Migrate data from a self-managed SQL Server database to an ApsaraDB RDS for SQL Server instance by using a physical gateway - ApsaraDB RDS

This topic describes how to migrate data from a self-managed SQL Server database to an ApsaraDB RDS for SQL Server instance by using the physical gateway-based migration feature of Data Transmission Service (DTS). You can migrate the data from a self-managed SQL Server database that resides on an Elastic Compute Service (ECS) instance, in a data center, or on a third-party cloud server. The physical gateway-based migration feature uses the physical protocol gateway to connect to your RDS instance. This feature helps you easily and efficiently migrate data to the RDS instance at a high speed with no downtime. This feature is suitable for all scenarios.

Scenarios

If the server on which your self-managed SQL Server database resides can access the Internet, you can perform the operations in this topic to migrate data from the self-managed SQL Server database to an RDS instance.

Note

If the server on which your self-managed SQL Server database resides cannot access the Internet but uses a bastion host for network communication, you can migrate data from the self-managed SQL Server database to an RDS instance by following instructions provided in Migrate data from a self-managed SQL Server database to an ApsaraDB RDS for SQL Server instance by using the physical gateway on a bastion host.

Prerequisites

The self-managed SQL Server database must meet the following requirements:
- The self-managed SQL Server database runs SQL Server 2019, SQL Server 2017, SQL Server 2016, SQL Server 2014, SQL Server 2012, SQL Server 2008 R2, or SQL Server 2005.
  Note
  The self-managed SQL Server database resides on an ECS instance, in a data center, or on a third-party cloud server. The self-managed SQL Server database cannot be an RDS instance.
- The physical protocol gateway of Database Backup (DBS) is installed on the server on which the self-managed SQL Server database resides. For more information, see Appendix: Create a physical protocol gateway.
  Note
  You must install the physical protocol gateway in the same region as the RDS instance.
The RDS instance must meet the following requirements:
- The RDS instance runs SQL Server 2019, SQL Server 2017, SQL Server 2016, SQL Server 2012, or SQL Server 2008 R2.
- The RDS instance runs the same major engine version as the self-managed SQL Server database or a later version.
The following permissions are granted by using your Alibaba Cloud account:
- An AccessKey pair is created, and the AccessKey ID and AccessKey secret are obtained. The AccessKey pair is used for identity verification when you register with or log on to the DBS console from your backup gateway. For more information, see Create an AccessKey pair.
- The AliyunDBSFullAccess permissions is obtained if you want to add a backup gateway as a Resource Access Management (RAM) user. For more information, see Grant permissions to RAM users.
  Note
  - By default, the preceding permissions are granted to your Alibaba Cloud account when you activate DBS.
  - After you add a backup gateway, the backup gateway is available in the DBS console to all RAM users that belong to your Alibaba Cloud account.

Comparison between physical gateway-based migration and logical data migration

Item	Physical gateway-based migration	Logical data migration
Migration principle	The native physical backup protocol is used to write data to the destination database as data blocks.	The JDBC protocol is used to obtain SQL statements and write the statements to the destination database.
Operating system	Only SQL Server on Windows is supported. The version of the desktop operating system cannot be earlier than Windows XP. The version of the server operating system cannot be earlier than Windows Server 2003.	Unlimited.
Deployment	A physical protocol gateway must be installed on the server on which the database resides.	You do not need to install a gateway.
Network connectivity	The server on which the database resides can connect to the network of Alibaba Cloud. Note If the server on which your self-managed SQL Server database resides cannot access the Internet but uses a bastion host for network communication, you can migrate data from the self-managed SQL Server database to an RDS instance by following instructions provided in Migrate data from a self-managed SQL Server database to an ApsaraDB RDS for SQL Server instance by using the physical gateway on a bastion host.	The port to connect to the database must be enabled, or leased line-based connections must be established.
Source database permissions	The sysadmin role is required.	The SELECT permission is required for schema migration and full migration. The sysadmin permission is required for incremental migration. For more information, see Permissions required for database accounts.
Destination database version	The engine version of the destination database must be the same or later than the engine version of the source database.	You can migrate data from a source database that runs an engine version later than or earlier than the engine version of the destination database.
Destination database accessibility	The destination database is inaccessible during data migration.	You can read data from or write data to the destination database during data migration.
Limits on tables that can be migrated from the source database	Memory tables cannot be migrated. Fields of the FileStream and FileTables types cannot be migrated.	For more information, see Migrate data from a self-managed SQL Server database to an ApsaraDB RDS for SQL Server instance.
Migration scenarios	Data can be migrated from self-managed databases to the cloud. Note The self-managed SQL Server databases can reside on ECS instances, in data centers, or on third-party cloud servers.	Data can be migrated from self-managed databases or cloud-hosted databases to the cloud.
Migration efficiency	High.	Medium.
Data processing extract, transform, load (ETL)	Not supported.	Supported.
Table-level data filtering	Not supported.	Supported.
Database-level data filtering	Supported.	Supported.

Description

Item	Migration description
Limits on the source database	Only SQL Server on Windows is supported. The version of the desktop operating system cannot be earlier than Windows XP. The version of the server operating system cannot be earlier than Windows Server 2003. The size of the source database cannot exceed the remaining storage of the destination RDS instance. Otherwise, the cloud migration fails. The server on which the source database resides can access the Internet. The name of the source database cannot be the same as the name of the destination database on the RDS instance. The name of the source database cannot be the same as the names of some system databases or other database names that cannot be used. Examples: `reserved_dbname = ["master", "tempdb", "msdb", "model", "distribution","rdscore","sys_info"]` The network settings of the source database must meet the following requirements: If the firewall for the source database is disabled and the source database is a self-managed database on an ECS instance, you can connect the source database and the destination database over a virtual private cloud (VPC) or the Internet. If the firewall for the source database is disabled and the source database is a self-managed database that does not reside on an ECS instance, you can connect the source database and the destination database over the Internet. If the firewall for the source database is enabled, you must allow requests from `*.aliyuncs.com` to ensure that the source database can be connected to the destination database.
Database engine version	The engine version of the destination database must be the same or later than the engine version of the source database. 2019 > 2017 > 2016 > 2012 > 2008 R2 > 2005 SQL Server Developer > SQL Server Standard > SQL Server Web > SQL Server Express Note For more information about the types of migration that are supported by each SQL Server version, see Migration types that are supported by each SQL Server version.
In-memory database and mirroring technologies	The In-Memory OLTP and mirroring features of SQL Server are incompatible with each other. If you enable in-memory databases for the source database, the destination database cannot reside on an RDS instance that runs RDS High-availability Edition.
Number of databases	The number of databases that can be migrated to the RDS instance at a time varies based on the instance type of the RDS instance. For more information, see Maximum number of databases.
Other limits	When a physical migration task is in progress, you cannot back up databases. If you want to back up databases during physical migration, you must enable COPY_ONLY. Fields of the FileStream and FileTables types cannot be migrated. You can migrate a single database, multiple databases, or the entire instance. Memory tables cannot be migrated.

Usage notes

During data migration, data can be incrementally written to the self-managed SQL Server database. We recommend that you do not write data to the self-managed SQL Server database during the workload switchover to prevent data inconsistency.
During incremental migration, the RDS instance becomes temporarily unavailable. Wait until the incremental migration task is complete and use the RDS instance after the workloads are switched over to the RDS instance.

Migration types that are supported by each SQL Server version

Engine version of the self-managed SQL Server database	Engine version of the RDS instance
SQL Server Developer, SQL Server Standard, SQL Server Web, and SQL Server Express	SQL Server Enterprise
SQL Server Standard, SQL Server Web, and SQL Server Express	SQL Server Standard
SQL Server Web and SQL Server Express	SQL Server Web

Procedure

Go to the Data Migration Tasks page.
1. Log on to the Data Management (DMS) console.
2. In the top navigation bar, click DTS.
3. In the left-side navigation pane, choose DTS (DTS) > Data Migration.
Note
- Operations may vary based on the mode and layout of the DMS console. For more information, see Simple mode and Configure the DMS console based on your business requirements.
- You can also go to the Data Migration Tasks page of the new DTS console.
From the drop-down list next to Data Migration Tasks, select the region in which the data migration instance resides.
Note If you use the new DTS console, you must select the region in which the data migration instance resides in the upper-left corner.

Click Create Task and configure the parameters based on the following table.

Warning After you configure the source and destination databases, we recommend that you read the limits displayed at the top of the page. Otherwise, the task may fail or data inconsistency may occur.

