This guide explains how to connect a DataWorks workspace to a data source in a different region within the same Alibaba Cloud account, using an ApsaraDB RDS for MySQL instance as the example.
Use cases
This solution applies when all three conditions are met:
-
The data source is an Alibaba Cloud product.
-
The data source and the DataWorks workspace belong to the same Alibaba Cloud account.
-
The data source and the DataWorks workspace are in different regions.
If your data source and workspace are in the same region, no cross-region networking is needed.
How it works
Because the data source and the DataWorks resource group are in different regions, a direct Virtual Private Cloud (VPC) connection is not available by default. Connect the two VPCs using a network connectivity product — either Cloud Enterprise Network (CEN) or a VPC peering connection — so the resource group can reach the data source over a private network.
Prerequisites
Before you begin, make sure you have:
-
A supported Alibaba Cloud data source
-
A workspace created in DataWorks
-
A resource group created and attached to the workspace
Billing
Charges depend on the networking product you use. See billing details for Cloud Enterprise Network (CEN) or Peering Connection.
Choose a networking product
Because a resource group and a data source in different regions cannot share a VPC, you must connect their VPCs using one of these products:
| Networking product | Best for | Configuration guide |
|---|---|---|
| Cloud Enterprise Network (CEN) | Connecting multiple VPCs, or building a complex enterprise network | Connect VPCs across regions |
| VPC peering connection | Connecting exactly two VPCs | Use a peering connection between VPCs |
Configure network connectivity
The following steps describe the general configuration process. For a complete walkthrough with specific values, see the Configuration example section.
Step 1: Collect VPC and vSwitch information
Collect the VPC and vSwitch details for both the data source and the DataWorks resource group. You will use these values in Step 3 (route configuration) and Step 4 (whitelist).
For the data source (ApsaraDB RDS for MySQL)
-
Go to the ApsaraDB RDS console, locate the target instance, and click its Instance Name to open the Basic Information page.
-
In the left-side navigation pane, click Database Connection to view the VPC and vSwitch details. Record the VPC, vSwitch, and vSwitch CIDR block values. You will need the vSwitch CIDR block when adding a route in Step 3.
To find VPC information for other Alibaba Cloud services, see the documentation for that service.
For the DataWorks resource group
-
Go to the DataWorks resource group list page, find the target resource group, and click Network Settings in the Actions column.
-
In the relevant feature module (for example, Data Scheduling & Data Integration for data sync tasks), view the bound VPC and vSwitch details. Record the vSwitch CIDR block. You will need it when configuring the data source whitelist in Step 4.
Step 2: Establish the network connection
Connect the VPC of the DataWorks resource group to the VPC of the data source using CEN or a VPC peering connection. See Choose a networking product for guidance.
If you encounter issues while establishing the connection, submit a ticketsubmit a ticket to contact technical support for the relevant cloud product.
Step 3: Add a route to the resource group
Add a custom route in the DataWorks resource group that directs traffic to the data source's vSwitch CIDR block (recorded in Step 1).
-
Go to the DataWorks resource group list page, find the target resource group, and click Network Settings in the Actions column.
-
In the relevant feature module, find the bound VPC and click Custom Route in the Actions column.
-
Click Add Route. Set Connection method to CIDR block, then set Destination CIDR block to the vSwitch CIDR block of the data source.
Step 4: (Optional) Configure the whitelist
If the data source uses a whitelist for access control, add the resource group's vSwitch CIDR block (recorded in Step 1) to the data source's whitelist.
For ApsaraDB RDS for MySQL, configure an IP whitelist and add the resource group's vSwitch CIDR block to the Whitelist and SecGroup settings.
| Setting | Value |
|---|---|
| Whitelist and SecGroup | Add the vSwitch CIDR block of the DataWorks resource group |
For other Alibaba Cloud services, see their documentation for whitelist configuration.
Verify network connectivity
-
Log on to the DataWorks console. In the top navigation bar, select the target region. In the left-side navigation pane, choose Data Integration > Data Integration. Select the target workspace from the drop-down list and click Go to Data Integration.
-
In the left-side navigation pane, click Data Source. On the Data Sources page, click Add Data Source. Select the data source type and configure the connection parameters.
-
In the resource group list at the bottom, select the resource group connected to the data source and click Test Network Connectivitysubmit a ticketsubmit a ticket.
If the connectivity test fails, use the Network Connectivity Diagnosis Tool to troubleshoot. If the issue persists, submit a ticketsubmit a ticket for assistance.
