Data Platform Summit 2019 is a community initiative by eDominer Systems. The agenda included presentations on Azure SQL Database Managed Instance, migration to the cloud with Azure SQL Database, and a demo. Azure SQL Database Managed Instance provides fully managed SQL Server instances in Azure with built-in intelligence and security. It offers several options for migrating SQL Server workloads to the cloud.
Exploring the Future Potential of AI-Enabled Smartphone Processors
Migrate or modernize your database applications using Azure SQL Database Managed Instance.pptx
1. Data Platform Summit 2019 is a community initiative by eDominer Systems
Azure SQL Database
Managed Instance
Ajay Jagannathan
Principal Group Program Manager
Azure SQL Database
Microsoft
3. Data Platform Summit 2019 is a community initiative by eDominer Systems
Impact of end of support
Find lifecycle support deadlines at: support.microsoft.com/lifecycle
SQL Server 2008 and
2008 R2
No security updates
Compliance concerns
Missed innovation opportunities
Extended Support
ends July 9, 2019
2018 2019 2020
Extended Support
ends January 14, 2020
Windows Server 2008
and 2008 R2
Deadline to act before
end of support
4. Migrate to the cloud with Azure SQL Database
Seamless and
compatible
Competitive TCO
Built-in
intelligence
Breakthrough
productivity &
performance
Industry-leading
security
The broadest SQL
Server compatibility and
VNET support
Up to 80% savings with
Azure Hybrid Benefit
and reserved capacity
Up to 100 TB of on-
demand scalable
storage per DB
Layers of security and
99.99 percent
availability SLA
Intelligent performance
tuning and intelligent
protection
The best and most economical cloud destination
Unparalleled security and performance of SQL in a fully managed environment
5. Azure SQL
Best for most lift-and-shift
migrations to the cloud
Best for migrations and
applications requiring OS-
level access
Best for modern cloud applications. Hyperscale and
serverless options are available
Single instance
• SQL Server surface area
(vast majority)
• Native virtual network
support
• Fully managed service
• SQL Server and OS
server access
• Expansive SQL And OS
version support
• Automated
manageability features
for SQL Server
SQL virtual machine
• Hyperscale storage (up
to 100TB)
• Serverless compute
• Fully managed service
Single database
• Resource sharing
between multiple
databases to price
optimize
• Simplified performance
management for
multiple databases
• Fully managed service
Elastic pool
6. Service tier General purpose Business critical Hyperscale
Best for Most budget-oriented workloads Critical business applications with
high IO requirements.
OLTP and HTAP workloads with
highly scalable storage and read-
scale requirements
Deployment
option
Single /
Elastic Pools
Managed
Instance
Single /
Elastic Pools
Managed
Instance
Single
Compute tiers Gen4: 1 to 24 vCore
Gen5: 2 to 80 vCore
Serverless: 1 to 4 vCore
Gen4: 4 to 24 vCore
Gen5: 4 to 80 vCore
Gen4: 1 to 24 vCore
Gen5: 2 to 80 vCore
Gen4: 4 to 24 vCore
Gen5: 4 to 80 vCore
Gen4: 1 to 24 vCore
Gen5: 2 to 80 vCore
Storage Premium remote Local SSD Local SSD Cache
32GB – 4TB per
instance
32GB – 8TB per
instance
32GB – 4TB per
instance
32GB – 4TB per
instance
Scale from 10GB to 200TB of
storage in 1GB increments
In-Memory Not supported Supported Not supported
Read-write IO ~2ms for all data access <0.5ms for all data access <0.5ms for hot data access
~2ms otherwise
Availability 2 read replicas 3 replicas, 1 read-scale replica,
zone-redundant HA
Primary read/write replica +
up to 4 read replicas
Backups RA-GRS, 7-35 days (7 days by default) RA-GRS, 7-35 days (7 days by default) LRS, ZRS, RA-GRS, 7-35 days (7
days by default)
Simplicity
We remain committed to the
DTU-based model and the
simplicity it offers customers
who want a pre-configured
solution
Flexibility
The vCore-based model reflects
our commitment to customer
choice and to simplify the
hybrid benefit for customers
migrating from on-premises
Customers pay for
Service tier + number of vCores
Type and amount of data
storage
Number of IO
Backup storage (RA-GRS)
What tier do I choose?
9. High Availability
Redundant nodes
Active compute nodes
Azure storage accounts
General Purpose: HA based on reliable Azure Premium Storage Business Critical service tier: collocated compute and storage
Primary endpoint
(read-write)
Read-only endpoint
Always On AG
SQL
SQL
SQL
SQL
Super-fast SSD
Primary replica Secondary replica
Secondary replica
Secondary replica
10. Virtual Cluster
Virtual cluster
VNet
Node
TDS endpoint
(Private IP)
SQL
Engine
SQL
Management
Node Agent
LB
ILB
G
W
G
W
G
W
mymi.<clusterid>.database
.windows.net
TLS
TLS
TLS
Windows Firewall
SQL Management
(Public IP)
Node
primary node
Node
SQL Management (public IP) TDS endpoint (private IP)
SQL
11. Be empty: The subnet must not contain any other cloud service associated to it, and it must not be
Gateway subnet. You won’t be able to create Managed Instance in subnet that contains resources other
than managed instance or add other resources inside the subnet later.
Have specific route table: The subnet must have a User Defined Routes to Microsoft Public IP
Addresses
Optional custom DNS: If custom DNS is specified on the VNet, Azure's recursive resolvers IP address
(such as 168.63.129.16) must be added to the list.
No Service endpoint: The subnet must not have a Service endpoint (Storage or Sql) associated to it.
Make sure that Service Endpoints option is Disabled when creating VNet.
Sufficient IP addresses: The subnet must have minimum of 16 IP addresses. For more information.
By design, a Managed Instance needs a minimum of 16 IP addresses in a subnet and may use up to 256 IP
addresses. As a result, you can use subnet masks /28 to /24 when defining your subnet IP ranges.
Azure uses five IP addresses in the subnet for its own needs
Each General Purpose instance needs two addresses
Each Business Critical instance needs four addresses
Virtual network considerations
Reference docs for latest info: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-vnet-configuration#requirements
12. Data Platform Summit 2019 is a community initiative by eDominer Systems
Deploy your application in the cloud or keep on-premises
13. Surface area of
Managed Instance
MI is always on latest and greatest SQL engine version
documentation page
Your code can be SQL deployment model aware if
necessary
Built-in HA with Always-on
99.99% SLA out of the box
Built-in intelligent performance and security
Combining the best of SQL Server with
the benefits of a fully-managed,
intelligent service
14. Database
Compatibility Based
Certification for Apps
Microsoft database compatibility level protection
Easy to use tools to help you access migration
Microsoft Database Compatibility Level Protection
Overall process
15. App development
made easier! Local time zone
Custom instance collation
Public endpoint
AAD instance logins
Failover groups
Small instances
Dev/test offer
16. SQL Database Managed Instance
What’s new
CY19 H1
App compat.
• Instance-level collations (GA)
• Time zone choice (GA)
• SharePoint 2016 and 2019, and Dynamics 365
Business Central certified for MI
Networking & connectivity
• No Internet and Azure DNS requirements
• Public endpoint
• Connection policy (proxy / redirect)
Deployment
• 4 vCores
• MSDN Dev/test
• Larger quotas
PaaS
• Geo-restore
• PITR for deleted databases
• PITR across subscriptions (prod->dev/test)
• UK South, West US , UAE, South
Africa, Australia Central, France
South, Brazil South, South Africa
• Sovereign clouds (US, China)
Features
Regional Availability
864 instances with non-UTC time zone (+ 68%
MoM)
(25% of total number, 50% of all created last
month )
415 instances with public endpoint (+ 72%
MoM)
305 instances with redirect mode (+ 52%
MoM)
200 4 vCore instances in first 5 days
Adoption
17. Instance Pools
Migrate multiple smaller SQL workloads together
to a fully-managed instance pool
Provision instance pool according to
cumulative workloads’ needs
Add multiple instances starting from 2
vCores up to your pool’s limit.
