Manage on-premises or third-party databases with DMS and Database Gateway-Database Gateway

Alibaba Cloud Database Gateway lets you connect on-premises or third-party cloud databases to Alibaba Cloud services without exposing their public IP addresses, avoiding the security risks of public connections. Use Database Gateway to register and manage on-premises or third-party cloud databases in Data Management (DMS).

Background information

There are several solutions for connecting on-premises or third-party cloud databases to Alibaba Cloud, but each has limitations:

Using a leased line, VPN gateway, or smart access gateway: This method is costly and unsuitable for individual users.
Exposing the database service port to the public internet: This creates significant security risks from attacks.
Building a custom proxy to forward service requests: This approach often lacks stability and requires significant technical effort.

To address these issues, Data Management (DMS) lets you use Database Gateway to register on-premises or third-party cloud databases. This method establishes a secure, encrypted connection for data transfer without exposing the database's public address. For more information about Database Gateway, see Introduction to Database Gateway.

Procedure

Log on to the Database Gateway console. In the upper-left corner, select the region where the database is located (the default is China (Hangzhou)), and then click Create Gateway.
In the dialog box that appears, enter a name and description for the gateway, and then click Next.
Install the gateway. You can select an installation package based on your operating system. For Windows, click Download Installation Package. For other operating systems, copy the command and run it on the target machine. If the local gateway starts successfully, you are automatically redirected to the Add Database page. You can also click Next.
Note Database Gateway is currently free of charge. The machine hosting the gateway must meet the following requirements:
- It must be able to connect to the target database. For lower network latency, place the gateway and database on the same internal network.
- It must have outbound access to the public internet. A public IP address, inbound public access, and exposed ports are not required.
In Step 2, Install Gateway, of the Create Gateway wizard, select an installation platform for the gateway (Windows (x86_64), Linux/MacOS (x86_64), or Docker). Then, click Copy Command and run the command on the target machine to download and start the gateway. If you need to connect through an Alibaba Cloud VPC internal address, select the Connect through Alibaba Cloud VPC internal address (ECS self-built database/leased line/Cloud Enterprise Network/VPN gateway) checkbox. When finished, click Next.
Add a database. You can click Add Database Address to add a database to the gateway immediately, or you can do this later. For more information about how to add a database, see Add a database.
For Add Method, select Manual Add. In the Database Address field, enter the host and port number (for example, 172.168.200.152:3306), press Enter to create a tag, and then click Finish.
Log on to DMS. In the upper-left corner of the page, click Add Instance.
In the Add Instance dialog box, select On-premises/Third-party cloud database, and then choose a specific database type.
Supported database types include MySQL, SQLServer, PostgreSQL, Oracle, OceanBase-MySQL, MongoDB, Redis, ClickHouse, MariaDB, DM, and DB2.

In the Add Instance dialog box, fill in the instance information as described in the following table.

Tab	Parameter	Description
Basic Information	Data Source	Select the source of the database instance. For this procedure, select On-premises/Third-party cloud database.
	Database Type	Select the type of the database instance.
	Instance region	Select the region where the database gateway is located.
	Gateway ID	Select a database gateway. If you have not created one, click Add Database Gateway to create one.
	Database Address	Enter the internal network address of the target database.
	Port	Enter the service port of the target database.
	Database Account	Enter the username for logging on to the database.
	Database Password	Enter the password that corresponds to the database account.
	Control mode	Select the control mode for the database. For more information, see Control modes.
	Sensitive data protection	If you need to manage and desensitize sensitive data, you can use the sensitive data protection feature to scan, identify, desensitize, and manage sensitive data in your database metadata.
Advanced Information	Environment type	Select the environment type for the database.
	Instance Name	Specify a custom name for the instance.
	Enable cross-database query	Enables the cross-database query feature.
	Enable lock-free schema change	Enables the lock-free schema change feature. For more information, see Implement lock-free schema changes by using lock-free change tickets.
	Enable SSL	If you enable this feature, DMS uses an encrypted connection to access your database. The server must support SSL connections.
	Instance DBA	Select an instance DBA to handle subsequent processes, such as permission requests.
	Query timeout (s)	Specifies the maximum execution time for queries in the SQL window. Queries exceeding this limit are terminated to protect the database.
	Export timeout (s)	Specifies the maximum execution time for exports from the SQL window. Exports exceeding this limit are terminated to protect the database.

In the lower-left corner, click Test Connection and confirm that the test is successful.

Note If the test fails, check the instance information that you entered.
Click Submit. The on-premises or third-party cloud database is now registered in Data Management (DMS). You can now view and manage your database from the instance list in the DMS console.