quick start › ... · 2019-07-18 · 2.3 buying an rds postgresql db instance ... instance is...

Relational Database Service

Quick Start

Issue 6

Date 2018-08-03

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees orrepresentations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://e.huawei.com

Issue 6 (2018-08-03) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://e.huawei.com

Contents

1 Quick Start for MySQL................................................................................................................ 11.1 Restrictions..................................................................................................................................................................... 11.2 Process............................................................................................................................................................................ 21.3 Buying an RDS MySQL DB Instance............................................................................................................................31.4 Performing the Initial Configuration............................................................................................................................ 101.4.1 Creating a Security Group......................................................................................................................................... 101.4.2 Enabling and Disabling Public Accessibility.............................................................................................................111.5 Connecting to a DB Instance........................................................................................................................................ 131.6 Creating Read Replicas................................................................................................................................................ 161.6.1 Introduction to Read Replicas................................................................................................................................... 161.6.2 Creating a Read Replica............................................................................................................................................ 171.6.3 Managing Read Replicas........................................................................................................................................... 201.7 Creating a Cross-Region DR Instance..........................................................................................................................21

2 Quick Start for PostgreSQL....................................................................................................... 272.1 Restrictions................................................................................................................................................................... 272.2 Process.......................................................................................................................................................................... 282.3 Buying an RDS PostgreSQL DB Instance................................................................................................................... 292.4 Performing the Initial Configuration............................................................................................................................ 362.4.1 Creating a Security Group......................................................................................................................................... 372.4.2 Binding an EIP to a DB Instance...............................................................................................................................372.5 Connecting to a DB Instance........................................................................................................................................ 392.6 Creating Read Replicas................................................................................................................................................ 412.6.1 Introduction to Read Replicas................................................................................................................................... 412.6.2 Creating a Read Replica............................................................................................................................................ 422.6.3 Managing Read Replicas........................................................................................................................................... 45

3 Quick Start for SQL Server........................................................................................................463.1 Restrictions................................................................................................................................................................... 463.2 Process.......................................................................................................................................................................... 473.3 Buying an RDS Microsoft SQL Server DB Instance................................................................................................... 483.4 Performing the Initial Configuration............................................................................................................................ 573.4.1 Creating a Security Group......................................................................................................................................... 573.4.2 Binding an EIP to a DB Instance...............................................................................................................................58

Relational Database ServiceQuick Start Contents


ii

3.5 Connecting to a DB Instance........................................................................................................................................ 603.6 Function Differences Between Microsoft SQL Server Versions..................................................................................64

A Change History .......................................................................................................................... 69

Relational Database ServiceQuick Start Contents


iii

1 Quick Start for MySQL

1.1 RestrictionsTable 1-1 shows the restrictions designed to ensure the stability and security of RDS forMySQL.

Table 1-1 Function restrictions

Function Item Restrictions

Access RDS l If the public accessibility function is not enabled, RDS DBinstances must be in the same VPC subnet as the ECS.

l RDS read replicas must be created in the same subnet as theprimary DB instance.

l The ECS must be allowed by the security group to access RDSDB instances.By default, RDS cannot be accessed through an ECS in adifferent security group. You need to add an inbound rule tothe RDS security group.

l The default RDS port number is 3306. You can change it ifyou want to access RDS through another port.

Deployment ECSs in which DB instances are deployed are not visible to you.You can access the DB instances only through an IP address and aport number.

Database rootpermissions

Only the root user permissions are provided on the instancecreation page.

Modify databaseparameters

Most parameters can be modified. For details, see WhichParameters Can I Modify on the RDS Console (MySQL)?

Relational Database ServiceQuick Start 1 Quick Start for MySQL


1

https://support.huaweicloud.com/en-us/rds_faq/rds_faq_0028.html



Import data l Command-line interface (CLI) or graphical user interface(GUI)

l DRSl MySQL CLI toolFor details, see Migrating MySQL Data Using DRS andMigrating MySQL Data Using mysqldump.

MySQL storageengine

Currently, RDS supports multiple storage engines includingInnoDB and MyISAM. FEDERATED is not supported.

Set up databasereplication

RDS for MySQL provides a dual-node cluster with primary/standby replication architecture. You do not need to set upreplication. The standby DB instance is not visible and thereforeyou cannot access it directly.

Reboot an RDS DBinstance

DB instances cannot be rebooted through commands. They mustbe rebooted on the RDS console.

View RDS backups RDS backup files are stored in OBS buckets and are not visible toyou.

1.2 Process

PurposeThis section describes how to buy RDS DB instances, initialize configurations, and connect toinstance databases, helping you quickly understand the process of using RDS.

Intended Audiencel Users who buying an RDS DB instance for the first timel Users who need to initialize configurations after creating a DB instancel Users who need to connect to an RDS DB instance

FlowchartIf you are using HUAWEI CLOUD RDS for the first time, see the restrictions described insection Restrictions.

Before using RDS DB instances, you need to perform the following operations.



2

https://support.huaweicloud.com/en-us/usermanual-rds/rds_migration_mysqlbydrs.html

https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_migration_mysql.html

Figure 1-1 Process

NOTE

If the ECS is in the same VPC subnet as the RDS DB instance, you do not need to assign an EIP.

1.3 Buying an RDS MySQL DB Instance

Scenarios

This section describes how to create a DB instance on the RDS console.

Currently, RDS for MySQL supports the yearly/monthly and pay-per-use billing modes. TheDB instance class and storage space you need depends on your processing power and memoryrequirements.

Prerequisitesl You have registered a HUAWEI CLOUD account.l Your account balance is greater than or equal to ¥0.

Procedure

Step 1 Log in to the management console.

Step 2 Click in the upper left corner and select a region and a project.

You can select a Dedicated Computing Cluster (DCC) to create a DB instance.

NOTE

DCC is additionally charged for RDS MySQL DB instances.

Step 3 Under Database, click Relational Database Service to go to the RDS console.



3

Step 4 On the Instance Management page, click Buy DB Instance.

Step 5 On the displayed page, select a billing mode (only DCC supports the pay-per-use mode),configure parameters about DB instance specifications. Then, click Next.

Figure 1-2 DB instance specifications

RDS provides the following billing modes:

Yearly/Monthly

If you select this billing mode, skip Step 6 and go to Step 7.

Pay-per-use

If you select this billing mode, go to Step 6.



4

Table 1-2 Basic information

Parameter Description

Region Region in which the tenant is located. Can be changed in the upper leftcorner of the page.NOTICE

Products in different regions cannot communicate with each other through a privatenetwork and you cannot change the region of a DB instance after creating theinstance. Therefore, exercise caution when selecting a region.

DB InstanceName

Must start with a letter and consist of 4 to 64 characters. Case-sensitive.Can contain only letters, digits, hyphens (-), and underscores (_).

DB Engine Set to MySQL.

DB EngineVersion

For details, see DB Engines and Versions.Different DB engine versions are supported in different regions.You are advised to select MySQL 5.7. Compared with MySQL 5.6,MySQL 5.7 is more mature, stable, reliable, and secure, and itsperformance is three times higher.

DB InstanceType

l Primary/Standby: You will have both a primary DB instance and asynchronous standby DB instance. The standby DB instance improvesinstance reliability and is invisible to you after being created.An AZ is a region in which resources use independent power suppliesand networks. AZs are physically isolated but interconnected throughan internal network.Some regions support both a single AZ and multiple AZs and someonly support a single AZ. For details about regions and AZs, seeSelecting a Region.NOTE

Products in different regions cannot communicate with each other through aprivate network and you cannot change the region of a DB instance after creatingthe instance. Therefore, exercise caution when selecting a region.

RDS supports deploying primary and standby DB instances in an AZor across AZs. You can determine whether the secondary AZ is thesame as the primary AZ.– If they are the same, the primary and standby DB instances are

deployed in the same AZ.– If they are different (by default), the primary and standby DB

instances are deployed in different AZs to ensure failover supportand high availability.

l Single: Only one DB instance is created.

Time Zone Can be selected during instance creation and can be changed after theinstance is created.



5

https://support.huaweicloud.com/en-us/productdesc-rds/en-us_topic_0043898356.html

https://support.huaweicloud.com/en-us/bestpractice-rds/en-us_topic_0079291564.html


DiskEncryption

l Disable: indicates the encryption function is disabled.l Enable: indicates the encryption function is enabled, improving data

security but affecting system performance.Key Name: specifies the tenant key. You can create or select a key.NOTE

– Once the disk encryption function is enabled, you cannot disable it or changethe key after a DB instance is created. Backup data will not be encrypted inOBS.

– After an RDS DB instance is created, do not disable or delete the key that isbeing used. Otherwise, RDS will be unavailable and data cannot be restored.

– Only professional edition keys can be used to encrypt DB instances. Fordetails about how to create a key, see the "Creating a CMK" section in theData Encryption Workshop User Guide.

Table 1-3 Instance specifications


Instance Class Refers to the CPU and memory of a DB instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DB instance is created, you can change its CPU and memory.For details, see Changing the CPU or Memory of a DB Instance.NOTE

When DB instances are created on a DCC, only the general-purpose instance classis supported.

MaximumNumber ofConnections

Refers to the maximum number of database connections allowed by theselected DB instance specifications. It cannot be modified.

Resource Type Can be set to EVS or DSS.NOTE

This option is displayed only when you buy the Dedicated Distributed StorageService (DSS) service.

Storage Type Determines the DB instance read/write speed. The higher the maximumthroughput is, the higher the DB instance read/write speed can be.l Common I/O: supports a maximum throughput of 90 MB/s.l High I/O: supports a maximum throughput of 150 MB/s.l Ultra-high I/O: supports a maximum throughput of 350 MB/s.

NOTEIf you select DSS for Resource Type, only the storage type that you haveselected when buying the DSS service is displayed by default.

Storage Pool This option is displayed only when you select DSS for Resource Type.The storage pool is physically isolated from other pools and is secure.



6


https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_scale_rds.html


Storage Space Contains the system overhead required for inode, reserved block, anddatabase operation. Storage space can range in size from 40 GB to 4,000GB and can be increased only by increments of 10 GB.After a DB instance is created, you can scale up its storage space. Fordetails, see Scaling Up Storage Space.

Table 1-4 Database security service


DBSS Prevents database attacks, ensuring database security on the cloud.l After you subscribe to Database Security Service (DBSS), you

cannot buy DB instances in patches.l Only DB instances of specific specifications support DBSS.l The DBSS administrator is admin, and the password is the same as

that of the RDS root user.l After you subscribe to the Database Security Service (DBSS), you

cannot buy DB instances in patches.l After you subscribe to DBSS, log in to the DBSS console, associate

an EIP with the DBSS instance and configure security protection.

Table 1-5 Network


VPC A dedicated virtual network in which your RDS DB instances arelocated. Isolates networks for different services. You can select anexisting VPC or create a VPC. For details on how to create a VPC, seethe "Creating a VPC" section in the Virtual Private Cloud User Guide.If no VPC is available, RDS allocates a VPC to you by default.

Subnet Improves network security by providing dedicated network resourcesthat are logically isolated from other networks. Subnets take effect onlywithin an AZ. The Dynamic Host Configuration Protocol (DHCP)function must be enabled by default for subnets in which you plan tocreate RDS DB instances and cannot be disabled.You can use a self-configured or a system-allocated private IP addresswhen creating a DB instance. After the instance is created, you canchange its private IP address.

Security Group Enhances security by controlling access to RDS from other services.When you select a security group, you must ensure that it allows theclient to access DB instances.If no security group is available or has been created, RDS allocates asecurity group to you by default.



7

https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_scale_cluster.html

Table 1-6 Database configuration


Administrator The default login name for the database is root.

AdministratorPassword

Must consist of 8 to 32 characters and must be a combination of uppercaseletters, lowercase letters, digits, and at least one of the following specialcharacters: ~!@#%^*-_=+? Enter a strong password and periodicallychange it to improve security, preventing security risks such as brute forcecracking.Keep this password secure. The system cannot retrieve it.After a DB instance is created, you can reset this password. For details,see Resetting the Administrator Password.

ConfirmPassword

Must be the same as Administrator Password.

AdvancedSettings

ProjectMan is a stable and easy-to-use service that manages projects,common iteration, and project personnel. With ProjectMan, you canmanage your DB instances by project.l Skip: This option is selected by default.l Configure: Select the target project for Enterprise Project. The

system provides a default enterprise project. You can also go to theProjectMan console to create a project. For details about how to createa project, see the ProjectMan User Guide.

ParameterGroup

Acts as a container for engine configuration values that are applied to oneor more DB instances. If you create primary/standby DB instances, theyuse the same parameter group. After a DB instance is created, you canmodify parameters in the parameter group associated with the DBinstance.For details, see Modifying Parameters in a Parameter Group.

Table 1-7 Yearly/Monthly DB instances


RequiredDuration

The system will automatically calculate the configuration fee based on theselected required duration. The longer the required duration is, the largerdiscount you will enjoy.

Auto-renew l By default, this option is not selected.l If you select this option, the auto-renew cycle is determined by the

selected required duration.

Quantity RDS supports DB instance creation in batches. If you choose to createprimary/standby DB instances and set Quantity to 1, a primary DBinstance and a standby DB instance will be created synchronously.

If you have any question about the price, click Price Details.



8

https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_reset_password.html

https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_0029128172.html

NOTE

The performance of your DB instance depends on its configurations. Hardware configuration itemsinclude the instance specifications, storage type, and storage space.

Step 6 Confirm your specifications for the pay-per-use DB instances.

Figure 1-3 Specifications confirmation

l If you need to modify your settings, click Previous.

l Otherwise, click Submit.

Then, go to Step 9.

Step 7 Confirm your order for the yearly/monthly DB instances.

Figure 1-4 Order confirmation



9

l If you need to modify your settings, click Previous.l Otherwise, click Pay Now.l If you are not sure about the settings, you can click Submit & Pay Later. The system

will reserve your order. You can choose Fees > My Orders in the upper right corner andpay or cancel the order.

Yearly/Monthly DB instances are created only after you complete the payment.

Step 8 Select a payment method and complete the payment.

NOTE

This operation applies only to the yearly/monthly billing mode.

Step 9 To view and manage the DB instance, go to the Instance Management page.


l Creating a DB instance takes about 5 to 9 minutes. During this process, its status isCreating. You can view the detailed progress and result on the Task Center page. Fordetails, see Task Center.

l To refresh the DB instance list, click in the upper right corner of the list. When thecreation process is complete, the instance status will change to Available.

l The automated backup policy is enabled by default. After the DB instance is created, youcan modify the automated backup policy. An automated full backup is immediatelytriggered after a DB instance is created.

l The default database port number is 3306. After a DB instance is created, you canchange its port number.For details, see Changing the Database Port.

----End

1.4 Performing the Initial Configuration

1.4.1 Creating a Security GroupThis section applies only to access to DB instances through private IP addresses. If you wantto access DB instances from resources on the public network, you do not need to create asecurity group but need to configure a whitelist.

A security group is a collection of access control rules for ECSs and RDS DB instances thathave the same security protection requirements and are mutually trusted in a VPC. Thissection describes how to create a security group to enable specific IP addresses and ports toaccess RDS.

Background InformationYou can access RDS DB instances from a public or private network.

PrecautionsThe default security group rule allows all outgoing data packets. ECSs and RDS DB instancescan access each other if they are deployed in the same security group. After a security group



10

https://support.huaweicloud.com/en-us/usermanual-rds/rds_05_0007.html

https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_change_database_port.html

is created, you can configure security group rules to control access from and to the DBinstances in the security group.

By default, you can create a maximum of 500 security group rules. To prevent high networklatency for the first packet, you are advised to create a maximum of 50 rules for each securitygroup. To access RDS DB instances in your security group from a public network, you needto add an inbound rule. For example, if you want to use a client to access a DB instance froma public network or from an ECS in a different security group, you can add an inbound rule inwhich Protocol is set to TCP and Port/Range is set to the default value 3306.

NOTE

If you use 0.0.0.0/0, you enable all IP addresses to access RDS DB instances in the security group.

ProcedureFor details about how to add a security group rule, see the Adding a Security Group Rulesection in the Virtual Private Cloud User Guide.

1.4.2 Enabling and Disabling Public AccessibilityIf your applications are running on an ECS that is in the same region as your RDS DBinstances, you do not need to enable public accessibility.

If your applications are running on an ECS that is not in the same region as RDS or on aplatform other than the public cloud, you need to enable the public accessibility function.

NOTE

l ECSs and RDS can communicate with each other only if they are in the same region, even if they arein different AZs.

l Both primary DB instances and read replicas support enabling or disabling public accessibility. Bydefault, a newly created DB instance is not publicly accessible.

l If your applications are running on an ECS that is not in the same region as RDS or on a platformother than the public cloud, you can access RDS DB instances through a virtual private network(VPN).

Background InformationYou can use a private IP address or an EIP to access DB instances.

l Use a private IP address alone when your applications are deployed on an ECS that is inthe same region as RDS.RDS provides a private IP address by default.

l Use an EIP alone when:– Your applications are deployed on an ECS that is not in the same region as RDS.– Your applications are deployed on a platform other than the public cloud.

Precautionsl After you enable public accessibility, configure a whitelist following the instructions

described in Configuring a Whitelist.l Public accessibility reduces the security of DB instances. Therefore, exercise caution

when enabling this function. To achieve a higher transmission rate and security level,you are advised to migrate your applications to the ECS that is in the same region asRDS.



11

https://support.huaweicloud.com/en-us/usermanual-vpc/en-us_topic_0030969470.html


Enabling Public Accessibility

Step 1 On the Instance Management page, click the target DB instance name.

Step 2 In the Instance Information area on the Basic Information page, click in thePublicly Accessible field.

After you enable public accessibility, the system will automatically create an EIP (with thedefault bandwidth of 1 Mbit/s).

You can access DB instances through specific IP addresses only after adding them to thewhitelist. For details, see Configuring a Whitelist.

Step 3 On the Basic Information page, you can view the EIP that has been bound to the DB instanceand the whitelist.

