Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

managedInstances

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Enable zone redundancy for Azure SQL Managed Instance to improve high availability and resiliencyHighHigh AvailabilityYesNo
Use Zone-redundant or Geo-zone-redundant Backup storage redundancyHighDisaster RecoveryYesNo
Use Redirect connection type to accelerate application accessMediumScalabilityYesNo
Configure a secondary instance and a Failover group to enable failover to another regionHighDisaster RecoveryNoNo
Monitor your Azure SQL MI Managed Instance in near-real time to detect reliability incidentsMediumMonitoring and AlertingNoNo
Back Up Your KeysMediumDisaster RecoveryNoNo

Details

Enable zone redundancy for Azure SQL Managed Instance to improve high availability and resiliency

Impact:  High Category:  High Availability

APRL GUID:  f8f834a9-c761-4e84-b2cb-ac55494d0c37

Description:

Azure SQL Managed Instance offers built-in availability by deploying multiple replicas in the same zone. For higher availability, use a zone-redundant configuration that spreads replicas across three Azure availability zones, each with independent power, cooling, and networking.

Potential Benefits:

Enhanced availability and reliability
Learn More:
High availability through zone-redundancy

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Managed Instance zone redundancy check  any server that is not configured for ZR
resources
| where type =~ 'Microsoft.Sql/managedInstances'
| extend InstanceName = properties.fullyQualifiedDomainName
| extend ServiceTier = sku.tier
| extend zoneRedundant=properties.zoneRedundant
| where zoneRedundant == 'false'
| project recommendationId='f8f834a9-c761-4e84-b2cb-ac55494d0c37', name, id, tags, param1=strcat('Service Tier:', ServiceTier), param2=strcat('Zone Redundant:', zoneRedundant)

Use Zone-redundant or Geo-zone-redundant Backup storage redundancy

Impact:  High Category:  Disaster Recovery

APRL GUID:  15e2712c-f3ea-4a8d-9081-11e822b1ccfb

Description:

Configuring zone redundancy option for backups copies your backup file synchronously across three Azure availability zones in the primary region. If Geo is selected, then it copies your data asynchronously three times to a single physical location in the paired secondary region.

Potential Benefits:

Enhanced availability and reliability
Learn More:
Backup storage redundancy

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Managed Instance storage backup redundancy check  any server that is not configured for GZRS
resources
| where type =~ 'Microsoft.Sql/managedInstances'
| extend backupredundancy=properties.storageAccountType
| extend ServiceTier = sku.tier
| where backupredundancy != 'GeoZone'
| project recommendationId='15e2712c-f3ea-4a8d-9081-11e822b1ccfb', name, id, param1=strcat('Service Tier:', ServiceTier), param2=strcat('Backup Redundancy:', backupredundancy)

Use Redirect connection type to accelerate application access

Impact:  Medium Category:  Scalability

APRL GUID:  c14de326-2729-4be7-a91f-4ea185d24b10

Description:

Redirect mode enables direct connectivity to the instance bypassing the local gateway component and resulting in improved latency and throughput. Redirect mode applies to the VNet-local endpoint only, while the public and private endpoint will always operate in Proxy connection mode.

Potential Benefits:

Improved latency and throughput
Learn More:
Connection types

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Use Redirect connection type to accelerate application access
resources
| where type =~ 'Microsoft.Sql/managedInstances'
| extend connectionpolicy=properties.proxyOverride
| where connectionpolicy != 'Redirect'
| project recommendationId='c14de326-2729-4be7-a91f-4ea185d24b10', name, id, tags, param1=strcat('Connection Policy:', connectionpolicy)

Configure a secondary instance and a Failover group to enable failover to another region

Impact:  High Category:  Disaster Recovery

APRL GUID:  257cd903-700f-4a79-bd37-7dce2b511df4

Description:

During an outage on the managed instance, use the failover group to switch all databases to a secondary region, either manually or automatically. Route connections to the failover group’s listener instead of the primary instance to avoid changing the connection string after geo-failover.

Potential Benefits:

Ensure seamless service with cross-region failover
Learn More:
Failover groups overview and best practices

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Monitor your Azure SQL MI Managed Instance in near-real time to detect reliability incidents

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  c9afeb1e-e706-4809-be4e-75d9fac708f2

Description:

Monitoring and alerting are an important part of database operations. When working with Azure SQL Managed Instance, make use of Azure Monitor and Database watcher to ensure that you capture relevant database metrics.

Potential Benefits:

Quick incident detection and response
Learn More:
Azure SQL Managed Instance monitoring options

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Back Up Your Keys

Impact:  Medium Category:  Disaster Recovery

APRL GUID:  9fad5392-b852-4807-9b6d-3f700ff9771a

Description:

It is highly recommended to use Azure Key Vault (AKV) to store encryption keys related to Always Encrypted configurations, however it is not required. If you are not using AKV, then ensure that your keys are properly backed up and stored in a secure manner.

Potential Benefits:

Enhanced security and data recovery
Learn More:
Overview of Always Encrypted

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg