Data&AI - Azure SQL Database Managed Instance - Technical Overview
Data&AI - Azure SQL Database Managed Instance - Technical Overview
Virtual Academy
May 12 – Data & AI Day
May 13 – MW Day
May 14 – BizApps Day
May 15 – Apps & Infra Day
Ioannis Stavrinides
Sr. Cloud Solution Architect
Data & AI, CEE OCP
//build
https://register.build.microsoft.com/
Customers looking to migrate a large
number of apps from on-premise or IaaS,
self-built or ISV provided, with as low
migration effort as possible & cost being
a crucial factor
VNET support in SQL Database Managed Instance
Azure SQL Database offers the most cost-effective path to the cloud
SQL Server license trade-in values
SQL Database vCore-based options
1 Savingsbased on eight vCore Managed Instance Business Critical in East US Region, running 730 hours per month. Savings are calculated from full price (license included) against base rate (applying Azure Hybrid Benefit for SQL Server), which excludes
Software Assurance cost for SQL Server Enterprise edition, which may vary based on EA agreement. Actual savings may vary based on region, instance size and performance tier. Prices as of May 2018, subject to change.
2 Savings based on eight vCore SQL Database Managed Instance Business Critical in West 2 US Region, running 730 hours per month. Savings are calculated from on demand full price (license included) against base rate with Azure Hybrid Benefit plus 3-year
reserved capacity commitment. Savings excludes Software Assurance cost for SQL Server Enterprise edition, which may vary based on EA agreement. Actual savings may vary based on region, instance size and performance tier. Prices as of May 2018,
subject to change.
Your work so far How SQL Database helps
Protect data with backups (with health checks and retention) Built-in point-in-time restore
Ensure compliance with standards on your own Built-in easy to use features
Secure your data from malicious users and mistakes Built-in easy to use features
Tune and maintain for predictable performance Built-in easy to use features
MySQL SQL
SQL Server
MySQL
PostgreSQL
Oracle
More…
How many of your applications could migrate today?
Best for Apps with typical availability and Apps with highest availability and
common IO latency requirements lowest IO latency requirements.
Compute (vCores) 8, 16, 24, 32, 40, 64, 80 8, 16, 24, 32, 40, 64, 80
HA / Recovery Time Objective Remote storage based / Good Always On AG based / Better
Storage type / size Fast remote (Azure Premium) / Super-fast local SSD /
Up to 8 TB Up to 4 TB
Read scale out (read-only replica) No Yes
Price competitive with AWS? Yes, ~33% lower (license included) Yes, ~46% lower (license included)
PHYSICAL SECURITY
600
552
300
ACCESS MANAGEMENT
207
200
THREAT PROTECTION
90
100
59
33
INFORMATION PROTECTION 17
0
CUSTOMER DATA
PHYSICAL SECURITY
NETWORK SECURITY
PLATFORM SECURITY
ACCESS MANAGEMENT
THREAT PROTECTION
INFORMATION PROTECTION
CUSTOMER DATA
Legend:
certificate
Data verification
Management
Certificate
Certificate Authorities
Internet
Azure
VNet
TLS TLS
NVA
vnet peering
ExpressRoute ExpressRoute
Gateway Management subnet
circuit
Management subnet
JumpBox
JumpBox
Workload subnet
vnet peering
Management subnet
JumpBox
Be empty:
No Service endpoint:
Sufficient IP addresses:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-vnet-configuration#requirements
A Managed Instance must be deployed in an Azure Virtual Network
Allows for connecting directly from an on-premises network
Allows for connecting linked servers or other on-premises data stores
Allows for connecting to additional Azure resources
Routes
Effective routes on the Managed Instance subnet are not supported
Routes can be user-defined (UDR) or Border Gateway Protocol (BGP) routes propagated to network
interfaces through ExpressRoute or site-to-site VPN connections
For BGP routes, create a 0.0.0.0/0 Next Hop Internet route and apply it to the Managed Instance subnet
Resource Group Select the resource group you created in the previous procedure
Internet
Load Load Load SQL HA
balancer balancer balancer Cluster
JumpBox
Data center network
Internet
Azure Load
application balancer
gateway
Management subnet
Enhanced monitoring
NETWORK SECURITY
Collecting of low-fidelity
PLATFORM SECURITY anomalous activity
ACCESS MANAGEMENT
Monitoring PERF for traits
THREAT PROTECTION
Red Team / Blue Team
INFORMATION PROTECTION
CUSTOMER DATA
VNet
SQL
GW
Node mymi.<clusterid>.database.windows.net
primary node
TLS
ILB
GW
Windows Firewall TDS endpoint
Node (Private IP)
SQL
TLS
SQL Engine
Management
Node Agent
TLS
LB Node
SQL Management GW
(Public IP)
Virtual cluster
Attack team, SQL Red Team, tries to get in, gain a foothold, escalate privileges,
and maintain persistence
SQL Blue Team practices defense-in-depth
INFORMATION PROTECTION
CUSTOMER DATA
Simplified Can help you
Central ID Permission Eliminate Storing
Management Management Passwords
Universal /
Flexible Supported in many
Interactive
Configuration Tools and Drivers
Authentication
Row-level security
CUSTOMER DATA
SQL Auditing
Encryption-at-rest
NETWORK SECURITY (aka. Transparent Data Encryption TDE)
Service- or User-managed keys Backup
PLATFORM SECURITY encryption
CUSTOMER DATA
Azure SQL Database
Azure Active Directory
Active Directory
Application
SSMS
SSDT
Connection string-based authentication ADO.NET 4.6
SQL package
General Purpose
Feature Description
Number of vCores* 8, 16, 24 (Gen 4)
8, 16, 24, 32, 40, 64, 80 (Gen 5)
SQL Server version / build SQL Server (latest available)
Min storage size 32 GB
Max storage size 8 TB
Max storage per database Determined by the max storage
size per instance
Expected storage IOPS 500-7500 IOPS per data file
(depends on data file).
See Premium Storage
Number of data files (ROWS) Multiple
per the database
Number of log files (LOG) 1
per database
Managed automated backups Yes
HA Based on remote storage and
Azure Service Fabric
Built-in instance and database Yes
monitoring and metrics
Automatic software patching Yes
VNet - Azure Resource Yes
Manager deployment
VNet - Classic deployment No
model
Portal support Yes
Business Critical
Feature Description
Number of vCores* 8, 16, 24, 32 (Gen 4)
8, 16, 24, 32, 40, 64, 80 (Gen 5) Always On AG
SQL Server version / build SQL Server (latest available)
Additional features In-Memory OLTP
1 additional read-only replica (Read
Scale-Out) Super-fast SSD
Min storage size 32 GB
SQL SQL
Max storage size •Gen 4: 1 TB (all vCore sizes
Gen 5:1 TB for 8, 16 vCores
•2 TB for 24 vCores Primary replica Secondary replica
•4 TB for 32, 40, 64, 80 vCores
Max storage per database Determined by the max storage size
per instance
Number of data files (ROWS) Multiple
per the database
SQL SQL
Number of log files (LOG) per 1
database
Managed automated backups Yes Secondary replica Secondary replica
HA Based on Always On Availability
Groups and Azure Service Fabric
Built-in instance and database Yes
monitoring and metrics
Automatic software patching Yes
VNet - Azure Resource Yes
Manager deployment
VNet - Classic deployment No Business Critical service tier: collocated compute and storage
model
Portal support Yes
Built-in high
availability DB
Availability group
Ack Read
value write
Ack P Write
Write Ack
S S
Surface area of MI is always on latest and greatest SQL engine version
Managed Instance
Always on the latest and greatest SQL Your code can be SQL deployment model aware if
engine version necessary
Note: current limitation being removed Current limitations (will be removed later this year)
later this year
Database Microsoft Database Compatibility Level Protection
Compatibility Based
Certification
Overall process
Azure AD user who creates the Managed Instance has unrestricted administrative privileges by default
This can be changed from an individual to a security group account
Azure AD non-admin database users can be created using CREATE USER… FROM EXTERNAL PROVIDER syntax
Managed Instance cannot access file shares and Windows folders
Always running
Services cannot be stopped or restarted like they can with on-premises
Option to auto-restart SQL Server if it stops unexpectedly is disabled
Option to auto-restart SQL Server Agent if it stops unexpectedly is disabled
Connection
Alias local host server is predefined for a Managed Instance, whereas on-premises SQL Server Agent allows that to be configured if needed
Creating jobs
Creating jobs is as simple and easy as on-premises
Jobs can be created using the UI or T-SQL
Alert System
Functions the same as on-premises for sending email alerts
SQLCMD
Cannot be called within a SQL Server Agent job
Can be used to connect to a Managed Instance
Service broker is on by default for all user databases
Unsupported
Peer-to-peer replication
Merge replication
Heterogeneous replication
Oracle publisher
For comparison, Azure SQL Database only supports being a transactional replication push subscriber
Database
Compatibility Based
Certification
compatibility:
what’s is missing?
