您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用具有虚拟网络和近 100% 兼容性的 SQL 数据库高级数据安全性Use SQL Database advanced data security with virtual networks and near 100% compatibility

托管实例是 Azure SQL 数据库的一个新部署选项,几乎与最新的 SQL Server 本地 (Enterprise Edition) 数据库引擎完全兼容。它提供一个本机虚拟网络 (VNet) 实现来解决常见的安全问题,并提供本地 SQL Server 客户惯用的业务模型Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers. 托管实例部署模型允许现有 SQL Server 客户将其本地应用程序即时转移到云中,而只需对应用程序和数据库做出极少量的更改。The managed instance deployment model allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes. 同时,托管实例部署选项保留了所有 PaaS 功能(自动修补和版本更新、自动备份高可用性),可大幅降低管理开销和总拥有成本。At the same time, the managed instance deployment option preserves all PaaS capabilities (automatic patching and version updates, automated backups, high-availability ), that drastically reduces management overhead and TCO.

重要

若要查看托管实例部署选项当前可用的区域列表,请参阅支持区域For a list of regions in which the managed instance deployment option is currently available, see supported regions.

下图概括描绘了托管实例的主要功能:The following diagram outlines key features of managed instances:

主要功能

托管实例部署模型面向想要以最少的迁移工作量,将大量应用从本地或 IaaS、自我构建的或 ISV 提供的环境迁移到完全托管的 PaaS 云环境的客户。The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration effort as possible. 使用 Azure 中完全自动化的数据迁移服务 (DMS),客户可将其本地 SQL Server 即时转移到托管实例,从而实现与本地 SQL Server 的兼容,并通过本机 VNet 支持实现客户实例的完全隔离。Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of customer instances with native VNet support. 借助软件保障,可以使用适用于 SQL Server 的 Azure 混合权益交换现有许可证,以获得托管实例的折扣价格。With Software Assurance, you can exchange their existing licenses for discounted rates on a managed instance using the Azure Hybrid Benefit for SQL Server. 托管实例是 SQL Server 实例在云中的最佳迁移目标,需要很高的安全性和丰富的编程接口。A managed instance is the best migration destination in the cloud for SQL Server instances that require high security and a rich programmability surface.

托管实例部署选项旨在通过分阶段的发布计划,实现外围应用与最新本地 SQL Server 版本的近乎 100% 的兼容性。The managed instance deployment option aims delivers close to 100% surface area compatibility with the latest on-premises SQL Server version through a staged release plan.

若要在 Azure SQL 数据库部署选项:单一数据库、共用数据库、托管实例和虚拟机中托管的 SQL Server 之间做出抉择,请参阅如何在 Azure 中选择适当版本的 SQL ServerTo decide between the Azure SQL Database deployment options: single database, pooled database, and managed instance, and SQL Server hosted in virtual machine, see how to choose the right version of SQL Server in Azure.

主要特性和功能Key features and capabilities

托管实例结合了 Azure SQL 数据库和 SQL Server 数据库引擎提供的最佳功能。Managed instance combines the best features that are available both in Azure SQL Database and SQL Server Database Engine.

重要

托管实例使用最新版 SQL Server 的所有功能(包括联机操作、自动计划更正和其他企业性能增强功能)运行。A managed instance runs with all of the features of the most recent version of SQL Server, including online operations, automatic plan corrections, and other enterprise performance enhancements. 功能比较:Azure SQL 数据库与 SQL ServerAzure SQL 数据库与 SQL ServerA Comparison of the features available is explained in Feature comparison: Azure SQL Database versus SQL Server.

PaaS 优势PaaS benefits 业务连续性Business continuity
无需采购和管理硬件No hardware purchasing and management
不产生底层基础结构的管理开销No management overhead for managing underlying infrastructure
快速预配和服务缩放Quick provisioning and service scaling
自动修补和版本升级Automated patching and version upgrade
与其他 PaaS 数据服务集成Integration with other PaaS data services
99.99% 的运行时间 SLA99.99% uptime SLA
内置高可用性Built in high-availability
使用自动备份保护数据Data protected with automated backups
客户可配置的备份保留期Customer configurable backup retention period
用户发起的备份User-initiated backups
数据库时间点还原功能Point in time database restore capability
安全性和符合性Security and compliance 管理Management
隔离的环境(VNet 集成、单租户服务、专用的计算和存储资源)Isolated environment (VNet integration, single tenant service, dedicated compute and storage)
透明数据加密 (TDE)Transparent data encryption (TDE)
Azure AD 身份验证、单一登录支持Azure AD authentication, single sign-on support
Azure AD 服务器主体(登录名)(公开预览版)Azure AD server principals (logins) (public preview)
符合 Azure SQL 数据库遵循的相同法规标准Adheres to compliance standards same as Azure SQL database
SQL 审核SQL auditing
威胁检测threat detection
用于自动预配和缩放服务的 Azure 资源管理器 APIAzure Resource Manager API for automating service provisioning and scaling
用于手动预配和缩放服务的 Azure 门户功能Azure portal functionality for manual service provisioning and scaling
数据迁移服务Data Migration Service

重要

Azure SQL 数据库(所有部署选项)已通过了许多合规性标准的认证。Azure SQL Database (all deployment options), has been certified against a number of compliance standards. 有关详细信息,请参阅Microsoft Azure 信任中心在哪里可以找到 SQL 数据库法规认证的最新列表。For more information, see the Microsoft Azure Trust Center where you can find the most current list of SQL Database compliance certifications.

下表显示托管实例的主要功能:The key features of managed instances are shown in the following table:

FeatureFeature 描述Description
SQL Server 版本/内部版本SQL Server version / build SQL Server 数据库引擎(最新稳定版)SQL Server Database Engine (latest stable)
受管理的自动备份Managed automated backups Yes
内置的实例和数据库监视与指标Built-in instance and database monitoring and metrics Yes
自动软件修补Automatic software patching Yes
最新的数据库引擎功能The latest Database Engine features Yes
每个数据库的数据文件 (ROWS) 数目Number of data files (ROWS) per the database 多个Multiple
每个数据库的日志文件 (LOG) 数目Number of log files (LOG) per database 1
VNet - Azure 资源管理器部署VNet - Azure Resource Manager deployment Yes
VNet - 经典部署模型VNet - Classic deployment model No
门户支持Portal support Yes
内置集成服务 (SSIS)Built-in Integration Service (SSIS) 否 - SSIS 属于 Azure 数据工厂 PaaSNo - SSIS is a part of Azure Data Factory PaaS
内置分析服务 (SSAS)Built-in Analysis Service (SSAS) 否 - SSAS 是单独的 PaaSNo - SSAS is separate PaaS
内置报表服务 (SSRS)Built-in Reporting Service (SSRS) 否 - 使用 Power BI 或 SSRS IaaSNo - use Power BI or SSRS IaaS

基于 vCore 的购买模型vCore-based purchasing model

托管实例中基于 vCore 的购买模型提供了灵活性、控制力和透明度,并且还提供了一种简单明了的方法来将本地工作负荷要求转换到云。The vCore-based purchasing model for managed instances gives you flexibility, control, transparency, and a straightforward way to translate on-premises workload requirements to the cloud. 此模型允许根据工作负荷需求来更改计算、内存和存储。This model allows you to change compute, memory, and storage based upon your workload needs. 此外,借助适用于 SQL Server 的 Azure SQL Server 混合权益,还能使用 vCore 模型节省高达 30% 的费用。The vCore model is also eligible for up to 30 percent savings with the Azure Hybrid Benefit for SQL Server.

在 vCore 模型中,可在以下两代硬件中进行选择。In vCore model, you can choose between generations of hardware.

  • 第 4 代逻辑 CPU 基于 Intel E5-2673 v3 (Haswell) 2.4-GHz 处理器,采用附加 SSD,物理核心(每个核心 7 GB RAM),计算大小为 8 到 24 个 vCore。Gen4 Logical CPUs are based on Intel E5-2673 v3 (Haswell) 2.4-GHz processors, attached SSD, physical cores, 7GB RAM per core, and compute sizes between 8 and 24 vCores.
  • 第 5 代逻辑 CPU 基于 Intel E5-2673 v4 (Broadwell) 2.3-GHz 处理器,采用快速 NVMe SSD,超线程逻辑核心,计算大小为 8 到 80 个核心。Gen5 Logical CPUs are based on Intel E5-2673 v4 (Broadwell) 2.3-GHz processors, fast NVMe SSD, hyper-threaded logical core, and compute sizes between 8 and 80 cores.

若要详细了解两代硬件之间的区别,请参阅托管实例资源限制Find more information about the difference between hardware generations in managed instance resource limits.

