使用证书创建数据库镜像

 1 /*step 1 主实例中. 在master数据 库中创建系统密钥,如果当前系统中已经有加密密钥,可以忽略. 而后创建数据库镜像所需要的证书*/
 2 use master
 3 go
 4 create master key encryption by password='1@3Mirror'
 5 go
 6 create certificate mirror_core_cert
 7 with subject='core server certificate for mirror',expiry_date='2030-1-1';
 8 go
 9 
10 USE [master]
11 GO
12 
13 /****** Object:  Endpoint [Mirroring]    Script Date: 11/25/2013 9:38:24 AM ******/
14 /*创建节点,并指定所有者为上一步中所创建的证书. 而后备份证书,并将证书拷贝到镜像副本服务器上,以供还愿证书*/
15 ALTER ENDPOINT [Mirroring] 
16     STATE=STARTED
17     AS TCP (LISTENER_PORT = 5024, LISTENER_IP = ALL)
18     FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_core_cert
19 , ENCRYPTION = REQUIRED ALGORITHM AES)
20 GO
21 
22 BACKUP CERTIFICATE mirror_core_cert TO FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt';
23 GO
24 
25 
26 /*step 2 副本实例中,在master库中创建相同的系统密钥,并创建副本的证书*/
27 use master
28 go
29 --create master key encryption by password='1@3Mirror'
30 go
31 create certificate mirror_secondary_cert
32 with subject='secondary server certificate for mirror',expiry_date='2030-1-1';
33 go
34 
35 USE [master]
36 GO
37 
38 /****** Object:  Endpoint [Mirroring]    Script Date: 11/25/2013 9:38:24 AM ******/
39 /*创建节点,并指定所有者为上一步中创建的证书. 备份证书,并拷贝到主实例的机器中,以待还原证书*/
40 ALTER ENDPOINT [Mirroring] 
41     STATE=STARTED
42     AS TCP (LISTENER_PORT = 5023, LISTENER_IP = ALL)
43     FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_secondary_cert
44 , ENCRYPTION = REQUIRED ALGORITHM AES)
45 GO
46 
47 BACKUP CERTIFICATE mirror_secondary_cert TO FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt';
48 GO
49 
50 /*step 3 副本实例中,创建登陆名及用户,并还原主实例中备份的证书,指定节点的权限,并设置数据库镜像的参与者.需要注意,端口需要是主实例服务器中设定的.*/
51 CREATE LOGIN mor WITH PASSWORD='test1@3';
52 GO
53 CREATE USER mor FOR LOGIN mor;
54 GO
55 CREATE CERTIFICATE mirror_core_cert
56 AUTHORIZATION mor
57 FROM FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt';
58 GO
59 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor;
60 GO
61 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5024';
62 GO
63 
64 
65 /*step 4 在主实例中,重复副本实例中的步骤.如果需要设置见证服务器,还需要指定一个见证服务器的地址.*/
66 
67 CREATE LOGIN mor WITH PASSWORD='test1@3';
68 GO
69 CREATE USER mor FOR LOGIN mor;
70 GO
71 CREATE CERTIFICATE mirror_secondary_cert
72 AUTHORIZATION mor
73 FROM FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt';
74 GO
75 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor;
76 GO
77 
78 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5023';
79 GO
80 ALTER DATABASE db1 SET PARTNER SAFETY OFF;

 

 
posted @ 2014-02-08 11:37  老玉米  阅读(414)  评论(0编辑  收藏  举报