About Azure Service Tag - SqlManagement

Question

Hi,

I have a questions about service tags,

https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

What is SqlManagement tag? It's explaned "Management traffic for SQL-dedicated deployments."
but which resources? like - SQL Managed Instance and SQL Virtual Machine ? controlled by NSG Rules?
and if it's not allowed nsg rules, what is side effect ?

Thanks!

Answer 1

@SandyKim Welcome to Microsoft Q&A forums.

Azure services have reserved public IP addresses prefixes through which they communicate with other services.
These could be a combination of IPV4 and IPV6 addresses.
Here is an example of address prefixes for Azure SQL

{  
      "name": "Sql.AustraliaCentral2",  
      "id": "Sql.AustraliaCentral2",  
      "properties": {  
        "systemService": "AzureSQL",  
        "addressPrefixes": [  
          "20.36.112.0/27",  
          "20.36.113.32/29",  
          "20.53.56.32/27",  
          "20.53.56.128/26",  
          "2603:1010:404::280/123",  
          "2603:1010:404:400::/123"  
        ]  
      }  
    }  

This list is continuously evolving and customers like you need to make changes to your NSG rules every time the list is updated.
To avoid this problem, Azure provides service tags that automatically map these addresses and provide an alias for you to easily configure your traffic rules.

SqlManagement service tag denotes address prefixes of the management traffic for Azure SQL and Azure SQL Managed instance deployments.
If you specify SqlManagement for the value, traffic is allowed or denied to SqlManagement. This tag is recommended for inbound/outbound security rule.

You won't need to configure this tag if you are using SQL Server on an Azure Virtual Machine.

Please let us know if you have any further questions.

----------

If an answer is helpful, please click on or upvote which might help other community members reading this thread.