Benefit from super fast provisioning and
scaling operations at the instance level
Instance pools will allow hosting more than
100 databases in total
Minimize SQL Database Managed Instance
IP address footprint in your VNet
Instance pool in Azure
8, 16, 24, 32, 40, 64 and 80 vCore
SQL Server 1
(4 CPUs)
SQL Server 2
(2 CPUs)
SQL Server 3
(2 CPUs)
On-premises SQL
Servers
Migrate
SQL MI 1
4 vCores
SQL MI 2
2 vCores
SQL MI 3
2 vCores
19. Easy-to-Use Security
Security
management
Data
protection
Network
security
Threat Detection
Identity & access
management
Azure Active Directory
Multi-Factor
Authentication
SQL Authentication
Encryption-in-flight
(TLS)
Encryption-at-rest
(TDE)
VNET,
Service Endpoints
Firewall Rules, NSG
Advanced Threat
Protection
Vulnerability
Assessment
+ Partner Solutions: Imperva SecureSphere
Row/Column-level
security
Encryption-in-use
(Always Encrypted)
SQL Audit
Data Discovery &
Classification
Dynamic Data Masking
Audit Integration with
Log Analytics and
Event Hubs
Integration with
Azure Security Center
20. Overview
Manage user identities in one location
Enable access to Azure SQL Database and other
Microsoft services with Azure Active Directory user
identities and groups
Benefits
Alternative to SQL Server authentication
Limits proliferation of user identities across
databases
Allows password rotation in a single place
Enables management of database permissions by
using external Azure Active Directory groups
Eliminates the need to store passwords
Universal/Interactive auth w/o hard-coded
passwords
Azure Active Directory and multifactor authentication
Azure SQL Database
Customer 1
Customer 2
Customer 3
22. Data Platform Summit 2019 is a community initiative by eDominer Systems
Build business continuity using failover groups
Primary region Secondary region
Failover group
listener
Geo-replication
Ingress LB
End user traffic
VNET VNET
Ingress LB
DB traffic
Capabilities
Active / Standby
All databases in the instance are
automatically replicated
Automatic or manual failover
Read-write listener for read-write
database connections
Read-only listener for read-intended
database connections
Scenarios
Transparent recovery from outage
Load-balancing read-only workloads
Failback after outage is mitigated
Application
Application VM
Application VM
Application VM
Azure Traffic Manager
User device
DNS zone
26. Save up to 80% with SQL Database reserved
capacity combined with AHB
Up to 33% savings by pre-paying
compute resources for 1 or 3 years
Up to 80% when combined with
AHB
Single reservation for one or multiple
subscriptions
Reservation applies to any number of
databases, elastic pools or managed
instances in the same service tier
Discount for dev-test
subscriptions coming soon*
License included Reserved capacity
Up to 33%
savings
Monthly cost of
Managed
Instance
Reserved capacity
+
Azure Hybrid Benefit
Up to 80%
savings1
1 Savings based on three-year commitment. Savings do not account for SA costs which may vary
based on terms of the EA. Savings vary depending on the service tier, and region.
27. Azure Hybrid Benefit for SQL
Server provides a unique benefit
for highly virtualized workloads
Convert on-premises cores to
vCores to maximize value of
investments
1 Enterprise license core =
4 General Purpose cores
(virtualization benefit)
Save money with Azure Hybrid Benefit for SQL Server
SQL Database vCore-based options
SQL Server with Software Assurance
SQL Server license trade-in values
Exclusive on Azure
Every EE core can be traded for 4
General Purpose cores in the cloud!
