All Products
Search

This Product

    ApsaraDB RDS:Configure the hybrid access solution

    Document Center

    ApsaraDB RDS:Configure the hybrid access solution

    Last Updated:Oct 09, 2023

    This topic describes how to configure the hybrid access solution for an ApsaraDB RDS for MySQL instance. This solution allows you to migrate your RDS instance from the classic network to a virtual private cloud (VPC) without network interruptions.

    Important

    Network security cannot be guaranteed for the classic network. All new RDS instances that use standard SSDs or enhanced SSDs (ESSDs) do not support the classic network. If you select the local SSD storage type when you create an RDS instance, you cannot select the classic network. To ensure your network security, we recommend that you migrate your RDS instances from the classic network to VPCs. For more information, see Change the network type from classic network to VPC.

    Background information

    When you migrate your RDS instance from the classic network to a VPC, the internal endpoint of the classic network type changes to the internal endpoint of the VPC type. In this case, the endpoint remains unchanged, but the IP address that is bound to the endpoint changes. This change causes a transient connection that lasts 30 seconds, and classic network-type Elastic Compute Service (ECS) instances can no longer connect to the RDS instance over an internal network. To facilitate a smooth migration, ApsaraDB RDS provides the hybrid access solution.

    Hybrid access indicates that your RDS instance can be connected by both ECS instances in the classic network and ECS instances in VPCs. If you use the hybrid access solution, ApsaraDB RDS retains the internal classic network endpoint and generates an internal VPC endpoint. This prevents transient connections when you migrate your RDS instance from the classic network to a VPC.

    For security and performance purposes, we recommend that you use only the internal VPC endpoint. You must specify a validity period for the hybrid access solution. When the hybrid access solution expires, ApsaraDB RDS releases the internal classic network endpoint and applications are unable to use the endpoint to connect to your RDS instance. You must add the internal VPC endpoint to your applications before the hybrid access solution expires. This ensures a smooth migration and prevents interruptions to your workloads.

    For example, a company uses the hybrid access solution to migrate its RDS instance from the classic network to a VPC. During the validity period of the hybrid access solution, some applications use the internal VPC endpoint to connect to the RDS instance, and the other applications continue to use the internal classic network endpoint to connect to the RDS instance. When all applications of the company can use the internal VPC endpoint to connect to the RDS instance, the internal classic network endpoint can be released.

    Limits

    During the validity period of the hybrid access solution, your RDS instance has the following limits:

    • The network type of the RDS instance cannot be changed to classic network.

    • The RDS instance cannot be migrated to another zone.

    • Change between RDS High-availability Edition and RDS Enterprise Edition is not supported.

    Prerequisites

    • The RDS instance resides in the classic network.

    • Available VPCs and vSwitches exist in the zone in which the RDS instance resides. For more information about how to create VPCs and vSwitches, see Create and manage a VPC.

    Change the network type from classic network to VPC

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane of the page that appears, click Database Connection.

    3. Click Switch to VPC.

    4. In the dialog box that appears, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.

      • Select a VPC. We recommend that you select the VPC in which the required ECS instance resides. If the ECS instance and the RDS instance reside in different VPCs, these instances can communicate over an internal network only if you use Cloud Enterprise Network (CEN) or VPN Gateway to enable network communication between the VPCs of these instances. For more information, see Overview of CEN or Establish IPsec-VPN connections between two VPCs.

      • Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone in which the RDS instance resides. For more information, see Create a vSwitch.

      • Select Reserve original classic endpoint. In this case, your RDS instance runs in hybrid access mode. Both classic network-type ECS instances and VPC-type ECS instances can access your RDS instance over an internal network.

        Note

        • If you change the network type from classic network to VPC, no transient connections occur. The connection between each classic network-type ECS instance and the RDS instance remains available until the classic network endpoint expires.

        • Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-type ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC with no downtime.

    5. Add the private IP address of the required VPC-type ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.

    6. Add the VPC endpoint of your RDS instance to each required VPC-type ECS instance before the classic network endpoint expires.

      Note

      If the RDS instance resides in a VPC and you want to connect a classic network-type ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.

    Change the expiration date of the internal classic network endpoint

    During the validity period of the hybrid access solution, you can change the expiration date of the classic network endpoint based on your business requirements. The expiration date is immediately recalculated starting from the day when you make the change. For example, the classic network endpoint is configured to expire on August 18, 2017. On August 15, 2017, you extend the validity period of the classic network endpoint by 14 days. In this case, ApsaraDB RDS releases the classic network endpoint on August 29, 2017.

    To change the expiration date, perform the following operations:

    1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

    2. In the left-side navigation pane of the page that appears, click Database Connection.

    3. On the Instance Connection tab, click Change Expiration Time.

    4. In the Change Expiration Time dialog box, select an expiration date and click OK.