Section	Parameter	Description
N/A	Task Name	The task name that DTS automatically generates. We recommend that you specify a descriptive name that makes it easy to identify the task. You do not need to specify a unique task name.
Source Database	Select an existing DMS database instance	The database instance that you want to use. You can choose whether to select an existing instance based on your business requirements. If you select an existing instance, DTS automatically populates the parameters for the database. If you do not select an existing instance, you must manually configure parameters for the database.
	Database Type	The database engine of the database. Select SQL Server.
	Access Method	The access method. Select Physical Protocol.
	Instance Region	The region in which the self-managed SQL Server database resides.
	Physical Protocol Gateway (DBS Backup Gateway)	The physical protocol gateway that you want to use. Note For more information about how to install a physical protocol gateway, see Appendix: Create a physical protocol gateway.
	Hostname or IP address	Default value: localhost.
	Port Number	The port number of the self-managed SQL Server database. Default value: 1433.
Destination Database	Select an existing DMS database instance	The instance that you want to use. You can use an existing instance based on your business requirements. If you select an existing instance, DTS automatically applies the parameter settings of the instance. You do not need to configure the corresponding parameters again. If you do not select an existing instance, you must configure the following parameters.
	Database Type	The database engine of the instance. Default value: SQL Server.
	Access Method	The access method. Default value: Alibaba Cloud Instance.
	Instance Region	The region in which the RDS instance resides.
	Instance ID	The ID of the RDS instance.
	Database Account	The username of the account of the RDS instance. Note For more information about how to create an account for an RDS instance and grant permissions to the account, see Create an account and Modify the permissions of a standard account on an ApsaraDB RDS for SQL Server instance.
	Database Password	The password of the account of the RDS instance.

Click Test Connectivity and Proceed.
In the CIDR Blocks of DTS Servers dialog box, click Test Connectivity and Proceed.
If the source or destination database is an Alibaba Cloud database instance, such as an ApsaraDB RDS for MySQL or ApsaraDB for MongoDB instance, DTS automatically adds the CIDR blocks of DTS servers to the IP address whitelist of the instance. If the source or destination database is a self-managed database hosted on an Elastic Compute Service (ECS) instance, DTS automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance, and you must make sure that the ECS instance can access the database. If the source or destination database is a self-managed database that is deployed in a data center or provided by a third-party cloud service provider, you must manually add the CIDR blocks of DTS servers to the IP address whitelist of the database to allow DTS to access the database. For more information, see the "CIDR blocks of DTS servers" section of the Add the CIDR blocks of DTS servers to the security settings of on-premises databases topic.
Warning If the CIDR blocks of DTS servers are automatically or manually added to the IP address whitelist of the database instance or ECS security group rules, security risks may arise. Therefore, before you use DTS to migrate data, you must understand and acknowledge the potential risks and take preventive measures, including but not limited to the following measures: enhance the security of your account and password, limit the ports that are exposed, authenticate API calls, regularly check the IP address whitelist or ECS security group rules and forbid unauthorized CIDR blocks, and connect the database to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.

Select objects for the task and configure advanced parameters.

Parameter	Description
Task Stages	If you want to perform only full data migration, select Full Data Migration. Full Data Migration is selected by default. To ensure business continuity during data migration, select Full Data Migration and Incremental Data Migration. Note If you do not select Incremental Data Migration, we recommend that you do not write data to the source database during data migration to ensure data consistency.
Source Objects	Select one or more objects from the Source Objects section. Click the icon to add the objects to the Selected Objects section. Note You can migrate a single database, multiple databases, or the entire instance.
Selected Objects	The objects that you want to migrate.

Click Next: Advanced Settings to configure advanced parameters.

Parameter	Description
Set Alerts	Specifies whether to set alerts for the data migration task. If the task fails or the migration latency exceeds the threshold, the alert contacts will receive notifications. Valid values: No: does not set alerts. Yes: sets alerts. If you select Yes, you must also set the alert threshold and alert contacts. For more information,see Configure monitoring and alerting when you create a DTS task.
Retry Time for Failed Connections	The retry time range for failed connections. If the source or destination database fails to be connected after the data migration task is started, DTS immediately retries a connection within the time range. Valid values: 10 to 1440. Unit: minutes. Default value: 720. We recommend that you set the parameter to a value greater than 30. If DTS reconnects to the source and destination databases within the specified time range, DTS resumes the data migration task. Otherwise, the data migration task fails. Note If you set different retry time ranges for multiple data migration tasks that have the same source or destination database, the shortest retry time range that is set takes precedence. When DTS retries a connection, you are charged for the DTS instance. We recommend that you specify the retry time range based on your business requirements. You can also release the DTS instance at your earliest opportunity after the source and destination instances are released.

