Bewerken

Delen via


SQL Server enabled by Azure Arc

Applies to: SQL Server

SQL Server enabled by Azure Arc extends Azure services to SQL Server instances hosted outside of Azure: in your data center, in edge site locations like retail stores, or any public cloud or hosting provider.

Managing SQL Server through Azure Arc can also be configured for SQL Server VMs in Azure VMware Solution. See Deploy Arc-enabled Azure VMware Solution.

Manage your SQL Server instances at scale from a single point of control

Azure Arc enables you to manage all of your SQL Server instances from a single point of control: Azure. As you connect your SQL Server instances to Azure, you get a single place to view the detailed inventory of your SQL Server instances and databases.

  • Look at details for a given SQL Server in the Azure portal such as the name, version, edition, number of cores, and host operating system.
  • Query across all of your SQL Server instances using Azure Resource Graph Explorer to answer questions like:
    • "How many SQL Server instances do I have that are SQL Server 2014?"
    • "What are the names of all the SQL Server instances that are running on Linux?"
  • Quickly create charts from these queries and pin them to customizable dashboards.
  • View a list of every database on a SQL Server and do cross-SQL Server queries of databases to see:
    • Databases that haven't been backed up recently.
    • Databases that aren't encrypted.

Example custom dashboard

Review an example of a custom dashboard in GitHub microsoft/sql-server-samples.

A screenshot of a custom dashboard in the Azure portal.

Best practices assessment

You can optimize the configuration of your SQL Server instances for best performance and security by running a best practices assessment. The assessment report shows you specific ways to improve your configuration. The assessment compares your configuration to best practices established by Microsoft Support through many years of real-world experience. Each suggestion includes the details on how to change the configuration.

Microsoft Entra authentication

Note

Microsoft Entra ID was previously known as Azure Active Directory (Azure AD).

Starting with SQL Server 2022 (16.x), Azure Arc enabled SQL Servers can utilize Microsoft Entra ID for authentication, bringing a modern centralized identity and access management solution to SQL Server. Microsoft Entra authentication provides greatly enhanced security over traditional username and password-based authentication, which is not recommended. For more information about the risks and challenges passwords pose, refer to "What’s the solution to the growing problem of passwords?". Microsoft Entra authentication removes the need for self-managed secrets entirely when communicating with Azure resources, through managed identity authentication. For user-based authentication, Microsoft Entra ID supports enhanced security measures including multifactor authentication (MFA), single sign-on (SSO), and modern identity practices.

Microsoft Defender for Cloud

Microsoft Defender for Cloud helps you discover and mitigate potential database vulnerabilities and alerts you to anomalous activities. These activities might indicate threats to your databases on SQL Server instances enabled for Azure Arc.

  • Vulnerability assessment: Scan databases to discover, track, and remediate vulnerabilities.
  • Threat protection: Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to provide to mitigate threats.

When you enable Microsoft Defender through SQL Server enabled by Azure Arc, you can get substantial cost savings on Defender.

Microsoft Purview

Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Easily create a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage. Enable data consumers to access valuable, trustworthy data management.

SQL Server enabled by Azure Arc powers some of the Microsoft Purview features such as access policies and it generally makes it easier for you to get your SQL Server instances connected into Purview.

Pay-as-you-go for SQL Server

Now, with SQL Server enabled by Azure Arc, you have the option of purchasing SQL Server using a 'pay-as-you-go' model instead of purchasing licenses. This model is a great alternative if you're looking to save costs on SQL Server instances that have variable demand for compute capacity over time. For example, when you can turn off a SQL Server at night or on weekends, or even just scale down the number of cores used during less busy times. It's also a great option if you only plan to use a SQL Server for a short period of time and then won't need it anymore. Pay-as-you-go, billed through Azure, is now available for all versions of SQL Server from 2012 to 2022.

Extended Security Updates (ESU)

Once SQL Server has reached the end of its support lifecycle, you can sign up for an Extended Security Update (ESU) subscription for your servers and remain protected for up to three years. When you upgrade to a newer version of SQL Server, your ESU subscription is automatically canceled. When you migrate to Azure SQL, the ESU charges automatically stop but you continue to have access to the ESUs.

Performance dashboards

Monitor SQL Server instances from Azure portal with performance dashboards. Performance dashboards simplify performance monitoring in Azure portal.

Screenshot of performance dashboard for SQL Server enabled by Azure Arc.

For details, see Monitor SQL Server enabled by Azure Arc (preview).

Migration assessment

SQL Server enabled by Azure Arc migration assessment is a crucial tool for your cloud migration and modernization journey. It simplifies the discovery and readiness assessment for migration by providing:

  • Cloud readiness analysis
  • Identification of risks and mitigation strategies
  • Recommendations for the specific service tier and Azure SQL configuration (SKU size) that best fits the workload needs
  • Automatic generation of the assessment
  • Continuous running on a default schedule of once per week
  • Availability for all SQL Server editions

Migration assessment is for SQL Servers located in various environments, including your data center, edge sites, or any public cloud or hosting provider. It is available for any instance of SQL Server that is enabled by Azure Arc.

For details, review Configure SQL best practices assessment - SQL Server enabled by Azure Arc.

Architecture

The SQL Server instance that you want to enable with Azure Arc can be installed in a virtual or physical machine running Windows or Linux. The Azure Connected Machine agent and the Azure Extension for SQL Server securely connect to Azure to establish communication channels with multiple Azure services using only outbound HTTPS traffic on TCP port 443 using Transport Layer Security (TLS). The Azure Connected Machine agent can communicate through a configurable HTTPS proxy server over Azure Express Route, Azure Private Link or over the Internet. Review the overview, network requirements, and prerequisites for the Azure Connected Machine agent.

Some of the services provided by SQL Server enabled by Azure Arc, such as Microsoft Defender for Cloud and best practices assessment, require the Azure Monitoring agent (AMA) extension to be installed and connected to an Azure Log Analytics workspace for data collection and reporting.

The following diagram illustrates the architecture of SQL Server enabled by Azure Arc.

Diagram of the architecture for [!INCLUDE [ssazurearc](../../includes/ssazurearc.md)]

Feature availability depending on license type

The following table identifies the features that are enabled for each license type:

Feature License only 1 License with Software Assurance
or SQL Server subscription
Pay-as-you-go
Connect your SQL Server to Azure Arc Yes Yes Yes
ESU Subscription No Yes Yes
SQL Server inventory Yes Yes Yes
Best practices assessment No Yes Yes
Migration readiness (preview) Yes Yes Yes
Detailed database inventory Yes Yes Yes
Microsoft Entra authentication Yes Yes Yes
Microsoft Defender for Cloud Yes Yes Yes
Govern through Microsoft Purview Yes Yes Yes
Automated backups to local storage (preview) No Yes Yes
Point-in-time restore No Yes Yes
Automatic updates No Yes Yes
Failover cluster instances Yes Yes Yes
Always On availability groups Yes Yes Yes
Monitoring (preview) No Yes Yes
Operate with least privilege Yes Yes Yes

1 The license-only option includes SQL Server instances that are Developer, Express, Web, or Evaluation edition and instances that use a Server+CAL license.

Feature availability by operating system

The following table identifies features available by operating system:

Feature Windows Linux
Discover and register SQL Server instances in Azure Yes Yes
Azure pay-as-you-go billing Yes Yes
Install Azure extension for SQL Server during setup 1 Yes No
Best practices assessment Yes No
Migration assessment (preview) Yes No
Detailed database inventory Yes No
Microsoft Entra ID authentication 1 Yes Yes
Microsoft Defender for Cloud Yes No
Microsoft Purview Yes Yes
Automated backups to local storage (preview) Yes No
Point-in-time-restore (preview) Yes No
Automatic updates Yes No
SQL Server 2012 extended security updates Yes Not applicable
Failover cluster instances Yes Not applicable
Always On availability groups (preview) Yes Not applicable
Monitoring (preview) Yes No
Operate with least privilege Yes No

1 SQL Server 2022 (16.x) only.

Feature availability by version

The following table identifies features available by SQL Server version:

Feature 2012 2014 2016 2017 2019 2022
Azure pay-as-you-go billing Yes Yes Yes Yes Yes Yes
Best practices assessment Yes Yes Yes Yes Yes Yes
Migration assessment (preview) Yes Yes Yes Yes Yes Yes
Detailed database inventory Yes Yes Yes Yes Yes Yes
Microsoft Entra ID authentication for SQL Server No No No No No Yes
Microsoft Defender for Cloud Yes Yes Yes Yes Yes Yes
Microsoft Purview: DevOps policies No No No No No Yes
Microsoft Purview: data owner policies (preview) No No No No No Yes
Automated backups to local storage (preview) Yes Yes Yes Yes Yes Yes
Point-in-time-restore (preview) Yes Yes Yes Yes Yes Yes
Automatic updates Yes 1 Yes Yes Yes Yes Yes
Failover cluster instances Yes Yes Yes Yes Yes Yes
Always On availability groups (preview) Yes Yes Yes Yes Yes Yes
Monitoring (preview) Yes Yes Yes Yes Yes Yes
Operate with least privilege Yes Yes Yes Yes Yes Yes

1 Requires subscription to Extended Security Updates (ESU) enabled by Azure Arc.

Feature availability by edition

The following table identifies features available by SQL Server edition:

Feature Enterprise Standard Web Express Developer Evaluation
Azure pay-as-you-go billing Yes Yes Not applicable Not applicable Not applicable Not applicable
Best practices assessment Yes Yes Yes Yes Yes Yes
Migration readiness (preview) Yes Yes Yes Yes Yes Yes
Detailed database inventory Yes Yes Yes Yes Yes Yes
Microsoft Entra authentication Yes Yes Yes Yes Yes Yes
Microsoft Defender for Cloud Yes Yes Yes Yes 1 Yes Yes
Microsoft Purview: Govern using DevOps and data owner policies Yes Yes Yes Yes Yes Yes
Automated backups to local storage (preview) Yes Yes Yes Yes Yes Yes
Point-in-time-restore Yes Yes Yes Yes Yes Yes
Automatic updates Yes Yes Yes Yes Yes Yes
Failover cluster instances Yes Yes Not applicable Not applicable Yes Not applicable
Always On availability groups Yes Yes Not applicable Not applicable Yes Not applicable
Monitoring (preview) Yes Yes No No No No
Operate with least privilege Yes Yes Yes Yes Yes Yes

1 Express LocalDB isn't supported.

SQL Server provides inventory for the following services:

  • SQL Server Analysis Services
  • SQL Server Reporting Services
  • SQL Server Integration Services

Currently, Azure Arc does not provide additional management capabilities for these services.

Supported configurations

SQL Server version

SQL Server 2012 (11.x) and later versions.

Operating systems

  • Windows Server 2012 and later versions
  • Ubuntu 20.04 (x64)
  • Red Hat Enterprise Linux (RHEL) 8 (x64)
  • SUSE Linux Enterprise Server (SLES) 15 (x64)

Important

Windows Server 2012 and Windows Server 2012 R2 support ended on October 10, 2023. For more information, see SQL Server 2012 and Windows Server 2012/2012 R2 end of support.

.NET Framework

On Windows, .NET Framework 4.7.2 and later.

This requirement begins with extension version 1.1.2504.99 (November, 14 2023 release). Without this version, the extension might not function as intended. Windows Server 2012 R2 does not come with .NET Framework 4.7.2 by default and must be updated accordingly.

Support on VMware

You can deploy SQL Server enabled by Azure Arc in VMware VMs running:

  • On-premises
  • In VMware solutions, for example:
    • Azure VMware Solution (AVS)

      Warning

      If you're running SQL Server VMs in Azure VMware Solution (AVS) private cloud, follow the steps in Deploy Arc-enabled Azure VMware Solution to enable.

      This is the only deployment mechanism that provides you with a fully integrated experience with Arc capabilities within the AVS private cloud.

    • VMware Cloud on AWS

    • Google Cloud VMware Engine

Unsupported configurations

Azure Arc-enabled SQL Server doesn't currently support the following configurations:

  • SQL Server running in containers.
  • SQL Server editions: Business Intelligence.
  • Private Link connections to the Azure Arc data processing service at the <region>.arcdataservices.com endpoint used for inventory and usage upload.
  • SQL Server 2008 (10.0.x), SQL Server 2008 R2 (10.50.x), and older versions.
  • Installing the Arc agent and SQL Server extension can't be done as part of sysprep image creation.
  • Multiple instances of SQL Server installed on the same host operating system with the same instance name.
  • SQL Server in Azure Virtual Machines.
  • An Always On availability group where one or more replicas is on a failover cluster instance.

Installation

The SQL Server 2022 (16.x) Setup Installation Wizard doesn't support installation of the Azure extension for SQL Server. You can install this component from the command line, or by connecting the server to Azure Arc.

For VMware clusters, review Support on VMware.

Supported Azure regions

Arc-enabled SQL Server is available in the following regions:

  • East US
  • East US 2
  • West US
  • West US 2
  • West US 3
  • Central US
  • North Central US
  • South Central US
  • West Central US
  • Canada Central
  • Canada East
  • UK South
  • UK West
  • France Central
  • West Europe
  • North Europe
  • Switzerland North
  • Central India
  • Brazil South
  • South Africa North
  • UAE North
  • Japan East
  • Korea Central
  • Southeast Asia
  • Australia East
  • Sweden Central
  • Norway East

Important

For successful onboarding and functioning, assign the same region to both Arc-enabled Server and Arc-enabled SQL Server.