Retired features
User Database File These can and should be adjusted for your workload
Different from Azure SQL Database where additional files are not
allowed
Multiple log files are not suppor ted (and should not be needed)
Multiple log files are not suppor ted (and should not be needed)
Tempdb Tuning Options
Tempdb Data File
Considerations
Additional tempdb data files can be created if needed
Tempdb Resizing
Database backup schedule is the same as Azure SQL
Backups are Database
automatic
Scenarios
▪ Transparent recovery from outage VNET VNET
Intelligent
performance
monitoring
Telemetry
stored for
30* days
Elastic pools Log
Analytics
queries
Function
Azure s
Storage App
services Custom integrations
Data Migration Assistant (DMA) Azure SQL Database
Managed Instance
Azure Hybrid Benefit for SQL Server Azure Database Migration Service (DMS)
Data Migration Assistant (DMA)
SQL DB
Microsoft Subscription Customer Subscription On-Premise
On-premises
network
Virtual Machine
PowerShell DMS Resource
Provider
M
y
CLI commands
Service Bus Queue
Assess Migrate Optimize
Post-migration
Optimize
Pre-migration Migration Based on the tests you
performed, address any
performance issues, and
then retest to confirm the
performance improvements
On-premises
My
Multiple databases at a time 1 machine at a time (no DB limit) Multiple databases at a time 1 database at a time
Collect DMV
Create config file Create config file Capture workload
statistics from
with databases with databases from your source
machine hosting
you want to assess you want to assess databases
your databases
Yes
No
Consolidate
multiple
assessments into a
single report
Target Recommendation SKU Recommendation
Create database config file Collect DMV statistics from your database
Run target recommendation using DMA CLI Run SKU recommendation using DMA CLI
Power BI report
Assess on-premises SQL Server instance(s)
for migrating to Azure SQL database(s)
3
Cloud network Azure Blob Storage
4 4
2
SQL DB
Managed Instance
On-premises
Customer subscription On-premises
Database endpoint
Azure Portal
Data movement
PowerShell
Migration Guide
datamigration.microsoft.com
SQL Server Migration Assistant: https://docs.microsoft.com/sql/ssma/sql-server-migration-assistant
Database Migration Assistant: https://blogs.msdn.microsoft.com/datamigration/dma/
Database Experimentation Assistant: Download
Find a partner: http://migration/Pages/SearchPartners.aspx
Data Migration Team Blog: blogs.msdn.microsoft.com/datamigration/
Running SSIS on-premises
OS: Windows/Linux
EDITION: Standard/Enterprise
SQL
SSIS
Data sources
SQL Server
Running SSIS in the cloud
Azure Data Factory LIFT & SHIFT: Use Azure SQL DB/Managed
Instance to host SSISDB
Some of these features will also require you to install additional components,
essentially customizing your Azure-SSIS IR (via Custom Setup Interface)
Custom setup allows you to add your own setup steps during the
provisioning/reconfiguration of your Azure-SSIS IR to:
Instructions
We provide new unique and persistent Windows environment + SSIS system variables
for ISVs to bind/validate their component licenses on Azure-SSIS IR:
Azure SSIS IR Node
Container
SSIS Executor
https://blogs.msdn.microsoft.com/ssis/
https://blogs.msdn.microsoft.com/ssis/2018/04/27/enterprise-edition-custom-setup-and-3rd-party-extensibility-for-ssis-in-adf/
Business Intelligence
Services Power BI
azure
Data sources SSIS ETL SQL Database
Managed Instance
Cloud
On-premises
VNET
SQL
SSIS ETL
Data sources
SQL Server
© Copyright Microsoft Corporation. All rights reserved.