ApsaraDB RDS for SQL Server allows you to create a host account for your ApsaraDB RDS for SQL Server instance. You can use the host account to log on to the host on which the RDS instance is deployed. This facilitates the management of the RDS instance.
Prerequisites
The RDS instance meets the following requirements:
The RDS instance runs RDS Basic Edition, RDS High-availability Edition, or RDS Cluster Edition. If your RDS instance runs RDS High-availability Edition, make sure that the instance runs SQL Server 2012 or later.
The RDS instance belongs to the general-purpose or dedicated instance family. The shared instance family is not supported.
The RDS uses the subscription or pay-as-you-go billing method. Serverless instances are not supported.
The RDS instance resides in a virtual private cloud (VPC). For more information about how to change the network type of an RDS instance, see Change the network type.
The creation time of the RDS instance meets the following requirements:
If the RDS instance runs RDS High-availability Edition or RDS Cluster Edition, the instance is created on or after January 01, 2021.
If the RDS instance runs RDS Basic Edition, the instance is created on or after September 02, 2022.
NoteYou can view the Creation Time parameter of an RDS instance in the Status section of the Basic Information page in the ApsaraDB RDS console.
An Alibaba Cloud account is used to log on to the RDS instance.
Usage notes
RDS instances in CloudTmall system do not support host accounts.
You can create only one host account that has the permissions of a system admin account for each RDS instance.
The following usernames cannot be used for host accounts:
root|admin|eagleye|master|aurora|sysadmin|administrator|mssqld|public|securityadmin|serveradmin|setupadmin|processadmin|diskadmin|dbcreator|bulkadmin|tempdb|msdb|model|distribution|mssqlsystemresource|guest|add|except|percent|all|exec|plan|alter|execute|precision|and|exists|primary|any|exit|print|as|fetch|proc|asc|file|procedure|authorization|fillfactor|public|backup|for|raiserror|begin|foreign|read|between|freetext|readtext|break|freetexttable|reconfigure|browse|from|references|bulk|full|replication|by|function|restore|cascade|goto|restrict|case|grant|return|check|group|revoke|checkpoint|having|right|close|holdlock|rollback|clustered|identity|rowcount|coalesce|identity_insert|rowguidcol|collate|identitycol|rule|column|if|save|commit|in|schema|compute|index|select|constraint|inner|session_user|contains|insert|set|containstable|intersect|setuser|continue|into|shutdown|convert|is|some|create|join|statistics|cross|key|system_user|current|kill|table|current_date|left|textsize|current_time|like|then|current_timestamp|lineno|to|current_user|load|top|cursor|national|tran|database|nocheck|transaction|dbcc|nonclustered|trigger|deallocate|not|truncate|declare|null|tsequal|default|nullif|union|delete|of|unique|deny|off|update|desc|offsets|updatetext|disk|on|use|distinct|open|user|distributed|opendatasource|values|double|openquery|varying|drop|openrowset|view|dummy|openxml|waitfor|dump|option|when|else|or|where|end|order|while|errlvl|outer|with|escape|over|writetext||dbo|login|sys|drc_rds
Impacts
A host account has the highest permissions on the host. The highest permissions are beyond the management scope of ApsaraDB RDS for SQL Server. If you create a host account for your RDS instance, the service availability that is specified in the service level agreement (SLA) is no longer guaranteed for the RDS instance. However, you can use the RDS instance and obtain after-sales service as expected. If you do not create a host account for your RDS instance, the service availability that is specified in the SLA is guaranteed for the RDS instance.
Suggestions
A host account has high permissions that are beyond the management scope of ApsaraDB RDS for SQL Server. If you use a host account, take note of the following items:
Do not manage the
rdscore
database on an RDS instance that runs RDS High-availability Edition or RDS Cluster Edition.Do not manage system accounts. For more information, see System accounts.
Do not perform physical backups on your on-premises device. If you perform physical backups on your on-premises device, the point-in-time recovery (PITR) of your RDS instance is affected. We recommend that you use the backup feature provided by ApsaraDB RDS. For more information, see Back up an ApsaraDB RDS for SQL Server instance.
Do not move the RDS instance that runs RDS High-availability Edition or RDS Cluster Edition or manage high-availability objects, such as the
DROP AVAILABILITY GROUP
operation.Do not store data in drive C (system disk).
Do not modify the existing server-level triggers in the RDS instance, including
[_$$_tr_$$_rds_alter_database]
,[_$$_tr_$$_rds_alter_login]
,[_$$_tr_$$_rds_create_database]
,[_$$_tr_$$_rds_create_login]
,[_$$_tr_$$_rds_drop_database]
,[_$$_tr_$$_rds_drop_login]
, and[_$$_tr_$$_rds_server_role]
.Do not modify the core configurations of the RDS instance, such as the startup account and port.
Do not change the password of the Windows administrator.
Procedure
Step 1: Create a host account
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Accounts.
On the Host Account tab, click Create Account and configure the following parameters.
Parameter
Description
Host Account Name
The username of the account. It must be 2 to 64 characters in length and can contain lowercase letters, digits, and underscores (_). The username must start with a lowercase letter and end with a lowercase letter or a digit.
Account Type
Standard Account: Create a host account that has the permissions of a standard account.
System Admin Account: Create a host account that has the permissions of a system admin account. You can create only one host account that has the permissions of a system admin account for each RDS instance. For more information about system admin accounts, see Create a system admin account.
New Password
The password of the account. The password must meet the following requirements:
It must be 8 to 32 characters in length.
It can contain at least three types of the following characters: uppercase letters, lowercase letters, digits, and special characters.
Special characters include
! @ # $ % ^ & * ( ) _ + - =
Confirm Password
The password of the account.
Description
The description of the account. The description can be up to 256 characters in length.
Read and select I have read and agree to the changes to the RDS Service Level Agreement caused by the creation of a host account.
Click OK.
Optional. Reset the password of the host account or delete the host account.
You can click Reset Password or Delete in the Actions column to reset the password of the host account or delete the host account.
Step 2: Use the host account to log on to the host on which the RDS instance runs
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left-side navigation pane, click Accounts.
On the Host Account tab, find the required account and click Remote Connection (Primary) in the Actions column.
In the Remote Connection dialog box, enter the password of the host account.
Click OK.
The system generates a webshell URL and automatically connects to the host on which the RDS instance runs by using the URL. The system displays a webshell page in a pop-up window. The page may be blocked by the browser. If the page is blocked, you can configure the browser to allow the appearance of the page. The following figure provides an example.
FAQ
Can I call operations to obtain the hostname of my RDS instance and the webshell URL to connect to the host of my RDS instance?
Yes, you can call the DescribeDBInstanceIpHostname operation to obtain the hostname of your RDS instance, and then the DescribeHostWebShell operation to obtain the webshell URL to connect to the host of your RDS instance. The hostname is specified by the IpHostnameInfos parameter, and the webshell URL is specified by the LoginUrl parameter.
The webshell URL is valid for 2 minutes. You must use the URL at the earliest opportunity. If the URL is invalid, you cannot connect to the host of your RDS instance.
In this case, you can call the required operation to obtain the most recent URL.
Related operations
Operation | Description |
Queries the webshell URL that can be used to connect to the host of the ApsaraDB RDS for SQL Server instance. | |
Queries the hostname of the Elastic Compute Service (ECS) instance to which the ApsaraDB RDS for SQL Server instance is connected. |
References
You can use SQL Server Reporting Services (SSRS) to manage an instance after you log on to the host on which the RDS instance resides. For more information, see Use a webshell to log on to the host on which an ApsaraDB RDS for SQL Server instance resides and use SSRS on the host.