Active Directory (AD) is a directory service developed by Microsoft. AD provides a hierarchical structure that is used to store information about objects on the same LAN. This topic describes how to configure an AD domain for a MyBase for SQL Server instance that supports SQL Server Integration Services (SSIS) in ApsaraDB for MyBase. You can use an AD domain to manage permissions.

Prerequisites

  • SQL Server is selected as the engine of an ApsaraDB for MyBase dedicated cluster.
  • A MyBase for SQL Server instance is created and the privileged account sysadmin is created for the instance. For more information, see Host permissions.
  • A bastion host is configured for the instance and the Windows server account associated with the bastion host is granted the system administrative rights. For more information, see Access a Windows host from a bastion host.
  • A MyBase for SQL Server instance that supports SSIS is deployed in the ApsaraDB for MyBase dedicated cluster. For more information, see Enable SSIS for a MyBase for SQL Server instance of the High-availability Edition.
  • SSIS is available only for a primary instance.

Step 1: Create an ECS instance and configure AD DS for the instance

  1. Log on to the Elastic Compute Service (ECS) console.
  2. Select a region in the top navigation bar. In the left-side navigation pane, choose Instances & Images > Instances. On the page that appears, click Create Instance in the upper-right corner.
    s
    Note For more information, see Create an ECS instance.
  3. On the Custom Launch tab, complete the Basic Configurations, Networking, and System Configurations (Optional) steps. After you complete the settings, click Next.
    Note
    • In the Networking step, configure Network Type for the ECS instance that you want to create. The ECS instance and the MyBase for SQL Server instance that supports SSIS must be deployed in the same virtual private cloud (VPC). The MyBase for SQL Server instance is deployed in the ApsaraDB for MyBase dedicated cluster. For more information, see Enable SSIS for a MyBase for SQL Server instance of the High-availability Edition.
    • In the Networking step, select a security group for the bastion host that is associated with the MyBase for SQL Server instance.
    • In the System Configurations (Optional) step, you can enter Microsoft Server 2016 in the Host field.
  4. In the Cloud Resource Access Authorization dialog box, click Authorized. Then, click Next to go to the Grouping (Optional) step.
  5. Click Preview and complete the subsequent operations.
  6. Create an AD directory on the ECS instance that you created.
    Note Configure the root domain and NetBIOS name based on your naming rules. For more information about how to create an AD directory and join an AD domain, see Join a Windows server to an AD domain.
  7. Return to the Instances page. You can view the IP address of the ECS instance that you created.

Step 2: Configure a security group for the ECS instance to enable AD DS

  1. In the left-side navigation pane, choose Network & Security > Security Groups to create a security group for your ECS instance.
    s
    Note To enable Active Directory Domain Services (AD DS) for the ECS instance, enable the required ports and configure the security group. For more information, see Create a security group.
  2. Find the security group that you specified when you created the ECS instance, and click the security group name to go to the Security Group details page. In the left-side navigation pane, click Instances in Security Group. In the upper-right corner of the page, click Add Instance to add the ECS instance for which you want to enable AD DS to the security group.
  3. Disable the Windows firewall.
    Note For more information about how to disable the Windows firewall, see Enable or disable Internet Firewall.

Step 3: Configure DNS for the MyBase for SQL Server instance in the AD domain

  1. Use a bastion host to log on to the server that runs the MyBase for SQL Server primary instance and configure a Domain Name System (DNS) server. For more information, see Bastion hosts and DNS servers.
  2. Open the CLI for the MyBase for SQL Server instance, and run the following command to query the IP address of the DNS server:
    ipconfig /all
  3. Configure a DNS forwarder for the MyBase for SQL Server instance.
    1. Set the IP address of the DNS forwarder to the IP address of the DNS server you obtained in the previous step.
    2. Set the DNS name to a value that consists of the AD domain you created in Step 1 and the private IP address of the ECS instance.
    3. Configure the network settings for your on-premises machine on Windows. The DNS server uses the network settings of the on-premises machine. Set the IP address of the DNS server to the IP address of your on-premises machine.
  4. Add the DNS server address used by your on-premises machine to the AD domain.
    1. Open the Start menu and open Control Panel.
    2. Click System and Security and click System.
    3. In the Computer name, domain, and workgroup settings section, click Change settings.
    4. On the Computer Name tab, click Change.
    5. In the Member of section, select Domain, enter the domain that you specified in Step 1, and then click OK.
    6. Enter the username and password that you specified in Step 1 and Step 2 to log on to the MyBase for SQL Server instance.
    7. Click OK. Then, restart your on-premises machine.
  5. Use a bastion host to log on to the server that runs a MyBase for SQL Server secondary instance and configure a DNS server. Then, perform the steps 1 to 4 again. For more information, see Bastion hosts and DNS servers.
  6. Enter the username and password to log on to the MyBase for SQL Server primary instance. To remotely connect to a database instance, create a database account, authenticate the account on the Windows server, and then grant the account the required permissions.
    Note For more information about how to enable SSIS for a MyBase for SQL Server instance of the High-availability Edition, see Enable SSIS for a MyBase for SQL Server instance of the High-availability Edition.