Configure connectivity using a TCP proxy through a cloud-hosted VM
Stay organized with collections
Save and categorize content based on your preferences.
MySQL | PostgreSQL | PostgreSQL to AlloyDB
Overview
In certain migration scenarios
it might not be possible to establish direct connectivity between the source and
the destination databases. In such cases we recommend using a TCP proxy VM for
routing traffic. You can set up a TCP proxy VM with an automated script
generated by Database Migration Service.
When you create a migration job, Database Migration Service collects the required information
and generates a script that sets up the proxy VM. This script runs
several Google Cloud CLI commands that perform the following:
Creates and configures a Compute Engine instance in the same project
and VPC as the destination database.
This VM runs a transparent TCP proxy that by default has private and public
IPs. The proxy starts serving incoming connections immediately after booting.
Creates a firewall rule to allow connections from the AlloyDB for PostgreSQL
destination database to the proxy.
From the Connectivity method drop-down menu, select Proxy via cloud-hosted VM - TCP.
Specify the following configuration parameters of the Compute Engine instance that will serve as the bastion host:
Compute Engine VM instance name: The name for the Compute Engine instance.
Machine type: The Compute Engine machine type, for example n1-standard-n1.
Subnetwork: The subnet of the destination VPC.
Click View script to view the generated script.
Run the script on a machine that has access to the Google Cloud project of the destination database.
Make sure that the following settings are updated to accept connections from
the outgoing IP address of the TCP proxy:
The replication connections section of the pg_hba.conf file (for a self-managed source instance).
The security group definitions (for an Amazon RDS/Aurora source instance).
Click Configure & continue.
If your source is within a VPN (in AWS, for example, or your own on-premises VPN), see Configure connectivity using VPNs for more information about configuring the source VPN and Google Cloud VPN to work with each other.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-21 UTC."],[[["In migration scenarios where direct connectivity between source and destination databases is not possible, a TCP proxy VM is recommended for routing traffic."],["Database Migration Service can generate a script to automate the setup of a Compute Engine VM instance, which acts as a transparent TCP proxy, within the same project and VPC as the destination database."],["When setting up connectivity, users can select \"Proxy via cloud-hosted VM - TCP\" and specify the Compute Engine VM's configuration, such as name, machine type, and subnetwork."],["By default, the proxy VM is assigned both private and public IP addresses, but users can configure it with only a private IP by enabling Private Google Access and modifying the generated script."],["After setting up the proxy, it's essential to update security settings, such as `pg_hba.conf` or security groups, to accept connections from the TCP proxy's outgoing IP address, and test the connection before creating the migration job."]]],[]]
