使用 SQL Database 進階資料安全性搭配虛擬網路幾乎 100%相容Use SQL Database advanced data security with virtual networks and near 100% compatibility

受控執行個體是 Azure SQL Database 的新部署選項,幾乎可與最新 SQL Server 內部部署環境 (Enterprise Edition) 資料庫引擎 100% 相容,並提供原生虛擬網路 (VNet) 實作,可解決常見的安全性考量,以及提供有利於內部部署 SQL Server 客戶的商務模型Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers. 受控執行個體部署模型可讓現有 SQL Server 客戶透過最少的應用程式和資料庫變更,將他們的內部部署應用程式隨即轉移至雲端。The managed instance deployment model allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes. 同時,受控執行個體部署模型選項會保留 PaaS 的所有功能 (自動修補和版本的更新、自訂備份高可用性),可以大幅降低管理負擔和 TCO。At the same time, the managed instance deployment option preserves all PaaS capabilities (automatic patching and version updates, automated backups, high-availability ), that drastically reduces management overhead and TCO.

重要

如需目前可用受控執行個體部署模型的區域清單,請參閱支援的區域For a list of regions in which the managed instance deployment option is currently available, see supported regions.

下圖概述受控執行個體的主要功能:The following diagram outlines key features of managed instances:

主要功能

受控執行個體部署模型專為以下客戶設計:想要盡可能輕鬆地將大量應用程式,從內部部署或 IaaS、自行建置或 ISV 提供的環境遷移至完全受控的 PaaS 雲端環境。The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises or IaaS, self-built, or ISV provided environment to fully managed PaaS cloud environment, with as low migration effort as possible. 利用 Azure 中完全自動化的資料移轉服務 (DMS),客戶可以將內部部署 SQL Server 隨即移轉至受控執行個體,受控執行個體可與 SQL Server 內部部署環境相容,並透過原生 VNet 支援來完全隔離客戶執行個體。Using the fully automated Data Migration Service (DMS) in Azure, customers can lift and shift their on-premises SQL Server to a managed instance that offers compatibility with SQL Server on-premises and complete isolation of customer instances with native VNet support. 您可以透過軟體保證使用適用於 SQL Server 的 Azure Hybrid Benefit,以折扣優惠在受控執行個體上交換執行個體的現有授權。With Software Assurance, you can exchange their existing licenses for discounted rates on a managed instance using the Azure Hybrid Benefit for SQL Server. 對於需要高度安全性和程式設計介面豐富的 SQL Server 執行個體而言,受控執行個體是雲端中最佳的移轉目的地。A managed instance is the best migration destination in the cloud for SQL Server instances that require high security and a rich programmability surface.

受控執行個體部署選項的目標是透過階段式發行計劃,為最新版內部部署 SQL Server 提供幾乎 100% 的介面區相容性。The managed instance deployment option aims delivers close to 100% surface area compatibility with the latest on-premises SQL Server version through a staged release plan.

若要決定使用 Azure SQL Database 部署選項:單一資料庫、集區資料庫、受控執行個體或虛擬機器中裝載的 SQL Server,請參閱如何在 Azure 選擇正確的 SQL Server 版本To decide between the Azure SQL Database deployment options: single database, pooled database, and managed instance, and SQL Server hosted in virtual machine, see how to choose the right version of SQL Server in Azure.

重要功能Key features and capabilities

受控執行個體結合了可在 Azure SQL Database 和 SQL Server 資料庫引擎中取得的最佳功能。Managed instance combines the best features that are available both in Azure SQL Database and SQL Server Database Engine.

重要

受控執行個體能執行 SQL Server 最新版本的所有功能,包括線上作業、自動計劃修正,以及其他企業效能增強功能。A managed instance runs with all of the features of the most recent version of SQL Server, including online operations, automatic plan corrections, and other enterprise performance enhancements. 功能比较:Azure SQL 数据库与 SQL ServerAzure SQL Database 與 SQL ServerA Comparison of the features available is explained in Feature comparison: Azure SQL Database versus SQL Server.

