A failover group is a declarative abstraction layer that allows you to group multiple geo-replicated databases. Learn to configure a failover group for an Azure SQL Database and test failover using either the Azure portal, PowerShell, or the Azure CLI. In this tutorial, you'll learn how to:
Create a database in Azure SQL Database
Create a failover group for the database between two servers.
In this step, you create a resource group, server, single database, and server-level IP firewall rule for access to the server.
In this step, you create a logical SQL server and a single database that uses AdventureWorksLT sample data. You can create the database by using Azure portal menus and screens, or by using an Azure CLI or PowerShell script in the Azure Cloud Shell.
All the methods include setting up a server-level firewall rule to allow the public IP address of the computer you're using to access the server. For more information about creating server-level firewall rules, see Create a server-level firewall. You can also set database-level firewall rules. See Create a database-level firewall rule.
From the Search bar, search for and select Azure SQL.
On the Azure SQL page, select Add.
On the Select SQL deployment option page, select the SQL databases tile, with Single database under Resource type. You can view more information about the different databases by selecting Show details.
Select Create.
On the Basics tab of the Create SQL database form, under Project details, select the correct Azure Subscription if it isn't already selected.
Under Resource group, select Create new, enter myResourceGroup, and select OK.
Under Database details, for Database name enter mySampleDatabase.
For Server, select Create new, and fill out the New server form as follows:
Server name: Enter mysqlserver, and some characters for uniqueness.
Server admin login: Enter AzureAdmin.
Password: Enter a password that meets requirements, and enter it again in the Confirm password field.
Location: Drop down and choose a location, such as (US) West US.
Select OK.
Record the server admin login and password so you can sign in to the server and its databases. If you forget your login or password, you can get the login name or reset the password on the SQL server page after database creation. To open the SQL server page, select the server name on the database Overview page.
Under Compute + storage, if you want to reconfigure the defaults, select Configure database.
On the Configure page, you can optionally:
Change the Compute tier from Provisioned to Serverless.
Review and change the settings for vCores and Data max size.
Select Change configuration to change hardware configuration.
After making any changes, select Apply.
Select Next: Networking at the bottom of the page.
On the Networking tab, under Connectivity method, select Public endpoint.
Under Firewall rules, set Add current client IP address to Yes.
Select Next: Additional settings at the bottom of the page.
Optionally, set the maintenance window so planned maintenance is performed at the best time for your database.
Select Review + create at the bottom of the page.
After reviewing settings, select Create.
You can create a resource group, server, and single database using Windows PowerShell. If you don't want to use the Azure Cloud Shell, install the Azure PowerShell module.
Note
This article uses the Azure Az PowerShell module, which is the recommended PowerShell module for interacting with Azure. To get started with the Az PowerShell module, see Install Azure PowerShell. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
To run the following code sample in the Azure Cloud Shell, select Try it in the code title bar. When the Cloud Shell opens, select Copy in the code sample title bar, and paste the code sample into the Cloud Shell window. In the code, replace <Subscription ID> with your Azure Subscription ID, and for $startIp and $endIp, replace 0.0.0.0 with the public IP address of the computer you're using.
Follow the onscreen prompts to sign in to Azure and run the code.
You can also use Azure Cloud Shell from the Azure portal, by selecting the Cloud Shell icon on the top bar.
The first time you use Cloud Shell from the portal, select PowerShell on the Welcome dialog. Subsequent sessions will use PowerShell, or you can select it from the Cloud Shell control bar.
The following PowerShell code creates an Azure resource group, server, single database, and firewall rule for access to the server. Make sure to record the generated resource group and server names, so you can manage these resources later.
# Set variables for your server and database
$subscriptionId = '<SubscriptionID>'
$resourceGroupName = "myResourceGroup-$(Get-Random)"
$location = "West US"
$adminLogin = "azureuser"
$password = "Azure1234567"
$serverName = "mysqlserver-$(Get-Random)"
$databaseName = "mySampleDatabase"
# The ip address range that you want to allow to access your server
$startIp = "0.0.0.0"
$endIp = "0.0.0.0"
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Server name is" $serverName
# Connect to Azure
Connect-AzAccount
# Set subscription ID
Set-AzContext -SubscriptionId $subscriptionId
# Create a resource group
Write-host "Creating resource group..."
$resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location -Tag @{Owner="SQLDB-Samples"}
$resourceGroup
# Create a server with a system wide unique server name
Write-host "Creating primary server..."
$server = New-AzSqlServer -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-Location $location `
-SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $adminLogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))
$server
# Create a server firewall rule that allows access from the specified IP range
Write-host "Configuring firewall for primary server..."
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp
$serverFirewallRule
# Create General Purpose Gen5 database with 2 vCores
Write-host "Creating a gen5 2 vCore database..."
$database = New-AzSqlDatabase -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-DatabaseName $databaseName `
-Edition GeneralPurpose `
-VCore 2 `
-ComputeGeneration Gen5 `
-MinimumCapacity 2 `
-SampleName "AdventureWorksLT"
$database
The following Azure CLI code blocks create a resource group, server, single database, and server-level IP firewall rule for access to the server. Make sure to record the generated resource group and server names, so you can manage these resources later.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you are running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.
When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Launch Azure Cloud Shell
The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com.
When Cloud Shell opens, verify that Bash is selected for your environment. Subsequent sessions will use Azure CLI in a Bash environment. Select Copy to copy the blocks of code, paste it into the Cloud Shell, and press Enter to run it.
Sign in to Azure
Cloud Shell is automatically authenticated under the initial account signed-in with. Use the following script to sign in using a different subscription, replacing <Subscription ID> with your Azure Subscription ID. If you don't have an Azure subscription, create an Azure free account before you begin.
subscription="<subscriptionId>" # add subscription here
az account set -s $subscription # ...or use 'az login'
Set the parameter values for use in creating the database and required resources. Server names need to be globally unique across all of Azure so the $RANDOM function is used to create the server name.
Change the location as appropriate for your environment. Replace 0.0.0.0 with the IP address range to match your specific environment. Use the public IP address of the computer you're using to restrict access to the server to only your IP address.
# Variable block
let "randomIdentifier=$RANDOM*$RANDOM"
location="East US"
resourceGroup="msdocs-azuresql-rg-$randomIdentifier"
tag="create-and-configure-database"
server="msdocs-azuresql-server-$randomIdentifier"
database="msdocsazuresqldb$randomIdentifier"
login="azureuser"
password="Pa$$w0rD-$randomIdentifier"
# Specify appropriate IP address values for your environment
# to limit access to the SQL Database server
startIp=0.0.0.0
endIp=0.0.0.0
echo "Using resource group $resourceGroup with login: $login, password: $password..."
Create a resource group
Use this script to create a resource group with the az group create command. An Azure resource group is a logical container into which Azure resources are deployed and managed.
echo "Creating $resourceGroup in $location..."
az group create --name $resourceGroup --location "$location" --tags $tag
echo "Configuring firewall..."
az sql server firewall-rule create --resource-group $resourceGroup --server $server -n AllowYourIp --start-ip-address $startIp --end-ip-address $endIp
Create a single database using Azure CLI
Use this script to create a database with the az sql db create command.
echo "Creating $database on $server..."
az sql db create --resource-group $resourceGroup --server $server --name $database --sample-name AdventureWorksLT --edition GeneralPurpose --family Gen5 --capacity 2 --zone-redundant true # zone redundancy is only supported on premium and business critical service tiers
For additional Azure SQL Database Azure CLI scripts, see Azure CLI samples.
2 - Create the failover group
In this step, you' will create a failover group between an existing server and a new server in another region. Then add the sample database to the failover group.
Create your failover group and add your database to it using the Azure portal.
Select Azure SQL in the left-hand menu of the Azure portal. If Azure SQL isn't in the list, select All services, then type Azure SQL in the search box. (Optional) Select the star next to Azure SQL to favorite it and add it as an item in the left-hand navigation.
Select the database created in section 1, such as mySampleDatabase.
Failover groups can be configured at the server level. Select the name of the server under Server name to open the settings for the server.
Select Failover groups under the Settings pane, and then select Add group to create a new failover group.
On the Failover Group page, enter or select the following values, and then select Create:
Failover group name: Type in a unique failover group name, such as failovergrouptutorial.
Secondary server: Select the option to configure required settings and then choose to Create a new server. Alternatively, you can choose an already-existing server as the secondary server. After entering the following values, select Select.
Server name: Type in a unique name for the secondary server, such as mysqlsecondary.
Server admin login: Type azureuser
Password: Type a complex password that meets password requirements.
Location: Choose a location from the drop-down, such as East US. This location can't be the same location as your primary server.
Note
The server login and firewall settings must match that of your primary server.
Databases within the group: Once a secondary server is selected, this option becomes unlocked. Select it to Select databases to add and then choose the database you created in section 1. Adding the database to the failover group will automatically start the geo-replication process.
Create your failover group and add your database to it using PowerShell.
Note
The server login and firewall settings must match that of your primary server.
# $subscriptionId = '<SubscriptionID>'
# $resourceGroupName = "myResourceGroup-$(Get-Random)"
# $location = "West US"
# $adminLogin = "azureuser"
# $password = "PWD27!"+(New-Guid).Guid
# $serverName = "mysqlserver-$(Get-Random)"
# $databaseName = "mySampleDatabase"
$drLocation = "East US"
$drServerName = "mysqlsecondary-$(Get-Random)"
$failoverGroupName = "failovergrouptutorial-$(Get-Random)"
# The ip address range that you want to allow to access your server
# (leaving at 0.0.0.0 will prevent outside-of-azure connections to your DB)
$startIp = "0.0.0.0"
$endIp = "0.0.0.0"
# Show randomized variables
Write-host "DR Server name is" $drServerName
Write-host "Failover group name is" $failoverGroupName
# Create a secondary server in the failover region
Write-host "Creating a secondary server in the failover region..."
$drServer = New-AzSqlServer -ResourceGroupName $resourceGroupName `
-ServerName $drServerName `
-Location $drLocation `
-SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $adminlogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))
$drServer
# Create a server firewall rule that allows access from the specified IP range
Write-host "Configuring firewall for secondary server..."
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
-ServerName $drServerName `
-FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp
$serverFirewallRule
# Create a failover group between the servers
$failovergroup = Write-host "Creating a failover group between the primary and secondary server..."
New-AzSqlDatabaseFailoverGroup `
–ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-PartnerServerName $drServerName `
–FailoverGroupName $failoverGroupName `
–FailoverPolicy Automatic `
-GracePeriodWithDataLossHours 2
$failovergroup
# Add the database to the failover group
Write-host "Adding the database to the failover group..."
Get-AzSqlDatabase `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-DatabaseName $databaseName | `
Add-AzSqlDatabaseToFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FailoverGroupName $failoverGroupName
Write-host "Successfully added the database to the failover group..."
This portion of the tutorial uses the following PowerShell cmdlets:
Adds one or more databases to a failover group in Azure SQL Database.
In this step, you create your failover group and add your database to it using the Azure CLI.
Set additional parameter values
Set these additional parameter values for use in creating the failover group, in addition to the values defined in the preceding script that created the primary resource group and server.
Change the failover location as appropriate for your environment.
Select Azure SQL in the left-hand menu of the Azure portal. If Azure SQL isn't in the list, select All services, then type Azure SQL in the search box. (Optional) Select the star next to Azure SQL to favorite it and add it as an item in the left-hand navigation.
Select the database created in the section 2, such as mySampleDatbase.
Select the name of the server under Server name to open the settings for the server.
Select Failover groups under the Settings pane and then choose the failover group you created in section 2.
Review which server is primary and which server is secondary.
Select Failover from the task pane to fail over your failover group containing your sample database.
Select Yes on the warning that notifies you that TDS sessions will be disconnected.
Review which server is now primary and which server is secondary. If failover succeeded, the two servers should have swapped roles.
Select Failover again to fail the servers back to their original roles.
Test failover using PowerShell.
Check the role of the secondary replica:
# Set variables
# $resourceGroupName = "myResourceGroup-$(Get-Random)"
# $serverName = "mysqlserver-$(Get-Random)"
# $failoverGroupName = "failovergrouptutorial-$(Get-Random)"
# Check role of secondary replica
Write-host "Confirming the secondary replica is secondary...."
