使用证书创建数据库镜像

 1 /*step 1 主实例中. 在master数据 库中创建系统密钥,如果当前系统中已经有加密密钥,可以忽略. 而后创建数据库镜像所需要的证书*/

 2 use master

 3 go

 4 create master key encryption by password='1@3Mirror'

 5 go

 6 create certificate mirror_core_cert

 7 with subject='core server certificate for mirror',expiry_date='2030-1-1';

 8 go

 9 

10 USE [master]

11 GO

12 

13 /****** Object:  Endpoint [Mirroring]    Script Date: 11/25/2013 9:38:24 AM ******/

14 /*创建节点,并指定所有者为上一步中所创建的证书. 而后备份证书,并将证书拷贝到镜像副本服务器上,以供还愿证书*/

15 ALTER ENDPOINT [Mirroring] 

16     STATE=STARTED

17     AS TCP (LISTENER_PORT = 5024, LISTENER_IP = ALL)

18     FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_core_cert

19 , ENCRYPTION = REQUIRED ALGORITHM AES)

20 GO

21 

22 BACKUP CERTIFICATE mirror_core_cert TO FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt';

23 GO

24 

25 

26 /*step 2 副本实例中,在master库中创建相同的系统密钥,并创建副本的证书*/

27 use master

28 go

29 --create master key encryption by password='1@3Mirror'

30 go

31 create certificate mirror_secondary_cert

32 with subject='secondary server certificate for mirror',expiry_date='2030-1-1';

33 go

34 

35 USE [master]

36 GO

37 

38 /****** Object:  Endpoint [Mirroring]    Script Date: 11/25/2013 9:38:24 AM ******/

39 /*创建节点,并指定所有者为上一步中创建的证书. 备份证书,并拷贝到主实例的机器中,以待还原证书*/

40 ALTER ENDPOINT [Mirroring] 

41     STATE=STARTED

42     AS TCP (LISTENER_PORT = 5023, LISTENER_IP = ALL)

43     FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = CERTIFICATE mirror_secondary_cert

44 , ENCRYPTION = REQUIRED ALGORITHM AES)

45 GO

46 

47 BACKUP CERTIFICATE mirror_secondary_cert TO FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt';

48 GO

49 

50 /*step 3 副本实例中,创建登陆名及用户,并还原主实例中备份的证书,指定节点的权限,并设置数据库镜像的参与者.需要注意,端口需要是主实例服务器中设定的.*/

51 CREATE LOGIN mor WITH PASSWORD='test1@3';

52 GO

53 CREATE USER mor FOR LOGIN mor;

54 GO

55 CREATE CERTIFICATE mirror_core_cert

56 AUTHORIZATION mor

57 FROM FILE='D:\certificate\MyPCMirror\mirror_core_cert.crt';

58 GO

59 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor;

60 GO

61 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5024';

62 GO

63 

64 

65 /*step 4 在主实例中,重复副本实例中的步骤.如果需要设置见证服务器,还需要指定一个见证服务器的地址.*/

66 

67 CREATE LOGIN mor WITH PASSWORD='test1@3';

68 GO

69 CREATE USER mor FOR LOGIN mor;

70 GO

71 CREATE CERTIFICATE mirror_secondary_cert

72 AUTHORIZATION mor

73 FROM FILE='D:\certificate\MyPCMirror\mirror_secondary_cert.crt';

74 GO

75 GRANT CONNECT ON ENDPOINT::[Mirroring] TO mor;

76 GO

77 

78 ALTER DATABASE db1 SET PARTNER='TCP://grant-pc:5023';

79 GO

80 ALTER DATABASE db1 SET PARTNER SAFETY OFF;