When creating a migration, sync, or subscription task, you need to select different access types based on the deployment conditions of your source database. This document describes how to select an access type and prepare accordingly.
Determine the access type in advance. For the same source and target databases, if an access type such as Public Network is selected and the connectivity verification is passed, you cannot switch to another access type such as Direct Connect; otherwise, an error will be reported during connectivity verification.
|Access Type||Use Case||Operation Guide|
|Public Network||Manually add the SNAT IP of the DTS server to the allowlist (generally the firewall) of the self-built database as instructed in Adding DTS IP Address to Database Allowlist to connect the source database and DTS instance.|
|Direct Connect/VPN Access|
|CCN||The source database can be interconnected with VPCs through CCN.|
|Self-Build on CVM||The source database is deployed in a CVM instance.||Manually add the SNAT IP of the DTS server to the security group of the CVM instance as instructed in Adding DTS IP Address to Database Allowlist to connect the source database and DTS instance.|
|VPC||The source and target databases are both deployed in Tencent Cloud VPCs.||Manually add the SNAT IP address of the DTS server to the security group of the source database as instructed in Adding DTS IP Address to Database Allowlist. |
To use the VPC access type, submit a ticket for application.
|Database||The source database is a TencentDB instance.|
- Manually or automatically adding the SNAT IP address of the DTS server to the security group or allowlist of the source database may cause certain security risks to the source database. Therefore, you should enhance security protection measures when performing such operations; for example, you can standardize account password management, require authentication for API communication, and restrict unnecessary IP ranges. By using DTS, you acknowledge the existence of risks. If you have high security requirements, we recommend you use Direct Connect, VPN, or VPC for access.
- After using DTS, we recommend you delete the DTS IP address from the security group or firewall promptly.