ApsaraDB RDS for SQL Server provides an internal endpoint by default for connections from Elastic Compute Service (ECS) instances within the same virtual private cloud (VPC). To connect from outside the VPC, from a different region, or from an on-premises device, apply for a public endpoint.
Internal and public endpoints
| Endpoint type | How it works |
|---|---|
| Internal endpoint | Provided by default. Enables communication between an ECS instance and an RDS instance in the same VPC over an internal network, delivering high security and optimal performance. You cannot release the internal endpoint, but you can change the network type. For more information, see FAQ about network types. |
| Public endpoint | Not provided by default. You must manually apply for a public endpoint to connect over the Internet. Release the public endpoint when it is no longer needed. |
Apply for a public endpoint in the following scenarios:
Connect from an ECS instance in a different region or with a different network type from the RDS instance. For more information, see Network types.
Connect from a device outside Alibaba Cloud.
Using a public endpoint exposes data to the Internet. Proceed with caution. For faster transmission and higher security, migrate your application to an ECS instance in the same region and with the same network type as the RDS instance, and connect through the internal endpoint.
Billing
No fees are charged for applying for a public endpoint. Inbound and outbound Internet traffic generated through the public endpoint is also free of charge.
No limits are imposed on public bandwidth. However, actual bandwidth may be affected by instance performance and the network environment.
Limitations
If forceful SSL encryption is enabled for the internal endpoint, you cannot apply for a public endpoint. For more information, see Configure the SSL encryption feature.
To apply for a public endpoint in this case, disable forceful SSL encryption for the internal endpoint and set the Forceful Encryption parameter to No for the internal or public endpoint based on your business requirements. For more information, see Configure the SSL encryption feature.
Apply for a public endpoint
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Apply for Public Endpoint.
In the message that appears, configure the whitelist option and click OK. The dialog includes an Add 0.0.0.0/0 to Whitelist option, which is selected by default. This setting allows all IP addresses to access the RDS instance over the Internet. For security, clear this option and manually add only the required IP addresses to the whitelist after the public endpoint is active.
After you apply
After the public endpoint is active, complete the following steps to connect over the Internet:
Add the public IP address of your client or device to an IP address whitelist of the RDS instance. Without this configuration, the connection is blocked.
Connect to the RDS instance using SQL Server Management Studio (SSMS) or Data Management (DMS).
Release a public endpoint
Release the public endpoint when Internet-based access is no longer required.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Release Public Endpoint.
In the message that appears, click OK.
After the public endpoint is released, clients can no longer connect to the RDS instance using the released public endpoint.
FAQ
Am I charged for a public endpoint? Are there bandwidth limits?
No. Applying for a public endpoint is free, and no fees are charged for inbound or outbound Internet traffic. No bandwidth limits are imposed, though actual bandwidth depends on instance performance and the network environment.
API reference
AllocateInstancePublicConnection: Apply for a public endpoint.
ReleaseInstancePublicConnection: Release a public endpoint.