This topic describes how to configure the hybrid access mode for an ApsaraDB RDS for SQL Server instance. This mode allows you to retain the endpoints of both the classic network type and virtual private cloud (VPC) type of your RDS instance. This way, you can migrate your RDS instance from the classic network to a VPC without service interruptions.
Background information
When you migrate your RDS instance from the classic network to a VPC, the type of the internal endpoint changes from classic network to VPC. In this case, the endpoint string remains unchanged. This change causes a transient connection that lasts approximately 30 seconds, and classic network-type Elastic Compute Service (ECS) instances can no longer connect to your RDS instance over an internal network. To facilitate smooth migration, ApsaraDB RDS for SQL Server provides the hybrid access mode.
Hybrid access indicates that your RDS instance can be connected by both classic network-type and VPC-type ECS instances. In hybrid access mode, the system retains the original internal endpoint of the classic network type and generates an internal endpoint of the VPC type for your RDS instance. This prevents transient connections when you change the network type.
For security and performance purposes, we recommend that you use only the VPC type. You must specify a validity period for the hybrid access mode. When the hybrid access mode expires, the system releases the original internal endpoint of the classic network type and you cannot use the endpoint to connect your applications to your RDS instance. Before the hybrid access mode expires, you must add the internal endpoint of the VPC type to your applications. This ensures a smooth migration and prevents interruptions to your workloads.
For example, a company uses the hybrid access mode to change the network type of an RDS instance from classic network to VPC. During the validity period of the hybrid access mode, some applications use the internal endpoint of the VPC type to connect to the RDS instance, and other applications continue to use the internal endpoint of the classic network type to connect to the RDS instance. When all applications of the company can use the internal endpoint of the VPC type to connect to the RDS instance, you can release the internal endpoint of the classic network type.
Prerequisites
The RDS instance resides in the classic network.
A VPC and a vSwitch are created in the zone in which the RDS instance resides. For more information about how to create VPCs and vSwitches, see Create and manage a VPC.
Limits
If the hybrid access mode is enabled, you cannot change the network type to classic network or change the zone of the RDS instance. For more information, see Migrate an ApsaraDB RDS for SQL Server instance across zones.
If your RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC. However, there are two options:
Option 1: Upgrade a major version for the instance and change the instance's network type to VPC during the upgrade.
Option 2: Purchase a new RDS instance (select the required VPC during purchase), and migrate data to the new instance.
If your RDS instance is a temporary RDS instance, you cannot change the network type from classic network to VPC. This is because temporary RDS instances support only the classic network type.
Change the network type from classic network to VPC
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
Click Switch to VPC.
NoteIf Switch to VPC is not displayed, you must check whether your RDS instance meets the requirements described in the Prerequisites and Limits sections.
In the dialog box that appears, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.
Select a VPC. We recommend that you select the VPC in which the ECS instance that you want to connect resides. If the ECS instance and the RDS instance reside in different VPCs, these instances cannot communicate over an internal network unless you use Cloud Enterprise Network (CEN) or VPN Gateway to enable network communication between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs.
Select a vSwitch. If no vSwitches are available in the selected VPC, create a vSwitch in the zone in which the RDS instance resides. For more information, see Create and manage a vSwitch.
Clear or select Reserve original classic endpoint. For more information, see the following table.
Operation
Description
Clear Reserve original classic endpoint
The classic network endpoint is not retained and changes to a VPC endpoint. When you change the network type from classic network to VPC, a transient connection that lasts approximately 30 seconds occurs and the connection between each classic network-type ECS instance and your RDS instance over an internal network is immediately closed.
Select Reserve original classic endpoint
The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, your RDS instance runs in hybrid access mode. Both classic network-type and VPC-type ECS instances can access your RDS instance over an internal network.
If you change the network type from classic network to VPC, no transient connections occur. The connection between each classic network-type ECS instance and the RDS instance over an internal network remains available until the classic network endpoint expires.
Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-type ECS instance. This allows the system to migrate your workloads to the selected VPC with no downtime.
Add the private IP address of the required ECS instance to an IP address whitelist of the RDS instance. This way, the ECS instance can connect to the RDS instance over an internal network.
If you select Reserve original classic endpoint, you must add the VPC endpoint of your RDS instance to each VPC-type ECS instance before the classic network endpoint expires.
If you clear Reserve original classic endpoint, the connection between each classic network-type ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the VPC endpoint of your RDS instance to your ECS instance.
NoteIf you want to connect a classic network-type ECS instance to the VPC-type RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Overview.
Change the expiration date of the internal endpoint of the classic network type
During the validity period of the hybrid access mode, you can change the expiration date of the classic network endpoint based on your business requirements. The expiration date is immediately recalculated starting from the day when you make the change. For example, the classic network endpoint is configured to expire on August 18, 2017. On August 15, 2017, you extend the validity period of the classic network endpoint by 14 days. In this case, the classic network endpoint is released on August 29, 2017. To change the expiration date, perform the following operations:
Log on to the ApsaraDB RDS console and go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the instance ID.
In the left-side navigation pane, click Database Connection.
On the Instance Connection tab, click Change Expiration Time.
In the Change Expiration Time dialog box, select an expiration date and click OK.
References
For more information about the differences between VPCs and the classic network, see FAQ about network types.
To change the network type from classic network to VPC by calling an API operation, see ModifyDBInstanceNetworkType.
If an ECS instance cannot connect to an RDS instance over an internal network, an RDS instance cannot be accessed over the Internet, or other connection errors occur, see Resolve the connection failure.