PaaS 支援PaaS benefits 商務持續性Business continuity
無須硬體採購和管理No hardware purchasing and management
沒有管理基礎結構的管理負擔No management overhead for managing underlying infrastructure
快速佈建和服務調整Quick provisioning and service scaling
自動修補和版本升級Automated patching and version upgrade
與其他 PaaS 資料服務整合Integration with other PaaS data services
99.99% 的 SLA 運作時間99.99% uptime SLA
內建高可用性Built in high-availability
使用自動備份保護資料Data protected with automated backups
客戶可設定的備份保留期限Customer configurable backup retention period
使用者起始的備份User-initiated backups
資料庫還原時間點功能Point in time database restore capability
安全性與合規性Security and compliance 管理Management
隔離的環境 (VNet 整合、單一租用戶服務、專用的運算和儲存體)Isolated environment (VNet integration, single tenant service, dedicated compute and storage)
透明資料加密 (TDE)Transparent data encryption (TDE)
Azure AD 驗證、單一登入支援Azure AD authentication, single sign-on support
Azure AD 伺服器主體 (登入) (公開預覽)Azure AD server principals (logins) (public preview)
與 Azure SQL 資料庫遵循相同的合規性標準Adheres to compliance standards same as Azure SQL database
SQL 稽核SQL auditing
威脅偵測threat detection
用於自動化服務佈建與調整的 Azure Resource Manager APIAzure Resource Manager API for automating service provisioning and scaling
用於手動服務佈建與調整的 Azure 入口網站功能Azure portal functionality for manual service provisioning and scaling
資料移轉服務Data Migration Service

重要

Azure SQL 数据库(所有部署选项)已通过了许多合规性标准的认证。Azure SQL Database (all deployment options), has been certified against a number of compliance standards. 如需詳細資訊,請參閱 < Microsoft Azure 信任中心您可以在此找到最新的 SQL Database 的合規性認證清單。For more information, see the Microsoft Azure Trust Center where you can find the most current list of SQL Database compliance certifications.

下表顯示受控執行個體的主要功能:The key features of managed instances are shown in the following table:

功能Feature 描述Description
SQL Server 版本/組建SQL Server version / build SQL Server 資料庫引擎 (最新穩定版)SQL Server Database Engine (latest stable)
受控自動化備份Managed automated backups Yes
內建執行個體和資料庫的監視與計量Built-in instance and database monitoring and metrics Yes
自動軟體修補Automatic software patching Yes
最新的資料庫引擎功能The latest Database Engine features Yes
每個資料庫的資料檔案 (ROWS) 數目Number of data files (ROWS) per the database 多個Multiple
每個資料庫的記錄檔 (LOG) 數目Number of log files (LOG) per database 11
VNet - Azure Resource Manager 部署VNet - Azure Resource Manager deployment Yes
VNet - 傳統部署模型VNet - Classic deployment model No
入口網站支援Portal support Yes
內建的整合服務 (SSIS)Built-in Integration Service (SSIS) 否 - SSIS 屬於 Azure Data Factory PaaSNo - SSIS is a part of Azure Data Factory PaaS
內建的 Analysis Services (SSAS)Built-in Analysis Service (SSAS) 否 - SSAS 是個別 PaaSNo - SSAS is separate PaaS
內建的報告服務 (SSRS)Built-in Reporting Service (SSRS) 否 - 使用 Power BI 或 SSRS IaaSNo - use Power BI or SSRS IaaS

以虛擬核心為基礎的購買模型vCore-based purchasing model

受控執行個體中以虛擬核心為基礎的購買模型提供彈性、可控制、透明及直接的方法,讓您將內部部署工作負載需求平移到雲端。The vCore-based purchasing model for managed instances gives you flexibility, control, transparency, and a straightforward way to translate on-premises workload requirements to the cloud. 此模型可讓您根據工作負載需求,變更計算、記憶體和儲存體。This model allows you to change compute, memory, and storage based upon your workload needs. V 核心模型也能夠透過適用於 SQL Server 的 Azure Hybrid Benefit,最多節省 30% 的成本。The vCore model is also eligible for up to 30 percent savings with the Azure Hybrid Benefit for SQL Server.

在 V 核心模型中,您可以選擇各硬體世代。In vCore model, you can choose between generations of hardware.

  • Gen4 邏輯 CPU 具備 Intel E5-2673 v3 (Haswell) 2.4-GHz 處理器、附加 SSD、實體核心、每核心 7 GB RAM,以及介於 8 到 24 個虛擬核心的計算大小。Gen4 Logical CPUs are based on Intel E5-2673 v3 (Haswell) 2.4-GHz processors, attached SSD, physical cores, 7GB RAM per core, and compute sizes between 8 and 24 vCores.
  • Gen5 邏輯 CPU 具備 Intel E5-2673 v4 (Broadwell) 2.3-GHz 處理器、快速 NVMe SSD、超執行緒邏輯核心,以及介於 8 到 80 個虛擬核心的計算大小。Gen5 Logical CPUs are based on Intel E5-2673 v4 (Broadwell) 2.3-GHz processors, fast NVMe SSD, hyper-threaded logical core, and compute sizes between 8 and 80 cores.

受控執行個體資源限制中尋找關於硬體世代之間差異的詳細資訊。Find more information about the difference between hardware generations in managed instance resource limits.

受控執行個體服務層級Managed instance service tiers

有兩個服務層級可使用受控執行個體:Managed instance is available in two service tiers:

  • 一般用途:專為具有標準效能和 IO 延遲需求的應用程式所設計。General purpose: Designed for applications with typical performance and IO latency requirements.
  • 業務關鍵:專為具有低 IO 延遲需求且對工作負載的基礎維護作業影響最小的應用程式所設計。Business critical: Designed for applications with low IO latency requirements and minimal impact of underlying maintenance operations on the workload.

這兩個服務層級均保證 99.99% 的可用性,可讓您單獨選取儲存體大小和計算容量。Both service tiers guarantee 99.99% availability and enable you to independently select storage size and compute capacity. 如需 Azure SQL Database 高可用性架構的詳細資訊,請參閱高可用性和 Azure SQL DatabaseFor more information on the high availability architecture of Azure SQL Database, see High availability and Azure SQL Database.

一般目的服務層級General purpose service tier

下列清單說明一般用途服務層級的主要特色:The following list describes key characteristic of the General Purpose service tier:

  • 專為大多數有標準效能需求的商務應用程式所設計Design for the majority of business applications with typical performance requirements
  • 高效能的 Azure Blob 儲存體 (8 TB)High-performance Azure Blob storage (8 TB)
  • 根據可靠的 Azure Blob 儲存體和 Azure Service Fabric 內建的高可用性Built-in high-availability based on reliable Azure Blob storage and Azure Service Fabric

如需詳細資訊,請參閱一般用途層中的儲存體層受控執行個體 (一般用途) 的儲存體效能最佳做法和考量 (英文)。For more information, see storage layer in general purpose tier and storage performance best practices and considerations for managed instances (general purpose).

受控執行個體資源限制中尋找關於服務層級之間差異的詳細資訊。Find more information about the difference between service tiers in managed instance resource limits.

業務關鍵服務層級Business Critical service tier

業務關鍵服務層級是為具有高 IO 需求的應用程式所建置。Business Critical service tier is built for applications with high IO requirements. 使用數個分開的複本,針對失敗提供最高的復原能力。It offers highest resilience to failures using several isolated replicas.

下列清單概述業務關鍵服務層級的主要特色:The following list outlines the key characteristics of the Business Critical service tier:

受控執行個體資源限制中尋找關於服務層級之間差異的詳細資訊。Find more information about the difference between service tiers in managed instance resource limits.

進階安全性與合規性Advanced security and compliance

受控執行個體部署選項結合了 Azure 雲端與 SQL Server 資料庫引擎所提供的進階安全性功能。The managed instance deployment option combines advanced security features provided by Azure cloud and SQL Server Database Engine.

