Tutorial: Menambahkan SQL Managed Instance ke grup failover
Artikel
05/10/2022
35 menit untuk membaca
12 kontributor
Dalam artikel ini
BERLAKU UNTUK:
Menambahkan instans terkelola Azure SQL Managed Instance ke grup failover .
Dalam tutorial ini, Anda akan belajar cara:
Membuat instans terkelola utama
Buat instans terkelola sekunder sebagai bagian dari grup failover.
Uji failover.
Ada beberapa cara untuk membuat konektivitas antara instans terkelola di berbagai jaringan virtual, termasuk:
Tutorial ini menyediakan langkah untuk membuat dan menghubungkan gateway VPN. Jika Anda lebih suka menggunakan Peering ExpressRoute atau VNet, ganti langkah gateway yang sesuai, atau lompati ke Langkah 7 jika Anda sudah memiliki ExpressRoute atau peering VNet global yang dikonfigurasi.
Prasyarat
Untuk menyelesaikan tutorial ini, pastikan Anda telah:
Untuk menyelesaikan tutorial, pastikan Anda memiliki item berikut:
Membuat grup sumber daya dan instans terkelola utama
Dalam langkah ini, Anda akan membuat grup sumber daya dan instans terkelola utama untuk grup failover Anda menggunakan portal Azure atau PowerShell.
Sebarkan kedua instans terkelola ke wilayah yang dipasangkan untuk alasan performa. Instans terkelola yang berada di wilayah geografis berpasangan memiliki performa yang jauh lebih baik dibandingkan dengan wilayah yang tidak berpasangan.
Buat grup sumber daya dan instans terkelola utama Anda menggunakan portal Azure.
Pilih Azure SQL di menu sebelah kiri portal Microsoft Azure. Jika Azure SQL tidak ada dalam daftar, pilih Semua layanan , lalu ketik Azure SQL di kotak pencarian. (Opsional) Pilih bintang di samping Azure SQL untuk memfavoritkannya dan menambahkannya sebagai item di navigasi sebelah kiri.
Pilih +Tambah untuk membuka halaman Pilih opsi penyebaran SQL . Anda dapat menampilkan informasi tambahan tentang database yang berbeda dengan memilih Perlihatkan detail pada petak Database .
Pilih Buat pada petak SQL Managed Instance .
Pada halaman Buat Azure SQL Managed Instance , pada tab Dasar :
Di bawah Detail Proyek , pilih Langganan dari drop-down lalu pilih Buat Baru grup sumber daya. Ketik nama untuk grup sumber daya Anda, seperti myResourceGroup.
Di bawah Detail SQL Managed Instance , berikan nama instans terkelola Anda, dan wilayah tempat Anda ingin menyebarkan instans terkelola Anda. Biarkan Komputasi + penyimpanan pada nilai default.
Di bawah Akun Administrator , berikan info masuk admin, seperti azureuser, dan kata sandi admin yang kompleks.
Biarkan sisa pengaturan pada nilai default, dan pilih Tinjau + buat untuk meninjau pengaturan SQL Managed Instance.
Pilih Buat untuk membuat instans terkelola utama Anda.
Buat grup sumber daya Anda dan instans terkelola utama menggunakan PowerShell.
# Connect-AzAccount
# The SubscriptionId in which to create these objects
$SubscriptionId = '<Subscription-ID>'
# Create a random identifier to use as subscript for the different resource names
$randomIdentifier = $(Get-Random)
# Set the resource group name and location for SQL Managed Instance
$resourceGroupName = "myResourceGroup-$randomIdentifier"
$location = "eastus"
$drLocation = "eastus2"
# Set the networking values for your primary managed instance
$primaryVNet = "primaryVNet-$randomIdentifier"
$primaryAddressPrefix = "10.0.0.0/16"
$primaryDefaultSubnet = "primaryDefaultSubnet-$randomIdentifier"
$primaryDefaultSubnetAddress = "10.0.0.0/24"
$primaryMiSubnetName = "primaryMISubnet-$randomIdentifier"
$primaryMiSubnetAddress = "10.0.0.0/24"
$primaryMiGwSubnetAddress = "10.0.255.0/27"
$primaryGWName = "primaryGateway-$randomIdentifier"
$primaryGWPublicIPAddress = $primaryGWName + "-ip"
$primaryGWIPConfig = $primaryGWName + "-ipc"
$primaryGWAsn = 61000
$primaryGWConnection = $primaryGWName + "-connection"
# Set the networking values for your secondary managed instance
$secondaryVNet = "secondaryVNet-$randomIdentifier"
$secondaryAddressPrefix = "10.128.0.0/16"
$secondaryDefaultSubnet = "secondaryDefaultSubnet-$randomIdentifier"
$secondaryDefaultSubnetAddress = "10.128.0.0/24"
$secondaryMiSubnetName = "secondaryMISubnet-$randomIdentifier"
$secondaryMiSubnetAddress = "10.128.0.0/24"
$secondaryMiGwSubnetAddress = "10.128.255.0/27"
$secondaryGWName = "secondaryGateway-$randomIdentifier"
$secondaryGWPublicIPAddress = $secondaryGWName + "-IP"
$secondaryGWIPConfig = $secondaryGWName + "-ipc"
$secondaryGWAsn = 62000
$secondaryGWConnection = $secondaryGWName + "-connection"
# Set the SQL Managed Instance name for the new managed instances
$primaryInstance = "primary-mi-$randomIdentifier"
$secondaryInstance = "secondary-mi-$randomIdentifier"
# Set the admin login and password for SQL Managed Instance
$secpasswd = "PWD27!"+(New-Guid).Guid | ConvertTo-SecureString -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("azureuser", $secpasswd)
# Set the SQL Managed Instance service tier, compute level, and license mode
$edition = "General Purpose"
$vCores = 8
$maxStorage = 256
$computeGeneration = "Gen5"
$license = "LicenseIncluded" #"BasePrice" or LicenseIncluded if you have don't have SQL Server license that can be used for AHB discount
# Set failover group details
$vpnSharedKey = "mi1mi2psk"
$failoverGroupName = "failovergroup-$randomIdentifier"
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Password is" $secpasswd
Write-host "Primary Virtual Network name is" $primaryVNet
Write-host "Primary default subnet name is" $primaryDefaultSubnet
Write-host "Primary SQL Managed Instance subnet name is" $primaryMiSubnetName
Write-host "Secondary Virtual Network name is" $secondaryVNet
Write-host "Secondary default subnet name is" $secondaryDefaultSubnet
Write-host "Secondary SQL Managed Instance subnet name is" $secondaryMiSubnetName
Write-host "Primary SQL Managed Instance name is" $primaryInstance
Write-host "Secondary SQL Managed Instance name is" $secondaryInstance
Write-host "Failover group name is" $failoverGroupName
# Suppress networking breaking changes warning (https://aka.ms/azps-changewarnings
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"
# Set the subscription context
Set-AzContext -SubscriptionId $subscriptionId
# Create the resource group
Write-host "Creating resource group..."
$resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location -Tag @{Owner="SQLDB-Samples"}
$resourceGroup
# Configure the primary virtual network
Write-host "Creating primary virtual network..."
$primaryVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroupName `
-Location $location `
-Name $primaryVNet `
-AddressPrefix $primaryAddressPrefix
Add-AzVirtualNetworkSubnetConfig `
-Name $primaryMiSubnetName `
-VirtualNetwork $primaryVirtualNetwork `
-AddressPrefix $PrimaryMiSubnetAddress `
| Set-AzVirtualNetwork
$primaryVirtualNetwork
# Configure the primary managed instance subnet
Write-host "Configuring primary MI subnet..."
$primaryVirtualNetwork = Get-AzVirtualNetwork -Name $primaryVNet -ResourceGroupName $resourceGroupName
$primaryMiSubnetConfig = Get-AzVirtualNetworkSubnetConfig `
-Name $primaryMiSubnetName `
-VirtualNetwork $primaryVirtualNetwork
$primaryMiSubnetConfig
# Configure the network security group management service
Write-host "Configuring primary MI subnet..."
$primaryMiSubnetConfigId = $primaryMiSubnetConfig.Id
$primaryNSGMiManagementService = New-AzNetworkSecurityGroup `
-Name 'primaryNSGMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $location
$primaryNSGMiManagementService
# Configure the route table management service
Write-host "Configuring primary MI route table management service..."
$primaryRouteTableMiManagementService = New-AzRouteTable `
-Name 'primaryRouteTableMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $location
$primaryRouteTableMiManagementService
# Configure the primary network security group
Write-host "Configuring primary network security group..."
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $primaryVirtualNetwork `
-Name $primaryMiSubnetName `
-AddressPrefix $PrimaryMiSubnetAddress `
-NetworkSecurityGroup $primaryNSGMiManagementService `
-RouteTable $primaryRouteTableMiManagementService | `
Set-AzVirtualNetwork
Get-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroupName `
-Name "primaryNSGMiManagementService" `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 9000,9003,1438,1440,1452 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix $PrimaryMiSubnetAddress `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 300 `
-Name "allow_health_probe_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix AzureLoadBalancer `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1000 `
-Name "allow_tds_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 1433 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_inbound" `
-Access Deny `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 80,443,12000 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_outbound" `
-Access Allow `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix $PrimaryMiSubnetAddress `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_outbound" `
-Access Deny `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Set-AzNetworkSecurityGroup
Write-host "Primary network security group configured successfully."
Get-AzRouteTable `
-ResourceGroupName $resourceGroupName `
-Name "primaryRouteTableMiManagementService" `
| Add-AzRouteConfig `
-Name "primaryToMIManagementService" `
-AddressPrefix 0.0.0.0/0 `
-NextHopType Internet `
| Add-AzRouteConfig `
-Name "ToLocalClusterNode" `
-AddressPrefix $PrimaryMiSubnetAddress `
-NextHopType VnetLocal `
| Set-AzRouteTable
Write-host "Primary network route table configured successfully."
# Create the primary managed instance
Write-host "Creating primary SQL Managed Instance..."
Write-host "This will take some time, see https://docs.microsoft.com/azure/sql-database/sql-database-managed-instance#managed-instance-management-operations or more information."
New-AzSqlInstance -Name $primaryInstance `
-ResourceGroupName $resourceGroupName `
-Location $location `
-SubnetId $primaryMiSubnetConfigId `
-AdministratorCredential $mycreds `
-StorageSizeInGB $maxStorage `
-VCore $vCores `
-Edition $edition `
-ComputeGeneration $computeGeneration `
-LicenseType $license
Write-host "Primary SQL Managed Instance created successfully."
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Membuat jaringan virtual sekunder
Jika Anda menggunakan portal Azure untuk membuat instans terkelola, Anda harus membuat jaringan virtual secara terpisah karena ada persyaratan bahwa subnet instans utama dan sekunder terkelola tidak memiliki rentang yang tumpang tindih. Jika Anda menggunakan PowerShell untuk mengonfigurasi instans terkelola, lompat ke langkah 3.
Untuk memverifikasi rentang subnet jaringan virtual utama Anda, ikuti langkah berikut:
Di portal Azure , navigasikan ke grup sumber daya Anda dan pilih jaringan virtual untuk instans utama Anda.
Pilih Subnet di bawah Pengaturan dan perhatikan rentang Alamat . Rentang alamat subnet jaringan virtual untuk instans terkelola sekunder tidak dapat tumpang tindih dengan ini.
Untuk membuat jaringan virtual, ikuti langkah berikut:
Di portal Azure , pilih Buat sumber daya dan cari jaringan virtual .
Pilih opsi Jaringan Virtual yang diterbitkan oleh Microsoft lalu pilih Buat pada halaman berikutnya.
Isi bidang yang diperlukan untuk mengonfigurasi jaringan virtual untuk instans terkelola sekunder Anda, lalu pilih Buat .
Tabel berikut ini memperlihatkan nilai yang diperlukan untuk jaringan virtual sekunder:
Bidang Nilai
Nama Nama untuk jaringan virtual yang akan digunakan oleh instans terkelola sekunder, seperti vnet-sql-mi-secondary.
Ruang alamat Ruang alamat untuk jaringan virtual Anda, seperti 10.128.0.0/16.
Langganan Langganan tempat instans terkelola dan grup sumber daya utama Anda berada.
Wilayah Lokasi tempat Anda akan menyebarkan instans terkelola sekunder Anda.
Subnet Nama untuk subnet Anda. default disediakan untuk Anda secara default.
Rentang alamat Rentang alamat untuk subnet Anda. Rentang ini harus berbeda dari rentang alamat subnet yang digunakan oleh jaringan virtual instans terkelola utama Anda, seperti 10.128.0.0/24.
Langkah ini hanya diperlukan jika Anda menggunakan portal Azure untuk menyebarkan Instans Terkelola SQL. Lompati ke langkah 3 jika Anda menggunakan PowerShell.
Membuat instans terkelola sekunder
Dalam langkah ini, Anda akan membuat instans terkelola sekunder di portal Azure, yang juga akan mengonfigurasi jaringan antara dua instans terkelola.
Instans terkelola kedua Anda harus:
Kosong.
Memiliki subnet dan rentang IP yang berbeda dari instans terkelola utama.
Buat instans terkelola sekunder menggunakan portal Azure.
Pilih Azure SQL di menu sebelah kiri portal Microsoft Azure. Jika Azure SQL tidak ada dalam daftar, pilih Semua layanan , lalu ketik Azure SQL di kotak pencarian. (Opsional) Pilih bintang di samping Azure SQL untuk memfavoritkannya dan menambahkannya sebagai item di navigasi sebelah kiri.
Pilih +Tambah untuk membuka halaman Pilih opsi penyebaran SQL . Anda dapat menampilkan informasi tambahan tentang database yang berbeda dengan memilih Perlihatkan detail pada petak Database .
Pilih Buat pada petak SQL Managed Instance .
Pada tab Dasar dari halaman Buat Azure SQL Managed Instance , isi bidang yang diperlukan untuk mengonfigurasi instans terkelola sekunder Anda.
Tabel berikut ini memperlihatkan nilai yang diperlukan untuk instans terkelola sekunder:
Bidang Nilai
Langganan Langganan tempat instans terkelola utama Anda berada.
Grup sumber daya Grup sumber daya tempat instans terkelola utama Anda berada.
Nama SQL Managed Instance Nama instans terkelola sekunder baru Anda, seperti sql-mi-secondary.
Wilayah Lokasi untuk instans terkelola sekunder Anda.
Info masuk admin SQL Managed Instance Info masuk yang ingin Anda gunakan untuk instans terkelola sekunder baru, seperti azureuser.
Kata sandi Kata sandi kompleks yang akan digunakan oleh info masuk admin untuk instans terkelola sekunder baru.
Di bawah tab Jaringan , untuk Jaringan Virtual , pilih jaringan virtual yang Anda buat untuk instans terkelola sekunder dari daftar drop-down.
Di bawah tab Pengaturan tambahan , untuk Geo-Replication , pilih Ya untuk Digunakan sebagai failover sekunder . Pilih instans terkelola utama dari drop-down.
Pastikan bahwa kolase dan zona waktu cocok dengan instans terkelola utama. Instans terkelola utama yang dibuat dalam tutorial ini menggunakan default kolase SQL_Latin1_General_CP1_CI_AS dan zona waktu (UTC) Coordinated Universal Time.
Pilih Tinjau + buat untuk meninjau pengaturan untuk instans terkelola sekunder Anda.
Pilih Buat untuk membuat instans terkelola sekunder Anda.
Buat instans terkelola sekunder menggunakan PowerShell.
# Configure the secondary virtual network
Write-host "Configuring secondary virtual network..."
$SecondaryVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroupName `
-Location $drlocation `
-Name $secondaryVNet `
-AddressPrefix $secondaryAddressPrefix
Add-AzVirtualNetworkSubnetConfig `
-Name $secondaryMiSubnetName `
-VirtualNetwork $SecondaryVirtualNetwork `
-AddressPrefix $secondaryMiSubnetAddress `
| Set-AzVirtualNetwork
$SecondaryVirtualNetwork
# Configure the secondary managed instance subnet
Write-host "Configuring secondary MI subnet..."
$SecondaryVirtualNetwork = Get-AzVirtualNetwork -Name $secondaryVNet `
-ResourceGroupName $resourceGroupName
$secondaryMiSubnetConfig = Get-AzVirtualNetworkSubnetConfig `
-Name $secondaryMiSubnetName `
-VirtualNetwork $SecondaryVirtualNetwork
$secondaryMiSubnetConfig
# Configure the secondary network security group management service
Write-host "Configuring secondary network security group management service..."
$secondaryMiSubnetConfigId = $secondaryMiSubnetConfig.Id
$secondaryNSGMiManagementService = New-AzNetworkSecurityGroup `
-Name 'secondaryToMIManagementService' `
-ResourceGroupName $resourceGroupName `
-location $drlocation
$secondaryNSGMiManagementService
# Configure the secondary route table MI management service
Write-host "Configuring secondary route table MI management service..."
$secondaryRouteTableMiManagementService = New-AzRouteTable `
-Name 'secondaryRouteTableMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $drlocation
$secondaryRouteTableMiManagementService
# Configure the secondary network security group
Write-host "Configuring secondary network security group..."
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $SecondaryVirtualNetwork `
-Name $secondaryMiSubnetName `
-AddressPrefix $secondaryMiSubnetAddress `
-NetworkSecurityGroup $secondaryNSGMiManagementService `
-RouteTable $secondaryRouteTableMiManagementService `
| Set-AzVirtualNetwork
Get-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroupName `
-Name "secondaryToMIManagementService" `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 9000,9003,1438,1440,1452 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix $secondaryMiSubnetAddress `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 300 `
-Name "allow_health_probe_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix AzureLoadBalancer `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1000 `
-Name "allow_tds_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 1433 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_inbound" `
-Access Deny `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 80,443,12000 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_outbound" `
-Access Allow `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix $secondaryMiSubnetAddress `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_outbound" `
-Access Deny `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Set-AzNetworkSecurityGroup
Get-AzRouteTable `
-ResourceGroupName $resourceGroupName `
-Name "secondaryRouteTableMiManagementService" `
| Add-AzRouteConfig `
-Name "secondaryToMIManagementService" `
-AddressPrefix 0.0.0.0/0 `
-NextHopType Internet `
| Add-AzRouteConfig `
-Name "ToLocalClusterNode" `
-AddressPrefix $secondaryMiSubnetAddress `
-NextHopType VnetLocal `
| Set-AzRouteTable
Write-host "Secondary network security group configured successfully."
# Create the secondary managed instance
$primaryManagedInstanceId = Get-AzSqlInstance -Name $primaryInstance -ResourceGroupName $resourceGroupName | Select-Object Id
Write-host "Creating secondary SQL Managed Instance..."
Write-host "This will take some time, see https://docs.microsoft.com/azure/sql-database/sql-database-managed-instance#managed-instance-management-operations or more information."
New-AzSqlInstance -Name $secondaryInstance `
-ResourceGroupName $resourceGroupName `
-Location $drLocation `
-SubnetId $secondaryMiSubnetConfigId `
-AdministratorCredential $mycreds `
-StorageSizeInGB $maxStorage `
-VCore $vCores `
-Edition $edition `
-ComputeGeneration $computeGeneration `
-LicenseType $license `
-DnsZonePartner $primaryManagedInstanceId.Id
Write-host "Secondary SQL Managed Instance created successfully."
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Membuat gateway utama
Catatan
SKU gateway memengaruhi performa throughput. Artikel ini menyebarkan gateway dengan SKU paling dasar (HwGw1). Sebarkan SKU yang lebih tinggi (misalnya: VpnGw3) untuk mencapai throughput yang lebih tinggi. Untuk semua opsi yang tersedia, lihat SKU Gateway
Buat gateway untuk jaringan virtual instans terkelola utama Anda menggunakan portal Azure.