“托管实例”服务层级Managed instance service tiers

托管实例可在两个服务层级中提供:Managed instance is available in two service tiers:

  • 常规用途:适用于具有典型性能和 IO 延迟要求的应用程序。General purpose: Designed for applications with typical performance and IO latency requirements.
  • 业务关键:适用于具有低 IO 延迟要求,对工作负荷中基础维护操作影响最低的应用程序。Business critical: Designed for applications with low IO latency requirements and minimal impact of underlying maintenance operations on the workload.

这两个服务层级保证 99.99% 的可用性,可让你独立选择存储大小和计算容量。Both service tiers guarantee 99.99% availability and enable you to independently select storage size and compute capacity. 有关 Azure SQL 数据库高可用性体系结构的详细信息,请参阅高可用性和 Azure SQL 数据库For more information on the high availability architecture of Azure SQL Database, see High availability and Azure SQL Database.

“常规用途”服务层级General purpose service tier

以下列表描述了“常规用途”服务层级的主要特征:The following list describes key characteristic of the General Purpose service tier:

  • 适用于具有典型性能要求的大多数业务应用程序Design for the majority of business applications with typical performance requirements
  • 高性能 Azure Blob 存储 (8 TB)High-performance Azure Blob storage (8 TB)
  • 基于可靠的 Azure Blob 存储和 Azure Service Fabric 的内置高可用性Built-in high-availability based on reliable Azure Blob storage and Azure Service Fabric

有关详细信息,请参阅常规用途层中的存储层托管实例(常规用途)的存储性能最佳做法和注意事项For more information, see storage layer in general purpose tier and storage performance best practices and considerations for managed instances (general purpose).

若要详细了解两种服务层级之间的区别,请参阅托管实例资源限制Find more information about the difference between service tiers in managed instance resource limits.

“业务关键”服务层级Business Critical service tier

“业务关键”服务层级适用于具有高 IO 要求的应用程序。Business Critical service tier is built for applications with high IO requirements. 它使用多个独立副本,提供最高级别的故障恢复能力。It offers highest resilience to failures using several isolated replicas.

以下列表概述了“业务关键”服务层级的主要特征:The following list outlines the key characteristics of the Business Critical service tier:

若要详细了解两种服务层级之间的区别,请参阅托管实例资源限制Find more information about the difference between service tiers in managed instance resource limits.

高级安全性和符合性Advanced security and compliance

托管实例部署选项结合了 Azure 云和 SQL Server 数据库引擎提供的高级安全功能。The managed instance deployment option combines advanced security features provided by Azure cloud and SQL Server Database Engine.

托管实例安全隔离Managed instance security isolation

使用托管实例可以进一步实现与 Azure 云中其他租户的安全隔离。A managed instance provides additional security isolation from other tenants in the Azure cloud. 安全隔离包括:Security isolation includes:

  • 使用 Azure Express Route 或 VPN 网关实现本机虚拟网络并连接到本地环境。Native virtual network implementation and connectivity to your on-premises environment using Azure Express Route or VPN Gateway.
  • 在默认部署中,只能通过专用 IP 地址,允许从专用 Azure 或混合网络建立安全连接公开 SQL 终结点。In a default deployment, SQL endpoint is exposed only through a private IP address, allowing safe connectivity from private Azure or hybrid networks.
  • 具有专用底层基础结构(计算、存储)的单一租户。Single-tenant with dedicated underlying infrastructure (compute, storage).

下图概述了应用程序的各种连接选项:The following diagram outlines various connectivity options for your applications:

高可用性

若要详细了解子网级别的 VNet 集成和网络策略实施情况,请参阅托管实例的 VNet 体系结构将应用程序连接到托管实例To learn more details about VNet integration and networking policy enforcement at the subnet level, see VNet architecture for managed instances and Connect your application to a managed instance.

重要

只要安全要求允许,就将多个托管实例放在同一子网中,因为这会带来额外的好处。Place multiple managed instance in the same subnet, wherever that is allowed by your security requirements, as that will bring you additional benefits. 在同一子网中并置实例,将显著简化网络基础结构维护,还会减少预配时间,因为预配持续时间长与在子网中部署第一个托管实例的成本相关。Collocating instances in the same subnet will significantly simplify networking infrastructure maintenance and reduce instance provisioning time, since long provisioning duration is associated with the cost of deploying the first managed instance in a subnet.