28. Discounted rates up to 55% off to support your
ongoing development and testing
Dev/Test pricing available for vCore-based
deployment options
Eligible with active Visual Studio subscription
Azure Dev/Test pricing for SQL Database
29. Tools and services for your migration journey
On-premises
Assessment
(SSMA, DMA, DEA)
Azure Database
Migration Service
Microsoft Azure
30. Azure Database Migration Service
Accelerate your transition to Azure
A seamless, end-to-end solution for moving on-premises databases to Azure
Orchestration Scale migration Near-zero
downtime
Homogeneous
sources
Heterogeneous
sources
31. Focus on your business
autopiloting your databases
We take care of your database
management
Your work so far How PaaS helps
Hardware purchasing and management Built-in scale on-demand
Protect data with backups (with health checks and retention) Built-in point-in-time restore
High availability implementation Built-in 99.99% SLA and auto-failover
Disaster recovery implementation Built-in geo-redundancy and geo-replication
Ensure compliance with standards on your own Built-in easy to use features
Secure your data from malicious users and mistakes Built-in easy to use features
Role out updates and upgrades Built-in updates and upgrades
Monitor, troubleshoot, and manage at scale Built-in easy to use features
Tune and maintain for predictable performance Built-in easy to use features
32. Start today on your modernization
Get the details on SQL DB Managed
Instance
Step-by-step guidance with the Database
Migration Guide
Inventory your environment with MAP Toolkit
Visit the Microsoft Data Migration Blog
Assess
Inventory your environment,
determine optimal migration
path
Migrate
Move your legacy SQL Server
to Azure or upgrade to the
latest version
Optimize
Fine-tune your resources to
optimize costs and
strengthen security
Backup and Restore to Managed Instance
Use Data Migration Assistance offline: SQL
Server to Managed Instance
Use Data Migration Assistance online: SQL
Server to Managed Instance
Use Database Compatibility Level for SQL
Server EOS to Managed Instance
Feel comfortable with Azure’s PaaS model
Know how SQL DB Managed Instance
handles patching
Know how SQL DB Managed Instance
handles business continuity
Manage costs in Azure
Save with Azure Hybrid Benefit
33.
34. Documentation
Document When to use it
What is a Managed Instance High level details about SQL MI – service description and positioning
Azure SQL Database pricing page Business model and pricing details
Azure Hybrid Use Benefit (AHUB) Discount details for customers with SQL Server licenses
Feature comparison: Azure SQL Database versus SQL Server High level feature availability matrix and need comparison with
SQL Server and rest of SQL Database
Azure SQL Database Managed Instance T-SQL
differences from SQL Server
Detailed functional behavior of SQL MI
Create Managed Instance - Tutorial How to create SQL MI and connect to it (quick getting started guide)
How To: Configure a VNet for Azure SQL Database
Managed Instance
How to makes sure that VNet is compliant with SQL MI requirements
How To: Configure a Custom DNS for Azure SQL Database Managed
Instance
Networking misconfiguration is currently the most frequent reason
that prevents customers from deploying SQL MI successfully
Connect your application to Azure SQL Database High level of detail how to connect app to MI (supported scenarios,
high level steps, links on detailed how-to)
SQL Server instance migration to Azure SQL Database
Managed Instance
Various options to migrate application to SQL MI
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-
managed-instance-resource-limits
Subscription-level quotas and official process to obtain larger quota
Azure Support plans Explore the range of Azure support options and choose the plan that
best fits, whether you're a developer just starting your cloud journey
or a large org. deploying business-critical, strategic applications
How to create Azure support request Step by step instructions to open support ticket
35. Blogs, best practices
Document When to use it
Managed Instance ARM template reference
Create SQL MI using ARM templates
Change size of SQL MI using PowerShell
SQL MI management through ARM templates & PowerShell
(official docs and blogs)
Cross-instance point-in-time restore in Azure SQL Database
Managed Instance
How to restore database to another instance
CAT Blog: CPU and Memory Allocation on Azure SQL Database
Managed Instance
Explains how to interpret various information exposed in SSMS and
DMVs regarding resource allocation is SQL MI
CAT Blog: Storage best practices in General Purpose In this article, we describe database storage architecture on Azure SQL
Database Managed Instance (MI), for General Purpose (GP) instances
specifically. We also provide a set of best practices to help optimize
storage performance
CAT Blog: Consume SQL MI Error Log How to filter out unnecessary info from SQL error log and focus on
what's important to your app using sp_readmierrorlog
CAT Blog: Real time performance monitoring for Azure SQL DB
Managed Instance
Configuring and suing Telegraf for real-time perf. monitoring in SQL
Managed Instance
BLOG: How to send emails in SQL MI using DbMail
SCOM Management Pack for SQL MI The blog announcement for SCOM MP for SQL MI and scope details
36. Blogs, best practices
Document When to use it
MI best practices migrating from on-prem SQL MI management through ARM templates & PowerShell
(official docs and blogs)
MI performance best practices articles Various performance best practices for configuring and running
Managed Instances
MI more memory tuning Explains how to identify memory usage requirements for Managed
Instance
MI real-time monitoring Monitor Managed Instance database workload in real-time
Notas do Editor
Azure SQL Database is your fully-managed relational database-as-a service:
The best and most economical cloud destination for your SQL Server data
Running on the Microsoft SQL Server engine means it’s high-performing, reliable, and secure
Use it to build data-driven applications/websites in the programming language of your choice, without needing to manage infrastructure
1. Save time and resources by seamlessly migrating SQL Server data to the cloud via a managed instance with a full SQL Server programming surface area that removes the need to re-architect the apps.
