06 How will it work for me? Chapter 04
Figure 1: Options for application connectivity
SQL Server
instance #1
SQL Server
instance #3
VNet1
VNet-to-VNet
SQL Server
instance #2
Network isolation
(customer VNet)
Web app
(public IP)
Tenant isolation
(compute, storage)
VPN/ExpressRoute
gateway
On-premises
VNet2
"Virtual data cluster" dedicated to customer
(virtual private cluster, VNet, private IPs)
Azure SQL Database Managed Instance supports connections from Azure only
or from a hybrid environment (Figure 1). During service provisioning through
the Azure portal or REST API, you can choose the VNet and subnet to achieve
full networking isolation for your managed instances. Once created, instances
in the VNet can be reached using Azure networking mechanisms (VPN and
ExpressRoute gateways). The endpoint is exposed only through a private IP
address, allowing safe connectivity from private Azure or hybrid networks.
Options for
application
connectivity
