This topic describes how to configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance. This solution allows you to retain both the classic network endpoint and virtual private cloud (VPC) endpoint of your RDS instance. This way, you can migrate your RDS instance from the classic network to a VPC with no downtime.

Background information

When you migrate your RDS instance from the classic network to a VPC, the internal classic network endpoint of the instance changes to the internal VPC endpoint. In this case, the endpoint itself remains unchanged. However, the IP address that is bound to the endpoint changes. This change causes a temporary loss of connection of up to 30 seconds, and no classic network-housed Elastic Compute Service (ECS) instances can connect to your RDS instance over an internal network. To migrate your RDS instance from the classic network to a VPC without no downtime, ApsaraDB RDS provides the hybrid access solution.

Hybrid access refers to the ability of your RDS instance to be connected by both classic network-housed ECS instances and VPC-housed ECS instances. During the hybrid access period, ApsaraDB RDS retains the internal classic network endpoint and generates an internal VPC endpoint. When you migrate your RDS instance from the classic network to a VPC, no temporary loss of connection occurs.

For security and performance purposes, we recommend that you use only the internal VPC endpoint. Therefore, ApsaraDB RDS allows the configured hybrid access solution to remain valid only for a specific period of time. When the hybrid access period elapses, ApsaraDB RDS releases the internal classic network endpoint. In this case, your applications cannot connect to your RDS instance by using the internal classic network endpoint. You must add the internal VPC endpoint to all of your applications during the hybrid access period. This ensures a smooth network migration and prevents interruptions to your workloads.

For example, a company uses the hybrid access solution to migrate their RDS instance from the classic network to a VPC. During the hybrid access period, some applications connect to the RDS instance by using the internal VPC endpoint, whereas the other applications connect to the RDS instance by using the internal classic network endpoint. When all applications of the company can connect to the RDS instance by using the internal VPC endpoint, the internal classic network endpoint can be released.

Limits

During the hybrid access period, your RDS instance does not support the following operations:

  • Change the network type of your RDS instance to the classic network.
  • Migrate your RDS instance to a different zone.

Prerequisites

  • Your RDS instance resides in the classic network.
  • The zone where your RDS instance resides provides available VPCs and vSwitches. For more information about how to create VPCs and vSwitches, see Work with VPCs.
  • If your RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC.
  • Temporary RDS instances support only the classic network type. If your RDS instance is a temporary RDS instance, you cannot change the network type from classic network to VPC. For more information about how to log on to a temporary RDS instance, see Log on to a temporary ApsaraDB RDS for SQL Server instance.

Change the network type from classic network to VPC

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. Click Switch to VPC.
    Note If the Switch to VPC button cannot be found, you must check that the RDS instance meets all prerequisites.
  4. In the dialog box that appears, select a VPC and a vSwitch, and specify whether to retain the classic network endpoint.
    • Select a VPC. We recommend that you select the VPC where the required ECS instance resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you create a Cloud Enterprise Network (CEN) instance or an IPsec-VPN connection between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN and Establish IPsec-VPN connections between two VPCs.
    • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone where the RDS instance resides. For more information, see Work with vSwitches.
    • Clear or select the Reserve original classic endpoint option. For more information, see the following table.
      Action Description
      Clear the Reserve original classic endpoint option The classic network endpoint is not retained and changes to a VPC endpoint. When you change the network type from classic network to VPC, a temporary loss of connection of 30 seconds occurs. In this case, the connection between each classic network-hosted ECS instance and the RDS instance is closed.
      Select the Reserve original classic network option The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. Both classic network-housed ECS instances and VPC-housed ECS instances can connect to the RDS instance over an internal network.

      When you change the network type from classic network to VPC, no temporary loss of connection occurs. The connection between each classic network-housed ECS instance and the RDS instance remains available until the classic network endpoint expires.

      Before the classic network endpoint expires, you must add the VPC endpoint of the RDS instance to the required VPC-housed ECS instance. This way, ApsaraDB RDS can migrate your workloads to the selected VPC with no downtime.

  5. Add the private IP address of the required ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can connect to the RDS instance over an internal network.
    • If you have selected the Reserve original classic endpoint option, you must add the generated VPC endpoint to each VPC-housed ECS instance before the classic network endpoint expires.
    • If you have cleared the Reserve original classic endpoint option, the connection between each classic network-hosted ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed from classic network to VPC. You must add the generated VPC endpoint to each VPC-housed ECS instance.
    Note If the RDS instance resides in a VPC and you want to connect a classic network-housed ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the VPC where the RDS instance resides. For more information, see Overview of ClassicLink.

Change the expiration date of the internal classic network endpoint

During the hybrid access period, you can change the expiration date of the classic network endpoint at any time based on your business requirements. The expiration date is immediately recalculated starting from the day when you make the change. For example, the classic network endpoint is configured to expire on August 18, 2017, and you extend the validity period of the classic network endpoint by 14 days on August 15, 2017. In this case, ApsaraDB RDS releases the classic network endpoint on August 29, 2017.

To change the validity period of the classic network endpoint, perform the following steps:

  1. Visit the RDS instance list, select a region above, and click the target instance ID.
  2. In the left-side navigation pane, click Database Connection.
  3. On the Instance Connection tab, click Change Expiration Time.
  4. In the Change Expiration Time dialog box, select an expiration date and click OK.