To unbind the EIP from the DB instance, see Disabling Public Accessibility.

----End

Disabling Public Accessibility

Step 1 On the Instance Management page, click the DB instance that has been bound with an EIP.

Step 2 In the Instance Information area on the Basic Information page, click in thePublicly Accessible field.

Figure 1-5 Disabling public accessibility

Step 3 Click OK.

To bind an EIP to the DB instance again, see Enabling Public Accessibility.

----End



12


1.5 Connecting to a DB Instance

ScenariosYou can use a MySQL client to connect to a DB instance through a common connection or anSSL connection. The SSL connection is encrypted and thus more secure.

This document uses MySQL-Front as an example to describe how to connect to an RDS DBinstance through a common connection. When using a client to connect to a DB instance, youneed to select a private IP address or EIP.

l If you have deployed MySQL-Front on an ECS that is in the same region as the DBinstance to be connected, use the RDS private IP address.

l Otherwise, use the EIP.

Preparations1. Prepare an ECS or a device that can access RDS DB instances.

– To connect to a DB instance through an ECS, you must first create an ECS.For details on how to create and connect to an ECS, see How Can I Create andConnect to an ECS?

– To connect to a DB instance through an EIP, you must:

i. Bind the EIP to the DB instance. For details, see Enabling PublicAccessibility.

ii. Ensure that the local device can access the EIP that has been bound to the DBinstance.

2. Install the MySQL client MySQL-Front on the ECS or device that was prepared in 1.

Common Connection

Step 1 If you want to access DB instances from resources on the public network, you need toconfigure a whitelist and do not need to create a security group.

Step 2 Start MySQL-Front.

Step 3 In the displayed dialog box, click New.

Step 4 Enter the information of the target DB instance, as shown in Figure 1-6.



13



http://www.mysqlfront.de/

Figure 1-6 Adding an account

l Description Name: indicates the name of this database connection task. If you do not setthis parameter, it will be the same as Host by default.

l Host: indicates the connection address, which depends on how you intend to access theDB instance. If you intend to access the DB instance from the private network, enter theprivate IP address of the DB instance. If you intend to access the DB instance from thepublic network, enter the EIP of the DB instance. To view the private IP address or EIPand port of the DB instance, perform the following steps:

a. Log in to the RDS console.b. Select the region in which the DB instance is located.c. Click the DB instance name to enter the Basic Information page.d. In the Instance Information area, you can view the private IP address or EIP, as

shown in Figure 1-7.



14

Figure 1-7 Viewing the connection information

l Port: indicates the database port in Figure 1-7.

l User: indicates user root by default.

l Password: indicates the password of the RDS database username.

Step 5 Click Ok.

Step 6 In the displayed window, select the connection that you have created in Step 4 and clickOpen. If the connection information is correct, the DB instance is successfully connected.

Figure 1-8 Opening a session

----End

SSL Connection

Step 1 On the Instance Management page, click the target DB instance name. On the displayedBasic Information page, click Download certificate in the SSL field to download the rootcertificate or certificate bundle.



15

NOTE

l Since April 2017, RDS has offered a new root certificate that has a 20-year validation period. Thenew certificate takes effect after DB instances are rebooted. Replace the old certificate before itexpires to improve system security.For details, see How Can I Identify the Validity Period of the SSL Root Certificate?

l You can also download the certificate bundle, which contains both the new certificate provided inApril and the old certificate.

Step 2 Upload the root certificate to the ECS or save it to the device to be connected to the DBinstance.

Step 3 Run the following command to connect to an RDS DB instance. The Linux OS is used as anexample.

mysql -h <hostName> -P 3306 -u <userName> -p --ssl-ca=<caName>

l The parameter -h indicates different values depending on how you intend to access theDB instance. If you intend to access the DB instance through an ECS, -h indicates the IPaddress of the primary DB instance. To obtain this IP address, go to the InstanceManagement page and click the target DB instance name. The IP address can be foundin the Private IP Address field on the Basic Information page. If you intend to accessthe DB instance through an EIP, -h indicates the EIP displayed in the EIP field on theBasic Information page.

l The parameter -P indicates the database port in use. The default value is 3306. To obtainthis port number, go to the Instance Management page and click the target DB instancename. The port number can be found in the Database Port field on the BasicInformation page.

l The parameter -u indicates the username of the RDS database account. The defaultadministrator is root.

l The parameter -p indicates the password of the database account.l The parameter --ssl-ca indicates the name of the SSL certificate file, which should be

stored in the same directory where the command is executed.

For example, to connect to a DB instance through an SSL connection as user root, run thefollowing command:

mysql -h 172.16.0.31 -P 3306 -u root -p --ssl-ca=ca.pem

Enter the password of the database account if the following information is displayed:

Enter password:

----End

1.6 Creating Read Replicas

1.6.1 Introduction to Read Replicas

IntroductionCurrently, RDS for MySQL 5.6 and 5.7 support read replicas.

If few write requests but many read requests must be sent to the database, a single DBinstance may be unable to handle the read pressure. In this case, operations may be affected.



16


To expand the DB instance read ability to offload read pressure on the database, you cancreate one or more read replicas in a region. These read replicas can process a large number ofread requests and increase application throughput.

A read replica uses the architecture of a single physical node (without a slave node). Changesin the primary DB instance are also automatically synchronized to all associated read replicasthrough the native replication function of MySQL. The synchronization is not affected bynetwork latency. Read replicas and the primary DB instance must be in the same region butcan be in different AZs.

Billing Standards

Read replicas are additionally billed in the yearly/monthly and pay-per-use billing modes. Fordetails, see read replica pricing in RDS Product Pricing Details.

Functionsl Specifications of read replicas can be different from those of the primary DB instance,

and can be changed at any time to facilitate flexible scaling.

l Read replicas support the pay-per-use and yearly/monthly billing modes.

l You do not need to maintain accounts or databases. Both of them are synchronized fromthe primary DB instance.

l Read replicas support system performance monitoring. For details, see Monitoring DBInstancesRDS provides up to 20 monitoring metrics, including storage space, IOPS, number ofdatabase connections, CPU usage, and network traffic. You can view these metrics todetermine the load of DB instances.

l You can enable or disable public accessibility for read replicas. For details, see sectionEnabling and Disabling Public Accessibility.

Restrictionsl A maximum of five read replicas can be created for a primary DB instance.

l Read replicas do not support backup settings or temporary backups.

l Read replicas do not support the creation of temporary DB instances from backup files orpoint-in-time recovery, and do not support overwriting of DB instances from backupfiles.

l Data cannot be migrated to read replicas.

l Read replicas do not support database creation and deletion.

l Read replicas do not support account authorization.

1.6.2 Creating a Read Replica

Scenarios

Read replicas are used to enhance the read capabilities of primary DB instances and reducethe load on primary DB instances.

After a DB instance has been created, you can create read replicas for it.



17

https://portal.huaweicloud.com/en-us/pricing#rds



NOTE

You can add read replicas only when your account balance is more than ¥0.

A maximum of five read replicas can be created for a primary DB instance.

Procedure

Step 1 On the Instance Management page, locate the target DB instance and click Create ReadReplica or choose More > Create Read Replica in the Operation column.

Step 2 On the displayed page, select a billing mode, configure specifications about the read replicaand click Next.



Region By default, read replicas are in the same region as the primary DBinstance.

DB InstanceName


DB Engine Same as the DB engine version of the primary DB instance by default andcannot be changed.

DB EngineVersion

Same as the DB engine version of the primary DB instance by default andcannot be changed.

AZ RDS allows you to deploy both a primary DB instance and a read replicain a single AZ or across AZs.l If they are the same, the read replica and primary DB instance are

deployed in the same AZ.l If they are different, the read replica and primary DB instance are

deployed in different AZs to ensure data reliability.

DiskEncryption








18



Instance Class Refers to the CPU and memory of a DB instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DB instance is created, you can change its CPU and memory.For details, see Changing the CPU or Memory of a DB Instance.l DB instances in a DCC only support the general-purpose instance

class.



Storage Space Contains the system overhead required for inode, reserved block, anddatabase operation.l Storage space can range in size from 40 GB to 4,000 GB and can be

increased only by increments of 10 GB.l The storage space of the read replica must be greater than or equal to

that of the primary instance.



RequiredDuration

The system will automatically calculate the configuration fee based onthe selected required duration. The longer the required duration is, thelarger discount you will enjoy.



Step 3 Confirm specifications.



19




l If you need to modify your settings, click Previous.l Otherwise, click Submit.

Step 4 After a read replica has been created, you can view and manage it on the InstanceManagement page by clicking on the left of the DB instance to which it belongs. You canview the detailed progress and result on the Task Center page. For details see Viewing TaskExecution Progresses and Results.

----End

1.6.3 Managing Read Replicas

Entering the Management Interface Through the Read Replica

Step 1 Log in to the RDS console.

Step 2 Select the region in which the target read replica is located.

Step 3 In the DB instance list, click to expand the DB instance details and click the target readreplica name to go to the Basic Information page.

----End

Entering the Management Interface Through the Primary DB Instance


Step 2 Select the region in which the target primary DB instance is located.

Step 3 Click the name of the primary DB instance with which the target read replica is associated togo to the Basic Information page.

Step 4 On the displayed page, click the read replica name in the Read replica field to go to the BasicInformation page of the read replica.

----End



20



1.7 Creating a Cross-Region DR Instance

ScenariosRDS works with the Data Replication Service (DRS) service to implement real-timesynchronization between the primary DB instance and cross-region disaster recovery (DR)instance. For primary/standby DB instances, if a natural disaster occurs in the region hostingthe primary DB instance and both the primary and standby DB instance are unavailable, theDR instance is promoted to the primary DB instance. Then, change the connection address onthe applications to the DR instance connection address for service recovery.

You can obtain the DR instance migration information and progress of the DRS console. Fordetails, see the Data Replication Service User Guide.

Billing DescriptionBy default, the specifications of the RDS DR instance are the same as those of the primaryDB instance. RDS works with DRS to implement real-time synchronization between theprimary instance and DR instance through data transmission. When you create a DR instance,both RDS and DRS are billed. For details, see the detailed price information in RDS ProductPricing Details. DRS is in the Open Beta Test and is free of charge.

Prerequisitesl To create a DR instance, you must enable public accessibility for the primary DB

instance and configure a whitelist. (The system will automatically add the EIPs of theDR instance and replication instance to the whitelist of the primary DB instance.)

l Before you synchronize data between the primary DB instance and DR instance, ensurethat public accessibility is enabled.

RestrictionsDR instances have the following restrictions:

1. DR instances do not support automated backup policy settings, backup and restoration,and database management.

2. DR instances do not support changing database port numbers and passwords.

Creating a DR Instance




Step 4 On the Instance Management page, locate the target DB instance (for which the DR instanceis created) and click Create DR Instance or choose More > Create DR Instance in theOperation column.

Step 5 On the displayed page, configure parameters in the DR Instance and Instance Specificationsareas and click Next.



21

https://support.huaweicloud.com/en-us/usermanual-drs/drs_03_0001.html





Region Select a region different from that hosting the DB instance for which theDR instance is created.NOTICE

Products in different regions cannot communicate with each other through theprivate network and you cannot change the region of a DR instance after creating theinstance. Therefore, exercise caution when selecting a region.

AZ A physical region in which resources use independent power supplies andnetworks. AZs are physically isolated but interconnected through aninternal network.Some regions support both a single AZ and multiple AZs and some onlysupport a single AZ. For details about regions and AZs, see Selecting aRegion.

DR InstanceName

Must start with a letter and consist of 4 to 64 characters. It can containonly letters, digits, hyphens (-), and underscores (_).

DB EngineVersion

Set to MySQL.

DB InstanceType

Set to Single.NOTE

Only one DR instance can be created for one DB instance. If you want to create aDR instance in another region, delete the existing one.

Time Zone Can be selected during DR instance creation and can be changed after theDR instance is created.

DiskEncryption



– Once the disk encryption function is enabled, you cannot disable it or changethe key after a DR instance is created. The backup data stored on OBS is notencrypted.

– After a DR instance is created, do not disable or delete the key that is beingused. Otherwise, RDS will be unavailable and data cannot be restored.

– For details about how to create a key, see the "Creating a CMK" section inthe Data Encryption Workshop User Guide.



22





Instance Class Refers to the CPU and memory of a DR instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DR instance is created, you can change its CPU and memory.For details, see Changing the CPU or Memory of a DB Instance.

Storage Type The better the I/O for Storage Type is, the higher the DR instance read/write speed can be.l Common I/O: a maximum throughput of 90 MB/s.l High I/O: a maximum throughput of 150 MB/s.l Ultra-high I/O: a maximum throughput of 350 MB/s.NOTE

If you select DSS for Resource Type when you create the original DB instance,only the storage type that you have selected when buying the DSS service isdisplayed by default.

Storage Space The storage space you applied for will contain the system overheadrequired for inode, reserved block, and database operation.l Storage space can range in size from 40 GB to 2,000 GB and can be

increased only by increments of 10 GB.l The storage space must be greater than or equal to that of the primary

DB instance.

Step 6 Confirm specifications.l If you need to modify your settings, click Previous.l Otherwise, click Submit.

Step 7 After a DR instance has been created, you can view and manage it in the instance list of theDR instance, or in the DR Instance Information area on the Basic Information page of theoriginal DB instance.

----End

Synchronizing Data Between the DR and DB Instances


Step 2 In the DB instance list, click the target DR instance name.

Step 3 On the displayed Basic Information page, click Synchronize in the DB Instance ID field inthe Original DB Instance Information area.



23



NOTE

l You can also go to the Instance Management page of the original DB instance and click its name.On the displayed Basic Information page, click Synchronize in the DR Instance ID field in theDR Instance Information area.

l During the synchronization, a DRS replication instance will be automatically created with publicaccessibility enabled.

l To ensure network connectivity, you need to add the EIPs of the replication instance and the DRinstance (referred to as the destination database) to the whitelist of the original DB instance (referredto as the source database). For details about configuring a whitelist, see Configuring a Whitelist.

Step 4 On the Configure Source and Destination Databases page, specify source and destinationdatabase information and click Test Connection for both the source and destination databasesto check whether they have been connected to the replication instance. After the connectiontests are successful, select the check box before the agreement and click Next.

Table 1-13 Source database information


IP Address orDomain Name

Specifies the IP address or domain name of the source database.

Port Specifies the service port of the source database. The value is aninteger ranging from 1 to 65535.

DatabaseUsername

Specifies the username of the source database.

Database Password Specifies the password of the source database.

SSL Connection Encrypts connections between source and destination databases. Ifyou enable the SSL connection, you need to upload an SSL CA rootcertificate.

EncryptionCertificate

Specifies the encryption certificate of the source database.

NOTE

l The IP address, domain name, username, and password of the source database are encrypted andstored in the system until the task is deleted.

l Retain the default settings of the IP address, domain name, port number, and encryption certificateof the source database.

Table 1-14 Destination database information


DB Instance Name The default value is the RDS DR instance you have created. It cannotbe changed.

DatabaseUsername

Specifies the username of the destination database.



24



DatabasePassword

Specifies the password of the destination database. Databaseusername and password are encrypted and stored in the system untilthe task is deleted.

Step 5 On the Select Migration Type page, select Full+Incremental for Migration Type andmigration objects. Then, click Next.

Full+Incremental:

This migration type allows you to migrate data with minimal downtime. After a full migrationinitializes the destination database, an incremental migration parses logs to ensure dataconsistency between the source and destination databases.

NOTE

If you perform both full and incremental migrations, data generated during the full migration will besynchronized to the destination database with minimal downtime, ensuring both source and destinationdatabases remain accessible.

Step 6 On the Check Task page, check the migration task.l If any check item fails, check the failure cause and rectify the fault. After the fault is

rectified, click Check Again.For details about how to handle check item failures, see the "Check Items" section in theData Replication Service User Guide.

l If all check items are successful, click Next.

Figure 1-10 Checking a task

Step 7 On the Confirm Task page, specify Start Time, select the check box before the agreement,and click Next.



25

https://support.huaweicloud.com/en-us/usermanual-drs/drs_precheck.html

Figure 1-11 Confirming a task

Step 8 After the task is submitted, you can view and manage it on the Online MigrationManagement page.l You can view and manage the task by referring to the "Online Migration Management"

section in the Data Replication Service User Guide.l You can view the migration progress by referring to the "Viewing Migration Progress"

section in the Data Replication Service User Guide.l You can view the migration status by referring to the "Migration Task Statuses" section

in the Data Replication Service Quick Start.

l You can click in the upper-right corner to view the latest task status.

----End



26



https://support.huaweicloud.com/en-us/qs-drs/drs_01_0021.html

2 Quick Start for PostgreSQL

2.1 RestrictionsTable 2-1 shows the restrictions designed to ensure the stability and security of RDS forPostgreSQL.



Access RDS l If the public accessibility function is not enabled, RDSDB instances must be in the same VPC subnet as theECS.

l RDS read replicas must be created in the same subnetas the primary DB instance.

l The ECS must be allowed by the security group toaccess RDS DB instances.By default, RDS cannot be accessed through an ECS ina different security group. You need to add an inboundrule to the RDS security group.

l The default RDS port number is 5432. You can changeit if you want to access RDS through another port.

Deployment ECSs in which DB instances are deployed are not visible toyou. You can access the DB instances only through an IPaddress and a port number.

Database root permissions Only the root user permissions are provided on theinstance creation page.

Modify database parameters Most parameters can be modified. For details, see WhichParameters Can I Modify on the RDS Console(PostgreSQL)?

Import data You can use the psql command line tool to migrate data.For details, see Migrating PostgreSQL Data Using psql.

Relational Database ServiceQuick Start 2 Quick Start for PostgreSQL


27




https://support.huaweicloud.com/en-us/usermanual-rds/en-us_topic_migration_pg.html


Set up database replication RDS for PostgreSQL provides a dual-node cluster withprimary/standby replication architecture. You do not needto set up replication. The standby DB instance is notvisible and therefore you cannot access it directly.