Azure SQL 数据库安全功能Azure SQL Database Security Features

Azure SQL 数据库提供一组可用于保护数据的高级安全功能。Azure SQL Database provides a set of advanced security features that can be used to protect your data.

  • 托管实例审核功能可跟踪数据库事件,并将其写入 Azure 存储帐户中的审核日志文件。Managed instance auditing tracks database events and writes them to an audit log file placed in your Azure storage account. 借助审核可以保持合规、了解数据库活动,以及深入了解可能指示业务考量因素或疑似安全违规的偏差和异常。Auditing can help maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
  • 动态数据加密 - 托管实例提供动态数据加密,使用传输层安全性保护数据。Data encryption in motion - a managed instance secures your data by providing encryption for data in motion using Transport Layer Security. 除传输层安全性以外,托管实例部署选项使用 Always Encrypted 在动态、静态和查询处理期间提供敏感数据的保护。In addition to transport layer security, the managed instance deployment option offers protection of sensitive data in flight, at rest and during query processing with Always Encrypted. Always Encrypted 是业界首创功能,可针对涉及关键数据被盗的漏洞提供无与伦比的数据安全性。Always Encrypted is an industry-first that offers unparalleled data security against breaches involving the theft of critical data. 例如,借助 Always Encrypted,信用卡号即使在查询处理期间也始终加密存储在数据库中,允许经授权员工或需要处理该数据的应用程序在使用时进行解密。For example, with Always Encrypted, credit card numbers are stored encrypted in the database always, even during query processing, allowing decryption at the point of use by authorized staff or applications that need to process that data.
  • 威胁检测审核的补充,它在服务中提供一个内置的附加安全智能层,用于检测企图访问或使用数据库的异常的潜在有害尝试。Threat detection complements auditing by providing an additional layer of security intelligence built into the service that detects unusual and potentially harmful attempts to access or exploit databases. 出现可疑活动、潜在漏洞、 SQL 注入攻击和异常数据库访问模式时,它会发出警报。You are alerted about suspicious activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns. 可在 Azure 安全中心查看威胁检测警报,此警报提供可疑活动的详细信息以及如何调查和缓解威胁的建议操作。Threat detection alerts can be viewed from Azure Security Center and provide details of suspicious activity and recommend action on how to investigate and mitigate the threat.
  • 动态数据掩码功能通过对非特权用户模糊化敏感数据来限制此类数据的泄漏。Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. 动态数据掩码允许指定在对应用层产生最小影响的前提下可以透露的敏感数据量,从而帮助防止未经授权的用户访问敏感数据。Dynamic data masking helps prevent unauthorized access to sensitive data by enabling you to designate how much of the sensitive data to reveal with minimal impact on the application layer. 它是一种基于策略的安全功能,会在针对指定的数据库字段运行查询后返回的结果集中隐藏敏感数据,同时保持数据库中的数据不变。It’s a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
  • 使用行级别安全性可以根据执行查询的用户特征(例如,按组成员身份或执行上下文),控制对数据库表中的行的访问。Row-level security enables you to control access to rows in a database table based on the characteristics of the user executing a query (such as by group membership or execution context). 行级别安全性 (RLS) 简化了应用程序中的安全性设计和编程。Row-level security (RLS) simplifies the design and coding of security in your application. 使用 RLS 可针对数据行访问实施限制。RLS enables you to implement restrictions on data row access. 例如,确保工作人员只能访问与其部门相关的数据行,或者将可访问的数据限制为相关的数据。For example, ensuring that workers can access only the data rows that are pertinent to their department, or restricting a data access to only the relevant data.
  • 透明数据加密 (TDE) 可以加密托管实例数据文件,称为静态数据加密。Transparent data encryption (TDE) encrypts managed instance data files, known as encrypting data at rest. TDE 针对数据和日志文件执行实时 I/O 加密和解密。TDE performs real-time I/O encryption and decryption of the data and log files. 加密使用数据库加密密钥 (DEK),它存储在数据库引导记录中,可在恢复时使用。The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. 可使用透明数据加密保护托管实例中的所有数据库。You can protect all your databases in a managed instance with transparent data encryption. TDE 是 SQL Server 经验证的静态加密技术,许多符合性标准都需要它来防止存储介质被盗。TDE is SQL Server’s proven encryption-at-rest technology that is required by many compliance standards to protect against theft of storage media.

