Starting with SQL Server 2016 and Windows Server 2016 there have been numerous cloud related enhancements, most of them are tightly related to Microsoft’s Azure like the ‘Cloud Witness’ but there are others that can be implemented within other public or private clouds.

从SQL Server 2016和Windows Server 2016开始，已有许多与云相关的增强功能，其中大多数与Microsoft的Azure紧密相关，例如``Cloud Witness''，但也可以在其他公共或私有云中实现其他功能。

One of this enhancements is the ‘Active Directory-Detached Cluster’ on top of which we will build our Availability Group. The ‘Active Directory-Detached Cluster’ works without depending on an Active Directory Domain Services (AD DS) for network names, instead it relies on Domain Name Service (DNS). No computer objects are created as well. If your project is not utilizing the Microsoft stack and you don’t require an Active Directory but you love (who doesn’t?) SQL Server this is a great approach to consider.

其中一项增强功能是“ Active Directory隔离群集” ，我们将在此基础上构建可用性组。 “基于Active Directory的群集”的工作原理不依赖于Active Directory域服务（AD DS）的网络名称，而是依赖于域名服务（DNS）。 也不会创建任何计算机对象。 如果您的项目没有使用Microsoft堆栈，并且您不需要Active Directory，但是您喜欢（谁没有？）SQL Server，那么这是一个很好的考虑方法。

Let us cover all required steps from creating the virtual networks and the new VMs to configuring a fully functional Availability Group along with a listener.

让我们涵盖从创建虚拟网络和新VM到配置具有侦听器的功能齐全的可用性组的所有必需步骤。

You would need at least a trial account in Google Cloud Platform where you should simply create a new project and then start the Cloud Shell console.

您至少需要在Google Cloud Platform中拥有一个试用帐户 ，您只需在其中创建一个新项目，然后启动Cloud Shell控制台即可。

Let us start with creating a new network named ‘suntorynw’.

让我们开始创建一个名为“ suntorynw”的新网络。

gcloud compute networks create suntorynw – – mode custom

gcloud计算网络创建suntorynw –自定义模式

And then add two subnets, the ‘sunsubnet0’ will be used for the first node, the ‘sunsubnet02’ will be used for the second one.

然后添加两个子网，“ sunsubnet0”将用于第一个节点，“ sunsubnet02”将用于第二个节点。

gcloud compute networks subnets create sunsubnet0 – -network
suntorynw – -region europe-west1 – -range 10.0.0.0/24
gcloud compute networks subnets create sunsubnet1 – -network
suntorynw – -region europe-west1 – -range 10.1.0.0/24

gcloud计算网络子网创建sunsubnet0 – -network
suntorynw –欧洲西部地区– 10.0.0.0/24
gcloud计算网络子网创建sunsubnet1 – -network
suntorynw –欧洲西部地区– 1范围10.1.0.0/24

Configure the firewall rules to allow all communication between the networks.

配置防火墙规则以允许网络之间的所有通信。

gcloud compute firewall-rules create allow-internal-ports – -network
suntorynw –allow tcp:1-65535,udp:1-65535,icmp – -source-ranges
10.0.0.0/24,10.1.0.0/24

gcloud计算防火墙规则创建allow-internal-ports – -network
suntorynw –允许tcp：1-65535，udp：1-65535，icmp – -source-ranges
10.0.0.0/24,10.1.0.0/24

Allow RDP and PowerShell access to the machines from outside (from everywhere in our case, you should review the firewall and the security configurations if you are deploying this in Production).

允许RDP和PowerShell从外部访问计算机（在我们的案例中，从任何地方访问，如果要在生产环境中部署防火墙和安全配置，则应查看它们）。

gcloud compute firewall-rules create allow-rdp – -network suntorynw –
-allow tcp:3389 – -source-ranges 0.0.0.0/0
gcloud compute firewall-rules create allow-pshell – -network
suntorynw –allow tcp:5986 – -source-ranges 0.0.0.0/0

gcloud计算防火墙规则创建allow-rdp – -network suntorynw –
-allow tcp：3389 – -source-ranges 0.0.0.0/0
gcloud计算防火墙规则创建allow-pshell – -network
suntorynw –允许tcp：5986 – -source-ranges 0.0.0.0/0

We will use relatively small virtual machines in our scenario with only a single disk, consider changing and optimizing the VMs for your needs.

