還原 Azure SQL Database 或容錯移轉到次要資料庫Restore an Azure SQL Database or failover to a secondary

Azure SQL Database 提供下列功能,以從中斷復原:Azure SQL Database offers the following capabilities for recovering from an outage:

若要了解商務持續性案例,以及支援這些案例的功能,請參閱 商務持續性To learn about business continuity scenarios and the features supporting these scenarios, see Business continuity.

注意

如果您使用區域備援進階或業務關鍵資料庫或集區,系統就會自動執行復原程序,但這份資料的其餘部分不適用。If you are using zone-redundant Premium or Business Critical databases or pools, the recovery process is automated and the rest of this material does not apply.

注意

主要和次要資料庫必須有相同的服務層級。Both primary and secondary databases are required to have the same service tier. 此外, 強烈建議使用與主要複本相同的計算大小 (Dtu 或虛擬核心) 來建立次要資料庫。It is also strongly recommended that the secondary database is created with the same compute size (DTUs or vCores) as the primary. 如需詳細資訊, 請參閱升級或降級為主資料庫For more information, see Upgrading or downgrading as primary database.

注意

使用一或多個容錯移轉群組來管理多個資料庫的容錯移轉。Use one or several failover groups to manage failover of multiple databases. 如果您在容錯移轉群組中新增現有的異地複寫關聯性,請確定異地次要資料庫所設定的服務層級與計算大小和主要資料庫相同。If you add an existing geo-replication relationship to the failover group, make sure the geo-secondary is configured with the same service tier and compute size as the primary. 如需詳細資訊, 請參閱使用自動容錯移轉群組來啟用多個資料庫的透明和協調容錯移轉For more information, see Use auto-failover groups to enable transparent and coordinated failover of multiple databases.

準備中斷事件Prepare for the event of an outage

如果要使用容錯移轉群組或異地備援備份成功復原到另一個資料區域,您必須準備一台伺服器,以便在另一個資料中心中斷時成為新的主要伺服器,以及將定義好的步驟寫成文件並經過測試,以確保順利復原。For success with recovery to another data region using either failover groups or geo-redundant backups, you need to prepare a server in another data center outage to become the new primary server should the need arise as well as have well-defined steps documented and tested to ensure a smooth recovery. 這些準備步驟包括︰These preparation steps include:

  • 識別在另一個區域中要成為新主要伺服器的 SQL Database 伺服器。Identify the SQL Database server in another region to become the new primary server. 就異地還原而言,這通常是在您資料庫所在區域之配對區域中的伺服器。For geo-restore, this is generally a server in the paired region for the region in which your database is located. 這可避免在異地還原作業期間發生額外的流量成本。This eliminates the additional traffic cost during the geo-restoring operations.
  • 識別並選擇性地定義所需的伺服器層級 IP 防火牆規則,讓使用者可以存取新的主要資料庫。Identify, and optionally define, the server-level IP firewall rules needed on for users to access the new primary database.
  • 決定要如何重新導向使用者至新的主要伺服器,例如變更連接字串或變更 DNS 項目。Determine how you are going to redirect users to the new primary server, such as by changing connection strings or by changing DNS entries.
  • 識別並選擇性地建立登入,新主要伺服器的 master 資料庫中必須有這些登入,並確保這些登入在 master 資料庫中有適當的權限 (如果有的話)。Identify, and optionally create, the logins that must be present in the master database on the new primary server, and ensure these logins have appropriate permissions in the master database, if any. 如需詳細資訊,請參閱 災害復原後的 SQL Database 安全性For more information, see SQL Database security after disaster recovery
  • 識別需要更新成對應至新主要資料庫的警示規則。Identify alert rules that need to be updated to map to the new primary database.
  • 將目前主要資料庫上的稽核設定整理成文件Document the auditing configuration on the current primary database
  • 執行 災害復原演練Perform a disaster recovery drill. 若要模擬異地還原中斷,您可以刪除或重新命名來源資料庫,讓應用程式連線失敗。To simulate an outage for geo-restore, you can delete or rename the source database to cause application connectivity failure. 若要使用容錯移轉群組模擬中斷,您可以停用 Web 應用程式或連線到資料庫的的虛擬機器,或是容錯移轉資料庫,讓應用程式連線失敗。To simulate an outage using failover groups, you can disable the web application or virtual machine connected to the database or failover the database to cause application connectivity failures.

何時起始復原When to initiate recovery

復原作業會影響應用程式。The recovery operation impacts the application. 它需要變更 SQL 連接字串,或使用 DNS 重新導向,並且可能會導致永久的資料遺失。It requires changing the SQL connection string or redirection using DNS and could result in permanent data loss. 因此,只有在中斷情況可能持續超過應用程式的復原時間目標時,才應該執行這項作業。Therefore, it should be done only when the outage is likely to last longer than your application's recovery time objective. 將應用程式部署至生產環境之後,您應該定期監視應用程式健全狀況,並利用下列資料點判斷是否需要復原:When the application is deployed to production you should perform regular monitoring of the application health and use the following data points to assert that the recovery is warranted:

  1. 從應用程式層到資料庫的連接發生永久性失敗。Permanent connectivity failure from the application tier to the database.
  2. Azure 入口網站顯示有關區域中影響廣泛之事件的警示。The Azure portal shows an alert about an incident in the region with broad impact.

