Migrate an ApsaraDB RDS for SQL Server instance from a classic network to a VPC - ApsaraDB RDS

How it works

When you switch an RDS instance from the classic network to a VPC, the internal endpoint's network type changes, though the endpoint string itself remains unchanged. Without hybrid access mode, this causes a transient connection lasting approximately 30 seconds, and all classic network-type ECS instances immediately lose internal network access to the RDS instance.

Hybrid access mode avoids this disruption: the system keeps the original classic network internal endpoint active and generates a new VPC internal endpoint at the same time. Both classic network-type and VPC-type ECS instances can reach the instance over the internal network throughout the migration.

You must set a validity period for the classic network endpoint when enabling hybrid access mode. Before it expires, add the VPC internal endpoint to every application running on VPC-type ECS instances. When the endpoint expires, the system releases it automatically.

For security and performance purposes, we recommend that you use only the VPC type.

Prerequisites

Before you begin, make sure that:

The RDS instance is on the classic network
A VPC and a vSwitch exist in the same zone as the RDS instance — see Create and manage a VPC

Limitations

Hybrid access mode active: You cannot switch the network type back to classic network or change the instance's zone. For details, see Migrate an ApsaraDB RDS for SQL Server instance across zones.
SQL Server 2008 R2: Direct classic-to-VPC migration is not supported. Use one of the following alternatives instead:
- Upgrade the major version: Upgrade the instance and select the target VPC during the upgrade.
- Migrate to a new instance: Create a new RDS instance on the desired VPC, then migrate your data.
- Release the classic network endpoint: On the Database Connection page, manually release the classic network endpoint. After release, the instance is accessible only via its public endpoint — see Apply for or release a public endpoint.
Warning
The classic network endpoint cannot be recovered after release. Verify that your application can connect using the public endpoint before releasing it.
Temporary RDS instances: Cannot be migrated from classic network to VPC. Temporary instances support only the classic network type.

Switch to VPC

Before switching, decide whether to retain the classic network endpoint. This choice determines whether a transient connection occurs and how you update your application endpoints afterward.

Option	Effect
Clear Reserve original classic endpoint	Classic network endpoint is not retained. A transient connection lasting approximately 30 seconds occurs, and classic network-type ECS instances immediately lose internal network access. Update all application endpoints immediately after the switch.
Select Reserve original classic endpoint	Classic network endpoint is retained, and a new VPC endpoint is generated. No transient connection occurs. Classic network-type ECS instances retain internal network access until the classic network endpoint expires. Add the VPC endpoint to VPC-type ECS instances before the classic network endpoint expires.

After choosing your option, follow these steps:

Log on to the ApsaraDB RDS console. In the top navigation bar, select the region where your instance resides. Find the instance and click its ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.

If Switch to VPC is not displayed, verify that your instance meets all prerequisites and is not subject to the limitations listed above.
In the dialog box, select a VPC and a vSwitch, then set the Reserve original classic endpoint option based on your decision above. Selecting the VPC: Choose the VPC where your ECS instances reside. If the ECS and RDS instances are in different VPCs, they cannot communicate over the internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway to connect the VPCs. Selecting a vSwitch: If no vSwitches are available in the selected VPC, create one in the zone where your RDS instance resides. See Create and manage vSwitches.
Add the private IP address of each ECS instance to an IP address whitelist of the RDS instance so they can connect over the internal network.
Update your application endpoints:
- If you selected Reserve original classic endpoint: Add the VPC internal endpoint to each VPC-type ECS instance before the classic network endpoint expires.
  
  Note
  To connect an ECS instance in a classic network to an RDS instance in a VPC over an internal network, you can use ClassicLink or migrate the ECS instance to the VPC.
- If you cleared Reserve original classic endpoint: Add the VPC internal endpoint to your ECS instances immediately, as classic network internal access is already closed.
To connect a classic network-type ECS instance to the VPC-type RDS instance over the internal network, use ClassicLink or migrate the ECS instance into the same VPC. See Overview.

Extend the classic network endpoint expiration date

During the hybrid access period, you can push back the expiration date of the classic network endpoint. The new expiration date is calculated from the day you make the change — not from the original expiration date.

For example: the endpoint is set to expire on August 18, 2017. On August 15, 2017, you extend it by 14 days. The new expiration date is August 29, 2017.

Log on to the ApsaraDB RDS console. Select the region, find the instance, and click its ID.
In the left-side navigation pane, click Database Connection.
On the Instance Connection tab, click Change Expiration Time.
In the Change Expiration Time dialog box, select a new expiration date and click OK.

What's next

FAQ about network types — differences between VPC and classic network
ModifyDBInstanceNetworkType — switch network type via API
Resolve the connection failure — troubleshoot ECS-to-RDS connection issues