Change the network type of an ApsaraDB RDS for SQL Server instance

Edit in GitHub

Last Updated: Aug 14, 2020 Edit in GitHub

This topic describes how to change the network type of an ApsaraDB RDS for SQL Server instance between classic network and VPC.

Network types

Classic network: RDS instances in the classic network are not isolated. You can block unauthorized access only by configuring IP address whitelists or security groups on these instances.
VPC: Each virtual private cloud (VPC) is an isolated network. We recommend that you select the VPC network type because it is more secure than the classic network.
You can configure route tables, Classless Inter-Domain Routing (CIDR) blocks, and gateways in a VPC. To smoothly migrate applications to the cloud, you can connect your own data center to a VPC by using leased lines or VPNs. This allows you to build a virtual data center on the cloud.

Note You can select the classic or VPC network type and change between the two network types free of charge.

Change the network type from VPC to classic network

Precautions

After you change the network type from VPC to classic network, the internal endpoint of the RDS instance remains unchanged. However, the IP address bound to the internal endpoint changes.
After you change the network type from VPC to classic network, you cannot access the RDS instance by using the internal endpoint. This applies to an Alibaba Cloud Elastic Compute Service (ECS) instance that no longer resides in the same VPC as the RDS instance. Make sure that you immediately update the endpoint information on your application after you change the network type.
When you change the network type from VPC to classic network, a transient connection error of about 30 seconds may occur. To avoid interruptions to your workloads, we recommend that you perform the network type change during off-peak hours. Alternatively, make sure that your application is configured to automatically reconnect to the RDS instance.
You can change the network type from VPC to classic network only when the RDS instance runs SQL Server 2008 R2, SQL Server 2012 Web, or SQL Server 2016 Web. The other SQL Server versions do not support the network type change from VPC to classic network.

Procedure

Log on to the ApsaraDB for RDS console.
In the left-side navigation pane, click Instances. In the top navigation bar, select the region where the target RDS instance resides.
Find the target instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to Classic Network.
In the dialog box that appears, click OK.

After you change the network type, only a classic network-housed ECS instance can access the RDS instance over an internal network. You must modify the ECS instance to configure the internal endpoint that is used to connect to the RDS instance.
Configure an IP address whitelist to allow access from a classic network-housed ECS instance over an internal network.

Check that the RDS instance runs in standard whitelist mode. Then, add the private IP address of the class network-housed ECS instance to an IP address whitelist of the RDS instance.

Change the network type from classic network to VPC

Precautions

If the RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC.
If the RDS instance is a temporary instance, you cannot change the network type from classic network to VPC. This is because temporary instances only support the classic network type. For more information about how to log on to a temporary instance, see Log on to a temporary instance.

Procedure

Log on to the ApsaraDB for RDS console.
In the left-side navigation pane, click Instances. In the top navigation bar, select the region where the target RDS instance resides.
Find the target instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.

In the dialog box that appears, select a VPC and a VSwitch, and then specify whether to retain the classic network endpoint.

Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) or gateway between the VPCs of these instances. For more information, see Alibaba Cloud CEN tutorials and Establish a connection between two VPCs.
Select a VSwitch. If no VSwitches are available in the selected VPC, create one in the same zone where the RDS instance resides. For more information, see Create a VSwitch.

Clear or select the Reserve Original Classic Network Endpoint option. For more information, see the following table.


Action	Description
Clear the Reserve Original Classic Network Endpoint option	The classic network endpoint is not retained and will become a VPC endpoint. When you change the network type from classic network to VPC, a transient connection error of about 30 seconds will occur. In this case, the connection between each classic network-housed ECS instance and the RDS instance is closed.
Select the Reserve Original Classic Network Endpoint option	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. This indicates that both classic network- and VPC-housed ECS instances can access the RDS instance over internal networks. When you change the network type from classic network to VPC, no transient connection errors will occur. The connection between each classic network-housed ECS instance and the RDS instance remains available until the classic network endpoint expires. Before the classic network endpoint expires, you must add the VPC endpoint to the required ECS instance. This allows you to migrate your workloads to the selected VPC without interruptions. In addition, before the classic network endpoint expires, the system will send a text message to the phone number that is bound to your Alibaba Cloud account for seven consecutive days. For more information, see Configure a hybrid access solution to smoothly migrate an RDS instance from the classic network to a VPC.

Add the private IP address of the required ECS instance in the selected VPC to an IP address whitelist of the VPC network type. This allows the ECS instance to access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.
Add the VPC endpoint of the RDS instance to the required ECS instance.
- If you have selected the Reserve Original Classic Network Endpoint option, add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
- If you have cleared the Reserve Original Classic Network Endpoint option, the connection between each classic network-housed ECS instance and the RDS instance is immediately closed after you change the network type. You must immediately add the generated VPC endpoint to each VPC-housed ECS instance after you change the network type.
Note If you want to connect a classic network-housed ECS instance to the VPC-housed RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.

FAQ

How do I change the VPC of my RDS instance?

If your RDS instance supports changes between the classic and VPC network types, follow these steps:
1. Change the network type from VPC to classic network.
2. Change the network type from classic network to VPC with the required VPC selected.
If your RDS instance does not support changes between the classic and VPC network types, follow these steps:
Purchase a new RDS instance with the required VPC selected. Then, migrate the data of your RDS instance to the new RDS instance. For more information, see Migrate data between RDS instances.

Related operations


Operation	Description
Switch network type	Changes the network type of an ApsaraDB for RDS instance.