A distributed transaction whitelist allows for distributed transactions between an Elastic Compute Service (ECS) instance and an ApsaraDB RDS for SQL Server instance. This topic describes how to configure a distributed transaction whitelist for an ApsaraDB RDS for SQL Server instance.
For more information about the related best practices, see Connect Kingdee K/3 WISE to an ApsaraDB RDS for SQL Server instance.
Prerequisites
The RDS instance meets the following requirements:
The RDS instance runs SQL Server 2012 SE or SQL Server 2012 EE. Later SQL Server SE or SQL Server EE is also supported.
The RDS instance runs RDS High-availability Edition.
The RDS instance belongs to the general-purpose or dedicated instance family. The shared instance family is not supported.
You can go to the Basic Information page of your RDS instance to view the preceding information.
Configure the RDS instance
- Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane of the page that appears, click Whitelist and SecGroup. On the Whitelist Settings tab of the page that appears, click Modify to the right of the IP address whitelist that is labeled
defaultand add the IP address of the ECS instance to the whitelist.NoteIf the ECS instance and RDS instance reside in the same virtual private cloud (VPC), you must enter the private IP address of the ECS instance. You can view the private IP address of the ECS instance on the Instance Details page of the ECS instance in the ECS console.
If the ECS instance and RDS instance reside in different VPCs, you must enter the public IP address of the ECS instance. In addition, you must apply for a public endpoint for the RDS instance. For more information, see Apply for or release a public endpoint on an ApsaraDB RDS for SQL Server instance.
Click OK.
In the left-side navigation pane, click Data Security. On the page that appears, click the Distributed Transaction Whitelist tab.
Click Create Whitelist. In the dialog box that appears, configure the following parameters and click OK.
Parameter
Description
Whitelist Name:
Enter a name for the whitelist. The name must be 2 to 32 characters in length. The name can contain digits, lowercase letters, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or digit.
IP Addresses
Enter the IP address of the ECS instance and the name of the Windows computer on which the ECS instance resides. Separate the IP address and the computer name with a comma (,). Example: 192.168.1.100,k3ecstest.
If you want to enter more than one entry, make sure that each entry is in a different line.
NoteTo view the computer name, open .
Configure the ECS instance
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region in which the instance resides.
Find the ECS instance and click the instance ID.
In the top navigation bar, click Security Groups.
Find the security group that you want to manage and click Add Rules in the Actions column.
On the Inbound tab, click Add Rule.
Configure the following parameters.
Parameter
Description
Policy
Select Allow.
Priority
Retain the default value 1.
Protocol Type
Select Custom TCP.
Port
Enter 135.
NotePort 135 is the fixed port for the Remote Procedure Call (RPC) service.
Authorization Object
Enter the two IP addresses of the RDS instance in the Authorization Object field. You can view these IP addresses on the tab of the Data Security page.
Description
Enter a description. The description must be 2 to 256 characters in length, and cannot start with
http://orhttps://.Click OK.
Create another security group rule. This rule has the same parameter settings as the previous rule except for the Port Range parameter. Set the Port Range parameter to 1024/65535.