Di portal Azure , buka grup sumber daya dan pilih sumber daya Jaringan virtual untuk instans terkelola utama Anda.
Pilih Subnet di bawah Pengaturan lalu pilih untuk menambahkan Subnet gateway baru. Biarkan nilai tetapi default.
Setelah gateway subjaringan dibuat, pilih Buat sumber daya dari panel navigasi kiri lalu ketik Virtual network gateway di kotak pencarian. Pilih sumber daya Gateway jaringan virtual yang diterbitkan oleh Microsoft .
Isi bidang yang diperlukan untuk mengonfigurasi gateway instans terkelola utama Anda.
Tabel berikut ini memperlihatkan nilai yang diperlukan untuk gateway untuk instans terkelola utama:
Bidang Nilai
Langganan Langganan tempat instans terkelola utama Anda berada.
Nama Nama untuk gateway jaringan virtual Anda, seperti primary-mi-gateway.
Wilayah Wilayah tempat instans terkelola utama Anda berada.
Jenis gateway Pilih VPN .
Jenis VPN Pilih Berbasis rute
SKU Biarkan default VpnGw1.
Jaringan virtual Pilih jaringan virtual yang dibuat di bagian 2, seperti vnet-sql-mi-primary.
Alamat IP Publik Pilih Buat baru .
Nama alamat IP publik Masukkan nama untuk alamat IP Anda, seperti primary-gateway-IP.
Biarkan nilai lain sebagai default, lalu pilih Ulas + buat untuk mengulas pengaturan untuk gateway jaringan virtual Anda.
Pilih Buat untuk membuat gateway jaringan virtual baru Anda.
Buat gateway untuk jaringan virtual instans terkelola utama Anda menggunakan PowerShell.
# Create the primary gateway
Write-host "Adding GatewaySubnet to primary VNet..."
Get-AzVirtualNetwork `
-Name $primaryVNet `
-ResourceGroupName $resourceGroupName `
| Add-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-AddressPrefix $primaryMiGwSubnetAddress `
| Set-AzVirtualNetwork
$primaryVirtualNetwork = Get-AzVirtualNetwork `
-Name $primaryVNet `
-ResourceGroupName $resourceGroupName
$primaryGatewaySubnet = Get-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-VirtualNetwork $primaryVirtualNetwork
Write-host "Creating primary gateway..."
Write-host "This will take some time."
$primaryGWPublicIP = New-AzPublicIpAddress -Name $primaryGWPublicIPAddress -ResourceGroupName $resourceGroupName `
-Location $location -AllocationMethod Dynamic
$primaryGatewayIPConfig = New-AzVirtualNetworkGatewayIpConfig -Name $primaryGWIPConfig `
-Subnet $primaryGatewaySubnet -PublicIpAddress $primaryGWPublicIP
$primaryGateway = New-AzVirtualNetworkGateway -Name $primaryGWName -ResourceGroupName $resourceGroupName `
-Location $location -IpConfigurations $primaryGatewayIPConfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -EnableBgp $true -Asn $primaryGWAsn
$primaryGateway
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Membuat gateway sekunder
Dalam langkah ini, buat gateway untuk jaringan virtual instans terkelola sekunder Anda menggunakan portal Azure.
Ulangi langkah-langkah di bagian sebelumnya untuk membuat subnet dan gateway jaringan virtual untuk instans terkelola sekunder. Isi bidang yang diperlukan untuk mengonfigurasi gateway instans terkelola sekunder Anda.
Tabel berikut ini memperlihatkan nilai yang diperlukan untuk gateway untuk instans terkelola sekunder:
Bidang Nilai
Langganan Langganan tempat instans terkelola sekunder Anda berada.
Nama Nama untuk gateway jaringan virtual Anda, seperti secondary-mi-gateway.
Wilayah Wilayah tempat instans terkelola sekunder Anda berada.
Jenis gateway Pilih VPN .
Jenis VPN Pilih Berbasis rute
SKU Biarkan default VpnGw1.
Jaringan virtual Pilih jaringan virtual untuk instans terkelola sekunder, seperti vnet-sql-mi-secondary.
Alamat IP Publik Pilih Buat baru .
Nama alamat IP publik Masukkan nama untuk alamat IP Anda, seperti secondary-gateway-IP.
Buat gateway untuk jaringan virtual instans terkelola sekunder menggunakan PowerShell.
# Create the secondary gateway
Write-host "Creating secondary gateway..."
Write-host "Adding GatewaySubnet to secondary VNet..."
Get-AzVirtualNetwork `
-Name $secondaryVNet `
-ResourceGroupName $resourceGroupName `
| Add-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-AddressPrefix $secondaryMiGwSubnetAddress `
| Set-AzVirtualNetwork
$secondaryVirtualNetwork = Get-AzVirtualNetwork `
-Name $secondaryVNet `
-ResourceGroupName $resourceGroupName
$secondaryGatewaySubnet = Get-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-VirtualNetwork $secondaryVirtualNetwork
$drLocation = $secondaryVirtualNetwork.Location
Write-host "Creating secondary gateway..."
Write-host "This will take some time."
$secondaryGWPublicIP = New-AzPublicIpAddress -Name $secondaryGWPublicIPAddress -ResourceGroupName $resourceGroupName `
-Location $drLocation -AllocationMethod Dynamic
$secondaryGatewayIPConfig = New-AzVirtualNetworkGatewayIpConfig -Name $secondaryGWIPConfig `
-Subnet $secondaryGatewaySubnet -PublicIpAddress $secondaryGWPublicIP
$secondaryGateway = New-AzVirtualNetworkGateway -Name $secondaryGWName -ResourceGroupName $resourceGroupName `
-Location $drLocation -IpConfigurations $secondaryGatewayIPConfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -EnableBgp $true -Asn $secondaryGWAsn
$secondaryGateway
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Menyambungkan gateway
Dalam langkah ini, buat koneksi dua arah antara dua gateway dari dua jaringan virtual.
Sambungkan dua gateway menggunakan portal Azure.
Pilih Buat sumber daya dari portal Microsoft Azure .
Ketik connection di kotak pencarian lalu tekan enter untuk mencari, yang membawa Anda ke sumber daya Koneksi , yang diterbitkan oleh Microsoft.
Pilih Buat untuk membuat koneksi Anda.
Pada halaman Dasar , pilih nilai berikut ini lalu pilih OK .
Pilih VNet-to-VNet untuk Jenis koneksi .
Pilih langganan Anda dari drop-down.
