This topic describes how to perform basic operations on a MyBase for SQL Server instance. For example, you can configure a whitelist for the instance, apply for a public endpoint for the instance, release the public endpoint of the instance, modify the endpoint of the instance, create accounts, create databases, and log on to the instance.

Basic operations

Configure an IP address whitelist

An IP address whitelist consists of IP addresses that are allowed to access your instance. You can configure IP address whitelists to enable high-level access control for your instance. We recommend that you update the IP address whitelists on a regular basis.

  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Data Security.
  6. Click Create Whitelist. In the panel that appears, specify Whitelist Name. In the IP Addresses field, enter the IP addresses or CIDR blocks to be allowed to access the instance. Click .
    Note
    • If you specify an IP address, the IP address is allowed to access the instance.
    • If you specify a CIDR block, all IP addresses in the CIDR block are allowed to access the instance. For example, if you enter 192.168.0.0/24, all IP addresses from 192.168.0.0 to 192.168.0.255 are allowed to access the instance.
    • If you enter multiple IP addresses or CIDR blocks, separate them with commas (,). For example, enter 192.168.0.1,192.168.0.0/24.
    • You can add a maximum of 1,000 IP addresses or CIDR blocks to the whitelists of an instance. If you want to enter a large number of IP addresses, we recommend that you merge discontinuous IP addresses into CIDR blocks such as 10.10.10.0/24.
    • If you enter 0.0.0.0/0, the instance can be accessed by all IP addresses over the Internet. Proceed with caution.
    • If you enter 127.0.0.1, all IP addresses are blocked.
    • The new whitelist takes effect 1 minute after you complete the settings.

Apply for or release the public endpoint of a MyBase for SQL Server instance

You can use a private endpoint or a public endpoint to connect to a MyBase for SQL Server instance. By default, a private endpoint is provided for you to access an instance. If you need to access an instance over the Internet, apply for a public endpoint.

Private and public endpoints

Endpoint Description
Private endpoint
  • By default, a private endpoint is provided and you cannot release it. You do not need to apply for a private endpoint.
  • If an Elastic Compute Service (ECS) instance is deployed in the same region and has the same network type as your MyBase for SQL Server instance, the two instances can communicate over an internal network. If your application is deployed in such an ECS instance, you do not need to apply for a public endpoint for the MyBase for SQL Server instance. For more information, see Change the network type of an ApsaraDB RDS for SQL Server instance.
  • For security purposes, we recommend that you use a private endpoint to access an instance.
Public endpoint
  • You must manually apply for a public endpoint. You can release the public endpoint if it is no longer required.
  • If you cannot connect to your MyBase for SQL Server instance by using the private endpoint, you must apply for a public endpoint. You can apply for a public endpoint in the following scenarios:
    • You need to connect to the MyBase for SQL Server instance from an ECS instance that is deployed in a different region or a different type of network. For more information, see Change the network type of an ApsaraDB RDS for SQL Server instance.
    • You need to connect to the MyBase for SQL Server instance from a device outside Alibaba Cloud.
Note
  • You are not charged for the public endpoint or the traffic that is consumed.
  • If you connect to your RDS instance by using the public endpoint, security is compromised. Proceed with caution.
  • We recommend that you migrate your application to an ECS instance that resides in the same region and has the same network type as your RDS instance. This allows you to connect to your RDS instance by using the internal endpoint. The connection expedites transmission and improves security.
  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Database Connection.
  6. Apply for or release a public endpoint for your MyBase for SQL Server instance:
    • If you have not applied for a public endpoint, you can click Apply for Public Endpoint.
    • If you have applied for a public endpoint, you can click Release Public Endpoint.
  7. In the message that appears, click OK.

Modify an endpoint

If you need to modify the private or public endpoint for an instance, perform the following steps:

  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Database Connection.
  6. Click Change Endpoint. In the dialog box that appears, select the network type of the endpoint that you want to modify, and modify the prefix and port number for the private or public endpoint.
    Note
    • The prefix of an endpoint must be 8 to 64 characters in length and can contain only letters, digits, and hyphens (-). The prefix must start with a lowercase letter.
    • The port range is from 1000 to 5999.
    • If you have not applied for a public endpoint, the Change Endpoint button is not displayed.
  7. Click OK.

Create an account

  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Accounts.
  6. Click Create Account.
  7. In the panel that appears, configure the following parameters.
    Parameter Description
    Database Account: Enter the username of the account. The username must be 2 to 64 characters in length. It can contain lowercase letters, digits, and underscores (_). It must start with a lowercase letter and end with a lowercase letter or a digit.
    Account Type:
    • Privileged Account: You can create only one privileged account for a MyBase for SQL Server instance. The privileged account of a MyBase for SQL Server instance cannot be deleted.
    • Standard Account: You can select the Standard Account option only after you create a privileged account for your instance. Each MyBase for SQL Server instance can have more than one standard account. You must manually grant permissions on databases to each standard account. A standard account can be deleted.
    • System Admin Account: You can create only one system admin account for a MyBase for SQL Server instance. The system admin account of a MyBase for SQL Server instance can be deleted.
      Note
      • You cannot use the following strings as the username of the system admin account:
        root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds$
      • After a system admin account is created, the service quality that is specified in Alibaba Cloud SLA cannot be guaranteed.
    Authorized Databases: Select the databases that the Standard Account is allowed to access. If no databases are created, you can leave this parameter unspecified.

    You can perform the following steps to grant permissions on multiple databases to the account:

    1. In the Unauthorized Databases section, select the required databases.
    2. Click the > icon to move the selected databases to the Authorized Databases: section.
    3. In the Authorized Databases section, specify the permissions that you want to grant to the account on each database. The supported permissions are Read/Write (DML), Read-only, and Owner.
      Note An account can create tables, delete tables, and modify schemas in a database only if it has the Owner permissions on the database.
      Authorized Databases
    Password:

    Enter a password for the account. The password must meet the following requirements:

    • The password must be 8 to 32 characters in length.
    • The password of the account must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
    • The password can contain the following special characters:@#$%^&*()_+-=
    Confirm Password: Enter the password of the account again.
    Description Enter a description that helps identify the account. The description can be up to 256 characters in length.
  8. Click Create.

Create a database

  1. Log on to the ApsaraDB for MyBase console.
  2. In the top navigation bar, select the region where you want to create a dedicated cluster.
    Select a region
  3. In the left-side navigation pane, choose Instances > SQL Server.
  4. Find the instance that you want to release, and click Details in the Actions column to go to the details page of the instance in the ApsaraDB RDS console.
  5. In the left-side navigation pane, click Databases.
  6. Click Create Database.
  7. Configure the following parameters.
    Parameter Description
    Database Name Enter the name of the database. The name must be 2 to 64 characters in length. It can contain letters, digits, underscores (_), and hyphens (-). It must start with a letter and end with a letter or a digit.
    Supported Character Set Select the character set that is supported by the database.
    Authorized Account: Select the account to which you want to grant the permissions on the database. Then, you must set the Account Type parameter to Read/Write, Read-only, or Owner.

    If no accounts are created, you can leave this parameter empty.

    Note An account is authorized to create tables, delete tables, and modify schemas in a database only when it has the Owner permissions on the database.
    Description Enter a description that is used to identify the database. The description can be up to 256 characters in length.
  8. Click Create.

Log on to an instance

You can use Data Management (DMS) or a client to log on to an instance.

Note DMS is a graphical data management service that allows you to manage relational databases and NoSQL databases. This service provides various features, such as data management, schema management, user authorization, security audit, trend analysis, data tracking, business intelligence (BI) charts, and performance analysis and optimization. For information about how to connect to an instance by using DMS, see Use DMS to log on to an ApsaraDB RDS for SQL Server instance.

This section describes how to use a client to connect to an instance. The Microsoft SQL Server Management Studio (SSMS) client is used in the example. For more information, see Microsoft SQL Server Management Studio.

  1. Start the SSMS client on your ECS instance or computer.
  2. Choose Connect > Database Engine.
  3. In the Connect to Server dialog box, enter the information that is used to log on to your RDS instance.
    Parameter Description
    Server type Select Database Engine.
    Server name Enter the endpoint and port number of your RDS instance. The endpoint and the port number are separated by a comma (,). Example: rm-bptest.sqlserver.rds.aliyuncs.com,3433.

    For more information about how to view the internal and public endpoints and port numbers of your RDS instance, see View and change the internal and public endpoints and port numbers of an ApsaraDB RDS for SQL Server instance.

    Authentication Select SQL Server Authentication.
    Login Enter the username of the account that is authorized to log on to your RDS instance.
    Password Enter the password of the account that is authorized to log on to your RDS instance.
  4. Click Connect.

References