Azure SQL 受控執行個體常見問題集 (FAQ)Azure SQL Managed Instance frequently asked questions (FAQ)

適用於: Azure SQL 受控執行個體

本文包含有關 AZURE SQL 受控執行個體的最常見問題。This article contains the most common questions about Azure SQL Managed Instance.

支援的功能Supported features

哪裡可以找到 SQL 受控執行個體所支援的功能清單?Where can I find a list of features supported on SQL Managed Instance?

如需 SQL 受控執行個體中支援的功能清單,請參閱 AZURE sql 受控執行個體功能For a list of supported features in SQL Managed Instance, see Azure SQL Managed Instance features.

如需 Azure SQL 受控執行個體和 SQL Server 之間的語法和行為差異,請參閱 SQL Server 的 t-sql 差異For differences in syntax and behavior between Azure SQL Managed Instance and SQL Server, see T-SQL differences from SQL Server.

技術規格、資源限制及其他限制Technical specification, resource limits and other limitations

哪裡可以找到 SQL 受控執行個體的技術特性和資源限制?Where can I find technical characteristics and resource limits for SQL Managed Instance?

如需可用的硬體產生特性,請參閱 硬體世代中的技術差異For available hardware generation characteristics, see Technical differences in hardware generations. 如需可用的服務層級及其特性,請參閱 服務層級之間的技術差異For available service tiers and their characteristics, see Technical differences between service tiers.

我有哪些服務層級符合資格?What service tier am I eligible for?

任何客戶都有資格享有任何服務層級。Any customer is eligible for any service tier. 但是,如果您想要在 Azure SQL 受控執行個體上使用 Azure Hybrid Benefit來交換您現有的授權以取得折扣優惠,請記住,使用軟體保證 SQL Server Enterprise edition 客戶符合 一般用途業務關鍵 效能層級的資格,以及 SQL Server Standard Edition 客戶(僅限使用軟體保證)符合一般用途效能層級。However, if you want to exchange your existing licenses for discounted rates on Azure SQL Managed Instance by using Azure Hybrid Benefit, bear in mind that SQL Server Enterprise Edition customers with Software Assurance are eligible for the General Purpose or Business Critical performance tiers and SQL Server Standard Edition customers with Software Assurance are eligible for the General Purpose performance tier only. 如需詳細資訊,請參閱 AHB 的特定許可權For more details, see Specific rights of the AHB.

SQL 受控執行個體支援哪些訂用帳戶類型?What subscription types are supported for SQL Managed Instance?

如需支援的訂用帳戶類型清單,請參閱 支援的訂用帳戶類型。For the list of supported subscription types, see Supported subscription types.

支援哪些 Azure 區域?Which Azure regions are supported?

您可以在大部分的 Azure 區域中建立受控實例;請參閱 SQL 受控執行個體的支援區域Managed instances can be created in most of the Azure regions; see Supported regions for SQL Managed Instance. 如果您在目前不支援的區域中需要受控實例,請透過 Azure 入口網站傳送支援要求If you need managed instance in a region that is currently not supported, send a support request via the Azure portal.

SQL 受控執行個體部署是否有任何配額限制?Are there any quota limitations for SQL Managed Instance deployments?

受控實例有兩個預設限制:您可以使用的子網數目限制,以及您可以布建的虛擬核心數目限制。Managed instance has two default limits: limit on the number of subnets you can use and a limit on the number of vCores you can provision. 各訂用帳戶類型和區域的限制各有不同。Limits vary across the subscription types and regions. 如需依訂用帳戶類型的區域資源限制清單,請參閱來自 區域資源限制的表格。For the list of regional resource limitations by subscription type, see table from Regional resource limitation. 這些是可隨需增加的軟限制。These are soft limits that can be increased on demand. 如果您需要在目前的區域中布建更多受控實例,請傳送支援要求以使用 Azure 入口網站增加配額。If you need to provision more managed instances in your current regions, send a support request to increase the quota using the Azure portal. 如需詳細資訊,請參閱 Azure SQL Database 的要求配額增加For more information, see Request quota increases for Azure SQL Database.

我是否可以依需求增加受管理的實例上的資料庫數目 (100) 限制?Can I increase the number of databases limit (100) on my managed instance on demand?

否,目前沒有任何已認可的計畫可增加 SQL 受控執行個體上的資料庫數目。No, and currently there are no committed plans to increase the number of databases on SQL Managed Instance.

如果我有超過8TB 的資料,可以在哪裡進行遷移?Where can I migrate if I have more than 8TB of data? 您可以考慮遷移至符合您工作負載的其他 Azure 風格: Azure SQL Database 超大規模azure 虛擬機器上的 SQL ServerYou can consider migrating to other Azure flavors that suit your workload: Azure SQL Database Hyperscale or SQL Server on Azure Virtual Machines.

如果我有特定的硬體需求(例如,較大的 RAM vCore 比例或更多 Cpu),我可以在哪裡進行遷移?Where can I migrate if I have specific hardware requirements such as larger RAM to vCore ratio or more CPUs? 您可以考慮遷移至 Azure 虛擬機器上的 SQL ServerAzure SQL Database 記憶體/cpu 優化。You can consider migrating to SQL Server on Azure Virtual Machines or Azure SQL Database memory/cpu optimized.

已知問題與瑕疵Known issues and defects

我可以在哪裡找到已知的問題和瑕疵?Where can I find known issues and defects?

如有產品瑕疵和已知問題,請參閱 已知問題For product defects and known issues, see Known issues.

新功能New features

我可以在哪裡找到最新的功能和公開預覽的功能?Where can I find latest features and the features in public preview?

如需新功能和預覽功能,請參閱 版本資訊。For new and preview features, see Release notes.

建立、更新、刪除或移動 SQL 受控執行個體Create, update, delete or move SQL Managed Instance

如何布建 SQL 受控執行個體?How can I provision SQL Managed Instance?

您可以從 Azure 入口網站PowerShellAzure CLIARM 範本布建實例。You can provision an instance from Azure portal, PowerShell, Azure CLI and ARM templates.

我可以在現有的訂用帳戶中布建受控實例嗎?Can I provision Managed Instances in an existing subscription?

是的,如果訂用帳戶屬於 支援的訂用帳戶類型,您就可以在現有的訂用帳戶中布建受控執行個體。Yes, you can provision a Managed Instance in an existing subscription if that subscription belongs to the Supported subscription types.

為什麼我無法在子網中布建名稱以數位開頭的受控執行個體?Why couldn’t I provision a Managed Instance in the subnet which name starts with a digit?

這是基礎元件目前的限制,可根據 RegEx ^ [a-zA-Z_] [^ \ / : * ? " <> | ` ' ^ ] * (? <! [ . 的子網名稱進行驗證\s] ) $。This is a current limitation on underlying component that verifies subnet name against the regex ^[a-zA-Z_][^\/:*?"<>|`'^]*(?<![.\s])$. 目前支援傳遞 RegEx 的所有名稱以及有效的子網名稱。All names that pass the regex and are valid subnet names are currently supported.

如何調整受控實例?How can I scale my managed instance?

您可以從 Azure 入口網站PowerShellAzure CLIARM 範本來調整受控實例。You can scale your managed instance from Azure portal, PowerShell, Azure CLI or ARM templates.

我可以將我的受控執行個體從一個區域移到另一個區域嗎?Can I move my Managed Instance from one region to another?

是,您可以。Yes, you can. 如需相關指示,請參閱 跨區域移動資源For instructions, see Move resources across regions.

如何刪除我的受控執行個體?How can I delete my Managed Instance?

您可以透過 Azure 入口網站、 PowerShellAZURE CLIResource Manager REST api來刪除受控實例。You can delete Managed Instances via Azure portal, PowerShell, Azure CLI or Resource Manager REST APIs.

建立或更新實例或還原資料庫需要花費多少時間?How much time does it take to create or update an instance, or to restore a database?

建立新的受控實例或變更服務層 (虛擬核心,儲存體) 的預期時間取決於數個因素。Expected time to create a new managed instance or to change service tiers (vCores, storage), depends on several factors. 請參閱 管理作業See Management operations.

命名規範Naming conventions

受控實例的名稱是否可以與 SQL Server 的內部部署實例相同?Can a managed instance have the same name as a SQL Server on-premises instance?

不支援變更受控實例名稱。Changing a managed instance name is not supported.

我可以變更 DNS 區域首碼嗎?Can I change DNS zone prefix?

是,受控執行個體預設的 DNS 區域 。 database.windows.net 可以變更。Yes, Managed Instance default DNS zone .database.windows.net can be changed.

若要使用另一個 DNS 區域,而不是預設值,例如, . contoso.comTo use another DNS zone instead of the default, for example, .contoso.com:

  • 使用 CliConfig 來定義別名。Use CliConfig to define an alias. 此工具只是一個登錄設定包裝函式,因此也可以使用群組原則或腳本來完成。The tool is just a registry settings wrapper, so it can be done using group policy or a script as well.
  • 使用 CNAME 搭配 TrustServerCertificate = true 選項。Use CNAME with the TrustServerCertificate=true option.

移轉選項Migration options

如何從 Azure SQL Database 單一或彈性集區遷移至 SQL 受控執行個體?How can I migrate from Azure SQL Database single or elastic pool to SQL Managed Instance?

受控實例提供每個計算和儲存體大小相同的效能等級,作為 Azure SQL Database 的其他部署選項。Managed instance offers the same performance levels per compute and storage size as other deployment options of Azure SQL Database. 如果您想要合併單一實例上的資料,或只需要受控實例中所支援的功能,您可以使用匯出/匯入 (BACPAC) 功能來遷移資料。If you want to consolidate data on a single instance, or you simply need a feature supported exclusively in managed instance, you can migrate your data by using export/import (BACPAC) functionality. 以下是考慮將 SQL Database 遷移至 SQL 受控執行個體的其他方法:Here are other ways to consider for SQL Database migration to SQL Managed Instance:

如何將我的實例資料庫移轉至單一 Azure SQL Database?How can I migrate my instance database to a single Azure SQL Database?

其中一個選項是將 資料庫匯出至 bacpac ,然後匯 入 bacpac檔案。One option is to export a database to BACPAC and then import the BACPAC file. 如果您的資料庫小於 100 GB,這是建議的方法。This is the recommended approach if your database is smaller than 100 GB.

如果資料庫中的所有資料表都有 主鍵,而且資料庫中沒有任何記憶體內部 OLTP 物件,則可以使用 異動複寫Transactional replication can be used if all tables in the database have primary keys and there are no In-memory OLTP objects in the database.

從受控實例取得的原生 COPY_ONLY 備份無法還原到 SQL Server,因為相較于 SQL Server,受控實例具有較高的資料庫版本。Native COPY_ONLY backups taken from managed instance cannot be restored to SQL Server because managed instance has a higher database version compared to SQL Server. 如需詳細資訊,請參閱 僅複本備份For more details, see Copy-only backup.

如何將 SQL Server 實例遷移至 SQL 受控執行個體?How can I migrate my SQL Server instance to SQL Managed Instance?

若要遷移您的 SQL Server 實例,請參閱 SQL Server 實例遷移至 AZURE SQL 受控執行個體To migrate your SQL Server instance, see SQL Server instance migration to Azure SQL Managed Instance.

如何從其他平臺遷移至 SQL 受控執行個體?How can I migrate from other platforms to SQL Managed Instance?

如需從其他平台移轉的移轉資訊,請參閱 Azure 資料庫移轉指南 (英文)。For migration information about migrating from other platforms, see Azure Database Migration Guide.

交換器硬體世代Switch hardware generation

我可以在 Gen 4 和 Gen 5 之間,切換受控實例硬體世代嗎?Can I switch my managed instance hardware generation between Gen 4 and Gen 5 online?

如果您的受控實例布建所在的區域中有第5代硬體,就可以從第4代自動線上切換至第5代。Automated online switching from Gen4 to Gen5 is possible if Gen5 hardware is available in the region where your managed instance is provisioned. 在此情況下,您可以檢查 vCore 模型的總覽頁面 ,其中說明如何在硬體世代之間切換。In this case, you can check vCore model overview page explaining how to switch between hardware generations.

這是長時間執行的作業,因為系統會在背景中布建新的受控實例,並在程式結束時自動容錯移轉,在新的實例之間自動傳送資料庫。This is a long-running operation as a new managed instance will be provisioned in the background and databases automatically transferred between the old and new instance with a quick failover at the end of the process.

注意:第4代硬體即將推出,且不再適用于新的部署。Note: Gen4 hardware is being phased out and is no longer available for new deployments. 所有新的資料庫都必須部署在第5代硬體上。All new databases must be deployed on Gen5 hardware. 也無法使用從第5代切換至第4代。Switching from Gen5 to Gen4 is also not available.

效能Performance

如何比較受控執行個體效能與 SQL Server 效能?How can I compare Managed Instance performance to SQL Server performance?

如需受控實例與 SQL Server 之間的效能比較,最好的起點是 AZURE SQL 受控實例與 SQL Server 文章之間效能比較的最佳做法For a performance comparison between managed instance and SQL Server, a good starting point is Best practices for performance comparison between Azure SQL managed instance and SQL Server article.

什麼會導致受控執行個體與 SQL Server 之間的效能差異?What causes performance differences between Managed Instance and SQL Server?

查看 SQL 受控實例與 SQL Server 之間效能差異的主要原因See Key causes of performance differences between SQL managed instance and SQL Server. 如需有關一般用途受控執行個體效能之記錄檔大小影響的詳細資訊,請參閱 一般用途之記錄檔大小的影響For more information about the log file size impact on General Purpose Managed Instance performance , see Impact of log file size on General Purpose.

如何? 調整受控實例的效能?How do I tune performance of my managed instance?

您可以透過下列方式將受控實例的效能優化:You can optimize the performance of your managed instance by:

  • 自動調整 可透過以 AI 和機器學習為基礎的持續效能調整,來提供尖峰效能和穩定的工作負載。Automatic tuning that provides peak performance and stable workloads through continuous performance tuning based on AI and machine learning.
  • 記憶體內部 OLTP 可改善交易處理工作負載的輸送量和延遲,並提供更快速的商業見解。In-memory OLTP that improves throughput and latency on transactional processing workloads and delivers faster business insights.

若要更進一步地調整效能,請考慮套用 應用程式和資料庫調整的一些 最佳作法To tune the performance even further, consider applying some of the best practices for Application and database tuning. 如果您的工作負載是由許多小型交易所組成,請考慮將連線 類型從 proxy 切換至重新導向模式 ,以降低延遲和提高輸送量。If your workload consists of lots of small transactions, consider switching the connection type from proxy to redirect mode for lower latency and higher throughput.

監視、計量和警示Monitoring, Metrics and Alerts

監視及警示受控實例的選項有哪些?What are the options for monitoring and alerting for my managed instance?

如需監視 SQL 受控執行個體耗用量和效能警示的所有可能選項,請參閱 AZURE sql 受控執行個體監視選項的 blog 文章For all possible options to monitor and alert on SQL Managed Instance consumption and performance, see Azure SQL Managed Instance monitoring options blog post. 如需 SQL MI 的即時效能監視,請參閱 AZURE SQL DB 受控執行個體的即時效能監視For the real-time performance monitoring for SQL MI, see Real-time performance monitoring for Azure SQL DB Managed Instance.

是否可以使用 SQL Profiler 進行效能追蹤?Can I use SQL Profiler for performance tracking?

是,支援 SQL Profiler 或 SQL 受控執行個體。Yes, SQL Profiler is supported or SQL Managed Instance. 如需詳細資訊,請參閱 SQL ProfilerFor more details, see SQL Profiler.

受控執行個體資料庫 Database Advisor 和查詢效能深入解析支援嗎?Are Database Advisor and Query Performance Insight supported for Managed Instance databases?

否,不支援它們。No, they are not supported. 您可以使用 dmv查詢存放區 搭配 SQL ProfilerXEvents 來監視您的資料庫。You can use DMVs and Query Store together with SQL Profiler and XEvents to monitor your databases.

我可以在 SQL 受控執行個體上建立計量警示嗎?Can I create metric alerts on SQL Managed Instance?

是。Yes. 如需相關指示,請參閱 建立 SQL 受控執行個體的警示For instructions, see Create alerts for SQL Managed Instance.

是否可以在受控實例中的資料庫上建立計量警示?Can I create metric alerts on a database in managed instance?

您無法,警示計量僅適用于受控實例。You cannot, alerting metrics are available for managed instance only. 無法使用受控實例中個別資料庫的警示計量。Alerting metrics for individual databases in managed instance are not available.

儲存體大小Storage size

SQL 受控執行個體的最大儲存體大小為何?What is the maximum storage size for SQL Managed Instance?

SQL 受控執行個體的儲存體大小取決於所選服務層級 (一般用途或業務關鍵) 。Storage size for SQL Managed Instance depends on the selected service tier (General Purpose or Business Critical). 如需這些服務層的儲存體限制,請參閱 服務層特性For storage limitations of these service tiers, see Service tier characteristics.

受控實例可用的儲存體大小下限為何?What is the minimum storage size available for a managed instance?

實例中可用的最小儲存體數量為 32 GB。The minimum amount of storage available in an instance is 32 GB. 儲存體可以增加至最大儲存體大小的 32 GB。Storage can be added in increments of 32 GB up to the maximum storage size. 第一個32GB 是免費的。First 32GB are free of charge.

是否可以將指派給實例的儲存空間與計算資源分開增加?Can I increase storage space assigned to an instance, independently from compute resources?

是的,您可以從計算中獨立購買附加元件儲存區。Yes, you can purchase add-on storage, independently from compute, to some extent. 請參閱 資料表中的 最大實例保留儲存體See Max instance reserved storage in the Table.

如何優化一般用途服務層級的儲存體效能?How can I optimize my storage performance in General Purpose service tier?

若要將儲存體效能優化,請參閱 一般用途的儲存體最佳做法To optimize storage performance, see Storage best practices in General Purpose.

備份與還原Backup and restore

備份儲存體是否會從我的受控實例儲存體中扣除?Is the backup storage deducted from my managed instance storage?

否,備份儲存體不會從您的受控實例儲存空間中扣除。No, backup storage is not deducted from your managed instance storage space. 備份儲存體與實例儲存空間無關,而且大小不限。The backup storage is independent from the instance storage space and it is not limited in size. 備份儲存體會受限於保留實例資料庫備份的時間週期,最多可設定為35天。Backup storage is limited by the time period to retain the backup of your instance databases, configurable up to 35 days. 如需詳細資訊,請參閱 自動備份For details, see Automated backups.

如何查看我的受控實例上自動備份的時間?How can I see when automated backups are made on my managed instance?

若要追蹤在受控執行個體上執行自動備份的時間,請參閱 如何追蹤 AZURE SQL 受控執行個體的自動備份To track when automated backups have been performed on Managed Instance, see How to track the automated backup for an Azure SQL Managed Instance.

是否支援隨選備份?Is on-demand backup supported?

是的,您可以在 Azure Blob 儲存體中建立僅限複製的完整備份,但它只能在受控執行個體中還原。Yes, you can create a copy-only full backup in their Azure Blob Storage, but it will only be restorable in Managed Instance. 如需詳細資訊,請參閱 僅複本備份For details, see Copy-only backup. 但是,如果資料庫因為加密所用的憑證無法存取,而由服務管理的 TDE 加密,就不可能只複本備份。However, copy-only backup is impossible if the database is encrypted by service-managed TDE since the certificate used for encryption is inaccessible. 在這種情況下,請使用時間點還原功能將資料庫移至另一個 SQL 受控執行個體,或切換至客戶管理的金鑰。In such case, use point-in-time-restore feature to move the database to another SQL Managed Instance, or switch to customer-managed key.

原生還原 (從 .bak 檔案) 至受控執行個體支援嗎?Is native restore (from .bak files) to Managed Instance supported?

是的,SQL Server 2005 + 版本支援和提供。Yes, it is supported and available for SQL Server 2005+ versions. 若要使用原生還原,請將 .bak 檔案上傳至 Azure blob 儲存體,並執行 T-sql 命令。To use native restore, upload your .bak file to Azure blob storage and execute T-SQL commands. 如需詳細資訊,請參閱 從 URL 原生還原For more details, see Native restore from URL.

業務持續性Business continuity

我的系統資料庫是否已複寫至容錯移轉群組中的次要實例?Are my system databases replicated to the secondary instance in a failover group?

系統資料庫不會複寫至容錯移轉群組中的次要實例。System databases are not replicated to the secondary instance in a failover group. 因此,除非在次要資料庫上以手動方式建立物件,否則不可能在次要實例上相依于系統資料庫中物件的案例。Therefore, scenarios that depend on objects from the system databases will be impossible on the secondary instance unless the objects are manually created on the secondary. 如需因應措施,請參閱 從系統資料庫啟用相依于物件的案例For workaround, see Enable scenarios dependent on the object from the system databases.

網路需求Networking requirements

受控執行個體子網上目前的輸入/輸出 NSG 條件約束為何?What are the current inbound/outbound NSG constraints on the Managed Instance subnet?

必要的 NSG 和 UDR 規則記載于 此處,並且由服務自動設定。The required NSG and UDR rules are documented here, and automatically set by the service. 請記住,這些規則只是維護服務所需的規則。Please keep in mind that these rules are just the ones we need for maintaining the service. 若要連線到受控實例並使用不同的功能,您必須設定您需要維護的額外功能特定規則。To connect to managed instance and use different features you will need to set additional, feature specific rules, that you need to maintain.

如何設定管理埠的輸入 NSG 規則?How can I set inbound NSG rules on management ports?

SQL 受控執行個體負責設定管理埠的規則。SQL Managed Instance is responsible for setting rules on management ports. 這是透過名為 服務輔助子網設定的功能來達成。This is achieved through functionality named service-aided subnet configuration. 這是為了確保管理流量不中斷的流程,以履行 SLA。This is to ensure uninterrupted flow of management traffic in order to fulfill an SLA.

我可以取得用於輸入管理流量的來源 IP 範圍嗎?Can I get the source IP ranges that are used for the inbound management traffic?

是。Yes. 您可以藉由設定網路監看員 流量記錄,來分析通過網路安全性群組的流量。You could analyze traffic coming through your networks security group by configuring Network Watcher flow logs.

我可以設定 NSG 來控制對資料端點的存取 (埠 1433) 嗎?Can I set NSG to control access to the data endpoint (port 1433)?

是。Yes. 布建受控執行個體之後,您可以設定 NSG 來控制埠1433的輸入存取。After a Managed Instance is provisioned you can set NSG that controls inbound access to the port 1433. 建議您盡可能將 IP 範圍縮小。It is advised to narrow its IP range as much as possible.

是否可以設定 NVA 或內部部署防火牆,以根據 Fqdn 篩選輸出管理流量?Can I set the NVA or on-premises firewall to filter the outbound management traffic based on FQDNs?

不會。No. 這種情況不受支援,原因如下:This is not supported for several reasons:

  • 代表回應輸入管理要求的路由傳送流量是非對稱的,且無法運作。Routing traffic that represent response to inbound management request would be asymmetric and could not work.
  • 路由傳送至儲存體的流量會受到輸送量限制和延遲的影響,如此一來,我們就無法提供預期的服務品質和可用性。Routing traffic that goes to storage would be affected by throughput constraints and latency so this way we won’t be able to provide expected service quality and availability.
  • 根據經驗,這些設定容易出錯,也不支援。Based on experience, these configurations are error prone and not supportable.

我可以針對輸出非管理流量設定 NVA 或防火牆嗎?Can I set the NVA or firewall for the outbound non-management traffic?

是。Yes. 達成此目的的最簡單方式是將0/0 規則新增至與受控實例子網相關聯的 UDR,以透過 NVA 路由傳送流量。The simplest way to achieve this is to add 0/0 rule to a UDR associated with managed instance subnet to route traffic through NVA.

受控執行個體需要多少個 IP 位址?How many IP addresses do I need for a Managed Instance?

子網必須有足夠的可用 IP 位址數目。Subnet must have sufficient number of available IP addresses. 若要判斷 SQL 受控執行個體的 VNet 子網大小,請參閱 判斷受控執行個體所需的子網大小與範圍To determine VNet subnet size for SQL Managed Instance, see Determine required subnet size and range for Managed Instance.

如果沒有足夠的 IP 位址可執行實例更新作業,該怎麼辦?What if there are not enough IP addresses for performing instance update operation?

如果您的受控實例布建所在的子網中沒有足夠的 IP 位址 ,您就必須在其中建立新的子網和新的受控實例。In case there are not enough IP addresses in the subnet where your managed instance is provisioned, you will have to create a new subnet and a new managed instance inside it. 此外也建議您建立配置更多 IP 位址的新子網路,以免日後的更新作業又碰到類似情況。We also suggest that the new subnet is created with more IP addresses allocated so future update operations will avoid similar situations. 布建新的實例之後,您可以在舊的和新的實例之間手動備份和還原資料,或執行跨實例的 時間點還原After the new instance is provisioned, you can manually back up and restore data between the old and new instances or perform cross-instance point-in-time restore.

需要空白的子網才能建立受控執行個體嗎?Do I need an empty subnet to create a Managed Instance?

不會。No. 您可以使用空的子網或已包含受控執行個體 (s) 的子網。You can use either an empty subnet or a subnet that already contains Managed Instance(s).

我可以變更子網位址範圍嗎?Can I change the subnet address range?

如果內有受控實例,則不是。Not if there are Managed Instances inside. 這是 Azure 網路基礎結構的限制。This is an Azure networking infrastructure limitation. 您只允許 將其他位址空間新增至空白子網You are only allowed to add additional address space to an empty subnet.

我可以將受控實例移至另一個子網嗎?Can I move my managed instance to another subnet?

不會。No. 這是目前的受控執行個體設計限制。This is a current Managed Instance design limitation. 不過,您可以在另一個子網中布建新的實例,並在舊的和新的實例之間手動備份和還原資料,或執行跨實例的 時間點還原However, you can provision a new instance in another subnet and manually back up and restore data between the old and the new instance or perform cross-instance point-in-time restore.

是否需要空的虛擬網路來建立受控執行個體?Do I need an empty virtual network to create a Managed Instance?

這不是必要項。This is not required. 您可以 建立 AZURE sql 受控執行個體的虛擬網路 ,或 設定 azure sql 受控執行個體的現有虛擬網路You can either Create a virtual network for Azure SQL Managed Instance or Configure an existing virtual network for Azure SQL Managed Instance.

我可以使用子網中的其他服務來放置受控執行個體嗎?Can I place a Managed Instance with other services in a subnet?

不會。No. 我們目前不支援將受控執行個體放在已包含其他資源類型的子網中。Currently we do not support placing Managed Instance in a subnet that already contains other resource types.

連線能力Connectivity

我可以使用 IP 位址連線到受控實例嗎?Can I connect to my managed instance using IP address?

不行,不支援此方式。No, this is not supported. 受控執行個體的主機名稱會對應至受控執行個體的虛擬叢集前方的負載平衡器。A Managed Instance's host name maps to the load balancer in front of the Managed Instance's virtual cluster. 因為一個虛擬叢集可以裝載多個受控實例,所以無法將連接路由至適當的受控執行個體,而不需要指定其名稱。As one virtual cluster can host multiple Managed Instances, a connection cannot be routed to the proper Managed Instance without specifying its name. 如需 SQL 受控執行個體虛擬叢集架構的詳細資訊,請參閱 虛擬叢集連線架構For more information on SQL Managed Instance virtual cluster architecture, see Virtual cluster connectivity architecture.

我的受控實例可以有靜態 IP 位址嗎?Can my managed instance have a static IP address?

目前不支援。This is currently not supported.

在罕見但必要的情況下,我們可能需要線上將受控實例遷移至新的虛擬叢集。In rare but necessary situations, we might need to do an online migration of a managed instance to a new virtual cluster. 如有需要,這是因為我們的技術堆疊中有變更,目的是要改善服務的安全性和可靠性。If needed, this migration is because of changes in our technology stack aimed to improve security and reliability of the service. 遷移至新的虛擬叢集會導致變更對應至受控實例主機名稱的 IP 位址。Migrating to a new virtual cluster results in changing the IP address that is mapped to the managed instance host name. 受控實例服務不會宣告靜態 IP 位址支援,並且保留在正常維護週期中不另行通知的情況下變更它的權利。The managed instance service doesn't claim static IP address support and reserves the right to change it without notice as a part of regular maintenance cycles.

基於這個理由,我們強烈建議您不要依賴 IP 位址的永久性,因為這可能會導致不必要的停機時間。For this reason, we strongly discourage relying on immutability of the IP address as it could cause unnecessary downtime.

受控執行個體是否有公用端點?Does Managed Instance have a public endpoint?

是。Yes. 受控執行個體具有僅用於服務管理的公用端點,但客戶也可將其啟用以進行資料存取。Managed Instance has a public endpoint that is by default used only for Service Management, but a customer may enable it for data access as well. 如需詳細資訊,請參閱搭配 使用 SQL 受控執行個體與公用端點For more details, see Use SQL Managed Instance with public endpoints. 若要設定公用端點,請移至 在 SQL 受控執行個體中設定公用端點To configure public endpoint, go to Configure public endpoint in SQL Managed Instance.

受控執行個體如何控制對公用端點的存取?How does Managed Instance control access to the public endpoint?

受控執行個體可控制在網路和應用層級的公用端點存取權。Managed Instance controls access to the public endpoint at both the network and application level.

管理和部署服務會使用對應到外部負載平衡器的 管理端點 來連線到受控實例。Management and deployment services connect to a managed instance by using a management endpoint that maps to an external load balancer. 只有在一組預先定義的埠(僅限受控實例的管理元件使用)接收到節點時,流量才會路由傳送至節點。Traffic is routed to the nodes only if it's received on a predefined set of ports that only the managed instance's management components use. 節點上的內建防火牆設定為只允許來自 Microsoft IP 範圍的流量。A built-in firewall on the nodes is set up to allow traffic only from Microsoft IP ranges. 憑證會相互驗證管理元件與管理平面之間的所有通訊。Certificates mutually authenticate all communication between management components and the management plane. 如需詳細資訊,請參閱 SQL 受控執行個體的連接架構For more details, see Connectivity architecture for SQL Managed Instance.

我可以使用公用端點來存取受控執行個體資料庫中的資料嗎?Could I use the public endpoint to access the data in Managed Instance databases?

是。Yes. 客戶必須啟用Azure 入口網站 / PowerShell /ARM 的公用端點資料存取,並將 NSG 設定為鎖定資料埠的存取, (埠號碼 3342) 。The customer will need to enable public endpoint data access from Azure portal / PowerShell / ARM and configure NSG to lock down access to the data port (port number 3342). 如需詳細資訊,請參閱 在 AZURE sql 受控執行個體中設定公用端點 ,並 使用公用端點安全地使用 Azure sql 受控執行個體For more information, see Configure public endpoint in Azure SQL Managed Instance and Use Azure SQL Managed Instance securely with public endpoint.