2. Realize up to 212% ROI over 3 years by migrating your SQL Server workloads to SQL Database Managed Instance1 (according to recent Forrester Total Economic Impact study).
Microsoft offers economic incentives, such as the Azure Hybrid Benefit and reserved capacity pricing.
Maximize ROI of migrating to Azure, with savings of up to 80% versus license-included pricing.
Azure SQL Database is the most cost-effective cloud for SQL Server (AWS is 5x more expensive).
3. SQL Database breakthrough productivity and performance meets the demands of today’s apps.
Each database is isolated and portable, each with its own service tier and guaranteed performance level.
Different performance levels for different needs, enabling the pooling of databases to maximize resources and investment.
Adjust performance with minimal downtime to your app and provide foundation for future growth: SQL Database supports very large databases (VLDB) without the headaches, enabling migration and Hyperscale of your databases up to 100TB in constant time.
Dynamic scalability enables your database to transparently respond to rapidly changing resource requirements, and you pay only for the resources you need when you need them.
In-memory technologies enable real-time business insight with up to 30x improved throughput and latency and up to 100x faster queries and reports.
4. Intelligent protection and industry-leading security and privacy capabilities allow you to:
Control access to your databases with multifactor authentication
Leave sensitive data encrypted while in use, with Always Encrypted
Monitor your databases for potential threats and vulnerabilities using Advanced Threat Protection
Protect your data and maintain business continuity with built-in high availability and business continuity tools.
Azure's financially-backed 99.99% availability SLA2, powered by a global network of Microsoft-managed datacenters over 38 regions, helps keep your apps running 24/7.
Minimize data loss from disruptive events achieve recovery with recovery point objective (RPO) of less than 5 seconds. (AWS provides an RPO commitment of 5 minutes)
Protect against data center outages with up to four readable secondary databases enabled through active geo-replication.
Automatically create full, differential, and transaction log backups every 5 - 10 minutes.
Restore an existing database to an earlier point in time up to 35 days on the same logical server.
5. SQL Database also has built-in intelligence that helps customers dramatically reduce the costs of running and managing databases and maximizes both the performance and security of their application.
Source:
1The Total Economic ImpactTM of Microsoft Azure SQL Database Managed Instance, Forrester Consulting, September 2018
2 We guarantee at least 99.99% of the time customers will have connectivity between their single or elastic Basic, Standard, or Premium Microsoft Azure SQL Database and our Internet gateway. See “SLA for SQL Database” for more information (https://azure.microsoft.com/en-us/support/legal/sla/sql-database/v1_1/)
Updated from slides 7/8
The vCore-based model allows you to independently choose compute and storage resources and is best for customers who value flexibility, control, and transparency.
Both the DTU-based and vCore-based models are available to SQL databases and elastic pools. The DTU-based model is not available in the Managed Instance option.
The vCore model simplifies the hybrid benefit for your migration from on-premises, reflecting Microsoft’s commitment to customer choice. It includes three storage architectures, each one differentiated by the level of HA and storage performance required by your workload. Pricing is based upon the number of vCores and storage and whether the license is included or if you’re using the Azure Hybrid Benefit for SQL Server to maximize your on-premises license investment.