Reboot an RDS DB instance DB instances cannot be rebooted through commands. Theymust be rebooted on the RDS console.

View RDS backups RDS backup files are stored in OBS buckets and are notvisible to you

2.2 Process

PurposeThis section describes how to create RDS DB instances, initialize configurations, and connectto instance databases, helping you quickly understand the process of using RDS.






28

Figure 2-1 Process

NOTE

l DMS indicates the Distributed Message Service.

l If the ECS is in the same VPC subnet as the RDS DB instance, you do not need to assign an EIP.

2.3 Buying an RDS PostgreSQL DB Instance

Scenarios


Currently, RDS for PostgreSQL supports the yearly/monthly and pay-per-use billing modes.RDS allows you to tailor your computing resources and storage space to your business needs.


Procedure




NOTE

DCC is currently in Open Beta Test for RDS PostgreSQL DB instances and is free of charge.




29





Yearly/Monthly


Pay-per-use




30



Region Region in which the tenant is located. Can be changed in the upperleft corner of the page.

DB Instance Name Must start with a letter and consist of 4 to 64 characters. Case-sensitive. Can contain only letters, digits, hyphens (-), andunderscores (_).

DB Engine Set to PostgreSQL.

DB Engine Version Currently, RDS supports PostgreSQL 9.5 and 9.6. Different DBengine versions are supported in different regions.You are advised to select PostgreSQL 9.6, which is more mature,stable, reliable, and secure than PostgreSQL 9.5.For details, see DB Engines and Versions.

DB Instance Type l Primary/Standby: You will have both a primary DB instanceand a synchronous standby DB instance. The standby DBinstance improves instance reliability and is invisible to you afterbeing created.An AZ is a region in which resources use independent powersupplies and networks. AZs are physically isolated butinterconnected through an internal network.Some regions support both a single AZ and multiple AZs andsome only support a single AZ. For details, see Selecting aRegion.NOTE

Products in different regions cannot communicate with each other througha private network and you cannot change the region of a DB instance aftercreating the instance. Therefore, exercise caution when selecting a region.

RDS supports deploying primary and standby DB instances in anAZ or across AZs. You can determine whether the secondary AZis the same as the primary AZ.– If they are the same, the primary and standby DB instances

are deployed in the same AZ.– If they are different (by default), the primary and standby DB

instances are deployed in different AZs to ensure failoversupport and high availability.




31





Disk Encryption l Disable: indicates the encryption function is disabled.l Enable: indicates the encryption function is enabled, improving

data security but affecting system performance.Key Name: specifies the tenant key. You can create or select akey.NOTE

– Once the disk encryption function is enabled, you cannot disable it orchange the key after a DB instance is created. Backup data will not beencrypted in OBS.

– After an RDS DB instance is created, do not disable or delete the keythat is being used. Otherwise, RDS will be unavailable and datacannot be restored.

– Only professional edition keys can be used to encrypt DB instances.For details about how to create a key, see the "Creating a CMK"section in the Data Encryption Workshop User Guide.



Instance Class Refers to the CPU and memory of a DR instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DB instance is created, you can change its CPU and memory.For details, see Changing the CPU or Memory of a DB Instance.NOTE


MaximumNumber ofConnections

Refers to the maximum number of database connections allowed by theselected DB instance specifications. It cannot be modified.


This option is displayed only when you buy the DSS service.





32













Table 2-5 Network



Subnet Improves network security by providing dedicated network resourcesthat are logically isolated from other networks. Subnets take effect onlywithin an AZ. The Dynamic Host Configuration Protocol (DHCP)function must be enabled by default for subnets in which you plan tocreate RDS DB instances and cannot be disabled.



33



Security Group Controls the access that traffic has in and out of a DB instance. Bydefault, the security group associated with the DB instance isauthorized.Enhances security by controlling access to RDS from other services.When you select a security group, you must ensure that it allows theclient to access DB instances.If no security group is available, RDS allocates a security group to youby default.



Administrator The default login name for the database is root.


Must consist of 8 to 32 characters and must be a combination of uppercaseletters, lowercase letters, digits, and at least one of the following specialcharacters: ~!@#%^*-_=+? Enter a strong password and periodicallychange it to improve security, preventing security risks such as brute forcecracking.Keep this password secure. The system cannot retrieve it.After a DB instance is created, you can reset this password. For details,see Resetting the Administrator Password.

ConfirmPassword


AdvancedSettings


system provides a default enterprise project. You can also go to theProjectMan console to create a project. For details about how to createa project, see the ProjectMan User Guide.

ParameterGroup

Acts as a container for engine configuration values that are applied to oneor more DB instances. If you create primary/standby DB instances, theyuse the same parameter group. After a DB instance is created, you canmodify parameters in the parameter group associated with the DBinstance.For details, see Modifying Parameters in a Parameter Group.



34





RequiredDuration

The system will automatically calculate the configuration fee based on theselected required duration.





NOTE




l If you need to modify your settings, click Previous.

l Otherwise, click Submit.

Skip Step 7 and Step 8 and go to Step 9.




35






NOTE


Step 9 To view and manage the DB instance, go to the Instance Management page.l Creating a DB instance takes about 5 to 9 minutes. During this process, its status is

Creating.


l The automated backup policy is enabled by default. An automated full backup isimmediately triggered after a DB instance is created.


----End




36


2.4.1 Creating a Security GroupA security group is a collection of access control rules for ECSs and RDS DB instances thathave the same security protection requirements and are mutually trusted in a VPC. Thissection describes how to create a security group to enable specific IP addresses and ports toaccess RDS.

Background InformationYou can access RDS DB instances from a public or private network.

PrecautionsThe default security group rule allows all outgoing data packets. ECSs and RDS DB instancescan access each other if they are deployed in the same security group. After a security groupis created, you can configure security group rules to control access from and to the DBinstances in the security group.

By default, you can create a maximum of 500 security group rules. To prevent high networklatency for the first packet, you are advised to create a maximum of 50 rules for each securitygroup.

To access RDS DB instances in your security group from a public network, you need to addan inbound rule. For example, if you want to use a client to access a DB instance from apublic network or from an ECS in a different security group, you can add an inbound rule inwhich Protocol is set to TCP and Port/Range is set to the default value 5432.

NOTE


ProcedureFor details about how to add a security group rule, see the Adding a Security Group Rulesection in the Virtual Private Cloud User Guide.

2.4.2 Binding an EIP to a DB InstanceIf your applications are running on an ECS that is in the same region as your RDS DBinstances, you do not need to enable public accessibility.


NOTE


l Both primary DB instances and read replicas support enabling or disabling public accessibility. Bydefault, a newly created DB instance is not publicly accessible.

Background InformationYou can use a private IP address or an EIP to access DB instances.

l Use a private IP address alone when your applications are deployed on an ECS that is inthe same region as RDS.



37


RDS provides a private IP address by default.l Use an EIP alone when:

– Your applications are deployed on an ECS that is not in the same region as RDS.– Your applications are deployed on a platform other than the public cloud.

Precautionsl Before accessing the database, you need to add specific IP addresses or IP segments to

the inbound rule. For details, see section Creating a Security Group.l Traffic generated by the public network is charged by bandwidth and IP. For details, see

Product Pricing Details.l Public accessibility reduces the security of DB instances. Therefore, exercise caution


Binding an EIP


Step 2 In the Instance Information area on the Basic Information page, click Bind in the EIPfield.

Figure 2-5 Binding an EIP

Step 3 In the displayed dialog box, all unbound EIP addresses are listed. Select the EIP to be boundand click OK. If no available EIP addresses are displayed, click View EIP Details and assignEIP addresses on the VPC console.



38


Figure 2-6 Selecting an EIP

Step 4 On the Basic Information page, you can view the EIP that has been bound to the DBinstance.

To unbind the EIP from the DB instance, see Unbinding an EIP.

----End

Unbinding an EIP


Step 2 On the Basic Information page, click Unbind in the EIP field.

Step 3 Click OK.

To bind an EIP to the DB instance again, see Binding an EIP.

----End

2.5 Connecting to a DB InstanceYou can use a PostgreSQL client to connect to a DB instance through a common connectionor an SSL connection. The SSL connection is encrypted and thus more secure.


– To connect to a DB instance through an ECS, you must first create an ECS.For details on how to create and connect to an ECS, see How Can I Create andConnect to an ECS?




39

http://support.huaweicloud.com/en-us/rds_faq/rds_faq_0057.html


i. Bind the EIP to the DB instance. For details, see Binding an EIP.ii. Ensure that the local device can access the EIP that has been bound to the DB

instance.2. Install the PostgreSQL client on the ECS or device that was prepared in 1.

For details, see How Can I Install the PostgreSQL Client?

Common Connection

Step 1 Log in to the ECS or device that can access RDS.

Step 2 Run the following command to connect to an RDS DB instance:

psql --no-readline -U <user> -h <host> -p <port> -d <datastore> -W

l The parameter -U indicates the username of the RDS database account. The defaultadministrator is root.


l The parameter -p indicates the database port in use. The default value is 5432. To obtainthis port number, go to the Instance Management page and click the target DB instancename. The port number can be found in the Database Port field on the BasicInformation page.

l The parameter -d indicates the name of the database (the default database name ispostgres).

l The parameter -W indicates that a password must be entered for the connection. Afterrunning this command, you will be prompted to enter a password.

Example:

Run the following command as user root to connect to a DB instance:

psql --no-readline -U root -h 192.168.0.44 -p 5432 -d postgres -W

----End

SSL Connection



Step 3 Run the following command to connect to an RDS DB instance. The Linux OS is used as anexample.

psql --no-readline -h <host> -p <port> "dbname=<database> user=<user>sslmode=verify-ca sslrootcert=<ca.pem>"



40



l The parameter -p indicates the database port in use. The default value is 5432. To obtainthis port number, go to the Instance Management page and click the target DB instancename. The port number can be found in the Database Port field on the BasicInformation page.

l The parameter dbname indicates the name of the database (the default database name ispostgres).

l The parameter user indicates the username of the RDS database account. The defaultadministrator is root.

l The parameter sslmode indicates the SSL connection mode. Set it to verify-ca to use aCA to check whether the service is trusted.

l The parameter sslrootcert indicates the directory of the CA certificate for the SSLconnection. The certificate should be stored in the directory where the command isexecuted.

Enter the password of the database account if the following information is displayed:

Password:

For example, to connect to a DB instance through an SSL connection as user root, run thefollowing command:

psql --no-readline -h 192.168.0.44 -p 5432 "dbname=postgres user=root sslmode=verify-ca sslrootcert=/root/ca.pem"

Password:

Step 4 The SSL connection is established if information similar to the following is displayed afteryou log in to the database:SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)

----End

2.6 Creating Read Replicas

2.6.1 Introduction to Read Replicas

IntroductionCurrently, RDS for PostgreSQL 9.5 and 9.6 support read replicas.

If few write requests but many read requests must be sent to the database, a single DBinstance may be unable to handle the read pressure. In this case, operations may be affected.To expand the DB instance read ability to offload read pressure on the database, you cancreate one or more read replicas in a region. These read replicas can process a large number ofread requests and increase application throughput.



41

A read replica uses the architecture of a single physical node (without a slave node). Changesin the primary DB instance are also automatically synchronized to all associated read replicasthrough the native replication function of PostgreSQL. The synchronization is not affected bynetwork latency. Read replicas and the primary DB instance must be in the same region butcan be in different AZs.

Billing Standards

Read replicas are additionally billed in the yearly/monthly and pay-per-use billing modes. Fordetails, see read replica pricing in RDS Product Pricing Details.

Functionsl Specifications of read replicas can be different from those of the primary DB instance,

and can be changed at any time to facilitate flexible scaling.l Read replicas support the pay-per-use and yearly/monthly billing modes.l You do not need to maintain accounts or databases. Both of them are synchronized from

the primary DB instance.l Read replicas support system performance monitoring. For details, see Monitoring DB

InstancesRDS provides up to 20 monitoring metrics, including storage space, IOPS, number ofdatabase connections, CPU usage, and network traffic. You can view these metrics todetermine the load of DB instances.

l You can enable or disable public accessibility for read replicas. For details, see sectionEnabling and Disabling Public Accessibility.

Restrictionsl A maximum of five read replicas can be created for a primary DB instance.l Read replicas do not support backup settings or temporary backups.l Read replicas do not support the creation of temporary DB instances from backup files or

point-in-time recovery, and do not support overwriting of DB instances from backupfiles.

l Data cannot be migrated to read replicas.l Read replicas do not support database creation and deletion.l Read replicas do not support account authorization.

2.6.2 Creating a Read Replica

Scenarios

Read replicas are used to enhance the read capabilities of primary DB instances and reducethe load on primary DB instances.

After a DB instance has been created, you can create read replicas for it.

NOTE

You can add read replicas only when your account balance is more than ¥0.

A maximum of five read replicas can be created for a primary DB instance.



42




Procedure

Step 1 On the Instance Management page, locate the target DB instance and click Create ReadReplica in the Operation column.

Step 2 On the displayed page, select a billing mode, configure specifications about the read replicaand click Next.



Region By default, read replicas are in the same region as the primary DBinstance.

DB InstanceName


DB Engine Same as the DB engine version of the primary DB instance by default andcannot be changed.

DB EngineVersion

Same as the DB engine version of the primary DB instance by default andcannot be changed.

AZ RDS allows you to deploy both a primary DB instance and a read replicain a single AZ or across AZs.l If they are the same, the read replica and primary DB instance are

deployed in the same AZ.l If they are different, the read replica and primary DB instance are

deployed in different AZs to ensure data reliability.

DiskEncryption








43



Instance Class Refers to the CPU and memory of a DB instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DB instance is created, you can change its CPU and memory.For details, see Changing the CPU or Memory of a DB Instance.l DB instances in a DCC only support the general-purpose instance

class.



Storage Space Contains the system overhead required for inode, reserved block, anddatabase operation.l Storage space can range in size from 40 GB to 4,000 GB and can be

increased only by increments of 10 GB.l The storage space of the read replica must be greater than or equal to

that of the primary instance.



RequiredDuration

The system will automatically calculate the configuration fee based onthe selected required duration. The longer the required duration is, thelarger discount you will enjoy.



Step 3 Confirm specifications.l If you need to modify your settings, click Previous.l Otherwise, click Submit.

Step 4 After a read replica has been created, you can view and manage it on the InstanceManagement page by clicking on the left of the DB instance to which it belongs.

----End



44



2.6.3 Managing Read Replicas

Entering the Management Interface Through the Read Replica


Step 2 Select the region in which the target read replica is located.

Step 3 In the DB instance list, click to expand the DB instance details and click the target readreplica name to go to the Basic Information page.

----End

Entering the Management Interface Through the Primary DB Instance


Step 2 Select the region in which the target primary DB instance is located.

Step 3 Click the name of the primary DB instance with which the target read replica is associated togo to the Basic Information page.

Step 4 On the displayed page, click the read replica name in the Read replica field to go to the BasicInformation page of the read replica.

----End



45

3 Quick Start for SQL Server

3.1 RestrictionsRDS for SQL Server only supports DB instances under the License Included model and doesnot support "bring your own license" (BYOL). After a DB instance is created, it contains theMicrosoft SQL Server enterprise edition license.

Table 3-1 shows the restrictions designed to ensure the stability and security of RDS for SQLServer.

RDS for Microsoft SQL Server DB instances are divided into two series: basic edition andhigh-availability edition. DB instances of different series have different function restrictions.For details, see Basic Edition and High-Availability Edition.


Function Item High-AvailabilityEdition

Basic Edition

Maximum number of databases 30 (can be increased) 30 (can be increased)

Number of database accounts Unlimited Unlimited

Create of user, LOGIN, ordatabase

Supported Supported

Database-level DDL trigger Supported Supported

Database permissionauthorization

Supported Supported

KILL permission Supported Supported

LinkServer Coming soon Coming soon

Distributed transaction Coming soon Coming soon

SQL Profiler Supported Supported

Tuning Advisor Supported Supported

Relational Database ServiceQuick Start 3 Quick Start for SQL Server


46

https://support.huaweicloud.com/en-us/productdesc-rds/rds_01_0010.html#

Function Item High-AvailabilityEdition

Basic Edition

Change Data Capture (CDC) Supported Supported

Change tracking Supported Supported

Windows domain account login Not supported Not supported

Email Not supported Not supported

SQL Server Integration Services(SSIS)

Not supported Not supported

SQL Server Analysis Services(SSAS)


SQL Server Reporting Services(SSRS)


R Services Not supported Not supported

Common Language Runtime(CLR)


Asynchronous communication Not supported Not supported

Replication Not supported Not supported

Policy management Not supported Not supported

3.2 Process

PurposeThis section describes how to create RDS DB instances, initialize configurations, and connectto instance databases, helping you quickly understand the process of using RDS.






47

Figure 3-1 Process

NOTE

If the ECS is in the same VPC subnet as the RDS DB instance, you do not need to assign an EIP.

3.3 Buying an RDS Microsoft SQL Server DB Instance

Scenarios


Currently, RDS for SQL Server supports the yearly/monthly and pay-per-use billing modes.The DB instance class and storage space you need depends on your processing power andmemory requirements.


Procedure






48

NOTE

DCC is currently in Open Beta Test for RDS Microsoft SQL Server DB instances and is free of charge.






49





50

Yearly/Monthly


Pay-per-use




Region Region in which the tenant is located. Can be changed in the upperleft corner of the page.

AZ A physical region in which resources use independent powersupplies and networks. AZs are physically isolated butinterconnected through an internal network.Some regions support both a single AZ and multiple AZs and someonly support a single AZ.

DB Instance Name Must start with a letter and consist of 4 to 64 characters. Case-sensitive. Can contain only letters, digits, hyphens (-), andunderscores (_).

DB Engine Set to Microsoft SQL Server.

DB Engine Version For details, see DB Engines and Versions.