在我们的方案中，我们将仅使用单个磁盘使用相对较小的虚拟机，请考虑根据您的需要更改和优化VM。

Create the virtual machine using Windows Server 2016 and SQL Server 2016.

使用Windows Server 2016和SQL Server 2016创建虚拟机。

gcloud compute instances create suntorysql01 –machine-type n1-
standard-1 \
– -boot-disk-type pd-ssd –boot-disk-size 200GB \
– -image-project windows-sql-cloud –image-family sql-ent-2016-win-
2016 \
– -zone europe-west1-d –subnet sunsubnet0 –private-network-
ip=10.0.0.4 \
– -can-ip-forward –metadata sysprep-specialize-script-ps1=”Install-
WindowsFeature Failover-Clustering -IncludeManagementTools;”

gcloud计算实例创建suntorysql01 –机器类型n1-
标准1
– -boot-disk-type pd-ssd –boot-disk-size 200GB \
– –image-project Windows-sql-cloud –image-family sql-ent-2016-win-
2016 \
– -zone europe-west1-d –子网sunsubnet0 –专用网络-
ip = 10.0.0.4 \
– -can-ip-forward –元数据sysprep-specialize-script-ps1 =“安装-
WindowsFeature故障转移群集-IncludeManagementTools；”

Create the second virtual machine.

创建第二个虚拟机。

gcloud compute instances create suntorysql02 – -machine-type n1-
standard-1 \
– -boot-disk-type pd-ssd – -boot-disk-size 200GB \
– -image-project windows-sql-cloud – -image-family sql-ent-2016-win-
2016 \
– -zone europe-west1-d –subnet sunsubnet1 – -private-network-
ip=10.1.0.4 \
– -can-ip-forward –metadata sysprep-specialize-script-ps1=”Install-
WindowsFeature Failover-Clustering -IncludeManagementTools;”

gcloud计算实例创建suntorysql02 –-机器类型n1-
标准1
– -boot-disk-type pd-ssd – –boot-disk-size 200GB \
– –image-project Windows-sql-cloud – –image-family sql-ent-2016-win-
2016 \
– -zone europe-west1-d –子网sunsubnet1 –-专用网络-
ip = 10.1.0.4 \
– -can-ip-forward –元数据sysprep-specialize-script-ps1 =“安装-
WindowsFeature故障转移群集-IncludeManagementTools；”

Both of the virtual machines are now created and running, both of them have dynamic external IP we can use to connect to.

这两个虚拟机现在都已创建并正在运行，它们都具有可用于连接的动态外部IP。

gcloud compute instances list

gcloud计算实例列表

However both machines are created without any credentials being provided to us, we should use the ‘reset-windows-password’ utility provided from Google.

但是，两台计算机都是在创建时没有提供任何凭据的，所以我们应该使用Google提供的“ reset-windows-password”实用程序。

Reset the local administrators password for the first virtual machine suntorysql01.

重置第一个虚拟机suntorysql01的本地管理员密码。

gcloud compute reset-windows-password suntorysql01 – -zone europe-
west1-d

gcloud compute reset-windows-password suntorysql01 – -zone europe-
西1-D

Next, reset the password for suntorysql02.

接下来，重置suntorysql02的密码。

gcloud compute reset-windows-password suntorysql02 – -zone europe-
west1-d

gcloud compute reset-windows-password suntorysql02 – -zone europe-
西1-D

Now that we have account and randomly generated passwords we can connect to the virtual machines using PowerShell initiating the connection from our machine (my laptop in this scenario).

现在我们有了帐户和随机生成的密码，我们可以使用PowerShell从我们的计算机（在这种情况下为我的笔记本电脑）启动连接，以连接到虚拟机。

Start PowerShell and declare the $credentials variable, it will immediately ask you for username and password, use the one you have generated from the ‘reset-windows-password’ utility.

