可下載附件
        
        

        

        
          /*
        
        
          **********************主機(jī)ANNATROV******************************
        
        
          */
        
        

        

        
          /*
        
        
          

          

          數(shù)據(jù)庫(kù)鏡像
          

          

          主機(jī):ANNATROV
          

          

          備機(jī):JOHN
          

          

          見(jiàn)證機(jī):KATE
          

          

          以上三臺(tái)機(jī)器均:XP SP3;SQL SERVER 2008 SP1.備機(jī),見(jiàn)證機(jī)均為VM虛擬機(jī),主機(jī)為本機(jī)
          

          

          由于系統(tǒng)是XP,所以沒(méi)有做域.因此采用證書認(rèn)證方式來(lái)連接.所以,如果要用于透明數(shù)據(jù)加密的請(qǐng)注意.MASTER證書可以共用,需要建的是數(shù)據(jù)庫(kù)證書.
          

          

          數(shù)據(jù)庫(kù)要能夠互相訪問(wèn),不懂的端口的可以把防火墻關(guān)掉.
          

          

          由于數(shù)據(jù)庫(kù)鏡像只對(duì)數(shù)據(jù)庫(kù)內(nèi)數(shù)據(jù)進(jìn)行同步,因此主庫(kù)上的(msdb)作業(yè),(master)登陸名需要手工同步,以免造成不必要的麻煩.
          

          

        
        
          */
        
        

        

        
          /*
        
        
          

          

          如果數(shù)據(jù)庫(kù)MASTER有加密碼了,可以刪除.
          

          

          刪除證書
          

          

          --SET ENCRYPTION OFF
          

          

          DROP CERTIFICATE HOST_C_cert  --刪除加密的證書,就是加密碼的數(shù)據(jù)庫(kù)證書.
          

          

          drop MASTER KEY   --刪除主密鑰,也就是MASTER的
          

          

          drop database encryption key
          

          

        
        
          */
        
        

        

        
          --
        
        
          創(chuàng)建證書
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          CREATE
        
         MASTER 
        
          KEY
        
         ENCRYPTION 
        
          BY
        
         PASSWORD 
        
          =
        
        
          '
        
        
          OOOooo
        
        
          '
        
        ;
        

        

        
          CREATE
        
         CERTIFICATE ANNATROV 
        
          WITH
        
         SUBJECT 
        
          =
        
        
          '
        
        
          ANNATROV
        
        
          '
        
         ,
        

        

        START_DATE 
        
          =
        
        
          '
        
        
          2010-07-23
        
        
          '
        
        ;
        

        

        

        

        
          --
        
        
          創(chuàng)建鏈接端點(diǎn)
        
        
          

        
        

        
          CREATE
        
         ENDPOINT Endpoint_Mirroring
        

        

        STATE 
        
          =
        
         STARTED
        

        

        
          AS
        
        

        

        TCP ( LISTENER_PORT
        
          =
        
        
          5022
        
         , LISTENER_IP 
        
          =
        
        
          ALL
        
         )
        

        

        
          FOR
        
        

        

        DATABASE_MIRRORING
        

        

        ( AUTHENTICATION 
        
          =
        
         CERTIFICATE ANNATROV , ENCRYPTION 
        
          =
        
         REQUIRED ALGORITHM AES , ROLE 
        
          =
        
        
          ALL
        
         );
        

        

        

        

        
          --
        
        
          備份證書,并拷貝證書至各機(jī)確保互聯(lián)
        
        
          

        
        

        
          BACKUP
        
         CERTIFICATE ANNATROV 
        
          TO
        
        
          FILE
        
        
          =
        
        
          '
        
        
          g:\test\ANNATROV.cer
        
        
          '
        
        ;
        

        

        
          /*
        
        
          主機(jī),備機(jī),見(jiàn)證機(jī)三機(jī)都備份完證書以后,然后再將各自的證書拷貝到其他兩臺(tái)機(jī)器上,因?yàn)橄旅娴奶砑拥顷懨麆?chuàng)建的賬號(hào)需要各自的
          

          

