ApsaraDB RDS:Change the network type

Network types

• Classic network: RDS instances of the classic network type cannot be isolated by using network settings. You can block unauthorized access to the RDS instances of the classic network type only by configuring IP address whitelists or security groups.

• Virtual private cloud (VPC): Each VPC is an isolated virtual network. VPCs are more secure than the classic network. We recommend that you choose the VPC network type.

  You can customize route tables, CIDR blocks, and gateways for a VPC. In addition, you can connect your data center to a VPC by using Express Connect circuits or VPNs. The data center and the VPC comprise a virtual data center. You can use the virtual data center to migrate your workloads to the cloud with no downtime.

Limits

• If your RDS instance runs SQL Server 2008 R2, you cannot change the network type from classic network to VPC. However, there are two options:

  • Option 1: Upgrade a major version for the instance and change the instance's network type to VPC during the upgrade.

  • Option 2: Purchase a new RDS instance (select the required VPC during purchase), and migrate data to the new instance.

• If your RDS instance is a temporary RDS instance, you cannot change the network type from classic network to VPC. This is because temporary RDS instances support only the classic network type.

View the network type

1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

2. In the left-side navigation pane, click Database Connection. On the page that appears, view the network type of the RDS instance.

Change the network type from classic network to VPC

1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

2. In the left-side navigation pane, click Database Connection.

3. On the Instance Connection tab, click Switch to VPC.

   Note

   If you cannot find the button, first ensure that the network type of your RDS for SQL Server instance is set to classic network.

4. In the Switch to VPC dialog box, select a VPC and a vSwitch and specify whether to retain the classic network endpoint.

   • Select a VPC. We recommend that you select the VPC where the Elastic Compute Service (ECS) instance that you want to connect resides. If the ECS and RDS instances reside in different VPCs, these instances can only communicate over public networks unless you create Cloud Enterprise Network (CEN) or VPN Gateway between the VPCs of these instances. For more information, see Overview of Alibaba Cloud CEN or Establish IPsec-VPN connections between two VPCs.

   • Select a vSwitch. If no vSwitches are available in the selected VPC, create one in the same zone where the instance is deployed. For more information, see Create a vSwitch.

   • Clear or select Reserve original classic endpoint.

     Operation	Description
     Clear Reserve original classic endpoint	The classic network endpoint is removed and replaced with a VPC endpoint. When you change the network type from classic network to VPC, a transient connection that lasts approximately 30 seconds occurs and ECS instances that reside in the classic network are immediately disconnected from your RDS instance.
     Select Reserve original classic endpoint	The classic network endpoint is retained, and a new VPC endpoint is generated. In this case, the RDS instance runs in hybrid access mode. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance. In hybrid access mode, classic network-type ECS instances and VPC-type ECS instances can connect to the RDS instance over an internal network. When you change the network type from classic network to VPC, no transient connection occurs. The connection between each classic network-hosted ECS instance and the RDS instance remains available until the classic network endpoint expires. Note Before the classic network endpoint expires, you must add the VPC endpoint to your application that runs on a VPC-type ECS instance. This allows ApsaraDB RDS to migrate your workloads to the selected VPC with no downtime. ApsaraDB RDS sends a text message to the mobile number that is bound to your Alibaba Cloud account every day within seven days before the classic network endpoint expires. For more information, see Configure the hybrid access solution for an ApsaraDB RDS for SQL Server instance.

5. Add the internal IP address of the required VPC-type ECS instance to an IP address whitelist of the VPC network type on the RDS instance. This way, the ECS instance can access the RDS instance over an internal network. If no IP address whitelists of the VPC network type are available, create one.

   Note

   You can view the private IP address of the ECS instance on the Instance Details page.

   

6. Add the VPC endpoint of the RDS instance to the required VPC-type ECS instance.

   • If you select Reserve original classic endpoint, add the VPC endpoint of your RDS instance to each required VPC-type ECS instance before the classic network endpoint expires.

   • If you clear Reserve original classic endpoint, the connection between each classic network-hosted ECS instance and the RDS instance over an internal network is immediately closed after the network type is changed. You must add the VPC endpoint of the RDS instance to your application that runs on the required VPC-type ECS instance.

   Note

   If the RDS instance resides in a VPC and you want to connect a classic network-hosted ECS instance to the RDS instance over an internal network, you can use ClassicLink to establish a connection. Alternatively, you can migrate the ECS instance to the same VPC as the RDS instance. For more information, see Use ClassicLink to connect classic network and VPC.

Related operations

You can also use API to change the network type of an RDS instance from classic network to VPC. For more information, see ModifyDBInstanceNetworkType.