启动PowerShell并声明$ credentials变量，它将立即询问您用户名和密码，并使用从“ reset-windows-password”实用程序生成的用户名和密码。

$credentials = Get-Credential

$ credentials =获取凭证

Then initiate a new PowerShell session towards the first virtual machine.

然后向第一个虚拟机启动新的PowerShell会话。

Enter-PSSession -ComputerName 35.187.21.120 -UseSSL -SessionOption
(New-PSSessionOption -SkipCACheck -SkipCNCheck) -Credential
$credentials

Enter-PSSession-计算机名35.187.21.120 -UseSSL -SessionOption
（New-PSSessionOption -SkipCACheck -SkipCNCheck）-凭据
$凭证

When connection is established, change the password to something more suitable, repeat the same for the second virtual machine.

建立连接后，将密码更改为更合适的密码，然后对第二个虚拟机重复该密码。

$Password = ‘str0ng_p@ssw0rd’
([ADSI] “WinNT://suntorysql02/kaloyan_kosev”).SetPassword($Password)

$ Password ='str0ng_p @ ssw0rd'
（[ADSI]“ WinNT：// suntorysql02 / kaloyan_kosev”）。SetPassword（$ Password）

Now we can proceed with the network configuration of the first virtual machine – suntorysql01.

现在，我们可以继续第一个虚拟机suntorysql01的网络配置。

We are setting up a static IP address, mask and gateway, without DNS – we will configure this later.

我们正在设置一个没有DNS的静态IP地址，掩码和网关-我们将在稍后进行配置。

netsh interface ip set address name=Ethernet static 10.0.0.4
255.255.0.0 10.0.0.1 1
netsh advfirewall firewall add rule name=”Open Port 5022 for
Availability Groups” dir=in action=allow protocol=TCP localport=5022
netsh advfirewall firewall add rule name=”Open Port 1433 for SQL
Server” dir=in action=allow protocol=TCP localport=1433

netsh接口ip设置地址名称=以太网静态10.0.0.4
255.255.0.0 10.0.0.1 1
netsh advfirewall防火墙添加规则名称=“打开端口5022用于
可用性组” dir =执行中=允许协议= TCP localport = 5022
netsh advfirewall防火墙添加规则名称=“为SQL打开端口1433
服务器”目录=执行中=允许协议= TCP localport = 1433

Configure the network settings for the second virtual machine – suntorysql02.

配置第二个虚拟机的网络设置– suntorysql02。

netsh interface ip set address name=Ethernet static 10.1.0.4
255.255.0.0 10.1.0.1 1
netsh advfirewall firewall add rule name=”Open Port 5022 for
Availability Groups” dir=in action=allow protocol=TCP localport=5022
netsh advfirewall firewall add rule name=”Open Port 1433 for SQL
Server” dir=in action=allow protocol=TCP localport=1433

netsh接口ip设置地址名称=以太网静态10.1.0.4
255.255.0.0 10.1.0.1 1
netsh advfirewall防火墙添加规则名称=“打开端口5022用于
可用性组” dir =执行中=允许协议= TCP localport = 5022
netsh advfirewall防火墙添加规则名称=“为SQL打开端口1433
服务器”目录=执行中=允许协议= TCP localport = 1433

We will name the cluster ‘sunclx’ and give it IPs 10.0.1.4 and 10.1.1.4;

我们将群集命名为“ sunclx”，并为其赋予IP 10.0.1.4和10.1.1.4；

The listener will be named ‘sunlistener’ and the IPs it will have are 10.0.1.5 and 10.1.1.5.

该侦听器将被命名为“ sunlistener”，其IP地址为10.0.1.5和10.1.1.5。

From the Cloud Shell console, we need to add routes for the Windows cluster and availability groups based on the IPs we will use for the cluster and the listener in the different subnets.

在Cloud Shell控制台中，我们需要根据将用于群集和不同子网中的侦听器的IP添加Windows群集和可用性组的路由。

gcloud compute routes create suntorysql01-route – -network suntorynw \
– -destination-range 10.0.1.4/32 –next-hop-instance suntorysql01 \
– -next-hop-instance-zone europe-west1-d – -priority 1
gcloud compute routes create suntorysql01-route-listener – -network suntorynw \
– -destination-range 10.0.1.5/32 – -next-hop-instance suntorysql01 \
– -next-hop-instance-zone europe-west1-d – -priority 1
gcloud compute routes create suntorysql02-route – -network suntorynw \
– -destination-range 10.1.1.4/32 – -next-hop-instance suntorysql02 \
– -next-hop-instance-zone europe-west1-d –priority 1
gcloud compute routes create suntorysql02-route-listener – -network suntorynw \
– -destination-range 10.1.1.5/32 – -next-hop-instance suntorysql02 \
– -next-hop-instance-zone europe-west1-d – -priority 1

gcloud计算路由创建suntorysql01-route – -network suntorynw \
–-目标范围10.0.1.4/32 –下一跳实例suntorysql01 \
– -next-hop-instance-zone europe-west1-d –-优先级1
gcloud计算路由创建suntorysql01-route-listener – -network suntorynw \
–-目标范围10.0.1.5/32 –-下一跳实例suntorysql01 \
– -next-hop-instance-zone europe-west1-d –-优先级1
gcloud计算路由创建suntorysql02-route – -network suntorynw \
–-目标范围10.1.1.4/32 –-下一跳实例suntorysql02 \
–-下一跳实例区域Europe-west1-d –优先级1
gcloud计算路由创建suntorysql02-route-listener – -network suntorynw \
–-目标范围10.1.1.5/32 –-下一跳实例suntorysql02 \
– -next-hop-instance-zone europe-west1-d –-优先级1

Leaving the command line utilities aside for the moment we would need to RDP to the machines in order to proceed with the required configurations.

目前暂时不使用命令行实用程序，我们需要对计算机进行RDP才能进行所需的配置。

At the moment the virtual machines have the following settings, we need to add primary DNS suffix. An FQDN is a prerequisite for the Windows Cluster.

目前，虚拟机具有以下设置，我们需要添加主DNS后缀。 FQDN是Windows群集的先决条件。

Do add the primary DNS suffix reach the System page from Control Panel > System and Security > System.
Open the System Properties window by clicking ‘Change settings’ > ‘Change’ > ‘More’.
Then add the desired DNS suffix of your chose – in our case it will be ‘un.com’.

不要添加主DNS后缀，请从“控制面板”>“系统和安全性”>“系统”到达“系统”页面。
通过单击“更改设置”>“更改”>“更多”来打开“系统属性”窗口。
然后添加您选择的所需DNS后缀–在我们的情况下为'un.com'。

After performing this on both virtual machines and restarting them you will need to add a DNS service on one of the machines.

在两个虚拟机上都执行此操作并重新启动它们之后，您将需要在其中一台计算机上添加DNS服务。

We will add it on suntorysql01.un.com from the ‘Add roles and features’ wizard. The installation does not require restart.

我们将通过“添加角色和功能”向导将其添加到suntorysql01.un.com上。 安装不需要重新启动。

Once the DNS server is installed we would need to configure it and add the required records.

一旦安装了DNS服务器，我们将需要对其进行配置并添加所需的记录。

Create a new Forward Lookup Zone named after the DNS suffix.

创建一个以DNS后缀命名的新正向查找区域。

Within the new zone add the records for both nodes, the two IPs for the cluster and the two IPs for the listener.

在新区域中，添加两个节点，集群的两个IP和侦听器的两个IP的记录。

Note: If you are creating a Windows Cluster using the local administrative account you need to alter the following registry key. Within the Google Cloud Platform, the Windows images have it already enabled.

