Database Migration Service can connect to your destination cluster's public or private IP address. This page provides an overview of each available destination database connectivity method, as well as a recommendation section to help you choose the right solution for your migration:
Method comparison provides a comparison table for available destination connectivity methods.
Public IP connectivity describes destination connectivity over public internet.
Private IP connectivity explains how Database Migration Service uses Private Service Connect to connect to the private IP of your destination cluster.
After you familiarize yourself with different connectivity methods and their requirements, you can use the decision tree diagram to pick the right solution for your scenario.
Method comparison
Every destination connectivity method comes with different benefits and requirements. Use the following table to compare them at a glance, and then learn more details in the sections dedicated for each method.
| Networking method | Advantages | Disadvantages |
|---|---|---|
| Public IP |
|
|
| Private IP |
|
|
Public IP connectivity
When you use the public IP connectivity method, Database Migration Service attempts to establish a connection to the public IP address of your destination AlloyDB for PostgreSQL instance. This connection is encrypted and secured by Database Migration Service.
Requirements for public IP connectivity
To use this connectivity method you need to ensure that your destination AlloyDB for PostgreSQL instance has a public IP address enabled. For more information, see Configure public IP in the AlloyDB for PostgreSQL documentation.
Configure IP allowlist connectivity
Configuring public IP connectivity is covered in Configure public IP connectivity.
Private IP connectivity
Database Migration Service uses Private Service Connect to connect to your destination AlloyDB for PostgreSQL instance using a private IP address. With Private Service Connect, you can expose your destination database to incoming secure connections, and control who can access the database. This connection is encrypted by Database Migration Service.
Network architecture setup for Private Service Connect differs depending on whether you use a PSC-enabled or a non-PSC-enabled destination AlloyDB for PostgreSQL instance.
For PSC-enabled AlloyDB for PostgreSQL clusters
The easiest way to use private IP connectivity for destination AlloyDB for PostgreSQL instances is to create a PSC-enabled AlloyDB for PostgreSQL instance.
Requirements for PSC-enabled clusters
To use PSC-enabled AlloyDB for PostgreSQL clusters, you need to create the destination instance with PSC enabled. The following limitations apply:
-
Functionality limitations
PSC-enabled AlloyDB for PostgreSQL clusters come with certain functionality limitations. Make sure such configurations meet your requirements. See Private Service Connect limitations in AlloyDB for PostgreSQL documentation.
Creation limitations
You can create PSC-enabled AlloyDB for PostgreSQL clusters only with
gcloudor the AlloyDB for PostgreSQL API.
Configure private connectivity for PSC-enabled clusters
Configuring private IP connectivity is covered in Configure private IP connectivity for PSC-enabled clusters.
For non-PSC-enabled clusters
You can use private IP connectivity even if you can't use a PSC-enabled AlloyDB for PostgreSQL instance as your destination database. The configuration is more complex, as it requires an additional bastion virtual machine (VM) in your network to forward traffic between Database Migration Service and your destination's private IP.
Requirements for non-PSC-enabled clusters
Private IP connectivity for non-PSC-enabled AlloyDB for PostgreSQL clusters requires the following:
You need to have a Virtual Private Cloud network with private services access enabled.
This is the network that you peer with your AlloyDB for PostgreSQL destination cluster.
Your destination AlloyDB for PostgreSQL must have private IP enabled.
Additionally, you need to be able to create the following network components in your project:
A service attachment: A network resource that exposes destination AlloyDB for PostgreSQL private IP to other services in a Google Cloud VPC network. The Google Cloud project where you create the service attachment is the service producer. The service consumer is Database Migration Service.
PSC forwarding rules: A rule that routes the incoming traffic from the service attachment to the dedicated bastion VM.
A bastion VM: A Compute Engine VM with two network interface controllers (NICs). One is attached to the dedicated service attachment network; the other, to the network where AlloyDB for PostgreSQL is peered. The bastion VM runs a Dante SOCKS server to forward the connections.
Configure private connectivity for non-PSC-enabled clusters
Configuring private IP connectivity is covered in Configure private IP connectivity for non-PSC enabled instances.
Destination network connectivity decision tree
When you are familiar with all supported destination connectivity methods and their requirements, you can follow the questions in the diagram to help you pick the right connectivity method for your scenario.
What's next
Learn about source database connectivity. See Networking methods for source database connectivity.
To get a complete, step-by-step migration walkthrough, see Oracle to AlloyDB for PostgreSQL migration guide.