Pilih grup sumber daya untuk SQL Managed Instance di drop-down.
Pilih lokasi instans terkelola utama Anda dari drop-down.
Pada halaman Pengaturan , pilih atau masukkan nilai berikut ini lalu pilih OK :
Pilih gateway jaringan utama untuk Gateway jaringan virtual pertama , seperti primaryGateway.
Pilih gateway jaringan sekunder untuk Gateway jaringan virtual kedua , seperti secondaryGateway.
Pilih kotak centang di samping Buat konektivitas dua arah .
Biarkan nama koneksi utama default, atau ganti namanya menjadi nilai pilihan Anda.
Berikan Kunci bersama (PSK) untuk koneksi, seperti mi1m2psk.
Pilih OK untuk menyimpan pengaturan Anda.
Pada halaman Ulas + buat , ulas pengaturan untuk koneksi dua arah Anda lalu pilih OK untuk membuat koneksi Anda.
Sambungkan dua gateway menggunakan PowerShell.
# Connect the primary to secondary gateway
Write-host "Connecting the primary gateway to secondary gateway..."
New-AzVirtualNetworkGatewayConnection -Name $primaryGWConnection -ResourceGroupName $resourceGroupName `
-VirtualNetworkGateway1 $primaryGateway -VirtualNetworkGateway2 $secondaryGateway -Location $location `
-ConnectionType Vnet2Vnet -SharedKey $vpnSharedKey -EnableBgp $true
$primaryGWConnection
# Connect the secondary to primary gateway
Write-host "Connecting the secondary gateway to primary gateway..."
New-AzVirtualNetworkGatewayConnection -Name $secondaryGWConnection -ResourceGroupName $resourceGroupName `
-VirtualNetworkGateway1 $secondaryGateway -VirtualNetworkGateway2 $primaryGateway -Location $drLocation `
-ConnectionType Vnet2Vnet -SharedKey $vpnSharedKey -EnableBgp $true
$secondaryGWConnection
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Membuat grup failover
Dalam langkah ini, Anda akan membuat grup failover dan menambahkan kedua instans terkelola ke dalamnya.
Buat grup failover Anda menggunakan portal Azure.
Pilih Azure SQL di menu sebelah kiri portal Microsoft Azure . Jika Azure SQL tidak ada dalam daftar, pilih Semua layanan , lalu ketik Azure SQL di kotak pencarian. (Opsional) Pilih bintang di samping Azure SQL untuk memfavoritkannya dan menambahkannya sebagai item di navigasi sebelah kiri.
Pilih instans terkelola utama yang Anda buat di bagian pertama, seperti sql-mi-primary.
Di bagian Manjemen data , buka Grup failover lalu pilih Tambahkan grup untuk membuka halaman Grup Failover Instans .
Pada halaman Grup Failover Instans , ketik nama grup failover Anda, seperti failovergrouptutorial. Kemudian pilih instans terkelola sekunder, seperti sql-mi-secondary, dari drop-down. Pilih Buat untuk membuat grup kegagalan Anda.
Setelah penyebaran grup kegagalan selesai, Anda akan dibawa kembali ke halaman Grup kegagalan .
Buat grup failover menggunakan PowerShell.
Write-host "Creating the failover group..."
$failoverGroup = New-AzSqlDatabaseInstanceFailoverGroup -Name $failoverGroupName `
-Location $location -ResourceGroupName $resourceGroupName -PrimaryManagedInstanceName $primaryInstance `
-PartnerRegion $drLocation -PartnerManagedInstanceName $secondaryInstance `
-FailoverPolicy Automatic -GracePeriodWithDataLossHours 1
$failoverGroup
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Menguji kegagalan
Dalam langkah ini, Anda akan melakukan failover grup failover Anda ke server sekunder, dan kemudian gagal kembali menggunakan portal Microsoft Azure.
Uji failover menggunakan portal Azure.
Navigasikan ke instans terkelola sekunder Anda di dalam portal Azure dan pilih Grup Failover Instans di bawah pengaturan.
Ulas instans terkelola mana yang merupakan utama, dan instans terkelola mana yang merupakan yang sekunder.
Pilih Kegagalan lalu pilih Ya pada peringatan tentang sesi TDS yang terputus.
Ulas instans terkelola mana yang merupakan utama, dan instans terkelola mana yang merupakan sekunder. Jika kegagalan berhasil, kedua instans harus telah beralih peran.
Buka instans terkelola sekunder baru dan pilih Kegagalan sekali lagi untuk menggagalkan kembali instans utama ke peran utama.
Uji failover menggunakan PowerShell.
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName
# Fail over the primary managed instance to the secondary role
Write-host "Failing primary over to the secondary location"
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $drLocation -Name $failoverGroupName | Switch-AzSqlDatabaseInstanceFailoverGroup
Write-host "Successfully failed failover group to secondary location"
Mengembalikan grup failover kembali ke server utama:
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $drLocation -Name $failoverGroupName
# Fail the primary managed instance back to the primary role
Write-host "Failing primary back to primary role"
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName | Switch-AzSqlDatabaseInstanceFailoverGroup
Write-host "Successfully failed failover group to primary location"
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Bersihkan sumber daya
Bersihkan sumber daya dengan terlebih dahulu menghapus instans yang dikelola, kemudian klaster virtual, lalu sumber daya yang tersisa, dan akhirnya grup sumber daya.
Navigasi ke grup sumber daya Anda di portal Microsoft Azure .
Pilih instans terkelola lalu pilih Hapus . Ketik yes dalam kotak teks untuk mengonfirmasi bahwa Anda ingin menghapus sumber daya lalu pilih Hapus . Proses ini mungkin perlu waktu untuk diselesaikan di latar belakang, dan setelah selesai baru Anda dapat menghapus kluster virtual atau sumber daya dependen lainnya. Pantau penghapusan di tab Aktivitas untuk mengonfirmasi instans terkelola yang telah dihapus.
Setelah instans terkelola dihapus, hapus kluster virtual dengan memilihnya di grup sumber daya, lalu pilih Hapus . Ketik yes dalam kotak teks untuk mengonfirmasi bahwa Anda ingin menghapus sumber daya lalu pilih Hapus .
Hapus sumber daya yang tersisa. Ketik yes dalam kotak teks untuk mengonfirmasi bahwa Anda ingin menghapus sumber daya lalu pilih Hapus .
Hapus grup sumber daya dengan memilih Hapus grup sumber daya , ketikkan nama grup sumber daya, myResourceGroup, lalu pilih Hapus .