There are three options to choose from:
General Purpose: great for most business workloads, offering budget-oriented, balanced and scalable compute and storage options.
Hyperscale: best for data applications with large data capacity requirements and the ability to auto-scale storage and scale compute fluidly. (Hyperscale is currently in preview and available for single databases only at this time.)
Business Critical: great for business applications that have high IO requirements, delivering the highest resilience to failures using 3 isolated Always On replicas with one read-scale.
Be empty: The subnet must not contain any other cloud service associated to it, and it must not be Gateway subnet. You won’t be able to create Managed Instance in subnet that contains resources other than managed instance or add other resources inside the subnet later.
Have specific route table: The subnet must have a User Route Table (UDR) with 0.0.0.0/0 Next Hop Internet as the only route assigned to it.
Optional custom DNS: If custom DNS is specified on the VNet, Azure's recursive resolvers IP address (such as 168.63.129.16) must be added to the list.
No Service endpoint: The subnet must not have a Service endpoint (Storage or Sql) associated to it. Make sure that Service Endpoints option is Disabled when creating VNet.
Sufficient IP addresses: The subnet must have minimum of 16 IP addresses. For more information. By design, a Managed Instance needs a minimum of 16 IP addresses in a subnet and may use up to 256 IP addresses. As a result, you can use subnet masks /28 to /24 when defining your subnet IP ranges.
Azure uses five IP addresses in the subnet for its own needs
Each General Purpose instance needs two addresses
Each Business Critical instance needs four addresses
We assume breach…
Enhanced monitoring of our Azure Assets
Collection of low-fidelity anomalous activity (automated hunting)
Monitoring PERF for traits of crypto currency mining
… and large set of other detections that we don’t talk about publicly
Attack team, SQL Red Team, tries to get in, gain a foothold, escalate privileges, and maintain persistence
SQL Blue Team practices defense-in-depth
When we detect something, e.g., failed login attempts, we defend…
If it involves customer, we will notify
Many times this is the customer’s own security and compliance scanners!
Be empty: The subnet must not contain any other cloud service associated to it, and it must not be Gateway subnet. You won’t be able to create Managed Instance in subnet that contains resources other than managed instance or add other resources inside the subnet later.
Have specific route table: The subnet must have a User Route Table (UDR) with 0.0.0.0/0 Next Hop Internet as the only route assigned to it.
Optional custom DNS: If custom DNS is specified on the VNet, Azure's recursive resolvers IP address (such as 168.63.129.16) must be added to the list.
No Service endpoint: The subnet must not have a Service endpoint (Storage or Sql) associated to it. Make sure that Service Endpoints option is Disabled when creating VNet.
Sufficient IP addresses: The subnet must have minimum of 16 IP addresses. For more information. By design, a Managed Instance needs a minimum of 16 IP addresses in a subnet and may use up to 256 IP addresses. As a result, you can use subnet masks /28 to /24 when defining your subnet IP ranges.
Azure uses five IP addresses in the subnet for its own needs
Each General Purpose instance needs two addresses
Each Business Critical instance needs four addresses
Key point(s)
You may choose to host application in the cloud either by using Azure App Service or some of Azure's virtual network (VNet) integrated options like Azure App Service Environment, Virtual Machine, Virtual Machine Scale Set. You could also take hybrid cloud approach and keep your applications on-premises.
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-connect-app
Azure resources can communicate privately with each other through an Azure Virtual Network (VNet). A VNet is a logical isolation of the Azure cloud dedicated to your subscription.
You can implement multiple VNets within each Azure subscription and Azure region. Each VNet is isolated from other VNets.
You can connect Vnets to each other, enabling resources connected to either Vnet to communicate with each other across VNets
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview?toc=%2fazure%2fnetworking%2ftoc.json
Peering
Enables resources connected to different Azure Vnets within the same region to communicate with each other
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview?toc=%2fazure%2fnetworking%2ftoc.json
VPN Gateway
Enables resources connected to different Azure Vnets within different Azure region to communicate with each other
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal?toc=%2fazure%2fnetworking%2ftoc.json
MI is always on latest and greatest SQL engine version
Certify your code for database compatibility level not for a version
Take advantage of new features (Temporal, JSON, Graph Database, etc.)
