Microsoft Azure Backup Server又名MABS是 Azure Backup 的云优先备份解决方案,旨在(Azure Backup)为企业的广泛多样的 IT 环境提供数据保护,以帮助最大限度地提高备份效率。但是,传统环境中用于备份虚拟环境的原则与Azure 备份服务器(Azure Backup Server)中使用的原则大不相同。因此,有必要获取有关使用Azure 备份服务器为(Azure Backup Server)VMware 虚拟机(VMware Virtual Machines)创建备份的第一手信息。该帖子将指导您完成此过程。
为VMware服务器工作负载配置Azure 备份服务器(Azure Backup Server)
Azure Backup Server可以保护 VMware vCenter Server 版本并且有足够的能力备份VMware vCenter Server版本。
该过程的第一步是建立与vCenter Server的安全连接。为此,必须在Azure 备份服务器上安装(Azure Backup Server)VMware 证书颁发机构(VMware Certificate Authority)(CA) 证书。然后,您可以使用Azure 备份服务器(Azure Backup Server)计算机上的浏览器通过 vSphere Web Client连接到 vCenter Server。
但是这种连接将不安全。要更改此方案,请执行以下操作,
在Azure 备份服务器(Azure Backup Server)上的浏览器中,输入vSphere Web Client的(Web Client)URL。vSphere Web Client登录页面应立即出现在您面前。在右侧提供的说明底部,您可以找到下载受信任的根 CA 证书的链接。
点击链接以强制 vCenter Server将文件下载到本地计算机。为方便用户,文件命名为“下载”。
之后,根据您运行的浏览器类型,您将收到一条消息,提示您打开或保存文件。建议将文件保存到Azure 备份服务器(Azure Backup Server)上的某个位置,这样做时,请确保添加.zip文件扩展名。使用.zip扩展名,提取所有工具变得更加容易。
完成后,右键单击 download.zip,然后选择“全部提取”选项以提取内容。操作完成后,所有内容都将添加到名为 certs 的文件夹中。certs 文件夹下将显示两种类型的文件。(注意:根证书文件具有以 .0 和 .1 等编号序列开头的扩展名。CRL文件具有以 .r0 或 .r1 等序列开头的扩展名。CRL文件(CRL)与证书相关联。 )
在 certs 文件夹中,右键单击根证书文件,然后单击重命名(Rename)。将根证书的扩展名更改为 .crt。当您这样做时,文件的图标将更改为代表根证书的图标。
右键单击(Right-click)根证书,然后从弹出菜单中选择Install Certificate。将显示证书导入向导(Certificate Import Wizard)对话框。当看到它时,选择本地机器(Local Machine)作为证书的目的地,然后点击下一步按钮继续。
接下来,在“证书存储(Certificate Store)”页面上,选择“将(Place)所有证书放入以下存储”选项,然后单击“浏览(Browse)”以选择证书存储。
选择“受信任的根证书颁发机构”作为证书的目标文件夹,然后单击确定,如下图所示。
在退出“完成证书导入向导(Certificate Import Wizard)页面”之前,请确保证书位于所需的文件夹中。验证并显示一切正常后,单击Finish。
您的计算机屏幕上应会出现一个对话框,确认已成功完成证书导入。登录(Sign)到 vCenter Server以确认您的连接是安全的。
该过程的第二步涉及在 vCenter Server上创建角色和用户帐户。因此,创建一个具有特定权限的角色,然后将用户帐户与该角色相关联。
Azure 备份服务器(Azure Backup Server)对所有备份操作使用用户名和密码。要为备份管理员添加 vCenter Server角色及其权限,请执行以下操作,
登录到 vCenter Server,然后在 vCenter Server Navigator面板下导航到Administration选项并选择它。
在“管理”标题下,选择角色(Roles),然后从其面板中选择添加角色图标(add role icon)(+ 符号)。
确认后,您的计算机屏幕上会弹出一个“创建角色”(Create Role’)对话框。
在那里,在针对“角色(Role)名称”框提供的空白字段中,输入文本。它应该特定于目的。
接下来,选择权限并选中父标签旁边的图标以展开父视图。
完成后,单击“确定”。新角色将在角色(Roles)面板的列表中可见。
上述步骤标志着第二步的结束。第三步是创建 vCenter Server用户帐户和权限。为此,访问 vCenter Server Navigator面板并在其下找到“用户和组(Groups)”部分。选择它,以显示“vCenter 用户和组(Groups)”面板。
从中选择第一个选项卡“用户”,然后单击添加用户图标(+ 符号)。
确认后的操作将显示“新用户(New User)”对话框。在其下,添加用户信息,然后单击“确定”。新用户帐户将出现在列表中。
接下来,将用户帐户与角色相关联,然后继续完成该过程的最后一步,其中包括将 vCenter Server添加到Azure 备份服务器(Azure Backup Server)。要完成此操作,请使用生产服务器添加向导(Production Server Addition Wizard)。它有助于将 vCenter Server添加到Azure 备份服务器(Azure Backup Server)。
使用Azure 备份服务器(Azure Backup Server)控制台访问生产服务器添加向导(Production Server Addition Wizard)。
在它下面,选择如图所示的“生产服务器类型”,然后选择“添加”选项卡以将 VMware 服务器添加到已添加的(Production)VMware服务器(Added VMware Servers)列表中。
最后,移动到“摘要页面”并将指定的VMware服务器添加到Azure 备份服务器(Azure Backup Server)。新服务器会立即添加。单击下一步(Click Next)移动到向导中的下一页。这标志着该过程的结束步骤,“完成(Finish)”页面向您显示结果。
这只是该过程的要点。要阅读完整的分步设置,您可以参考此Microsoft 文档。(Microsoft document.)
