azure恢复服务linux,恢复服务保管库概述

您现在访问的是微软AZURE全球版技术文档网站，若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站，请访问 https://docs.azure.cn.

恢复服务保管库概述Recovery Services vaults overview

08/17/2020

本文内容

本文介绍恢复服务保管库的功能。This article describes the features of a Recovery Services vault. 恢复服务保管库是 Azure 中用于存储数据的存储实体。A Recovery Services vault is a storage entity in Azure that houses data. 数据通常是虚拟机 (VM)、工作负荷、服务器或工作站的数据或配置信息的副本。The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations. 可以使用恢复服务保管库为各种 Azure 服务(例如 IaaS VM(Linux 或 Windows))和 Azure SQL 数据库存储备份数据。You can use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. 恢复服务保管库支持 System Center DPM、Windows Server、Azure 备份服务器等。Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more. 使用恢复服务保管库可以方便地组织备份数据，并将管理开销降至最低。Recovery Services vaults make it easy to organize your backup data, while minimizing management overhead. 恢复服务保管库基于 Azure 的 Azure 资源管理器模型，该模型提供如下功能：Recovery Services vaults are based on the Azure Resource Manager model of Azure, which provides features such as:

有助于确保备份数据安全的增强功能：使用恢复服务保管库时，Azure 备份提供用于保护云备份的安全功能。Enhanced capabilities to help secure backup data: With Recovery Services vaults, Azure Backup provides security capabilities to protect cloud backups. 这些安全功能确保可以保护备份并安全地恢复数据，即使生产服务器和备份服务器受到危害。The security features ensure you can secure your backups, and safely recover data, even if production and backup servers are compromised. 了解详细信息Learn more

针对混合 IT 环境进行集中监视：使用恢复服务保管库时，可以通过中心门户监视 Azure IaaS VM 和 本地资产。Central monitoring for your hybrid IT environment: With Recovery Services vaults, you can monitor not only your Azure IaaS VMs but also your on-premises assets from a central portal. 了解详细信息Learn more

Azure 基于角色的访问控制 (Azure RBAC) ：Azure RBAC 在 Azure 中提供精细的访问管理控制。Azure role-based access control (Azure RBAC): Azure RBAC provides fine-grained access management control in Azure. 恢复服务保管库与 Azure RBAC 兼容，后者会限制对已定义用户角色集的备份和还原访问权限。Recovery Services vaults are compatible with Azure RBAC, which restricts backup and restore access to the defined set of user roles. 了解详细信息Learn more

软删除：在使用软删除的情况下，即使恶意行动者删除了备份(或用户意外删除了备份数据)，备份数据也仍会保留 14 天，因此可以恢复该备份项，而不会丢失数据。Soft Delete: With soft delete, even if a malicious actor deletes a backup (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. 以“软删除”状态将备份数据额外保留 14 天不会向你收取任何费用。The additional 14 days of retention for backup data in the "soft delete" state don't incur any cost to you.

跨区域还原：跨区域还原 (CRR) 使你可以在辅助区域(即 Azure 配对区域)中还原 azure vm。Cross Region Restore: Cross Region Restore (CRR) allows you to restore Azure VMs in a secondary region, which is an Azure paired region. 通过在 保管库级别启用此功能，你可以在选择时随时还原次要区域中的复制数据。By enabling this feature at the vault level, you can restore the replicated data in the secondary region any time, when you choose. 这使你能够在不等待 Azure 声明灾难 (与保管库的 GRS 设置) 的情况下，还原辅助区域数据以实现审核合规性和中断方案。This enables you to restore the secondary region data for audit-compliance, and during outage scenarios, without waiting for Azure to declare a disaster (unlike the GRS settings of the vault).

恢复服务保管库中的存储设置Storage settings in the Recovery Services vault

恢复服务保管库是用于存储在不同时间创建的备份和恢复点的实体。A Recovery Services vault is an entity that stores the backups and recovery points created over time. 恢复服务保管库还包含与受保护虚拟机关联的备份策略。The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines.

Azure 备份会自动处理保管库的存储。Azure Backup automatically handles storage for the vault.

若要了解有关存储冗余的详细信息，请参阅以下文章：地域、本地和区域冗余。To learn more about storage redundancy, see these articles on geo, local and zonal redundancy.

恢复服务保管库中的加密设置Encryption settings in the Recovery Services vault

本部分介绍可用于加密恢复服务保管库中存储的备份数据的选项。This section discusses the options available for encrypting your backup data stored in the Recovery Services vault.

使用平台托管的密钥加密备份数据Encryption of backup data using platform-managed keys

默认情况下，所有数据将使用平台托管的密钥进行加密。By default, all your data is encrypted using platform-managed keys. 无需从你的终端执行任何明确操作即可实现此加密。You don't need to take any explicit action from your end to enable this encryption. 这种加密适用于要备份到恢复服务保管库的所有工作负荷。It applies to all workloads being backed up to your Recovery Services vault.

使用客户托管密钥加密备份数据Encryption of backup data using customer-managed keys

可以选择使用所拥有和管理的加密密钥来加密数据。You can choose to encrypt your data using encryption keys owned and managed by you. Azure 备份允许你使用存储在 Azure 密钥保管库中的 RSA 密钥对备份进行加密。Azure Backup lets you use your RSA keys stored in the Azure Key Vault for encrypting your backups. 用于加密备份的加密密钥可能与用于源的加密密钥不同。The encryption key used for encrypting backups may be different from the one used for the source. 数据受到基于 AES 256 的数据加密密钥 (DEK) 的保护，而 DEK 又受到你的密钥的保护。The data is protected using an AES 256 based data encryption key (DEK), which is, in turn, protected using your keys. 这使你可以完全控制数据和密钥。This gives you full control over the data and the keys. 若要允许加密，必须向恢复服务保管库授予对 Azure Key Vault 中的加密密钥的访问权限。To allow encryption, the Recovery Services vault must be granted access to the encryption key in the Azure Key Vault. 可以根据需要禁用密钥或撤销访问权限。You can disable the key or revoke access whenever needed. 但是，在你尝试保护保管库中的任何项目之前，必须先使用你的密钥启用加密。However, you must enable encryption using your keys before you attempt to protect any items to the vault.

阅读有关如何 使用客户管理的密钥加密备份数据的详细信息。Read more about how to encrypt your backup data using customer-managed keys.

Azure 顾问Azure Advisor

Azure 顾问是个性化的云顾问，可帮助优化 Azure 的使用。Azure Advisor is a personalized cloud consultant that helps optimize the use of Azure. 它会分析 Azure 的使用情况，并提供及时的建议来帮助优化和保护部署。It analyzes your Azure usage and provides timely recommendations to help optimize and secure your deployments. 它提供四个类别的建议：高可用性、安全性、性能和成本。It provides recommendations in four categories: High Availability, Security, Performance, and Cost.

Azure 顾问为未备份的 VM 提供每小时建议，因此，你永远不会错过备份重要的 VM。Azure Advisor provides hourly recommendations for VMs that aren't backed up, so you never miss backing up important VMs. 你还可以通过推迟建议来控制建议。You can also control the recommendations by snoozing them. 可选择建议，然后通过指定保管库(将在其中存储备份)和备份策略(备份计划和备份副本保留期)来在 VM 上启用内联备份。You can select the recommendation and enable backup on VMs in-line by specifying the vault (where backups will be stored) and the backup policy (schedule of backups and retention of backup copies).

其他资源Additional resources

后续步骤Next steps

使用以下文章了解相关操作：Use the following articles to: