All Products
Search
Document Center

ApsaraDB RDS:Create and use a host account for logons

Last Updated:Dec 17, 2024

ApsaraDB RDS for SQL Server allows you to create a host account for your ApsaraDB RDS for SQL Server instance. You can use the host account to log on to the host on which the RDS instance is deployed. This facilitates the management of the RDS instance.

Prerequisites

  • The RDS instance meets the following requirements:

    • The RDS instance runs RDS Basic Edition, RDS High-availability Edition, or RDS Cluster Edition. If your RDS instance runs RDS High-availability Edition, make sure that the instance runs SQL Server 2012 or later.

    • The RDS instance belongs to the general-purpose or dedicated instance family. The shared instance family is not supported.

    • The RDS uses the subscription or pay-as-you-go billing method. Serverless instances are not supported.

    • The RDS instance resides in a virtual private cloud (VPC). For more information about how to change the network type of an RDS instance, see Change the network type.

    • The creation time of the RDS instance meets the following requirements:

      • If the RDS instance runs RDS High-availability Edition or RDS Cluster Edition, the instance is created on or after January 01, 2021.

      • If the RDS instance runs RDS Basic Edition, the instance is created on or after September 02, 2022.

      Note

      You can view the Creation Time parameter of an RDS instance in the Status section of the Basic Information page in the ApsaraDB RDS console.

  • An Alibaba Cloud account is used to log on to the RDS instance.

Usage notes

  • RDS instances in CloudTmall system do not support host accounts.

  • You can create only one host account that has the permissions of a system admin account for each RDS instance.

  • The following usernames cannot be used for host accounts:

    root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds

Impacts

A host account has the highest permissions on the host. The highest permissions are beyond the management scope of ApsaraDB RDS for SQL Server. If you create a host account for your RDS instance, the service availability that is specified in the service level agreement (SLA) is no longer guaranteed for the RDS instance. However, you can use the RDS instance and obtain after-sales service as expected. If you do not create a host account for your RDS instance, the service availability that is specified in the SLA is guaranteed for the RDS instance.

Suggestions

A host account has high permissions that are beyond the management scope of ApsaraDB RDS for SQL Server. If you use a host account, take note of the following items:

  • Do not manage the rdscore database on an RDS instance that runs RDS High-availability Edition or RDS Cluster Edition.

  • Do not manage system accounts. For more information, see System accounts.

  • Do not perform physical backups on your on-premises device. If you perform physical backups on your on-premises device, the point-in-time recovery (PITR) of your RDS instance is affected. We recommend that you use the backup feature provided by ApsaraDB RDS. For more information, see Back up an ApsaraDB RDS for SQL Server instance.

  • Do not move the RDS instance that runs RDS High-availability Edition or RDS Cluster Edition or manage high-availability objects, such as the DROP AVAILABILITY GROUP operation.

  • Do not store data in drive C (system disk).

  • Do not modify the existing server-level triggers in the RDS instance, including [_$$_tr_$$_rds_alter_database], [_$$_tr_$$_rds_alter_login], [_$$_tr_$$_rds_create_database], [_$$_tr_$$_rds_create_login], [_$$_tr_$$_rds_drop_database], [_$$_tr_$$_rds_drop_login], and [_$$_tr_$$_rds_server_role].

  • Do not modify the core configurations of the RDS instance, such as the startup account and port.

  • Do not change the password of the Windows administrator.

Procedure

Step 1: Create a host account

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the left-side navigation pane, click Accounts.

  3. On the Host Account tab, click Create Account and configure the following parameters.

    Parameter

    Description

    Host Account Name

    The username of the account. It must be 2 to 64 characters in length and can contain lowercase letters, digits, and underscores (_). The username must start with a lowercase letter and end with a lowercase letter or a digit.

    Account Type

    • Standard Account: Create a host account that has the permissions of a standard account.

    • System Admin Account: Create a host account that has the permissions of a system admin account. You can create only one host account that has the permissions of a system admin account for each RDS instance. For more information about system admin accounts, see Create a system admin account.

    New Password

    The password of the account. The password must meet the following requirements:

    • It must be 8 to 32 characters in length.

    • It can contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

    • Special characters include ! @ # $ % ^ & * ( ) _ + - =

    Confirm Password

    The password of the account.

    Description

    The description of the account. The description can be up to 256 characters in length.

  4. Read and select I have read and agree to the changes to the RDS Service Level Agreement caused by the creation of a host account.

  5. Click OK.

  6. Optional. Reset the password of the host account or delete the host account.

    You can click Reset Password or Delete in the Actions column to reset the password of the host account or delete the host account.

    image..png

Step 2: Use the host account to log on to the host on which the RDS instance runs

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the left-side navigation pane, click Accounts.

  3. On the Host Account tab, find the required account and click Remote Connection (Primary) in the Actions column.

  4. In the Remote Connection dialog box, enter the password of the host account.

    image..png

  5. Click OK.

    The system generates a webshell URL and automatically connects to the host on which the RDS instance runs by using the URL. The system displays a webshell page in a pop-up window. The page may be blocked by the browser. If the page is blocked, you can configure the browser to allow the appearance of the page. The following figure provides an example.

    image..png

FAQ

Can I call operations to obtain the hostname of my RDS instance and the webshell URL to connect to the host of my RDS instance?

Yes, you can call the DescribeDBInstanceIpHostname operation to obtain the hostname of your RDS instance, and then the DescribeHostWebShell operation to obtain the webshell URL to connect to the host of your RDS instance. The hostname is specified by the IpHostnameInfos parameter, and the webshell URL is specified by the LoginUrl parameter.

Note
  • The webshell URL is valid for 2 minutes. You must use the URL at the earliest opportunity. If the URL is invalid, you cannot connect to the host of your RDS instance.

  • In this case, you can call the required operation to obtain the most recent URL.

Related operations

Operation

Description

DescribeHostWebShell

Queries the webshell URL that can be used to connect to the host of the ApsaraDB RDS for SQL Server instance.

DescribeDBInstanceIpHostname

Queries the hostname of the Elastic Compute Service (ECS) instance to which the ApsaraDB RDS for SQL Server instance is connected.

References

You can use SQL Server Reporting Services (SSRS) to manage an instance after you log on to the host on which the RDS instance resides. For more information, see Use a webshell to log on to the host on which an ApsaraDB RDS for SQL Server instance resides and use SSRS on the host.