受控執行個體的安全性隔離Managed instance security isolation

受控執行個體提供額外的安全性隔離,可與 Azure 雲端中的其他租用戶隔離。A managed instance provides additional security isolation from other tenants in the Azure cloud. 安全性隔離包括:Security isolation includes:

  • 實作原生虛擬網路和使用 Azure Express Route 或 VPN 閘道與內部部署環境連線。Native virtual network implementation and connectivity to your on-premises environment using Azure Express Route or VPN Gateway.
  • 在預設部署中,SQL 端點會公開只能透過私人 IP 位址,允許來自 Azure 私人或混合式網路的安全連線。In a default deployment, SQL endpoint is exposed only through a private IP address, allowing safe connectivity from private Azure or hybrid networks.
  • 單一租用戶具有專用的基礎結構 (計算、儲存體)。Single-tenant with dedicated underlying infrastructure (compute, storage).

下圖概述您應用程式的各種連線選項:The following diagram outlines various connectivity options for your applications:

高可用性

如需深入了解子網路層級的 VNet 整合和網路原則強制施行,請參閱受控執行個體的 VNet 架構將應用程式連線到受控執行個體To learn more details about VNet integration and networking policy enforcement at the subnet level, see VNet architecture for managed instances and Connect your application to a managed instance.

重要

將多個受控執行個體放在相同子網路中 (如果您的安全性需求允許的話),因為這會帶來額外的好處。Place multiple managed instance in the same subnet, wherever that is allowed by your security requirements, as that will bring you additional benefits. 將執行個體放在相同子網路中,可大幅簡化網路基礎結構的維護工作,並且可減少執行個體的佈建時間,因為長時間的佈建期間與在子網路中部署第一個受控執行個體的成本有關。Collocating instances in the same subnet will significantly simplify networking infrastructure maintenance and reduce instance provisioning time, since long provisioning duration is associated with the cost of deploying the first managed instance in a subnet.

Azure SQL Database 安全性功能Azure SQL Database Security Features

Azure SQL Database 提供一組可用來保護資料的進階安全性功能。Azure SQL Database provides a set of advanced security features that can be used to protect your data.

  • 受控執行個體稽核會追蹤資料庫事件並將事件寫入您 Azure 儲存體帳戶中的稽核記錄檔。Managed instance auditing tracks database events and writes them to an audit log file placed in your Azure storage account. 稽核有助於保持法規遵循、了解資料庫活動,以及深入了解可指出商務考量或疑似安全違規的不一致和異常。Auditing can help maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
  • 移動中資料加密 - 受控執行個體會使用傳輸層安全性對移動中的資料加密,藉此保護您的資料。Data encryption in motion - a managed instance secures your data by providing encryption for data in motion using Transport Layer Security. 除了傳輸層安全性,受控執行個體部署選項會使用 Always Encrypted 來保護傳輸中、待用和查詢處理期間的敏感性資料。In addition to transport layer security, the managed instance deployment option offers protection of sensitive data in flight, at rest and during query processing with Always Encrypted. Always Encrypted 是業界優先,可提供無與倫比的資料安全性,以對抗涉及重要資料竊取的入侵。Always Encrypted is an industry-first that offers unparalleled data security against breaches involving the theft of critical data. 例如,透過 Always Encrypted,信用卡號碼會永遠加密儲存在資料庫中,即使在查詢處理期間,都允許需要處理該資料的已授權人員或應用程式在使用時解密。For example, with Always Encrypted, credit card numbers are stored encrypted in the database always, even during query processing, allowing decryption at the point of use by authorized staff or applications that need to process that data.
  • 威脅偵測會提供服務內建的額外安全情報層,此情報層可偵測到不尋常且有危害的資料庫存取或攻擊動作,藉此補充稽核的不足之處。Threat detection complements auditing by providing an additional layer of security intelligence built into the service that detects unusual and potentially harmful attempts to access or exploit databases. 系統會警示您有關可疑活動、潛在弱點、SQL 插入式攻擊和異常資料庫存取模式。You are alerted about suspicious activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access patterns. 您可以從 Azure 資訊安全中心檢視威脅偵測警示,該警示會提供可疑活動的詳細資料,以及如何調查與降低威脅的建議。Threat detection alerts can be viewed from Azure Security Center and provide details of suspicious activity and recommend action on how to investigate and mitigate the threat.
  • 動態資料遮罩可藉由遮罩處理,使不具權限的使用者無法看見敏感性資料。Dynamic data masking limits sensitive data exposure by masking it to non-privileged users. 動態資料遮罩可讓您在應用程式層級受到最小影響的情況下指定要顯示多少敏感性資料,而協助防止未經授權者存取敏感性資料。Dynamic data masking helps prevent unauthorized access to sensitive data by enabling you to designate how much of the sensitive data to reveal with minimal impact on the application layer. 它是以原則為基礎的安全性功能,可針對指定的資料庫欄位隱藏查詢結果集中的機密資料,而不變更資料庫中的資料。It’s a policy-based security feature that hides the sensitive data in the result set of a query over designated database fields, while the data in the database is not changed.
  • 資料列層級安全性讓您能夠根據執行查詢之使用者的特性 (例如,依群組成員資格或執行內容) 來控制資料庫資料表中的資料列存取。Row-level security enables you to control access to rows in a database table based on the characteristics of the user executing a query (such as by group membership or execution context). 資料列層級安全性 (RLS) 可簡化應用程式安全性的設計和編碼。Row-level security (RLS) simplifies the design and coding of security in your application. RLS 可讓您實作資料的資料列存取限制。RLS enables you to implement restrictions on data row access. 例如,確保背景工作角色只能存取其部門相關資料列,或將資料存取權限制為僅限相關資料。For example, ensuring that workers can access only the data rows that are pertinent to their department, or restricting a data access to only the relevant data.
  • 透明資料加密 (TDE) 會將受控執行個體的資料檔案加密,也稱為「待用資料加密」。Transparent data encryption (TDE) encrypts managed instance data files, known as encrypting data at rest. TDE 會執行資料和記錄檔的即時 I/O 加密和解密。TDE performs real-time I/O encryption and decryption of the data and log files. 加密會使用資料庫加密金鑰 (DEK),此金鑰會儲存在資料庫開機記錄中,以在復原期間提供可用性。The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. 您可以使用透明資料加密來保護受控執行個體中的所有資料庫。You can protect all your databases in a managed instance with transparent data encryption. TDE 是 SQL Server 經實證的靜態加密技術,許多合規性標準都需要這項技術才能防禦儲存媒體的竊取。TDE is SQL Server’s proven encryption-at-rest technology that is required by many compliance standards to protect against theft of storage media.

透過 Azure 資料庫移轉服務 (DMS) 或原生還原,可支援將加密的資料庫遷移到受控執行個體。Migration of an encrypted database to a managed instance is supported via the Azure Database Migration Service (DMS) or native restore. 如果您打算使用原生還原加密的資料庫移轉,移轉的現有 TDE 憑證從 SQL Server 內部部署或 SQL Server 虛擬機器中的受管理的執行個體就會是必要的步驟。If you plan to migrate an encrypted database using native restore, migration of the existing TDE certificate from the SQL Server on-premises or SQL Server in a virtual machine to a managed instance is a required step. 如需移轉選項的詳細資訊,請參閱將 SQL Server 執行個體移轉至受控執行個體For more information about migration options, see SQL Server instance migration to managed instance.

Azure Active Directory 整合Azure Active Directory Integration

受控執行個體部署選項支援傳統的 SQL Server 資料庫引擎登入以及與 Azure Active Directory (AAD) 整合的登入。The managed instance deployment option supports traditional SQL server Database engine logins and logins integrated with Azure Active Directory (AAD). Azure AD 伺服器主體(登入) (公開預覽) 是您使用於內部部署環境的 Azure 雲端版內部部署資料庫登入。Azure AD server principals (logins) (public preview) are Azure cloud version of on-premises database logins that you are using in your on-premises environment. Azure AD 伺服器主體 (登入) 可讓您從 Azure Active Directory 租用戶指定使用者和群組作為實際執行個體範圍的主體,能夠執行任何執行個體層級的作業,包括在相同受控執行個體中的跨資料庫查詢。Azure AD server principals (logins) enables you to specify users and groups from your Azure Active Directory tenant as true instance-scoped principals, capable of performing any instance-level operation, including cross-database queries within the same managed instance.

為了建立 Azure AD 伺服器主體 (登入) (公開預覽),引進了新的語法 FROM EXTERNAL PROVIDERA new syntax is introduced to create Azure AD server principals (logins) (public preview), FROM EXTERNAL PROVIDER. 如需有關語法的詳細資訊,請參閱 CREATE LOGIN,並檢閱為受控執行個體佈建 Azure Active Directory 系統管理員文章。For more information on the syntax, see CREATE LOGIN, and review the Provision an Azure Active Directory administrator for your managed instance article.

Azure Active Directory 整合和多重要素驗證Azure Active Directory integration and multi-factor authentication

受控執行個體部署選項可讓您透過 Azure Active Directory 整合,集中管理資料庫使用者和其他 Microsoft 服務的身分識別。The managed instance deployment option enables you to centrally manage identities of database user and other Microsoft services with Azure Active Directory integration. 這項功能簡化了權限管理並增強安全性。This capability simplified permission management and enhances security. Azure Active Directory 支援多重要素驗證 (MFA),以提高資料和應用程式安全性,同時支援單一登入程序。Azure Active Directory supports multi-factor authentication (MFA) to increase data and application security while supporting a single sign-on process.

AuthenticationAuthentication

受控執行個體驗證是指使用者連線到資料庫時如何證明他們的身分識別。Managed instance authentication refers to how users prove their identity when connecting to the database. SQL Database 支援兩種驗證類型:SQL Database supports two types of authentication:

  • SQL 驗證SQL Authentication:

    此驗證方法會使用使用者名稱和密碼。This authentication method uses a username and password.

  • Azure Active Directory 驗證Azure Active Directory Authentication:

    此驗證方法會使用由 Azure Active Directory 管理的身分識別,並且受控網域和整合式網域都支援此驗證。This authentication method uses identities managed by Azure Active Directory and is supported for managed and integrated domains. 盡可能使用 Active Directory 驗證 (整合式安全性)。Use Active Directory authentication (integrated security) whenever possible.

授權Authorization

授權是指使用者可以在 Azure SQL Database 內執行的動作,這是由使用者帳戶的資料庫角色成員資格和物件層級權限所控制。Authorization refers to what a user can do within an Azure SQL Database, and is controlled by your user account's database role memberships and object-level permissions. 受控執行個體與 SQL Server 2017 具有相同的授權功能。A Managed instance has same authorization capabilities as SQL Server 2017.

資料庫移轉Database migration

受控執行個體部署選項鎖定的是透過將大量資料庫從內部部署或 IaaS 資料庫實作移轉的使用者案例。The managed instance deployment option targets user scenarios with mass database migration from on-premises or IaaS database implementations. 受控執行個體支援數個資料庫移轉選項:Managed instance supports several database migration options:

備份與還原Back up and restore

移轉方法會利用 SQL 備份到 Azure Blob 儲存體。The migration approach leverages SQL backups to Azure Blob storage. 透過 T-SQL RESTORE 命令,儲存在 Azure 儲存體 Blob 的備份可以直接用來還原到受控執行個體。Backups stored in Azure storage blob can be directly restored into a managed instance using the T-SQL RESTORE command.

  • 如需示範如何還原 Wide World Importers - 標準資料庫備份檔案的快速入門,請參閱還原備份檔案至受控執行個體For a quickstart showing how to restore the Wide World Importers - Standard database backup file, see Restore a backup file to a managed instance. 本快速入門顯示,您必須將備份檔案上傳到 Azure Blog 儲存體,並使用共用存取簽章 (SAS) 金鑰保護其安全。This quickstart shows you have to upload a backup file to Azure blog storage and secure it using a Shared access signature (SAS) key.
  • 如需從 URL 還原的資訊,請參閱從 URL 原生還原For information about restore from URL, see Native RESTORE from URL.

