Network connectivity for heterogeneous SQL Server to AlloyDB for PostgreSQL migrations

Stay organized with collections Save and categorize content based on your preferences.

This page provides an overview of concepts associated with configuring network connectivity for heterogeneous SQL Server to AlloyDB for PostgreSQL migrations:

• Network components describes how the source and destination connectivity make up the end-to-end network configuration for migrations.

• The examples sections show different combinations for public and private source and destination connectivity:

  • Public IP source connectivity and private IP destination connectivity

  • Private IP source connectivity and public IP destination connectivity

  • Private IP source connectivity for a database hosted in Microsoft Azure or Amazon RDS and public IP destination connectivity

After you've considered the high-level relations between Google Cloud services involved in the migration process, you can proceed to learn more about source database connectivity methods and destination database connectivity methods.

Network components involved in the migration process

From a networking point of view, Database Migration Service and AlloyDB for PostgreSQL are service producers that reside in their own dedicated networks (known as service networks), outside the Virtual Private Cloud (VPC) networks that you use in your Google Cloud project. The goal of configuring network connectivity for a migration process with Database Migration Service is to ensure that Database Migration Service can reach your source SQL Server database server and the destination AlloyDB for PostgreSQL instance.

When you plan the network connectivity setup for your migration, it's important to carefully consider the infrastructure requirements, including what limitations your networking decisions might introduce to the end state of the migrated database instance. For example, if you want to connect to the destination database public IP, you need to enable public IP on the destination cluster.

There are multiple different methods you can use to establish the necessary network connections. Both source and destination connectivity can be established with the use of public or private IP addresses. You can combine any source and destination connectivity methods to best match your infrastructure requirements.

Example: public IP source connectivity and private IP destination connectivity

In this example, you have the following database instances:

• A self-hosted source SQL Server database server with a public IP address
• An AlloyDB for PostgreSQL destination cluster with a private IP address enabled for private services access

For the source database connectivity, you use the IP allowlist method to establish a connection over the public internet. You secure this connection with an SSL/TLS certificate.

For the destination database connectivity, you use Private Service Connect to establish a private connection over the Google Cloud network. This internal connection is automatically encrypted by Database Migration Service.

Example: private IP source connectivity and public IP destination connectivity

In this example, you have the following database instances:

• A Cloud SQL for SQL Server source instance with private IP enabled
• An AlloyDB for PostgreSQL destination cluster with a public IP address enabled

For the source database connectivity, you use the private connectivity with VPC peering method. You create a private connectivity configuration to establish the connection between Database Migration Service and the VPC network that can reach your source Cloud SQL for SQL Server instance. Since VPC peering isn't transitive, you also set up a reverse proxy VM to forward traffic from your source Cloud SQL for SQL Server that has a private IP enabled. All traffic travels through the Google Cloud network.

For the destination database connectivity, you use the public IP connectivity method to establish a connection over the public internet. Database Migration Service automatically secures this connection with SSL/TLS.

Example: private IP connectivity for source database hosted outside Google Cloud

In this example, you have the following components:

• A Microsoft Azure SQL Managed Instance or Amazon RDS SQL Server source instance and a VPN gateway
• A Cloud VPN instance in your Google Cloud VPC
• An AlloyDB for PostgreSQL destination cluster with a public IP address enabled

For the source database connectivity, you use a private connectivity configuration to establish a VPC peering connection between Database Migration Service and the VPC where you have your Cloud VPN instance. You use Cloud VPN in your source network to create an IPsec tunnel to your Microsoft Azure or Amazon Web Services cloud networks.

For the destination database connectivity, you use the public IP connectivity method to establish a connection over the public internet. Database Migration Service automatically secures this connection with SSL/TLS.

What's next

There are many different connectivity methods you can use. Each method can be further adjusted with proxy servers, ssh tunnels, and bastion VMs.

• Learn more about source database connectivity methods.
• Learn more about destination database connectivity methods.