This topic describes how to change the network type of an ApsaraDB RDS for SQL Server instance between classic network and virtual private cloud (VPC).

Network types

  • Classic network: RDS instances in the classic network are not isolated. To block unauthorized access to these instances, you must configure IP address whitelists or Elastic Compute Service (ECS) security groups.
  • VPC: Each VPC is an isolated network. VPCs are more secure than the classic network. Therefore, we recommend that you select the VPC network type.

    You can configure route tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. In addition, you can connect your data center to a VPC by using leased lines or VPNs. The data center and the VPC comprise a virtual data center. You can migrate your workloads to the cloud without interruptions by using the virtual data center.

Note You can select the classic or VPC network type and switch your RDS instance between the two network types free of charge.

Change the network type from VPC to classic network

Precautions
  • After you change the network type from VPC to classic network, the internal endpoint of your RDS instance remains unchanged. However, the IP address that is associated with the internal endpoint changes.
  • After you change the network type from VPC to classic network, you cannot connect a VPC-housed ECS instance to your RDS instance by using the internal endpoint. In addition, you must immediately update the endpoint information on your application.
  • When you change the network type, a transient connection error of up to 30 seconds may occur. We recommend that you perform the network type change during off-peak hours. Alternatively, make sure that your application is configured to automatically reconnect to your RDS instance. These measures prevent interruptions to your workloads.
  • You can change the network type from VPC to classic network only when your RDS instance runs SQL Server 2008 R2, SQL Server 2012 Web, or SQL Server 2016 Web. The other SQL Server versions do not support the network type change from VPC to classic network.

Procedure

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. Click Switch to Classic Network.
  4. In the message that appears, click OK.

    After you change the network type, only a classic network-housed ECS instance can connect to your RDS instance over an internal network. You must add the internal endpoint of your RDS instance to the ECS instance.

  5. Configure an IP address whitelist to allow access from a classic network-housed ECS instance over an internal network.
    If your RDS instance runs in standard whitelist mode, you can add the private IP address of the classic network-housed ECS instance to an IP address whitelist of the classic or VPC network type.

Change the network type from classic network to VPC

Precautions

  • If your RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC.
  • If your RDS instance is a temporary RDS instance, you cannot change the network type from classic network to VPC. This is because temporary RDS instances support only the classic network type. For more information about how to log on to a temporary RDS instance, see Log on to a temporary ApsaraDB RDS for SQL Server instance.

Procedure

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. Click Switch to VPC.
  4. In the dialog box that appears, select a VPC and a vSwitch, and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN and Establish IPsec-VPN connections between two VPCs.
    • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the same zone as your RDS instance. For more information, see Create a vSwitch.
    • Clear or select the Reserve original classic endpoint option. For more information, see the following table.
      Action Description
      Clear the Reserve original classic endpoint option

      The classic network endpoint is not retained and changes to a VPC endpoint.

      When you change the network type from classic network to VPC, a transient connection error of up to 30 seconds occurs. In this case, the connection between each classic network-housed ECS instance and your RDS instance is closed.
      Select the Reserve original classic endpoint option

      The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance runs in hybrid access mode. Both classic network-housed ECS instances and VPC-housed ECS instances can connect to your RDS instance over an internal network. For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.

      When you change the network type from classic network to VPC, no transient connection errors occur. The connection between each classic network-housed ECS instance and your RDS instance remains available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the VPC endpoint to the required VPC-housed ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC without interruptions. In addition, ApsaraDB RDS sends a text message to the phone number that is bound to your Alibaba Cloud account for seven consecutive days before the classic network endpoint expires.

      For more information, see Configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance.

  5. Add the private IP address of the required VPC-housed ECS instance to an IP address whitelist of the VPC network type. This allows the ECS instance to access your RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
  6. Add the VPC endpoint of your RDS instance to the required ECS instance.
    • If you have selected the Reserve original classic endpoint option, you must add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
    • If you have cleared the Reserve original classic endpoint option, the connection between each classic network-housed ECS instance and your RDS instance over an internal network is immediately closed after the network type is changed to VPC. You must add the generated VPC endpoint to each VPC-housed ECS instance.
    Note If you want to connect a classic network-housed ECS instance to your VPC-housed RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as your RDS instance. For more information, see Overview.

FAQ

How do I change the VPC of my RDS instance?

  • If your RDS instance supports changes between the classic and VPC network types, perform the following steps:
    1. Change the network type from VPC to classic network.
    2. Change the network type from classic network to VPC. During this process, select the VPC that you want.
  • If your RDS instance does not support changes between the classic and VPC network types, perform the following steps:

    Purchase a new RDS instance that resides in the required VPC. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between ApsaraDB RDS instances.

Related operations

Operation Description
Change the network type of an ApsaraDB for RDS instance Changes the network type of an ApsaraDB RDS instance.