Help Center/ Data Replication Service/ Preparations/ From Huawei Cloud to Huawei Cloud/ Accessing Huawei Cloud over a Public Network (Different Regions)
Updated on 2022-09-21 GMT+08:00

Accessing Huawei Cloud over a Public Network (Different Regions)

Figure 1 shows how to use DRS to migrate data across databases in different regions over a public network on Huawei Cloud.

Figure 1 Network diagram

If you use DRS to access a cross-region RDS database over a public network, bind an EIP to the RDS source database and configure inbound rules for the network ACL and security group associated with the source database in Region-A to allow inbound traffic from the EIP of the DRS replication instance. In addition, configure the outbound rules for the network ACL and security group associated with the DRS replication instance in Region-B to allow the outbound traffic. Figure 2 shows the process.

Figure 2 Flowchart

Network Configurations

  1. Bind an EIP to the source database.

    For details, see the official documents of Huawei Cloud databases.

    For example, with Huawei Cloud RDS MySQL as the source, see Getting Started with Relational Database Service.

  2. Create a DRS task and obtain the EIP of the DRS instance.

    The IP address displayed on the Configure Source and Destination Databases page is the EIP of the DRS instance.
    Figure 3 EIP of the DRS instance

  3. Configure the network ACL associated with the security group and subnet of the source database.

    Security group: Add an inbound rule to allow traffic from the EIP of the DRS replication instance to the database listening port.

    Network ACL: By default, a VPC does not have a network ACL. If you have a network ACL, add an inbound rule to allow traffic from the EIP and random port of the DRS replication instance to the IP address and listening port of the source database.

  4. Configure the network ACL associated with the security group and subnet of the DRS replication instance.

    By default, a VPC does not have a network ACL, and the default security group rules allow all outbound traffic. The replication instance and destination RDS database in the same security group can communicate with each other by default, so you do not need to configure a network ACL.

    If you have configured a network ACL or security group, log in to the VPC management console and check the settings:

    Security group: Ensure that the outbound traffic from the security group associated with the replication instance to the IP address and listening port of the source database is allowed.

    Network ACL: Ensure that the outbound traffic from the VPC where the replication instance resides and the DRS random port to the IP address and listening port of the source database is allowed.

  5. Test the connection.

    Log in to the DRS console, locate the created DRS task, and click Edit in the Operation column. On the Configure Source and Destination Databases page, enter the IP address, port, username, and password of the source database and then click Test Connection to check whether the connection is successful.