This topic tells you how to enable service-gateway access.
Service-gateway access enables external clients to connect to a MySQL service. The clients are typically apps running external to the foundation, apps on a different foundation, and management tools such as MySQL Workbench.
For a more detailed overview, see About Service-Gateway access.
To enable service-gateway access for an on-demand offering:
VMware recommends that you configure Transport Layer Security (TLS) alongside service-gateway access to prevent man-in-the-middle attacks. For instructions on how to configure TLS, see Configure security.
TCP routing is deactivated by default. To activate TCP routing:
1024
for a single port or 1024–1123
for a range of ports.<a href="./images/TCP-router-CID.png" target="_blank" aria-hidden="true">View a larger version of this image</a>
These are the steps you take to allow traffic to the TCP router depend on your IaaS:
Allow incoming traffic to the TCP router VM created in Activate TCP Routing using the TAS for VMs tile.
For more detailed information, see the documentation for your IaaS.
To configure the load balancer:
Configure a distinct external port range that does not overlap with any of the following:
For example, if your TCP routing port range is 1024–1123
, and ports 1124–1223
are reserved for Tanzu RabbitMQ service instances, then your load balancer port range for service gateway must not overlap 1024-1223
.
Each VMware Tanzu for MySQL service instance using service-gateway access requires a unique port. Ensure that the port range configured has enough capacity to accommodate all the service instances that you need. The start port and the end port are both inclusive.
Record this port range.
To create a DNS record and prepare to map it:
When service-gateway access is activated, all developers have the ability to create a service instance that is available to apps outside the foundation.
For VMware Tanzu for MySQL, service-gateway access is enabled globally. Access is not tied to certain service plans as in Tanzu RabbitMQ.
To configure service-gateway access for the foundation:
Go to the Settings pane in the VMware Tanzu for MySQL tile.
Under Enable off-platform access of MySQL service instances, click Enabled.
This activates the feature and makes the External TCP Domain, External TCP Port Range, and Enable External Access for All Multi-Site Instances fields visible.
Configure the fields as follows:
Field | Instructions |
---|---|
External TCP Domain | Set this to the DNS entry for the external load balancer that you recorded in Create a DNS Record That Maps to the Load Balancer. |
External TCP Port Range | Set this to the range of ports you configured for the external load balancer for MySQL service instances in Configure the Load Balancer in the IaaS to Redirect Traffic to the TCP Router. |
If service-gateway access is deactivated and then activated again, app developers must create new service keys to obtain a new set of credentials for service-gateway access.
Go back to Ops Manager Installation Dashboard > Review Pending Changes.
Click Apply Changes to apply the changes to the VMware Tanzu for MySQL tile.
If service-gateway access is deactivated and then activated again, app developers must create new service keys to obtain a new set of credentials for service-gateway access.
To deactivate service-gateway access:
Go to the Settings pane in the VMware Tanzu for MySQL tile.
Under Enable off-platform access of MySQL service instances, click Disabled.
Go back to Ops Manager Installation Dashboard > Review Pending Changes.
Click Apply Changes to apply the changes to the VMware Tanzu for MySQL tile.
For instructions for app developers, see Create a service instance with Service-Gateway access.