All Products
Search
Document Center

Instance management

Last Updated: Apr 15, 2020
  • To manage databases used by your business in various environments in the DMS Enterprise console in a unified manner, you need to register target instances with DMS Enterprise.

Precautions

    1. You can only use a Virtual Private Cloud (VPC) or internal network address instead of a public network address to register a Relational Database Service (RDS) VPC instance with DMS Enterprise.
    1. If you register a Distributed Relational Database Service (DRDS) instance, set Network Type to VPC and enter the corresponding VPC address.
      • If your DRDS instance uses the VPC network type and no classic network address is available in the console, you can apply for a classic network address for your DRDS instance.
    1. Permissions are granted based on the actual management requirements during instance registration. If you do not have certain permissions, you cannot perform corresponding operations. For more information about the permission granting syntax, see the official documentation for each database type.
      • To manage all databases under an instance in DMS Enterprise, your permissions must target all databases under the instance.
      • To manage one or more databases under an instance, your permissions must target the one or more databases.
      • To query data in an instance in DMS Enterprise, you need sufficient query permissions.
      • To add data to, delete data from, or modify and query data in an instance in DMS Enterprise, you need sufficient data manipulation language (DML) permissions.
      • To modify a table schema under an instance in DMS Enterprise, you need sufficient DML permissions.
      • To perform operations on objects such as views, stored procedures, triggers, and functions in an instance in DMS Enterprise, you need sufficient object operation permissions.
    1. To facilitate fault diagnosis, we recommend that you create a new account to register an instance instead of using an account that has been in use.
    1. You can manage instances only when you have the administrator or DBA permission in DMS Enterprise.
    1. Make sure that no spaces are added before and after the parameter values to avoid interference.

Method 1: manually register an instance

Procedure

    1. Click Create on the Instance Management page and set related parameters.
Parameter Setting method Value Description
Instance Type Select an option from the drop-down list. MySQL, Mongo, DRDS, SQLServer, PostgreSQL, ORACLE, OceanBase1.0, or Redis
Instance Source Select an option from the drop-down list. RDS, ECS-hosted Instance, User-built Instance in Public Networks, or VPC-connected Instance
Network Type Select an option from the drop-down list. Classic Network or VPC
Environment Select an option from the drop-down list. Production or Test In actual use, the production environment is marked with a red block, and the test environment is marked with a green block.
Host Manually enter the value. The corresponding IP address or Domain Name System (DNS) connection string address. If you use VPC, the address can only be an internal network address, that is, VPC address.
Port Manually enter the value. The port of the corresponding database service.
SID/Database Manually enter the value. The specific security ID (SID) under an instance for Oracle or the specific database under an instance for PostgreSQL. This parameter is not available for other database types.
Database Username Manually enter the value. The user granted the permissions to access certain databases. Customize a value as required.
Password Manually enter the value. The password for a database user to log on to databases.
Instance Name Manually enter the value. An identifier for you to distinguish between instances.
Instance DBA Select an option from the drop-down list. The user who has the administrator or DBA permission in DMS Enterprise. The user is the one who registers the current instance by default. On some default nodes of a security rule, the user takes charge of approving operations performed on databases under an instance. If the user account is to be banned or deleted later, transfer the DBA permission of this user to another user in advance.
Security Rule Select an option from the drop-down list. By default, the system provides three levels of security rules: high, medium, and low. You can choose System Management > Security Rules to confirm, maintain, or add a security rule and formulate an approval process that complies with the requirements of the business line of the instance.
Query Timeout Manually enter the value. Default value: 60 seconds. If the query duration exceeds 60 seconds, the query is automatically terminated. You can increase or decrease the timeout duration for a specific instance.
Export Timeout Manually enter the value. Default value: 600 seconds. If the export duration exceeds 600 seconds, the export is automatically terminated. You can increase or decrease the timeout duration for a specific instance.
    1. Verify that all required parameters are set and click Test Connectivity.
      • If the connection is successful, click Save.
      • If the connection fails, set corresponding parameters again until the connection is successful, and click Save.
    1. To modify instance information such as the DBA, security rule, and timeout duration, select the instance and click Edit or double-click the instance.
      • The editing dialog box is the same as the instance registration dialog box. Change related parameter values as required and save the settings.
    1. To temporarily disable an instance for special purposes, click Disable for the instance.
      • After you disable an instance, you cannot find the databases and tables under the instance in DMS Enterprise until the instance is enabled again.
      • Disabling an instance only affects operations performed in DMS Enterprise and does not affect the actual use of the instance in other platforms.
    1. To use a disabled instance, click Enable for the instance.
      • After the instance is enabled, permissions granted before the instance is disabled are still valid.
    1. If an instance is no longer used or has been released for some reasons, click Delete to delete the instance.
      • After the instance is deleted, all related configurations such as user permissions are deleted from DMS Enterprise.
      • Deleting an instance only affects operations performed in DMS Enterprise and does not affect the actual use of the instance in other platforms.

Method 2: synchronize RDS instances

Procedure

    1. If you log on to the DMS Enterprise console by using an Alibaba Cloud account that has RDS instance resources, click Synchronize RDS Instance.
      • This operation only synchronizes the RDS instances that belong to the current Alibaba Cloud account to DMS Enterprise.
      • If no RDS instance belongs to a RAM user account, no data appears after you click Synchronize RDS Instance.
    1. Verify that parameters listed in the following table appear after synchronization.
Parameter Value Description
Instance The address of the RDS instance. If you use VPC, the address can only be an internal network address, that is, VPC address.
Network Type VPC or CLASSIC
Region The region where the RDS instance resides.
Description The remarks about the instance name in the RDS console.
Instance Type The instance type such as MySQL, SQL Server, or PostgreSQL.
Last Modified At The time when the instance was last synchronized.
Status Unused or Synchronized The value Synchronized indicates that the RDS instance has been synchronized to DMS Enterprise. The value Unused indicates that the RDS instance has not been synchronized.
    1. To synchronize an instance whose status is Unused to DMS Enterprise for management, click Unused or double-click the target instance.
    1. Manually enter information such as the database username and password when synchronizing an instance to DMS Enterprise. Verify that other information automatically appears.
Parameter Setting method Description
Instance Type The value automatically appears. The value is based on the type returned after you call the corresponding operation.
Environment The value automatically appears. Default value: Production. The value is adjustable.
Host The value automatically appears. The value is based on the address returned after you call the corresponding operation.
Port The value automatically appears. The value is based on the address returned after you call the corresponding operation.
SID/Database Manually enter the value. Set this parameter as required if you use PostgreSQL or Oracle. This parameter is not available for other database types.
Database Username Manually enter the value. Manually enter the value as required.
Password Manually enter the value. Manually enter the value as required.
Instance Alias The value automatically appears. The value is based on the alias returned after you call the corresponding operation.
Instance DBA The value automatically appears. The instance DBA is the user who registers the current instance by default and can be adjusted as required.
Security Rule The value automatically appears. Default value: Low Level. The value can be adjusted as required.
Query Timeout The value automatically appears. Default value: 60 seconds. The value can be adjusted as required.
Export Timeout The value automatically appears. Default value: 600 seconds. The value can be adjusted as required.
    1. Click Test Connectivity. After the test is successful, click Synchronize to DMS.
    1. To edit, disable, enable, or delete an instance, see Method 1: manually register an instance.

Grant permissions to a RAM user

Create a policy

  • Log on to the RAM console by using the Alibaba Cloud account and create an authorization policy.

  • The following code shows a detailed authorization policy:

  1. {
  2. "Version": "1",
  3. "Statement": [
  4. {
  5. "Action": "rds:DescribeDBInstances",
  6. "Resource": "*",
  7. "Effect": "Allow"
  8. }
  9. ]
  10. }

Use a system policy

  • Obtain the RDS instance list in the console and grant permissions based on the system policy AliyunRDSReadOnlyAccess. To view the system policy, choose Permissions > Policies in the RAM console.

FAQ

  • Q1. Why are only two of the three business databases under an instance synchronized to DMS Enterprise?

    • A1. If you have permissions only for two databases, the third database cannot be synchronized. If you want to manage these databases together, you need the permission for the third database.
    • A2. If you have instance permissions and the database was just created, DMS Enterprise cannot detect the database in real time. To manage the database immediately, choose System Management > Instance Management, find the target instance, and click Synchronize. Then the system collects dictionary metadata in the instance. The collection duration depends on the number of databases and tables under the instance that are to be synchronized. The reference rate for synchronizing tables in sequence is 20 to 25 tables per second. If there are multiple databases under the instance, databases are synchronized concurrently.
  • Q2. Can I perform operations directly after I log on to the DMS Enterprise console as the user who has the permissions to read and write an instance?

    • No, you cannot directly perform operations. All your operations must be approved based on the corresponding approval process in DMS Enterprise first. In addition, all operations are logged. The administrator of DMS Enterprise can choose System Management > Operation Logs to audit operations at any time.
  • Q3. Why is the instance name in the ip/dns:port:database or ip/dns:port:SID format in DMS Enterprise and different from the actual one if the registered instance uses the PostgreSQL or Oracle database type?

    • A1. To facilitate flexible customization of approval processes at a fine granularity, the name of the instance registered with DMS Enterprise is in the ip/dns:port:database or ip/dns:port:SID format. You can flexibly configure the responsible DBA role and the security rule specifying an approval process for each instance.
    • A2. Also, the number of instances is one of the billing factors in DMS Enterprise. The actual billing for PostgreSQL and Oracle databases is based on ip/dns:port. That is, the instance name is consistent with the actual instance definition and such refined management does not lead to cost increase.
  • Q4. Can I increase the timeout interval for an instance when the query is time-consuming in some analysis scenarios?

    • The administrator and DBA can evaluate the timeout interval based on the business requirements of the instance and increase the timeout interval if such increase does not affect the actual business.
  • Q5. Can I register resources that belong to other accounts with DMS Enterprise?

    • For security reasons, the use of resources in your own account or other users’ accounts of your enterprise is limited. In this case, even if the resource owner is a common user, as long as the resource owner appears in the user management list in DMS Enterprise, the administrator and DBA can register resources of the owner for subsequent management.