Connect to SQL Managed instance

Published 03-13-2019 07:03 PM 3,880 Views
Microsoft
First published on MSDN on Sep 13, 2018


SQL Managed instance is located inside a Vnet.

The options to connect to it are :

  1. From the Azure



      • Inside the same VNet (different subnet)

      • From different VNet using VNet peering / Site-to-Site VPN / Express Route circuit (for cross-region connection)





  2. From on-premises . Using express Route or VPN


Refer to this article for details.

In case you are choosing connecting to Managed instance from a different Vnet , you will need to have Vnet Peering Or Site-to-Site VPN between the 2 Vnets.

In case you have configure a Vnet peering Or Site-to-Site VPN and still have a problem to connect to the Managed instance , check the following :

  1. Check that the 2 Vnets are not on different regions - not supported unless you are using Express route cross-region connection


cross region peering is not supported for MI

2. Run Psping to the Managed instance name with Port 1433 . In case it does not work something is wrong  with  the communication between the 2 Vnets:

In this case , you should check that there is  NSG ( Network security group ) rule on the Subnet of the other Vnet ( the Vnet where you are trying to connect to managed instance from  )  The rule need to be configured as the following  :



Source IP addresses  : The subnet  range of IP's where the VM with SSMS is located

Destination IP addresses : The MI subnet range of IP's

This is outbound rule and must have higher priority then rule that would eventually block the connection



P.S - Very soon we are also going to support NSG on port 1433 on Manage instance subnet.
%3CLINGO-SUB%20id%3D%22lingo-sub-369064%22%20slang%3D%22en-US%22%3EConnect%20to%20SQL%20Managed%20instance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-369064%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20MSDN%20on%20Sep%2013%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20SQL%20Managed%20instance%20is%20located%20inside%20a%20Vnet.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20The%20options%20to%20connect%20to%20it%20are%20%3A%20%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3EFrom%20the%20Azure%20%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3E%3CBR%20%2F%3E%3CUL%3E%3CBR%20%2F%3E%3CLI%3EInside%20the%20same%20VNet%20(different%20subnet)%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EFrom%20different%20VNet%20using%20VNet%20peering%20%2F%20Site-to-Site%20VPN%20%2F%20Express%20Route%20circuit%20(for%20cross-region%20connection)%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FUL%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EFrom%20on-premises%20.%20Using%20express%20Route%20or%20VPN%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%20Refer%20to%20this%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsql-database%2Fsql-database-managed-instance-connect-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20article%20%3C%2FA%3E%20for%20details.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20In%20case%20you%20are%20choosing%20connecting%20to%20Managed%20instance%20from%20a%20different%20Vnet%20%2C%20you%20will%20need%20to%20have%20Vnet%20Peering%20Or%20Site-to-Site%20VPN%20between%20the%202%20Vnets.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20In%20case%20you%20have%20configure%20a%20Vnet%20peering%20Or%20Site-to-Site%20VPN%20and%20still%20have%20a%20problem%20to%20connect%20to%20the%20Managed%20instance%20%2C%20check%20the%20following%20%3A%20%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3ECheck%20that%20the%202%20Vnets%20are%20not%20on%20different%20regions%20-%20not%20supported%20unless%20you%20are%20using%20Express%20route%20cross-region%20connection%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsql-database%2Fsql-database-managed-instance-connect-app%23connect-an-application-inside-a-different-vnet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ecross%20region%20peering%20is%20not%20supported%20for%20MI%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%202.%20Run%20Psping%20to%20the%20Managed%20instance%20name%20with%20Port%201433%20.%20In%20case%20it%20does%20not%20work%20something%20is%20wrong%26nbsp%3B%20with%26nbsp%3B%20the%20communication%20between%20the%202%20Vnets%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20In%20this%20case%20%2C%20you%20should%20check%20that%20there%20is%26nbsp%3B%20NSG%20(%20Network%20security%20group%20)%20rule%20on%20the%20Subnet%20of%20the%20other%20Vnet%20(%20the%20Vnet%20where%20you%20are%20trying%20to%20connect%20to%20managed%20instance%20from%26nbsp%3B%20)%26nbsp%3B%20The%20rule%20need%20to%20be%20configured%20as%20the%20following%26nbsp%3B%20%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F89035i6A64E605B5A30686%22%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Source%20IP%20addresses%20%26nbsp%3B%3A%20The%20subnet%26nbsp%3B%20range%20of%20IP's%20where%20the%20VM%20with%20SSMS%20is%20located%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Destination%20IP%20addresses%20%3A%20The%20MI%20subnet%20range%20of%20IP's%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20This%20is%20outbound%20rule%20and%20must%20have%20higher%20priority%20then%20rule%20that%20would%20eventually%20block%20the%20connection%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20P.S%20-%20Very%20soon%20we%20are%20also%20going%20to%20support%20NSG%20on%20port%201433%20on%20Manage%20instance%20subnet.%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-369064%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20MSDN%20on%20Sep%2013%2C%202018%20%26nbsp%3BSQL%20Managed%20instance%20is%20located%20inside%20a%20Vnet.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-369064%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20sql%20managed%20instance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Envet%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 13 2019 07:04 PM
Updated by: