The page has been translated by Gen AI.

Connecting to DB Server

Scenario Overview

The PostgreSQL(DBaaS) Server Connection scenario involves creating a Bastion host(Virtual Server) and Database service, and accessing the DB service through the Bastion host. To stably access PostgreSQL(DBaaS) in the Samsung Cloud Platform environment, you need to create a Bastion host and configure network connections using it. To maintain stable and high security levels, it is recommended to configure the Database service in a Private Subnet environment and the Bastion host in a restricted Public Subnet environment.

This scenario explains the process of creating a Bastion host and Database service, configuring the network environment for Bastion host and Database access, and connecting through a DB connection client.

Architecture
Figure. PostgreSQL(DBaaS) Server Connection Architecture

Scenario Components

You can configure this scenario using the following services.

Service Group
Service
Detailed Description
NetworkingVPCService that provides independent virtual networks in cloud environments
NetworkingVPC > SubnetService that subdivides networks according to user needs/scale within VPC
NetworkingVPC > Public IPService that reserves public IPs and assigns/releases them to Compute resources
NetworkingVPC > Internet GatewayService that connects VPC resources to the internet
NetworkingSecurity GroupVirtual firewall that controls server traffic
DatabasePostgreSQL(DBaaS)Service that easily creates and manages EPAS in a web environment
ComputeVirtual ServerVirtual server optimized for cloud computing
ComputeVirtual Server > KeypairEncrypted file used to connect to Virtual Server
Table. List of Scenario Components
Note
  • The default policy of Security Group is Deny All, so you must register only allowed IPs.
  • The All Open(Any IP, Any Port) policy for In/Outbound can expose cloud resources directly to external threats.
    • Setting policies with specific IPs and Ports can enhance security.

Scenario Configuration Method

Create the necessary services to configure the scenario through the following procedure.

1. Configuring Network

This explains the process of configuring the network environment for accessing Bastion Host and Database service.

1-1. Creating VPC

For detailed creation method, please refer to the Networking > VPC > How-to guides guide.
  1. Click the All Services > Networking > VPC menu. You will move to the VPC’s Service Home page.
  2. On the Service Home page, click the Create VPC button. You will move to the Create VPC page.
  3. On the Create VPC page, enter the necessary information for service creation.
    • Enter the IP range as 192.168.x.0/16.
  4. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the VPC List page.

1-2. Creating Subnet

For detailed creation method, please refer to the Networking > VPC > How-to guides > Subnet guide.
  1. Click the All Services > Networking > VPC menu. You will move to the VPC’s Service Home page.
  2. On the Service Home page, click the Subnet menu. You will move to the Subnet List page.
  3. Click the Create Subnet button. You will move to the Create Subnet page.
  4. On the Create Subnet page, enter the necessary information for service creation.
    • Select General as the Subnet type.
    • Select the previously created VPC.
    • Enter the IP range as 192.168.x.0/24.
  5. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the Subnet List page.

1-3. Creating Internet Gateway

For detailed creation method, please refer to the Networking > VPC > How-to guides > Internet Gateway guide.
  1. Click the All Services > Networking > VPC menu. You will move to the VPC’s Service Home page.
  2. On the Service Home page, click the Internet Gateway menu. You will move to the Internet Gateway List page.
  3. Click the Create Internet Gateway button. You will move to the Create Internet Gateway page.
  4. On the Create Internet Gateway page, enter the required information for service creation.
    • Select the previously created VPC.
    • Select Use for the Firewall usage item.
  5. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the Internet Gateway List page.

1-4. Creating Public IP

For detailed creation method, please refer to the Networking > VPC > How-to guides > Public IP guide.
  1. Click the All Services > Networking > VPC menu. You will move to the VPC’s Service Home page.
  2. On the Service Home page, click the Public IP menu. You will move to the Public IP List page.
  3. Click the Reserve Public IP button. You will move to the Reserve Public IP page.
  4. On the Reserve Public IP page, enter the required information for service reservation.
  5. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the Public IP List page.

1-5. Creating Security Group

For detailed creation method, please refer to the Networking > Security Group > How-to guides guide.
  1. Click the All Services > Networking > Security Group menu. You will move to the Security Group’s Service Home page.
  2. On the Service Home page, click the Create Security Group button. You will move to the Create Security Group page.
  3. On the Create Security Group page, enter the required information for service creation.
  4. Check the entered information and click the Complete button.
    • When creation is complete, check the created resource on the Security Group List page.

2. Creating Bastion Host

This explains the process of configuring the Bastion Host where the DB connection client should be installed.

2-1. Creating Server Keypair

For detailed creation method, please refer to the Compute > Virtual Server > How-to guides > Keypair guide.
  1. Click the All Services > Compute > Virtual Server menu. You will move to the Virtual Server’s Service Home page.
  2. On the Service Home page, click the Keypair menu. You will move to the Keypair List page.
  3. Click the Create Keypair button. You will move to the Create Keypair page.
  4. On the Create Keypair page, enter the required information for service creation.
  5. Check the creation information and click the Complete button.
    • Key download is only possible on the first attempt, and re-issuance is not provided.
    • Please store the downloaded key in a safe place.

2-2. Creating Bastion Host

For detailed creation method, please refer to the Compute > Virtual Server > How-to guides guide.
  1. Click the All Services > Compute > Virtual Server menu. You will move to the Virtual Server’s Service Home page.
  2. On the Service Home page, click the Create Virtual Server button. You will move to the Create Virtual Server page.
  3. On the Create Virtual Server page, enter the required information for service creation.
  4. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the Virtual Server List page.

2-3. Checking Bastion Host Connection ID and Password

  1. Click the All Services > Compute > Virtual Server menu. You will move to the Virtual Server’s Service Home page.
  2. On the Service Home page, click the Virtual Server menu. You will move to the Virtual Server List page.
  3. On the Virtual Server List page, click the resource created in 2-2. Creating Bastion Host. You will move to the detailed information page of that resource.
  4. On the detailed information page, click the RDP password lookup button in the Keypair name item. The RDP password lookup popup window will open.
  5. In the RDP password lookup popup window, attach the keypair file downloaded in 2-1. Creating Server Keypair.
  6. After attaching, click the Password check button. The ID and Password for accessing that resource will be displayed.

3. Creating Database

This explains the process of creating the Database service.

3-1. Creating PostgreSQL(DBaaS) Service

For detailed creation method, please refer to the Database > PostgreSQL(DBaaS) > How-to guides guide.
  1. Click the All Services > Database > PostgreSQL(DBaaS) menu. You will move to the PostgreSQL(DBaaS)’s Service Home page.
  2. On the Service Home page, click the Create PostgreSQL(DBaaS) button. You will move to the Create PostgreSQL(DBaaS) page.
  3. On the Create PostgreSQL(DBaaS) page, enter the required information for service creation.
    • Select and connect the previously created VPC and Subnet.
    • Enter Database-related creation information in the required information input screen.
    • Add the Bastion host IP in the IP access control item.
    • The Database Port defaults to 2866, but users can specify it.
  4. On the Summary panel, check the detailed creation information and estimated billing amount, then click the Complete button.
    • When creation is complete, check the created resource on the PostgreSQL(DBaaS) List page.

4. Setting Rules

This explains the process of setting rules for users to access the Bastion host and for the Bastion host to access the Database.

4-1. Adding Security Group Security Rules

For detailed creation method, please refer to the Networking > Security Group > How-to guides guide.
  1. Click the All Services > Networking > Security Group menu. You will move to the Security Group’s Service Home page.
  2. On the Service Home page, click the Security Group menu. You will move to the Security Group List page.
  3. Select the Security Group resource created in [1-5. Creating Security Group]. You will move to the detailed information page of that resource.
  4. On the detailed information page, click the Rules tab. You will move to the Rules tab.
  5. On the Rules tab, click the Add Rule button. You will move to the Add Rule popup window.
  6. In the Add Rule popup window, enter the following rules and click the Confirm button.
    DirectionRemoteDestination AddressProtocolPortDescription
    InboundCIDRUser PC IPTCP3389 (RDP)Bastion connection PC → Bastion host
    OutboundCIDRDB IPTCPDatabase Port (Direct Input)Bastion host → Database
    Table. Security Group Security Rules to be Added

4-2. Adding IGW Firewall Rules

For detailed creation method, please refer to the Networking > Firewall > How-to guides guide.
  1. Click the All Services > Networking > Firewall menu. You will move to the Firewall’s Service Home page.
  2. On the Service Home page, click the Firewall menu. You will move to the Firewall List page.
  3. On the Firewall List page, select the Internet Gateway resource name created in 1-3. Creating Internet Gateway. You will move to the detailed information page of that resource.
  4. On the detailed information page, click the Rules tab. You will move to the Rules tab.
  5. On the Rules tab, click the Add Rule button. You will move to the Add Rule popup window.
  6. In the Add Rule popup window, enter the following rules and click the Confirm button.
    Source AddressDestination AddressProtocolPortActionDirectionDescription
    Bastion connection PC IPBastion host IPTCP3389(RDP)AllowInboundUser PC → Bastion host
    Table. Internet Gateway Firewall Rules to be Added

5. Connecting to Database

This explains the process of connecting to the Database through a DB connection client program.

This guide explains how to connect using pgAdmin. There are various Database client programs and CLI utilities, so users can install and use the appropriate tool.

5-1. Connecting to Bastion Host

  1. Run Remote Desktop Connection in the Windows environment of the PC that wants to connect to the Bastion host, enter the NAT IP of the Bastion Host, and click the Connect button.
  2. When Remote Desktop Connection succeeds, the User credential input window will open. Enter the ID and Password confirmed in 2-3. Checking Bastion Host Connection ID and Password and click the Confirm button.

5-2. Installing DB Connection Client Program (pgAdmin) on Bastion Host

  1. Go to the pgAdmin official page and download the pgAdmin program.
  2. Connect the user PC’s hard drive to upload the file to the Bastion host.
  3. On the Local Resources tab of Remote Desktop Connection, click the More button in the local devices and resources item.
  4. Select the local disk of the location where the file was downloaded and click the Confirm button.
  5. Copy the downloaded file to upload it to the Bastion Host, then click the pgAdmin installation file to install it.

5-3. Connecting to Database Using DB Connection Client Program (pgAdmin)

  1. Run pgAdmin and click the Add New Server button.
  2. In the Register - Server popup window, enter the Database server information created in 3-1. Creating PostgreSQL(DBaaS) Service in the General tab and Connection tab, then click the Save button.
    Screen(Tab)Required Input ItemInput Value
    GeneralNameUser-defined (ex. service name)
    ConnectionHost name/addressDatabase server IP
    ConnectionPortDatabase Port
    ConnectionMaintenance databaseDatabase name
    ConnectionPasswordDatabase password
    Table. DB Connection Client Program Input Items
  3. Click the database name created in pgAdmin to perform the connection.
    • After connection, you can perform simple queries, etc.
Configuring Read Replica
Using Extensions