This topic describes how to configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance. This solution allows you to retain both the classic network endpoint and virtual private cloud (VPC) endpoint of your RDS instance. This way, you can migrate your RDS instance from the classic network to a VPC without network interruptions.

Background information

When you migrate your RDS instance from the classic network to a VPC, the internal classic network endpoint of the instance changes to the internal VPC endpoint. In this case, the endpoint itself remains unchanged, but the IP address that is bound to the endpoint changes. This change causes a transient connection error of up to 30 seconds, and all classic network-housed Elastic Compute Service (ECS) instances can no longer connect to your RDS instance over an internal network. To allow you to migrate your RDS instance from the classic network to a VPC without network interruptions, ApsaraDB RDS provides the hybrid access solution.

Hybrid access refers to the ability of your RDS instance to be connected by both classic network-housed ECS instances and VPC-housed ECS instances. During the hybrid access period, ApsaraDB RDS retains the internal classic network endpoint and generates an internal VPC endpoint. When you migrate your RDS instance from the classic network to a VPC, no transient connection errors occur.

For security and performance purposes, we recommend that you use only the internal VPC endpoint. Therefore, ApsaraDB RDS allows the configured hybrid access solution to remain valid only for a specific period. When the hybrid access period elapses, ApsaraDB RDS releases the internal classic network endpoint. In this case, your applications cannot connect to your RDS instance by using the internal classic network endpoint. You must add the internal VPC endpoint to all your applications during the hybrid access period. This ensures a smooth network migration and avoids interruptions to your workloads.

For example, a company uses the hybrid access solution to migrate their RDS instance from the classic network to a VPC. During the hybrid access period, some applications connect to the RDS instance by using the internal VPC endpoint, whereas the others connect to the RDS instance by using the internal classic network endpoint. When all applications of the company can connect to the RDS instance by using the internal VPC endpoint, the internal classic network endpoint can be released.

Limits

During the hybrid access period, your RDS instance does not support the following operations:

  • Change to the classic network type
  • Migration to another zone

Prerequisites

  • Your RDS instance uses the classic network type.

  • The zone of your RDS instance provides available VPCs and vSwitches. For more information about how to create VPCs and vSwitches, see Create a VPC.

Change the network type from classic network to VPC

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. Click Switch to other VPC.
  4. In the dialog box that appears, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS and RDS instances reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN and Establish IPsec-VPN connections between two VPCs.
    • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the same zone as your RDS instance. For more information, see Create a vSwitch.
    • Clear or select the Reserve original classic endpoint option. For more information, see the following table.
      Action Description
      Clear the Reserve original classic network option

      The classic network endpoint is not retained and changes to a VPC endpoint.

      When you change the network type from classic network to VPC, a transient connection error of 30 seconds occurs. In this case, the connection between each classic network-housed ECS instance and your RDS instance is closed.
      Select the Reserve original classic network option

      The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance runs in hybrid access mode. Both classic network-housed ECS instances and VPC-housed ECS instances can connect to your RDS instance over an internal network.

      When you change the network type from classic network to VPC, no transient connection errors occur. The connection between each classic network-housed ECS instance and your RDS instance remains available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the VPC endpoint to the required VPC-housed ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC without interruptions.

  5. Add the private IP address of the required ECS instance to an IP address whitelist of the VPC network type. This allows the ECS instance to connect to your RDS instance over an internal network.
    • If you have selected the Reserve original classic endpoint option, you must add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
    • If you have cleared the Reserve original classic endpoint option, the connection between each classic network-housed ECS instance and your RDS instance over an internal network is immediately closed after the network type is changed to VPC. You must add the generated VPC endpoint to each VPC-housed ECS instance.
    Note If you want to connect a classic network-housed ECS instance to your VPC-housed RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as your RDS instance. For more information, see Overview of ClassicLink.

Change the expiration date of the internal classic network endpoint

During the hybrid access period, you can change the expiration date of the classic network endpoint at any time based on your business requirements. The expiration date is immediately recalculated starting from the day when you make the change. Assume that the classic network endpoint is configured to expire on August 18, 2017, and you extend the validity period of the classic network endpoint by 14 days on August 15, 2017. In this case, ApsaraDB RDS releases the classic network endpoint on August 29, 2017.

Perform the following steps:

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. On the Instance Connection tab, click Change Expiration Time.
  4. In the Change expiration time dialog box, select an expiration date and click OK.