我可以為 SQL 資料端點 () 指定自訂埠嗎?Can I specify a custom port for SQL data endpoint(s)?

否,無法使用此選項。No, this option is not available. 針對私用資料端點,受控執行個體使用預設通訊埠編號1433和公用資料端點,受控執行個體使用預設的埠號碼3342。For private data endpoint, Managed Instance uses default port number 1433 and for public data endpoint, Managed Instance uses default port number 3342.

將受管理的實例連接到位於不同區域的建議方式為何?What is the recommended way to connect Managed Instances placed in different regions?

Express Route 線路對等互連是最好的做法。Express Route circuit peering is the preferred way to do that. 支援全域虛擬網路對等互連,但有下列注意事項中所述的限制。Global virtual network peering is supported with the limitation described in the note below.

重要

在9/22/2020 上,我們為新建立的虛擬叢集宣佈了全域虛擬網路對等互連On 9/22/2020 we announced global virtual network peering for newly created virtual clusters. 這表示在公告日期之後于空白子網中建立的 SQL 受控實例,以及這些子網中建立的所有後續受控實例,都支援全域虛擬網路對等互連。That means that global virtual network peering is supported for SQL Managed Instances created in empty subnets after the announcement date, as well for all the subsequent managed instances created in those subnets. 針對所有其他 SQL 受控實例對等互連支援,受限於相同區域中的網路,原因是 全域虛擬網路對等互連的限制For all the other SQL Managed Instances peering support is limited to the networks in the same region due to the constraints of global virtual network peering. 另請參閱 Azure 虛擬網路常見問題 文章中的相關章節,以取得詳細資料。See also the relevant section of the Azure Virtual Networks frequently asked questions article for more details.

如果不可能有 Express Route 線路對等互連和全域虛擬網路對等互連,唯一的選項是建立站對站 VPN 連線 (Azure 入口網站PowerShell Azure CLI) 。If Express Route circuit peering and global virtual network peering is not possible, the only other option is to create Site-to-Site VPN connection (Azure portal, PowerShell, Azure CLI).

緩和資料遭到外泄風險Mitigate data exfiltration risks

如何緩和資料遭到外泄風險?How can I mitigate data exfiltration risks?

若要減輕任何資料遭到外泄風險,建議客戶套用一組安全性設定和控制項:To mitigate any data exfiltration risks, customers are recommended to apply a set of security settings and controls:

  • 開啟所有資料庫上的 透明資料加密 (TDE) Turn on Transparent Data Encryption (TDE) on all databases.
  • 關閉 Common Language Runtime (CLR) 。Turn off Common Language Runtime (CLR). 這也是內部部署的建議做法。This is recommended on-premises as well.
  • 使用 Azure Active Directory (Azure AD) 驗證。Use Azure Active Directory (Azure AD) authentication only.
  • 使用低許可權 DBA 帳戶存取實例。Access the instance with a low-privileged DBA account.
  • 設定系統管理員(sysadmin)帳戶的 JIT jumpbox 存取權。Configure JIT jumpbox access for the sysadmin account.
  • 開啟 SQL 審核,並將其與警示機制整合。Turn on SQL auditing, and integrate it with alerting mechanisms.
  • Azure Defender FOR SQL Suite 開啟威脅偵測Turn on Threat Detection from the Azure Defender for SQL suite.

DNSDNS

我可以為 SQL 受控執行個體設定自訂 DNS 嗎?Can I configure a custom DNS for SQL Managed Instance?

是。Yes. 請參閱 如何設定 AZURE SQL 受控執行個體的自訂 DNSSee How to configure a Custom DNS for Azure SQL Managed Instance.

我可以進行 DNS 重新整理嗎?Can I do DNS refresh?

是。Yes. 請參閱 SQL 受控執行個體虛擬叢集上的同步處理虛擬網路 DNS 伺服器設定See Synchronize virtual network DNS servers setting on SQL Managed Instance virtual cluster.

變更時區Change time zone

我可以變更現有受控實例的時區嗎?Can I change the time zone for an existing managed instance?

您可以在第一次布建受控實例時設定時區設定。Time zone configuration can be set when a managed instance is provisioned for the first time. 不支援變更現有受控實例的時區。Changing the time zone of an existing managed instance isn't supported. 如需詳細資訊,請參閱 時區限制For details, see Time zone limitations.

因應措施包括以適當的時區建立新的受控實例,然後執行手動備份和還原,或建議執行 跨實例的時間點還原Workarounds include creating a new managed instance with the proper time zone and then either performing a manual backup and restore, or what we recommend, performing a cross-instance point-in-time restore.

安全性和資料庫加密Security and database encryption

SQL 受控執行個體是否有系統管理員(sysadmin)伺服器角色?Is the sysadmin server role available for SQL Managed Instance?

是,客戶可以建立屬於系統管理員(sysadmin)角色成員的登入。Yes, customers can create logins that are members of the sysadmin role. 採用系統管理員(sysadmin)許可權的客戶也會擔任操作實例的責任,這可能會對 SLA 承諾造成負面影響。Customers who assume the sysadmin privilege are also assuming responsibility for operating the instance, which can negatively impact the SLA commitment. 若要將登入加入至系統管理員(sysadmin)伺服器角色,請參閱 Azure AD authenticationTo add login to sysadmin server role, see Azure AD authentication.

SQL 受控執行個體支援透明資料加密嗎?Is Transparent Data Encryption supported for SQL Managed Instance?

是,SQL 受控執行個體支援透明資料加密。Yes, Transparent Data Encryption is supported for SQL Managed Instance. 如需詳細資訊,請參閱 SQL 受控執行個體的透明資料加密For details, see Transparent Data Encryption for SQL Managed Instance.

我可以利用「攜帶您自己的金鑰」模型來進行 TDE 嗎?Can I leverage the “bring your own key” model for TDE?

是,適用于 BYOK 的 Azure Key Vault 案例適用于 Azure SQL 受控執行個體。Yes, Azure Key Vault for BYOK scenario is available for Azure SQL Managed Instance. 如需詳細資訊,請參閱 透明資料加密與客戶管理的金鑰For details, see Transparent Data Encryption with customer-managed key.

我可以遷移加密的 SQL Server 資料庫嗎?Can I migrate an encrypted SQL Server database?

是,您可以。Yes, you can. 若要遷移加密的 SQL Server 資料庫,您必須將現有的憑證匯出並匯入受控執行個體,然後取得完整的資料庫備份,然後在受控執行個體中加以還原。To migrate an encrypted SQL Server database, you need to export and import your existing certificates into Managed Instance, then take a full database backup and restore it in Managed Instance.

您也可以使用 Azure 資料庫移轉服務 來遷移 TDE 的加密資料庫。You can also use Azure Database Migration Service to migrate the TDE encrypted databases.

如何為 SQL 受控執行個體設定 TDE 保護裝置旋轉?How can I configure TDE protector rotation for SQL Managed Instance?

您可以使用 Azure Cloud Shell 來輪替受控執行個體的 TDE 保護裝置。You can rotate TDE protector for Managed Instance using Azure Cloud Shell. 如需相關指示,請參閱 SQL 受控執行個體中的透明資料加密從 Azure Key Vault 使用您自己的金鑰For instructions, see Transparent Data Encryption in SQL Managed Instance using your own key from Azure Key Vault.

我可以將加密的資料庫還原到 SQL 受控執行個體嗎?Can I restore my encrypted database to SQL Managed Instance?

是,您不需要將資料庫解密以將其還原至 SQL 受控執行個體。Yes, you don't need to decrypt your database to restore it to SQL Managed Instance. 您必須提供憑證/金鑰,作為來源系統上的加密金鑰保護裝置,以供 SQL 受控執行個體,以便從加密的備份檔案讀取資料。You do need to provide a certificate/key used as the encryption key protector on the source system to SQL Managed Instance to be able to read data from the encrypted backup file. 要執行此動作有兩個可行的方式:There are two possible ways to do it:

  • 將憑證保護裝置上傳至 SQL 受控執行個體Upload certificate-protector to SQL Managed Instance. 您只能使用 PowerShell 來完成此操作。It can be done using PowerShell only. 範例腳本會描述整個進程。The sample script describes the whole process.
  • 非對稱金鑰保護裝置上傳至 Azure Key Vault,並將 SQL 受控執行個體指向其中Upload asymmetric key-protector to Azure Key Vault and point SQL Managed Instance to it. 這種方法類似「攜帶您自己的金鑰」 (BYOK) TDE 使用案例,也會使用 Key Vault 整合來儲存加密金鑰。This approach resembles bring-your-own-key (BYOK) TDE use case that also uses Key Vault integration to store the encryption key. 如果您不想要使用金鑰做為加密金鑰保護裝置,而且只想要讓 SQL 受控執行個體可將加密的資料庫還原 () ,請遵循 設定 BYOK TDE的指示,而不要勾選核取方塊將 選取的金鑰設為預設 TDE 保護 裝置。If you don't want to use the key as an encryption key protector, and just want to make the key available for SQL Managed Instance to restore encrypted database(s), follow instructions for setting up BYOK TDE, and don’t check the checkbox Make the selected key the default TDE protector.

一旦您將加密保護裝置提供給 SQL 受控執行個體,就可以繼續進行標準的資料庫還原程式。Once you make the encryption protector available to SQL Managed Instance, you can proceed with the standard database restore procedure.

購買模型和權益Purchasing models and benefits

哪些購買模型適用于 SQL 受控執行個體?What purchasing models are available for SQL Managed Instance?

SQL 受控執行個體提供以 vCore 為基礎的購買模型SQL Managed Instance offers vCore-based purchasing model.

SQL 受控執行個體有哪些成本效益?What cost benefits are available for SQL Managed Instance?

您可以透過下列方式,利用 Azure SQL 權益來節省成本:You can save costs with the Azure SQL benefits in the following ways:

  • 將內部部署授權的現有投資最大化,並透過 Azure Hybrid Benefit省下最多55% 的費用。Maximize existing investments in on-premises licenses and save up to 55 percent with Azure Hybrid Benefit.
  • 認可至計算資源的保留,並省下高達33% 的 保留實例權益Commit to a reservation for compute resources and save up to 33 percent with Reserved Instance Benefit. 結合此項與 Azure 混合式權益,可節省高達82% 的費用。Combine this with Azure Hybrid benefit for savings up to 82 percent.
  • 利用 Azure 開發/測試定價權益 ,為持續進行的開發和測試工作負載提供折扣費率,最多可省下55% 的費用與標價。Save up to 55 percent versus list prices with Azure Dev/Test Pricing Benefit that offers discounted rates for your ongoing development and testing workloads.

誰有資格獲得保留實例權益?Who is eligible for Reserved Instance benefit?

若要符合保留實例權益的資格,您的訂用帳戶類型必須是 enterprise 合約 (供應專案號碼: MS-AZR-0003P->ms-azr-0017p 或 MS-AZR-0003P-Ms-azr-0148p) 或具有隨用隨付定價的個別合約 (供應專案號碼: MS-MS-AZR-0003P-Ms-azr-0003p 或 MS-MS-AZR-0003P-Ms-azr-0023p) 。To be eligible for reserved Instance benefit, your subscription type must be an enterprise agreement (offer numbers: MS-AZR-0017P or MS-AZR-0148P) or an individual agreement with pay-as-you-go pricing (offer numbers: MS-AZR-0003P or MS-AZR-0023P). 如需有關保留的詳細資訊,請參閱 保留實例權益For more information about reservations, see Reserved Instance Benefit.

可以取消、交換或退款保留嗎?Is it possible to cancel, exchange or refund reservations?

您可以取消、交換或退款保留,但有某些限制。You can cancel, exchange or refund reservations with certain limitations. 如需詳細資訊,請參閱 Azure 保留的自助式交換和退費For more information, see Self-service exchanges and refunds for Azure Reservations.

受控執行個體和備份儲存體的計費Billing for Managed Instance and backup storage

SQL 受控執行個體定價選項有哪些?What are the SQL Managed Instance pricing options?

若要探索受控執行個體定價選項,請參閱 定價頁面To explore Managed Instance pricing options, see Pricing page.

如何追蹤受控實例的計費成本?How can I track billing cost for my managed instance?