通过 Azure 数据库迁移服务 (DMS) 或本机还原,支持将加密数据库迁移到托管实例。Migration of an encrypted database to a managed instance is supported via the Azure Database Migration Service (DMS) or native restore. 如果你打算迁移使用本机还原加密的数据库,迁移现有 TDE 证书从本地 SQL Server 或 SQL Server 的虚拟机中的托管实例是必需的步骤。If you plan to migrate an encrypted database using native restore, migration of the existing TDE certificate from the SQL Server on-premises or SQL Server in a virtual machine to a managed instance is a required step. 有关迁移选项的详细信息,请参阅将 SQL Server 实例迁移到托管实例For more information about migration options, see SQL Server instance migration to managed instance.

Azure Active Directory 集成Azure Active Directory Integration

托管实例部署选项支持传统的 SQL Server 数据库引擎登录名,以及与 Azure Active Directory (AAD) 集成的登录名。The managed instance deployment option supports traditional SQL server Database engine logins and logins integrated with Azure Active Directory (AAD). Azure AD 服务器主体(登录名)(公共预览版)是在本地环境中使用的本地数据库登录名的 Azure 云版本。Azure AD server principals (logins) (public preview) are Azure cloud version of on-premises database logins that you are using in your on-premises environment. 使用 Azure AD 服务器主体(登录名),可以将你的 Azure Active Directory 租户中的用户和组指定为真正的实例范围的主体,能够执行任何实体级操作,包括在同一托管实例内执行跨数据库查询。Azure AD server principals (logins) enables you to specify users and groups from your Azure Active Directory tenant as true instance-scoped principals, capable of performing any instance-level operation, including cross-database queries within the same managed instance.

引入了用来创建 Azure AD 服务器主体(登录名)(公共预览版)的一个新语法:FROM EXTERNAL PROVIDER。A new syntax is introduced to create Azure AD server principals (logins) (public preview), FROM EXTERNAL PROVIDER. 有关该语法的详细信息,请参阅 CREATE LOGIN,并查看为托管实例预配 Azure Active Directory 管理员一文。For more information on the syntax, see CREATE LOGIN, and review the Provision an Azure Active Directory administrator for your managed instance article.

Azure Active Directory 集成和多重身份验证Azure Active Directory integration and multi-factor authentication

借助托管实例部署选项,可以使用 Azure Active Directory 集成集中管理数据库用户和其他 Microsoft 服务的标识。The managed instance deployment option enables you to centrally manage identities of database user and other Microsoft services with Azure Active Directory integration. 此功能简化了权限管理,增强了安全性。This capability simplified permission management and enhances security. Azure Active Directory 支持多重身份验证 (MFA),以便在支持单一登录进程的同时提高数据和应用程序安全性。Azure Active Directory supports multi-factor authentication (MFA) to increase data and application security while supporting a single sign-on process.

AuthenticationAuthentication

托管实例身份验证是指用户连接到数据库时如何证明其身份。Managed instance authentication refers to how users prove their identity when connecting to the database. SQL 数据库支持两种类型的身份验证:SQL Database supports two types of authentication:

  • SQL 身份验证SQL Authentication:

    此身份验证方法使用用户名和密码。This authentication method uses a username and password.

  • Azure Active Directory 身份验证Azure Active Directory Authentication:

    此身份验证方法使用由 Azure Active Directory 托管的标识,并且受托管域和集成域支持。This authentication method uses identities managed by Azure Active Directory and is supported for managed and integrated domains. 尽可能使用 Active Directory 身份验证(集成安全性)。Use Active Directory authentication (integrated security) whenever possible.

授权Authorization

授权是指用户可以在 Azure SQL 数据库中执行哪些操作,由用户帐户的数据库角色成员身份和对象级权限控制。Authorization refers to what a user can do within an Azure SQL Database, and is controlled by your user account's database role memberships and object-level permissions. 托管实例的授权功能与 SQL Server 2017 相同。A Managed instance has same authorization capabilities as SQL Server 2017.

数据库迁移Database migration

托管实例部署选项面向需要从本地或 IaaS 数据库实施项目迁移大量数据库的用户方案。The managed instance deployment option targets user scenarios with mass database migration from on-premises or IaaS database implementations. 托管实例支持多个数据库迁移选项:Managed instance supports several database migration options:

备份和还原Back up and restore

迁移方法利用 Azure Blob 存储的 SQL 备份。The migration approach leverages SQL backups to Azure Blob storage. 可以使用 T-SQL RESTORE 命令将 Azure 存储 Blob 中存储的备份直接还原到托管实例。Backups stored in Azure storage blob can be directly restored into a managed instance using the T-SQL RESTORE command.

  • 有关介绍如何还原 Wide World Importers - 标准数据库备份文件的快速入门,请参阅将备份文件还原到托管实例For a quickstart showing how to restore the Wide World Importers - Standard database backup file, see Restore a backup file to a managed instance. 本快速入门介绍如何将备份文件上传到 Azure 博客存储并使用共享访问签名 (SAS) 密钥对其进行保护。This quickstart shows you have to upload a backup file to Azure blog storage and secure it using a Shared access signature (SAS) key.
  • 有关从 URL 还原的信息,请参阅从 URL 本机还原For information about restore from URL, see Native RESTORE from URL.

重要

来自托管实例的备份只能还原到另一个托管实例。Backups from a managed instance can only be restored to another managed instance. 它们无法还原到本地 SQL Server 或单一数据库/弹性池。They cannot be restored to an on-premises SQL Server or to a single database/elastic pool.

数据迁移服务Data Migration Service

Azure 数据库迁移服务是一项完全托管的服务,旨在实现从多个数据库源到 Azure 数据平台的无缝迁移,并且最小化停机时间。The Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure Data platforms with minimal downtime. 此服务简化了将现有的第三方数据库和 SQL Server 数据库移动到 Azure SQL 数据库(单一数据库、弹性池中的共用数据库和托管实例中的实例数据库)以及移到 Azure VM 中的 SQL Server 时需要执行的任务。This service streamlines the tasks required to move existing third party and SQL Server databases to Azure SQL Database (single databases, pooled databases in elastic pools, and instance databases in a managed instance) and SQL Server in Azure VM. 请参阅如何使用 DMS 将本地数据库迁移到托管实例See How to migrate your on-premises database to managed instance using DMS.

支持的 SQL 功能SQL features supported

在服务正式版推出之前,托管实例部署选项旨在通过分阶段的计划,实现外围应用与本地 SQL Server 的近乎 100% 的兼容性。The managed instance deployment option aims to deliver close to 100% surface area compatibility with on-premises SQL Server coming in stages until service general availability. 有关功能和比较列表,请参阅 SQL 数据库功能比较;有关托管实例与 SQL Server 中 T-SQL 差异的列表,请参阅托管实例与 SQL Server 的 T-SQL 差异For a features and comparison list, see SQL Database feature comparison, and for a list of T-SQL differences in managed instances versus SQL Server, see managed instance T-SQL differences from SQL Server.

托管实例部署选项支持与 SQL 2008 数据库的向后兼容。The managed instance deployment option supports backward compatibility to SQL 2008 databases. 支持从 SQL 2005 数据库服务器直接迁移,迁移后的 SQL 2005 数据库的兼容级别将更新为 SQL 2008。Direct migration from SQL 2005 database servers is supported, compatibility level for migrated SQL 2005 databases are updated to SQL 2008.

下图概括描绘了托管实例中外围应用的兼容性:The following diagram outlines surface area compatibility in managed instance:

迁移

本地 SQL Server 与托管实例中 SQL Server 的主要差异Key differences between SQL Server on-premises and in a managed instance

托管实例部署选项受益于云中的一贯最新状态,这意味着,本地 SQL Server 中的某些功能可能会过时、被弃用或被取代。The managed instance deployment option benefits from being always-up-to-date in the cloud, which means that some features in on-premises SQL Server may be either obsolete, retired, or have alternatives. 在某些情况下,当工具需要识别特定的功能是否以略微不同的方式工作或者服务是否不在某个环境中运行时,你无法完全控制这一点:There are specific cases when tools need to recognize that a particular feature works in a slightly different way or that service is not running in an environment you do not fully control:

  • 高可用性是通过类似 Always On 可用性组的技术内置和预配的。High-availability is built in and pre-configured using technology similar to Always On Availability Groups.
  • 自动备份和时间点还原。Automated backups and point in time restore. 客户可以启动 copy-only 备份,而不会干扰自动备份链。Customer can initiate copy-only backups that do not interfere with automatic backup chain.
  • 托管实例不允许指定完整的物理路径,因此必须以不同的方式为相应的方案提供支持:RESTORE DB 不支持 WITH MOVE,CREATE DB 不允许使用物理路径,BULK INSERT 仅适用于 Azure Blob,等等。Managed instance does not allow specifying full physical paths so all corresponding scenarios have to be supported differently: RESTORE DB does not support WITH MOVE, CREATE DB doesn’t allow physical paths, BULK INSERT works with Azure Blobs only, etc.
  • 托管实例支持使用 Azure AD 身份验证作为 Windows 身份验证的云替代方法。Managed instance supports Azure AD authentication as cloud alternative to Windows authentication.
  • 对于包含内存中 OLTP 对象的数据库,托管实例会自动管理 XTP 文件组和文件Managed instance automatically manages XTP filegroup and files for databases containing In-Memory OLTP objects
  • 托管实例支持 SQL Server Integration Services (SSIS),并且可以托管存储 SSIS 包的 SSIS 目录 (SSISDB),但它们在 Azure 数据工厂 (ADF) 的托管 Azure-SSIS 集成运行时 (IR) 上执行,请参阅在 ADF 中创建 Azure-SSIS IRManaged instance supports SQL Server Integration Services (SSIS) and can host SSIS catalog (SSISDB) that stores SSIS packages, but they are executed on a managed Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF), see Create Azure-SSIS IR in ADF. 若要比较 SQL 数据库中的 SSIS 功能,请参阅比较 Azure SQL 数据库单一数据库/弹性池和托管实例To compare the SSIS features in SQL Database, see Compare Azure SQL Database single databases/elastic pools and managed instance.

托管实例管理功能Managed instance administration features

托管实例部署选项可以减少系统管理员花费在管理任务上的时间,因为 SQL 数据库服务可以自行执行这些任务,或者大大简化这些任务。The managed instance deployment option enables system administrator to spend less time on administrative tasks because the SQL Database service either performs them for you or greatly simplifies those tasks. 例如,OS/RDBMS 安装和修补动态实例大小调整和配置备份数据库复制(包括系统数据库)高可用性配置,以及运行状况和性能监视数据流的配置。For example, OS / RDBMS installation and patching, dynamic instance resizing and configuration, backups, database replication (including system databases), high availability configuration, and configuration of health and performance monitoring data streams.

重要

有关支持、部分支持和不支持的功能列表,请参阅 SQL 数据库功能For a list of supported, partially supported, and unsupported features, see SQL Database features. 有关托管实例与 SQL Server 的 T-SQL 差异列表,请参阅托管实例与 SQL Server 的 T-SQL 差异For a list of T-SQL differences in managed instances versus SQL Server, see managed instance T-SQL differences from SQL Server

如何以编程方式标识托管实例How to programmatically identify a managed instance

下表显示了可通过 Transact SQL 访问的几个属性。使用这些属性可以检测应用程序是否正在使用托管实例和检索重要属性。The following table shows several properties, accessible through Transact SQL, that you can use to detect that your application is working with managed instance and retrieve important properties.

属性Property Value 注释Comment
@@VERSION Microsoft SQL Azure (RTM) - 12.0.2000.8 2018-03-07 Copyright (C) 2018 Microsoft Corporation.Microsoft SQL Azure (RTM) - 12.0.2000.8 2018-03-07 Copyright (C) 2018 Microsoft Corporation. 此值与 SQL 数据库中的值相同。This value is same as in SQL Database.
SERVERPROPERTY ('Edition') SQL AzureSQL Azure 此值与 SQL 数据库中的值相同。This value is same as in SQL Database.
SERVERPROPERTY('EngineEdition') 88 此值唯一标识托管实例。This value uniquely identifies a managed instance.
@@SERVERNAMESERVERPROPERTY ('ServerName')@@SERVERNAME, SERVERPROPERTY ('ServerName') 采用以下格式的完整实例 DNS 名称:<instanceName>.<dnsPrefix>.database.windows.net,其中,<instanceName> 是客户提供的名称,<dnsPrefix> 是自动生成的名称部分,保证 DNS 名称的全局唯一性(例如“wcus17662feb9ce98”)Full instance DNS name in the following format:<instanceName>.<dnsPrefix>.database.windows.net, where <instanceName> is name provided by the customer, while <dnsPrefix> is autogenerated part of the name guaranteeing global DNS name uniqueness ("wcus17662feb9ce98", for example) 示例:my-managed-instance.wcus17662feb9ce98.database.windows.netExample: my-managed-instance.wcus17662feb9ce98.database.windows.net

后续步骤Next steps