In the lower-right corner of the page, click Next: Save Task Settings and Precheck.
Note
- DTS performs a precheck before a data migration task starts. You can start a data migration task only after the task passes the precheck.
- If the task fails the precheck, you can click the icon to the right of each failed item to view details.
  After you troubleshoot the issues based on the details, initiate a new precheck.
  If you do not need to troubleshoot the issues, ignore the failed items and initiate a new precheck.
In the Precheck step, wait until Success Rate reaches 100% and click Next: Purchase Instance.
In the Purchase Instance step, read and select Data Transmission Service (Pay-as-you-go) Service Terms.
Click Buy and Start to start the data migration task.
To view the data migration progress in the DTS console, perform the following steps: Go to the Data Migration page and click the ID of the data migration task. On the Task Management page, you can view the data migration progress.
Note
To view the data migration progress in the ApsaraDB RDS console, perform the following steps: Go to the Backup and Restoration page of the RDS instance and click the Backup Data Upload History tab to view the progress of full migration or incremental migration tasks.
If the full migration is complete and the incremental migration is in progress, go to the Task Management page of the required data migration task, click the Incremental Migration tab, and then click Migrate to Cloud.
In the Migrate to Cloud dialog box, click Switch Now and wait until the migration is complete.
Note
To ensure data consistency, we recommend that you stop writing data to the self-managed SQL Server database before you trigger the workload switchover. Wait for the data migration task to complete and then switch over workloads. The entire process requires several minutes.

Appendix: Create a physical protocol gateway

This section describes how to create a physical protocol gateway.

Prerequisites

You must assign the sysadmin role to the NT AUTHORITY\SYSTEM account. You can execute an SQL statement to assign the role.

ALTER SERVER ROLE [sysadmin] ADD MEMBER [NT AUTHORITY\SYSTEM]
GO

Usage notes

AliyunDBSAgent sets the recovery model of the database that you want to migrate to Full.

Note

If the recovery mode is Full and data is continuously written to the database, the disk space of the source database is occupied. This may exhaust the disk space of the source database. To prevent this issue, we recommend that you execute the following statement to set the recovery model to Simple after a data migration task is complete:

ALTER DATABASE Database name SET RECOVERY Simple;

Procedure

On the Configure Source and Destination Database page, click Create Physical Protocol Gateway.
In the Installation Command dialog box, configure the Backup gateway region and Backup Gateway Network Type parameters. Then, copy the command to install the physical protocol gateway and download the installation package.
Note
- Public Network: You can access DBS by using a public IP address.
- ECS Private Network/VPC: You can access DBS by using a leased line from Alibaba Cloud.
Install AliyunDBSAgent on a Windows device or server.
1. Double-click the setup.exe application in the downloaded file.
2. Select the installation language, click OK, and then click Next.
3. Read and accept the terms of the agreement and click Next.
4. Select DBS Agent and click Next.
5. Select an installation directory, click Next, and then click Yes.
6. Confirm the region that is specified by the Agent Region parameter, enter the AccessKey ID and AccessKey secret, and then click Next.
  Important
  Make sure that the region in which the physical protocol gateway is installed is the same as the region of the RDS instance.
  The AccessKey pair is stored in plaintext in the .\config\dbs-agent.conf file in the installation directory.
7. Confirm the component package that you want to install and click Next.
  The installation starts. The process requires approximately 1 to 5 minutes.
8. Click Done.
  You can view the installation progress of the gateway in the C:\Program Files\aliyun\dbs_agent\logs\agent.log installation directory. If information similar to the following figure is displayed, the gateway is installed.
In the Installation Command dialog box of the DTS console, click Complete Installation.
Check whether the physical protocol gateway is started.
1. In the Run dialog box of Windows, enter services.msc and click OK.
  The service manager dialog box of the system appears.
2. In the service manager dialog box, check whether the AliyunDBSAgent service is started. If the service is not started, right-click AliyunDBSAgent and select Start.
  Note
  By default, the system starts the backup gateway. You can also start and stop the AliyunDBSAgent service in the service manager.
View the created physical protocol gateway.
On the Backup Gateways page of the DBS console, click Refresh to view the created physical protocol gateway.
Note
The name of the new physical protocol gateway starts with DTS_.