(Get-AzSqlDatabaseFailoverGroup `
-FailoverGroupName $failoverGroupName `
-ResourceGroupName $resourceGroupName `
-ServerName $drServerName).ReplicationRole
Fail over to the secondary server:
# Set variables
# $resourceGroupName = "myResourceGroup-$(Get-Random)"
# $serverName = "mysqlserver-$(Get-Random)"
# $failoverGroupName = "failovergrouptutorial-$(Get-Random)"
# Failover to secondary server
Write-host "Failing over failover group to the secondary..."
Switch-AzSqlDatabaseFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $drServerName `
-FailoverGroupName $failoverGroupName
Write-host "Failed failover group successfully to" $drServerName
Revert failover group back to the primary server:
# Set variables
# $resourceGroupName = "myResourceGroup-$(Get-Random)"
# $serverName = "mysqlserver-$(Get-Random)"
# $failoverGroupName = "failovergrouptutorial-$(Get-Random)"
# Revert failover to primary server
Write-host "Failing over failover group to the primary...."
Switch-AzSqlDatabaseFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FailoverGroupName $failoverGroupName
Write-host "Failed failover group successfully back to" $serverName
This portion of the tutorial uses the following PowerShell cmdlets:
echo "Confirming the role of each server in the failover group..." # note ReplicationRole property
az sql failover-group show --name $failoverGroup --resource-group $resourceGroup --server $server
echo "Failing over to $secondaryServer..."
az sql failover-group set-primary --name $failoverGroup --resource-group $resourceGroup --server $secondaryServer
echo "Confirming role of $secondaryServer is now primary..." # note ReplicationRole property
az sql failover-group show --name $failoverGroup --resource-group $resourceGroup --server $server
Use the following command to remove the resource group and all resources associated with it using the az group delete command - unless you have an ongoing need for these resources. Some of these resources may take a while to create, as well as to delete.
echo "Cleaning up resources by removing the resource group..."
az group delete --name $resourceGroup -y
This portion of the tutorial uses the following Azure CLI cmdlets:
Deletes a resource group including all nested resources.
Important
If you want to keep the resource group but delete the secondary database, remove it from the failover group before deleting it. Deleting a secondary database before it is removed from the failover group can cause unpredictable behavior.
# Set variables for your server and database
$subscriptionId = '<SubscriptionID>'
$randomIdentifier = $(Get-Random)
$resourceGroupName = "myResourceGroup-$randomIdentifier"
$location = "West US 2"
$adminLogin = "azureuser"
$password = "PWD27!"+(New-Guid).Guid
$serverName = "mysqlserver-$randomIdentifier"
$databaseName = "mySampleDatabase"
$drLocation = "East US 2"
$drServerName = "mysqlsecondary-$randomIdentifier"
$failoverGroupName = "failovergrouptutorial-$randomIdentifier"
# The ip address range that you want to allow to access your server
# Leaving at 0.0.0.0 will prevent outside-of-azure connections
$startIp = "0.0.0.0"
$endIp = "0.0.0.0"
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Password is" $password
Write-host "Server name is" $serverName
Write-host "DR Server name is" $drServerName
Write-host "Failover group name is" $failoverGroupName
# Set subscription ID
Set-AzContext -SubscriptionId $subscriptionId
# Create a resource group
Write-host "Creating resource group..."
$resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location -Tag @{Owner="SQLDB-Samples"}
$resourceGroup
# Create a server with a system wide unique server name
Write-host "Creating primary logical server..."
$server = New-AzSqlServer -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-Location $location `
-SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $adminLogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))
$server
# Create a server firewall rule that allows access from the specified IP range
Write-host "Configuring firewall for primary logical server..."
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp
$serverFirewallRule
# Create General Purpose Gen5 database with 2 vCore
Write-host "Creating a gen5 2 vCore database..."
$database = New-AzSqlDatabase -ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-DatabaseName $databaseName `
-Edition GeneralPurpose `
-VCore 2 `
-ComputeGeneration Gen5 `
-MinimumCapacity 2 `
-SampleName "AdventureWorksLT"
$database
# Create a secondary server in the failover region
Write-host "Creating a secondary logical server in the failover region..."
$drServer = New-AzSqlServer -ResourceGroupName $resourceGroupName `
-ServerName $drServerName `
-Location $drLocation `
-SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $adminlogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))
$drServer
# Create a failover group between the servers
$failovergroup = Write-host "Creating a failover group between the primary and secondary server..."
New-AzSqlDatabaseFailoverGroup `
–ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-PartnerServerName $drServerName `
–FailoverGroupName $failoverGroupName `
–FailoverPolicy Automatic `
-GracePeriodWithDataLossHours 2
$failovergroup
# Add the database to the failover group
Write-host "Adding the database to the failover group..."
Get-AzSqlDatabase `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-DatabaseName $databaseName | `
Add-AzSqlDatabaseToFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FailoverGroupName $failoverGroupName
Write-host "Successfully added the database to the failover group..."
# Check role of secondary replica
Write-host "Confirming the secondary replica is secondary...."
(Get-AzSqlDatabaseFailoverGroup `
-FailoverGroupName $failoverGroupName `
-ResourceGroupName $resourceGroupName `
-ServerName $drServerName).ReplicationRole
# Failover to secondary server
Write-host "Failing over failover group to the secondary..."
Switch-AzSqlDatabaseFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $drServerName `
-FailoverGroupName $failoverGroupName
Write-host "Failed failover group successfully to" $drServerName
# Revert failover to primary server
Write-host "Failing over failover group to the primary...."
Switch-AzSqlDatabaseFailoverGroup `
-ResourceGroupName $resourceGroupName `
-ServerName $serverName `
-FailoverGroupName $failoverGroupName
Write-host "Failed failover group successfully back to" $serverName
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Password is" $password
Write-host "Server name is" $serverName
Write-host "DR Server name is" $drServerName
Write-host "Failover group name is" $failoverGroupName
# Clean up resources by removing the resource group
# Write-host "Removing resource group..."
# Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
# Write-host "Resource group removed =" $resourceGroupName
This script uses the following commands. Each command in the table links to command specific documentation.
# Add an Azure SQL Database to an auto-failover group
# VariableBlock
let "randomIdentifier=$RANDOM*$RANDOM"
location="East US"
resourceGroup="msdocs-azuresql-rg-$randomIdentifier"
tag="add-single-db-to-failover-group-az-cli"
server="msdocs-azuresql-server-$randomIdentifier"
database="msdocsazuresqldb$randomIdentifier"
login="azureuser"
password="Pa$$w0rD-$randomIdentifier"
failoverGroup="msdocs-azuresql-failover-group-$randomIdentifier"
failoverLocation="Central US"
secondaryServer="msdocs-azuresql-secondary-server-$randomIdentifier"
echo "Using resource group $resourceGroup with login: $login, password: $password..."
echo "Creating $resourceGroup in $location..."
az group create --name $resourceGroup --location "$location" --tags $tag
echo "Creating $server in $location..."
az sql server create --name $server --resource-group $resourceGroup --location "$location" --admin-user $login --admin-password $password
echo "Creating $database on $server..."
az sql db create --name $database --resource-group $resourceGroup --server $server --sample-name AdventureWorksLT
echo "Creating $secondaryServer in $failoverLocation..."
az sql server create --name $secondaryServer --resource-group $resourceGroup --location "$failoverLocation" --admin-user $login --admin-password $password
echo "Creating $failoverGroup between $server and $secondaryServer..."
az sql failover-group create --name $failoverGroup --partner-server $secondaryServer --resource-group $resourceGroup --server $server --failover-policy Automatic --grace-period 2 --add-db $database
echo "Confirming the role of each server in the failover group..." # note ReplicationRole property
az sql failover-group show --name $failoverGroup --resource-group $resourceGroup --server $server
echo "Failing over to $secondaryServer..."
az sql failover-group set-primary --name $failoverGroup --resource-group $resourceGroup --server $secondaryServer
echo "Confirming role of $secondaryServer is now primary..." # note ReplicationRole property
az sql failover-group show --name $failoverGroup --resource-group $resourceGroup --server $server
echo "Failing back to $server...."
az sql failover-group set-primary --name $failoverGroup --resource-group $resourceGroup --server $server
This script uses the following commands. Each command in the table links to command specific documentation.
Azure SQL Database