          證書來(lái)驗(yàn)證.比如主機(jī)ANNATROV上,就需要有JOHN,KATE的證書
        
        
          */
        
        

        

        
          --
        
        
          添加登陸名,用戶
        
        
          

        
        

        
          --
        
        
          備機(jī)用戶--JOHN
        
        
          

        
        

        
          CREATE
        
         LOGIN JOHN 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         JOHN 
        
          FOR
        
         LOGIN JOHN;
        

        

        
          CREATE
        
         CERTIFICATE JOHN 
        
          AUTHORIZATION
        
         JOHN 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          g:\test\JOHN.cer
        
        
          '
        
        ; 
        
          --
        
        
          證書驗(yàn)證
        
        
          

        
        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          JOHN
        
        
          ]
        
        ;
        

        

        
          --
        
        
          見(jiàn)證機(jī)用戶--KATE
        
        
          

        
        

        
          CREATE
        
         LOGIN KATE 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         KATE 
        
          FOR
        
         LOGIN KATE;
        

        

        
          CREATE
        
         CERTIFICATE KATE 
        
          AUTHORIZATION
        
         KATE 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          g:\test\KATE.cer
        
        
          '
        
        ;
        
          --
        
        
          證書驗(yàn)證
        
        
          

        
        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          KATE
        
        
          ]
        
        ;
        

        

        
          /*
        
        
          

          

          --手工同步登陸名,密碼
          

          

          --鏡像的缺點(diǎn)就是不能同步數(shù)據(jù)庫(kù)用戶名和作業(yè),因?yàn)樾枰止ね@兩項(xiàng).
          

          

              --在主機(jī)上找出合建名
          

          

          USE master;
          

          

          select sid,name from syslogins;
          

          

              --在備機(jī)上創(chuàng)建登陸名
          

          

           USE master;
          

          

           exec sp_addlogin
          

          

           @loginame = 'Data_Syn',
          

          

           @passwd = '123,./',
          

          

           @sid = 0x9FD492E8D353394AA8893CE7B0EC1E08;
          

          

        
        
          */
        
        

        

        
          --
        
        
          等各主機(jī)都執(zhí)行以上步驟再可以執(zhí)行以下語(yǔ)句.
        
        
          

        
        

        
          --
        
        
          建立鏡像
        
        
          

        
        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER 
        
          =
        
        
          '
        
        
          TCP://john:5022
        
        
          '
        
        
          --
        
        
          先在備機(jī)執(zhí)行然后再這個(gè)
        
        
          

        
        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         WITNESS 
        
          =
        
        
          '
        
        
          TCP://kate:5022
        
        
          '
        
        
          --
        
        
          見(jiàn)證機(jī)上不需要執(zhí)行
        
        
          

        
        

        
          /*
        
        
          *************************備機(jī) JOHN**************************
        
        
          */
        
        

        

        

        

        
          /*
        
        
          

          

          如果數(shù)據(jù)庫(kù)MASTER有加密碼了,可以刪除.
          

          

          刪除證書
          

          

          --SET ENCRYPTION OFF
          

          

          DROP CERTIFICATE HOST_C_cert  --刪除加密的證書,就是加密碼的數(shù)據(jù)庫(kù)證書.
          

          

          drop MASTER KEY   --刪除主密鑰,也就是MASTER的
          

          

          drop database encryption key
          

          

        
        
          */
        
        

        

        
          --
        
        
          創(chuàng)建證書
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          CREATE
        
         MASTER 
        
          KEY
        
         ENCRYPTION 
        
          BY
        
         PASSWORD 
        
          =
        
        
          '
        
        
          OOOooo
        
        
          '
        
        ;
        

        

        
          CREATE
        
         CERTIFICATE JOHN 
        
          WITH
        
         SUBJECT 
        
          =
        
        
          '
        
        
          JOHN
        
        
          '
        
        ,
        

        

        START_DATE 
        
          =
        
        
          '
        
        
          2010-07-23
        
        
          '
        
        ;
        

        

        
          --
        
        
          -------------------
        
        
          

        
        

        
          --
        
        
          創(chuàng)建點(diǎn)鏈接
        
        
          

        
        