重要

來自受控執行個體的備份只能還原至其他受控執行個體。Backups from a managed instance can only be restored to another managed instance. 它們無法還原至內部部署 SQL Server,或還原至單一資料庫/彈性集區。They cannot be restored to an on-premises SQL Server or to a single database/elastic pool.

資料移轉服務Data Migration Service

Azure 資料庫移轉服務是一個完全受控的服務,能夠從多個資料庫來源無縫移轉到 Azure 資料平台,將停機時間降到最低。The Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure Data platforms with minimal downtime. 此服務可簡化將現有協力廠商和 SQL Server 資料庫移至 Azure SQL Database (單一資料庫、彈性集區中的集區資料庫,以及受控執行個體中的執行個體資料庫) 與 Azure VM 中的 SQL Server 所需的工作。This service streamlines the tasks required to move existing third party and SQL Server databases to Azure SQL Database (single databases, pooled databases in elastic pools, and instance databases in a managed instance) and SQL Server in Azure VM. 請參閱如何使用 DMS 將您的內部部署資料庫遷移至受控執行個體See How to migrate your on-premises database to managed instance using DMS.

SQL 功能支援SQL features supported

受控執行個體部署選項的目標是在各階段中,為內部部署 SQL Server 提供幾乎 100% 的介面區相容性,直到服務正式運作為止。The managed instance deployment option aims to deliver close to 100% surface area compatibility with on-premises SQL Server coming in stages until service general availability. 如需功能和比較清單,請參閱 SQL Database 功能比較,而如需受控執行個體與 SQL Server 的 T-SQL 差異清單,請參閱受控執行個體與 SQL Server 的 T-SQL 差異For a features and comparison list, see SQL Database feature comparison, and for a list of T-SQL differences in managed instances versus SQL Server, see managed instance T-SQL differences from SQL Server.

受控執行個體部署選項支援與 SQL 2008 資料庫的回溯相容性。The managed instance deployment option supports backward compatibility to SQL 2008 databases. 支援直接從 SQL 2005 資料庫伺服器進行移轉,移轉後,SQL 2005 資料庫的相容性層級會更新為 SQL 2008。Direct migration from SQL 2005 database servers is supported, compatibility level for migrated SQL 2005 databases are updated to SQL 2008.

下圖概述受控執行個體中的介面區相容性:The following diagram outlines surface area compatibility in managed instance:

移轉

SQL Server 內部部署和受控執行個體之間的主要差異Key differences between SQL Server on-premises and in a managed instance

受控執行個體部署選項的優勢是其在雲端中一律是最新狀態,這表示內部部署 SQL Server 中的某些功能可能已過時、已停用或已有替代方案。The managed instance deployment option benefits from being always-up-to-date in the cloud, which means that some features in on-premises SQL Server may be either obsolete, retired, or have alternatives. 在某些情況,當工具必須辨識特定功能的運作方式稍有不同,或是服務不在某個環境中執行時,您無法完全控制:There are specific cases when tools need to recognize that a particular feature works in a slightly different way or that service is not running in an environment you do not fully control:

  • 高可用性會使用類似 Always On 可用性群組的技術來內建及預先設定。High-availability is built in and pre-configured using technology similar to Always On Availability Groups.
  • 自動備份和時間點還原。Automated backups and point in time restore. 客戶可以起始 copy-only 備份,這不會干擾自動備份鏈結。Customer can initiate copy-only backups that do not interfere with automatic backup chain.
  • 受控執行個體不允許指定完整路徑,因此必須以不同方式支援所有對應的案例:RESTORE DB 不支援 WITH MOVE、CREATE DB 不允許實體路徑、BULK INSERT 僅適用於 Azure Blob 等等。Managed instance does not allow specifying full physical paths so all corresponding scenarios have to be supported differently: RESTORE DB does not support WITH MOVE, CREATE DB doesn’t allow physical paths, BULK INSERT works with Azure Blobs only, etc.
  • 受控執行個體支援以 Azure AD 驗證 作為 Windows 驗證的雲端替代方案。Managed instance supports Azure AD authentication as cloud alternative to Windows authentication.
  • 受控執行個體都會自動為包含記憶體內部 OLTP 物件的資料庫管理 XTP 檔案群組和檔案Managed instance automatically manages XTP filegroup and files for databases containing In-Memory OLTP objects
  • 受控執行個體支援 SQL Server Integration Services (SSIS),且可主控儲存 SSIS 封裝的 SSIS 目錄 (SSISDB),但會在 Azure Data Factory (ADF) 中的受控 Azure-SSIS Integration Runtime (IR) 上執行,請參閱在 ADF 中建立 Azure-SSIS IR (英文)。Managed instance supports SQL Server Integration Services (SSIS) and can host SSIS catalog (SSISDB) that stores SSIS packages, but they are executed on a managed Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF), see Create Azure-SSIS IR in ADF. 若要比較 SQL Database 的 SSIS 功能,請參閱比較 Azure SQL Database 單一資料庫/彈性集區與受控執行個體To compare the SSIS features in SQL Database, see Compare Azure SQL Database single databases/elastic pools and managed instance.

