Model Context Protocol (MCP) establishes a channel for information transmission between large models and external tools. This topic describes how to configure Data Management (DMS) MCP to securely access databases managed in DMS by using the MCP server compatible to multiple clouds.
Background information
DMS MCP provides unified data access capabilities for AI large models and addresses compatibility and security issues through standardized APIs. Additionally, DMS MCP offers new features, including schema information retrieval, Data Access Object (DAO) code generation, structural analysis, and accurate data acquisition through SQL auto-routing to support upper-layer business operations.
The following table shows the differences between the traditional database MCP and DMS MCP:
Comparison item | Traditional database MCP | DMS MCP |
Metadata management | Typically, the traditional database MCP does not provide independent account management capabilities and requires manual maintenance. | DMS offers security hosting to enable unified account and password management capabilities and prevent data breaches. |
SQL execution | Only basic and standard-compliant SQL statements can be executed. | DMS MCP enhances traditional SQL execution by using features such as fine-grained permission control, high-risk SQL interception policies, and SQL audit. |
Natural language query | Typically, you must manually enter the SQL statements. If you want to query data by using natural language, you must rely on external large models to obtain natural language to SQL (NL2SQL) capabilities. | DMS comes with NL2SQL capabilities, allowing you to input natural language queries. Enhanced by knowledge bases for semantic understanding, DMS rapidly produces accurate SQL statements and the execution results. |
Database compatibility | The traditional database MCP only supports connecting to and operating databases of the same type. | DMS MCP enables centralized management of heterogeneous databases, such as MySQL, Oracle, PostgreSQL, and SQL Server databases. |
Core features of DMS MCP
Reduces maintenance costs caused by fragmented data sources.
Resolves compatibility issues across heterogeneous database protocols.
Addresses security risks from uncontrolled database account permissions and lack of operation audits.
Flowchart
The following figure shows the workflow of client requests for data access.
Scenarios
Scenario 1: Combine with AI IDEs such as Lingma to generate DAO and Data Access Object (ORM)
The following describes the differences between the traditional production process and DMS MCP-based intelligent development process in this scenario.
Traditional production process: First, manually execute table creation SQL statements through database development tools. Second, write DAO code in an integrated development environment (IDE). Then, build data through database tools. Finally, preview data.
Intelligent development process: First, design tables through an AI IDE. Then, DMS MCP automatically executes SQL statements to create the tables, the IDE automatically generates the DAO code, and MCP intelligently builds the data. Finally, preview the data.
Scenario 2: Obtain data statistics results directly through DMS NL2SQL
Marketing analysis teams can utilize DMS NL2SQL capabilities to directly obtain data statistics results by using natural language queries, facilitating data trend analysis.
Billing
DMS MCP is in public preview and you can use it free of charge during this period.
For more information about DMS MCP, fill out the questionnaire or contact DMS technical support in the DingTalk group (ID: 129600002740).
Preparations
Before you use DMS MCP to access database instances managed in DMS, you need to register the corresponding database instances with DMS and enable Security Collaboration for the database instances. You can register database instances by using the following methods:
Method 1: Register Alibaba Cloud database instances through a DMS MCP tool
You can use this method to register only Alibaba Cloud database instances.
For database instances registered through this tool, DMS enables Security Collaboration by default.
The DMS MCP server provides the addInstance tool to help you quickly register database instances with DMS. You only need to tell the DMS MCP AI agent that you need to register an instance and provide detailed instance information such as instance ID, database account, password, and region. The AI agent will automatically call the corresponding tool.
Method 2: Register Alibaba Cloud database instances, database instances from third-party cloud providers, or self-managed database instances in the DMS console
This method allows you to register Alibaba Cloud database instances, database instances from third-party cloud providers, or self-managed database instances. The following example shows how to register an ApsaraDB RDS for MySQL database instance.
- Log on to the DMS console V5.0.
In the left-side navigation pane of the Home page of the DMS console, click the
icon next to Database Instances. NoteAlternatively, choose in the top navigation bar. On the Instance List tab of the Instances page, click New.
On the Add Instance dialog box, configure the instance information.
Section
Configuration item
Description
Data Source
-
Alibaba Cloud-MySQL is selected by default. You can select a different database type.
Basic Information
Database Type
The type of the database to be registered.
NoteAfter you select a database type, DMS automatically refreshes the configuration items on the Basic Information page.
Instance Region
The region in which the database instance resides.
Other primary accounts
The Alibaba Cloud account to which the database instance belongs. This parameter appears if you click Cross-Alibaba Cloud account instances.
NoteIf the Alibaba Cloud account is not in the list, you can click Add User to add the Alibaba Cloud account that is used to purchase the database instance. For more information, see Add a user.
Connection Method
The method that you use to specify the information about the database instance. Valid values: Instance ID and Connection String Address.
Instance ID or Connection String Address
Enter the Instance ID or Connection String Address.
