Overview

The Overview tab displays the necessary connection information for your database service to connect to the client applications.

Connection details

• Host - Displays the name assigned to your database service at the time of provisioning and the domain name. The format of the host name is <DNS name>.<Domain name>, where DNS name is the service name assigned by you and of the format <service name>-<suffix>, Tessell generates the suffix. Domain name is the name generated for you by Tessell.

  Note: Tessell also supports DNS names without the suffix and host name can be of format <servicename>.<Domain name>. To enable this feature, contact Tessell support.

  To modify the DNS name, click the edit button located to the right of the hostname. You can also select the copy button next to the edit button to copy your hostname.

  Host name editing is only supported for single-instance services. For HA services, Tessell platform ensures that this host name DNS always points to the primary instance in the database service. During failover/switchovers, the platform manages the DNS to point to the right IP. Therefore, it is important that all the applications and clients use this host name in their connection strings.

• Connect to - Displays that the connections are made to the Database.

• Database - Displays the database name to which you can connect using the service URL. Copy the database name using the copy button at the right-side of the database name.

• Username - Displays the username through which you can connect to the database using the service URL. Copy the username using the copy button at the right-side of the username. The Tessell control plane provides one username by default (chosen during migration). If there are other schema users created in the database during migration, customers can continue using them for connection. Tessell does not manage such users.

• Password - Set the password for the username using this field. It also provides you the option to reset the password in case you have forgotten your password. Specify the new password in this field and click the Reset button at the right side of the password field to change the password. By default the password is encrypted. To view the password click the eye icon at the right-side.

  Note:

  • The password must be at least 9 characters long and can include alphanumeric characters and the following special characters: !, #, $, %, ^, &, *.

  • For the CDB/PDB case, this username and password represents the CDB user, not the PDB. Tessell currently does not have the functionality to reset PDB master password. To reset the PDB master user password, please raise a support ticket.

• Port - Displays the port number for your database engine. Copy the port number using the copy button at the right-side of the number.

• Service URL - Displays the complete URL of your database service. Using this service URL connect your database service from the terminal. Copy the URL using the copy button at the right-side. Each database service can have one or more than one instance. Each instance, database, and connection poolers are assigned different service URLs.

CA certificate - Displays that the connections to the database are secure through a CA certificate. You can view, download or copy the certificate.

This is available for database services provisioned with SSL option enabled.

For more information on SSL connections, see Database connections using SSL.

VM access - You can request VM access for your service through this option. After the request is approved, the access to your VM is enabled.

This access is enabled through a bastion host which customers need to deploy either in the same network as the database service or in a network which has access to the database subnet.

1. To request VM access, click Request.

   Request VM access window pops up.

2. Select the desired instances to grant access.

   Following options are displayed:

   1. All computes at service level

      Access details for the service's controller node is included with all computes.

   2. Default primary node

3. Choose a duration in hours from the dropdown list under SPECIFY DETAILS.

4. Specify the reason for access.

5. Specify the allowed IP addresses to connect to your VM.

   Only private IP addresses are allowed. This is the IP of the bastion host as described previously.

6. Click Request.

7. After the request is approved, click Connect and download the access key.

8. Use the access key and the instructions provided in the downloaded folder to access your VM.

Refresh History - This is displayed only for cloned services. Displays the last refreshed date and time for a cloned service.

Publicly accessible - By default, it is disabled. The possible values are Yes or No. Public access cannot be enabled if the VPC/VNet is configured for private access only.

1. Select the edit button at the right-side to change the public access permissions.

   After you disable the public access, only the added list of client IP addresses connection requests are accepted.

2. Select the Update button to apply the changes.

Allowed IP addresses - This option lists the client IP addresses from which connection requests are accepted. This provides access only for the database port.

To add or remove a client IP address:

1. Select the edit button at the right-side.

   The Update Connectivity window appears, enabling you to add or remove client IP addresses. It also identifies the current client IP address.

2. Click + Add current client IP <address>, where address is the current client IP.

3. After editing the list, select the Update button at the bottom of the window to apply the changes.

4. You can also whitelist CIDR blocks using this option.

AWS private link - It provides an AWS private link to connect to your database service. Use this private link to connect to the primary instance of the service. In HA instances, it automatically routes to the acting primary instance within the cluster during switchover.

1. Select edit button at the right-side to add, remove, or update the AWS private link. The Private Link window appears, allowing you to create the private link.

   1. Specify allowed AWS principals for endpoint connections:

      Specify the Amazon Resource Name (ARN)s of AWS principals that are allowed to create an Interface endpoint or Gateway load balancer endpoint to connect to your service. This is because your endpoint service is not available to service consumers by default.

      Accepted ARN formats:

      • AWS account (includes all principals within the subscription):

        arn:aws:iam::aws-account-id:root

        For example, account id can be 123456789012 (a 12 digit numeric identifier).

      • Specific IAM user:

        arn:aws:iam::aws-account-id:user/user-name

        For example, the user-name can be ‘Bob’.

      • Specific IAM role:

        arn:aws:iam::aws-account-id:role/role-name

        For example, the role name can be ‘EC2BackupRole’.

2. Click the Create button to apply the changes.

   The status of AWS Private Link changes to ‘Updating’.

3. Wait for the service endpoint to appear. Make a note of this service endpoint.

4. Create an interface endpoint using the AWS console to connect to your service securely by performing the following step:

   1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

   2. Log into the AWS account where you want to run your client service.

   3. In the navigation pane, choose Endpoints.

   4. Choose Create endpoint.

   5. From the Service category options, choose Other endpoint services.

   6. In the Service name field, specify the name of the service endpoint that you noted in step 3 above. For example, specify com.amazonaws.vpce.us-east-1.vpce-svc-0e123abc123198abc.

   7. Click Verify service.

   8. In the VPC field, select the VPC where your client machine resides and where you want to create the endpoint.

   9. For Subnets, select the subnets from which you access the service. It is recommended that you select all subnets.

   10. Select IPv4 for IP address type.

   11. Click Save. It may take a couple of minutes for the endpoint service to become available.

5. Let us connect to the database service from the VM for which we have configured the AWS PrivateLink.

   1. In the AWS console, after the status of the interface endpoint service changes to ‘Available’, go to the VPC Details tab.

   2. From the DNS names section, make a note of the DNS name that does not have any region name in it. This DNS name typically appears on the top of the list.

   3. Use SSH to connect to your database service using the DNS name.

Note: For Azure, private link creation is a planned feature.

Tags - Displays a key and value pair tags assigned for your database service. Database service is assigned a unique tag at the time of provisioning. Editing of tags post provisioning is not propagated to cloud resources. This is a planned feature for Tessell.