You can create a connection profile on its own or in the context of creating a specific migration job. Either way, all connection profiles are available for review and modification on the Connection profiles page, and can be reused across migration jobs.
Creating a source connection profile on its own is useful if the person who has the source access information is not the same person who creates the migration job. You can also reuse a source connection profile definition in multiple migration jobs.
To create a source connection profile, follow these steps:
- Go to the Connection profiles page in the Google Cloud Console.
- Click CREATE PROFILE.
- On the Create a connection profile page, provide the following information required to connect to your source:
- From the Profile role list, select Source.
From the Database engine list, select your source database engine.
- Enter a Connection profile name. This is used in the connection profile list as well as when an existing connection profile is selected in the creation of a migration job.
- Keep the auto-generated Connection profile ID.
Enter a Hostname or IP address.
If the source database is hosted in Google Cloud or if a reverse SSH tunnel is used to connect the destination database to the source database, then specify the private (internal) IP address for the source database. This address will be accessible by the AlloyDB destination. For more information, see Configure connectivity using VPC peering.
- Enter the Port that's used to access the host. The default PostgreSQL port is 5432.
- Enter a username and password for the source database. The user must have these privileges.
In the Connection profile region section of the page, select the region where you want to save the connection profile.
Optional: If the connection is made over an unsecure network, then we recommend using SSL/TLS encryption for the connection between the source and destination databases.
There are three options for the SSL/TLS configuration that you can select from the Secure your connection section of the page:
- None: The AlloyDB destination instance connects to the source database without encryption.
Server-only authentication: When the AlloyDB destination instance connects to the source database, the instance authenticates the source, ensuring that the instance is connecting to the correct host securely. This prevents person-in-the-middle attacks. For server-only authentication, the source doesn't authenticate the instance.
To use server-only authentication, you must provide the x509 PEM-encoded certificate of the certificate authority (CA) that signed the external server's certificate.
Server-client authentication: When the destination instance connects to the source, the instance authenticates the source and the source authenticates the instance.
Server-client authentication provides the strongest security. However, if you don't want to provide the client certificate and private key when you create the AlloyDB destination instance, you can still use server-only authentication.
To use server-client authentication, you must provide the following items when you create the source connection profile:
- The certificate of the CA that signed the source database server's certificate (the CA certificate).
- The certificate used by the instance to authenticate against the source database server (the client certificate).
- The private key associated with the client certificate (the client key).
- Click CREATE at the bottom of the page. The Connection profiles page appears, and the newly created connection profile is displayed.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-19 UTC.