System Requirements for Azure SQL Managed Instance Backups Using a Backup Gateway

Verify that your environment meets the system requirements to configure Azure SQL Managed Instance backups using a backup gateway.

Commvault Software

Verify that the SQL Server Agent is installed on the access node.

Azure Cloud

Verify that the following ports are open on the backup gateway that has access to the Azure cloud:
- 443 to management.azure.com
- 1433 to *.database.windows.net
If you are using an Azure storage account for staging and not the DaCFX method, use the storage location to stage the database bacpac file for processing export and import operations. These files are deleted from the storage account after the backup and restore operation completes.

SQL Server Authentication

You can use the following types of user accounts for data protection.

Azure Managed Instance Admin account: Managed instance administrator of the Azure SQL Managed instance.
Microsoft Entra Admin: Administrator account to centrally manage identity and access for your Azure SQL Managed instance.

Database user: Database level account that is used to configure minimal permissions for data protection operations. This authentication type will require the following minimum permissions:

Server-Level Roles	Database-Level Roles
dbcreator This role is required because the restore operation needs to create the database if it does not exist.	Login account and/or user account on the master database. A login account is recommended especially when managing multiple databases on the instance; the password is associated with the login account instead of with individual databases. A user account on the master database requires VIEW ANY DEFINITION permission. This is required to allow the gathering of metadata from sys.master_files and is only needed if you are not configuring a dbcreator server role for restore purposes. The user account at the databases level associated with the login account must have the following roles: db_backupoperator on the database that is being backed up db_datareader on the database that is being backed up

Server-Level Roles

Database-Level Roles

dbcreator

This role is required because the restore operation needs to create the database if it does not exist.

Login account and/or user account on the master database.

A login account is recommended especially when managing multiple databases on the instance; the password is associated with the login account instead of with individual databases.

A user account on the master database requires VIEW ANY DEFINITION permission. This is required to allow the gathering of metadata from sys.master_files and is only needed if you are not configuring a dbcreator server role for restore purposes.

The user account at the databases level associated with the login account must have the following roles:

db_backupoperator on the database that is being backed up
db_datareader on the database that is being backed up

Supported TLS Version

The software supports database protection operations on TLS version 1.2.