DB Instance Type l Primary/Standby: You will have both a primary DB instanceand a synchronous standby DB instance. The standby DBinstance improves instance reliability and is invisible to you afterbeing created.An AZ is a region in which resources use independent powersupplies and networks. AZs are physically isolated butinterconnected through an internal network.Some regions support both a single AZ and multiple AZs andsome only support a single AZ.NOTE

Products in different regions cannot communicate with each other througha private network and you cannot change the region of a DB instance aftercreating the instance. Therefore, exercise caution when selecting a region.

RDS supports deploying primary and standby DB instances in anAZ or across AZs. You can determine whether the secondary AZis the same as the primary AZ.– If they are the same, the primary and standby DB instances

are deployed in the same AZ.– If they are different (by default), the primary and standby DB

instances are deployed in different AZs to ensure failoversupport and high availability.


Time Zone Can be specified only when you create a DB instance and cannot bemodified after the DB instance is created.



51



Disk Encryption l Disable: indicates the encryption function is disabled.l Enable: indicates the encryption function is enabled, improving

data security but affecting system performance.Key Name: specifies the tenant key. You can create or select akey.NOTE

– Once the disk encryption function is enabled, you cannot disable it orchange the key after a DB instance is created. Backup data will not beencrypted in OBS.

– After an RDS DB instance is created, do not disable or delete the keythat is being used. Otherwise, RDS will be unavailable and datacannot be restored.

– Only professional edition keys can be used to encrypt DB instances.For details about how to create a key, see the "Creating a CMK"section in the Data Encryption Workshop User Guide.



Instance Class Refers to the CPU and memory of a DR instance. Different instanceclasses refer to different numbers of database connections and maximumIOPS.For details about instance classes, see DB Instance Specifications.After a DB instance is created, you can change its CPU and memory. Fordetails, see Changing the CPU or Memory of a DB Instance.NOTE



This option is displayed only when you buy the DSS service.

Storage Type Determines the DB instance read/write speed. The higher the maximumthroughput is, the higher the DB instance read/write speed can be.l Common I/O: supports a maximum throughput of 90 MB/s.l High I/O: supports a maximum throughput of 150 MB/s.l Ultra-high I/O: supports a maximum throughput of 350 MB/s.NOTE

If you select DSS for Resource Type, only the storage type that you have selectedwhen buying the DSS service is displayed by default.




52












Table 3-5 Network



Subnet Improves network security by providing dedicated network resourcesthat are logically isolated from other networks. Subnets take effect onlywithin an AZ. The Dynamic Host Configuration Protocol (DHCP)function must be enabled by default for subnets in which you plan tocreate RDS DB instances and cannot be disabled.

Security Group Enhances security by controlling access to RDS from other services.When you select a security group, you must ensure that it allows theclient to access DB instances.If no security group is available, RDS allocates a security group to youby default.



53




Administrator The default login name for the database is rdsuser.


Must consist of 8 to 32 characters and must be a combination ofuppercase letters, lowercase letters, digits, and at least one of thefollowing special characters: ~!@#%^*-_=+? Enter a strong passwordand periodically change it to improve security, preventing security riskssuch as brute force cracking.Keep this password secure. The system cannot retrieve it.After a DB instance is created, you can reset this password. For details,see Resetting the Administrator Password.

ConfirmPassword


AdvancedSettings


system provides a default enterprise project. You can also go to theProjectMan console to create a project. For details about how tocreate a project, see the ProjectMan User Guide.

Parameter Group Acts as a container for engine configuration values that are applied toone or more DB instances. If you create primary/standby DB instances,they use the same parameter group. After a DB instance is created, youcan modify parameters in the parameter group associated with the DBinstance.For details, see Modifying Parameters in a Parameter Group.

Table 3-7 AD domain


AD Domain Allows authenticated domain users to connect to Microsoft SQL ServerDB instances through Windows user accounts.l Skip: This option is selected by default.l Configure: Configure the directory address, domain name, domain

user, and domain user password.NOTE

If a Microsoft SQL Server single DB instance is configured with the ADdomain, it cannot be changed to primary/standby DB instances.

DirectoryAddress

Indicates the DNS server IP address.

Domain Name Indicates a fully qualified domain name.



54




Domain User You are advised to enter the domain administrator username.

Domain UserPassword

Indicates the password of the domain user.Must consist of 8 to 32 characters and must be a combination ofuppercase letters, lowercase letters, digits, and at least one of thefollowing special characters: ~!@#%^*-_=+? Enter a strong passwordand periodically change it to improve security, preventing security riskssuch as brute force cracking.Keep this password secure. The system cannot retrieve it.



RequiredDuration

The system will automatically calculate the configuration fee based on theselected required duration.





NOTE





55


l If you need to modify your settings, click Previous.l Otherwise, click Submit.

Skip Step 7 and Step 8 and go to Step 9.





56





NOTE


Step 9 To view and manage the DB instance, go to the Instance Management page.l Creating a DB instance takes about 15 minutes. During this process, its status is

Creating.


l The automated backup policy is enabled by default. An automated full backup isimmediately triggered after a DB instance is created.


----End


3.4.1 Creating a Security GroupA security group is a collection of access control rules for ECSs and RDS DB instances thathave the same security protection requirements and are mutually trusted in a VPC. Thissection describes how to create a security group to enable specific IP addresses and ports toaccess RDS.

Background Information

You can access RDS DB instances from a public or private network.

Precautions

The default security group rule allows all outgoing data packets. ECSs and RDS DB instancescan access each other if they are deployed in the same security group. After a security groupis created, you can configure security group rules to control access from and to the DBinstances in the security group.

By default, you can create a maximum of 500 security group rules. To prevent high networklatency for the first packet, you are advised to create a maximum of 50 rules for each securitygroup.



57


To access RDS DB instances in your security group from a public network, you need to addan inbound rule. For example, if you want to use a client to access a DB instance from apublic network or from an ECS in a different security group, you can add an inbound rule inwhich Protocol is set to TCP and Port/Range is set to the default value 1433.

NOTE


Procedure

For details about how to add a security group rule, see the Adding a Security Group Rulesection in the Virtual Private Cloud User Guide.

3.4.2 Binding an EIP to a DB InstanceIf your applications are running on an ECS that is in the same region as your RDS DBinstances, you do not need to enable public accessibility.


NOTE


l RDS for Microsoft SQL Server enables you to enable and disable public accessibility. By default, anewly created DB instance is not publicly accessible.

Background Information

You can use a private IP address or an EIP to access DB instances.

l Use a private IP address alone when your applications are deployed on an ECS that is inthe same region as RDS.RDS provides a private IP address by default.

l Use an EIP alone when:– Your applications are deployed on an ECS that is not in the same region as RDS.– Your applications are deployed on a platform other than the public cloud.

Precautionsl Before accessing the database, you need to add specific IP addresses to the inbound rule.

For details, see section Creating a Security Group.l Traffic generated by the public network is charged by bandwidth and IP. For details, see

Product Pricing Details.l Public accessibility reduces the security of DB instances. Therefore, exercise caution


Binding an EIP




58



Step 2 In the Instance Information area on the Basic Information page, click Bind in the EIPfield.

Figure 3-5 Binding an EIP

Step 3 In the displayed dialog box, all unbound EIP addresses are listed. Select the EIP to be boundand click OK. If no available EIP addresses are displayed, click View EIP Details and assignEIP addresses on the VPC console.

Figure 3-6 Selecting an EIP

After you bind an EIP to a Microsoft SQL Server DB instance, you must reboot the instanceto make the SSL connection work.

Step 4 On the Basic Information page, you can view the EIP that has been bound to the DBinstance.



59

To unbind the EIP from the DB instance, see Unbinding an EIP.

----End

Unbinding an EIP


Step 2 On the Basic Information page, click Unbind in the EIP field.

Figure 3-7 Unbinding an EIP

After you unbind an EIP from a Microsoft SQL Server DB instance, you must reboot theinstance to make the SSL connection work.

Step 3 Click OK.

To bind an EIP to the DB instance again, see Binding an EIP.

----End

3.5 Connecting to a DB InstanceYou can use a Microsoft SQL Server client to connect to a DB instance through a commonconnection or an SSL connection. The SSL connection is encrypted and thus more secure.


– To connect to a DB instance through an ECS, you must first create an ECS.For details about how to create and connect to an ECS, see How Can I Create andConnect to an ECS?To connect to a DB instance through a private IP address, you need to add the IPaddress of the target DB instance to the RDS security group. For details about howto create a security group, see the "Adding a Security Group Rule" section in theVirtual Private Cloud User Guide.


i. Bind the EIP to the DB instance. For details, see Binding an EIP.



60



ii. Ensure that the local device can access the EIP that has been bound to the DBinstance.

2. Install the Microsoft SQL Server client on the ECS or device that was prepared in 1.For details, see How Can I Install SQL Server Management Studio?

Common Connection

Step 1 Log in to the ECS or device that can access RDS.

Step 2 Start SQL Server Management Studio.

Step 3 Choose Connect > Database Engine. In the displayed dialog box, enter login information.

