Share via

Migration strategy for Azure SQL Database to ALZ with private endpoint - minimal downtime approach

Ali Akhlaghi 0 Reputation points
2025-11-19T13:25:53.85+00:00

Question:

I need to migrate a production Azure SQL Database to an Azure Landing Zone (ALZ) architecture with the following requirements:

Target Environment:

  • Private endpoint enabled
  • Azure AD authentication only (no SQL authentication)
  • Public access disabled

Requirements:

  • Minimal application downtime
  • Data synchronization during migration
  • Production database remains operational during migration

Questions:

  1. What is the recommended migration strategy for synchronizing data between the source database and the ALZ instance while the source remains in production?
  2. What migration tools/methods support continuous data sync with these security constraints (private endpoint, no public access)?
  3. What should be the application migration strategy - blue/green deployment, phased rollover, or other approaches?
  4. At what point in the process should I switch the application connection string to point to the new database to minimize downtime?
  5. Are there any specific considerations for ALZ architectures that differ from standard Azure SQL migrations?

Current Setup:

  • Source: Azure SQL Database in Azure Portal (standard deployment)
  • Target: Azure SQL Database in ALZ with enhanced security controls

Any guidance on best practices, recommended tools (Azure Data Migration Service, transactional replication, etc.).
P.S. It seems Azure Database Migration Service is blocked at the tenant level in my org for now.

Azure SQL Database

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pilladi Padma Sai Manisha 7,055 Reputation points Microsoft External Staff Moderator
    2025-11-19T13:58:59.5333333+00:00

    Hi Ali Akhlaghi,
    Thank you for reaching out to Microsoft QA!

    To migrate your production Azure SQL Database to an Azure Landing Zone (ALZ) with private endpoints, Azure AD-only authentication, and no public access, while minimizing downtime and keeping the source database operational, follow a clear, well-planned approach:

    • Migration Strategy for Data Synchronization:
    1. Use Transactional Replication to continuously synchronize changes from your source Azure SQL Database to the new ALZ-based instance.
    2. This method supports ongoing data sync while the source remains fully operational and fits the security model with private endpoints and Azure AD authentication.
    3. It ensures minimal downtime and enables near real-time replication of data and schema changes.​
    • Migration Tools and Methods:
    1. Since Azure Database Migration Service is blocked, leverage Transactional Replication as your core tool for continuous data sync.
    2. Use Azure Data Factory for initial bulk data load if needed, but rely on replication for continuous sync rather than batch processing.
    3. Validate connectivity via private endpoints and confirm Azure AD authentication on the target before migration begins.​
    • Application Migration Strategy:

    Adopt a blue/green deployment:

    1. Deploy the new database in the ALZ alongside the current production environment.
    2. Continuously replicate data changes until the ALZ target is fully synchronized and tested.
    3. The switch to the new database is done by updating the application’s connection string once synchronization is complete.
    4. This approach enables seamless roll-back if issues arise and minimizes application downtime during cutover.​
    • Timing for Connection String Switch:

    Switch the application connection string to point to the new ALZ database only after:

    1. Data synchronization is fully caught up.
    2. The new database is verified as fully operational.
    3. Transactional replication has drained outstanding changes from the source.
    4. This moment minimizes downtime to just the cutover switch over, which can be done instantly.​
    • Azure Landing Zone Specific Considerations:
    1. Enforce private endpoint configurations and disable public network access on the ALZ database.
    2. Use Azure AD authentication exclusively, which may require revising application identity and authentication flows.
    3. Review ALZ network security policies and compliance controls to prevent connection or policy violations during migration.
    4. Ensure appropriate role assignments and access policies are applied in ALZ for security governance.

    To provide even more tailored help, here are a few questions:

    1. What is the size of your source database?
    2. How critical is zero downtime for your application during the migration?
    3. Are there any specific aspects of your application architecture that might complicate the migration?
    4. Would you prefer more in-depth guides on any specific tools or methods?

    References:

    1. Migrating to Azure SQL Database
    2. Transactional Replication
    3. Azure Data Factory
    4. Azure SQL Database Security

    Hope this helps! Let me know if you have further questions or need clarification on any of the points.

    0 comments
  2. Q&A Assist
    2025-11-19T13:26:32.93+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To migrate your production Azure SQL Database to an Azure Landing Zone (ALZ) while meeting your specified requirements, consider the following strategies and tools:

    1. Recommended Migration Strategy for Data Synchronization:
      • Use Transactional Replication to synchronize data between the source database and the ALZ instance. This method allows you to maintain operational continuity on the source database while replicating data changes to the target. It supports minimal downtime and ensures that the production database remains operational during the migration process.
    2. Migration Tools/Methods Supporting Continuous Data Sync:
      • Transactional Replication is a suitable method for your requirements as it can work with private endpoints and does not require public access. It allows for real-time data synchronization while keeping the source database active.
      • Azure Data Factory can also be used for data movement and transformation, but it may require more setup and is typically used for batch processing rather than continuous sync.
    3. Application Migration Strategy:
      • A blue/green deployment strategy is recommended. This approach allows you to deploy the new database in parallel with the existing one, enabling you to switch traffic to the new database once it is fully synchronized and tested.
      • Alternatively, a phased rollover can be considered, where you gradually switch parts of the application to the new database.
    4. Switching the Application Connection String:
      • The application connection string should be switched to point to the new database after ensuring that the data synchronization is complete and the new database is fully operational. This typically occurs after the initial data load and once you verify that the transactional replication is functioning correctly.
    5. Specific Considerations for ALZ Architectures:
      • Ensure that your ALZ architecture adheres to the enhanced security controls, including enabling private endpoints and configuring Azure AD authentication. Review any specific network configurations or policies that may affect connectivity between the source and target databases.
      • Consider compliance and governance policies that may be unique to your organization's ALZ setup, ensuring that all security measures are in place before and during the migration.

    By following these strategies and utilizing the recommended tools, you can achieve a successful migration with minimal downtime while adhering to your security constraints.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.