This topic describes how to change the network type of an ApsaraDB RDS for SQL Server instance from the classic network type to the virtual private cloud (VPC) network type.

Network types

  • Classic network: RDS instances in the classic network are not isolated. To block unauthorized access to these instances, you must configure IP address whitelists or security groups.
  • VPC: Each VPC is an isolated network. VPCs are more secure than the classic network. Therefore, we recommend that you select the VPC network type.

    You can customize route tables, CIDR blocks, and gateways for a VPC. In addition, you can connect your data center to a VPC by using leased lines or VPNs. The data center and the VPC comprise a virtual data center. You can use the virtual data center to migrate your workloads to the cloud with no downtime.

Note
  • You can select the classic or VPC network type and can switch your RDS instance between these network types free of charge.
  • You can change the network type of an RDS instance only from classic network to VPC. You cannot change the network type of an RDS instance from VPC to classic network.

Procedure

Precautions

  • If your RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC.
  • Temporary RDS instances support only the classic network type. If your RDS instance is a temporary RDS instance, you cannot change the network type from classic network to VPC. For more information about how to log on to a temporary RDS instance, see Log on to a temporary ApsaraDB RDS for SQL Server instance.

Procedure

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. Click Switch to VPC.
  4. In the dialog box that appears, select a VPC and a vSwitch, and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN and Establish IPsec-VPN connections between two VPCs.
    • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone where the RDS instance resides. For more information, see Create a vSwitch.
    • Clear or select the Reserve original classic endpoint option. For more information, see the following table.
      Action Description
      Clear the Reserve original classic endpoint option

      The classic network endpoint is not retained and changes to a VPC endpoint.

      When you change the network type from classic network to VPC, a temporary loss of connection of about 30 seconds occurs. In this case, the connection between each classic network-hosted ECS instance and the RDS instance is closed.
      Select the Reserve original classic endpoint option

      The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. Both classic network-housed ECS instances and VPC-housed ECS instances can connect to the RDS instance over an internal network. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance.

      When you change the network type from classic network to VPC, no temporary loss of connection occurs. The connection between each classic network-housed ECS instance and the RDS instance remains available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the generated VPC endpoint to the required VPC-housed ECS instance. This way, ApsaraDB RDS can migrate your workloads to the selected VPC with no downtime. Before the classic network endpoint expires, ApsaraDB RDS sends a text message to the phone number that is bound to your Alibaba Cloud account for seven consecutive days.

      For more information, see Configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance.

  5. Add the private IP address of the required VPC-hosted ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
  6. Add the VPC endpoint of the RDS instance to the required ECS instance.
    • If you have selected the Reserve original classic endpoint option, you must add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
    • If you have cleared the Reserve original classic endpoint option, the connection between each classic network-hosted ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the generated VPC endpoint to each VPC-housed ECS instance.
    Note If you want to connect a classic network-housed ECS instance to the VPC-housed RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the VPC where the RDS instance resides. For more information, see Overview.

FAQ

How do I change the VPC of my RDS instance?

Purchase a new RDS instance that resides in the required VPC. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between RDS instances.

Related operations

Operation Description
Change the network type of an ApsaraDB for RDS instance Changes the network type of an ApsaraDB RDS instance.