        
          CREATE
        
         ENDPOINT Endpoint_Mirroring
        

        

        STATE 
        
          =
        
         STARTED
        

        

        
          AS
        
        

        

        TCP ( LISTENER_PORT
        
          =
        
        
          5022
        
         , LISTENER_IP 
        
          =
        
        
          ALL
        
         )
        

        

        
          FOR
        
        

        

        DATABASE_MIRRORING
        

        

        ( AUTHENTICATION 
        
          =
        
         CERTIFICATE JOHN , ENCRYPTION 
        
          =
        
         REQUIRED ALGORITHM AES , ROLE 
        
          =
        
        
          ALL
        
         );
        

        

        
          --
        
        
          備份證書,并拷貝證書至各機(jī)確?；ヂ?lián)
        
        
          

        
        

        
          BACKUP
        
         CERTIFICATE JOHN 
        
          TO
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\JOHN.cer
        
        
          '
        
        ;
        

        

        
          --
        
        
          添加登陸名,用戶
        
        
          

        
        

        
          --
        
        
          主機(jī)用戶--ANNATROV
        
        
          

        
        

        
          CREATE
        
         LOGIN ANNATROV 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         ANNATROV 
        
          FOR
        
         LOGIN ANNATROV;
        

        

        
          CREATE
        
         CERTIFICATE ANNATROV 
        
          AUTHORIZATION
        
         ANNATROV 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\ANNATROV.cer
        
        
          '
        
        ;
        

        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          ANNATROV
        
        
          ]
        
        ;
        

        

        
          --
        
        
          見(jiàn)證機(jī)用戶
        
        
          

        
        

        
          CREATE
        
         LOGIN KATE 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         KATE 
        
          FOR
        
         LOGIN KATE;
        

        

        
          CREATE
        
         CERTIFICATE KATE 
        
          AUTHORIZATION
        
         KATE 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\KATE.cer
        
        
          '
        
        ;
        

        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          KATE
        
        
          ]
        
        ;
        

        

        
          --
        
        
          在備機(jī)上創(chuàng)建登陸名
        
        
          

        
        

        
          /*
        
        
          

          

           USE master;
          

          

           exec sp_addlogin
          

          

           @loginame = 'Data_Syn',
          

          

           @passwd = '123,./',
          

          

           @sid = 0x9FD492E8D353394AA8893CE7B0EC1E08;
          

          

        
        
          */
        
        

        

        
          --
        
        
          建立鏡像
        
        
          

        
        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER
        
          =
        
        
          '
        
        
          TCP://annatrov:5022
        
        
          '
        
        
          --
        
        
          先在備機(jī)執(zhí)行再在主機(jī)執(zhí)行
        
        
          

        
        

        
          /*
        
        
          **********************見(jiàn)證機(jī) KATE*********************************
        
        
          */
        
        

        

        
          /*
        
        
          

          

          如果數(shù)據(jù)庫(kù)MASTER有加密碼了,可以刪除.
          

          

          刪除證書
          

          

          --SET ENCRYPTION OFF
          

          

          DROP CERTIFICATE HOST_C_cert  --刪除加密的證書,就是加密碼的數(shù)據(jù)庫(kù)證書.
          

          

          drop MASTER KEY   --刪除主密鑰,也就是MASTER的
          

          

          drop database encryption key
          

          

        
        
          */
        
        

        

        
          --
        
        
          創(chuàng)建證書
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          CREATE
        
         MASTER 
        
          KEY
        
         ENCRYPTION 
        
          BY
        
         PASSWORD 
        
          =
        
        
          '
        
        
          OOOooo
        
        
          '
        
        ;
        

        

        
          CREATE
        
         CERTIFICATE KATE 
        
          WITH
        
         SUBJECT 
        
          =
        
        
          '
        
        
          KATE
        
        
          '
        
        ,
        

        

        START_DATE 
        
          =
        
        
          '
        
        
          2010-07-23
        
        
          '
        
        ;
        

        

        
          --
        
        
          ---------------
        
        
          

        
        

        
          --
        
        
          創(chuàng)建端點(diǎn)鏈接
        
        
          

