使用证书创建数据库镜像
1 /*step 1 主实例中. 在master数据 库中创建系统密钥,如果当前系统中已经有加密密钥,可以忽略. 而后创建数据库镜像所需要的证书*/ 2 use master 3 go 4 create master key encryption by password='1@3Mirror' 5 go 6 create certificate mirror_core_cert 7 with subject='core server certificate for mirror',expiry_date='2030-1-1'; 8 go 9 10 USE [master] 11 GO 12 13 /****** Object: Endpoint [Mirroring] Script Date: 11/25/2013 9:38:24 AM ******/ 14 /*创建节点,并指定所有者为上一步中所创建的证书. 而后备份证书,并将证书拷贝到镜像副本服务器上,以供还愿证书*/ 15 ALTER ENDPOINT [Mirroring] 16 STATE=STARTED 17 AS TCP (LISTENER_PORT = 5024, LISTENER_IP = ALL) 18 FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_core_cert 19 , ENCRYPTION = REQUIRED ALGORITHM AES) 20 GO 21 22 BACKUP CERTIFICATE mirror_core_cert TO FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt'; 23 GO 24 25 26 /*step 2 副本实例中,在master库中创建相同的系统密钥,并创建副本的证书*/ 27 use master 28 go 29 --create master key encryption by password='1@3Mirror' 30 go 31 create certificate mirror_secondary_cert 32 with subject='secondary server certificate for mirror',expiry_date='2030-1-1'; 33 go 34 35 USE [master] 36 GO 37 38 /****** Object: Endpoint [Mirroring] Script Date: 11/25/2013 9:38:24 AM ******/ 39 /*创建节点,并指定所有者为上一步中创建的证书. 备份证书,并拷贝到主实例的机器中,以待还原证书*/ 40 ALTER ENDPOINT [Mirroring] 41 STATE=STARTED 42 AS TCP (LISTENER_PORT = 5023, LISTENER_IP = ALL) 43 FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_secondary_cert 44 , ENCRYPTION = REQUIRED ALGORITHM AES) 45 GO 46 47 BACKUP CERTIFICATE mirror_secondary_cert TO FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt'; 48 GO 49 50 /*step 3 副本实例中,创建登陆名及用户,并还原主实例中备份的证书,指定节点的权限,并设置数据库镜像的参与者.需要注意,端口需要是主实例服务器中设定的.*/ 51 CREATE LOGIN mor WITH PASSWORD='test1@3'; 52 GO 53 CREATE USER mor FOR LOGIN mor; 54 GO 55 CREATE CERTIFICATE mirror_core_cert 56 AUTHORIZATION mor 57 FROM FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt'; 58 GO 59 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor; 60 GO 61 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5024'; 62 GO 63 64 65 /*step 4 在主实例中,重复副本实例中的步骤.如果需要设置见证服务器,还需要指定一个见证服务器的地址.*/ 66 67 CREATE LOGIN mor WITH PASSWORD='test1@3'; 68 GO 69 CREATE USER mor FOR LOGIN mor; 70 GO 71 CREATE CERTIFICATE mirror_secondary_cert 72 AUTHORIZATION mor 73 FROM FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt'; 74 GO 75 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor; 76 GO 77 78 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5023'; 79 GO 80 ALTER DATABASE db1 SET PARTNER SAFETY OFF;
更多动态请关注微信公众号 dbagrant