This topic provides a step-by-step guide on connecting to an OceanBase Cloud database using Azure Private Link.
Prerequisites
- You have an active Azure account and an Azure subscription. You have completed the subscription to the OceanBase Cloud offering from Azure Marketplace, and ensure that a valid virtual network and subnet are available under your Azure subscription.
- You have an active OceanBase Cloud account, and have created an instance and a tenant. For more information, refer to Create an instance and Create a tenant.
- Make sure your client IP address has been added to the allowlist of your tenant. For detailed instructions, refer to Set allowlist groups.
Procedure
Step 1: Contact OceanBase technical support to create the Private Link Service
Provide your OceanBase Cloud instance ID to OceanBase technical support.
OceanBase technical support creates the Private Link Service in the OceanBase backend system. This process takes about 1-2 hours.
OceanBase technical support returns the alias of the Private Link Service, for example,
pls-test-001.aaaaaaaa-bbbb-cccc-dddd-eeeeeeee.centralus.azure.privatelinkservice.This alias of the Private Link Service will be used in the subsequent creation of a private endpoint.
Step 2: Create a private endpoint on the Azure console
Create a private endpoint on the Azure console. This process takes about 10 minutes.
Log in to the Azure console.
Access Network foundation > Private Link > Private endpoints.
Click Create.
On the Create a private endpoint page, configure the following parameters:
Basic
Parameter Description Subscription Select the subscription. Resource group Select the resource group. Name Enter the name of the private endpoint. Network Interface Name Automatically generated based on the name. Region Select the region. 
Resource
Parameter Description Connection method Select Connect to an Azure resource by resource ID or alias. Resource ID or alias Enter the alias returned from OceanBase technical support in Step 1. 
Virtual Network
Parameter Description Virtual network Select the virtual network to connect with. Subnet Select the subnet of the target virtual network. 
DNS
Azure private endpoint does not support DNS integration in current mode.
Tags
Configure tags as needed.
Click Create on the review page.
Wait on the private endpoint details page until the status turns to Ok. Click the resource name to go to the resource details page.
Click the network interface to go to the network card details page.
Check the IP address, which can access the OceanBase Cloud database instance.
Step 3: Approve the private endpoint connection in the OceanBase backend system
After the private endpoint is created, contact OceanBase technical support again to provide the following information:
- Your Azure subscription name
- Private endpoint ID (for example,
/subscriptions/your_subscription_id/resourcegroups/your_resurce_group/providers/microsoft.network/privateendpoints/your_endpoint_name) - Private endpoint IPv4 address
- Virtual network ID (for example,
/subscriptions/your_subscription_id/resourceGroups/your_resurce_group/providers/Microsoft.Network/virtualNetworks/your_vpc_name)
Then, OceanBase technical support approves the private connection in the OceanBase backend system, and you can see on the Azure console that the connection status is now Approved.
Step 4: Test the connection with the database
After the Private Link is configured, you can use OBClient to test the connection with the database.
Verify access to the database through the following command:
obclient -h<host> -P<port> -u<username>@<tenantId> -p
The parameters are specified as follows:
- host: The IP address of the private endpoint.
- port: The access port of the database, which is 1521 by default.
- username: The database user account for connection.
- tenantId: The tenant ID. You can check and copy it from the tenant list and the tenant details page.
For example:
obclient -h10.0.0.5 -P1521 -utest@t70zh******** -p