This page provides an overview of concepts associated with configuringnetwork connectivity for heterogeneous SQL Server toCloud SQL for PostgreSQL migrations:

• Network components describes how the source and destinationconnectivity make up the end-to-end network configuration for migrations.

• The examples sections show different combinations for public and privatesource and destination connectivity:

  • Public IP source connectivity and private IP destination connectivity

  • Private IP source connectivity and public IP destination connectivity

  • Private IP source connectivity for a database hosted in Microsoft Azure orAmazon RDS and public IP destination connectivity

After you've considered the high-level relations between Google Cloudservices involved in the migration process, you can proceed to learn more aboutsource database connectivity methods anddestination database connectivity methods.

Network components involved in the migration process

From a networking point of view, Database Migration Service and Cloud SQL areservice producers that reside in their own dedicated networks(known asservice networks), outside the Virtual Private Cloud (VPC)networks that you use in your Google Cloud project.The goal of configuring network connectivity for a migration process withDatabase Migration Service is to ensure that Database Migration Service can reach your sourceSQL Server database server and the destination Cloud SQL for PostgreSQLinstance.

When you plan the network connectivity setup for your migration, it's importantto carefully consider the infrastructure requirements, including what limitationsyour networking decisions might introduce to the end state of the migrateddatabase instance. For example, if you want to use a private connectionfor the destination database connectivity, you need to create your destinationCloud SQL instance with private IP enabled. You can't later disable theprivate IP on your Cloud SQL instance.

There are multiple different methods you can use to establish the necessarynetwork connections. Bothsource anddestination connectivity can be established with the use of publicor private IP addresses. You can combine any source and destination connectivitymethods to best match your infrastructure requirements.

Example: public IP source connectivity and private IP destination connectivity

In this example, you have the following database instances:

• A self-hosted source SQL Server database server with a public IP address
• A Cloud SQL for PostgreSQL destination instance with a private IP address enabled

For thesource database connectivity, you use theIP allowlist method to establish a connectionover the public internet. You secure this connection with an SSL/TLS certificate.

For thedestination database connectivity, you usePrivate Service Connect to establisha private connection over the Google Cloud network. This internalconnection is automatically encrypted by Database Migration Service.

Example: private IP source connectivity and public IP destination connectivity

In this example, you have the following database instances:

• A Cloud SQL for SQL Server source instance with private IP enabled
• A Cloud SQL for PostgreSQL destination instance with a public IP address enabled

For thesource database connectivity, you use theprivate connectivity with Private Service Connect interfacesmethod. Youcreate a private connectivity configurationto establish the connection between Database Migration Service and the networkattachment in the VPC where your source Cloud SQL for SQL Server instance hasa private IP assigned. All traffic travels through the Google Cloud network.

For thedestination database connectivity, you use thepublic IP connectivity method to establish a connectionover the public internet. Database Migration Service automatically secures this connectionwith SSL/TLS.

Example: private IP connectivity for source database hosted outside Google Cloud

In this example, you have the following components:

• A Microsoft Azure SQL Managed Instance or Amazon RDS SQL Server source instance and a VPN gateway
• A Cloud VPN instance in your Google Cloud VPC
• A Cloud SQL for PostgreSQL destination instance with a public IP address enabled

For thesource database connectivity, you use aprivate connectivity configuration to establish a Private Service Connectinterfaces connection between Database Migration Service and the VPC where you haveyour Cloud VPN instance. You use Cloud VPN in your source network to createan IPsec tunnel to your Microsoft Azure or Amazon Web Services cloud networks.

For thedestination database connectivity, you use thepublic IP connectivity method to establish a connectionover the public internet. Database Migration Service automatically secures this connectionwith SSL/TLS.

What's next

There are many different connectivity methods you can use. Each methodcan be further adjusted with proxy servers, ssh tunnels, and bastion VMs.

• Learn more aboutsource database connectivity methods.
• Learn more aboutdestination database connectivity methods.