tencent cloud

TencentDB for MySQL supports both private and public network addresses, with the former enabled by default for you to access your instance over the private network and the latter enabled or disabled as needed. To access your database instance from a Linux or Windows CVM instance over the public network, you can enable the public network address. You can also enable public network access through CLB, but you must configure security group rules in this case.

This document describes how to enable public network access through CLB and connect to an instance through MySQL Workbench.

Prerequisites

You have applied for using the backend service feature.

1. Go to the Cross-Region CLB Binding 2.0 Application page.
2. Fill out and submit the application.
3. Submit a ticket to add the allowed types for the account.

• If the CLB and TencentDB for MySQL instances are in the same VPC, add the CLB_IP_VPCGW and CLB_IP_LB types.
• If the CLB and TencentDB for MySQL instances are in different VPCs, add the CLB_IP_User type.

Step 1. Purchase a CLB instance

Note：

If you already have a CLB instance in the same region as TencentDB for MySQL, skip this step.

Go to the CLB purchase page, select the configuration, and click Buy Now.

Note：

• Region: You need to select the region where the TencentDB for MySQL instance is.
• Network: You can select the same VPC as the instance or a different VPC.

Step 2. Configure the CLB instance

The following describes how to configure the CLB instance in the same VPC as the database instance and in a different VPC respectively.

Scenario 1. Deploying the CLB instance in the same VPC as the TencentDB for MySQL instance

1. Enable cross-VPC access so that the CLB instance can be bound to another private IP.
   a. Log in to the CLB console, select the region, and click the target instance ID in the instance list to enter the instance management page.
   b. On the Basic Info page, click Configure in the Real Server section.
   c. In the pop-up window, click Submit.

2. Configure a public network listener port.
   a. Log in to the CLB console, select the region, and click the target instance ID in the instance list to enter the instance management page.
   b. On the instance management page, select the Listener Management tab and click Create below TCP/UDP/TCP SSL Listener.
   c. In the pop-up window, complete the settings and click Submit.

Scenario 2. Deploying the CLB instance in a different VPC as the TencentDB for MySQL instance

1. Enable cross-VPC access so that the CLB instance can be bound to another private IP.
   a. Log in to the CLB console, select the region, and click the target instance ID in the instance list to enter the instance management page.
   b. On the Basic Info page, click Configure in the Real Server section.
   c. In the pop-up window, click Submit.
   d. Click Add SNAT IP under Backend service.
   e. In the pop-up window, select a Subnet, click Add next to Assign IP, select Auto or manually enter the assigned IP, and click Save.
2. Configure a public network listener port.
   a. Log in to the CLB console, select the region, and click the target instance ID in the instance list to enter the instance management page.
   b. On the instance management page, select the Listener Management tab and click Create below TCP/UDP/TCP SSL Listener.
   c. In the pop-up window, complete the settings and click Submit.

Step 3. Bind a TencentDB for MySQL instance

1. After creating the listener, click it in Listener Management and click Bind on the right.
2. In the pop-up window, select Other Private IPs as the object type, enter the IP address and port of the TencentDB for MySQL instance, and click OK.

   Note：

   The login account must be a standard account (bill-by-IP). If binding fails, submit a ticket for assistance.

Step 4. Configure the TencentDB for MySQL security group

1. Log in to the TencentDB for MySQL console and select a region. In the instance list, click an instance ID or Manage in the Operation column to enter the instance management page.
2. On the instance management page, select the Security Group tab, click Configure Security Group, configure the security group rule to open all ports, and confirm that the security group allows access from public IPs. For more information on configuration, see TencentDB Security Group Management.
   

Step 5. Connect to the instance through the MySQL Workbench client

1. Download MySQL Workbench from MySQL Community Downloads and install it.
2. Go to the download page and click MySQL Workbench.
3. Click Download after Windows (x86, 64-bit), MSI Installer.
4. Click No thanks, just start my download.
5. After MySQL Workbench is installed, open it and click the plus sign after MySQL Connections to add the information of the target instance.
   
6. In the pop-up window, configure the following items and click OK.
   

   Parameter	Description
   Connection Name	Name the connection.
   Connection Method	Select **Standard (TCP/IP)**.
   Hostname	Enter the address of the CLB instance. You can view the VIP information in the basic information on the CLB instance details page.
   Port	Enter the port of the CLB instance. You can view the TCP port number in listener management on the CLB instance details page.
   Username	Enter the account name of the target MySQL instance, i.e., the account created in **Database Management** > **Account Management** on the instance management page.
   Store in Vault...	Enter the account password of the target MySQL instance in the **Password** field and save it.

7. Return to the MySQL Workbench homepage and click the just configured instance to connect to it.
   
8. The UI after successful connection is as follows: