教程:在 Azure 虚拟机中的 SQL Server 上创建可用性组的先决条件Tutorial: Prerequisites for creating availability groups on SQL Server on Azure Virtual Machines

适用于: Azure VM 上的 SQL Server

本教程展示了如何完成在 Azure 虚拟机 (VM) 中创建 SQL Server AlwaysOn 可用性组的先决条件。This tutorial shows how to complete the prerequisites for creating a SQL Server Always On availability group on Azure Virtual Machines (VMs). 完成先决条件后,你将在单个资源组中拥有一台域控制器、两台 SQL Server VM 和一台见证服务器。When you've completed the prerequisites, you'll have a domain controller, two SQL Server VMs, and a witness server in a single resource group.

时间估计:可能需要几个小时才能完成必备组件配置。Time estimate: It might take a couple of hours to complete the prerequisites. 大部分时间花费在创建虚拟机上。Much of this time is spent creating virtual machines.

下图演示了在本教程中构建的内容。The following diagram illustrates what you build in the tutorial.

可用性组

查看可用性组文档Review availability group documentation

本教程假设你已基本了解 SQL Server AlwaysOn 可用性组。This tutorial assumes that you have a basic understanding of SQL Server Always On availability groups. 若不熟悉此技术,请参阅 Always On 可用性组概述 (SQL Server)If you're not familiar with this technology, see Overview of Always On availability groups (SQL Server).

创建 Azure 帐户Create an Azure account

需要一个 Azure 帐户。You need an Azure account. 可以创建一个试用版订阅激活 Visual Studio 订阅者权益You can open a Trial Subscription or activate Visual Studio subscriber benefits.

创建资源组Create a resource group

  1. 登录到 Azure 门户Sign in to the Azure portal.

  2. 在门户中选择 + 以创建一个新对象。Select + to create a new object in the portal.

    新建对象

  3. 在“市场”搜索窗口中键入“资源组”。 Type resource group in the Marketplace search window.

    资源组

  4. 选择“资源组”。Select Resource group.

  5. 选择“创建” 。Select Create.

  6. 在“资源组名称”下,键入资源组的名称。Under Resource group name, type a name for the resource group. 例如,键入 sql-ha-rgFor example, type sql-ha-rg.

  7. 若有多个 Azure 订阅,请验证该订阅是否为要在其中创建可用性组的 Azure 订阅。If you have multiple Azure subscriptions, verify that the subscription is the Azure subscription that you want to create the availability group in.

  8. 选择一个位置。Select a location. 该位置为要在其中创建可用性组的 Azure 区域。The location is the Azure region where you want to create the availability group. 本文将在一个 Azure 位置生成所有资源。This article builds all resources in one Azure location.

  9. 验证是否已选中“固定到仪表板”。Verify that Pin to dashboard is checked. 此可选设置将在 Azure 门户仪表板上放置资源组的快捷方式。This optional setting places a shortcut for the resource group on the Azure portal dashboard.

    Azure 门户的资源组快捷方式

  10. 选择“创建”以创建资源组。Select Create to create the resource group.

Azure 会创建资源组,并在门户中固定资源组的快捷方式。Azure creates the resource group and pins a shortcut to the resource group in the portal.

创建网络和子网Create the network and subnets

下一步是在 Azure 资源组中创建网络和子网。The next step is to create the networks and subnets in the Azure resource group.

此解决方案使用一个包含两个子网的虚拟网络。The solution uses one virtual network with two subnets. 有关 Azure 中网络的详细信息,请参阅虚拟网络概述The Virtual network overview provides more information about networks in Azure.

若要在 Azure 门户中创建虚拟网络,请执行以下操作:To create the virtual network in the Azure portal:

  1. 在资源组中,选择“+ 添加”。In your resource group, select + Add.

    新建项

  2. 搜索“虚拟网络”。Search for virtual network.

    搜索虚拟网络

  3. 选择“虚拟网络”。Select Virtual network.

  4. 在“虚拟网络”中,选择“资源管理器”部署模型,然后选择“创建”。On the Virtual network, select the Resource Manager deployment model, and then select Create.

    下表显示了虚拟网络的设置:The following table shows the settings for the virtual network:

    字段Field ValueValue
    名称Name autoHAVNETautoHAVNET
    地址空间Address space 10.33.0.0/2410.33.0.0/24
    子网名称Subnet name 管理员Admin
    子网地址范围Subnet address range 10.33.0.0/2910.33.0.0/29
    订阅Subscription 指定要使用的订阅。Specify the subscription that you intend to use. 如果只有一个订阅,“订阅”字段将是空白的。Subscription is blank if you only have one subscription.
    资源组Resource group 选择“使用现有项”,然后选择资源组的名称。Choose Use existing and pick the name of the resource group.
    位置Location 指定 Azure 位置。Specify the Azure location.

    地址空间和子网地址范围可能与此表中有所不同。Your address space and subnet address range might be different from the table. 门户根据具体的订阅建议可用的地址空间和相应的子网地址范围。Depending on your subscription, the portal suggests an available address space and corresponding subnet address range. 如果地址空间不足,请使用其他订阅。If no sufficient address space is available, use a different subscription.

    本示例使用子网名称 Admin。此子网用于域控制器。The example uses the subnet name Admin. This subnet is for the domain controllers.

  5. 选择“创建” 。Select Create.

    配置虚拟网络

Azure 返回到门户仪表板,并在创建好新网络时发出通知。Azure returns you to the portal dashboard and notifies you when the new network is created.

创建第二个子网。Create a second subnet

新虚拟网络包含一个名为 Admin 的子网。域控制器使用此子网。The new virtual network has one subnet, named Admin. The domain controllers use this subnet. SQL Server VM 使用名为 SQL 的另一个子网。The SQL Server VMs use a second subnet named SQL. 若要配置此子网,请执行以下操作:To configure this subnet:

  1. 在仪表板上,选择你创建的资源组 SQL-HA-RGOn your dashboard, select the resource group that you created, SQL-HA-RG. 在“资源”下的资源组中找到网络。Locate the network in the resource group under Resources.

    如果看不到 SQL-HA-RG,请选择“资源组”并根据资源组名称进行筛选,这样就可以找到它。If SQL-HA-RG isn't visible, find it by selecting Resource Groups and filtering by the resource group name.

  2. 选择资源列表中的 autoHAVNETSelect autoHAVNET on the list of resources.

  3. 在“autoHAVNET”虚拟网络中的“设置”下,选择“子网”。On the autoHAVNET virtual network, under Settings select Subnets.

    请记下已创建的子网。Note the subnet that you already created.

    请记下已创建的子网

  4. 若要创建第二个子网,请选择“+ 子网”。To create a second subnet, select + Subnet.

  5. 在“添加子网”中,通过在“名称”下键入 sqlsubnet 配置子网。On Add subnet, configure the subnet by typing sqlsubnet under Name. Azure 自动指定一个有效的 地址范围Azure automatically specifies a valid Address range. 请确认此地址范围中至少有 10 个地址。Verify that this address range has at least 10 addresses in it. 生产环境中可能需要更多地址。In a production environment, you might require more addresses.

  6. 选择“确定” 。Select OK.

    配置子网

下表汇总了网络配置设置:The following table summarizes the network configuration settings:

字段Field ValueValue
名称Name autoHAVNETautoHAVNET
地址空间Address space 此值取决于订阅中可用的地址空间。This value depends on the available address spaces in your subscription. 典型值为 10.0.0.0/16。A typical value is 10.0.0.0/16.
子网名称Subnet name adminadmin
子网地址范围Subnet address range 此值取决于订阅中可用的地址范围。This value depends on the available address ranges in your subscription. 典型值为 10.0.0.0/24。A typical value is 10.0.0.0/24.
子网名称Subnet name sqlsubnetsqlsubnet
子网地址范围Subnet address range 此值取决于订阅中可用的地址范围。This value depends on the available address ranges in your subscription. 典型值为 10.0.1.0/24。A typical value is 10.0.1.0/24.
订阅Subscription 指定要使用的订阅。Specify the subscription that you intend to use.
资源组Resource Group SQL-HA-RGSQL-HA-RG
位置Location 指定为资源组选择的同一位置。Specify the same location that you chose for the resource group.

创建可用性集Create availability sets

创建虚拟机前,需创建可用性集。Before you create virtual machines, you need to create availability sets. 可用性集可减少计划内或计划外维护事件的停机时间。Availability sets reduce the downtime for planned or unplanned maintenance events. Azure 可用性集是 Azure 置于物理容错域和更新域上的逻辑资源组。An Azure availability set is a logical group of resources that Azure places on physical fault domains and update domains. 容错域可确保可用性集的成员具有单独的电源和网络资源。A fault domain ensures that the members of the availability set have separate power and network resources. 更新域确保可用性集的成员不会同时停机进行维护。An update domain ensures that members of the availability set aren't brought down for maintenance at the same time. 有关详细信息,请参阅管理虚拟机的可用性For more information, see Manage the availability of virtual machines.

需要两个可用性集。You need two availability sets. 一个用于域控制器。One is for the domain controllers. 另一个用于 SQL Server VM。The second is for the SQL Server VMs.

若要创建可用性集,请转到资源组并选择“添加”。To create an availability set, go to the resource group and select Add. 通过键入“可用性集”筛选结果。Filter the results by typing availability set. 选择结果中的“可用性集”,然后选择“创建”。Select Availability Set in the results, and then select Create.

根据下表中的参数配置两个可用性集:Configure two availability sets according to the parameters in the following table:

字段Field 域控制器可用性集Domain controller availability set SQL Server 可用性集SQL Server availability set
名称Name adavailabilitysetadavailabilityset sqlavailabilitysetsqlavailabilityset
资源组Resource group sql-ha-rgSQL-HA-RG sql-ha-rgSQL-HA-RG
容错域Fault domains 33 33
更新域Update domains 55 33

创建可用性集之后,请返回到 Azure 门户中的资源组。After you create the availability sets, return to the resource group in the Azure portal.

创建域控制器Create domain controllers

创建网络、子网、可用性集后,即可为域控制器创建虚拟机。After you've created the network, subnets, and availability sets, you're ready to create the virtual machines for the domain controllers.

为域控制器创建虚拟机Create virtual machines for the domain controllers

若要创建并配置域控制器,请返回到 SQL-HA-RG 资源组。To create and configure the domain controllers, return to the SQL-HA-RG resource group.

  1. 选择“添加” 。Select Add.
  2. 键入 Windows Server 2016 DatacenterType Windows Server 2016 Datacenter.
  3. 选择“Windows Server 2016 Datacenter”。Select Windows Server 2016 Datacenter. 在“Windows Server 2016 Datacenter”中,确认部署模型为“资源管理器”,然后选择“创建”。In Windows Server 2016 Datacenter, verify that the deployment model is Resource Manager, and then select Create.

重复上述步骤创建两个虚拟机。Repeat the preceding steps to create two virtual machines. 将两个虚拟机命名为:Name the two virtual machines:

  • ad-primary-dcad-primary-dc

  • ad-secondary-dcad-secondary-dc

    备注

    ad-secondary-dc 虚拟机是可选的,用于为 Active Directory 域服务提供高可用性。The ad-secondary-dc virtual machine is optional, to provide high availability for Active Directory Domain Services.

下表显示了这两个虚拟机的设置:The following table shows the settings for these two machines:

字段Field ValueValue
名称Name 第一个域控制器:ad-primary-dcFirst domain controller: ad-primary-dc.
第二个域控制器 ad-secondary-dcSecond domain controller ad-secondary-dc.
VM 磁盘类型VM disk type SSDSSD
用户名User name DomainAdminDomainAdmin
密码Password Contoso!0000Contoso!0000
订阅Subscription 订阅Your subscription
资源组Resource group sql-ha-rgSQL-HA-RG
位置Location 你的位置Your location
大小Size DS1_V2DS1_V2
存储Storage 使用托管磁盘 - Use managed disks - Yes
虚拟网络Virtual network autoHAVNETautoHAVNET
子网Subnet 管理员admin
公共 IP 地址Public IP address 与 VM 同名Same name as the VM
网络安全组Network security group 与 VM 同名Same name as the VM
可用性集Availability set adavailabilitysetadavailabilityset
容错域:2Fault domains:2
更新域:2Update domains:2
诊断Diagnostics 已启用Enabled
诊断存储帐户Diagnostics storage account 自动创建Automatically created

重要

只能在创建 VM 时将 VM 放入可用性集。You can only place a VM in an availability set when you create it. 创建 VM 后,无法更改可用性集。You can't change the availability set after a VM is created. 请参阅管理虚拟机的可用性See Manage the availability of virtual machines.

Azure 会创建虚拟机。Azure creates the virtual machines.

创建虚拟机后,请配置域控制器。After the virtual machines are created, configure the domain controller.

配置域控制器Configure the domain controller

执行以下步骤,将 ad-primary-dc 计算机配置为 corp.contoso.com 的域控制器。In the following steps, configure the ad-primary-dc machine as a domain controller for corp.contoso.com.

  1. 在门户中打开 SQL-HA-RG 资源组,然后选择 ad-primary-dc 计算机。In the portal, open the SQL-HA-RG resource group and select the ad-primary-dc machine. 在“ad-primary-dc”中,选择“连接”,打开用于远程桌面访问的 RDP 文件。 On ad-primary-dc, select Connect to open an RDP file for remote desktop access.

    连接到虚拟机

  2. 使用已配置的管理员帐户 ( \DomainAdmin) 和密码 (Contoso!0000) 登录。Sign in with your configured administrator account (\DomainAdmin) and password (Contoso!0000).

  3. 默认情况下,应显示“服务器管理器”仪表板。By default, the Server Manager dashboard should be displayed.

  4. 选择仪表板上的“添加角色和功能”链接。Select the Add roles and features link on the dashboard.

    服务器管理器 - 添加角色

  5. 选择“下一步”,直到到达“服务器角色”部分。 Select Next until you get to the Server Roles section.

  6. 选择“Active Directory 域服务”和“DNS 服务器”角色。 Select the Active Directory Domain Services and DNS Server roles. 出现提示时,添加这些角色所需的任何其他功能。When you're prompted, add any additional features that are required by these roles.

    备注

    Windows 会警告你没有静态 IP 地址。Windows warns you that there is no static IP address. 若要测试配置,请选择“继续”。If you're testing the configuration, select Continue. 对于生产方案,请在 Azure 门户中将 IP 地址设置为静态,或使用 PowerShell 设置域控制器计算机的静态 IP 地址For production scenarios, set the IP address to static in the Azure portal, or use PowerShell to set the static IP address of the domain controller machine.

    “添加角色”对话框

  7. 选择“下一步”,直到显示“确认”部分。 Select Next until you reach the Confirmation section. 选中“必要时自动重启目标服务器”复选框。Select the Restart the destination server automatically if required check box.

  8. 选择“安装”。Select Install.

  9. 功能安装完毕后,返回到“服务器管理器”仪表板。After the features finish installing, return to the Server Manager dashboard.

  10. 选择左侧窗格中的新“AD DS”选项。Select the new AD DS option on the left-hand pane.

  11. 选择黄色警告栏上的“更多”链接。Select the More link on the yellow warning bar.

    DNS 服务器 VM 上的 AD DS 对话框

  12. 在“所有服务器任务详细信息”对话框的“操作”栏中,选择“将此服务器提升为域控制器”。 In the Action column of the All Server Task Details dialog, select Promote this server to a domain controller.

  13. 在“Active Directory 域服务配置向导”中,使用以下值:In the Active Directory Domain Services Configuration Wizard, use the following values:

    PagePage 设置Setting
    部署配置Deployment Configuration 添加新林Add a new forest
    根域名 = corp.contoso.comRoot domain name = corp.contoso.com
    域控制器选项Domain Controller Options DSRM 密码 = Contoso!0000DSRM Password = Contoso!0000
    确认密码 = Contoso!0000Confirm Password = Contoso!0000
  14. 选择“下一步”以浏览向导中的其他页。Select Next to go through the other pages in the wizard. 在“必备项检查”页上,确认看到以下消息:“所有先决条件检查都成功通过”。On the Prerequisites Check page, verify that you see the following message: All prerequisite checks passed successfully. 查看任何适用的警告消息,但可继续安装。You can review any applicable warning messages, but it's possible to continue with the installation.

  15. 选择“安装”。Select Install. ad-primary-dc 虚拟机自动重新启动。The ad-primary-dc virtual machine automatically reboots.

记下主域控制器的 IP 地址Note the IP address of the primary domain controller

为 DNS 使用主域控制器。Use the primary domain controller for DNS. 记下主域控制器的 IP 地址。Note the primary domain controller IP address.

获取主域控制器 IP 地址的方法之一是使用 Azure 门户。One way to get the primary domain controller IP address is through the Azure portal.

  1. 在 Azure 门户中打开资源组。On the Azure portal, open the resource group.

  2. 选择主域控制器。Select the primary domain controller.

  3. 在主域控制器中,选择“网络接口”。On the primary domain controller, select Network interfaces.

网络接口

记下此服务器的专用 IP 地址。Note the private IP address for this server.

配置虚拟网络 DNSConfigure the virtual network DNS

在创建第一个域控制器并在第一台服务器上启用 DNS 后,将虚拟网络配置为将此服务器用作 DNS。After you create the first domain controller and enable DNS on the first server, configure the virtual network to use this server for DNS.

  1. 在 Azure 门户中,选择虚拟网络。In the Azure portal, select on the virtual network.

  2. 在“设置”下,选择“DNS 服务器”。 Under Settings, select DNS Server.

  3. 选择“自定义”,键入主域控制器的专用 IP 地址。Select Custom, and type the private IP address of the primary domain controller.

  4. 选择“保存” 。Select Save.

配置第二个域控制器Configure the second domain controller

在主域控制器重新启动之后,可以配置第二个域控制器。After the primary domain controller reboots, you can configure the second domain controller. 此可选步骤适用于实现高可用性。This optional step is for high availability. 遵循以下步骤配置第二个域控制器:Follow these steps to configure the second domain controller:

  1. 在门户中打开 SQL-HA-RG 资源组,然后选择 ad-secondary-dc 计算机。In the portal, open the SQL-HA-RG resource group and select the ad-secondary-dc machine. 在“ad-secondary-dc”中,选择“连接”,打开用于远程桌面访问的 RDP 文件。 On ad-secondary-dc, select Connect to open an RDP file for remote desktop access.

  2. 使用已配置的管理员帐户 (BUILTIN\DomainAdmin) 和密码 (Contoso!0000) 登录到 VM。Sign in to the VM by using your configured administrator account (BUILTIN\DomainAdmin) and password (Contoso!0000).

  3. 将首选 DNS 服务器地址更改为域控制器的地址。Change the preferred DNS server address to the address of the domain controller.

  4. 在“网络和共享中心”中,选择网络接口。In Network and Sharing Center, select the network interface.

    Linux

  5. 选择“属性”。Select Properties.

  6. 选择“Internet 协议版本 4 (TCP/IPv4)”,然后选择“属性”。Select Internet Protocol Version 4 (TCP/IPv4) and then select Properties.

  7. 选择“使用以下 DNS 服务器地址”,然后在“首选 DNS 服务器”中指定主域控制器的地址。Select Use the following DNS server addresses and then specify the address of the primary domain controller in Preferred DNS server.

  8. 选择“确定”,然后选择“关闭”以提交更改。 Select OK, and then Close to commit the changes. 现在能够将该 VM 加入到 corp.contoso.com 中。You are now able to join the VM to corp.contoso.com.

    重要

    如果在更改 DNS 设置后与远程桌面断开了连接,请转到 Azure 门户并重新启动虚拟机。If you lose the connection to your remote desktop after changing the DNS setting, go to the Azure portal and restart the virtual machine.

  9. 通过远程桌面连接到辅助域控制器,打开“服务器管理器仪表板”。From the remote desktop to the secondary domain controller, open Server Manager Dashboard.

  10. 选择仪表板上的“添加角色和功能”链接。Select the Add roles and features link on the dashboard.

    服务器管理器 - 添加角色

  11. 选择“下一步”,直到到达“服务器角色”部分。 Select Next until you get to the Server Roles section.

  12. 选择“Active Directory 域服务”和“DNS 服务器”角色。 Select the Active Directory Domain Services and DNS Server roles. 出现提示时,添加这些角色所需的任何其他功能。When you're prompted, add any additional features that are required by these roles.

  13. 功能安装完毕后,返回到“服务器管理器”仪表板。After the features finish installing, return to the Server Manager dashboard.

  14. 选择左侧窗格中的新“AD DS”选项。Select the new AD DS option on the left-hand pane.

  15. 选择黄色警告栏上的“更多”链接。Select the More link on the yellow warning bar.

  16. 在“所有服务器任务详细信息”对话框的“操作”栏中,选择“将此服务器提升为域控制器”。 In the Action column of the All Server Task Details dialog, select Promote this server to a domain controller.

  17. 在“部署配置”下面,选择“将域控制器添加到现有域”。 Under Deployment Configuration, select Add a domain controller to an existing domain.

    部署配置

  18. 单击“选择”。Click Select.

  19. 使用管理员帐户 (CORP.CONTOSO.COM\domainadmin) 和密码 (Contoso!0000) 进行连接。Connect by using the administrator account (CORP.CONTOSO.COM\domainadmin) and password (Contoso!0000).

  20. 在“从林中选择域”中,选择你的域,然后选择“确定”。In Select a domain from the forest, choose your domain and then select OK.

  21. 在“域控制器选项”中,使用默认值并设置 DSRM 密码。In Domain Controller Options, use the default values and set a DSRM password.

    备注

    “DNS 选项”页可能会警告你无法创建此 DNS 服务器的委托。The DNS Options page might warn you that a delegation for this DNS server can't be created. 在非生产环境中可以忽略此警告。You can ignore this warning in non-production environments.

  22. 选择“下一步”,直到出现“先决条件检查”对话框。 Select Next until the dialog reaches the Prerequisites check. 然后选择“安装”。Then select Install.

在服务器完成配置更改后,重启服务器。After the server finishes the configuration changes, restart the server.

将第二个域控制器的专用 IP 地址添加到 VPN DNS 服务器中Add the private IP address to the second domain controller to the VPN DNS Server

在 Azure 门户中,在虚拟网络下更改 DNS 服务器,以包含辅助域控制器的 IP 地址。In the Azure portal, under virtual network, change the DNS Server to include the IP address of the secondary domain controller. 此设置可实现 DNS 服务冗余。This setting allows the DNS service redundancy.

配置域帐户Configure the domain accounts

后续步骤将配置 Active Directory 帐户。In the next steps, you configure the Active Directory accounts. 下表显示了帐户:The following table shows the accounts:

安装帐户Installation account
sqlserver-0sqlserver-0
SQL Server 和 SQL 代理服务帐户SQL Server and SQL Agent Service account
sqlserver-1sqlserver-1
SQL Server 和 SQL 代理服务帐户SQL Server and SQL Agent Service account
名字First Name 安装Install SQLSvc1SQLSvc1 SQLSvc2SQLSvc2
用户 SamAccountNameUser SamAccountName 安装Install SQLSvc1SQLSvc1 SQLSvc2SQLSvc2

使用以下步骤创建每个帐户。Use the following steps to create each account.

  1. 登录到 ad-primary-dc 计算机。Sign in to the ad-primary-dc machine.

  2. 在“服务器管理器”中,选择“工具”,然后选择“Active Directory 管理中心”。 In Server Manager, select Tools, and then select Active Directory Administrative Center.

  3. 在左窗格中选择“corp (local)”。Select corp (local) from the left pane.

  4. 在右侧的“任务”窗格中,选择“新建”,然后选择“用户”。 On the right Tasks pane, select New, and then select User.

    Active Directory 管理中心

    提示

    为每个帐户设置复杂密码。Set a complex password for each account.
    对于非生产环境,请将用户帐户设置为永不过期。For non-production environments, set the user account to never expire.

  5. 选择“确定”以创建用户。Select OK to create the user.

  6. 针对每个帐户(共三个)重复上述步骤。Repeat the preceding steps for each of the three accounts.

向安装帐户授予所需的权限Grant the required permissions to the installation account

  1. 在“Active Directory 管理中心”的左窗格中,选择“corp (本地)”。 In the Active Directory Administrative Center, select corp (local) in the left pane. 然后,在右侧的“任务”窗格中,选择“属性”。 Then in the right-hand Tasks pane, select Properties.

    CORP 用户属性

  2. 选择“扩展”,然后选择“安全性”选项卡上的“高级”按钮。 Select Extensions, and then select the Advanced button on the Security tab.

  3. 在“corp 的高级安全设置”对话框中,选择“添加”。In the Advanced Security Settings for corp dialog, select Add.

  4. 单击“选择主体”,搜索“CORP\Install”,然后选择“确定”。Click Select a principal, search for CORP\Install, and then select OK.

  5. 选中“读取所有属性”复选框。Select the Read all properties check box.

  6. 选中“创建计算机对象”复选框。Select the Create Computer objects check box.

    Corp 用户权限

  7. 选择“确定”,然后再选择“确定”。 Select OK, and then select OK again. 关闭“corp”属性窗口。Close the corp properties window.

现已完成 Active Directory 和用户对象的配置,接下来请创建两台 SQL Server VM 和一台见证服务器 VM。Now that you've finished configuring Active Directory and the user objects, create two SQL Server VMs and a witness server VM. 然后将这三个 VM 加入域。Then join all three to the domain.

创建 SQL Server VMCreate SQL Server VMs

再创建三个虚拟机。Create three additional virtual machines. 该解决方案需要两个具有 SQL Server 实例的虚拟机。The solution requires two virtual machines with SQL Server instances. 第三个虚拟机充当见证服务器。A third virtual machine will function as a witness. Windows Server 2016 可以使用云见证Windows Server 2016 can use a cloud witness. 但是为了与旧版操作系统保持一致,本文使用虚拟机作为见证服务器。However for consistency with previous operating systems, this article uses a virtual machine for a witness.

在继续操作之前,请考虑以下设计决策。Before you proceed consider the following design decisions.

  • 存储:Azure 托管磁盘Storage - Azure Managed Disks

    将 Azure 托管磁盘用作虚拟机存储。For the virtual machine storage, use Azure Managed Disks. Microsoft 建议为 SQL Server 虚拟机使用托管磁盘。Azure recommends Managed Disks for SQL Server virtual machines. 托管磁盘在后台处理存储。Managed Disks handles storage behind the scenes. 此外,当使用托管磁盘的虚拟机位于同一可用性集中时,Azure 会分发存储资源以提供适当冗余。In addition, when virtual machines with Managed Disks are in the same availability set, Azure distributes the storage resources to provide appropriate redundancy. 有关其他信息,请参阅 Azure 托管磁盘概述For additional information, see Azure Managed Disks Overview. 有关可用性集中托管磁盘的具体信息,请参阅为可用性集中的 VM 使用托管磁盘For specifics about managed disks in an availability set, see Use Managed Disks for VMs in an availability set.

  • 网络:生产环境中的专用 IP 地址Network - Private IP addresses in production

    本教程为虚拟机使用公共 IP 地址。For the virtual machines, this tutorial uses public IP addresses. 使用公共 IP 地址可以通过 Internet 直接远程连接到虚拟机,从而使配置过程更加轻松。A public IP address enables remote connection directly to the virtual machine over the internet and makes configuration steps easier. 在生产环境中,Azure 建议仅使用专用 IP 地址,以减少 SQL Server 实例 VM 资源的漏洞涉及面。In production environments, Azure recommends only private IP addresses in order to reduce the vulnerability footprint of the SQL Server instance VM resource.

  • 网络 - 建议为每个服务器设置一个 NICNetwork - Recommend a single NIC per server

每个服务器(群集节点)使用一个 NIC,并使用一个子网。Use a single NIC per server (cluster node) and a single subnet. Azure 网络具有物理冗余,因此在 Azure 虚拟机来宾群集上不需要额外的 NIC 和子网。Azure networking has physical redundancy, which makes additional NICs and subnets unnecessary on an Azure virtual machine guest cluster. 群集验证报告将发出警告,指出节点只能在单个网络上访问。The cluster validation report will warn you that the nodes are reachable only on a single network. 在 Azure 虚拟机来宾故障转移群集上,可以忽略此警告。You can ignore this warning on Azure virtual machine guest failover clusters.

创建并配置 SQL Server VMCreate and configure the SQL Server VMs

接下来,创建三台 VM - 两台 SQL Server VM 和一台用于其他群集节点的 VM。Next, create three VMs - two SQL Server VMs and one VM for an additional cluster node. 若要创建每台 VM,请返回到“SQL-HA-RG”资源组,然后选择“添加”。To create each of the VMs, go back to the SQL-HA-RG resource group, and then select Add. 搜索相应的库项,选择“虚拟机”,然后选择“从库中”。Search for the appropriate gallery item, select Virtual Machine, and then select From Gallery. 参考下表中的信息创建 VM:Use the information in the following table to help you create the VMs:

Page VM1VM1 VM2VM2 VM3VM3
选择相应的库项Select the appropriate gallery item Windows Server 2016 DatacenterWindows Server 2016 Datacenter Windows Server 2016 上的 SQL Server 2016 SP1 EnterpriseSQL Server 2016 SP1 Enterprise on Windows Server 2016 Windows Server 2016 上的 SQL Server 2016 SP1 EnterpriseSQL Server 2016 SP1 Enterprise on Windows Server 2016
虚拟机配置 基本信息Virtual machine configuration Basics 名称 = cluster-fswName = cluster-fsw
用户名 = DomainAdminUser Name = DomainAdmin
密码 = Contoso!0000Password = Contoso!0000
订阅 = 自己的订阅Subscription = Your subscription
资源组 = SQL-HA-RGResource group = SQL-HA-RG
位置 = 你的 Azure 位置Location = Your Azure location
名称 = sqlserver-0Name = sqlserver-0
用户名 = DomainAdminUser Name = DomainAdmin
密码 = Contoso!0000Password = Contoso!0000
订阅 = 自己的订阅Subscription = Your subscription
资源组 = SQL-HA-RGResource group = SQL-HA-RG
位置 = 你的 Azure 位置Location = Your Azure location
名称 = sqlserver-1Name = sqlserver-1
用户名 = DomainAdminUser Name = DomainAdmin
密码 = Contoso!0000Password = Contoso!0000
订阅 = 自己的订阅Subscription = Your subscription
资源组 = SQL-HA-RGResource group = SQL-HA-RG
位置 = 你的 Azure 位置Location = Your Azure location
虚拟机配置 大小Virtual machine configuration Size 大小 = DS1_V2(1 个 vCPU、3.5GB)SIZE = DS1_V2 (1 vCPU, 3.5 GB) 大小 = DS2_V2(2 个 vCPU、7GB)SIZE = DS2_V2 (2 vCPUs, 7 GB)
大小必须支持 SSD 存储(高级磁盘支持。The size must support SSD storage (Premium disk support. ))))
大小 = DS2_V2(2 个 vCPU、7GB)SIZE = DS2_V2 (2 vCPUs, 7 GB)
虚拟机配置 设置Virtual machine configuration Settings 存储:使用托管磁盘。Storage: Use managed disks.
虚拟网络 = autoHAVNETVirtual network = autoHAVNET
子网 = sqlsubnet(10.1.1.0/24)Subnet = sqlsubnet(10.1.1.0/24)
公共 IP 地址 自动生成。Public IP address automatically generated.
网络安全组 = 无Network security group = None
监视诊断 = 已启用Monitoring Diagnostics = Enabled
诊断存储帐户 = 使用自动生成的存储帐户Diagnostics storage account = Use an automatically generated storage account
可用性集 = sqlAvailabilitySetAvailability set = sqlAvailabilitySet
存储:使用托管磁盘。Storage: Use managed disks.
虚拟网络 = autoHAVNETVirtual network = autoHAVNET
子网 = sqlsubnet(10.1.1.0/24)Subnet = sqlsubnet(10.1.1.0/24)
公共 IP 地址 自动生成。Public IP address automatically generated.
网络安全组 = 无Network security group = None
监视诊断 = 已启用Monitoring Diagnostics = Enabled
诊断存储帐户 = 使用自动生成的存储帐户Diagnostics storage account = Use an automatically generated storage account
可用性集 = sqlAvailabilitySetAvailability set = sqlAvailabilitySet
存储:使用托管磁盘。Storage: Use managed disks.
虚拟网络 = autoHAVNETVirtual network = autoHAVNET
子网 = sqlsubnet(10.1.1.0/24)Subnet = sqlsubnet(10.1.1.0/24)
公共 IP 地址 自动生成。Public IP address automatically generated.
网络安全组 = 无Network security group = None
监视诊断 = 已启用Monitoring Diagnostics = Enabled
诊断存储帐户 = 使用自动生成的存储帐户Diagnostics storage account = Use an automatically generated storage account
可用性集 = sqlAvailabilitySetAvailability set = sqlAvailabilitySet
虚拟机配置 SQL Server 设置Virtual machine configuration SQL Server settings 不适用Not applicable SQL 连接 = 专用(虚拟网络内部)SQL connectivity = Private (within Virtual Network)
端口 = 1433Port = 1433
SQL 身份验证 = 禁用SQL Authentication = Disable
存储配置 = 常规Storage configuration = General
自动修补 = 星期日 2:00Automated patching = Sunday at 2:00
自动备份 = 已禁用Automated backup = Disabled
Azure 密钥保管库集成 = 已禁用Azure Key Vault integration = Disabled
SQL 连接 = 专用(虚拟网络内部)SQL connectivity = Private (within Virtual Network)
端口 = 1433Port = 1433
SQL 身份验证 = 禁用SQL Authentication = Disable
存储配置 = 常规Storage configuration = General
自动修补 = 星期日 2:00Automated patching = Sunday at 2:00
自动备份 = 已禁用Automated backup = Disabled
Azure 密钥保管库集成 = 已禁用Azure Key Vault integration = Disabled

备注

此处建议的计算机大小适合用于在 Azure 虚拟机中测试可用性组。The machine sizes suggested here are meant for testing availability groups in Azure Virtual Machines. 为获得生产工作负荷的最佳性能,请参阅 Azure 虚拟机中 SQL Server 的性能最佳实践中关于 SQL Server 计算机大小和配置的建议。For the best performance on production workloads, see the recommendations for SQL Server machine sizes and configuration in Performance best practices for SQL Server in Azure Virtual Machines.

预配完三台 VM 后,需将其加入到 corp.contoso.com 域中,并向这些计算机授予 CORP\Install 管理权限。After the three VMs are fully provisioned, you need to join them to the corp.contoso.com domain and grant CORP\Install administrative rights to the machines.

将服务器加入域Join the servers to the domain

现可将这些 VM 加入 corp.contoso.comYou're now able to join the VMs to corp.contoso.com. 针对 SQL Server VM 和文件共享见证服务器执行以下步骤:Do the following steps for both the SQL Server VMs and the file share witness server:

  1. 使用 BUILTIN\DomainAdmin 远程连接到虚拟机。Remotely connect to the virtual machine with BUILTIN\DomainAdmin.
  2. 在“服务器管理器”中,选择“本地服务器”。In Server Manager, select Local Server.
  3. 选择“工作组”链接。Select the WORKGROUP link.
  4. 在“计算机名”部分中,选择“更改”。 In the Computer Name section, select Change.
  5. 选中“域”复选框并在文本框中键入 corp.contoso.comSelect the Domain check box and type corp.contoso.com in the text box. 选择“确定” 。Select OK.
  6. 在“Windows 安全性”弹出对话框中,指定默认域管理员帐户 (CORP\DomainAdmin) 和密码 (Contoso!0000) 的凭据。In the Windows Security popup dialog, specify the credentials for the default domain administrator account (CORP\DomainAdmin) and the password (Contoso!0000).
  7. 在看到“欢迎使用 corp.contoso.com 域”消息时,选择“确定”。When you see the "Welcome to the corp.contoso.com domain" message, select OK.
  8. 选择“关闭”,然后选择弹出对话框中的“立即重启”。 Select Close, and then select Restart Now in the popup dialog.

添加帐户Add accounts

在每个 VM 上以管理员身份添加安装帐户,向 SQL Server 中的安装帐户和本地帐户授予权限,并更新 SQL Server 服务帐户。Add the installation account as an administrator on each VM, grant permission to the installation account and local accounts within SQL Server, and update the SQL Server service account.

将 Corp\Install 用户添加为每个群集 VM 上的管理员Add the Corp\Install user as an administrator on each cluster VM

将每个虚拟机作为域的成员重新启动后,请将 CORP\Install 添加为本地管理员组的成员。After each virtual machine restarts as a member of the domain, add CORP\Install as a member of the local administrators group.

  1. 等待 VM 重启,然后从主域控制器重新启动 RDP 文件,以使用 CORP\DomainAdmin 帐户登录到 sqlserver-0。Wait until the VM is restarted, then launch the RDP file again from the primary domain controller to sign in to sqlserver-0 by using the CORP\DomainAdmin account.

    提示

    请确保使用域管理员帐户登录。Make sure that you sign in with the domain administrator account. 在前面的步骤中,使用的是内置管理员帐户。In the previous steps, you were using the BUILT IN administrator account. 将服务器加入域后,便可以使用域帐户。Now that the server is in the domain, use the domain account. 在 RDP 会话中,指定 \用户名In your RDP session, specify DOMAIN\username.

  2. 在“服务器管理器”中,选择“工具”,然后选择“计算机管理”。 In Server Manager, select Tools, and then select Computer Management.

  3. 在“计算机管理”窗口中,展开“本地用户和组”,并选择“组”。 In the Computer Management window, expand Local Users and Groups, and then select Groups.

  4. 双击“管理员”组。Double-click the Administrators group.

  5. 在“管理员属性”对话框中,选择“添加”按钮。 In the Administrators Properties dialog, select the Add button.

  6. 输入用户 CORP\Install,然后选择“确定”。Enter the user CORP\Install, and then select OK.

  7. 选择“确定”以关闭“管理员属性”对话框。 Select OK to close the Administrator Properties dialog.

  8. 在 sqlserver-1 和 cluster-fsw 上重复上述步骤。Repeat the previous steps on sqlserver-1 and cluster-fsw.

在每个 SQL Server VM 上创建安装帐户的登录名Create a sign-in on each SQL Server VM for the installation account

使用安装帐户 (CORP\install) 配置可用性组。Use the installation account (CORP\install) to configure the availability group. 此帐户需是每个 SQL Server VM 上的 sysadmin 固定服务器角色的成员。This account needs to be a member of the sysadmin fixed server role on each SQL Server VM. 以下步骤将创建安装帐户的登录名:The following steps create a sign-in for the installation account:

  1. 使用 <MachineName>\DomainAdmin 帐户通过远程桌面协议 (RDP) 连接到服务器。Connect to the server through the Remote Desktop Protocol (RDP) by using the <MachineName>\DomainAdmin account.

  2. 打开 SQL Server Management Studio,并连接到 SQL Server 的本地实例。Open SQL Server Management Studio and connect to the local instance of SQL Server.

  3. 在“对象资源管理器”中,选择“安全性”。 In Object Explorer, select Security.

  4. 右键单击“登录名”。Right-click Logins. 选择“新建登录名”。Select New Login.

  5. 在“登录名 - 新建”中,选择“搜索”。 In Login - New, select Search.

  6. 选择“位置”。Select Locations.

  7. 输入域管理员的网络凭据。Enter the domain administrator network credentials.

  8. 使用安装帐户 (CORP\install)。Use the installation account (CORP\install).

  9. 将该登录名设置为 sysadmin 固定服务器角色的成员。Set the sign-in to be a member of the sysadmin fixed server role.

  10. 选择“确定” 。Select OK.

在另一个 SQL Server VM 上重复上述步骤。Repeat the preceding steps on the other SQL Server VM.

配置系统帐户权限Configure system account permissions

若要创建系统帐户并授予相应的权限,请在每个 SQL Server 实例上完成以下步骤:To create an account for the system account and grant appropriate permissions, complete the following steps on each SQL Server instance:

  1. 在每个 SQL Server 实例上为 [NT AUTHORITY\SYSTEM] 创建一个帐户。Create an account for [NT AUTHORITY\SYSTEM] on each SQL Server instance. 以下脚本将创建此帐户:The following script creates this account:

    USE [master]
    GO
    CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
    GO 
    
  2. 在每个 SQL Server 实例上向 [NT AUTHORITY\SYSTEM] 授予以下权限:Grant the following permissions to [NT AUTHORITY\SYSTEM] on each SQL Server instance:

    • ALTER ANY AVAILABILITY GROUP
    • CONNECT SQL
    • VIEW SERVER STATE

    以下脚本将授予这些权限:The following script grants these permissions:

    GRANT ALTER ANY AVAILABILITY GROUP TO [NT AUTHORITY\SYSTEM]
    GO
    GRANT CONNECT SQL TO [NT AUTHORITY\SYSTEM]
    GO
    GRANT VIEW SERVER STATE TO [NT AUTHORITY\SYSTEM]
    GO 
    

设置 SQL Server 服务帐户Set the SQL Server service accounts

在每个 SQL Server VM 上设置 SQL Server 服务帐户。On each SQL Server VM, set the SQL Server service account. 使用配置域帐户时创建的帐户。Use the accounts that you created when you configured the domain accounts.

  1. 打开“SQL Server 配置管理器”。Open SQL Server Configuration Manager.
  2. 右键单击 SQL Server 服务,然后选择“属性”。Right-click the SQL Server service, and then select Properties.
  3. 设置帐户和密码。Set the account and password.
  4. 在另一个 SQL Server VM 上重复上述步骤。Repeat these steps on the other SQL Server VM.

对于 SQL Server 可用性组,每个 SQL Server VM 都需要以域帐户的身份运行。For SQL Server availability groups, each SQL Server VM needs to run as a domain account.

在两个 SQL Server VM 上添加故障转移群集功能Add Failover Clustering features to both SQL Server VMs

若要添加故障转移群集功能,请在两个 SQL Server VM 上执行以下步骤:To add Failover Clustering features, do the following steps on both SQL Server VMs:

  1. 使用 CORP\install 帐户通过远程桌面协议 (RDP) 连接到 SQL Server 虚拟机。Connect to the SQL Server virtual machine through the Remote Desktop Protocol (RDP) by using the CORP\install account. 打开“服务器管理器仪表板”。Open Server Manager Dashboard.

  2. 选择仪表板上的“添加角色和功能”链接。Select the Add roles and features link on the dashboard.

    服务器管理器 - 添加角色

  3. 选择“下一步”,直到看到“服务器功能”部分。 Select Next until you get to the Server Features section.

  4. 在“功能”中,选择“故障转移群集”。 In Features, select Failover Clustering.

  5. 添加其他所有必备功能。Add any additional required features.

  6. 选择“安装”以添加功能。Select Install to add the features.

在另一个 SQL Server VM 上重复上述步骤。Repeat the steps on the other SQL Server VM.

在每个 SQL Server VM 上配置防火墙Configure the firewall on each SQL Server VM

该解决方案要求在防火墙中打开以下 TCP 端口:The solution requires the following TCP ports to be open in the firewall:

  • SQL Server VM:端口 1433,用于 SQL Server 的默认实例。SQL Server VM: Port 1433 for a default instance of SQL Server.
  • Azure 负载均衡器探测器: 任何可用端口。Azure load balancer probe: Any available port. 示例中经常使用 59999。Examples frequently use 59999.
  • 数据库镜像终结点: 任何可用端口。Database mirroring endpoint: Any available port. 示例中经常使用 5022。Examples frequently use 5022.

需要在两个 SQL Server VM 上都打开这些防火墙端口。The firewall ports need to be open on both SQL Server VMs.

端口的打开方式取决于所用的防火墙解决方案。The method of opening the ports depends on the firewall solution that you use. 下一部分将介绍如何在 Windows 防火墙中打开端口。The next section explains how to open the ports in Windows Firewall. 在每个 SQL Server VM 上打开所需的端口。Open the required ports on each of your SQL Server VMs.

在防火墙中打开 TCP 端口Open a TCP port in the firewall

  1. 在第一个 SQL Server 的“开始”屏幕中,启动“高级安全 Windows 防火墙”。 On the first SQL Server Start screen, launch Windows Firewall with Advanced Security.

  2. 在左窗格中,选择“入站规则”。On the left pane, select Inbound Rules. 在右窗格上,选择“新建规则”。On the right pane, select New Rule.

  3. 对于“规则类型”,请选择“端口”。 For Rule Type, choose Port.

  4. 对于端口,请指定“TCP”,并键入相应的端口号。For the port, specify TCP and type the appropriate port numbers. 请参阅以下示例:See the following example:

    SQL 防火墙

  5. 选择“下一步”。Select Next.

  6. 在“操作”页上,保持选中“允许连接”,然后选择“下一步”。On the Action page, keep Allow the connection selected, and then select Next.

  7. 在“配置文件”页上,接受默认设置,然后选择“下一步”。On the Profile page, accept the default settings, and then select Next.

  8. 在“名称”页的“名称”文本框中指定一个规则名称(如 Azure LB Probe),然后选择“完成”。On the Name page, specify a rule name (such as Azure LB Probe) in the Name text box, and then select Finish.

在另一个 SQL Server VM 上重复上述步骤。Repeat these steps on the second SQL Server VM.

后续步骤Next steps