使用 Azure 文件同步,即可将组织的文件共享集中在 Azure 文件中,同时又不失本地文件服务器的灵活性、性能和兼容性。 Azure 文件同步可将 Windows Server 转换为 Azure 文件共享的快速缓存。 可以使用 Windows Server 上可用的任意协议本地访问数据,包括 SMB、NFS 和 FTPS。 并且可以根据需要在世界各地具有多个缓存。
对于“Internet Explorer 增强的安全性配置”对话框中的“管理员”和“用户”,都选择“关” :
若要禁用“Internet Explorer 增强的安全性配置”,请在权限提升的 PowerShell 会话中执行以下命令:
$installType = (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\").InstallationType
# This step is not required for Server Core
if ($installType -ne "Server Core") {
# Disable Internet Explorer Enhanced Security Configuration
# for Administrators
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0 -Force
# Disable Internet Explorer Enhanced Security Configuration
# for Users
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" -Name "IsInstalled" -Value 0 -Force
# Force Internet Explorer closed, if open. This is required to fully apply the setting.
# Save any work you have open in the Internet Explorer browser. This will not affect other browsers,
# including Microsoft Edge.
Stop-Process -Name iexplore -ErrorAction SilentlyContinue
}
$hostType = (Get-Host).Name
if ($installType -eq "Server Core" -or $hostType -eq "ServerRemoteHost") {
Connect-AzAccount -UseDeviceAuthentication
}
else {
Connect-AzAccount -Environment AzureChinaCloud
}
# this variable holds the Azure region you want to deploy
# Azure File Sync into
$region = '<Az_Region>'
# Check to ensure Azure File Sync is available in the selected Azure
# region.
$regions = @()
Get-AzLocation | ForEach-Object {
if ($_.Providers -contains "Microsoft.StorageSync") {
$regions += $_.Location
}
}
if ($regions -notcontains $region) {
throw [System.Exception]::new("Azure File Sync is either not available in the selected Azure Region or the region is mistyped.")
}
# the resource group to deploy the Storage Sync Service into
$resourceGroup = '<RG_Name>'
# Check to ensure resource group exists and create it if doesn't
$resourceGroups = @()
Get-AzResourceGroup | ForEach-Object {
$resourceGroups += $_.ResourceGroupName
}
if ($resourceGroups -notcontains $resourceGroup) {
New-AzResourceGroup -Name $resourceGroup -Location $region
}
$storageSyncName = "<my_storage_sync_service>"
$storageSync = New-AzStorageSyncService -ResourceGroupName $resourceGroup -Name $storageSyncName -Location $region
按照 Azure 门户或 PowerShell 的说明进行操作。
安装 Azure 文件同步代理
Azure 文件同步代理是一个可下载包,可实现 Windows 服务器与 Azure 文件共享的同步。
# Gather the OS version
$osver = [System.Environment]::OSVersion.Version
# Download the appropriate version of the Azure File Sync agent for your OS.
if ($osver.Equals([System.Version]::new(10, 0, 20348, 0))) {
Invoke-WebRequest `
-Uri https://aka.ms/afs/agent/Server2022 `
-OutFile "StorageSyncAgent.msi"
} elseif ($osver.Equals([System.Version]::new(10, 0, 17763, 0))) {
Invoke-WebRequest `
-Uri https://aka.ms/afs/agent/Server2019 `
-OutFile "StorageSyncAgent.msi"
} elseif ($osver.Equals([System.Version]::new(10, 0, 14393, 0))) {
Invoke-WebRequest `
-Uri https://aka.ms/afs/agent/Server2016 `
-OutFile "StorageSyncAgent.msi"
} elseif ($osver.Equals([System.Version]::new(6, 3, 9600, 0))) {
Invoke-WebRequest `
-Uri https://aka.ms/afs/agent/Server2012R2 `
-OutFile "StorageSyncAgent.msi"
} else {
throw [System.PlatformNotSupportedException]::new("Azure File Sync is only supported on Windows Server 2012 R2, Windows Server 2016, Windows Server 2019 and Windows Server 2022")
}
# Install the MSI. Start-Process is used to PowerShell blocks until the operation is complete.
# Note that the installer currently forces all PowerShell sessions closed - this is a known issue.
Start-Process -FilePath "StorageSyncAgent.msi" -ArgumentList "/quiet" -Wait
# Note that this cmdlet will need to be run in a new session based on the above comment.
# You may remove the temp folder containing the MSI and the EXE installer
Remove-Item -Path ".\StorageSyncAgent.msi" -Recurse -Force
按照 Azure 门户或 PowerShell 的说明进行操作。
向存储同步服务注册 Windows Server
向存储同步服务注册 Windows Server 可在服务器(或群集)与存储同步服务之间建立信任关系。 一个服务器只能注册到一个存储同步服务,并可与同一存储同步服务关联的其他服务器和 Azure 文件共享同步。
注意
服务器注册使用 Azure 凭据在存储同步服务和 Windows Server 之间创建信任关系。 随后,服务器创建并使用自己的标识,只要服务器保持注册状态且当前的共享访问签名 (SAS) 令牌有效,该标识就是有效的。 取消注册服务器后,无法将新的 SAS 令牌颁发给服务器,因此,服务器无法访问 Azure 文件共享,并停止任何同步。
$serverEndpointPath = "<your-server-endpoint-path>"
$cloudTieringDesired = $true
$volumeFreeSpacePercentage = <your-volume-free-space>
# Optional property. Choose from: [NamespaceOnly] default when cloud tiering is enabled. [NamespaceThenModifiedFiles] default when cloud tiering is disabled. [AvoidTieredFiles] only available when cloud tiering is disabled.
$initialDownloadPolicy = "NamespaceOnly"
$initialUploadPolicy = "Merge"
# Optional property. Choose from: [Merge] default for all new server endpoints. Content from the server and the cloud merge. This is the right choice if one location is empty or other server endpoints already exist in the sync group. [ServerAuthoritative] This is the right choice when you seeded the Azure file share (e.g. with Data Box) AND you are connecting the server location you seeded from. This enables you to catch up the Azure file share with the changes that happened on the local server since the seeding.
if ($cloudTieringDesired) {
# Ensure endpoint path is not the system volume
$directoryRoot = [System.IO.Directory]::GetDirectoryRoot($serverEndpointPath)
$osVolume = "$($env:SystemDrive)\"
if ($directoryRoot -eq $osVolume) {
throw [System.Exception]::new("Cloud tiering cannot be enabled on the system volume")
}
# Create server endpoint
New-AzStorageSyncServerEndpoint `
-Name $registeredServer.FriendlyName `
-SyncGroup $syncGroup `
-ServerResourceId $registeredServer.ResourceId `
-ServerLocalPath $serverEndpointPath `
-CloudTiering `
-VolumeFreeSpacePercent $volumeFreeSpacePercentage `
-InitialDownloadPolicy $initialDownloadPolicy `
-InitialUploadPolicy $initialUploadPolicy
} else {
# Create server endpoint
New-AzStorageSyncServerEndpoint `
-Name $registeredServer.FriendlyName `
-SyncGroup $syncGroup `
-ServerResourceId $registeredServer.ResourceId `
-ServerLocalPath $serverEndpointPath `
-InitialDownloadPolicy $initialDownloadPolicy
}