注意：如果要使用本地管理帐户创建Windows群集，则需要更改以下注册表项。 在Google Cloud Platform中，Windows映像已启用它。

New-ItemProperty -Path
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System –
Name LocalAccountTokenFilterPolicy -Value 1

New-ItemProperty-路径
HKLM：\ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System –
名称LocalAccountTokenFilterPolicy-值1

Finish the network configuration for suntorysql02 by setting DNS server (execute locally in a PowerShell console):

通过设置DNS服务器来完成suntorysql02的网络配置（在PowerShell控制台中本地执行）：

netsh interface ip set dns Ethernet static 10.0.0.4

netsh接口ip设置dns以太网静态10.0.0.4

We are now ready to create the Windows Cluster.

现在，我们准备创建Windows群集。

In the PowerShell console on suntorysql01 we will use the New-Cluster cmdlet providing name for the cluster – ‘sunclx’, listing both nodes – ‘suntorysql01’ and ‘suntorysql02’, listing the two IP addresses. The most important parameter is the ‘–AdministrativeAccessPoint DNS’ which states we are creating a ‘Active Directory-Detached Cluster’.

在suntorysql01上的PowerShell控制台中，我们将使用New-Cluster cmdlet为群集提供名称-“ sunclx”，列出两个节点–“ suntorysql01”和“ suntorysql02”，列出两个IP地址。 最重要的参数是“ –AdministrativeAccessPoint DNS”，它表示我们正在创建“ Active Directory分离的群集”。

New-Cluster -Name sunclx -Node suntorysql01, suntorysql02 -NoStorage
-StaticAddress 10.0.1.4, 10.1.1.4 –AdministrativeAccessPoint DNS

新集群-名称sunclx-节点suntorysql01，suntorysql02 -NoStorage
-StaticAddress 10.0.1.4、10.1.1.4 –AdministrativeAccessPoint DNS

The cluster have been created, we have been prompt to review the report file for warnings. The following warning is listed as we haven’t configured a witness, so I advise to consider using File Share Witness.

群集已创建，已提示我们查看报告文件以获取警告。 由于我们尚未配置见证人，因此列出了以下警告，因此我建议考虑使用文件共享见证。

An appropriate disk was not found for configuring a disk witness. The cluster is not configured with a witness. As a best practice, configure a witness to help achieve the highest availability of the cluster. If this cluster does not have shared storage, configure a File Share Witness or a Cloud Witness.

找不到用于配置磁盘见证程序的适当磁盘。 群集未配置见证服务器。 最佳做法是，配置见证服务器以帮助实现群集的最高可用性。 如果此群集没有共享存储，请配置文件共享见证或云见证。

The next step is to enable the AlwaysOn feature on both SQL Server instances by executing the following PowerShell cmdlet locally on each virtual machine, you can use the GUI instead if you prefer.

下一步是通过在每个虚拟机上本地执行以下PowerShell cmdlet在两个SQL Server实例上启用AlwaysOn功能，如果愿意，可以改用GUI。

Enable-SqlAlwaysOn -ServerInstance suntorysql01 -Force

Enable-SqlAlwaysOn -ServerInstance suntorysql01 -Force

Enable-SqlAlwaysOn -ServerInstance suntorysql02 -Force

Enable-SqlAlwaysOn -ServerInstance suntorysql02 -Force

Having the network, the virtual machines and the Windows Cluster prepared we can now move towards the SQL Server instances.

在准备好网络，虚拟机和Windows群集之后，我们现在可以转向SQL Server实例。

Let us start by creating a new user database in FULL recovery model.

让我们首先以FULL恢复模型创建一个新的用户数据库。

Then we will setup a certificate based security as we restraining ourselves from the Active Directory and the domain accounts.

然后，由于我们将自己限制在Active Directory和域帐户中，因此将设置基于证书的安全性。

We will need to
Create a Database Master Key;
Create new security certificate;
Create an endpoint to be used by the Availability Group

我们将需要
创建一个数据库主密钥；
创建新的安全证书；
创建可用性组要使用的端点

------------------------------------------------------------------------
-- The following steps are performed within SQL instance Suntorysql01 --
------------------------------------------------------------------------
-- Creating a new user database
CREATE DATABASE [SuntoryDB]
GO
ALTER DATABASE [SuntoryDB] SET RECOVERY FULL
GO
USE SuntoryDB
GO
EXEC dbo.sp_changedbowner 'sa'
GO-- Creating a master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'str0ng_p@ssw0rd'
GO-- Creating a new certificate
CREATE CERTIFICATE suntorysql01_prv_certificate
WITH SUBJECT = 'suntorysql01_prv_certificate',
START_DATE = '20170303'
GO-- Backing up the certificate in a folder on host suntorysql01
BACKUP CERTIFICATE suntorysql01_prv_certificate
TO FILE = 'C:\AlwaysOnShare\suntorysql01_prv_certificate.cert'
GO
-- Creating an endpoint using the certificate for authentication
CREATE ENDPOINT suntory_Endpoint
STATE = STARTED
AS TCP
(LISTENER_PORT = 5022)
FOR DATABASE_MIRRORING
(AUTHENTICATION = CERTIFICATE suntorysql01_prv_certificate,
ROLE = ALL,
ENCRYPTION = REQUIRED ALGORITHM AES)
GO---------------------------------------------------------------------------------------------------------------
-- The following steps are performed within SQL instance Suntorysql02, in similar fashion as on the previous --
---------------------------------------------------------------------------------------------------------------
-- Creating a master key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'str0ng_p@ssw0rd'
GO-- Creating a new certificate
CREATE CERTIFICATE suntorysql02_prv_certificate
WITH SUBJECT = 'suntorysql02_prv_certificate',
START_DATE = '20170303'
GO-- Backing up the certificate in a folder on host suntorysql02
BACKUP CERTIFICATE suntorysql02_prv_certificate
TO FILE = 'C:\AlwaysOnShare\suntorysql02_prv_certificate.cert'
GO-- Creating an endpoint using the certificate for authentication
CREATE ENDPOINT suntory_Endpoint
STATE = STARTED
AS TCP
(LISTENER_PORT = 5022)
FOR DATABASE_MIRRORING
(AUTHENTICATION = CERTIFICATE suntorysql02_prv_certificate,
ROLE = ALL,
ENCRYPTION = REQUIRED ALGORITHM AES)
GO

We can now see the endpoint created:

现在我们可以看到创建的端点：

Create new accounts to be used for the communication between the two SQL Servers.

创建新帐户以用于两个SQL Server之间的通信。

The account suntorysql02acc will be created on SQL Server suntorysql01 to provide access to SQL Server Suntorysql02.

将在SQL Server suntorysql01上创建帐户suntorysql02acc，以提供对SQL Server Suntorysql02的访问。

The account suntorysql01acc will be created on SQL Server suntorysql02 to provide access to SQL Server Suntorysql01.

将在SQL Server suntorysql02上创建帐户suntorysql01acc，以提供对SQL Server Suntorysql01的访问。

We will use the certificates we backed up on the filesystem and import them on the opposite nodes authorizing the created accounts.

我们将使用我们在文件系统上备份的证书，并将它们导入授权创建帐户的相对节点上。

-----------------------------------------------------
-- Configure the required accounts on suntorysql01 --
------------------------------------------------------- Create a login to be used by the second SQL instance
CREATE LOGIN suntorysql02acc WITH PASSWORD = 'str0ng_p@ssw0rd'
GO
CREATE USER suntorysql02acc FOR LOGIN suntorysql02acc
GO-- Import the public key of the certificate from the other node
CREATE CERTIFICATE suntorysql02_prv_certificate
AUTHORIZATION suntorysql02acc
FROM FILE = 'C:\AlwaysOnShare\suntorysql02_prv_certificate.cert'
GO-- Configure the required permissions
GRANT CONNECT ON ENDPOINT::suntory_Endpoint TO suntorysql02acc
GO-----------------------------------------------------
-- Configure the required accounts on suntorysql01 --
-----------------------------------------------------
-- Create a login to be used by the first SQL instance
CREATE LOGIN suntorysql01acc WITH PASSWORD = 'str0ng_p@ssw0rd'
GO
CREATE USER suntorysql01acc FOR LOGIN suntorysql01acc
GO-- Import the public key of the certificate from the other node
CREATE CERTIFICATE suntorysql01_prv_certificate
AUTHORIZATION suntorysql01acc
FROM FILE = 'C:\AlwaysOnShare\suntorysql01_prv_certificate.cert'
GO-- Configure the required permissions
GRANT CONNECT ON ENDPOINT::suntory_Endpoint TO suntorysql01acc
GO

