ApsaraDB RDS:Configure the hybrid access solution

Background information

When you migrate your RDS instance from the classic network to a VPC, the type of the endpoint of the instance changes from classic network to VPC while the endpoint remains unchanged. The change causes a transient connection that lasts approximately 30 seconds, and classic network-type Elastic Compute Service (ECS) instances cannot connect to your RDS instance over an internal network. To resolve the issue, ApsaraDB RDS for SQL Server provides the hybrid access solution.

Hybrid access refers to the capability of your ApsaraDB RDS instance to be connected by both ECS instances in the classic network and ECS instances in a VPC. If the hybrid access solution is used, the system retains the endpoint of the classic network type and generates a VPC endpoint for your RDS instance. This way, when you migrate your RDS instance from the classic network to a VPC, no transient connections occur.

For security and performance purposes, we recommend that you use only the VPC endpoint. The hybrid access solution remains valid only for a specific period of time. When the hybrid access solution becomes invalid, the system releases the endpoint of the classic network type after the retention period elapses, and your application cannot use the endpoint of the classic network type to connect to your RDS instance. You must add the VPC endpoint to your applications before the hybrid access solution expires. This ensures a smooth migration and prevents interruptions to your workloads.

For example, a company uses the hybrid access solution to migrate its RDS instance from the classic network to a VPC. During the validity period of the hybrid access solution, some applications use the VPC endpoint to connect to the RDS instance, and the other applications continue to use the classic network endpoint to connect to the RDS instance. When all applications of the company can use the VPC endpoint to connect to the RDS instance, the classic network endpoint can be released.

Limits

During the validity period of the hybrid access solution, your RDS instance has the following limits:

• The network type of the RDS instance cannot be changed to classic network.

• The instance cannot be migrated to another zone.

Prerequisites

• The RDS instance resides in the classic network.

• Available VPCs and vSwitches exist in the zone in which the RDS instance resides. For more information about how to create VPCs and vSwitches, see Create and manage a VPC.

Change the network type from classic network to VPC

1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

2. In the left-side navigation pane, click Database Connection.

3. Click Switch to VPC.

   Note

   If the Switch to VPC button cannot be found, you must check whether the RDS instance meets all prerequisites.

4. In the dialog box that appears, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.

   • Select a VPC. We recommend that you select the VPC where the Elastic Compute Service (ECS) instance that you want to connect resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway to enable network communication between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs.

   • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone where the RDS instance resides. For more information, see Create and manage a vSwitch.

   • Clear or select Reserve original classic endpoint. For more information, see the following table.

     Action	Description
     Clear Reserve original classic endpoint	The classic network endpoint is not retained and changes to a VPC endpoint. When you change the network type from classic network to VPC, a transient connection that lasts approximately 30 seconds occurs and ECS instances that reside in the classic network are immediately disconnected from your RDS instance.
     Select the Reserve original classic endpoint check box	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance in the hybrid access mode. Both classic network-type ECS instances and VPC-type ECS instances can access your RDS instance over an internal network. When you change the network type from classic network to VPC, no transient connections occur. The connection between each classic network-type ECS instance and the RDS instance remains available until the classic network endpoint expires. Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-type ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC with no downtime.

5. Add the private IP address of the required ECS instance to an IP address whitelist of the RDS instance. This way, the ECS instance can connect to the RDS instance over an internal network.

6. • If you have selected the Reserve original classic endpoint option, you must add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.

   • If you clear Reserve original classic endpoint, the connection between each classic network-hosted ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the generated VPC endpoint to each VPC-housed ECS instance.

   Note

   If the RDS instance resides in a VPC and you want to connect a classic network-type ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.

Change the expiration date of the internal classic network endpoint

During the validity period of the hybrid access solution, you can change the expiration date of the classic network endpoint based on your business requirements. The expiration date is immediately recalculated starting from the day when you make the change. For example, the classic network endpoint is configured to expire on August 18, 2017. On August 15, 2017, you extend the validity period of the classic network endpoint by 14 days. In this case, ApsaraDB RDS releases the classic network endpoint on August 29, 2017. To change the validity period of the classic network endpoint, perform the following steps:

1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

2. In the left-side navigation pane, click Database Connection.

3. On the Instance Connection tab, click Change Expiration Time.

   

4. In the Change Expiration Time dialog box, select an expiration date and click OK.

References

• For more information about the differences between VPCs and the classic network, see FAQ about network types.

• To change the network type from classic network to VPC by calling an API operation, see ModifyDBInstanceNetworkType.

• If an ECS instance cannot connect to an RDS instance over an internal network, an RDS instance cannot be accessed over the Internet, or other connection errors occur, see Resolve the connection failure.