跨地域VPC服务共享
<p class="shortdesc">本文介绍如何通过私有连接服务实现跨地域VPC服务共享。</p>
<section class="section" id="example__section_hb5_m2f_fsb"><h2 class="doc-tairway">场景描述</h2>
<p class="p">如下图所示,租户2在华南地域A的VPC中提供相应的DB服务(IP地址为10.0.0.2,服务端口为3306),现需要将该DB服务共享给租户1在华南地域A的VPC2的客户端ECS2(IP地址为192.168.1.10)和华东地域B
VPC1里面的客户端ECS1(IP地址为172.16.2.2)访问。</p>
<img class="image" id="example__image_dm4_vwl_fsb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220807191049-1960e2a19bd8.png" width="830">
</section>
<section class="section" id="example__section_a2q_42f_fsb"><h2 class="doc-tairway">步骤一:服务提供方创建Endpoint服务</h2>
<ol class="ol" id="example__ol_p11_fyj_fsb">
<li class="li">租户2登录<a class="xref" href="/console/endpoint/node/list" target="_blank" rel="external noopener">私有连接服务控制台</a>。</li>
<li class="li">单击左侧导航栏<span class="ph uicontrol">Endpoint服务</span>。</li>
<li class="li">在<span class="ph uicontrol">Endpoint服务</span>列表页面,单击页面右上角<span class="ph uicontrol">创建</span>。</li>
<li class="li">在<span class="ph uicontrol">创建Endpoint服务</span>页面,根据如下信息创建Endpoint服务。<img class="image" id="example__image_p4y_wwl_fsb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220807191049-169e5f009ab8.png" width="830"><table class="table frame-all" id="example__table_wkl_pzj_fsb"><caption></caption><colgroup><col style="width:50%"><col style="width:50%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry" id="example__table_wkl_pzj_fsb__entry__1">配置项</th>
<th class="entry" id="example__table_wkl_pzj_fsb__entry__2">说明</th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">地域</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">选择Endpoint服务所在的地域。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">可用区</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">选择Endpoint服务所在的可用区。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">名称</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">输入Endpoint服务的名称。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">连接审批</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">开启连接审批后,服务提供方对用户创建的Endpoint节点进行审批同意后,用户方可正常访问该Endpoint服务。若不开启连接审批,则默认接受用户创建的Endpoint节点连接请求。此场景开启连接审批功能。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">VPC</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">选择Endpoint服务后端关联的真实服务所属的VPC。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">后端资源类型</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<p class="p">选择Endpoint服务后端关联的真实服务的资源类型,此场景选择弹性云主机ECS。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__1 ">
<p class="p">端口映射</p>
</td>
<td class="entry" headers="example__table_wkl_pzj_fsb__entry__2 ">
<ul class="ul" id="example__ul_atr_k1k_fsb">
<li class="li">协议:选择服务连接的协议类型。此场景选择TCP。</li>
<li class="li">服务端口:输入真实服务的端口号3306</li>
<li class="li"> Endpoint端口:输入用户访问的端口号6603。</li>
</ul>
</td>
</tr>
</tbody></table></li>
<li class="li">单击<span class="ph uicontrol">确认</span>。</li>
</ol>
</section>
<section class="section" id="example__section_imh_p2f_fsb"><h2 class="doc-tairway">步骤二:服务提供方为服务使用方授权</h2>
<ol class="ol" id="example__ol_myc_41k_fsb">
<li class="li">租户2登录<a class="xref" href="/console/endpoint/node/list" target="_blank" rel="external noopener">私有连接服务控制台</a>。</li>
<li class="li">单击左侧导航栏<span class="ph uicontrol">Endpoint服务</span>。</li>
<li class="li">在Endpoint服务列表页面,单击步骤一创建的Endpoint服务的实例名。</li>
<li class="li">在<span class="ph uicontrol">Endpoint服务详情</span>页面,单击<strong class="ph b">授权管理</strong>页签。</li>
<li class="li">在Endpoint服务<span class="ph uicontrol">授权管理</span>页签,单击页签右上角的<span class="ph uicontrol">添加授权账号</span>。</li>
<li class="li"><span class="ph">在<span class="ph uicontrol">添加授权账号</span>页面,填写租户1的账号信息和描述信息。</span><img class="image" id="example__image_sdk_ywl_fsb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220807191049-17e6f11b96fa.png" width="630"></li>
<li class="li">单击<span class="ph uicontrol">确认</span>。</li>
</ol>
</section>
<section class="section" id="example__section_exm_q2f_fsb"><h2 class="doc-tairway">步骤三:服务使用方创建Endpoint节点</h2>
<ol class="ol" id="example__ol_ahc_z1k_fsb">
<li class="li">租户1登录<a class="xref" href="/console/endpoint/node/list" target="_blank" rel="external noopener">私有连接服务控制台</a>。</li>
<li class="li">单击左侧导航栏<span class="ph uicontrol">Endpoint节点</span>。</li>
