First published on MSDN on Sep 13, 2018
SQL Managed instance is located inside a Vnet.
The options to connect to it are :
-
From the Azure
-
-
Inside the same VNet (different subnet)
-
From different VNet using VNet peering / Site-to-Site VPN / Express Route circuit (for cross-region connection)
-
From on-premises . Using express Route or VPN
Refer to this
article
for details.
In case you are choosing connecting to Managed instance from a different Vnet , you will need to have Vnet Peering Or Site-to-Site VPN between the 2 Vnets.
In case you have configure a Vnet peering Or Site-to-Site VPN and still have a problem to connect to the Managed instance , check the following :
-
Check that the 2 Vnets are not on different regions - not supported unless you are using Express route cross-region connection
cross region peering is not supported for MI
2. Run Psping to the Managed instance name with Port 1433 . In case it does not work something is wrong with the communication between the 2 Vnets:
In this case , you should check that there is NSG ( Network security group ) rule on the Subnet of the other Vnet ( the Vnet where you are trying to connect to managed instance from ) The rule need to be configured as the following :
Source IP addresses : The subnet range of IP's where the VM with SSMS is located
Destination IP addresses : The MI subnet range of IP's
This is outbound rule and must have higher priority then rule that would eventually block the connection
P.S - Very soon we are also going to support NSG on port 1433 on Manage instance subnet.