Precautions
You cannot apply for public endpoints for cloud-native cluster instances in direct connection mode.
For security concerns, you still need to enter a password when you use a public endpoint to connect to a Tair instance that has password-free access enabled.
Public endpoints may expose your Tair instances to security risks. Proceed with caution.
Network types of endpoints
Network type | Description |
VPC | A VPC is a private network dedicated to you on Alibaba Cloud. VPCs are logically isolated from each other to provide higher security and performance. For more information about VPCs, see What is a VPC? By default, a Tair instance provides a VPC endpoint. You can connect to the Tair instance over the VPC to achieve higher security and performance.
|
Internet | Security risks exist when you connect to an instance over the Internet. For this reason, Tair does not provide public endpoints by default. If your client encounters the following scenarios, you can apply for a public endpoint to connect to the Tair instance over the Internet: The device on which the client is installed, such as an Elastic Compute Service (ECS) instance, is not deployed in the same VPC as the Tair instance. For more information about ECS instances, see What is ECS? The device on which the client is installed does not reside in the same region as the Tair instance. The client is installed on a device outside of Alibaba Cloud, such as an on-premises device.
Note To accelerate and secure data transmission, we recommend that you migrate your applications to an ECS instance that is deployed in the same region and has the same network type as the Tair instance. The bandwidth and connection limits of the instance are shared by connections to the instance over public and VPC endpoints. For example, assume that the bandwidth of an instance is 96 MB/s. If connections to the instance over VPC endpoints use a bandwidth of 70 Mbit/s, connections to the instance over public endpoints can use up to 26 Mbit/s bandwidth.
|
Billing
You are not charged for applying for public endpoints and the traffic that is generated when you use public endpoints to connect to your instances.
Procedure
Log on to the Tair console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.
In the Connection Information section, click Apply for Endpoint to the right of Public Access.
Note If the instance is a cloud-native cluster instance in direct connection mode, the Apply for Endpoint button is not displayed or is dimmed.
In the panel that appears, enter an endpoint and a port number.
Parameter | Description |
Endpoint | You can modify only the prefix of the endpoint. By default, the prefix is the instance ID. The prefix must be 8 to 40 characters in length and can contain lowercase letters and digits. It must start with a lowercase letter.
|
Port | When you modify the endpoint, you can also modify the port number. Valid values for this parameter: 1024 to 65535. |
Click OK.
After the application is submitted, the public endpoint is displayed in the Connection Information section.
FAQ
Are you charged for applying for a public endpoint?
You are not charged for applying for public endpoints and the traffic that is generated when you use public endpoints to connect to your instances.
Why am I unable to find the entry point to apply for a public endpoint for an instance?
No option is available to apply for a public endpoint due to two reasons:
If the VPC endpoint is not displayed in the Connection Information section, no whitelist is configured for the Tair instance. Configure a whitelist first. For more information, see Configure whitelists.
Public endpoints are not supported for Tair cloud-native cluster instances that run in direct connection mode. You can connect to these instances over a VPC.
If the ECS instance where your application resides is not in the same VPC as the Tair instance, or if your application is not hosted on Alibaba Cloud, you can configure the cloud-native cluster instance to run in proxy mode. A cloud-native cluster instance cannot be directly switched from the direct connection mode to the proxy mode. You can use the instance restoration feature to migrate and reconfigure the setup. This involves restoring backup data from the source instance to a new instance and selecting Proxy as the connection mode. For more information, see Restore data from a backup set to a new instance.
Warning After the new cloud-native cluster instance is created with a new connection mode, modify the connection code accordingly. Otherwise, the instance cannot be connected. Proceed with caution.
Can I enable password-free access when I connect to an instance over the Internet?
You can enable password-free access for an instance only when you connect to the instance over a VPC. When you connect to the instance over the Internet, you still need to enter a password for authentication.
What do I do if the "Current engine version does not support operations" error occurs?
The current minor engine version is outdated. Update the minor engine version and try again. For more information, see Update the minor version of an instance.