Azure SQL Managed Instance Network Configuration

Manvendra Deo Singh 1 Reputation point
2022-06-21T08:50:20.823+00:00

We are migrating SQL Server running on Azure VM to Azure SQL Managed Instance. We read below Network constraint in MSFT document.

"Microsoft peering: Enabling Microsoft peering on ExpressRoute circuits peered directly or transitively with a virtual network where SQL Managed Instance resides affects traffic flow between SQL Managed Instance components inside the virtual network and services it depends on, causing availability issues. SQL Managed Instance deployments to virtual network with Microsoft peering already enabled are expected to fail."

Source: https://learn.microsoft.com/en-us/azure/azure-sql/managed-instance/connectivity-architecture-overview?view=azuresql#network-requirements

Microsoft Peering is already enabled on ExpressRoute circuits in our virtual network. I have few questions, please help:

  1. Should we not deploy SQL managed instance in existing Vnet where Microsoft peering is enabled? Or
  2. I should create a new Vnet and deploy SQL MI there but how can i establish connectivity to my existing VNET as Microsoft peering is enabled there and I need this connectivity to access Azure AD services? Do i need to deploy separate Azure AD in new VNET or we can do VNET to VNET peering between newly created VNET and existing VNET? Is it possible?
  3. Is there any other solution? Please help me in setting up this initial network configuration?
  4. Do i need to create separate subnet for each SQL MI deployments or i should deploy all MIs in one subnet only?
Azure SQL Database
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jansel Fernández 1 Reputation point
    2022-06-22T19:50:33.85+00:00

    I recommend that you create a virtual subnet for each IM that you deploy, without problems you could deploy more than one IM in a subnet but for organizational reasons one is better for each subnet, taking into account that you must have a minimum of 32 available ips, You won't need to create a separate AD if you do it on another Vnet, but your subnet for this Mi can still be on the existing VN you already have

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.