Backup VMware Virtual Machines with Azure Backup Server
Microsoft Azure Backup Server a.k.a. MABS is a cloud-first backup solution of Azure Backup designed to offer data protection across wide-ranging and diverse IT environments of enterprises to help maximize their backup efficiency. However, the principles used in a traditional environment to back up a virtual environment is quite different to the one employed in Azure Backup Server. As such, it is necessary to get firsthand information regarding the creation of backup for VMware Virtual Machines with Azure Backup Server. The post guides you through this process.
Configure Azure Backup Server for VMware server workloads
Azure Backup Server can protect and is sufficiently capable of backing up VMware vCenter Server versions.
The first step in the process is to establish a secure connection to the vCenter Server. For this, it is essential to have VMware Certificate Authority (CA) certificate installed on Azure Backup Server. Then, you can use a browser on the Azure Backup Server machine to connect to the vCenter Server via the vSphere Web Client.
But this connection will not be secure. To change this scenario, do the following,
In the browser on Azure Backup Server, enter the URL to the vSphere Web Client. Instantly, the vSphere Web Client login page should appear before you. At the bottom of the description provided on the right-hand side, you can find the link to download trusted root CA certificates.
Hit the link to force vCenter Server to downloads a file to your local computer. For user’s convenience, the file is named as ‘Download’.
After that, depending on the kind of browser you are running, you will receive a message prompting you to either open or save the file. It is advisable to save the file to a location on Azure Backup Server and when you do so, make sure to add the .zip file name extension. With the .zip extension, it becomes easier to extract all the tools.
When done, right-click download.zip, and select ‘Extract All’ option to extract the contents. Once the action is complete, all the contents will be added to a folder named certs. Two types of files will be visible under the certs folder. (Note: The root certificate file has an extension that begins with a numbered sequence like .0 and .1. The CRL file has an extension that begins with a sequence like .r0 or .r1. The CRL file is associated with a certificate.)
In the certs folder, right-click the root certificate file, and then click Rename. Change the root certificate’s extension to .crt. When you do so, the icon for the file will change to an icon that represents a root certificate.
Right-click the root certificate and from the pop-up menu, select Install Certificate. The Certificate Import Wizard dialog box will be displayed. When it is seen, select Local Machine as the destination for the certificate, and hit the Next button to continue.
Next, on the Certificate Store page, select ‘Place all certificates in the following store’ option, and then click Browse to choose the certificate store.
Choose ‘Trusted Root Certification Authorities’ as the destination folder for the certificates, and then click OK as seen in the picture below.
Before exiting the ‘Completing the Certificate Import Wizard page’, make sure that the certificate is in the desired folder. When verified and all appears fine, click Finish.
A dialog box should appear on your computer screen confirming the successful completion of certificate import. Sign in to the vCenter Server to confirm that your connection is secure.
The second step in the process involves, create a role and user account on the vCenter Server. So, create a role with specific privileges, and associate the user account with the role, after that.
Azure Backup Server uses a username and password for all backup operations. For adding a vCenter Server role and its privileges for a backup administrator, do the following,
Sign in to the vCenter Server, and under the vCenter Server Navigator panel navigates to Administration option and select it.
Under ‘Administration’ heading, select Roles, and from its panel choose the add role icon (the + symbol).
Upon confirming this, a ‘Create Role’ dialog box will pop up on your computer screen.
There, in the empty field provided against ‘Role name’ box, enter a text. It should be specific to the purpose.
Next, select the privileges and check the icon adjacent to the parent label to expand the parent and view.
When done, click ‘Ok’. The new role will become visible in the list on the Roles panel.
The above step marks the end of the second step. The third step is to create a vCenter Server user account and permissions. For this, access vCenter Server Navigator panel and find ‘Users and Groups’ section under it. Select it, to display ‘vCenter Users and Groups’ panel.
From it, choose the first tab ‘Users’, and then click the add users icon (the + symbol).
The action when confirmed will display ‘New User’ dialog box. Under it, add the user’s information and then click OK. The new user account will appear in the list.
Next, associate the user account with the role and proceed to complete the last step of the process which includes adding the vCenter Server to Azure Backup Server. To complete this, use Production Server Addition Wizard. It helps in adding the vCenter Server to Azure Backup Server.
Use the Azure Backup Server console to access Production Server Addition Wizard.
Under it, select the ‘Production server type’ as shown in the image and choose the ‘Add’ tab to add the VMware server to the list of Added VMware Servers.
Finally, move to the ‘Summary page’ and add a specified VMware server to Azure Backup Server. The new server gets added immediately. Click Next to move to the next page in the wizard. This marks the end step of the process with the Finish page showing you the results.
This was just the gist of the process. To read the complete step-by-step setup, you can refer to this Microsoft document.