This topic describes how to establish a network connection between a resource group and a data source, such as a database, a data service, or other data in a specific network environment within the same Alibaba Cloud account.
Background information
The network connectivity solution that you can use varies based on the network relationship between your resource group and the data source. For more information, see Establish a network connection between a resource group and a data source.
Scenario 1: The data source and the resource group reside in the same region
If the data source and the resource group belong to the same Alibaba Cloud account and reside in the same region, you can use one of the following solutions to establish a network connection between the data source and resource group:
Solution 1: Associate the resource group with the virtual private cloud (VPC) in which the data source resides
Associate the resource group with the VPC in which the data source resides.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with the VPC in which the data source resides. You must configure the following parameters:
VPC: Select the VPC in which the data source resides.
Zone and VSwitch: Preferentially select the zone and vSwitch in which the data source resides. If the zone in which the data source resides is not displayed, select another zone and another vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
If the data source is a data source supported by DataWorks, go to the Data Sources page and click Add Data Source. In the Add Data Source dialog box, find the resource group that is connected to the data source and click Test Network Connectivity in the Connection Status column.
If the data source is a deployed service, test the network connectivity with the data source in the business code based on your business requirements.
Solution 2: Use a transit VPC to establish a network connection between the resource group and the data source
Use Cloud Enterprise Network (CEN) to establish a network connection between a transit VPC and the VPC in which the data source resides.
Associate the resource group with the transit VPC and configure a route forwarding policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with the transit VPC. You must configure the following parameters:
VPC: Select the transit VPC.
Zone and VSwitch: Select a zone and vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Add a route for the resource group and configure a route forwarding policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears.
On the VPC Binding tab, find the VPC association record and click Custom Route in the Actions column. In the Custom Route panel, click Add Route. In the Add Route dialog box, configure the parameters to add a route for the resource group. You must configure the following parameters:
Destination Type: Select VPC.
Connection Method: Select CIDR Block.
Destination CIDR Block: Enter the CIDR block of the vSwitch in which the data source resides.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
If the data source is a data source supported by DataWorks, go to the Data Sources page and click Add Data Source. In the Add Data Source dialog box, find the resource group that is connected to the data source and click Test Network Connectivity in the Connection Status column.
If the data source is a deployed service, test the network connectivity with the data source in the business code based on your business requirements.
Scenario 2: The data source and the resource group reside in different regions
If the data source and the resource group belong to the same Alibaba Cloud account and reside in different regions, you can perform the following steps to establish a network connection between the data source and resource group:
Use CEN to establish a network connection between a VPC in the region in which the resource group resides (referred to as VPC 1) and the VPC in which the data source resides.
For more information, see Work with a bandwidth plan and Manage inter-region connections.
Associate the resource group with VPC 1 and configure a route forwarding policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the desired resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears. On the VPC Binding tab, click Add Binding. In the Add VPC Binding panel, configure the parameters to associate the resource group with VPC1. You must configure the following parameters:
VPC: Select VPC 1.
Zone and VSwitch: Select a zone and vSwitch.
Security Groups: Select a security group that belongs to your Alibaba Cloud account. Access from and to the CIDR block of the vSwitch in which the data source resides must be allowed in the inbound and outbound rules of the security group.
Add a route for the resource group and configure a route forwarding policy.
Go to the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group, and then click Network Settings in the Actions column. The VPC Binding tab appears.
On the VPC Binding tab, find the VPC association record and click Custom Route in the Actions column. In the Custom Route panel, click Add Route. In the Add Route dialog box, configure the parameters to add a route for the resource group. You must configure the following parameters:
Destination Type: Select VPC.
Connection Method: Select CIDR Block.
Destination CIDR Block: Enter the CIDR block of the vSwitch in which the data source resides.
Configure the IP address whitelist of the data source.
View the CIDR block that needs to be added to the IP address whitelist of the data source.
On the Exclusive Resource Groups tab of the Resource Groups page in the DataWorks console, find the resource group and click Network Settings in the Actions column to view the CIDR block of the vSwitch with which the resource group is associated. For more information, see Configure an IP address whitelist.
Add the CIDR block to the IP address whitelist of the data source.
Test the network connectivity.
If the data source is a data source supported by DataWorks, go to the Data Sources page and click Add Data Source. In the Add Data Source dialog box, find the resource group that is connected to the data source and click Test Network Connectivity in the Connection Status column.
If the data source is a deployed service, test the network connectivity with the data source in the business code based on your business requirements.
References
For more information about how to establish a network connection between a resource group and a data source, see Establish a network connection between a resource group and a data source.
For more information about how to purchase a bandwidth plan and create inter-region connections, see Work with a bandwidth plan.
For more information about how to allocate bandwidth resources to the inter-region connections, see Manage inter-region connections.