如何在 Azure SQL 数据库中使用托管实例How to use a managed instance in Azure SQL Database

本文提供各种指南、脚本和说明,可帮助你管理和配置托管实例。In this article you can find various guides, scripts, and explanation that can help you to manage and configure your managed instance.

迁移Migration

  • 迁移到托管实例 - 了解迁移到托管实例时建议使用的迁移流程和工具。Migrate to a managed instance - Learn about the recommended migration process and tools for migration to a managed instance.

  • 将 TDE 证书迁移到托管实例 - 如果 SQL Server 数据库受透明数据加密 (TDE) 保护,则需迁移证书,以便托管实例能够使用该证书来解密需要在 Azure 中还原的备份。Migrate TDE cert to a managed instance - If your SQL Server database is protected with transparent data encryption (TDE), you would need to migrate certificate that a managed instance can use to decrypt the backup that you want to restore in Azure.

网络配置Network configuration

  • 确定托管实例子网的大小 - 托管实例置于专用子网中,在向该子网添加资源以后,就不能重设其大小。Determine size of a managed instance subnet - Managed instance is placed in dedicates subnet that cannot be resized once you add the resources inside. 因此,需要根据要部署在子网中的实例的数目和类型来计算子网所需地址的 IP 范围。Therefore, you would need to calculate what IP range of addresses would be required for the subnet depending on the number and types of instances that you want to deploy in the subnet.
  • 为托管实例创建新的 VNet 和子网 - 必须根据此处所述的网络要求配置要在其中部署托管实例的 Azure VNet 和子网。Create new VNet and subnet for a managed instance - Azure VNet and subnet where you want to deploy your managed instances must be configured according to the network requirements described here. 本指南介绍如何轻松地创建针对托管实例进行了相应配置的全新 VNet 和子网。In this guide you can find the easiest way to create your new VNet and subnet properly configured for managed instances.
  • 为托管实例配置现有的 VNet 和子网 - 如果想要配置现有的 VNet 和子网,以便在其中部署托管实例,可以在此处找到用于检查网络要求并根据要求进行子网配置的脚本。Configure existing VNet and subnet for a managed instance - if you want to configure your existing VNet and subnet to deploy managed instances inside, here you can find the script that checks the network requirements and make configures your subnet according to the requirements.
  • 配置自定义 DNS - 如果需要通过 DB 邮件配置文件的链接服务器从托管实例访问自定义域上的外部资源,则需配置自定义 DNS。Configure custom DNS - you need to configure custom DNS if you want to access external resources on the custom domains from your managed instance via linked server of db mail profiles.
  • 同步网络配置 - 虽然已将应用与 Azure 虚拟网络集成,仍可能出现无法建立与托管实例的连接的情况。Sync network configuration - It might happen that although you integrated your app with an Azure Virtual Network, you can't establish connection to a managed instance. 可尝试刷新服务计划的网络配置。One thing you can try is to refresh networking configuration for your service plan.
  • 查找管理终结点 IP 地址 - 托管实例将公共终结点用于管理目的。Find management endpoint IP address - Managed instance uses public endpoint for management-purposes. 可以使用此处所述的脚本确定管理终结点的 IP 地址。You can determine IP address of the management endpoint using the script described here.
  • 验证内置防火墙保护 - 托管实例受内置防火墙的保护,该防火墙仅在必需端口上允许流量。Verify built-in firewall protection - Managed instance is protected with built-in firewall that allows the traffic only on necessary ports. 可以使用本指南中介绍的脚本来检查并验证内置防火墙规则。You can check and verify the built-in firewall rules using the script described in this guide.
  • 连接应用程序 - 托管实例置于你自己的专用 Azure VNet 中,使用的 IP 地址是专用的。Connect applications - Managed instance is placed in your own private Azure VNet with private IP address. 了解如何通过不同的模式将应用程序连接到托管实例。Learn about different patterns for connecting the applications to your managed instance.

功能配置Feature configuration

  • 可以使用事务复制在托管实例之间复制数据,或者将数据从本地 SQL Server 复制到托管实例,反之亦然。Transactional replication enables you to replicate your data between managed instances, or from on-premises SQL Server to a managed instance, and vice versa. 详细了解如何使用并配置本指南中的事务复制。Find more information how to use and configure transaction replication in this guide.
  • 配置威胁检测 - 威胁检测是一项内置的 Azure SQL 数据库功能,用于检测各种潜在的攻击,例如 SQL 注入或者来自可疑位置的访问。Configure threat detection - threat detection is a built-in Azure SQL Database feature that detects various potential attacks such as SQL Injection or access from suspicious locations. 本指南介绍如何为托管实例启用并配置威胁检测In this guide you can learn how to enable and configure threat detection for a managed instance.

后续步骤Next steps