Azure SQL Managed Instance

A Managed Instance must be deployed within a Virtual Network.

Required steps:

• Create and configure the Virtual network where the managed instance will be placed. Make sure that the Service Endpoints option is disabled
• Create a route table that allows the managed instance to communicate with Azure Management Service
• Optionally: create a dedicated subnet for the managed instance (or use the default one that was created together with the virtual network)
• Make sure that subnet has between 16 and 256 IP addresses (masks from /28 to /24)
• Assign route table to the subnet (default or optionally created one): it must have a User Route Table (UDR) with 0.0.0.0/0 Next Hop Internet route.

See also

• How to configure network for Azure SQL Managed Instance

In order to access a managed instance from outside the virtual network, a public endpoint must be enabled.

With an enabled public endpoint, the managed instance can be accessed from multi-tenant Azure services like Power BI or Azure App Service, or from an on-prem network.

In order to increase protection of the data stored in a managed instance, the public endpoint is enabled in a two step process that follows the principle of separation of duties (SoD):

• The administrator of the managed instance enables the public endpoint
• A network adminsitrator allows traffic (using a network security group).

$sqlInstance = get-azSqlInstance -resourceGroupName $tq84_resourceGroupName -name 'nameofinstance'
$sqlInstance = $sqlInstance | set-azSqlInstance -publicDataEndpointEnabled $true -force

Migrating an on-prem SQL Server application to a Managed Instance should not be too hard.

It should be kept in mind, however, that there some functional differences between Managed Instance and SQL Server, so that the application possibly needs to be changed before moving it into the Cloud.

If such a tweaking of the application is not desired, SQL Server on Azure Virtual Machines should be considered as it offers the exact same functionality as SQL Server.

Managed Instance depends on a few Azure services:

• Azure Storage (?) for backups
• Event Hubs for telemetry
• Azure Active Directory for authentication
• Azure Key Vault for Transparent Data Encryption (TDE)
• Some other Azure platform services that provide security and supportability features

Azure SQL Database shares a common code basis with Azure SQL Managed Instance, here's a features comparison.

Resource Providers for Azure SQL Managed Instance include

• Microsoft.DataMigration

See also get-azResourceProvider

The PowerShell command noun azSqlInstance