Connect a self-managed database or a database hosted on a third-party cloud service to Data Management (DMS) for centralized access control, SQL execution, and governance.
Prerequisites
Before you begin, make sure that:
The database type is supported by DMS. See the Supported self-managed databases and databases of third-party cloud service providers section of "Databases supported by DMS."
The DMS server IP addresses are added to your database whitelist. See Add DMS IP addresses and CIDR blocks to security settings.
One of the following network access conditions is met:
The database is accessible over the Internet
The database is hosted on an Elastic Compute Service (ECS) instance
The database is added to a Database Gateway. See Create a database gateway.
A virtual private cloud (VPC) network connectivity solution is in place. See Connect a data center to a VPC.
Register a database instance
The following example registers a MySQL database accessible over the Internet. The steps apply to all supported database types and network modes — adjust the Instance Source and related fields to match your setup.
Log on to the DMS console V5.0.
In the left-side navigation pane, click the add icon next to Database Instances.
Alternatively, choose Data Assets > Instances in the top navigation bar. On the Instance List tab, click New.
In the Add Instance dialog box, set Data Source to Third-party Cloud/Self-managed, then configure the following parameters. Advanced Feature Pack The Advanced Feature Pack parameter sets the control mode and optional data protection features for this instance. The following parameters appear based on your Advanced Feature Pack selection:
Security Rules — appears when Security Collaboration is selected. Select default or custom security rules for fine-grained control. See Manage security rules.
Data Classification Template — appears when Sensitive Data Protection is selected. Bind a classification template to identify and label sensitive fields. See Manage DMS classification and grading templates.
If you use Internet access, add the IP addresses used to access the database to your database whitelist to limit exposure to attacks.
If the instance source is Database Gateway or VPC PrivateLink, set up the required network resources before starting registration.
If you select neither Security Collaboration nor Stable Change, the instance is managed in Flexible Management mode by default.
Do not add spaces or special characters before or after any field value.
Basic information
Parameter Description Applies when Database Type The database engine type All instance sources Instance Source The network access mode. Options: Internet, ECS-hosted self-managed instance, Database Gateway, VPC PrivateLink, Open Source MyBase Database All instances Instance Region The region where the database resides All instances Login Address The connection target. See the table below for values by instance source. Depends on instance source Port The port used to connect to the database All instances Database Account The account used to log on to the database. The account must have the permissions needed for the operations you plan to perform in DMS. We recommend creating a dedicated account for DMS rather than using a shared account. All instances Database Password The password for the database account All instances Secure hosting Controls how DMS authenticates to the database. Enable (recommended): DMS manages credentials and supports permission control at the instance, database, table, and row levels. Disable: DMS requires a database account and password each time a session times out, which may interrupt workflows. We recommend that you do not set the Security hosting parameter to Disable. See Security hosting. All instances Login Address by instance source
Instance source What to enter Internet The IP address of the database ECS-hosted self-managed instance The ID of the ECS instance Database Gateway The ID and endpoint of the Database Gateway. See Create a database gateway. VPC PrivateLink The ID and endpoint of the VPC. See Connect a data center to a VPC. Open Source MyBase Database The ID of the MyBase on ACK instance and the ID of the MyBase on ACK cluster. Only MyBase on ACK instances are supported. Option Description Security Collaboration Includes all Stable Change features plus the DevOps feature for customizing R&D and approval workflows. See Control modes. Stable Change Provides solutions for stable database operations, including lock-free changes and SQL review. Cannot be selected together with Security Collaboration. Sensitive Data Protection Enables masking and access control for sensitive data. See Enable the sensitive data protection feature. Advanced information
Parameter Description Applies when Environment Type The environment type of the instance (for example, production or development). See Environment types. All instances Instance Name A display name for the instance in DMS. If registering for the first time, the database name syncs to DMS automatically. See Modify database instances. All instances Lock-free Schema Change Controls the Online DDL method. Options: Enable (DMS OnlineDDL First), Enable (MySQL Native OnlineDDL First), Close. See Enable the lock-free schema change feature. MySQL instances only Enable SSL Encrypts the connection at the transport layer, improving data security in transit. Enabling SSL increases network response time. Make sure SSL is enabled on the database instance before setting this to Enable. MySQL and Redis instances only DBA The database administrator (DBA) for this instance. The DBA can grant permissions to other DMS users. All instances Query Timeout(s) The maximum time allowed for an SQL query to run. Queries exceeding this limit are terminated. All instances Export Timeout(s) The maximum time allowed for an SQL export operation. Exports exceeding this limit are terminated. All instances Click Test Connection in the lower-left corner. If the connection test fails, check the error message and verify the instance information, such as the IP address, port, and account credentials.
After the connection test passes, click Submit.
The database instance is now registered with DMS. View and manage it in the left-side database instance list of the DMS console.
Permissions required for DMS users
To allow DMS users to manage the registered instance, grant them permissions based on their management scope:
| Management scope | Required permissions |
|---|---|
| All databases on an instance | Permissions on all databases |
| Specific databases on an instance | Permissions on those databases only |
| DML operations (insert, delete, update, query) and schema changes | DML permissions |
| Views, stored procedures, triggers, and functions | Object-level permissions for each object type |
For the syntax to grant permissions, see the official documentation for your database engine.
What's next
After registering a database instance, you can:
Manage the database: Create databases, create tables, and query or modify table data on the SQLConsole tab. See Manage a database on the SQLConsole tab.
Run lock-free DML operations: Modify large tables without locking them. See Perform lock-free DML operations.
Export data: Export table data from the registered instance. See Export data.
Register via API: Call the RegisterInstance API operation to automate registration.
Troubleshooting
Connection test fails for Azure SQL Database
If the DMS server IP is whitelisted in Azure SQL Database but the connection test still fails, the Database Account field requires a specific format.
Enter <database account>@<server name> in the Database Account field. For example, if the public endpoint is testservername.testdatabase.windows.net and the account is testuser, enter testuser@testservername.
Instance defaults to Flexible Management mode
If you did not select Security Collaboration or Stable Change in Advanced Feature Pack during registration, the instance is managed in Flexible Management mode. This is expected behavior.