Merge pull request #34387 from zoran-rilak-msft/sqlmi-connection-types

Update connection-types-overview.md

Author: JamesJBarnett

azure-sql/managed-instance/connection-types-overview.md

@@ -5,7 +5,7 @@ description: Learn about Azure SQL Managed Instance connection types
 author: zoran-rilak-msft
 ms.author: zoranrilak
 ms.reviewer: vanto, mathoma
-ms.date: 12/01/2021
+ms.date: 07/09/2025
 ms.service: azure-sql-managed-instance
 ms.subservice: connect
 ms.topic: conceptual
@@ -15,49 +15,45 @@ ms.custom: devx-track-azurepowershell
 # Azure SQL Managed Instance connection types
 [!INCLUDE[appliesto-sqlmi](../includes/appliesto-sqlmi.md)]
 
-This article explains how clients connect to Azure SQL Managed Instance depending on the connection type. Script samples to change connection types are provided below, along with considerations related to changing the default connectivity settings.
+This article explains how clients connect to the VNet-local endpoint of Azure SQL Managed Instance based on the connection type, how to change connection types, and considerations for changing the default connectivity settings.
 
 ## Connection types
 
-Azure SQL Managed Instance's VNet-local endpoint supports the following two connection types:
-
-- **Redirect (recommended):** This is the preferred way for SQL clients to connect to managed instances. With redirect, clients establish connections directly to the node hosting the database. To enable redirect, you need to configure firewalls and Network Security Group (NSG) rules to allow inbound access on ports 1433 and port range 11000-11999. Redirect exhibits superior latency and throughput performance compared to proxy. Redirect also minimizes the impact of planned maintenance events of the gateway component, since redirect connections, once established, have no dependency on the gateway. Redirection capability depends on SQL drivers to understand TDS (Tabular Data Stream) 7.4 or newer. TDS 7.4 was first published with Microsoft SQL Server 2012, so any client newer than that will work.
-- **Proxy (default):** This is the legacy connectivity mechanism meant to support SQL drivers that implement TDS versions older than 7.4. In this mode, all connections are proxied through the internal gateway and only the port 1433 is required to be open. In proxy method, the gateways process the instruction to locate the primary SQL replica node to forward the connection. Depending on the nature of this workload, gateways can bottleneck connectivity. Proxy mode can severely degrade the latency and lower the throughput compared to redirect as it is more susceptible to the loss of live connections due to planned maintenance events of the gateway component. For this reason, we **highly recommend** you configure all your managed instances to **use the redirect connection policy** unless your SQL clients do not support TDS redirects.
-
-Note that redirect option only has effect on the VNet-local endpoint. Public endpoints and private endpoints to Azure SQL Managed Instance always operate in proxy mode.
+The VNet-local endpoint of Azure SQL Managed Instance supports two connection types: *redirect* (recommended) and *proxy* (default). 
 
 > [!IMPORTANT]
-> It is **highly recommended** to configure all managed instances to **use the redirect connection policy**, except when SQL clients do not support TDS redirects.
+> **Using the redirect connection policy is highly recommended** for all SQL managed instances, except when SQL clients do not support TDS redirects.
 
-## Redirect connection type
+### Redirect connection type (recommended)
 
-In the redirect connection type, after the TCP session is established to the SQL engine, the client session obtains the destination virtual IP of the virtual cluster node from the load balancer. Subsequent packets flow directly to the virtual cluster node, bypassing the gateway. The following diagram illustrates this traffic flow.
+Redirect is the preferred way for SQL clients to connect to Azure SQL Managed Instance. With redirect, clients establish connections directly to the node that hosts the database. The redirect connection type has better latency and throughput performance compared to proxy. Redirect also minimizes the impact of planned maintenance events of the gateway component, since redirect connections, once established, have no dependency on the gateway.
 
-![Diagram shows an on-premises network with redirect-find-db connected to a gateway in an Azure virtual network and a redirect-query connected to a database primary node in the virtual network.](./media/connection-types-overview/redirect.png)
+To use the redirect connection type, you need the following two prerequisites:
+- The network security group (NSG) rules in the subnet of the SQL managed instance, and any firewalls on the route from your SQL client to the SQL managed instance, must permit inbound access on port 1433 and port range 11000-11999 to the entire IP address range assigned to the subnet of the SQL managed instance.
+- Connecting clients must support Tabular Data Stream (TDS) version 7.4 or newer. TDS 7.4 was first published with Microsoft SQL Server 2012, so any SQL drivers compliant with that version use the redirect connection type. For a list of recommended TDS drivers, see [Recommended versions of drivers and tools](connect-application-instance.md#recommended-versions-of-drivers-and-tools).
 
