaduje jako vstup objekt trezoru služby Recovery Services. Z tohoto důvodu je vhodné uložit objekt trezoru služby Backup Recovery Services do proměnné.
$vault1 = Get-AzRecoveryServicesVault –Name "testVault" Set-AzRecoveryServicesBackupProperties -vault $vault1 -BackupStorageRedundancy GeoRedundant
View the vaults in a subscription
Použijte Get-AzRecoveryServicesVault k zobrazení seznamu všech trezorů v aktuálním předplatném. You can use this command to check that a new vault was created, or to see what vaults are available in the subscription.
Run the command, Get-AzRecoveryServicesVault, and all vaults in the subscription are listed.
Get-AzRecoveryServicesVault
Name : Contoso-vault
ID : /subscriptions/1234
Type : Microsoft.RecoveryServices/vaults
Location : WestUS
ResourceGroupName : Contoso-docs-rg
SubscriptionId : 1234-567f-8910-abc
Properties : Microsoft.Azure.Commands.RecoveryServices.ARSVaultProperties
Installing the Azure Backup agent on a DPM Server
Před instalací agenta Azure Backup musíte instalační program stáhnout a prezentovat na Windows Serveru. Nejnovější verzi instalačního programu můžete získat z webu Stažení softwaru společnosti Microsoft nebo na stránce řídicího panelu trezoru služby Recovery Services. Uložte instalační program do snadno přístupného umístění, například C:\Downloads\*.
To install the agent, run the following command in an elevated PowerShell console on the DPM server:
MARSAgentInstaller.exe /q
Tím se agent nainstaluje se všemi výchozími možnostmi. Instalace trvá několik minut na pozadí. If you don't specify the /nu option the Windows Update window opens at the end of the installation to check for any updates.
The agent shows up in the list of installed programs. Chcete-li zobrazit seznam nainstalovaných programů, přejděte na Ovládací panely>Programy>a funkce.
Možnosti instalace
Pokud chcete zobrazit všechny možnosti dostupné prostřednictvím příkazového řádku, použijte následující příkaz:
MARSAgentInstaller.exe /?
Mezi dostupné možnosti patří:
| Možnost | Podrobnosti | Default |
|---|---|---|
| /q | Tichou instalaci | - |
| /p:"umístění" | Cesta k instalační složce pro agenta Azure Backup | C:\Program Files\Microsoft Azure Recovery Services Agent |
| /s:"umístění" | Cesta ke složce mezipaměti pro agenta Azure Backup | C:\Program Files\Microsoft Azure Recovery Services Agent\Scratch |
| /m | Opt-in to Microsoft Update | - |
| /nu | Do not Check for updates after installation is complete | - |
| /d | Odinstaluje agenta Microsoft Azure Recovery Services. | - |
| /ph | Adresa hostitele proxy serveru | - |
| /po | Číslo portu hostitele proxy serveru | - |
| /pu | Uživatelské jméno hostitele proxy serveru | - |
| /pw | Heslo proxy serveru | - |
Registering DPM to a Recovery Services vault
Po vytvoření trezoru služby Recovery Services stáhněte nejnovějšího agenta a přihlašovací údaje trezoru a uložte ho do vhodného umístění, jako je C:\Downloads.
$credspath = "C:\downloads"
$credsfilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $vault1 -Path $credspath
$credsfilename
C:\downloads\testvault\_Sun Apr 10 2016.VaultCredentials
On the DPM server, run the Start-OBRegistration cmdlet to register the machine with the vault.
$cred = $credspath + $credsfilename
Start-OBRegistration-VaultCredentials $cred -Confirm:$false
CertThumbprint :7a2ef2caa2e74b6ed1222a5e89288ddad438df2
SubscriptionID : aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e
ServiceResourceName: testvault
Region :West US
Machine registration succeeded.
Initial configuration settings
Once the DPM Server is registered with the Recovery Services vault, it starts with default subscription settings. These subscription settings include Networking, Encryption and the Staging area. To change subscription settings you need to first get a handle on the existing (default) settings using the Get-DPMCloudSubscriptionSetting cmdlet:
$setting = Get-DPMCloudSubscriptionSetting -DPMServerName "TestingServer"
All modifications are made to this local PowerShell object $setting and then the full object is committed to DPM and Azure Backup to save them using the Set-DPMCloudSubscriptionSetting cmdlet. You need to use the –Commit flag to ensure that the changes are persisted. The settings won't be applied and used by Azure Backup unless committed.
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -Commit
Síťování
If the connectivity of the DPM machine to the Azure Backup service on the internet is through a proxy server, then the proxy server settings should be provided for successful backups. This is done by using the -ProxyServerand -ProxyPort, -ProxyUsername and the ProxyPassword parameters with the Set-DPMCloudSubscriptionSetting cmdlet. In this example, there's no proxy server so we're explicitly clearing any proxy-related information.
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -NoProxy
Bandwidth usage can also be controlled with options of -WorkHourBandwidth and -NonWorkHourBandwidth for a given set of days of the week. In this example, we aren't setting any throttling.
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -NoThrottle
Configure the staging Area
The Azure Backup agent running on the DPM server needs temporary storage for data restored from the cloud (local staging area). Configure the staging area using the Set-DPMCloudSubscriptionSetting cmdlet and the -StagingAreaPath parameter.
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -StagingAreaPath "C:\StagingArea"
In the example above, the staging area will be set to C:\StagingArea in the PowerShell object $setting. Ensure that the specified folder already exists, or else the final commit of the subscription settings will fail.
Nastavení šifrování
Zálohovaná data odesílaná do služby Azure Backup se šifrují za účelem ochrany důvěrnosti dat. Šifrovací heslo je heslo pro dešifrování dat v době obnovení. It's important to keep this information safe and secure once it's set.
In the example below, the first command converts the string passphrase123456789 to a secure string and assigns the secure string to the variable named $Passphrase. The second command sets the secure string in $Passphrase as the password for encrypting backups.
$Passphrase = ConvertTo-SecureString -string "passphrase123456789" -AsPlainText -Force
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -EncryptionPassphrase $Passphrase
Důležité
Jakmile je heslo nastavené, udržujte je v bezpečí a zabezpečte. You won't be able to restore data from Azure without this passphrase.
At this point, you should have made all the required changes to the $setting object. Remember to commit the changes.
Set-DPMCloudSubscriptionSetting -DPMServerName "TestingServer" -SubscriptionSetting $setting -Commit
Protect data to Azure Backup
In this section, you'll add a production server to DPM and then protect the data to local DPM storage and then to Azure Backup. In the examples, we'll demonstrate how to back up files and folders. The logic can easily be extended to back up any DPM-supported data source. All your DPM backups are governed by a Protection Group (PG) with four parts:
- Group members is a list of all the protectable objects (also known as Datasources in DPM) that you want to protect in the same protection group. For example, you may want to protect production VMs in one protection group and SQL Server databases in another protection group as they may have different backup requirements. Before you can back up any datasource on a production server you need to make sure the DPM Agent is installed on the server and is managed by DPM. Follow the steps for installing the DPM Agent and linking it to the appropriate DPM Server.
- Data protection method specifies the target backup locations - tape, disk, and cloud. In our example, we'll protect data to the local disk and to the cloud.
- A backup schedule that specifies when backups need to be taken and how often the data should be synchronized between the DPM Server and the production server.
- Plán uchovávání informací, který určuje, jak dlouho se mají zachovat body obnovení v Azure.
Create a protection group
Start by creating a new Protection Group using the New-DPMProtectionGroup cmdlet.
$PG = New-DPMProtectionGroup -DPMServerName " TestingServer " -Name "ProtectGroup01"
The above cmdlet will create a Protection Group named ProtectGroup01. An existing protection group can also be modified later to add backup to the Azure cloud. However, to make any changes to the Protection Group - new or existing - we need to get a handle on a modifiable object using the Get-DPMModifiableProtectionGroup cmdlet.
$MPG = Get-ModifiableProtectionGroup $PG
Add group members to the Protection Group
Each DPM Agent knows the list of datasources on the server that it's installed on. To add a datasource to the Protection Group, the DPM Agent needs to first send a list of the datasources back to the DPM server. One or more datasources are then selected and added to the Protection Group. The PowerShell steps needed to achieve this are:
- Fetch a list of all servers managed by DPM through the DPM Agent.
- Choose a specific server.
- Fetch a list of all datasources on the server.
- Choose one or more datasources and add them to the Protection Group
The list of servers on which the DPM Agent is installed and is being managed by the DPM Server is acquired with the Get-DPMProductionServer cmdlet. In this example, we'll filter and only configure PowerShell with the name productionserver01 for backup.
$server = Get-ProductionServer -DPMServerName "TestingServer" | Where-Object {($_.servername) –contains "productionserver01"}
Now fetch the list of datasources on $server using the Get-DPMDatasource cmdlet. In this example we're filtering for the volume D:\ that we want to configure for backup. This datasource is then added to the Protection Group using the Add-DPMChildDatasource cmdlet. Remember to use the modifiable protection group object $MPG to make the additions.
$DS = Get-Datasource -ProductionServer $server -Inquire | Where-Object { $_.Name -contains "D:\" }
Add-DPMChildDatasource -ProtectionGroup $MPG -ChildDatasource $DS
Repeat this step as many times as required, until you've added all the chosen datasources to the protection group. You can also start with just one datasource, and complete the workflow for creating the Protection Group, and at a later point add more datasources to the Protection Group.
Select the data protection method
Once the datasources have been added to the Protection Group, the next step is to specify the protection method using the Set-DPMProtectionType cmdlet. In this example, the Protection Group is set up for local disk and cloud backup. You also need to specify the datasource that you want to protect to cloud using the Add-DPMChildDatasource cmdlet with -Online flag.
Set-DPMProtectionType -ProtectionGroup $MPG -ShortTerm Disk –LongTerm Online
Add-DPMChildDatasource -ProtectionGroup $MPG -ChildDatasource $DS –Online
Set the retention range
Set the retention for the backup points using the Set-DPMPolicyObjective cmdlet. While it might seem odd to set the retention before the backup schedule has been defined, using the Set-DPMPolicyObjective cmdlet automatically sets a default backup schedule that can then be modified. It's always possible to set the backup schedule first and the retention policy after.
In the example below, the cmdlet sets the retention parameters for disk backups. This will retain backups for 10 days, and sync data every 6 hours between the production server and the DPM server. The SynchronizationFrequencyMinutes doesn't define how often a backup point is created, but how often data is copied to the DPM server. This setting prevents backups from becoming too large.
Set-DPMPolicyObjective –ProtectionGroup $MPG -RetentionRangeInDays 10 -SynchronizationFrequencyMinutes 360
For backups going to Azure (DPM refers to them as Online backups) the retention ranges can be configured for long term retention using a Grandfather-Father-Son scheme (GFS). That is, you can define a combined retention policy involving daily, weekly, monthly and yearly retention policies. In this example, we create an array representing the complex retention scheme that we want, and then configure the retention range using the Set-DPMPolicyObjective cmdlet.
$RRlist = @()
$RRList += (New-Object -TypeName Microsoft.Internal.EnterpriseStorage.Dls.UI.ObjectModel.OMCommon.RetentionRange -ArgumentList 180, Days)
$RRList += (New-Object -TypeName Microsoft.Internal.EnterpriseStorage.Dls.UI.ObjectModel.OMCommon.RetentionRange -ArgumentList 104, Weeks)
$RRList += (New-Object -TypeName Microsoft.Internal.EnterpriseStorage.Dls.UI.ObjectModel.OMCommon.RetentionRange -ArgumentList 60, Month)
$RRList += (New-Object -TypeName Microsoft.Internal.EnterpriseStorage.Dls.UI.ObjectModel.OMCommon.RetentionRange -ArgumentList 10, Years)
Set-DPMPolicyObjective –ProtectionGroup $MPG -OnlineRetentionRangeList $RRlist
Set the backup schedule
DPM sets a default backup schedule automatically if you specify the protection objective using the Set-DPMPolicyObjective cmdlet. To change the default schedules, use the Get-DPMPolicySchedule cmdlet followed by the Set-DPMPolicySchedule cmdlet.
$onlineSch = Get-DPMPolicySchedule -ProtectionGroup $mpg -LongTerm Online
Set-DPMPolicySchedule -ProtectionGroup $MPG -Schedule $onlineSch[0] -TimesOfDay 02:00
Set-DPMPolicySchedule -ProtectionGroup $MPG -Schedule $onlineSch[1] -TimesOfDay 02:00 -DaysOfWeek Sa,Su –Interval 1
Set-DPMPolicySchedule -ProtectionGroup $MPG -Schedule $onlineSch[2] -TimesOfDay 02:00 -RelativeIntervals First,Third –DaysOfWeek Sa
Set-DPMPolicySchedule -ProtectionGroup $MPG -Schedule $onlineSch[3] -TimesOfDay 02:00 -DaysOfMonth 2,5,8,9 -Months Jan,Jul
Set-DPMProtectionGroup -ProtectionGroup $MPG
In the example above, $onlineSch is an array with four elements that contains the existing online protection schedule for the Protection Group in the GFS scheme:
-
$onlineSch[0]contains the daily schedule -
$onlineSch[1]contains the weekly schedule -
$onlineSch[2]contains the monthly schedule -
$onlineSch[3]contains the yearly schedule
So if you need to modify the weekly schedule, you need to refer to the $onlineSch[1].
Prvotní zálohování
When you back up a datasource for the first time, DPM needs creates initial replica that creates a full copy of the datasource to be protected on DPM replica volume. This activity can either be scheduled for a specific time, or can be triggered manually, using the Set-DPMReplicaCreationMethod cmdlet with the parameter -NOW.
Set-DPMReplicaCreationMethod -ProtectionGroup $MPG -NOW
Change the size of DPM Replica & recovery point volume
You can also change the size of DPM Replica volume and Shadow Copy volume using Set-DPMDatasourceDiskAllocation cmdlet as in the following example: Get-DatasourceDiskAllocation -Datasource $DS Set-DatasourceDiskAllocation -Datasource $DS -ProtectionGroup $MPG -manual -ReplicaArea (2gb) -ShadowCopyArea (2gb)
Commit the changes to the Protection Group
Finally, the changes need to be committed before DPM can take the backup per the new Protection Group configuration. This can be achieved using the Set-DPMProtectionGroup cmdlet.
Set-DPMProtectionGroup -ProtectionGroup $MPG
View the backup points
You can use the Get-DPMRecoveryPoint cmdlet to get a list of all recovery points for a datasource. In this example, we will:
- fetch all the PGs on the DPM server and stored in an array
$PG - get the datasources corresponding to the
$PG[0] - get all the recovery points for a datasource.
$PG = Get-DPMProtectionGroup –DPMServerName "TestingServer"
$DS = Get-DPMDatasource -ProtectionGroup $PG[0]
$RecoveryPoints = Get-DPMRecoverypoint -Datasource $DS[0] -Online
Restore data protected on Azure
Restoring data is a combination of a RecoverableItem object and a RecoveryOption object. In the previous section, we got a list of the backup points for a datasource.
In the example below, we demonstrate how to restore a Hyper-V virtual machine from Azure Backup by combining backup points with the target for recovery. This example includes:
- Creating a recovery option using the New-DPMRecoveryOption cmdlet.
- Fetching the array of backup points using the
Get-DPMRecoveryPointcmdlet. - Choosing a backup point to restore from.
$RecoveryOption = New-DPMRecoveryOption -HyperVDatasource -TargetServer "HVDCenter02" -RecoveryLocation AlternateHyperVServer -RecoveryType Recover -TargetLocation "C:\VMRecovery"
$PG = Get-DPMProtectionGroup –DPMServerName "TestingServer"
$DS = Get-DPMDatasource -ProtectionGroup $PG[0]
$RecoveryPoints = Get-DPMRecoverypoint -Datasource $DS[0] -Online
Restore-DPMRecoverableItem -RecoverableItem $RecoveryPoints[0] -RecoveryOption $RecoveryOption
The commands can easily be extended for any datasource type.
Další kroky
- For more information about DPM to Azure Backup see Introduction to DPM Backup