Berhijrah ke Sidang Kemuncak Inovasi:
Ketahui cara berhijrah dan memodenkan ke Azure boleh meningkatkan prestasi, daya tahan dan keselamatan perniagaan anda, membolehkan anda menerima AI sepenuhnya.Daftar sekarang
Pelayar ini tidak lagi disokong.
Naik taraf kepada Microsoft Edge untuk memanfaatkan ciri, kemas kini keselamatan dan sokongan teknikal yang terkini.
This article provides a quick checklist as a series of best practices and guidelines to optimize performance of your SQL Server on Azure Virtual Machines (VMs).
While running SQL Server on Azure Virtual Machines, continue using the same database performance tuning options that are applicable to SQL Server in on-premises server environments. However, the performance of a relational database in a public cloud depends on many factors, such as the size of a virtual machine, and the configuration of the data disks.
There's typically a trade-off between optimizing for costs and optimizing for performance. This performance best practices series is focused on getting the best performance for SQL Server on Azure Virtual Machines. If your workload is less demanding, you might not require every recommended optimization. Consider your performance needs, costs, and workload patterns as you evaluate these recommendations.
VM size
The checklist in this section covers the VM size best practices for SQL Server on Azure VMs.
Identify workload performance characteristics to determine the appropriate VM size for your business.
The Mbdsv3-series VMs offer the best performance for SQL Server workloads on Azure VMs. Consider this series first for mission critical OLTP and data warehouse SQL Server workloads.
The Ebdsv5-series provides a high I/O throughput-to-vCore ratio, along with a memory-to-vCore ratio of 8:1. This series offers the best price-performance for SQL Server workloads on Azure VMs. Consider these VMs first for most SQL Server workloads.
The M-series family offers VMs with the highest memory allocation in Azure.
The Mbsv3 and Mbdsv3 series VMs provide a high memory allocation and the highest I/O throughput-to-vCore ratio amongst the M-series family, along with a consistent memory-to-vCore ratio of at least 8:1.
Start development environments with the lower-tier D-Series, B-Series, or Av2-series and grow your environment over time.
Storage
The checklist in this section covers the storage best practices for SQL Server on Azure VMs.
To optimize storage performance, plan for highest uncached IOPS available and use data caching as a performance feature for data reads while avoiding virtual machine and disks capping.
When using the Ebdsv5 or Ebsv5 series SQL Server VMs, use Premium SSD v2 for the best price performance. You can deploy your SQL Server VM with Premium SSD v2 by using the Azure portal (currently in preview).
Place data, log, and tempdb files on separate drives.
For M-series virtual machine deployments, consider write accelerator over using Azure ultra disks.
Place tempdb on the temporary disk (the temporary disk is ephemeral, and defaults to D:\) for most SQL Server workloads that aren't part of a failover cluster instance (FCI) after choosing the optimal VM size.
If the capacity of the local drive isn't enough for tempdb, consider sizing up the VM. For more information, see Data file caching policies.
For failover cluster instances (FCI) place tempdb on the shared storage.
If the FCI workload is heavily dependent on tempdb disk performance, then as an advanced configuration place tempdb on the local ephemeral SSD (default D:\) drive, which isn't part of FCI storage. This configuration needs custom monitoring and action to ensure the local ephemeral SSD (default D:\) drive is available all the time as any failures of this drive won't trigger action from FCI.
Stripe multiple Azure data disks using Storage Spaces to increase I/O bandwidth up to the target virtual machine's IOPS and throughput limits.
Set host caching to read-only for data file disks.
Don't enable read/write caching on disks that contain SQL Server data or log files.
Always stop the SQL Server service before changing the cache settings of your disk.
When migrating several different workloads to the cloud, Azure Elastic SAN can be a cost-effective consolidated storage solution. However, when using Azure Elastic SAN, achieving desired IOPS/throughput for SQL Server workloads often requires overprovisioning capacity. While not typically appropriate for single SQL Server workloads, you can attain a cost-effective solution when combining low-performance workloads with SQL Server.
For development and test workloads, and long-term backup archival consider using standard storage. It isn't recommended to use Standard HDD/SSD for production workloads.
Credit-based Disk Bursting (P1-P20) should only be considered for smaller dev/test workloads and departmental systems.
To optimize storage performance, plan for highest uncached IOPS available, and use data caching as a performance feature for data reads while avoiding virtual machine and disks capping/throttling.