-> [!IMPORTANT]
-> The redirect connection type only affects the VNet-local endpoint. Connections coming through public and private endpoints are always handled using the proxy connection type regardless of the connection type setting.
+> [!NOTE]
+> Azure SQL Managed Instance is slowly rolling out an improvement to the redirect mechanism that conducts all traffic using port 1433. **The prerequisites regarding ports 11000-11999 remain authoritative and no changes to your existing NSG and RT are required until further notice**
 
-## Proxy connection type
+In the redirect connection type, after the TCP session is established to the SQL Database Engine, the client session obtains the destination virtual IP of the virtual cluster node from the load balancer. Subsequent packets flow directly to the virtual cluster node, bypassing the gateway. The following diagram illustrates this traffic flow:
 
-> [!WARNING]
-> Proxy connection type is only recommended for old clients and applications that do not support Tabular Data Stream (TDS) standard 7.4 newer (available since SQL Server 2012). Managed instances should be configured to use the redirect connection type whenever possible.
+:::image type="content" source="media/connection-types-overview/redirect.png" alt-text="Diagram showing an on-premises network with redirect-find-db connected to a gateway in an Azure virtual network and a redirect-query connected to a database primary node in the virtual network.":::
 
-In the proxy connection type, the TCP session is established using the gateway and all subsequent packets flow through it. The following diagram illustrates this traffic flow.
+### Proxy connection type (default)
 
-![Diagram shows an on-premises network with a proxy connected to a gateway in an Azure virtual network, connect next to a database primary node in the virtual network.](./media/connection-types-overview/proxy.png)
+The proxy is the default connectivity mechanism to support compatibility with SQL drivers that implement TDS versions older than 7.4. This connection type proxies the incoming connections through an internal gateway, which only requires port 1433 to be open for inbound traffic. Because the internal gateway forwards the connection, proxy connections can create connectivity bottlenecks, severely degrading latency and lowering the throughput compared to the redirect connection type. Additionally, the proxy connection type generates more disconnect events due to planned maintenance events of the gateway component.
 
-## Changing Connection Type
+The following diagram illustrates the proxy TCP flow via the gateway: 
+![Diagram showing an on-premises network with a proxy connected to a gateway in an Azure virtual network, connect next to a database primary node in the virtual network.](./media/connection-types-overview/proxy.png)
 
-- **Using the Portal:**
-To change the connection type using the Azure portal, go to your SQL Managed Instance resource, under **Security**, select **Networking**. In the **Networking** page, select the drop-down under **Connection type (VNet-local endpoint)** to change between the Proxy/Redirect types. Save the changes once you are done.
+## Change the connection type
 
+- **Using the Azure portal:**
+To change the connection type by using the Azure portal, open the [Virtual Network](https://portal.azure.com/#view/HubsExtension/AssetMenuBlade/~/virtualnetworks/assetName/NetworkFoundation/extensionName/Microsoft_Azure_Network) page for your SQL managed instance and use the **Connection type** setting to change the connection type and save the changes.
 
 - **Script to change connection type settings using PowerShell:**
 
-[!INCLUDE [updated-for-az](../includes/updated-for-az.md)]
-
-The following PowerShell script shows how to change the connection type for a managed instance to `Redirect`.
+The following PowerShell script shows how to change the connection type for a SQL managed instance to `Redirect`.
 
 ```powershell
 Install-Module -Name Az
@@ -67,14 +63,14 @@ Import-Module Az.Sql
 Connect-AzAccount
 # Get your SubscriptionId from the Get-AzSubscription command
 Get-AzSubscription
-# Use your SubscriptionId in place of {subscription-id} below
+# Use your SubscriptionId in place of {subscription-id}
 Select-AzSubscription -SubscriptionId {subscription-id}
-# Replace {rg-name} with the resource group for your managed instance, and replace {mi-name} with the name of your managed instance
+# Replace {rg-name} with the resource group for your SQL managed instance, and replace {mi-name} with the name of your SQL managed instance
 $mi = Get-AzSqlInstance -ResourceGroupName {rg-name} -Name {mi-name}
 $mi = $mi | Set-AzSqlInstance -ProxyOverride "Redirect" -force
 ```
 
-## Next steps
+## Related content
 
 - [Restore a database to SQL Managed Instance](restore-sample-database-quickstart.md)
 - Learn how to [configure a public endpoint on SQL Managed Instance](public-endpoint-configure.md)

azure-sql/managed-instance/frequently-asked-questions-faq.yml

@@ -215,7 +215,7 @@ sections:
           - [Automatic tuning](../database/automatic-tuning-overview.md) that provides peak performance and stable workloads through continuous performance tuning based on AI and machine learning.
           - [In-memory OLTP](in-memory-oltp-overview.md) that improves throughput and latency on transactional processing workloads and delivers faster business insights. 
           - Applying some of the [best practices for application and database tuning](performance-guidance.md#tune-your-database).
-          - [Switching the connection type from proxy to redirect mode](connection-types-overview.md#changing-connection-type) for lower latency and higher throughput, in case your workload consists of lots of small transactions.
+          - [Switching the connection type from proxy to redirect mode](connection-types-overview.md#change-the-connection-type) for lower latency and higher throughput, in case your workload consists of lots of small transactions.
 
       - question: How can I further tune performance of my General Purpose managed instance?
         answer: |