We will now create a standard Availability Group named ‘SuntoryAOAG’ using the created endpoints:

现在，我们将使用创建的端点创建一个名为“ SuntoryAOAG”的标准可用性组：

-----------------------------------------------------
-- Create the availability group from suntorysql01 --
------------------------------------------------------- Creating the Availability Group
CREATE AVAILABILITY GROUP SuntoryAOAG
WITH
(   AUTOMATED_BACKUP_PREFERENCE = PRIMARY,DB_FAILOVER = OFF,DTC_SUPPORT = NONE)
FOR DATABASE [SuntoryDB]
REPLICA ON
'suntorysql01' WITH
(   ENDPOINT_URL = 'TCP://suntorysql01.un.com:5022', FAILOVER_MODE = AUTOMATIC, AVAILABILITY_MODE = SYNCHRONOUS_COMMIT, SECONDARY_ROLE(ALLOW_CONNECTIONS = READ_ONLY)
),
'suntorysql02' WITH
(   ENDPOINT_URL = 'TCP://suntorysql02.un.com:5022', FAILOVER_MODE = AUTOMATIC, AVAILABILITY_MODE = SYNCHRONOUS_COMMIT, SECONDARY_ROLE(ALLOW_CONNECTIONS = READ_ONLY)
)
GO

Create backups of the user database in order to restore it on the secondary instance:

创建用户数据库的备份以便在辅助实例上还原它：

-- Backup the user database
BACKUP DATABASE SuntoryDB TO DISK = 'C:\AlwaysOnShare\SuntoryDB.bak'
GO
BACKUP LOG SuntoryDB TO DISK = 'C:\AlwaysOnShare\SuntoryDB.trn'
GO

Add the second SQL instance suntorysql02 to the Availability Group:

将第二个SQL实例suntorysql02添加到可用性组：

------------------------------------------------------
-- From suntorysql02 join to the availability group --
------------------------------------------------------
ALTER AVAILABILITY GROUP [SuntoryAOAG] JOIN
GO

Restore the user database leaving it in restoring state:

还原用户数据库，使其保持还原状态：

-- Restore the user database with NORECOVERY
RESTORE DATABASE SuntoryDB FROM DISK = 'C:\AlwaysOnShare\SuntoryDB.bak' WITH NORECOVERY
GO
RESTORE LOG SuntoryDB FROM DISK = 'C:\AlwaysOnShare\SuntoryDB.trn' WITH NORECOVERY
GO

And let’s add it to the availability group:

并将其添加到可用性组：

-- Add the database to the Availability Group
ALTER DATABASE SuntoryDB SET HADR AVAILABILITY GROUP = SuntoryAOAG
GO

Create a new listener using the name we provided within the DNS, add the specified IPs from both subnets:

使用我们在DNS中提供的名称创建一个新的侦听器，并从两个子网中添加指定的IP：

Testing a new connection true the listener and we are ready with our Always On Availability Group using certificate based authentication running on a Active Directory-Detached Cluster.

测试一个新的连接以使侦听器真实运行，并且我们准备好使用在基于Active Directory的群集上运行的基于证书的身份验证的Always On Availability组。

参考资料 (References)

• Active Directory-Detached Cluster Active Directory连接的群集
• Start a Google Cloud Platform free trial 开始Google Cloud Platform免费试用
• Documentation for SQL Server on Google Cloud PlatformGoogle Cloud Platform上SQL Server文档

翻译自: https://www.sqlshack.com/availability-groups-without-an-active-directory-domain-in-google-cloud-platform/