Please enter search query.
Search <book_title>...
NetBackup™ Snapshot Manager 安装和升级指南
Last Published:
2022-10-28
Product(s):
NetBackup (10.1)
- 简介
- 第 I 部分. NetBackup Snapshot Manager 安装和配置
- 准备 NetBackup Snapshot Manager 安装
- 使用容器映像部署 NetBackup Snapshot Manager
- 部署 NetBackup Snapshot Manager 扩展
- NetBackup Snapshot Manager 云插件
- NetBackup Snapshot Manager 应用程序代理和插件
- 使用 NetBackup Snapshot Manager 无代理功能保护资产
- NetBackup Snapshot Manager 中的卷加密
- NetBackup Snapshot Manager 安全性
- 第 II 部分. NetBackup Snapshot Manager 维护
在 Microsoft Azure 上配置权限
Snapshot Manager 必须有权访问 Microsoft Azure 资产,然后才能保护这些资产。您必须关联 Snapshot Manager 用户可用于处理 Azure 资产的自定义角色。
以下是自定义角色定义(JSON 格式),它使 Snapshot Manager 能够执行以下操作:
配置 Azure 插件和发现资产。
创建主机和磁盘快照。
将快照还原到原始位置或新位置。
删除快照。
{
{
"roleName": "CloudPoint-permissions",
"description": "Necessary permissions for Azure plug-in operations in CloudPoint",
"assignableScopes": [
"/subscriptions/<Subscriptions_ID>"
],
"permissions": [
{
"actions": [
"Microsoft.Storage/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Sql/*/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Compute/disks/endGetAccess/action",
"Microsoft.Compute/snapshots/delete",
"Microsoft.Compute/snapshots/write",
"Microsoft.Compute/snapshots/beginGetAccess/action",
"Microsoft.Compute/snapshots/endGetAccess/action",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/delete",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/vmSizes/read",
"Microsoft.Compute/virtualMachines/powerOff/action",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/delete",
"Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/publicIPAddresses/delete",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/*/read",
"Microsoft.Resources/subscriptions/tagNames/tagValues/write",
"Microsoft.Resources/subscriptions/tagNames/write",
"Microsoft.Subscription/*/read",
"Microsoft.Authorization/locks/*",
"Microsoft.Authorization/*/read",
"Microsoft.ContainerService/managedClusters/agentPools/read",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Compute/virtualMachineScaleSets/write",
"Microsoft.Compute/virtualMachineScaleSets/delete/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
如果 Snapshot Manager 扩展安装在 Azure 中的托管 Kubernetes 群集上,则还可以在配置插件之前添加以下权限:
"Microsoft.ContainerService/managedClusters/agentPools/read", "Microsoft.ContainerService/managedClusters/read", "Microsoft.Compute/virtualMachineScaleSets/write", "Microsoft.Compute/virtualMachineScaleSets/delete/action"
PaaS 工作负载所需的其他权限:
"Microsoft.DBforMySQL/servers/read", "Microsoft.DBforMySQL/servers/databases/read", "Microsoft.DBforMySQL/flexibleServers/read", "Microsoft.DBforMySQL/flexibleServers/databases/read", "Microsoft.DBforPostgreSQL/servers/read", "Microsoft.DBforPostgreSQL/servers/databases/read", "Microsoft.DBforPostgreSQL/flexibleServers/read", "Microsoft.DBforPostgreSQL/flexibleServers/databases/read", "Microsoft.Sql/*/write", "Microsoft.Sql/*/delete"
要使用 powershell 创建自定义角色,请执行 Azure 文档中提及的步骤。
例如:
New-AzureRmRoleDefinition -InputFile "C:\CustomRoles\ReaderSupportRole.json"
要使用 Azure CLI 创建自定义角色,请执行 Azure 文档中提及的步骤。
例如:
az role definition create --role-definition "~/CustomRoles/ ReaderSupportRole.json"
注意:
在创建角色之前,必须先将之前提供的角色定义(JSON 格式的文本)复制到 .json 文件,然后将该文件用作输入文件。在前面显示的示例命令中,ReaderSupportRole.json 将用作包含角色定义文本的输入文件。
要使用此角色,请执行以下操作:
将此角色分配给在 Azure 环境中运行的应用程序。
在 Snapshot Manager 中,使用应用程序的凭据配置 Azure 脱离主机插件。