使用 Azure 数据库迁移服务迁移 Azure SQL 托管实例的网络拓扑Network topologies for Azure SQL Managed Instance migrations using Azure Database Migration Service

本文介绍 Azure 数据库迁移服务可使用的各种网络拓扑,以提供从 SQL Server 到 Azure SQL 托管实例的全面迁移体验。This article discusses various network topologies that Azure Database Migration Service can work with to provide a comprehensive migration experience from SQL Servers to Azure SQL Managed Instance.

为混合工作负载配置的 Azure SQL 托管实例Azure SQL Managed Instance configured for Hybrid workloads

如果 Azure SQL 托管实例与本地网络连接,请使用此拓扑。Use this topology if your Azure SQL Managed Instance is connected to your on-premises network. 此方法提供最简化的网络路由,并在迁移过程中提供最大数据吞吐量。This approach provides the most simplified network routing and yields maximum data throughput during the migration.

混合工作负载的网络拓扑

要求Requirements

  • 在此方案中,SQL 托管实例和 Azure 数据库迁移服务实例创建在同一 Azure 虚拟网络中,但它们使用不同的子网。In this scenario, the SQL Managed Instance and the Azure Database Migration Service instance are created in the same Azure Virtual Network, but they use different subnets.
  • 本方案中使用的虚拟网络还使用 ExpressRouteVPN 连接到本地网络。The virtual network used in this scenario is also connected to the on-premises network by using either ExpressRoute or VPN.

SQL 托管实例与本地网络隔离SQL Managed Instance isolated from the on-premises network

如果环境要求以下的一种或多种方案,则使用此网络拓扑:Use this network topology if your environment requires one or more of the following scenarios:

  • SQL 托管实例与本地连接隔离,但 Azure 数据库迁移服务实例已连接到本地网络。The SQL Managed Instance is isolated from on-premises connectivity, but your Azure Database Migration Service instance is connected to the on-premises network.
  • 如果基于角色的访问控制 (RBAC) 策略已经到位,并且你需要限制用户访问托管 SQL 托管实例的同一订阅。If Role Based Access Control (RBAC) policies are in place and you need to limit the users to accessing the same subscription that is hosting the SQL Managed Instance.
  • 用于 SQL 托管实例和用于 Azure 数据库迁移服务的虚拟网络位于不同的订阅中。The virtual networks used for the SQL Managed Instance and Azure Database Migration Service are in different subscriptions.

托管实例的网络拓扑与本地网络分离

要求Requirements

  • Azure 数据库迁移服务针对本方案使用的虚拟网络还需通过使用 ExpressRouteVPN 连接到本地网络。The virtual network that Azure Database Migration Service uses for this scenario must also be connected to the on-premises network by using either ExpressRoute or VPN.
  • 在用于 SQL 托管实例的虚拟网络和 Azure 数据库迁移服务之间设置 VNet 网络对等互连Set up VNet network peering between the virtual network used for SQL Managed Instance and Azure Database Migration Service.

云到云的迁移:共享的虚拟网络Cloud-to-cloud migrations: Shared virtual network

如果源 SQL Server 托管在 Azure VM 中,且与 SQL 托管实例以及 Azure 数据库迁移服务共享同一个虚拟网络,请使用此拓扑。Use this topology if the source SQL Server is hosted in an Azure VM and shares the same virtual network with SQL Managed Instance and Azure Database Migration Service.

共享 VNet 的云到云迁移的网络拓扑

要求Requirements

  • 没有其他要求。No additional requirements.

云到云的迁移:隔离的虚拟网络Cloud to cloud migrations: Isolated virtual network

如果环境要求以下的一种或多种方案,则使用此网络拓扑:Use this network topology if your environment requires one or more of the following scenarios:

  • SQL 托管实例在隔离虚拟网络中进行预配。The SQL Managed Instance is provisioned in an isolated virtual network.
  • 如果基于角色的访问控制 (RBAC) 策略已经到位,并且你需要限制用户访问托管 SQL 托管实例的同一订阅。If Role Based Access Control (RBAC) policies are in place and you need to limit the users to accessing the same subscription that is hosting SQL Managed Instance.
  • 用于 SQL 托管实例和用于 Azure 数据库迁移服务的虚拟网络位于不同的订阅中。The virtual networks used for SQL Managed Instance and Azure Database Migration Service are in different subscriptions.

独立 VNet 的云到云迁移的网络拓扑

要求Requirements

  • 在用于 SQL 托管实例的虚拟网络和 Azure 数据库迁移服务之间设置 VNet 网络对等互连Set up VNet network peering between the virtual network used for SQL Managed Instance and Azure Database Migration Service.

入站安全规则Inbound security rules

NAMENAME PORTPORT PROTOCOLPROTOCOL SOURCE DESTINATIONDESTINATION ACTIONACTION
DMS_subnetDMS_subnet 任意Any 任意Any DMS SUBNETDMS SUBNET 任意Any 允许Allow

入站安全规则Outbound security rules

NAMENAME PORTPORT PROTOCOLPROTOCOL SOURCE DESTINATIONDESTINATION ACTIONACTION 规则的原因Reason for rule
管理management 443,9354443,9354 TCPTCP 任意Any 任意Any 允许Allow 通过服务总线和 Azure Blob 存储进行管理平面通信。Management plane communication through Service Bus and Azure blob storage.
(如果启用了 Azure 对等互连,可能不需要此规则。)(If Azure peering is enabled, you may not need this rule.)
诊断Diagnostics 1200012000 TCPTCP 任意Any 任意Any 允许Allow DMS 使用此规则收集诊断信息以进行故障排除。DMS uses this rule to collect diagnostic information for troubleshooting purposes.
SQL 源服务器SQL Source server 1433(或 SQL Server 正在侦听的 TCP IP 端口)1433 (or TCP IP port that SQL Server is listening to) TCPTCP 任意Any 本地地址空间On-premises address space 允许Allow 来自 DMS 的 SQL Server 源连接SQL Server source connectivity from DMS
(如果使用站点到站点连接,则可能不需要此规则。)(If you have site-to-site connectivity, you may not need this rule.)
SQL Server 命名实例SQL Server named instance 14341434 UDPUDP 任意Any 本地地址空间On-premises address space 允许Allow 来自 DMS 的 SQL Server 命名实例源连接SQL Server named instance source connectivity from DMS
(如果使用站点到站点连接,则可能不需要此规则。)(If you have site-to-site connectivity, you may not need this rule.)
SMB 共享SMB share 445445 TCPTCP 任意Any 本地地址空间On-premises address space 允许Allow DMS 的 SMB 网络共享用于存储数据库备份文件,以便迁移到 Azure VM 上的 Azure SQL 数据库 MI 和 SQL ServerSMB network share for DMS to store database backup files for migrations to Azure SQL Database MI and SQL Servers on Azure VM
(如果使用站点到站点连接,则可能不需要此规则)。(If you have site-to-site connectivity, you may not need this rule).
DMS_subnetDMS_subnet 任意Any 任意Any 任意Any DMS_SubnetDMS_Subnet 允许Allow

另请参阅See also

后续步骤Next steps