Anda harus menghapus grup sumber daya dua kali. Menghapus grup sumber daya untuk pertama kali akan menghapus instans terkelola dan klaster virtual tetapi kemudian akan gagal dengan pesan kesalahan Remove-AzResourceGroup : Long running operation failed with status 'Conflict'. Jalankan perintah Remove-AzResourceGroup untuk kedua kalinya untuk menghapus sumber daya residual serta grup sumber daya.
Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
Write-host "Removing SQL Managed Instance and virtual cluster..."
Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
Write-host "Removing residual resources and resource group..."
Bagian tutorial ini menggunakan cmdlet PowerShell berikut:
Skrip lengkap
<#
Due to deployment times, you should plan for a full day to complete the entire script.
You can monitor deployment progress in the activity log within the Azure portal.
For more information on deployment times, see https://docs.microsoft.com/azure/sql-database/sql-database-managed-instance#managed-instance-management-operations.
Closing the session will result in an incomplete deployment. To continue progress, you will
need to determine what the random modifier is and manually replace the random variable with
the previously-assigned value.
#>
# Connect-AzAccount
# The SubscriptionId in which to create these objects
$SubscriptionId = '<Subscription-ID>'
# Create a random identifier to use as subscript for the different resource names
$randomIdentifier = $(Get-Random)
# Set the resource group name and location for your managed instance
$resourceGroupName = "myResourceGroup-$randomIdentifier"
$location = "eastus"
$drLocation = "eastus2"
# Set the networking values for your primary managed instance
$primaryVNet = "primaryVNet-$randomIdentifier"
$primaryAddressPrefix = "10.0.0.0/16"
$primaryDefaultSubnet = "primaryDefaultSubnet-$randomIdentifier"
$primaryDefaultSubnetAddress = "10.0.0.0/24"
$primaryMiSubnetName = "primaryMISubnet-$randomIdentifier"
$primaryMiSubnetAddress = "10.0.0.0/24"
$primaryMiGwSubnetAddress = "10.0.255.0/27"
$primaryGWName = "primaryGateway-$randomIdentifier"
$primaryGWPublicIPAddress = $primaryGWName + "-ip"
$primaryGWIPConfig = $primaryGWName + "-ipc"
$primaryGWAsn = 61000
$primaryGWConnection = $primaryGWName + "-connection"
# Set the networking values for your secondary managed instance
$secondaryVNet = "secondaryVNet-$randomIdentifier"
$secondaryAddressPrefix = "10.128.0.0/16"
$secondaryDefaultSubnet = "secondaryDefaultSubnet-$randomIdentifier"
$secondaryDefaultSubnetAddress = "10.128.0.0/24"
$secondaryMiSubnetName = "secondaryMISubnet-$randomIdentifier"
$secondaryMiSubnetAddress = "10.128.0.0/24"
$secondaryMiGwSubnetAddress = "10.128.255.0/27"
$secondaryGWName = "secondaryGateway-$randomIdentifier"
$secondaryGWPublicIPAddress = $secondaryGWName + "-IP"
$secondaryGWIPConfig = $secondaryGWName + "-ipc"
$secondaryGWAsn = 62000
$secondaryGWConnection = $secondaryGWName + "-connection"
# Set the managed instance name for the new managed instances
$primaryInstance = "primary-mi-$randomIdentifier"
$secondaryInstance = "secondary-mi-$randomIdentifier"
# Set the admin login and password for your managed instance
$secpasswd = "PWD27!"+(New-Guid).Guid | ConvertTo-SecureString -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("azureuser", $secpasswd)
# Set the managed instance service tier, compute level, and license mode
$edition = "General Purpose"
$vCores = 8
$maxStorage = 256
$computeGeneration = "Gen5"
$license = "LicenseIncluded" #"BasePrice" or LicenseIncluded if you have don't have SQL Server licence that can be used for AHB discount
# Set failover group details
$vpnSharedKey = "mi1mi2psk"
$failoverGroupName = "failovergroup-$randomIdentifier"
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Password is" $secpasswd
Write-host "Primary Virtual Network name is" $primaryVNet
Write-host "Primary default subnet name is" $primaryDefaultSubnet
Write-host "Primary managed instance subnet name is" $primaryMiSubnetName
Write-host "Secondary Virtual Network name is" $secondaryVNet
Write-host "Secondary default subnet name is" $secondaryDefaultSubnet
Write-host "Secondary managed instance subnet name is" $secondaryMiSubnetName
Write-host "Primary managed instance name is" $primaryInstance
Write-host "Secondary managed instance name is" $secondaryInstance
Write-host "Failover group name is" $failoverGroupName
# Suppress networking breaking changes warning (https://aka.ms/azps-changewarnings
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"
# Set subscription context
Set-AzContext -SubscriptionId $subscriptionId
# Create a resource group
Write-host "Creating resource group..."
$resourceGroup = New-AzResourceGroup -Name $resourceGroupName -Location $location -Tag @{Owner="SQLDB-Samples"}
$resourceGroup
# Configure primary virtual network
Write-host "Creating primary virtual network..."
$primaryVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroupName `
-Location $location `
-Name $primaryVNet `
-AddressPrefix $primaryAddressPrefix
Add-AzVirtualNetworkSubnetConfig `
-Name $primaryMiSubnetName `
-VirtualNetwork $primaryVirtualNetwork `
-AddressPrefix $PrimaryMiSubnetAddress `
| Set-AzVirtualNetwork
$primaryVirtualNetwork
# Configure primary MI subnet
Write-host "Configuring primary MI subnet..."
$primaryVirtualNetwork = Get-AzVirtualNetwork -Name $primaryVNet -ResourceGroupName $resourceGroupName
$primaryMiSubnetConfig = Get-AzVirtualNetworkSubnetConfig `
-Name $primaryMiSubnetName `
-VirtualNetwork $primaryVirtualNetwork
$primaryMiSubnetConfig
# Configure network security group management service
Write-host "Configuring primary MI subnet..."
$primaryMiSubnetConfigId = $primaryMiSubnetConfig.Id
$primaryNSGMiManagementService = New-AzNetworkSecurityGroup `
-Name 'primaryNSGMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $location
$primaryNSGMiManagementService
# Configure route table management service
Write-host "Configuring primary MI route table management service..."
$primaryRouteTableMiManagementService = New-AzRouteTable `
-Name 'primaryRouteTableMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $location
$primaryRouteTableMiManagementService
# Configure the primary network security group
Write-host "Configuring primary network security group..."
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $primaryVirtualNetwork `
-Name $primaryMiSubnetName `
-AddressPrefix $PrimaryMiSubnetAddress `
-NetworkSecurityGroup $primaryNSGMiManagementService `
-RouteTable $primaryRouteTableMiManagementService | `
Set-AzVirtualNetwork
Get-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroupName `
-Name "primaryNSGMiManagementService" `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 9000,9003,1438,1440,1452 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix $PrimaryMiSubnetAddress `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 300 `
-Name "allow_health_probe_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix AzureLoadBalancer `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1000 `
-Name "allow_tds_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 1433 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_inbound" `
-Access Deny `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 80,443,12000 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_outbound" `
-Access Allow `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix $PrimaryMiSubnetAddress `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_outbound" `
-Access Deny `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Set-AzNetworkSecurityGroup
Write-host "Primary network security group configured successfully."
Get-AzRouteTable `
-ResourceGroupName $resourceGroupName `
-Name "primaryRouteTableMiManagementService" `
| Add-AzRouteConfig `
-Name "primaryToMIManagementService" `
-AddressPrefix 0.0.0.0/0 `
-NextHopType Internet `
| Add-AzRouteConfig `
-Name "ToLocalClusterNode" `
-AddressPrefix $PrimaryMiSubnetAddress `
-NextHopType VnetLocal `
| Set-AzRouteTable
Write-host "Primary network route table configured successfully."
# Create primary managed instance
Write-host "Creating primary managed instance..."
Write-host "This will take some time, see https://docs.microsoft.com/azure/sql-database/sql-database-managed-instance#managed-instance-management-operations for more information."
New-AzSqlInstance -Name $primaryInstance `
-ResourceGroupName $resourceGroupName `
-Location $location `
-SubnetId $primaryMiSubnetConfigId `
-AdministratorCredential $mycreds `
-StorageSizeInGB $maxStorage `
-VCore $vCores `
-Edition $edition `
-ComputeGeneration $computeGeneration `
-LicenseType $license
Write-host "Primary managed instance created successfully."
# Configure secondary virtual network
Write-host "Configuring secondary virtual network..."
$SecondaryVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $resourceGroupName `
-Location $drlocation `
-Name $secondaryVNet `
-AddressPrefix $secondaryAddressPrefix
Add-AzVirtualNetworkSubnetConfig `
-Name $secondaryMiSubnetName `
-VirtualNetwork $SecondaryVirtualNetwork `
-AddressPrefix $secondaryMiSubnetAddress `
| Set-AzVirtualNetwork
$SecondaryVirtualNetwork
# Configure secondary managed instance subnet
Write-host "Configuring secondary MI subnet..."
$SecondaryVirtualNetwork = Get-AzVirtualNetwork -Name $secondaryVNet -ResourceGroupName $resourceGroupName
$secondaryMiSubnetConfig = Get-AzVirtualNetworkSubnetConfig `
-Name $secondaryMiSubnetName `
-VirtualNetwork $SecondaryVirtualNetwork
$secondaryMiSubnetConfig
# Configure secondary network security group management service
Write-host "Configuring secondary network security group management service..."
$secondaryMiSubnetConfigId = $secondaryMiSubnetConfig.Id
$secondaryNSGMiManagementService = New-AzNetworkSecurityGroup `
-Name 'secondaryToMIManagementService' `
-ResourceGroupName $resourceGroupName `
-location $drlocation
$secondaryNSGMiManagementService
# Configure secondary route table MI management service
Write-host "Configuring secondary route table MI management service..."
$secondaryRouteTableMiManagementService = New-AzRouteTable `
-Name 'secondaryRouteTableMiManagementService' `
-ResourceGroupName $resourceGroupName `
-location $drlocation
$secondaryRouteTableMiManagementService
# Configure the secondary network security group
Write-host "Configuring secondary network security group..."
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $SecondaryVirtualNetwork `
-Name $secondaryMiSubnetName `
-AddressPrefix $secondaryMiSubnetAddress `
-NetworkSecurityGroup $secondaryNSGMiManagementService `
-RouteTable $secondaryRouteTableMiManagementService `
| Set-AzVirtualNetwork
Get-AzNetworkSecurityGroup `
-ResourceGroupName $resourceGroupName `
-Name "secondaryToMIManagementService" `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 9000,9003,1438,1440,1452 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix $secondaryMiSubnetAddress `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 300 `
-Name "allow_health_probe_inbound" `
-Access Allow `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix AzureLoadBalancer `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1000 `
-Name "allow_tds_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 1433 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_inbound" `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_inbound" `
-Access Deny `
-Protocol * `
-Direction Inbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 100 `
-Name "allow_management_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange 80,443,12000 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 200 `
-Name "allow_misubnet_outbound" `
-Access Allow `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix $secondaryMiSubnetAddress `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1100 `
-Name "allow_redirect_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 11000-11999 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 1200 `
-Name "allow_geodr_outbound" `
-Access Allow `
-Protocol Tcp `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix VirtualNetwork `
-DestinationPortRange 5022 `
-DestinationAddressPrefix * `
| Add-AzNetworkSecurityRuleConfig `
-Priority 4096 `
-Name "deny_all_outbound" `
-Access Deny `
-Protocol * `
-Direction Outbound `
-SourcePortRange * `
-SourceAddressPrefix * `
-DestinationPortRange * `
-DestinationAddressPrefix * `
| Set-AzNetworkSecurityGroup
Get-AzRouteTable `
-ResourceGroupName $resourceGroupName `
-Name "secondaryRouteTableMiManagementService" `
| Add-AzRouteConfig `
-Name "secondaryToMIManagementService" `
-AddressPrefix 0.0.0.0/0 `
-NextHopType Internet `
| Add-AzRouteConfig `
-Name "ToLocalClusterNode" `
-AddressPrefix $secondaryMiSubnetAddress `
-NextHopType VnetLocal `
| Set-AzRouteTable
Write-host "Secondary network security group configured successfully."
# Create secondary managed instance
$primaryManagedInstanceId = Get-AzSqlInstance -Name $primaryInstance -ResourceGroupName $resourceGroupName | Select-Object Id
Write-host "Creating secondary managed instance..."
Write-host "This will take some time, see https://docs.microsoft.com/azure/sql-database/sql-database-managed-instance#managed-instance-management-operations for more information."
New-AzSqlInstance -Name $secondaryInstance `
-ResourceGroupName $resourceGroupName `
-Location $drLocation `
-SubnetId $secondaryMiSubnetConfigId `
-AdministratorCredential $mycreds `
-StorageSizeInGB $maxStorage `
-VCore $vCores `
-Edition $edition `
-ComputeGeneration $computeGeneration `
-LicenseType $license `
-DnsZonePartner $primaryManagedInstanceId.Id
Write-host "Secondary managed instance created successfully."
# Create primary gateway
Write-host "Adding GatewaySubnet to primary VNet..."
