The Model Context Protocol (MCP) creates a communication channel between large language models and external tools. This topic describes how to configure Data Management (DMS) MCP. You can then use a universal, multicloud MCP Server to securely access databases hosted in DMS.
Background information
Traditional database MCPs have the following pain points:
Limited compatibility with heterogeneous databases: They support connections to and operations on only a single type of database. This prevents unified management across different database platforms.
No account and permission management: They lack centralized management for accounts and passwords. This reliance on manual maintenance creates security risks.
Limited SQL operations: They support only manual input of basic, standard SQL and cannot parse complex or non-standard syntax.
No NL2SQL support: They do not natively support natural language to SQL (NL2SQL) queries. An external large language model must be integrated to enable this capability.
DMS MCP solves these problems by providing AI large language models with unified data access. It uses standardized interfaces to resolve compatibility and security issues. DMS MCP also provides new features. You can obtain schema information, generate Data Access Object (DAO) code, and perform structural analysis. It also uses automatic SQL routing to accurately retrieve data and support high-level business applications.
Core features of DMS MCP
Secure access
Secure hosting of account credentials: DMS securely manages database account credentials. This eliminates the need for manual maintenance and effectively prevents sensitive information leaks.
Internal network access: You can access databases through an internal network without exposing public IP addresses. This ensures data security and privacy.
Fine-grained permission control: DMS MCP supports fine-grained access control at the instance, database, table, field, and row levels. This prevents unauthorized operations and protects data security.
High-risk SQL detection and interception: DMS has built-in security rules to detect and intercept potentially high-risk SQL statements in real-time, which prevents security risks.
SQL audit and tracking: DMS records operation logs for all SQL statements. This allows for complete traceability and compliance audits to meet regulatory requirements.
Intelligent data query
Built-in NL2SQL algorithm: The built-in NL2SQL algorithm intelligently matches data tables based on your natural language questions. It understands the business meaning of the tables, generates and executes SQL queries, and quickly returns results.
Customizable knowledge base: DMS has a built-in metadata and query knowledge base. You can customize business knowledge and query patterns to create an intelligent query capability tailored to your business scenarios.
Support for multiple data sources
Multiple data source management: You can manage over 40 mainstream databases and data warehouses. This allows for unified access to various data types.
Unified multi-environment management: You can centrally manage data sources across different environments, such as development, testing, and production. This improves O&M efficiency.
Seamless multi-platform integration: DMS MCP covers major cloud platforms, such as Alibaba Cloud and AWS, in addition to self-managed databases and data warehouses. This effectively reduces maintenance costs.
Application flow
The following diagram shows the data access request flow for a client.
Scenarios
Scenario 1: Generate Data Access Object (DAO) objects with an AI IDE such as Lingma
This section describes the differences between the traditional production flow and the intelligent development flow that uses DMS MCP.
Traditional production flow: First, you must manually execute table creation SQL statements using a database development tool. Then, you must write DAO code in an integrated development environment (IDE). Next, you must populate the database using a database tool. Finally, you can preview the data.
Intelligent development flow: First, you can design tables using an AI IDE. Then, DMS MCP automatically executes table creation SQL statements, the IDE automatically generates DAO code, and MCP intelligently populates the database. Finally, you can preview the data.
Scenario 2: Directly obtain data statistics using DMS NL2SQL
The market analysis department can use the DMS NL2SQL feature to obtain data statistics directly from natural language queries. This makes it easier to analyze data trends.
Fees
The DMS MCP service is in public preview and is free to use.
For more information about this solution, fill out the form with your contact details or join the DingTalk group (ID: 129600002740) to contact DMS technical support.
Preparations
Before you use DMS MCP to access a database instance hosted in DMS, you must add the instance to DMS and enable security hosting for it. You can add an instance in the following ways:
Method 1: Add an Alibaba Cloud database instance using the DMS MCP tool
This method supports only Alibaba Cloud database instances.
For instances added using this tool, DMS enables security hosting by default.
The DMS MCP Server provides the addInstance tool to help you quickly add instances to DMS. In an agent (conversational AI application) connected to DMS MCP, instruct the large language model to add an instance. Provide the instance details, such as the instance ID, database account, password, and region. The model automatically calls the corresponding tool.
Method 2: Add an Alibaba Cloud, third-party cloud, or self-managed database instance using the DMS console
This method supports adding Alibaba Cloud, third-party cloud, or self-managed database instances. The following steps use an ApsaraDB RDS for MySQL instance as an example.
Log in to DMS 5.0.
In the Database Instances area on the left side of the console, click the Add Instance icon
.NoteYou can also choose from the menu bar and click New to add an instance.
On the Add Instance page, enter the instance information.
Category
Configuration Item
Description
Data Source
-
The default value is Alibaba Cloud-MySQL. You can select another database type.
Basic Information
Database Type
Select the type of the database instance.
NoteAfter you select a database type, DMS automatically refreshes the configuration items on the Basic Information page.
Instance Region
Select the region where the database instance is located.
Other primary accounts
This configuration item appears if you select Cross-account Instance. Select the Alibaba Cloud account that owns the database instance.
NoteIf the Alibaba Cloud account is not in the list, you can click Add User to add the account of the instance owner. For more information, see Add a user.
Entry Method
Select how to add the database instance. You can add an instance by Instance ID or Connection String.
Instance ID or Connection String
Enter the Instance ID or Connection String.
NoteA connection string consists of an internal endpoint and an internal port. Example for ApsaraDB RDS for MySQL: rm-XXXXXXX.mysql.rds.aliyuncs.com:3306.
Security Hosting
Keep this enabled.
Enable security hosting to avoid direct user contact with account credentials and to implement fine-grained permission control.
Access Mode
The access modes are as follows:
Log On With An Account And Password: You must manually enter the database account and password that you have created.
Log On With A KMS Credential: Manually select the RDS credential created in KMS to log on to the database.
NoteThis parameter appears only when you add an RDS instance.
Value-added Feature Package
Select a feature package as needed.
Security Collaboration or Stable Change (select one): Security Collaboration supports all the capabilities of Stable Change and provides DevOps features. You can flexibly customize development and approval flows. Stable Change provides solutions for more stable database operations, such as lockless change and SQL Audit.
NoteIf you do not select the Security Collaboration or Stable Change feature package, the instance uses the Flexible Management mode by default.
Sensitive Data Protection: This feature lets you control and desensitize sensitive data. Enable this feature based on your business needs. For more information, see Enable Sensitive Data Protection.
Security Rule
This configuration item appears if you select Security Collaboration as the feature package.
You can select a default or custom security rule for fine-grained control over the database.
Classification And Grading Template
The Classification and Grading Template configuration item appears only when you enable Sensitive Data Protection.
Advanced Information
-
You can keep the default values for the parameters in the Advanced Information section. For more information about the parameters, see Add an ApsaraDB database instance.
After you enter the required information, click Test Connection in the lower-left corner.
NoteIf the connection test fails, review the error message and check the instance information that you entered.
After the Connection Successful message appears, click Submit.
The database instance is now added to DMS.
For more information about how to add an instance, see Add an ApsaraDB database instance and Add a third-party cloud or self-managed database instance.
Usage modes
The DMS MCP Server supports two usage modes.
Mode | Scenario |
Mode 1: Multi-instance mode | This mode is suitable for managing and accessing database instances in multiple environments. You can add all your instances to DMS and then manage them using the DMS MCP Server. |
Mode 2: Single-database mode | This mode is suitable for accessing a single database. You can configure the CONNECTION_STRING parameter in the server to specify the database to access. When the service starts, the DMS MCP Server directly accesses the specified database. Format: In the database list area on the left side of the DMS page, you can find and double-click the database name, and use the SQL window to quickly obtain the value of |
Quick start
Solution 1: Run using a PyPI package
Obtain an AccessKey or a Security Token Service (STS) token that has the AliyunDMSFullAccess permission.
For more information about how to grant permissions, see Permission Management.
Add the following configuration to the configuration file of the MCP client.
Multi-instance mode
{ "mcpServers": { "dms-mcp-server": { "command": "uvx", "args": [ "alibabacloud-dms-mcp-server@latest" ], "env": { "ALIBABA_CLOUD_ACCESS_KEY_ID": "access_id", "ALIBABA_CLOUD_ACCESS_KEY_SECRET": "access_key", "ALIBABA_CLOUD_SECURITY_TOKEN": "sts_security_token is optional. It is required when you use an STS token." } } } }Single-database mode
{ "mcpServers": { "dms-mcp-server": { "command": "uvx", "args": [ "alibabacloud-dms-mcp-server@latest" ], "env": { "ALIBABA_CLOUD_ACCESS_KEY_ID": "access_id", "ALIBABA_CLOUD_ACCESS_KEY_SECRET": "access_key", "ALIBABA_CLOUD_SECURITY_TOKEN": "sts_security_token is optional. It is required when you use an STS token.", "CONNECTION_STRING": "dbName@host:port" } } } }
Solution 2: Use the MCP service hosted in DMS
Log in to DMS 5.0.
Enable the MCP service.
Move the mouse pointer over the MCP icon
in the lower-right corner, and then click Enable Now in the dialog box that appears.
Select the scope for the MCP service.
All Databases: All databases added in the Preparations section.
Specified Database: One of the databases added in the Preparations section.
NoteIf you select Specified Database, you must also select the target database.
Click Confirm Enable.
After the MCP service is enabled, view the MCP configuration information.
NoteYou can move the mouse pointer over the MCP icon
in the lower-right corner to view the MCP configuration information in the dialog box that appears.Integrate the DMS MCP service into your AI agent and use it as needed.
NoteWhen you use the DMS MCP service, set the Bearer Token for authentication based on the Authorization field in the MCP Configuration Example from Step 3.
To change the database scope for the MCP service, you must first cancel the service. Move the mouse pointer over the MCP icon
, click Cancel Service, and then click Confirm Cancel in the dialog box. Then, enable the MCP service again.
Solution 3: Use the DMS MCP service hosted on other platforms
You can use the DMS MCP service on Alibaba Cloud Model Studio, ModelScope, and Function AI.
Tools supported by DMS MCP
Tool Name | Description | Applicable Mode |
| Adds an instance to DMS. If the instance already exists, its information is returned. | Multi-instance mode |
| Searches for a list of instances in DMS. | Multi-instance mode |
| Gets the details of an instance based on its host and port. | Multi-instance mode |
| Searches for a database based on its schema name. | Multi-instance mode |
| Gets the details of a specific database. | Multi-instance mode |
| Searches for data tables in a specified database. | Multi-instance mode & Single-database mode |
| Gets the details of a specific data table. | Multi-instance mode & Single-database mode |
| Executes an SQL script and returns the result. | Multi-instance mode & Single-database mode |
| Creates a data change ticket to submit a request for a DDL or DML operation. | Multi-instance mode & Single-database mode |
| Queries the details of a ticket, including its status, approval flow, and execution log. | Multi-instance mode & Single-database mode |
| Submits a ticket to the approval flow to be executed after it is approved. | Multi-instance mode & Single-database mode |
| Converts a natural language question into an executable SQL query statement. | Multi-instance mode |
| Queries a database using natural language (NL2SQL + SQL execution). | Single-database mode |
| Automatically fixes SQL statements that have syntax or logic errors. | Multi-instance mode & Single-database mode |
| Provides explanations and suggestions for SQL syntax issues. | Multi-instance mode & Single-database mode |
| Analyzes and optimizes SQL statements to improve execution efficiency. | Multi-instance mode & Single-database mode |