为 SQL 资源提供程序添加托管服务器Add hosting servers for the SQL resource provider

可以在 Azure Stack Hub 中的虚拟机 (VM) 上或者在 Azure Stack Hub 环境外部的 VM 上创建 SQL Server 数据库宿主服务器,前提是 SQL 资源提供程序能够连接到该实例。You can create SQL Server database hosting servers on a virtual machine (VM) in Azure Stack Hub, or on a VM outside your Azure Stack Hub environment, as long as the SQL resource provider can connect to the instance.

备注

SQL 资源提供程序应在默认提供程序订阅中创建,而 SQL 托管服务器则应在可计费用户订阅中创建。The SQL resource provider should be created in the default provider subscription while SQL hosting servers should be created in a billable, user subscription. 资源提供程序服务器不应用于托管用户数据库。The resource provider server shouldn't be used to host user databases.

概述Overview

在添加 SQL 宿主服务器之前,请查看以下强制要求和一般请求。Before you add a SQL hosting server, review the following mandatory and general requirements.

强制要求Mandatory requirements

  • 在 SQL Server 实例上启用 SQL 身份验证。Enable SQL authentication on the SQL Server instance. 由于 SQL 资源提供程序 VM 未加入域,它只能使用 SQL 身份验证连接到宿主服务器。Because the SQL resource provider VM isn't domain-joined, it can only connect to a hosting server using SQL authentication.
  • 将 Azure Stack Hub 上安装的 SQL 实例的 IP 地址配置为“公共”。Configure the IP addresses for the SQL instances as Public when installed on Azure Stack Hub. 资源提供程序和用户(例如 Web 应用)通过用户网络通信,因此需要连接到此网络上的 SQL 实例。The resource provider and users, such as web apps, communicate over the user network, so connectivity to the SQL instance on this network is required.

一般要求General requirements

  • 专门指定资源提供程序和用户工作负荷使用的 SQL 实例。Dedicate the SQL instance for use by the resource provider and user workloads. 不能使用其他任何使用者正在使用的 SQL 实例。You can't use a SQL instance that's being used by any other consumer. 此限制同样适用于应用服务。This restriction also applies to App Services.
  • 为资源提供程序配置具有相应特权级别的帐户(如下所述)。Configure an account with the appropriate privilege levels for the resource provider (described below).
  • 你要负责管理 SQL 实例及其主机。You're responsible for managing the SQL instances and their hosts. 例如,资源提供程序不会应用更新、处理备份或处理凭据轮换。For example, the resource provider doesn't apply updates, handle backups, or handle credential rotation.

SQL Server VM 映像SQL Server VM images

可通过市场管理功能获取 SQL IaaS VM 映像。SQL IaaS VM images are available through the Marketplace Management feature. 这些映像与 Azure 中提供的 SQL VM 相同。These images are the same as the SQL VMs that are available in Azure.

在使用市场项部署 SQL VM 之前,请确保始终下载最新版本的 SQL IaaS 扩展Make sure you always download the latest version of the SQL IaaS Extension before you deploy a SQL VM using a Marketplace item. IaaS 扩展和相应的门户增强功能可提供自动修补和备份等附加功能。The IaaS extension and corresponding portal enhancements provide additional features such as automatic patching and backup. 有关此扩展的详细信息,请参阅使用 SQL Server 代理扩展在 Azure VM 上自动完成管理任务For more information about this extension, see Automate management tasks on Azure VMs with the SQL Server Agent Extension.

备注

对于市场上 Windows 映像中的所有 SQL,SQL IaaS 扩展都是_必需_的;如果没有下载该扩展,则 VM 将无法部署。The SQL IaaS Extension is required for all SQL on Windows images in the marketplace; the VM will fail to deploy if you didn't download the extension. 该扩展不用于基于 Linux 的 SQL VM 映像。It's not used with Linux-based SQL VM images.

可以使用其他选项部署 SQL VM,包括 Azure Stack Hub 快速入门库中的模板。There are other options for deploying SQL VMs, including templates in the Azure Stack Hub Quickstart Gallery.

备注

必须通过用户订阅而不是默认的提供程序订阅创建安装在多节点 Azure Stack Hub 上的任何宿主服务器。Any hosting servers installed on a multi-node Azure Stack Hub must be created from a user subscription and not the Default Provider Subscription. 必须通过用户门户或者使用相应的登录名通过 PowerShell 会话来创建这些服务器。They must be created from the user portal or from a PowerShell session with an appropriate login. 所有宿主服务器都是可计费的 VM,并且必须具有相应的 SQL 许可证。All hosting servers are billable VMs and must have appropriate SQL licenses. 服务管理员可以是订阅的所有者。 The service admin can be the owner of that subscription.

所需的特权Required Privileges

可以创建一个特权比 SQL sysadmin 更低的管理用户。You can create an admin user with lower privileges than a SQL sysadmin. 该用户只需以下操作的权限:The user only needs permissions for the following operations:

  • 数据库:创建、更改、使用包含(仅限 Always On)、删除、备份Database: Create, Alter, With Containment (for Always On only), Drop, Backup
  • 可用性组:更改、联接、添加/删除数据库Availability Group: Alter, Join, Add/Remove Database
  • 登录名:创建、选择、更改、删除、撤销Login: Create, Select, Alter, Drop, Revoke
  • 选择操作:[master].[sys].[availability_group_listeners] (AlwaysOn)、sys.availability_replicas (AlwaysOn)、sys.databases、[master].[sys].[dm_os_sys_memory]、SERVERPROPERTY、[master].[sys].[availability_groups] (AlwaysOn)、sys.master_filesSelect Operations: [master].[sys].[availability_group_listeners] (AlwaysOn), sys.availability_replicas (AlwaysOn), sys.databases, [master].[sys].[dm_os_sys_memory], SERVERPROPERTY, [master].[sys].[availability_groups] (AlwaysOn), sys.master_files

其他安全信息Additional Security Information

以下信息提供了其他安全指导:The following information provides additional security guidance:

  • 使用 BitLocker 加密所有 Azure Stack Hub 存储,因此 Azure Stack Hub 上的任何 SQL 实例都将使用加密的 Blob 存储。All Azure Stack Hub storage is encrypted using BitLocker, so any SQL instance on Azure Stack Hub will use encrypted blob storage.
  • SQL 资源提供程序完全支持 TLS 1.2。The SQL Resource Provider fully supports TLS 1.2. 确保通过 SQL RP 管理的任何 SQL Server 仅针对 TLS 1.2 进行配置,并且 RP 默认使用该配置。 Ensure that any SQL Server that's managed through the SQL RP is configured for TLS 1.2 only and the RP will default to that. SQL Server 的所有支持版本都支持 TLS 1.2。All supported versions of SQL Server support TLS 1.2. 有关详细信息,请参阅针对 Microsoft SQL Server 的 TLS 1.2 支持For more information, see TLS 1.2 support for Microsoft SQL Server.
  • 使用 SQL Server 配置管理器设置 ForceEncryption 选项,确保与 SQL Server 之间的所有通信始终经过加密。Use SQL Server Configuration Manager to set the ForceEncryption option to ensure all communications to the SQL server are always encrypted. 有关详细信息,请参阅将服务器配置为强制加密连接For more information, see To configure the server to force encrypted connections.
  • 确保任何客户端应用也通过加密的连接进行通信。Ensure any client app is also communicating over an encrypted connection.
  • RP 配置为信任 SQL Server 实例使用的证书。The RP is configured to trust the certificates used by the SQL Server instances.

通过连接到独立宿主 SQL 服务器来提供容量。Provide capacity by connecting to a standalone hosting SQL server

可以运行使用任何版本的 SQL Server 2014 或 SQL Server 2016 的独立(非 HA)SQL 服务器。You can use standalone (non-HA) SQL servers using any edition of SQL Server 2014 or SQL Server 2016. 确保已准备好拥有 sysadmin 特权的帐户的凭据。Make sure you have the credentials for an account with sysadmin privileges.

若要添加已设置的独立宿主服务器,请遵循以下步骤:To add a standalone hosting server that's already set up, follow these steps:

  1. 以服务管理员身份登录到 Azure Stack Hub 管理员门户。Sign in to the Azure Stack Hub administrator portal as a service admin.

  2. 选择“所有服务” >“管理资源” >“SQL 宿主服务器” 。Select All services > ADMINISTRATIVE RESOURCES > SQL Hosting Servers.

    Azure Stack Hub 管理员门户中的 SQL 宿主服务器

    在“SQL 宿主服务器”下,可将 SQL 资源提供程序连接到将充当资源提供程序后端的 SQL Server 实例。 Under SQL Hosting Servers, you can connect the SQL resource provider to instances of SQL Server that will serve as the resource provider's backend.

    Azure Stack Hub 管理员门户中的 SQL 适配器仪表板

  3. 单击“添加” ,然后在“添加 SQL 宿主服务器” 边栏选项卡上提供 SQL Server 实例的连接详细信息。Click Add and then provide the connection details for your SQL Server instance on the Add a SQL Hosting Server blade.

    在 Azure Stack Hub 管理员门户中添加 SQL 宿主服务器

    (可选)提供实例名称;如果实例未分配到默认端口 1433,请指定端口号。Optionally, provide an instance name, and specify a port number if the instance isn't assigned to the default port of 1433.

    备注

    只要用户和管理员 Azure 资源管理器可以访问 SQL 实例,资源提供程序就能控制此实例。As long as the SQL instance can be accessed by the user and admin Azure Resource Manager, it can be placed under control of the resource provider. 必须专门将 SQL 实例分配给资源提供程序。 The SQL instance must be allocated exclusively to the resource provider.

  4. 添加服务器时,必须将其分配到现有的 SKU,或创建新的 SKU。As you add servers, you must assign them to an existing SKU or create a new SKU. 在“添加宿主服务器”下,选择“SKU”。 Under Add a Hosting Server, select SKUs.

    • 若要使用现有 SKU,请选择可用的 SKU,然后选择“创建”。 To use an existing SKU, choose an available SKU and then select Create.

    • 若要创建 SKU,请选择“+ 创建新 SKU”。 To create a SKU, select + Create new SKU. 在“创建 SKU”中输入所需的信息,然后选择“确定”。 In Create SKU, enter the required information, and then select OK.

      在 Azure Stack Hub 管理员门户中创建 SKU

使用 SQL Always On 可用性组提供高可用性Provide high availability using SQL Always On Availability Groups

配置 SQL Always On 实例需要执行附加的步骤,并需要三个 VM(或物理机)。本文假设你已深入了解 Always On 可用性组。Configuring SQL Always On instances requires additional steps and requires three VMs (or physical machines.) This article assumes that you already have a solid understanding of Always On availability groups. 有关详细信息,请参阅以下文章:For more information, see the following articles:

备注

SQL 适配器资源提供程序仅支持适用于 Always On 可用性组的 SQL 2016 SP1 企业版或更高版本的实例。 The SQL adapter resource provider only supports SQL 2016 SP1 Enterprise or later instances for Always On Availability Groups. 此适配器配置需要新的 SQL 功能,例如自动种子设定。This adapter configuration requires new SQL features such as automatic seeding.

自动种子设定Automatic seeding

必须在每个 SQL Server 实例的每个可用性组上启用自动种子设定You must enable Automatic Seeding on each availability group for each instance of SQL Server.

若要在所有实例上启用自动种子设定,请在每个辅助实例的主要副本上编辑并运行以下 SQL 命令:To enable automatic seeding on all instances, edit and then run the following SQL command on the primary replica for each secondary instance:

ALTER AVAILABILITY GROUP [<availability_group_name>]
    MODIFY REPLICA ON '<secondary_node>'
    WITH (SEEDING_MODE = AUTOMATIC)
GO

可用性组必须括在方括号中。The availability group must be enclosed in square brackets.

在辅助节点上运行以下 SQL 命令:On the secondary nodes, run the following SQL command:

ALTER AVAILABILITY GROUP [<availability_group_name>] GRANT CREATE ANY DATABASE
GO

配置包含的数据库身份验证Configure contained database authentication

将包含的数据库添加到可用性组之前,请确保在托管可用性组可用性副本的每个服务器实例上,包含的数据库身份验证服务器选项已设置为 1。Before adding a contained database to an availability group, ensure that the contained database authentication server option is set to 1 on every server instance that hosts an availability replica for the availability group. 有关详细信息,请参阅包含的数据库身份验证服务器配置选项For more information, see contained database authentication Server Configuration Option.

使用以下命令设置每个实例的包含的数据库身份验证服务器选项:Use these commands to set the contained database authentication server option for each instance:

EXEC sp_configure 'contained database authentication', 1
GO
RECONFIGURE
GO

添加 SQL Always On 宿主服务器To add SQL Always On hosting servers

  1. 以服务管理员身份登录到 Azure Stack Hub 管理员门户。Sign in to the Azure Stack Hub administrator portal as a service admin.

  2. 选择“浏览”>“管理资源”>“SQL 宿主服务器”>“+添加”。 Select Browse > ADMINISTRATIVE RESOURCES > SQL Hosting Servers > +Add.

    在“SQL 宿主服务器”下,可将 SQL Server 资源提供程序连接到充当资源提供程序后端的实际 SQL Server 实例。 Under SQL Hosting Servers, you can connect the SQL Server Resource Provider to actual instances of SQL Server that serve as the resource provider's backend.

  3. 在表单中填写 SQL Server 实例的连接详细信息。Fill out the form with the connection details for your SQL Server instance. 确保使用 Always On 侦听器的 FQDN 地址(以及可选的端口号和实例名称)。Make sure that you use the FQDN address of the Always On Listener (and optional port number and instance name). 提供使用 sysadmin 特权配置的帐户的信息。Provide the information for the account you configured with sysadmin privileges.

  4. 选中“Always On 可用性组”框,启用 SQL Always On 可用性组实例的支持。Check the Always On Availability Group box to enable support for SQL Always On Availability Group instances.

    在 Azure Stack Hub 管理员门户中启用 Always On 可用性组

  5. 将 SQL Always On 实例添加到 SKU。Add the SQL Always On instance to a SKU.

    重要

    不能在同一 SKU 中混合使用独立服务器与 Always On 实例。You can't mix standalone servers with Always On instances in the same SKU. 尝试在添加第一个托管服务器后混合类型会导致错误。Attempting to mix types after adding the first hosting server results in an error.

SKU 说明SKU notes

使用可以描述 SKU 中服务器容量(例如容量和性能)的 SKU 名称。Use a SKU name that describes the capabilities of the servers in the SKU, such as capacity and performance. 名称可以协助用户将其数据库部署到相应的 SKU。The name serves as an aid to help users deploy their databases to the appropriate SKU. 例如,可以使用 SKU 名称通过以下特征来区分服务产品/服务:For example, you can use SKU names to differentiate service offerings by the following characteristics:

  • 高容量high capacity
  • 高性能high performance
  • 高可用性high availability

最佳做法是使 SKU 中的所有宿主服务器具有相同的资源和性能特征。As a best practice, all the hosting servers in a SKU should have the same resource and performance characteristics.

无法将 SKU 分配到特定的用户或组。SKUs can't be assigned to specific users or groups.

SKU 最长可能需要在一小时后才显示在门户中。SKUs can take up to an hour to be visible in the portal. 在完全创建 SKU 之前,用户无法创建数据库。Users can't create a database until the SKU is fully created.

若要编辑某个 SKU,请转到“所有服务” > “SQL 适配器” > “SKU”。 To edit a SKU, go to All services > SQL Adapter > SKUs. 选择要修改的 SKU,进行任何必要的更改,然后单击“保存” 以保存更改。Select the SKU to modify, make any necessary changes, and click Save to save changes.

若要删除不再需要的 SKU,请转到“所有服务” > “SQL 适配器” > “SKU”。 To delete a SKU that's no longer needed, go to All services > SQL Adapter > SKUs. 右键单击 SKU 名称,然后选择“删除” 将其删除。Right-click the SKU name and select Delete to delete it.

重要

可能需要长达一小时的时间新的 SKU 才会在用户门户中可用。It can take up to an hour for new SKUs to be available in the user portal.

将 SQL 数据库提供给用户使用Make SQL databases available to users

创建计划和套餐,使用户能够使用 SQL 数据库。Create plans and offers to make SQL databases available for users. Microsoft.SqlAdapter 服务添加到计划,并创建新配额。Add the Microsoft.SqlAdapter service to the plan and create a new quota.

重要

在用户门户中出现可用的新配额或者强制实施更改的配额可能需要长达两小时的时间。It can take up to two hours for new quotas to be available in the user portal or before a changed quota is enforced.

后续步骤Next steps

添加数据库Add databases