Format your data disk to use 64-KB allocation unit size for all data files placed on a drive other than the temporary D:\ drive (which has a default of 4 KB). SQL Server VMs deployed through Azure Marketplace come with data disks formatted with allocation unit size and interleave for the storage pool set to 64 KB.
Configure the storage account in the same region as the SQL Server VM.
Disable Azure geo-redundant storage (geo-replication) and use LRS (local redundant storage) on the storage account.
Enable the SQL Best Practices Assessment to identify possible performance issues and evaluate that your SQL Server VM is configured to follow best practices.
Exclude SQL Server files from antivirus software scanning, including data files, log files, and backup files.
Security
The checklist in this section covers the security best practices for SQL Server on Azure VMs.
SQL Server features and capabilities provide methods of securing data at the database level that can be combined with security features at the infrastructure level. Together, these features provide defense-in-depth at the infrastructure level for cloud-based and hybrid solutions. In addition, with Azure security measures, it's possible to encrypt your sensitive data, protect virtual machines from viruses and malware, secure network traffic, identify and detect threats, meet compliance requirements, and provides a single method for administration and reporting for any security need in the hybrid cloud.
Use Microsoft Defender for SQL to discover and mitigate potential database vulnerabilities, as well as detect anomalous activities that could indicate a threat to your SQL Server instance and database layer.
Vulnerability Assessment is a part of Microsoft Defender for SQL that can discover and help remediate potential risks to your SQL Server environment. It provides visibility into your security state, and includes actionable steps to resolve security issues.
Use Azure confidential VMs to reinforce protection of your data in-use, and data-at-rest against host operator access. Azure confidential VMs allow you to confidently store your sensitive data in the cloud and meet strict compliance requirements.
Azure Advisor analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. Use Azure Advisor at the virtual machine, resource group, or subscription level to help identify and apply best practices to optimize your Azure deployments.
Use Azure Disk Encryption when your compliance and security needs require you to encrypt the data end-to-end using your encryption keys, including encryption of the ephemeral (locally attached temporary) disk.
Managed Disks are encrypted at rest by default using Azure Storage Service Encryption, where the encryption keys are Microsoft-managed keys stored in Azure.
Management ports should be closed on your virtual machines - Open remote management ports expose your VM to a high level of risk from internet-based attacks. These attacks attempt to brute force credentials to gain admin access to the machine.
Use Azure Bastion over Remote Desktop Protocol (RDP).
Lock down ports and only allow the necessary application traffic using Azure Firewall which is a managed Firewall as a Service (FaaS) that grants/ denies server access based on the originating IP address.
Use Application Security Groups to group servers together with similar port filtering requirements, with similar functions, such as web servers and database servers.
For web and application servers use Azure Distributed Denial of Service (DDoS) protection. DDoS attacks are designed to overwhelm and exhaust network resources, making apps slow or unresponsive. It's common for DDoS attacks to target user interfaces. Azure DDoS protection sanitizes unwanted network traffic, before it impacts service availability
Use VM extensions to help address anti-malware, desired state, threat detection, prevention, and remediation to address threats at the operating system, machine, and network levels:
Evaluate third party extensions such as Symantec Endpoint Protection for Windows VM (/azure/virtual-machines/extensions/symantec)
Use Azure Policy to create business rules that can be applied to your environment. Azure Policies evaluate Azure resources by comparing the properties of those resources against rules defined in JSON format.
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints are different than Azure Policies.
Use Windows Server 2019 or Windows Server 2022 to be FIPS compliant with SQL Server on Azure VMs.
SQL Server features
The following is a quick checklist of best practices for SQL Server configuration settings when running your SQL Server instances in an Azure virtual machine in production:
Use Azure Monitor to collect, analyze, and act on telemetry data from your SQL Server environment. This includes identifying infrastructure issues with VM insights and monitoring data with Log Analytics for deeper diagnostics.
Enable Autoshutdown for development and test environments.
Implement a high availability and disaster recovery (HADR) solution that meets your business continuity SLAs, see the HADR options options available for SQL Server on Azure VMs.
Use the Azure portal (support + troubleshooting) to evaluate resource health and history; submit new support requests when needed.
HADR configuration
The checklist in this section covers the HADR best practices for SQL Server on Azure VMs.
For your Windows cluster, consider these best practices:
Deploy your SQL Server VMs to multiple subnets whenever possible to avoid the dependency on an Azure Load Balancer or a distributed network name (DNN) to route traffic to your HADR solution.