Use rich T-SQL surface area, check out documentation page
Your code can be SQL deployment model aware if necessary
SERVERPROPERTY (‘EngineEdition’) = 8 uniquely identifies MI
Current limitations (will be removed later this year)
Time is UTC . Use AT TIME ZONE to add local time zone experience
Instance collation is fixed (affects tempdb and system databases)
Microsoft Database Compatibility Level Protection
Full Functional protection once assessment tool runs clean.
Maintaining backward compatibility is very important to SQL Server team.
Query Plan shape protection.
Overall process
Use Database Migration Assistant (DMA) and Database Experimentation Assistant (DEA) for assessment.
Migrate database and keep/set source Database Compatibility Level on target.
Perform minimal testing or as determined by your organization.
Contact Microsoft – Explore jointly on how to use Database Compatibility based certification.
Lower bar of entry
4 cores managed instances
Instance pools (2 core instance)
MSDN Dev/test subscriptions
Increased security
Management Instance Contributor role
Removal of Internet dependency
Removal of Azure DNS
Increased app compatibility
Instance level collation
Choice of time zones
SharePoint 2016 and 2019, and Dynamics 365 Business Central certified for MI
Broader availability
Azure Government: US Gov Texas, US Gov Arizona, China North 2 and East 2
New regions: Australia Central, Australia Central 2, Brazil South, France South, UAE Central, UAE North, South Africa North, South Africa West.
Increased default regional limits
15 subnets (previously 3)
1440 vCores, deployment of 180 managed instances of 8 vCores (previously 12 instances)
Instance pools provide a convenient and cost-efficient way to migrate smaller instances to the cloud at scale.
Previously, in order to migrate to a single instance in the cloud, smaller, less compute-intensive workloads would often have to be consolidated. This typically required careful capacity planning, additional security considerations and some extra data consolidation work at the instance level. Instances pools bypasses this by pre-provisioning compute according to your requirements (ie 8 vCores), then enabling you to migrate instances up to your pre-provisioned compute level (ie two 2-vCore and one 4-vCore instances).
You can increase or decrease the amount of compute resources available to the pool at any time. Instances within the pool are isolated, eliminating the “noisy neighbor” in cases of multi-tenant SaaS apps, and do not share resources with other instances in the pool, ensuring predictable performance at all times.
Scenarios
1:1 SQL Server to SQL MI at scale migration for small workloads
“de-consolidation”: separating workloads (databases) running on the same (big) SQL Server to achieve instance-level compute and security isolation and required database density within the pool.
Perfect for “Tier 2” and “Tier 3” apps with moderate requirements and for SaaS workloads with higher database density requirements
Instance pools will be available in the following compute sizes: 8, 16, 24, 32, 40, 64 and 80 vCores. Minimum instance size within the pool is 2 vCores.
Only available to General Purpose service tier at public preview.
Azure Active Directory authentication is a mechanism for connecting to Microsoft Azure SQL Database by using identities in Azure Active Directory.
With Azure Active Directory authentication, you can centrally manage the identities of database users and other Microsoft services in a single location. Central identity management provides a single place to manage Azure SQL Database users and simplifies permission management. Benefits include:
An alternative to SQL Server authentication
Help in stopping the proliferation of user identities across database servers
The ability to perform password rotation in a single place
Management of database permissions by using external Azure Active Directory groups
Elimination of the need to store passwords: it enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory
Uses contained database users to authenticate identities at the database level
Members created in the managed domain or with a federated domain can be provisioned in Azure SQL Database
Limitations:
Microsoft accounts (for example outlook.com, hotmail.com, live.com) or other guest accounts (for example gmail.com, yahoo.com) are not supported.
Only one Azure Active Directory administrator (a user or group) can be configured for an Azure SQL Database at any time.
Only an Azure Active Directory administrator can initially connect to the Azure SQL Database by using an Azure Active Directory account. The Azure Active Directory administrator can configure subsequent Azure Active Directory database users.
