Help Center/ Relational Database Service/ User Guide (Ally Region)/ Working with RDS for SQL Server/ Instance Connection/ Connecting to an RDS for SQL Server Instance Through the SQL Server Management Studio Client/ Connecting to a DB Instance from a Windows ECS Through a Private Network
Updated on 2026-04-24 GMT+08:00
View PDF
Share

Connecting to a DB Instance from a Windows ECS Through a Private Network

When your applications are deployed on an ECS that is in the same region and VPC as your RDS for SQL Server DB instance, you are advised to use a floating IP address to connect to the DB instance through the ECS.

You can connect to an instance through a Secure Sockets Layer (SSL) connection or a non-SSL connection using SQL Server Management Studio. The SSL connection encrypts data and is more secure.

Step 1: Create an ECS

  1. Log in to the management console and check whether there is an ECS available.
    • If there is a Windows ECS, go to 3.
    • If no Windows ECS is available, go to 2.
  2. Create an ECS and select Windows as its OS.

    To download SQL Server Management Studio to the ECS, bind an EIP to the ECS. The ECS must be in the same region, VPC, and security group as the RDS for SQL Server DB instance for mutual communications.

    For details about how to purchase a Windows ECS, see "Purchasing an ECS" in Elastic Cloud Server User Guide.

  3. On the ECS Information page, view the region and VPC of the ECS.

  4. On the Basic Information page of the RDS for SQL Server instance, view its region and VPC.
  5. Check whether the ECS and RDS for SQL Server instance are in the same region and VPC.
    • If yes, go to Step 2: Test Connectivity and Install SQL Server Management Studio.
    • If they are not in the same region, purchase another ECS or DB instance. The ECS and DB instance in different regions cannot communicate with each other. To reduce network latency, deploy your DB instance in the region nearest to your workloads.
    • If they are in different VPCs, change the VPC settings of the ECS. For details, see "Changing a VPC" in Elastic Cloud Server User Guide.

Step 2: Test Connectivity and Install SQL Server Management Studio

  1. Log in to the ECS. For details, see "Logging In to a Windows ECS Using VNC" in Elastic Cloud Server User Guide.
  2. On the Instances page of the RDS console, click the DB instance name to go to the Basic Information page.
  3. In the Connection Information area, obtain the floating IP address and database port of the DB instance.
  4. Open the cmd window on the ECS and check whether the floating IP address and database port of the DB instance can be connected.

    telnet 192.168.2.182 1433

    • If yes, network connectivity is normal.
    • If no, check the security group rules.
      • If in the security group of the ECS, there is no outbound rule with Destination set to 0.0.0.0/0 and Protocol & Port set to All, add an outbound rule for the floating IP address and port of the DB instance.
      • If in the security group of the DB instance, there is no inbound rule with Source set to 0.0.0.0/0 and Protocol & Port set to All, add an inbound rule for the private IP address and port of the ECS. For details, see Configuring Security Group Rules.
  5. Open a browser on the ECS, visit the Microsoft website, and download the installation package, for example, SQL Server Management Studio 18.0.
  6. Double-click the installation package and complete the installation as instructed.

Step 3: Connect to the DB Instance Using SQL Server Management Studio

  1. On the Instances page of the RDS console, click the DB instance name to go to the Basic Information page.
  2. Find the SSL field and click to download the package Certificate Download.zip. Then, extract the root certificate ca.pem and bundle ca-bundle.pem from the package.
    • Replace the old certificate before it expires to improve system security.
    • Replacing a certificate requires you to contact customer service to apply for permissions. After being granted the permissions, find the SSL field and click Replace Certificate. In the displayed dialog box, click OK.
    • After you bind an EIP to the RDS for SQL Server instance, you must reboot the instance for the SSL connection to take effect.
  3. Upload the root certificate ca.pem to the ECS. For details, see Importing a Root Certificate to a Windows Server.
  4. Start SQL Server Management Studio.
  5. Choose Connect > Database Engine. In the displayed dialog box, enter login information.
    Figure 1 Connecting to the server
    Table 1 Parameter description

    Parameter

    Description

    Server name

    Floating IP address and database port obtained in 3.

    Authentication

    Authentication mode. Select SQL Server Authentication.

    Login

    Name of the account used to access the DB instance. The default value is rdsuser.

    Password

    Password of the account.
  6. Click Options. On the Connection Properties page, enter related parameters and select Encrypt connection to enable SSL encryption. (By default, Encrypt connection is not selected. You need to select it manually.)
    Figure 2 Connection properties
  7. Click Connect to connect to the DB instance.