Create SQL MI with point-to-site connection configured
This template allows you to create a Azure SQL Database Managed Instances inside a new virtual network with Virtual network gateway that will be configured for point-to-site connections.
Tags: Azure, SqlDb, Managed Instance, Point-to-Site VPN, Microsoft.Network/networkSecurityGroups, Microsoft.Network/routeTables, Microsoft.Network/virtualNetworks, Microsoft.Sql/managedInstances, SystemAssigned, Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworkGateways
Solution overview and deployed resources
This deployment will create an Azure Virtual Network with two subnets ManagedInstance and GatewaySubnet. Managed Instance will be deployed in ManagedInstance subnet. Virtual network gateway will be created in GatewaySubnet subnet and configured for Point-to-Site VPN conncetions.
Deployment using PowerShell
The easiast way to deploy this template is by running the following PowerShell script. The script will create and configure VPN certificates and run template deployment afterwards.
$scriptUrlBase = 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-sqlmi-new-vnet-w-point-to-site-vpn'
$parameters = @{
subscriptionId = '<subscriptionId>'
resourceGroupName = '<resourceGroupName>'
location = '<location>'
virtualNetworkName = '<virtualNetworkName>'
managedInstanceName = '<managedInstanceName>'
administratorLogin = '<login>'
administratorLoginPassword = '<password>'
certificateNamePrefix = '<certificateNamePrefix>'
}
Invoke-Command -ScriptBlock ([Scriptblock]::Create((New-Object System.Net.WebClient).DownloadString($scriptUrlBase+'/scripts/deploy.ps1'))) -ArgumentList $parameters, $scriptUrlBase
Deployment from template
You can click the "Deploy to Azure" button at the beginning of this document or follow the instructions for command line deployment using the scripts in the root of this repo, and populate following parameters:
- Name of the Managed Instance that will be create including Managed Instance admin name and password
- Public self-signed root certificate data. For detailed information on this and setting up certificates for point-to-site VPN visit the documentation
- Name of the Azure Virtual Network that will be created and configured, including the address range that will be associated to this VNet. Default address range is 10.0.0.0/16 but you could change it to fit your needs.
- Name of the subnet where Managed Instance will be created. The name will be ManagedInstance, if you don't want to change it. Default address range is 10.0.0.0/24 but you could change it to fit your needs.
- Address range for GatewaySubnet. Default address range is 10.0.1.0/28 but you could change it to fit your needs.
- VPN client address pool prefix - computer that connects via VPN would get address from this pool. This IP range must not overlap with virtual network IP address range. Default address pool prefix is 192.168.0.0/24 but you could change it to fit your needs.
- Sku name that combines service tear and hardware generation, number of virtual cores and storage size in GB. The table below shows supported combinations.
- License type that could be BasePrice if you are eligible for Azure Hybrid Use Benefit for SQL Server or LicenseIncluded otherwise
GP_Gen5 | BC_Gen5 | |
---|---|---|
Tier | General Purpose | Busines Critical |
Hardware | Gen 5 | Gen 5 |
Min vCores | 8 | 8 |
Max vCores | 80 | 80 |
Min storage size | 32 | 32 |
Max storage size | 8192 | 1024 GB for 8, 16 vCores 2048 GB for 24 vCores 4096 GB for 32, 40, 64, 80 vCores |
Important
Deployment of first instance in the subnet might take up to six hours, while subsequent deployments take up to 1.5 hours. This is because a virtual cluster that hosts the instances needs time to deploy or resize the virtual cluster. For more details visit Overview of Azure SQL Managed Instance management operations
Each virtual cluster is associated with a subnet and deployed together with first instance creation. In the same way, a virtual cluster is automatically removed together with last instance deletion leaving the subnet empty and ready for removal.