Figure 3-8 Connecting to a DB instance

l Server name: indicates different values depending on how you intend to access the DBinstance. If you intend to access the DB instance through an ECS, Server name indicatesthe IP address and port number of the primary DB instance. To obtain these, go to theInstance Management page and click the target DB instance name. The IP address andport number can be found in the Private IP Address field on the Basic Informationpage. If you intend to access the DB instance through an EIP, -h indicates the EIPdisplayed in the EIP field on the Basic Information page. Use commas (,) to separate IPaddresses and port numbers.

l Authentication: indicates the authentication mode. Select SQL Server Authentication.l Login: indicates the RDS database username. The default administrator is rdsuser.l Password: indicates the password of the RDS database username.

For example, the following figure shows how to connect to a DB instance as user rdsuser.



61


Figure 3-9 Connecting to a DB instance

Step 4 Click Connect to connect to the DB instance.

----End

SSL Connection

NOTICEl Replace the old certificate before it expires to improve system security.l After you bind an EIP to a SQL Server DB instance, you must reboot the instance to make

the SSL connection work.



Step 3 Import the root certificate into Windows OS on the ECS. For details, see How Can I Importthe Root Certificate to the Windows OS?

Step 4 Start SQL Server Management Studio.

Step 5 Choose Connect > Database Engine. In the displayed dialog box, enter login information.The following uses user rdsuser as an example to illustrate how to connect to the DB instancethrough SSL.

1. Enter a username and password and click Options.



62

https://support-intl.huaweicloud.com/en-us/rds_faq/rds_faq_0052.html

https://support-intl.huaweicloud.com/en-us/rds_faq/rds_faq_0052.html

Figure 3-10 Connecting to a DB instance through SSL

– Server name: indicates different values depending on how you intend to access theDB instance. If you intend to access the DB instance through an ECS, Server nameindicates the IP address and port number of the primary DB instance. To obtainthese, go to the Instance Management page and click the target DB instance name.The IP address and port number can be found in the Private IP Address field onthe Basic Information page. If you intend to access the DB instance through anEIP, -h indicates the EIP displayed in the EIP field on the Basic Information page.Use commas (,) to separate IP addresses and port numbers.

– Authentication: indicates the authentication mode. Select SQL ServerAuthentication.

– Login: indicates the RDS database username. The default administrator is rdsuser.– Password: indicates the password of the RDS database username.

2. On the Connection Properties page, set related parameters and select Encryptconnection.



63

Figure 3-11 Connection properties

NOTE

If Encrypt connection is selected, SSL will be used to encrypt connections to a DB instance.(Encrypt connection is unselected by default.)

Step 6 Click Connect to connect to the DB instance.

----End

3.6 Function Differences Between Microsoft SQL ServerVersions

This section describes function differences between SQL Server versions.

l For details about differences of basic functions, see Table 3-9.l DB instances of different series have different function restrictions. For details, see Basic

Edition and High-Availability Edition.l For details about differences of database migration functions, see Table 3-10.l For details about differences of database security functions, see Table 3-11.

Table 3-9 Differences of basic functions

Module Function Item High-AvailabilityEdition

Basic Edition

Life cycle Create a DB instance Supported Supported



64




Basic Edition

Reboot a DB instance Supported Supported

Auto-renewal Supported Supported

Change the billingmode

Supported Supported

Change the instanceclass

Supported Supported

Delete a DB instance Supported Supported

Upgrade the DBengine version


Restore to a new DBinstance

Supported Supported

Create a read replica Not supported Not supported

DB instanceproperties

View the DB instancelist

Supported Supported

View DB instancedetails

Supported Supported

Modify the DBinstance description

Supported Supported

Change themaintenance period

Supported Supported

Manage tags Supported Supported

Manage AZs Not supported Not supported

Databaseconnection

Internal accessthrough a VPC

Supported Supported

Public accessibility Supported Supported

Read/write splittingaddress


Serviceavailability

Disaster recovery inan AZ

Supported Supported

Disaster recovery inthe same city

Supported Not supported

Remote disasterrecovery


Disaster recovery drill Not supported Not supported



65


Basic Edition

Backup andrestore

Full backup Supported Supported

Log backup Supported Supported

Customize a backuppolicy

Supported Supported

Restore fromautomated backups

Supported Supported

Point in time recovery Supported Supported

Partial backup Coming soon Coming soon

Partial restore Supported Supported

Monitoring andalarms

Resource monitoring Supported Supported

DB engine monitoring Not supported Not supported

Customize monitoringpolicies

Supported Supported

Aggregate monitoringitems

Supported Supported

Parametermanagement

Parameter update Supported Supported

Parameter template Supported Supported

Logmanagement

Error logs Supported Supported

System running logs Supported Supported

Table 3-10 Differences of database migration

Function Item High-Availability Edition Basic Edition

Homogeneous datamigration

Supported Supported

Heterogeneousdata migration

Coming soon Coming soon

Datasynchronization

Supported Supported



66

Table 3-11 Differences of database security

Function Item High-Availability Edition Basic Edition

IP addresswhitelist

Coming soon Coming soon

Management audit Supported Supported

Firewall Supported (DBSS) Supported (DBSS)

Database audit Supported (DBSS) Supported (DBSS)

Storage encryption Coming soon Coming soon

Networkencryption

Supported Supported

Security groupmanagement

Supported Supported

Transparent DataEncryption (TDE)encryption

Coming soon (enterprise edition) Coming soon (enterpriseedition)

Table 3-12 lists the major differences of Web, Standard, and Enterprise editions of MicrosoftSQL Server.

l For more information about function differences among Microsoft SQL Server 2016editions (Web/Standard/Enterprise), see official documents.

l For more information about function differences among Microsoft SQL Server 2014editions (Web/Standard/Enterprise), see official documents.

Table 3-12 Functions between standard and enterprise editions

Function Item Web Edition Standard Edition Enterpriseedition

Instance class 16 vCPUs | 64GB

16 vCPUs | 128 GB N/A

High availability Not supported Mirror HA Always Onavailability

Data compression Not supported Supported Supported

SQL Profiler Supported Supported Supported

Column index Not supported Supported Supported

Table/indexpartitioning

Not supported l Supported by MicrosoftSQL Server 2014

l Not supported byMicrosoft SQL Server2008

Supported



67

https://docs.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-server-2016?view=sql-server-2017

https://docs.microsoft.com/en-us/sql/2014/getting-started/features-supported-by-the-editions-of-sql-server-2014?view=sql-server-2017

Function Item Web Edition Standard Edition Enterpriseedition

Change DataCapture (CDC)

Not supported Supported Supported

Online DDL Not supported Not supported Supported

Parallel searches Not supported Not supported Supported

Adjustment ofpartitioned tableparallelism

Not supported Not supported Supported

TDE Not supported Not supported Supported

Integration ofadvanced R

Not supported Not supported Supported



68

A Change History

Release Date Description

2018-08-03 This issue is the sixth official release, whichincorporates the following changes:Supporting buying RDS DB instances andDBSS together.Supported creating yearly/monthly read replicasfor MySQL and PostgreSQL DB instances.

2018-07-13 This issue is the fifth official release, whichincorporates the following changes:l Supported SQL Server 2016 Web.l Supported SQL Server 2014 SP2 Web.l Supported SQL Server 2008 R2 SP3 Web.l Supported creating DR instances for

MySQL DB instances.l Changed the default port number to 5432

when a PostgreSQL DB instance is created.

Relational Database ServiceQuick Start A Change History


69


2018-06-30 This issue is the fourth official release, whichincorporates the following changes:l Had no operation restrictions on accounts

with a balance greater than or equal to ¥0.l Supported the configuration and change of

the private IP address for a MySQL DBinstance.

l Supported public accessibility enabling anddisabling for MySQL read replicas.

l Supported storage space scaling of MySQLand PostgreSQL DB instances for anunlimited number of times. Each scalingmust be a multiple of 10 GB.

l Supported storage space scaling of SQLServer DB instances by a multiple of 10 GB.

l Supported downloading of backup files of asingle database for SQL Server.

2018-06-15 This issue is the third official release, whichincorporates the following changes:l Supported auto renewal during the creation

of yearly/monthly DB instances.l Prolonged the backup retention period to

732 days.l Displayed the maximum number of

connections for MySQL and PostgreSQLDB instances.

l Supported time zone selections whencreating a MyQL DB instance.

l Supported 1 vCPU | 2 GB and 1 vCPU | 4GB instance classes for PostgreSQL DBinstances.



70


2018-06-01 This issue is the second official release, whichincorporates the following changes:l Supported working with the DSS service.l Supported a maximum of 4,000 GB of

storage space when you create or scale up aDB instance.

l Supported parameter group selections duringDB instance creation.

l Supported yearly/monthly DB instancecreation in batches.

l Supported public accessibility enabling ordisabling of MySQL DB instances.

l Changed the default port number to 3306when a MySQL DB instance is created.

l Supported display of progresses and logs ofcreating or scaling MySQL DB instances inthe task center.

l Supported PostgreSQL 10.0.l Supported Microsoft SQL Server 2008 R2

SP3 EE.

2018-05-15 This issue is the first official release.



71

quick start › ... · 2019-07-18 · 2.3 buying an rds postgresql db instance ... instance is...

Documents