In an Azure SQL Managed Instance setup with Failover Group, the schema, data, and database-level users will always be synced between primary and secondary instance. As of October 2021, there is no sync mechanism for SQL Server Agent Jobs or Server Logins/Roles because the functionality of replicating system databases does not exist. This blog provides guidance and scripts to implement a workaround solution to have the Agent Jobs and Server Logins/Roles synced between primary and secondary instances.
The objective of syncing Agent jobs is achieved by having a custom database named “AgentDB” in the MI instance which stores the latest job definitions from primary. There will be a SQL Agent Job that runs in both primary and secondary which will monitor on a schedule for failover events.
In the event of a failover, the jobs from the primary managed instance will be automatically created in a secondary managed instance by using the definition stored in the AgentDB.
The reason for choosing the AgentDB as the main information holder is due to the following:
There are certain limitations in the workaround which should be noted before using the scripts.
The solution contains two major components, A user database “AgentDB” and a scheduled job “SyncLoginsAndAgentJobs”.
Custom Database - AgentDB
The AgentDB contains the following supporting tables and procedures for syncing the jobs:
The default setup in two managed instances, Instance A and Instance B.
Scenario 1: Instance A is Primary
When Instance A is primary, SQL Agent job contents from msdb will be copied from the local MSDB to the AgentDB and into the respective tables.
Scenario 2: Instance B is Primary after Failover
When Instance B becomes primary after failover happens, the SQL agent job contents from AgentDB are used to create or sync jobs in the SQL Agent running in Instance B.
Agent DB databases will be kept in sync between Instance A and Instance B by using the standard database replication feature of failover groups.
Ensure AgentDB is fully synced between primary and secondary before continuing with the following Login Sync section.
The additional functionality of syncing logins is also achieved by using the same aforementioned custom user database “AgentDB” in the managed instance which stores the latest logins, roles, and permission definitions from the primary managed instance. There will be a SQL Agent Job which runs in both primary and secondary which will take the latest job definitions synced to the secondary and create the logins automatically. Both AAD and SQL logins are handled.
The Sync Agent Job can be scheduled to run at user defined intervals, the default value is to run every 2 minutes.
There are certain limitations in the workaround which should be noted before using the scripts.
The solution contains two major components, A user database called “AgentDB” and a scheduled job called “SyncLoginsAndAgentJobs”.
Database objects - AgentDB
The AgentDB contains the following supporting tables and procedures for syncing the logins/roles:
This is a SQL agent job which runs in both the primary managed instance as well as the secondary managed instance with a recurring schedule of 2 minutes. The agent job calls two stored procedures “SyncAgentJobs” and “SyncLoginsRolesPermissions” held within the AgentDB. The job schedule can be modified based on custom requirement. Any new jobs created in primary will be created in secondary as disabled. Also, any changes made to the jobs in the primary will be carried over to the secondary but disable state is maintained.
To deploy the solution, follow the below steps in order (Scripts are located here),
If you have feedback or suggestions for improving this data migration asset, please contact the Azure Databases SQL Customer Success Engineering Team. Thanks for your support!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.