NoteThe connection string is in the following format: Internal network address:Port number. Example: rm-XXXXXXX.mysql.rds.aliyuncs.com:3306.
Secure hosting
Set this parameter to Enable.
After you enable security hosting, you can prevent users from directly accessing account and password information and implement fine-grained permission control.
Access mode
The method to log on to the database.
Account + password logon: Log on to the database by using the account and password that you created.
Logon with KMS Secret: Log on to the database by using the ApsaraDB RDS secret created in Key Management Service (KMS).
NoteThis parameter appears only if you register an ApsaraDB RDS instance.
Advanced Feature Pack
Specifies the control mode in which the database instance is managed and whether to enable sensitive data protection for the database instance. Valid values:
Security Collaboration or Stable Change: Security Collaboration supports all capabilities of Stable Change and provides DevOps features to flexibly customize development and approval processes. Stable Change provides solutions for more stable database operations, such as lockless change and SQL review.
NoteIf you do not select the Security Collaboration or Stable Change mode, the database instance is managed in Flexible Management mode by default.
Sensitive Data Protection: This feature allows you to control and mask sensitive data. You can enable the feature based on your business requirements. For more information, see Enable the sensitive data protection feature.
Security Rule
This parameter appears if you set the Advanced Feature Pack parameter to Security Collaboration.
You can select the default system security rule or custom security rule to implement fine-grained control over the database.
Classification Template
The Classification Template parameter appears only if you enable Sensitive Data Protection.
Advanced Information
-
You can retain the default values of the parameters in the Advanced Information section. For more information about the parameters, see Register a cloud database.
After you configure the preceding parameters, click Test Connection in the lower-left corner.
NoteIf the connection test fails, check the specified instance information based on the error message.
After the Connection Successful message appears, click Submit.
The database is now successfully registered with DMS.
For more information, see Register an Alibaba Cloud database instance and Register a database hosted on a third-party cloud service or a self-managed database.
Usage modes
The DMS MCP server supports the following usage modes.
Mode | Applicable scenario |
Multi-instance mode | This mode is suitable for scenarios where you need to manage and access multiple database instances across different environments. You can register all database instances with DMS and then manage them through the DMS MCP server. |
Single database mode | This mode is suitable for scenarios where you need to access a single database. You can configure the CONNECTION_STRING parameter in the server to specify the database that you need to access. When the service starts, the DMS MCP server directly accesses the specified database. Set the You can find and double-click the database name in the database list in the left-side navigation pane of the DMS homepage to obtain the value of the |
Quick start
Solution 1: Run the DMS MCP service by using the PyPI package
Obtain the AccessKey pair or STS token of the
AliyunDMSFullAccesspolicy to access DMS.For more information about how to grant permissions, see Authorization management.
Copy the following script to the MCP client configuration file.
Multi-instance mode
"mcpServers": { "dms-mcp-server": { "command": "uvx", "args": [ "alibabacloud-dms-mcp-server@latest" ], "env": { "ALIBABA_CLOUD_ACCESS_KEY_ID": "access_id", "ALIBABA_CLOUD_ACCESS_KEY_SECRET": "access_key", "ALIBABA_CLOUD_SECURITY_TOKEN": "sts_security_token optional, required when using STS Token" } } }Single database mode
{ "mcpServers": { "dms-mcp-server": { "command": "uvx", "args": [ "alibabacloud-dms-mcp-server@latest" ], "env": { "ALIBABA_CLOUD_ACCESS_KEY_ID": "access_id", "ALIBABA_CLOUD_ACCESS_KEY_SECRET": "access_key", "ALIBABA_CLOUD_SECURITY_TOKEN": "optional sts_security_token, required when using STS Token", "CONNECTION_STRING": "dbName@host:port" } } } }
Solution 2: Use the managed DMS MCP service
You can use the DMS MCP service in Alibaba Cloud Model Studio, ModelScope, or Function AI.
Tools supported by DMS MCP
Tool name | Description | Applicable mode |
addInstance | Registers an instance with DMS. If the instance already exists, information about the existing instance is returned. | Multi-instance mode |
getInstance | Obtains details about an instance based on the host and port information. | Multi-instance mode |
searchDatabase | Searches for databases based on the schema name. | Multi-instance mode |
getDatabase | Obtains details about a specific database. | Multi-instance mode |
listTable | Searches for tables in a specified database. | Multi-instance mode and single database mode |
getTableDetailInfo | Obtains details about a specific table in a database. | Multi-instance mode and single database mode |
executeScript | Executes SQL scripts and returns results. | Multi-instance mode and single database mode |
nl2sql | Converts natural language questions to SQL queries. | Multi-instance mode |
askDatabase | Queries databases by using natural language (NL2SQL + SQL execution). | Single database mode |
configureDtsJob | Configures Data Transmission Service (DTS) migration tasks. | Multi-instance mode |
startDtsJob | Starts DTS migration tasks. | Multi-instance mode |
getDtsJob | Views details about DTS migration tasks. | Multi-instance mode |