The page has been translated by Gen AI.

MariaDB(DBaaS) server connection

Scenario Overview

The MariaDB(DBaaS) server connection scenario is a scenario where a Bastion host (Virtual Server) and Database service are created, and the DB service is accessed through the Bastion host. To access MariaDB (DBaaS) stably in the Samsung Cloud Platform environment, it is necessary to create a Bastion host and network connection using it. To maintain a stable and high level of security, it is recommended to configure the Database service in a Private Subnet environment and configure the Bastion host in a limited Public Subnet environment.

This scenario largely describes the process of creating a Bastion host and Database service, and configuring the network environment for Bastion host and Database connection, to connect through a DB access client.

Architecture
Figure. MariaDB(DBaaS) server connection architecture

Scenario Components

You can configure the scenario using the following services.

Service Group
Service
Detailed Description
NetworkingVPCA service that provides an independent virtual network in a cloud environment
NetworkingVPC > SubnetA service that allows users to subdivide the network into smaller parts for their purpose/scale within the VPC
NetworkingVPC > Public IPA service that reserves a public IP and assigns and returns it to Compute resources
NetworkingVPC > Internet GatewayA service that connects VPC resources to the internet
NetworkingSecurity GroupA virtual firewall that controls the server’s traffic
DatabaseMariaDB(DBaaS)A service that easily creates and manages MariaDB in a web environment
ComputeVirtual ServerVirtual server optimized for cloud computing
ComputeVirtual Server > KeypairEncryption file used to connect to Virtual Server
Table. List of scenario components
Reference
The default policy of the * Security Group is Deny All, so only allowed IPs must be registered. The All Open policy of In/Outbound can expose cloud resources to external threats as is, with any IP and any port. * By specifying the necessary IP and Port to set the policy, you can enhance security.

Scenario composition method

To configure the scenario, create the necessary services through the following procedure.

1. Configuring the Network

This explains the process of configuring the network environment for Bastion Host and Database service connection.

1-1. Creating a VPC

For detailed creation methods, please refer to the Networking > VPC > How-to guides guide.
  1. Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
  2. On the Service Home page, click the Create VPC button. It moves to the Create VPC page.
  3. VPC Creation page, please enter the information required for service creation.
    • IP range should be entered as 192.168.x.0/16.
  4. In the Summary panel, review the detailed information and estimated charges, then click the Complete button.
    • Once the creation is complete, check the created resource on the VPC List page.

1-2. Creating a Subnet

For detailed creation methods, please refer to the Networking > VPC > How-to guides > Subnet guide.
  1. Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
  2. Service Home page, click the Subnet menu. It moves to the Subnet list page.
  3. Click the Subnet Creation button. It moves to the Subnet Creation page.
  4. Subnet creation page where you enter the information needed to create a service.
    • Subnet type should be selected as General.
    • Please select a pre-created VPC.
    • IP range should be entered as 192.168.x.0/24.
  5. In the Summary panel, review the detailed information and estimated charges, then click the Complete button.
    • After creation is complete, check the created resource on the Subnet list page.

1-3. Creating an Internet Gateway

For detailed creation methods, please refer to the Networking > VPC > How-to guides > Internet Gateway guide.
  1. Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
  2. Service Home page, click the Internet Gateway menu. It moves to the Internet Gateway list page.
  3. Click the Create Internet Gateway button. It moves to the Create Internet Gateway page.
  4. Internet Gateway creation page, please enter the required information necessary for service creation.
    • Please select a pre-created VPC.
    • Select Use in the Firewall usage item.
  5. In the Summary panel, review the detailed information and estimated charges, then click the Complete button.
    • Once the creation is complete, check the created resource on the Internet Gateway list page.

1-4. Creating a Public IP

For detailed creation methods, please refer to the Networking > VPC > How-to guides > Public IP guide.
  1. Click All services > Networking > VPC menu. It moves to the Service Home page of VPC.
  2. Service Home page, click the Public IP menu. It moves to the Public IP list page.
  3. Public IP Reservation button, click. Move to the Public IP Reservation page.
  4. Public IP Reservation page, enter the required information necessary for service reservation.
  5. In the Summary panel, review the details generated and the expected charge amount, then click the Complete button.
    • Once creation is complete, check the created resource on the Public IP List page.

1-5. Creating a Security Group

For detailed creation methods, please refer to the Networking > Security Group > How-to guides guide.
  1. Click All services > Networking > Security Group menu. It moves to the Service Home page of Security Group.
  2. Click the Security Group Creation button on the Service Home page. It moves to the Security Group Creation page.
  3. Security Group creation page, please enter the required information necessary for service creation.
  4. Check the input information and click the Complete button.
    • After creation is complete, check the created resource on the Security Group list page

2. Creating a Bastion Host

This describes the process of configuring the Bastion Host where the database connection client should be installed.

2-1. Creating a Server Keypair

For detailed creation methods, please refer to the Compute > Virtual Server > How-to guides > Keypair guide.
  1. Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
  2. Service Home page, click the Keypair menu. It moves to the Keypair list page.
  3. Create Keypair button should be clicked. It moves to the Create Keypair page.
  4. Keypair creation page, please enter the required information necessary for service creation.
  5. Check the creation information and click the Complete button.
    • The key can only be downloaded for the first time, and re-issuance is not provided.
    • Please keep the downloaded key in a safe place.

2-2. Creating a Bastion Host

For detailed creation methods, please refer to the Compute > Virtual Server > How-to guides guide.
  1. Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
  2. Click the Virtual Server Creation button on the Service Home page. It moves to the Virtual Server Creation page.
  3. Virtual Server Creation page, please enter the required information necessary for service creation.
  4. In the Summary panel, review the details generated and the expected charge amount, then click the Complete button.
    • After creation is complete, check the created resource on the Virtual Server list page.

2-3. Check Bastion host connection ID and PW

  1. Click All Services > Compute > Virtual Server menu. It moves to the Service Home page of Virtual Server.
  2. Service Home page, click the Virtual Server menu. It moves to the Virtual Server list page.
  3. Virtual Serve list page, click on the resource created in 2-2. Creating a Bastion host. It moves to the detailed information page of the corresponding resource.
  4. Click the RDP password inquiry button in the Keypair item on the detailed information page. The RDP password inquiry popup window opens.
  5. RDP password inquiry popup window, attach the keypair file downloaded from 2-1. Creating a server keypair.
  6. After attaching, click the Password Check button. The ID and password required to access the resource will be displayed.

3. Creating a Database

It describes the process of creating a database service.

3-1. Creating the MariaDB (DBaaS) Service

For detailed creation methods, please refer to the Database > MariaDB(DBaaS) > How-to guides guide.
  1. Click on the menu for all services > Database > MariaDB(DBaaS). It moves to the Service Home page of MariaDB(DBaaS).
  2. On the Service Home page, click the Create MariaDB(DBaaS) button. It moves to the Create MariaDB(DBaaS) page.
  3. MariaDB(DBaaS) creation page, please enter the required information needed for service creation.
    • Select and connect the pre-created VPC and Subnet.
    • Enter database-related creation information on the required information input screen.
    • Add the Bastion host IP to the IP access control item.
    • Database Port is 2866 by default, but you can specify it as you want.
  4. In the Summary panel, review the detailed information and estimated charges, then click the Complete button.
    • Once the creation is complete, check the created resource on the MariaDB(DBaaS) list page.

4. Setting Rules

This describes the process of setting rules for users to access the Bastion host and for the Bastion host to access the Database.

4-1. Adding Security Group Security Rules

For detailed creation methods, please refer to the Networking > Security Group > How-to guides guide.
  1. Click on the menu for all services > Networking > Security Group. It moves to the Service Home page of Security Group.
  2. Service Home page, click the Security Group menu. Move to the Security Group list page.
  3. 1-5. Creating a Security Group Select the Security Group resource created from. It will move to the detailed information page of the corresponding resource.
  4. Click the Rules tab on the detailed information page. It moves to the Rules tab.
  5. Click the Rule tab and click the Add Rule button. It moves to the Add Rule popup window.
  6. Add Rule In the popup window, enter the rules below and click the OK button
DirectionRemoteDestination AddressProtocolPortDescription
InboundCIDRUser PC IPTCP3389 (RDP)Bastion access PC → Bastion host
OutboundCIDRDB IPTCPDatabase Port (direct input)Bastion host → Database
Fig. Security Group security rules to be added

4-2. Adding IGW Firewall Rules

For detailed creation methods, please refer to the Networking > Firewall > How-to guides guide.
  1. Click All services > Networking > Firewall menu. It moves to the Service Home page of Firewall.
  2. Service Home page, click the Firewall menu. It moves to the Firewall list page.
  3. Firewall list page, select the Internet Gateway resource name created in 1-3. Creating Internet Gateway, and move to the detailed information page of the corresponding resource.
  4. Click the Rules tab on the detailed information page. It moves to the Rules tab.
  5. Rule tab, click the Add Rule button. It moves to the Add Rule popup window.
  6. Add Rule In the popup window, enter the rules below and click the OK button.
Departure AddressDestination AddressProtocolPortActionDirectionDescription
Bastion access PC IPBastion host IPTCP3389(RDP)AllowInboundUser PC → Bastion host
Fig. Internet Gateway Firewall rules to be added

5. Connecting to the Database

This describes the process of a user accessing the Database through a DB connection client program.

This guide provides instructions on how to connect using MySQL Workbench. There are various database client programs and CLI utilities, so you can also install and use the tools that are suitable for users.

5-1. Connect to Bastion host

  1. Run Remote Desktop Connection in the Windows environment of the PC you want to connect to the Bastion host, enter the NAT IP of the Bastion Host, and click the Connect button.
  2. After a successful remote desktop connection, the User Credential Input Window opens. Enter the ID and Password confirmed in 2-3. Checking Bastion Host Access ID and PW and click the Confirm button.

5-2. Installing DB connection client program (MySQL Workbench) on the Bastion host

  1. Go to the official MySQL page and download the MySQL Workbench program.
  2. Connect the hard drive of the user’s PC to upload the file to the Bastion host.
  3. Click the Details button for local devices and resources entries in the Local Resources tab of Remote Desktop Connection.
  4. Select the local disk where the file was downloaded to the drive and click the Confirm button.
  5. Copy the downloaded file and upload it to the Bastion Host, then click the MySQL Workbench installation file to install it.

5-3. Using DB connection client program (MySQL Workbench) to connect to the Database

  1. Run MySQL Workbench and click Database > Manage connections. The Manage Server Connection popup window will appear.
  2. Manage Server Connection popup window, click the New button at the bottom left and enter the database server information created in 3-1. MariaDB(DBaaS) service creation, then click the Test Connection button. A Password popup window will appear.
    Required Input Element ItemsInput Value
    Connection NameCustom (ex. Service Name)
    Host nameDatabase server IP
    PortDatabase Port
    UsernameDatabase user name
    DB connection client program input items
  3. Password popup window, enter the password set in 3-1. MariaDB(DBaaS) service creation and click the OK button. When the success is complete, click the OK button in the Manage Server Connection popup window.
  4. Database > Connect to Database를 클릭하세요. Connect to Database popup window will appear.
  5. Select the Connection Name registered in Stored Connection to perform database connection. After connection, you can try simple queries, etc.
How-to guides
Managing DB Services