The page has been translated by Gen AI.

MariaDB(DBaaS) Server Connection

Scenario Overview

The MariaDB(DBaaS) Server Connection scenario involves creating a Bastion host (Virtual Server) and Database service, and accessing the DB service through the Bastion host. To securely connect to MariaDB(DBaaS) in the Samsung Cloud Platform environment, you need to create a Bastion host and configure network connections through it. We recommend configuring the Database service in a Private Subnet environment and the Bastion host in a restricted Public Subnet environment to maintain stability and high security levels.

This scenario explains the process of creating a Bastion host and Database service, configuring the network environment for Bastion host and Database access, and connecting through a DB access client.

Architecture
Figure. MariaDB(DBaaS) Server Connection Architecture

Scenario Components

You can configure this scenario using the following services:

Service Group
Service
Description
NetworkingVPCService that provides an independent virtual network in the cloud environment
NetworkingVPC > SubnetService that subdivides the network according to user’s purpose/scale within VPC
NetworkingVPC > Public IPService that reserves a public IP to assign to and release from Compute resources
NetworkingVPC > Internet GatewayService that connects VPC resources to the internet
NetworkingSecurity GroupVirtual firewall that controls server traffic
DatabaseMariaDB(DBaaS)Service that allows easy creation and management of MariaDB in a web environment
ComputeVirtual ServerVirtual server optimized for cloud computing
ComputeVirtual Server > KeypairEncrypted file used to connect to Virtual Server
Table. Scenario Component List
Note
  • The default policy of Security Group is Deny All, so you must register only allowed IPs.
  • The All Open (Any IP, Any Port) policy for In/Outbound can expose cloud resources to external threats.
    • Setting policies by specifying necessary IPs and Ports can enhance security.

Scenario Configuration Method

Create the services required to configure the scenario through the following procedure.

1. Configure Network

This section explains the process of configuring the network environment for Bastion Host and Database service access.

1-1. Create VPC

For detailed creation methods, refer to Networking > VPC > How-to guides guide.
  1. Click All Services > Networking > VPC menu. You will be taken to the VPC’s Service Home page.
  2. Click VPC Create button on the Service Home page. You will be taken to the VPC Create page.
  3. Enter the information required for service creation on the VPC Create page.
    • Enter the IP range as 192.168.x.0/16.
  4. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the VPC List page.

1-2. Create Subnet

For detailed creation methods, refer to Networking > VPC > How-to guides > Subnet guide.
  1. Click All Services > Networking > VPC menu. You will be taken to the VPC’s Service Home page.
  2. Click Subnet menu on the Service Home page. You will be taken to the Subnet List page.
  3. Click Subnet Create button. You will be taken to the Subnet Create page.
  4. Enter the information required for service creation on the Subnet Create page.
    • Select Subnet type as General.
    • Select the previously created VPC.
    • Enter the IP range as 192.168.x.0/24.
  5. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the Subnet List page.

1-3. Create Internet Gateway

For detailed creation methods, refer to Networking > VPC > How-to guides > Internet Gateway guide.
  1. Click All Services > Networking > VPC menu. You will be taken to the VPC’s Service Home page.
  2. Click Internet Gateway menu on the Service Home page. You will be taken to the Internet Gateway List page.
  3. Click Internet Gateway Create button. You will be taken to the Internet Gateway Create page.
  4. Enter the required information for service creation on the Internet Gateway Create page.
    • Select the previously created VPC.
    • Select Use for Firewall usage item.
  5. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the Internet Gateway List page.

1-4. Create Public IP

For detailed creation methods, refer to Networking > VPC > How-to guides > Public IP guide.
  1. Click All Services > Networking > VPC menu. You will be taken to the VPC’s Service Home page.
  2. Click Public IP menu on the Service Home page. You will be taken to the Public IP List page.
  3. Click Public IP Reserve button. You will be taken to the Public IP Reserve page.
  4. Enter the required information for service reservation on the Public IP Reserve page.
  5. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the Public IP List page.

1-5. Create Security Group

For detailed creation methods, refer to Networking > Security Group > How-to guides guide.
  1. Click All Services > Networking > Security Group menu. You will be taken to Security Group’s Service Home page.
  2. Click Security Group Create button on the Service Home page. You will be taken to the Security Group Create page.
  3. Enter the required information for service creation on the Security Group Create page.
  4. Review the entered information and click Complete button.
    • When creation is complete, verify the created resource on the Security Group List page.

2. Create Bastion Host

This section explains the process of configuring a Bastion Host where a DB access client should be installed.

2-1. Create Server Keypair

For detailed creation methods, refer to Compute > Virtual Server > How-to guides > Keypair guide.
  1. Click All Services > Compute > Virtual Server menu. You will be taken to Virtual Server’s Service Home page.
  2. Click Keypair menu on the Service Home page. You will be taken to the Keypair List page.
  3. Click Keypair Create button. You will be taken to the Keypair Create page.
  4. Enter the required information for service creation on the Keypair Create page.
  5. Review the creation information and click Complete button.
    • Key download is available only for the first time, and reissuance is not provided.
    • Please save the downloaded key in a safe place.

2-2. Create Bastion Host

For detailed creation methods, refer to Compute > Virtual Server > How-to guides guide.
  1. Click All Services > Compute > Virtual Server menu. You will be taken to Virtual Server’s Service Home page.
  2. Click Virtual Server Create button on the Service Home page. You will be taken to the Virtual Server Create page.
  3. Enter the required information for service creation on the Virtual Server Create page.
  4. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the Virtual Server List page.