Configuration example
This example connects an ApsaraDB RDS for MySQL instance in China (Hangzhou) to a DataWorks workspace in China (Shanghai), within the same Alibaba Cloud account.
1. Basic information
| Parameter | Data source (RDS for MySQL) | DataWorks resource group |
|---|---|---|
| Account | Same account | Same account |
| Region | China (Hangzhou) | China (Shanghai) |
| VPC | vpc-hangzhou (CIDR: 192.168.0.0/16) |
vpc-shanghai (CIDR: 172.16.0.0/16) |
| vSwitch | hz-h (CIDR: 192.168.6.0/24) |
sh-l (CIDR: 172.16.0.0/24) |
2. Establish the network connection
Choose one of the following methods to connect the two VPCs.
If you encounter issues while establishing the connection, submit a ticketsubmit a ticket to contact technical support for the relevant cloud product.
Connect with CEN
-
Go to the Cloud Enterprise Network console and click Create CEN Instance.
-
In the Create CEN Instance dialog box, switch to the Create Scenario-specific CEN (Recommended) tab. Select the VPC Interconnection scenario and click Create.
The VPC Interconnection scenario supports connecting VPCs within the same account, regardless of region.
-
In the Configure Networking Settings step, configure the network information for both VPCs.
-
In the first tab, configure the data source network:
> Note: CEN requires vSwitches from at least two different availability zones for high availability. Select the vSwitch where the data source resides, then select another vSwitch in a different availability zone. If you don't have one, click Create vSwitch in the drop-down list.-
Region: China (Hangzhou)
-
VPC:
vpc-hangzhou -
vSwitch:
hz-h
-
-
Click + to add a new tab and configure the DataWorks resource group network:
> Note: Select the vSwitch where the resource group resides, then select another vSwitch in a different availability zone. If you don't have one, click Create vSwitch in the drop-down list.-
Region: China (Shanghai)
-
VPC:
vpc-shanghai -
vSwitch:
sh-l
-
-
-
Click Next. CEN generates the Networking Settings and Billing Details automatically. Review them and click Start Deployment.
-
Wait for the deployment to complete.
ImportantDo not close the page before the deployment is complete.
Connect with a VPC peering connection
-
Go to the Peering Connection console. Switch the region to China (Hangzhou) and click Create Peering Connection. Configure the following parameters (keep defaults for any not listed):
Parameter Value Peering Connection Name connect-hangzhou-shanghai-vpcRequester VPC vpc-hangzhouAccepter Account Type Same accountAccepter Region Type Cross-regionAccepter Region China (Shanghai)Accepter VPC vpc-shanghai -
Click OK.
-
In the Peering Connection console, find the peering connection you created. Click Configure Route under both the Requester VPC and Accepter VPC columns.
-
For the Requester VPC route (pointing to the accepter): enter a Name, then set Destination CIDR block to
172.16.0.0/24. -
For the Accepter VPC route (pointing to the requester): enter a Name, then set Destination CIDR block to
192.168.6.0/24.
-
3. Add a route to the resource group
-
Go to the DataWorks resource group list page, find the target resource group, and click Network Settings in the Actions column.
-
In the relevant feature module, find the bound VPC and click Custom Route in the Actions column.
-
Click Add Route. Set Connection method to CIDR block, then set Destination CIDR block to
192.168.6.0/24(the vSwitch CIDR block of the RDS instance).
4. Configure the whitelist
In the Whitelist and SecGroup settings for the ApsaraDB RDS for MySQL instance, add 172.16.0.0/24 (the vSwitch CIDR block of the DataWorks resource group).
5. Test the connectivity
-
Log on to the DataWorks console. In the top navigation bar, select the target region. In the left-side navigation pane, choose Data Integration > Data Integration. Select the target workspace from the drop-down list and click Go to Data Integration.
-
In the left-side navigation pane, click Data Source to go to the Data Sources page, then click Add Data Source.
-
Select the MySQL data source type and configure the connection:
-
Configuration Mode: Alibaba Cloud Instance Mode
-
Region: China (Hangzhou)
-
Instance: Select the ApsaraDB RDS for MySQL instance in China (Hangzhou).
-
-
In the Connection Configuration section, click Test Network Connectivity for the bound resource group. A Connected status confirms a successful connection.
If the test fails, use the Network Connectivity Diagnosis Tool to troubleshoot. If the issue persists, submit a ticketsubmit a ticket for assistance.
Related topics
For frequently asked questions about network connectivity, see Resource group operations and network connections.