        
        

        
          CREATE
        
         ENDPOINT Endpoint_Mirroring
        

        

        STATE 
        
          =
        
         STARTED
        

        

        
          AS
        
        

        

        TCP ( LISTENER_PORT
        
          =
        
        
          5022
        
         , LISTENER_IP 
        
          =
        
        
          ALL
        
         )
        

        

        
          FOR
        
        

        

        DATABASE_MIRRORING
        

        

        ( AUTHENTICATION 
        
          =
        
         CERTIFICATE KATE , ENCRYPTION 
        
          =
        
         REQUIRED ALGORITHM AES , ROLE 
        
          =
        
        
          ALL
        
         );
        

        

        
          --
        
        
          備份證書,并拷貝證書至各機(jī)確?；ヂ?lián)
        
        
          

        
        

        
          BACKUP
        
         CERTIFICATE KATE 
        
          TO
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\KATE.cer
        
        
          '
        
        ;
        

        

        
          --
        
        
          添加登陸名,用戶
        
        
          

        
        

        
          --
        
        
          主機(jī)登陸用戶
        
        
          

        
        

        
          CREATE
        
         LOGIN ANNATROV 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         ANNATROV 
        
          FOR
        
         LOGIN ANNATROV;
        

        

        
          CREATE
        
         CERTIFICATE ANNATROV 
        
          AUTHORIZATION
        
         ANNATROV 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\ANNATROV.cer
        
        
          '
        
        ;
        

        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          ANNATROV
        
        
          ]
        
        ;
        

        

        
          --
        
        
          備機(jī)登陸用戶
        
        
          

        
        

        
          CREATE
        
         LOGIN JOHN 
        
          WITH
        
         PASSWORD 
        
          =
        
        
          '
        
        
          123456
        
        
          '
        
        ;
        

        

        
          CREATE
        
        
          USER
        
         JOHN 
        
          FOR
        
         LOGIN JOHN;
        

        

        
          CREATE
        
         CERTIFICATE JOHN 
        
          AUTHORIZATION
        
         JOHN 
        
          FROM
        
        
          FILE
        
        
          =
        
        
          '
        
        
          c:\sqlt\JOHN.cer
        
        
          '
        
        ;
        

        

        
          GRANT
        
         CONNECT 
        
          ON
        
         ENDPOINT::Endpoint_Mirroring 
        
          TO
        
        
          [
        
        
          JOHN
        
        
          ]
        
        ;
        

        

        
          /*
        
        
          ************************主備手工切換*****************************
        
        
          */
        
        

        

        
          --
        
        
          測(cè)試:主備互換
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER FAILOVER;
        

        

        

        

        
          USE
        
         master;
        

        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER SAFETY 
        
          FULL
        
        ; 
        
          --
        
        
          事務(wù)安全,同步模式
        
        
          

        
        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER SAFETY 
        
          OFF
        
        ;  
        
          --
        
        
          事務(wù)不安全,異步模式,高性能
        
        
          

        
        

        
          --
        
        
          --------------
        
        
          

        
        

        
          --
        
        
          測(cè)試:主備互換
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER FAILOVER;
        

        

        
          --
        
        
          主服務(wù)器Down掉,備機(jī)緊急啟動(dòng)并且開(kāi)始服務(wù)
        
        
          

        
        

        
          --
        
        
          備機(jī)執(zhí)行
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER FORCE_SERVICE_ALLOW_DATA_LOSS;
        

        

        
          --
        
        
          備機(jī)執(zhí)行：
        
        
          

        
        

        
          USE
        
         master;
        

        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER RESUME; 
        
          --
        
        
          恢復(fù)鏡像
        
        
          

        
        

        
          ALTER
        
        
          DATABASE
        
         PpP 
        
          SET
        
         PARTNER FAILOVER; 
        
          --
        
        
          切換主備
        
        
          

        
        

        
          --
        
        
          結(jié)果圖
        
        
          

        
        

        

        

        

        

        作者:ANNATROV
        

        

        時(shí)間:
        
          2010
        
        
          -
        
        
          8
        
        
          -
        
        
          4