注意

如果您使用容錯移轉群組並選擇自動容錯移轉,復原程序便會自動執行並對應用程式公開透明。If you are using failover groups and chose automatic failover, the recovery process is automated and transparent to the application.

視您應用程式的停機容忍度和可能的商務責任而定,您可以考慮下列復原選項。Depending on your application tolerance to downtime and possible business liability you can consider the following recovery options.

使用 取得可復原資料庫 (LastAvailableBackupDate) 以取得異地複寫的最近還原點。Use the Get Recoverable Database (LastAvailableBackupDate) to get the latest Geo-replicated restore point.

等候服務復原Wait for service recovery

Azure 團隊會努力儘快還原服務可用性,但需視根本原因而言,有可能需要數小時或數天的時間。The Azure teams work diligently to restore service availability as quickly as possible but depending on the root cause it can take hours or days. 如果您的應用程式可以容忍長時間停機,您可以等待復原完成。If your application can tolerate significant downtime you can simply wait for the recovery to complete. 在此情況下,您不需要採取任何動作。In this case, no action on your part is required. 您可以在 Azure 服務健康狀態儀表板上看見目前的服務狀態。You can see the current service status on our Azure Service Health Dashboard. 在復原區域之後,就會還原您應用程式的可用性。After the recovery of the region, your application’s availability is restored.

容錯移轉至容錯移轉群組中異地複寫的次要伺服器Fail over to geo-replicated secondary server in the failover group

如果您應用程式的停機情況可能造成業務責任,您應該使用容錯移轉群組。If your application’s downtime can result in business liability, you should be using failover groups. 這可讓應用程式在發生中斷時,在不同的區域中快速還原可用性。It enables the application to quickly restore availability in a different region in case of an outage. 如需教學課程,請參閱實作異地分散式資料庫For a tutorial, see Implement a geo-distributed database.

若要還原資料庫的可用性,您必須使用其中一種支援的方法,開始容錯移轉到次要伺服器。To restore availability of the database(s) you need to initiate the failover to the secondary server using one of the supported methods.

使用下列其中一份指南,容錯移轉至異地複寫的次要資料庫:Use one of the following guides to fail over to a geo-replicated secondary database:

使用異地還原進行復原Recover using geo-restore

如果您應用程式的停機不會導致任何商務責任,您可以使用異地還原來作為復原應用程式資料庫的方法。If your application’s downtime does not result in business liability you can use geo-restore as a method to recover your application database(s). 它會從其最新的異地備援備份建立資料庫的複本。It creates a copy of the database from its latest geo-redundant backup.

在復原之後設定資料庫Configure your database after recovery

如果您使用異地復原來從中斷復原,您必須確定已正確設定新資料庫的連接,才能繼續執行正常的應用程式功能。If you are using geo-restore to recover from an outage, you must make sure that the connectivity to the new databases is properly configured so that the normal application function can be resumed. 以下工作檢查清單可協助您準備產生復原的資料庫。This is a checklist of tasks to get your recovered database production ready.

更新連接字串Update connection strings

因為復原的資料庫會位於不同的伺服器,所以您必須更新應用程式的連接字串以指向該伺服器。Because your recovered database resides in a different server, you need to update your application’s connection string to point to that server.

如需變更連接字串的詳細資訊,請參閱 連線庫的適當開發語言。For more information about changing connection strings, see the appropriate development language for your connection library.

設定防火牆規則Configure Firewall Rules

您需要確認伺服器和資料庫上設定的防火牆規則符合主要伺服器與主要資料庫上設定的防火牆規則。You need to make sure that the firewall rules configured on server and on the database match those that were configured on the primary server and primary database. 如需詳細資訊,請參閱如何:進行防火牆設定 (Azure SQL Database)For more information, see How to: Configure Firewall Settings (Azure SQL Database).

設定登入和資料庫使用者Configure logins and database users

您需要確定應用程式使用的所有登入,都存在於主控已復原資料庫的伺服器上。You need to make sure that all the logins used by your application exist on the server which is hosting your recovered database. 如需詳細資訊,請參閱異地複寫的安全性設定For more information, see Security Configuration for geo-replication.

注意

您應該在災害復原演練期間設定和測試伺服器防火牆規則與登入 (及其權限)。You should configure and test your server firewall rules and logins (and their permissions) during a disaster recovery drill. 這些伺服器層級物件及其設定可能無法在中斷期間使用。These server-level objects and their configuration may not be available during the outage.

設定遙測警示Setup telemetry alerts

您必須確定現有的警示規則設定已更新,才能對應至復原的資料庫和不同的伺服器。You need to make sure your existing alert rule settings are updated to map to the recovered database and the different server.

如需有關資料庫警示規則的詳細資訊,請參閱接收警示通知追蹤服務健全狀況For more information about database alert rules, see Receive Alert Notifications and Track Service Health.

啟用稽核Enable auditing

如果需要稽核才能存取您的資料庫,則您必須在資料庫復原之後啟用稽核。If auditing is required to access your database, you need to enable Auditing after the database recovery. 如需詳細資訊,請參閱資料庫稽核 (英文)For more information, see Database auditing.

後續步驟Next steps