Some tools, like business intelligence (BI) and Microsoft Office Excel, are not supported.
Azure Active Directory authentication is supported by .NET Framework Data Provider for SQL Server (at least version in .NET Framework version 4.6).
Therefore SQL Server Management Studio (available with SQL Server 2016) and data-tier applications (DAC and .bacpac) can connect.
ODBC version 13.1 supports Azure Active Directory authentication
The sqlcmd.exe supports Azure Active Directory authentication beginning with version 13.1
PolyBase cannot authenticate by using Azure AD authentication.
Microsoft JDBC Driver 6.0 for SQL Server supports Azure AD authentication.
Two-factor authentication or other forms of interactive authentication are not supported.
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
--------------------------------------------------
Objective: Azure Active Directory authentication is a mechanism for connecting to Microsoft Azure SQL Database by using identities in Azure Active Directory.
Talking Points:
With Azure Active Directory authentication, you can centrally manage the identities of database users and other Microsoft services in a single location. Central identity management provides a single place to manage Azure SQL Database users and simplifies permission management. Benefits include:
An alternative to SQL Server authentication.
Help in stopping the proliferation of user identities across database servers.
The ability to perform password rotation in a single place.
Management of database permissions by using external Azure Active Directory groups.
Elimination of the need to store passwords: it enables integrated Windows authentication and other forms of authentication supported by Azure Active Directory.
Azure Active Directory authentication uses contained database users to authenticate identities at the database level.
Azure Active Directory members created in the managed domain or with a federated domain can be provisioned in Azure SQL Database.
Limitations:
Microsoft accounts (for example outlook.com, hotmail.com, live.com) or other guest accounts (for example gmail.com, yahoo.com) are not supported.
Only one Azure Active Directory administrator (a user or group) can be configured for an Azure SQL Database at any time.
Only an Azure Active Directory administrator can initially connect to the Azure SQL Database by using an Azure Active Directory account. The Azure Active Directory administrator can configure subsequent Azure Active Directory database users.
Some tools, like business intelligence (BI) and Microsoft Office Excel, are not supported.
Azure Active Directory authentication is supported by .NET Framework Data Provider for SQL Server (at least version in .NET Framework version 4.6).
Therefore SQL Server Management Studio (available with SQL Server 2016) and data-tier applications (DAC and .bacpac) can connect.
ODBC version 13.1 supports Azure Active Directory authentication
The sqlcmd.exe supports Azure Active Directory authentication beginning with version 13.1
PolyBase cannot authenticate by using Azure AD authentication.
Microsoft JDBC Driver 6.0 for SQL Server supports Azure AD authentication.
Two-factor authentication or other forms of interactive authentication are not supported.
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication
10 min
5 min
Lower bar of entry
4 cores managed instances
Instance pools (2 core instance)
MSDN Dev/test subscriptions
Increased security
Management Instance Contributor role
Removal of Internet dependency
Removal of Azure DNS
Increased app compatibility
Instance level collation
Choice of time zones
SharePoint 2016 and 2019, and Dynamics 365 Business Central certified for MI
Broader availability
Azure Government: US Gov Texas, US Gov Arizona, China North 2 and East 2
New regions: Australia Central, Australia Central 2, Brazil South, France South, UAE Central, UAE North, South Africa North, South Africa West.
Increased default regional limits
15 subnets (previously 3)
1440 vCores, deployment of 180 managed instances of 8 vCores (previously 12 instances)
Azure Hybrid Benefit for SQL Server provides a unique benefit for highly virtualized workloads.
SQL Server Enterprise Edition customers can use an unlimited virtualization benefit for their on-premises workloads. However, moving to the cloud to take advantage of its management, flexibility and cost benefits can be cost prohibitive for some heavily virtualized customers.
Azure Hybrid Benefit for SQL Server provides:
4 cores in the cloud for every 1 core you own on-premises for workloads moving to the General Purpose SKU – the SKU that best meets the requirements for highly virtualized workloads.
Moving virtualized applications to Managed Instance is highly cost effective – no incremental vCore purchases needed.