<li class="li">在Endpoint节点列表页面,单击页面右上角<span class="ph uicontrol">创建</span>。</li>
<li class="li">在<span class="ph uicontrol">创建Endpoint节点</span>页面,根据已被授权的Endpoint服务信息创建Endpoint节点。<img class="image" id="example__image_ktp_zwl_fsb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220807191049-1a13808d93ae.png" width="830"><table class="table frame-all" id="example__table_thz_2bk_fsb"><caption></caption><colgroup><col style="width:50%"><col style="width:50%"></colgroup><thead class="thead">
<tr class="row">
<th class="entry" id="example__table_thz_2bk_fsb__entry__1">配置项</th>
<th class="entry" id="example__table_thz_2bk_fsb__entry__2">说明</th>
</tr>
</thead><tbody class="tbody">
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">地域</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">选择Endpoint服务所在的地域。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">可用区</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">选择Endpoint服务所在的可用区。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">名称</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">输入Endpoint节点的名称。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">访问服务类型</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">默认为Endpoint服务,用户不可编辑。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">Endpoint服务名称</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">下拉选择同地域同可用区下面已经被授权的Endpoint服务。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">Endpoint端口</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">由Endpoint服务端确定,根据服务名自动带出,不可编辑。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">VPC</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">选择Endpoint节点所属的VPC。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">子网</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">选择在Endpoint节点所属的子网。子网下面会显示该子网对应可用IP地址数量,如果为0则无法创建Endpoint节点,需要重新选择。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">访问控制</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">开启访问控制功能。</p>
</td>
</tr>
<tr class="row">
<td class="entry" headers="example__table_thz_2bk_fsb__entry__1 ">
<p class="p">白名单</p>
</td>
<td class="entry" headers="example__table_thz_2bk_fsb__entry__2 ">
<p class="p">输入ECS1与ECS2的IP地址。</p>
</td>
</tr>
</tbody></table></li>
<li class="li">单击<span class="ph uicontrol">确认</span>。</li>
<li class="li">因服务端已经开启了连接审批,则Endpoint节点状态会显示为<span class="ph">待确认</span>,待服务提供方审批完成后才能完成节点创建。</li>
</ol>
</section>
<section class="section" id="example__section_h1l_r2f_fsb"><h2 class="doc-tairway">步骤四:连接审批</h2>
<ol class="ol" id="example__ol_dgl_vbk_fsb">
<li class="li">租户2登录<a class="xref" href="/console/endpoint/node/list" target="_blank" rel="external noopener">私有连接服务控制台</a>。</li>
<li class="li">单击左侧导航栏<span class="ph uicontrol">Endpoint服务</span>。</li>
<li class="li">在Endpoint服务列表页面,单击页面对应的Endpoint服务名。</li>
<li class="li">在<span class="ph uicontrol">Endpoint服务详情</span>页面,单击<span class="ph uicontrol">连接管理</span>页签。</li>
<li class="li">单击对应的Endpoint连接<strong class="ph b">操作</strong>列<strong class="ph b">接受</strong>。<img class="image" id="example__image_n1l_bxl_fsb" src="https://obs-cn-shanghai.fincloud.pinganyun.com/pacloud/20220807191049-1f06f27e9f41.png" width="830"></li>
</ol>
</section>
<section class="section" id="example__section_f5r_s2f_fsb"><h2 class="doc-tairway">步骤五:通过云网通联通客户端VPC到Endpoint节点VPC</h2>
<ol class="ol" id="example__ol_kb1_v2f_fsb">
<li class="li">租户1登录<a class="xref" href="/console/cgn/list" target="_blank" rel="external noopener">云网通控制台</a>。</li>
<li class="li">单击左侧导航栏<span class="ph uicontrol">实例列表</span>。</li>
<li class="li">在云网通<span class="ph uicontrol">实例列表</span>页面,单击页面右上角的<span class="ph uicontrol">创建</span>。</li>
<li class="li">在<span class="ph uicontrol">创建云网通实例</span>页面,输入云网通实例名,并将VPC1与VPC2加入该云网通实例。具体操作可参考<a class="xref" href="/ssr/help/network/CGN/Operation_guide.Instance_management.Create_CGNinstance" target="_blank" rel="external noopener">创建云网通实例</a>。</li>
</ol>
</section>
<section class="section" id="example__section_b2l_dff_fsb"><h2 class="doc-tairway">执行结果</h2>
<p class="p">租户1在VPC2中的客户端ECS2和VPC1中的客户端ECS1可以正常访问192.168.1.1的6603端口,实现对租户2
VPC中DB服务(IP地址10.0.0.2,端口3306)的访问。</p>
</section>
提交成功!非常感谢您的反馈,我们会继续努力做到更好!