您可以使用 Azure 成本管理解決方案來這麼做。You can do so using the Azure Cost Management solution. 流覽至 Azure 入口網站中的 [訂用帳戶 ],然後 選取 [成本分析]。Navigate to Subscriptions in the Azure portal and select Cost Analysis.

使用 [ 累積成本 ] 選項,然後依 資源類型 篩選為 microsoft.sql/managedinstancesUse the Accumulated costs option and then filter by the Resource type as microsoft.sql/managedinstances.

自動備份需要多少費用?How much automated backups cost?

無論備份保留期限設定為何,您都可以取得相同數量的可用備份儲存空間作為所購買的保留資料儲存空間。You get the equal amount of free backup storage space as the reserved data storage space purchased, regardless of the backup retention period set. 如果您的備份儲存體耗用量是在配置的免費備份儲存空間內,則受控實例上的自動備份將不會有額外的費用,因此將免費。If your backup storage consumption is within the allocated free backup storage space, automated backups on managed instance will have no additional cost for you, therefore will be free of charge. 超過可用空間以上的備份儲存體時,將會產生大約每 GB 每月 $0.20-$0.24 的成本,或參閱定價頁面以取得您區域的詳細資料。Exceeding the use of backup storage above the free space will result in costs of about $0.20 - $0.24 per GB/month in US regions, or see the pricing page for details for your region. 如需詳細資訊,請參閱 說明的備份儲存體耗用量For more details, see Backup storage consumption explained.

如何監視備份儲存體耗用量的計費成本?How can I monitor billing cost for my backup storage consumption?

您可以透過 Azure 入口網站監視備份儲存體的成本。You can monitor cost for backup storage via Azure portal. 如需相關指示,請參閱 監視自動備份的成本For instructions, see Monitor costs for automated backups.

如何將受控實例上的備份儲存體成本優化?How can I optimize my backup storage costs on the managed instance?

若要將您的備份儲存體成本優化,請參閱 SQL 受控執行個體的微調備份微調。To optimize your backup storage costs, see Fine backup tuning on SQL Managed Instance.

節省成本的使用案例Cost-saving use cases

哪裡可以找到使用案例,並利用 SQL 受控執行個體節省成本?Where can I find use cases and resulting cost savings with SQL Managed Instance?

SQL 受控執行個體案例研究:SQL Managed Instance case studies:

若要深入瞭解部署 Azure SQL 受控執行個體的相關優點、成本和風險,還有一項 Forrester 研究: Microsoft Azure SQL Database 受控執行個體的整體經濟影響To get a better understanding of the benefits, costs, and risks associated with deploying Azure SQL Managed Instance, there's also a Forrester study: The Total Economic Impact of Microsoft Azure SQL Database Managed Instance.

密碼原則Password policy

適用于 SQL 受控執行個體 SQL 登入的密碼原則為何?What password policies are applied for SQL Managed Instance SQL logins?

Sql 登入的 SQL 受控執行個體密碼原則會繼承 Azure 平臺原則,這些原則會套用至構成受控實例之虛擬叢集的 Vm。SQL Managed Instance password policy for SQL logins inherits Azure platform policies that are applied to the VMs forming virtual cluster holding the managed instance. 目前無法變更這些設定中的任何一項,因為這些設定是由 Azure 所定義,且受受控實例繼承。At the moment it is not possible to change any of these settings as these settings are defined by Azure and inherited by managed instance.

重要

Azure 平臺可以變更原則需求,而不會通知服務依賴該原則。Azure platform can change policy requirements without notifying services relying on that policies.

什麼是目前的 Azure 平臺原則?What are current Azure platform policies?

每個登入都必須在登入時設定其密碼,並在達到最大存留期之後變更其密碼。Each login must set its password upon login and change its password after it reaches maximum age.

原則Policy 安全性設定Security Setting
密碼最長使用期限Maximum password age 42天42 days
密碼最短使用期限Minimum password age 1 日1 day
密碼長度下限Minimum password length 10個字元10 characters
密碼必須符合複雜性需求Password must meet complexity requirements 已啟用Enabled

是否可以在登入層級上停用 SQL 受控執行個體中的密碼複雜性和到期日?Is it possible to disable password complexity and expiration in SQL Managed Instance on login level?

是的,您可以控制登入層級的 CHECK_POLICY 和 CHECK_EXPIRATION 欄位。Yes, it is possible to control CHECK_POLICY and CHECK_EXPIRATION fields on login level. 您可以執行下列 T-sql 命令來檢查目前的設定:You can check current settings by executing following T-SQL command:

SELECT *
FROM sys.sql_logins

之後,您可以藉由執行下列動作來修改指定的登入設定:After that, you can modify specified login settings by executing :

ALTER LOGIN <login_name> WITH CHECK_POLICY = OFF;
ALTER LOGIN <login_name> WITH CHECK_EXPIRATION = OFF;

(以所需的登入名稱取代 ' test ',並調整原則和到期值) (replace 'test' with desired login name and adjust policy and expiration values)

服務更新Service updates

Azure SQL Database & SQL 受控執行個體的根 CA 變更為何?What is the Root CA change for Azure SQL Database & SQL Managed Instance?

請參閱 Azure SQL Database & SQL 受控執行個體的憑證輪替See Certificate rotation for Azure SQL Database & SQL Managed Instance.

什麼是 SQL 受控執行個體的規劃維護事件?What is a planned maintenance event for SQL Managed Instance?

請參閱 SQL 受控執行個體中的規劃 Azure 維護事件See Plan for Azure maintenance events in SQL Managed Instance.

Azure 意見反應和支援Azure feedback and support

我可以將我的概念用於 SQL 受控執行個體改進?Where can I leave my ideas for SQL Managed Instance improvements?

您可以針對新的受控執行個體功能投票,或針對 SQL 受控執行個體意見反應論壇上的投票提出新的改進想法。You can vote for a new Managed Instance feature or put a new improvement idea on voting on SQL Managed Instance Feedback Forum. 如此一來,您就可以參與產品開發,並協助我們設定潛在改進的優先順序。This way you can contribute to the product development and help us prioritize our potential improvements.

如何建立 Azure 支援要求?How can I create Azure support request?

若要瞭解如何建立 Azure 支援要求,請參閱 如何建立 Azure 支援要求To learn how to create Azure support request, see How to create Azure support request.