The page has been translated by Gen AI.

MariaDB(DBaaS) Server Connection

Scenario Overview

MariaDB(DBaaS) Server Connection scenario involves creating a Bastion host(Virtual Server) and a Database service, and accessing the DB service through the Bastion host. To reliably connect to MariaDB(DBaaS) in the Samsung Cloud Platform environment, you need to create a Bastion host and establish network connectivity using it. To maintain stability and a high level of security, it is recommended to configure the Database service in a Private Subnet environment and set up the Bastion host in a restricted Public Subnet environment.

This scenario primarily describes creating a Bastion host and a Database service, configuring the network environment for Bastion host and Database access, and connecting through a DB client.

Architecture
Figure. MariaDB (DBaaS) server connection architecture

Scenario components

You can build the scenario using the following services.

service group
service
Detailed description
NetworkingVPCA service that provides an isolated virtual network in a cloud environment
NetworkingVPC > SubnetA service that lets users segment the network within a VPC to match their purpose and scale.
NetworkingVPC > Public IPA service that reserves a public IP and allocates and deallocates it to Compute resources.
NetworkingVPC > Internet GatewayA service that connects VPC resources to the Internet
NetworkingSecurity GroupVirtual firewall that controls server traffic
DatabaseMariaDB(DBaaS)A service that easily creates and manages MariaDB in a web environment
ComputeVirtual ServerVirtual server optimized for cloud computing
ComputeVirtual Server > KeypairEncryption file used to connect to the Virtual Server
Table. Scenario component list
Note
  • Since the default policy of a Security Group is Deny All, you must register only the IPs that are allowed.
  • In/Outbound’s All Open(Any IP, Any Port) policy can expose cloud resources directly to external threats.
    • By specifying the required IP and port and setting a policy, you can strengthen security.

Scenario setup method

Create the services needed to build the scenario by following the steps below.

Configure Network

Describes the process of configuring the network environment for accessing the Bastion Host and Database services.

1-1. Create VPC

For detailed creation instructions, see the Networking > VPC > How-to guides guide.
  1. Click the All Services > Networking > VPC menu. You will be taken to the VPC Service Home page.
  2. Click the Create VPC button on the Service Home page. You will be taken to the Create VPC page.
  3. On the VPC creation page, enter the information required to create the service.
    • Enter the IP range as 192.168.x.0/16 .
  4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
    • Once creation is complete, check the created resources on the VPC List page.

1-2. Create Subnet

For detailed creation instructions, refer to the Networking > VPC > How-to guides > Subnet guide.
  1. Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
  2. On the Service Home page, click the Subnet menu. You will be taken to the Subnet List page.
  3. Click the Create Subnet button. You will be taken to the Create Subnet page.
  4. On the Subnet Creation page, enter the information required to create the service.
    • Select the Subnet type as General.
    • Select a pre‑created VPC.
    • Enter the IP range as 192.168.x.0/24.
  5. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
    • After creation is complete, check the created resources on the Subnet list page.

1-3. Create Internet Gateway

For detailed creation steps, refer to the Networking > VPC > How-to guides > Internet Gateway guide.
  1. Click the All Services > Networking > VPC menu. You will be taken to the VPC Service Home page.
  2. On the Service Home page, click the Internet Gateway menu. You will be taken to the Internet Gateway List page.
  3. Click the Create Internet Gateway button. Navigate to the Create Internet Gateway page.
  4. On the Internet Gateway Creation page, enter the required information needed to create the service.
    • Select a pre‑created VPC.
    • In the Firewall usage item, select Use.
  5. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
    • Once creation is complete, verify the created resource on the Internet Gateway List page.

1-4. Create Public IP

For detailed creation steps, refer to the Networking > VPC > How-to guides > Public IP guide.
  1. Click the All Services > Networking > VPC menu. Navigate to the VPC’s Service Home page.
  2. Click the Public IP menu on the Service Home page. You will be taken to the Public IP List page.
  3. Click the Public IP reservation button. You will be taken to the Public IP reservation page.
  4. Public IP reservation page, enter the required information needed to reserve the service.
  5. In the Summary panel, verify the detailed information and estimated billing amount, and click the Complete button.
    • After creation is complete, check the created resources on the Public IP List page.

1-5. Create Security Group

For detailed creation instructions, refer to the Networking > Security Group > How-to guides guide.
  1. Click the All Services > Networking > Security Group menu. Go to the Service Home page of Security Group.
  2. Click the Create Security Group button on the Service Home page. You will be taken to the Create Security Group page.
  3. On the Security Group creation page, enter the required information needed to create the service.
  4. Check the input information and click the Complete button.
    • Once creation is complete, check the created resources on the Security Group List page.

Create bastion host

Describes the process of configuring a Bastion Host where the Database access client must be installed.

2-1. Create Server Keypair

For detailed creation steps, refer to the Compute > Virtual Server > How-to guides > Keypair guide.
  1. Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
  2. On the Service Home page, click the Keypair menu. You will be taken to the Keypair List page.
  3. Click the Create Keypair button. You will be taken to the Create Keypair page.
  4. Enter the required information needed to create a service on the Keypair creation page.
  5. Check the creation information and click the Complete button.
    • The key can be downloaded only once, and reissuance is not available.
    • Please store the downloaded key in a secure location.

2-2. Create Bastion host

For detailed creation steps, refer to the Compute > Virtual Server > How-to guides guide.
  1. Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
  2. On the Service Home page, click the Virtual Server Creation button. You will be taken to the Virtual Server Creation page.
  3. On the Virtual Server Creation page, enter the required information to create the service.
  4. In the Summary panel, verify the detailed information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resources on the Virtual Server List page.

2-3. Verify Bastion host login ID and password

  1. Click the All Services > Compute > Virtual Server menu. Navigate to the Service Home page of Virtual Server.
  2. On the Service Home page, click the Virtual Server menu. You will be taken to the Virtual Server List page.
  3. On the Virtual Serve List page, click the resource you created in [2-2. Bastion host Creation]. You will be taken to the detailed information page for that resource.
  4. On the detail information page, click the RDP password view button in the Keypair name field. The RDP password view popup window will open.
  5. In the RDP password lookup popup window, attach the keypair file downloaded from 2-1. 서버 Keypair 생성하기.
  6. After attaching, click the Password Check button. The ID and Password required to access the resource are displayed.

Create Database

Describes the process of creating a Database service.

3-1. MariaDB(DBaaS) Create Service

For detailed creation instructions, refer to the Database > MariaDB(DBaaS) > How-to guides guide.
  1. Click the All Services > Database > MariaDB(DBaaS) menu. Navigate to the Service Home page of MariaDB(DBaaS).
  2. On the Service Home page, click the Create MariaDB (DBaaS) button. You will be taken to the Create MariaDB (DBaaS) page.
  3. MariaDB(DBaaS) Creation page: enter the required information for service creation.
    • Connect by selecting the pre‑created VPC and Subnet.
    • Enter the database-related creation details on the required information input screen.
    • Add the Bastion host IP in the IP access control settings.
    • The Database Port defaults to 2866, but the user can also specify it.
  4. Summary Check the detailed information and estimated billing amount generated in the panel, and click the Complete button.
    • After creation is complete, check the created resource on the MariaDB(DBaaS) list page.

Configuring Rules

It describes the process of configuring rules for users to access the Bastion host and rules for accessing the Database from the Bastion host.

4-1. Add security rules to Security Group

For detailed creation instructions, see the Networking > Security Group > How-to guides guide.
  1. Click the All Services > Networking > Security Group menu. Go to the Service Home page of Security Group.
  2. Click the Security Group menu on the Service Home page. You will be taken to the Security Group List page.
  3. Select the Security Group resource created in 1-5. Creating a Security Group. Navigate to the detailed information page for that resource.
  4. Click the Rules tab on the detail information page. You will be taken to the Rules tab.
  5. Click the Add Rule button on the Rules tab. It navigates to the Add Rule popup.
  6. Add Rule In the popup window, enter the rule below, and click the Confirm button.
    directionRemoteTarget addressProtocolPortExplanation
    InboundCIDRUser PC IPTCP3389 (RDP)Bastion access PC → Bastion host
    OutboundCIDRDB IPTCPDatabase Port (manual entry)Bastion host → Database
    Table: Security Group rules that need to be added

4-2. Adding IGW Firewall Rules

For detailed creation instructions, refer to the Networking > Firewall > How-to guides guide.
  1. Click the All Services > Networking > Firewall menu. Navigate to the Service Home page of Firewall.
  2. On the Service Home page, click the Firewall menu. You will be taken to the Firewall List page.
  3. On the Firewall List page, select the Internet Gateway Resource Name created in 1-3. Internet Gateway 생성하기. You will be taken to the detailed information page for that resource.
  4. Click the Rules tab on the detail information page. You will be taken to the Rules tab.
  5. Click the Add Rule button on the Rules tab. You will be taken to the Add Rule popup.
  6. Add Rule In the popup window, enter the rule below, and click the Confirm button.
    origin addressDestination addressProtocolPortOperationdirectionExplanation
    Bastion connection PC IPBastion host IPTCP3389(RDP)AllowInboundUser PC → Bastion host
    Table. Internet Gateway Firewall rules that need to be added

Connect to Database

Describes the process of a user accessing the database via a DB client program.

This guide explains how to connect using MySQL Workbench. Since there are various database client programs and CLI utilities, you may install and use the tool that best fits your needs.

5-1. Connecting to Bastion host

  1. In the Windows environment of the PC that will connect to the Bastion host, run Remote Desktop Connection, then enter the NAT IP of the Bastion Host and click the Connect button.
  2. When the remote desktop connection succeeds, the user credential input window opens. Enter the ID and Password verified in 2-3. Bastion host Access ID and PW Verification and click the Confirm button.

5-2. Install DB connection client program (MySQL Workbench) on the Bastion host

  1. Visit the official MySQL page and download the MySQL Workbench program.
  2. Connect the user’s PC hard drive to upload the file to the Bastion host.
  3. In the Local Resources tab of the Remote Desktop Connection, click the Details button of the Local Devices and Resources item.
  4. Select the local disk of the location where the file was downloaded on the drive, and click the OK button.
  5. Copy the downloaded file, upload it to the Bastion Host, and click the MySQL Workbench installer to install.

5-3. Connect to the Database using the DB client program (MySQL Workbench)

  1. Launch MySQL Workbench and click Database > Manage connections. The Manage Server Connection popup appears.
  2. In the Manage Server Connection popup, click the New button at the lower left, enter the Database server information created in 3-1. MariaDB(DBaaS) 서비스 생성하기, and click the Test Connection button. A Password popup will appear.
    Required input fieldinput value
    Connection NameCustom (e.g., service name)
    Host nameDatabase server IP
    PortDatabase Port
    UsernameDatabase username
    Table. DB connection client program input fields
  3. In the Password popup window, enter the password you set in 3-1. MariaDB(DBaaS) Service Creation and click the OK button. When the operation succeeds, click the OK button in the Manage Server Connection popup window.
  4. Click Database > Connect to Database. The Connect to Database popup window appears.
  5. Select the Connection Name registered in Stored Connection to connect to the Database. After connecting, you can try simple queries, etc.
Configure Read Replica
Release Note