2-3. Verify Bastion Host Access ID and PW

  1. Click All Services > Compute > Virtual Server menu. You will be taken to Virtual Server’s Service Home page.
  2. Click Virtual Server menu on the Service Home page. You will be taken to the Virtual Server List page.
  3. Click the resource created in 2-2. Create Bastion Host on the Virtual Server List page. You will be taken to the resource’s detail information page.
  4. Click RDP password query button in the Keypair name item on the detail information page. RDP password query popup window will open.
  5. Attach the keypair file downloaded in 2-1. Create Server Keypair in the RDP password query popup window.
  6. After attaching, click Password Check button. The ID and Password for accessing the resource will be displayed.

3. Create Database

This section explains the process of creating a Database service.

3-1. Create MariaDB(DBaaS) Service

For detailed creation methods, refer to Database > MariaDB(DBaaS) > How-to guides guide.
  1. Click All Services > Database > MariaDB(DBaaS) menu. You will be taken to MariaDB(DBaaS)’s Service Home page.
  2. Click MariaDB(DBaaS) Create button on the Service Home page. You will be taken to the MariaDB(DBaaS) Create page.
  3. Enter the required information for service creation on the MariaDB(DBaaS) Create page.
    • Select and connect the previously created VPC and Subnet.
    • Enter Database-related creation information on the required information input screen.
    • Add Bastion host IP in IP access control item.
    • Database Port defaults to 2866, but users can specify it.
  4. Review the detailed information and estimated billing amount on the Summary panel, and click Complete button.
    • When creation is complete, verify the created resource on the MariaDB(DBaaS) list page.

4. Configure Rules

This section explains the process of setting rules for users to access the Bastion host and rules for the Bastion host to access the Database.

4-1. Add Security Group Security Rules

For detailed creation methods, refer to Networking > Security Group > How-to guides guide.
  1. Click All Services > Networking > Security Group menu. You will be taken to Security Group’s Service Home page.
  2. Click Security Group menu on the Service Home page. You will be taken to the Security Group List page.
  3. Select the Security Group resource created in 1-5. Create Security Group. You will be taken to the resource’s detail information page.
  4. Click Rules tab on the detail information page. You will be taken to the Rules tab.
  5. Click Add Rule button on the Rules tab. You will be taken to the Add Rule popup window.
  6. Enter the following rules in the Add Rule popup window and click Confirm button.
    DirectionRemoteDestination AddressProtocolPortDescription
    InboundCIDRUser PC IPTCP3389 (RDP)Bastion Access PC → Bastion host
    OutboundCIDRDB IPTCPDatabase Port (Direct Input)Bastion host → Database
    Table. Security Group Security Rules to Add

4-2. Add IGW Firewall Rules

For detailed creation methods, refer to Networking > Firewall > How-to guides guide.
  1. Click All Services > Networking > Firewall menu. You will be taken to Firewall’s Service Home page.
  2. Click Firewall menu on the Service Home page. You will be taken to the Firewall List page.
  3. Select the Internet Gateway Resource Name created in 1-3. Create Internet Gateway on the Firewall List page. You will be taken to the resource’s detail information page.
  4. Click Rules tab on the detail information page. You will be taken to the Rules tab.
  5. Click Add Rule button on the Rules tab. You will be taken to the Add Rule popup window.
  6. Enter the following rules in the Add Rule popup window and click Confirm button.
    Source AddressDestination AddressProtocolPortActionDirectionDescription
    Bastion Access PC IPBastion host IPTCP3389(RDP)AllowInboundUser PC → Bastion host
    Table. Internet Gateway Firewall Rules to Add

5. Access Database

This section explains the process of users accessing Database through a DB access client program.

This guide explains how to connect using MySQL Workbench. Since various Database client programs and CLI utilities are available, users can install and use the tool that suits them best.

5-1. Access Bastion Host

  1. Run Remote Desktop Connection in the Windows environment of the PC from which you want to access the Bastion host, enter the Bastion Host’s NAT IP, and click Connect button.
  2. When Remote Desktop Connection is successful, User Credential Input Window will open. Enter the ID and Password verified in 2-3. Verify Bastion Host Access ID and PW and click Confirm button.

5-2. Install DB Access Client Program (MySQL Workbench) Inside Bastion Host

  1. Go to the MySQL official page and download the MySQL Workbench program.
  2. Connect your PC’s hard drive to upload the file to the Bastion host.
  3. Click Details button in the local devices and resources item on the Local Resources tab of Remote Desktop Connection.
  4. Select the local disk of the location where the file was downloaded and click Confirm button.
  5. Copy the downloaded file and upload it to the Bastion Host, then click the MySQL Workbench installation file to install it.

5-3. Access Database Using DB Access Client Program (MySQL Workbench)

  1. Run MySQL Workbench and click Database > Manage connections. Manage Server Connection popup window will appear.
  2. Click New button at the bottom left of the Manage Server Connection popup window, enter the Database server information created in 3-1. Create MariaDB(DBaaS) Service, and click Test Connection button. Password popup window will appear.
    Required Input ItemInput Value
    Connection NameUser specified (ex. Service Name)
    Host nameDatabase Server IP
    PortDatabase Port
    UsernameDatabase Username
    Table.DB Access Client Program Input Items
  3. Enter the password set in 3-1. Create MariaDB(DBaaS) Service in the Password popup window and click OK button. When success is complete, click OK button in the Manage Server Connection popup window.
  4. Click Database > Connect to Database. Connect to Database popup window will appear.
  5. Select the Connection Name registered in Stored Connection to perform Database access. After connection, you can perform simple queries, etc.
Configuring Read Replica
Release Note