Change the cluster to less aggressive parameters to avoid unexpected outages from transient network failures or Azure platform maintenance. To learn more, see heartbeat and threshold settings. For Windows Server 2012 and later, use the following recommended values:
SameSubnetDelay: 1 second
SameSubnetThreshold: 40 heartbeats
CrossSubnetDelay: 1 second
CrossSubnetThreshold: 40 heartbeats
Place your VMs in an availability set or different availability zones. To learn more, see VM availability settings.
Use a single NIC per cluster node.
Configure cluster quorum voting to use 3 or more odd number of votes. Don't assign votes to DR regions.
Carefully monitor resource limits to avoid unexpected restarts or failovers due to resource constraints.
Ensure your OS, drivers, and SQL Server are at the latest builds.
Optimize performance for SQL Server on Azure VMs. Review the other sections in this article to learn more.
Reduce or spread out workload to avoid resource limits.
Move to a VM or disk that his higher limits to avoid constraints.
For your SQL Server availability group or failover cluster instance, consider these best practices:
If you're experiencing frequent unexpected failures, follow the performance best practices outlined in the rest of this article.
If optimizing SQL Server VM performance doesn't resolve your unexpected failovers, consider relaxing the monitoring for the availability group or failover cluster instance. However, doing so may not address the underlying source of the issue and could mask symptoms by reducing the likelihood of failure. You may still need to investigate and address the underlying root cause. For Windows Server 2012 or higher, use the following recommended values:
Lease timeout: Use this equation to calculate the maximum lease time-out value: Lease timeout < (2 * SameSubnetThreshold * SameSubnetDelay).
Start with 40 seconds. If you're using the relaxed SameSubnetThreshold and SameSubnetDelay values recommended previously, don't exceed 80 seconds for the lease timeout value.
Max failures in a specified period: Set this value to 6.
When using the virtual network name (VNN) and an Azure Load Balancer to connect to your HADR solution, specify MultiSubnetFailover = true in the connection string, even if your cluster only spans one subnet.
If the client doesn't support MultiSubnetFailover = True you may need to set RegisterAllProvidersIP = 0 and HostRecordTTL = 300 to cache client credentials for shorter durations. However, doing so may cause additional queries to the DNS server.
To connect to your HADR solution using the distributed network name (DNN), consider the following:
You must use a client driver that supports MultiSubnetFailover = True, and this parameter must be in the connection string.
Use a unique DNN port in the connection string when connecting to the DNN listener for an availability group.
Use a database mirroring connection string for a basic availability group to bypass the need for a load balancer or DNN.
Validate the sector size of your VHDs before deploying your high availability solution to avoid having misaligned I/Os. See KB3009974 to learn more.
If the SQL Server database engine, Always On availability group listener, or failover cluster instance health probe are configured to use a port between 49,152 and 65,536 (the default dynamic port range for TCP/IP), add an exclusion for each port. Doing so prevents other systems from being dynamically assigned the same port. The following example creates an exclusion for port 59999: netsh int ipv4 add excludedportrange tcp startport=59999 numberofports=1 store=persistent
Performance troubleshooting
The following is a list of resources that help you further troubleshoot SQL Server performance issues.
Azure HPC is a purpose-built cloud capability for HPC & AI workload, using leading-edge processors and HPC-class InfiniBand interconnect, to deliver the best application performance, scalability, and value. Azure HPC enables users to unlock innovation, productivity, and business agility, through a highly available range of HPC & AI technologies that can be dynamically allocated as your business and technical needs change. This learning path is a series of modules that help you get started on Azure HPC - you
Administer an SQL Server database infrastructure for cloud, on-premises and hybrid relational databases using the Microsoft PaaS relational database offerings.
Identify performance issues and assess that your SQL Server VM is configured to follow best practices by using the SQL best practices assessment feature in the Azure portal.
When migrating your SQL Server workloads to Azure VM, there are literally hundreds of different VM sizes to choose from. Hopefully, you've seen our videos on sizing so you have an idea of the methodology we recommend to choose the right size, but what if you have a new SQL Server workload that you don't have metrics for? Where should you start? In part 4 of this eight-part series, we will highlight the Edsv4-series VMs and show you why we think they are the best VMs for your SQL Server workloads.[00:44] Wha
Learn how you can use the Azure portal to deploy your SQL Server on Azure VM with Premium SSD disks (preview), the new generation storage solution designed for IO-intensive enterprise workloads that require submillisecond disk latencies, high IOPS and throughput at a low cost.