Before you run a data synchronization solution or node to synchronize data, you must make sure that network connections are established between the exclusive resource group for Data Integration that you want to use and your data sources. This topic describes how to establish a network connection between a data source and an exclusive resource group for Data Integration that belong to the same Alibaba Cloud account.
Background information
The network connectivity solution that you can use varies based on the network relationship between your exclusive resource group for Data Integration and the data source. For more information, see Establish a network connection between a resource group and a data source.
Scenario 1: The data source and the exclusive resource group for Data Integration reside in the same region
If the data source and the exclusive resource group for Data Integration belong to the same Alibaba Cloud account and reside in the same region, you can use one of the following solutions to establish a network connection between the data source and resource group:
Solution 1: Associate the exclusive resource group for Data Integration with the virtual private cloud (VPC) in which the data source resides
Associate the exclusive resource group for Data Integration with the VPC in which the data source resides.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with the VPC in which the data source resides. You must configure the following parameters:
VPC: Select the VPC in which the data source resides.
Zone and VSwitch: Preferentially select the zone and vSwitch in which the data source resides. If the zone in which the data source resides is not displayed, select another zone and another vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
Go to the Data Source page in the DataWorks console and click Add data source. In the Add data source dialog box, select the data source type. In the dialog box that appears, configure the information of the data source, select Data Integration for the Resource Group connectivity parameter, find the exclusive resource group for Data Integration, and then click Test connectivity in the Actions column to test the network connectivity between the resource group and the data source.
Solution 2: Use a transit VPC to establish a network connection between the exclusive resource group for Data Integration and the data source
Use Cloud Enterprise Network (CEN) to establish a network connection between a transit VPC and the VPC in which the data source resides.
Associate the exclusive resource group for Data Integration with the transit VPC and configure a routing policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with the transit VPC. You must configure the following parameters:
VPC: Select the transit VPC.
Zone and VSwitch: Preferentially select the zone and vSwitch in which the data source resides. If the zone in which the data source resides is not displayed, select another zone and another vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Add a route for the exclusive resource group for Data Integration and configure a routing policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration, and then click Network Settings in the Actions column. The VPC Binding tab appears.
On the VPC Binding tab, find the VPC association record and click Custom Route in the Actions column. In the Custom Route panel, click Add Route. In the Add Route dialog box, configure the parameters to add a route for the resource group. You must configure the following parameters:
Destination Type: Select VPC.
Destination VPC: Select the VPC in which the data source resides.
Connection Method: Select Switch.
Destination VSwitch: Select the vSwitch in which the data source resides.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
Go to the Data Source page in the DataWorks console and click Add data source. In the Add data source dialog box, select the data source type. In the dialog box that appears, configure the information of the data source, select Data Integration for the Resource Group connectivity parameter, find the exclusive resource group for Data Integration, and then click Test connectivity in the Actions column to test the network connectivity between the resource group and the data source.
Scenario 2: The data source and the exclusive resource group for Data Integration reside in different regions
If the data source and the exclusive resource group for Data Integration belong to the same Alibaba Cloud account and reside in different regions, you can perform the following steps to establish a network connection between the data source and resource group:
Use CEN to establish a network connection between a VPC in the region in which the exclusive resource group for Data Integration resides (referred to as VPC 1) and the VPC in which the data source resides.
For more information, see Work with a bandwidth plan and Manage inter-region connections.
Associate the exclusive resource group for Data Integration with VPC 1 and configure a routing policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with VPC 1. You must configure the following parameters:
VPC: Select VPC 1.
Zone and VSwitch: Preferentially select the zone and vSwitch in which the data source resides. If the zone in which the data source resides is not displayed, select another zone and another vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Add a route for the exclusive resource group for Data Integration and configure a routing policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration, and then click Network Settings in the Actions column. The VPC Binding tab appears.
On the VPC Binding tab, find the VPC association record and click Custom Route in the Actions column. In the Custom Route panel, click Add Route. In the Add Route dialog box, configure the parameters to add a route for the resource group. You must configure the following parameters:
Destination Type: Select IDC.
Connection Method: Select CIDR Block.
Destination CIDR Block: Enter the CIDR block of the vSwitch in which the data source resides.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the exclusive resource group for Data Integration and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
Go to the Data Source page in the DataWorks console and click Add data source. In the Add data source dialog box, select the data source type. In the dialog box that appears, configure the information of the data source, select Data Integration for the Resource Group connectivity parameter, find the exclusive resource group for Data Integration, and then click Test connectivity in the Actions column to test the network connectivity between the resource group and the data source.