受控執行個體的管理功能Managed instance administration features

受控執行個體部署選項可讓系統管理員花較少的時間處理系統管理工作,因為 SQL Database 服務會為您執行這些設定,或大幅簡化這些工作。The managed instance deployment option enables system administrator to spend less time on administrative tasks because the SQL Database service either performs them for you or greatly simplifies those tasks. 例如,OS / RDBMS 安裝和修補動態執行個體的大小調整和設定備份資料庫複寫 (包括系統資料庫)、高可用性設定,以及健康情況和效能監視資料流的設定。For example, OS / RDBMS installation and patching, dynamic instance resizing and configuration, backups, database replication (including system databases), high availability configuration, and configuration of health and performance monitoring data streams.

重要

如需可支援、部分支援和不支援的功能清單,請參閱SQL Database 功能For a list of supported, partially supported, and unsupported features, see SQL Database features. 如需受控執行個體與 SQL Server 的 T-SQL 差異清單,請參閱受控執行個體與 SQL Server 的 T-SQL 差異For a list of T-SQL differences in managed instances versus SQL Server, see managed instance T-SQL differences from SQL Server

如何以程式設計方式識別受控執行個體How to programmatically identify a managed instance

下表顯示數個透過 Transact SQL 使用的屬性,可用來檢測出應用程式正在使用受控執行個體,並擷取重要的屬性。The following table shows several properties, accessible through Transact SQL, that you can use to detect that your application is working with managed instance and retrieve important properties.

屬性Property ValueValue 註解Comment
@@VERSION Microsoft SQL Azure (RTM) - 12.0.2000.8 2018-03-07 Copyright (C) 2018 Microsoft Corporation.Microsoft SQL Azure (RTM) - 12.0.2000.8 2018-03-07 Copyright (C) 2018 Microsoft Corporation. 此值與 SQL Database 中的相同。This value is same as in SQL Database.
SERVERPROPERTY ('Edition') SQL AzureSQL Azure 此值與 SQL Database 中的相同。This value is same as in SQL Database.
SERVERPROPERTY('EngineEdition') 88 此值只會識別出受控執行個體。This value uniquely identifies a managed instance.
@@SERVERNAMESERVERPROPERTY ('ServerName')@@SERVERNAME, SERVERPROPERTY ('ServerName') 下列格式的完整執行個體 DNS 名稱:<instanceName>.<dnsPrefix>.database.windows.net,其中 <instanceName> 是客戶提供的名稱,而 <dnsPrefix> 是自動產生的部分名稱,確保全域 DNS 名稱是唯一的 (例如,"wcus17662feb9ce98")Full instance DNS name in the following format:<instanceName>.<dnsPrefix>.database.windows.net, where <instanceName> is name provided by the customer, while <dnsPrefix> is autogenerated part of the name guaranteeing global DNS name uniqueness ("wcus17662feb9ce98", for example) 範例:my-managed-instance.wcus17662feb9ce98.database.windows.netExample: my-managed-instance.wcus17662feb9ce98.database.windows.net

後續步驟Next steps