Get-AzVirtualNetwork `
-Name $primaryVNet `
-ResourceGroupName $resourceGroupName `
| Add-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-AddressPrefix $primaryMiGwSubnetAddress `
| Set-AzVirtualNetwork
$primaryVirtualNetwork = Get-AzVirtualNetwork `
-Name $primaryVNet `
-ResourceGroupName $resourceGroupName
$primaryGatewaySubnet = Get-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-VirtualNetwork $primaryVirtualNetwork
Write-host "Creating primary gateway..."
Write-host "This will take some time."
$primaryGWPublicIP = New-AzPublicIpAddress -Name $primaryGWPublicIPAddress -ResourceGroupName $resourceGroupName `
-Location $location -AllocationMethod Dynamic
$primaryGatewayIPConfig = New-AzVirtualNetworkGatewayIpConfig -Name $primaryGWIPConfig `
-Subnet $primaryGatewaySubnet -PublicIpAddress $primaryGWPublicIP
$primaryGateway = New-AzVirtualNetworkGateway -Name $primaryGWName -ResourceGroupName $resourceGroupName `
-Location $location -IpConfigurations $primaryGatewayIPConfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -EnableBgp $true -Asn $primaryGWAsn
$primaryGateway
# Create the secondary gateway
Write-host "Creating secondary gateway..."
Write-host "Adding GatewaySubnet to secondary VNet..."
Get-AzVirtualNetwork `
-Name $secondaryVNet `
-ResourceGroupName $resourceGroupName `
| Add-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-AddressPrefix $secondaryMiGwSubnetAddress `
| Set-AzVirtualNetwork
$secondaryVirtualNetwork = Get-AzVirtualNetwork `
-Name $secondaryVNet `
-ResourceGroupName $resourceGroupName
$secondaryGatewaySubnet = Get-AzVirtualNetworkSubnetConfig `
-Name "GatewaySubnet" `
-VirtualNetwork $secondaryVirtualNetwork
$drLocation = $secondaryVirtualNetwork.Location
Write-host "Creating secondary gateway..."
Write-host "This will take some time."
$secondaryGWPublicIP = New-AzPublicIpAddress -Name $secondaryGWPublicIPAddress -ResourceGroupName $resourceGroupName `
-Location $drLocation -AllocationMethod Dynamic
$secondaryGatewayIPConfig = New-AzVirtualNetworkGatewayIpConfig -Name $secondaryGWIPConfig `
-Subnet $secondaryGatewaySubnet -PublicIpAddress $secondaryGWPublicIP
$secondaryGateway = New-AzVirtualNetworkGateway -Name $secondaryGWName -ResourceGroupName $resourceGroupName `
-Location $drLocation -IpConfigurations $secondaryGatewayIPConfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -EnableBgp $true -Asn $secondaryGWAsn
$secondaryGateway
# Connect the primary to secondary gateway
Write-host "Connecting the primary gateway to secondary gateway..."
New-AzVirtualNetworkGatewayConnection -Name $primaryGWConnection -ResourceGroupName $resourceGroupName `
-VirtualNetworkGateway1 $primaryGateway -VirtualNetworkGateway2 $secondaryGateway -Location $location `
-ConnectionType Vnet2Vnet -SharedKey $vpnSharedKey -EnableBgp $true
$primaryGWConnection
# Connect the secondary to primary gateway
Write-host "Connecting the secondary gateway to primary gateway..."
New-AzVirtualNetworkGatewayConnection -Name $secondaryGWConnection -ResourceGroupName $resourceGroupName `
-VirtualNetworkGateway1 $secondaryGateway -VirtualNetworkGateway2 $primaryGateway -Location $drLocation `
-ConnectionType Vnet2Vnet -SharedKey $vpnSharedKey -EnableBgp $true
$secondaryGWConnection
# Create failover group
Write-host "Creating the failover group..."
$failoverGroup = New-AzSqlDatabaseInstanceFailoverGroup -Name $failoverGroupName `
-Location $location -ResourceGroupName $resourceGroupName -PrimaryManagedInstanceName $primaryInstance `
-PartnerRegion $drLocation -PartnerManagedInstanceName $secondaryInstance `
-FailoverPolicy Automatic -GracePeriodWithDataLossHours 1
$failoverGroup
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName
# Failover the primary managed instance to the secondary role
Write-host "Failing primary over to the secondary location"
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $drLocation -Name $failoverGroupName | Switch-AzSqlDatabaseInstanceFailoverGroup
Write-host "Successfully failed failover group to secondary location"
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $drLocation -Name $failoverGroupName
# Fail primary managed instance back to primary role
Write-host "Failing primary back to primary role"
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName | Switch-AzSqlDatabaseInstanceFailoverGroup
Write-host "Successfully failed failover group to primary location"
# Verify the current primary role
Get-AzSqlDatabaseInstanceFailoverGroup -ResourceGroupName $resourceGroupName `
-Location $location -Name $failoverGroupName
# Clean up deployment
<# You will need to remove the resource group twice. Removing the resource group the first time will remove the managed instance and virtual clusters but will then fail with the error message `Remove-AzResourceGroup : Long running operation failed with status 'Conflict'.`. Run the Remove-AzResourceGroup command a second time to remove any residual resources as well as the resource group. #>
# Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
# Write-host "Removing managed instance and virtual cluster..."
# Remove-AzResourceGroup -ResourceGroupName $resourceGroupName
# Write-host "Removing residual resources and resouce group..."
# Show randomized variables
Write-host "Resource group name is" $resourceGroupName
Write-host "Password is" $secpasswd
Write-host "Primary Virtual Network name is" $primaryVNet
Write-host "Primary default subnet name is" $primaryDefaultSubnet
Write-host "Primary managed instance subnet name is" $primaryMiSubnetName
Write-host "Secondary Virtual Network name is" $secondaryVNet
Write-host "Secondary default subnet name is" $secondaryDefaultSubnet
Write-host "Secondary managed instance subnet name is" $secondaryMiSubnetName
Write-host "Primary managed instance name is" $primaryInstance
Write-host "Secondary managed instance name is" $secondaryInstance
Write-host "Failover group name is" $failoverGroupName
Skrip ini menggunakan perintah berikut. Setiap perintah dalam tabel ditautkan ke dokumentasi spesifik perintah.
Tidak ada skrip yang tersedia untuk portal Microsoft Azure.
Langkah berikutnya
Dalam tutorial ini, Anda mengonfigurasi grup failover antara dua instans terkelola. Anda mempelajari cara untuk:
Membuat instans terkelola utama
Buat instans terkelola sekunder sebagai bagian dari grup failover .
Uji failover.
Lanjutkan ke mulai cepat berikutnya tentang cara menyambungkan ke SQL Managed Instance, dan cara memulihkan database ke SQL Managed Instance:
Azure SQL Managed Instance
