A distributed transaction whitelist allows for distributed transactions between an Elastic Compute Service (ECS) instance and an ApsaraDB RDS for SQL Server instance. This topic describes how to configure a distributed transaction whitelist.

For more information about the related best practices, see Connect Kingdee K/3 WISE to ApsaraDB RDS for SQL Server.

Prerequisites

  • The RDS instance runs one of the following SQL Server versions on RDS High-Availability Edition:
    • SQL Server Standard edition: SQL Server 2012 or later
    • SQL Server Enterprise edition: SQL Server 2012 or later
  • Your RDS instance belongs to the general-purpose instance family or the dedicated instance family.

Configure the RDS instance

  1. Access RDS Instances, select a region at the top, and then click the ID of the target RDS instance.
  2. In the left-side navigation pane, click Data Security.
  3. On the Whitelist Settings tab, click Modify on the right. In the Edit Whitelist dialog box, enter the IP address of your ECS instance.
    Note
    • If the ECS instance and RDS instance reside in the same virtual private cloud (VPC), you must enter the private IP address of the ECS instance. You can view the private IP address of the ECS instance on the Instance Details page of the ECS instance in the ECS console.
    • If the ECS instance and RDS instance reside in different VPCs, you must enter the public IP address of the ECS instance. In addition, you must apply for a public endpoint for the RDS instance. For more information, see Apply for or release a public endpoint on an ApsaraDB RDS for SQL Server instance.
  4. Click OK.
  5. Click the Whitelist for Distributed Transaction tab.
  6. Click Create Whitelist.
  7. Configure the following parameters.
    Parameter Description
    Whitelist Name Enter the name of the whitelist. The name must be 2 to 32 characters in length. The name can contain digits, lowercase letters, and underscores (_). The name must start with a lowercase letter and end with a lowercase letter or digit.
    IP Addresses Enter the IP address of the ECS instance and the name of the Windows computer in which the ECS instance resides. Separate the IP address and the computer name with a comma (,). Example: 192.168.1.100,k3ecstest.

    If you want to enter more than one entry, make sure that each entry is in a different line.

    Note To view the computer name, choose Control Panel > System and Security > System on your computer.
  8. Click OK.

Configure the ECS instance

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select the region in which the ECS instance resides.
  4. Find the ECS instance and click the instance ID.
  5. In the top navigation bar, click Security Groups.
  6. Find the security group that you want to manage and click Add Rules in the Actions column.
  7. On the Inbound tab, click Add Rule.
  8. Configure the following parameters.
    Parameter Description
    Action Select Allow.
    Priority Retain the default value 1.
    Protocol Type Select Custom TCP.
    Port Range Enter 135.
    Note Port 135 is the fixed port for the Remote Procedure Call (RPC) service.
    Authorization Object Enter the two IP addresses of the RDS instance in the Authorization Object field. You can view these IP addresses on the Whitelist for Distributed Transaction tab of the Data Security page in the ApsaraDB RDS console.
    Description Enter the description of the security group rule. The description must be 2 to 256 characters in length and cannot start with http:// or https://.
  9. Click Save.
  10. Create another security group rule. This rule has the same parameter settings as the previous rule except for the Port Range parameter. Set Port Range to 1024/65535.