Stay organized with collections Save and categorize content based on your preferences.
You can establish connectivity from the destination database to the source database through a secure reverse SSH tunnel. This method requires a bastion host VM in the Google Cloud project as well as a machine (for example, a laptop on the network) that has connectivity to the source database.
Important: If your source is within a VPN (in AWS, for example, or your own on-premises VPN), your source connection profile should use the VPN IP address and port instead of the source IP address and port.The Database Migration Service for MySQL collects the required information at migration creation time, and auto-generates the script for setting it all up.
See the following diagram:
Set up a reverse SSH tunnelThe following steps are performed in the Database Migration Service flow for creating a migration job, to set up a reverse SSH tunnel between the source database and Cloud SQL instance. After you provide some parameters, you execute a set of gcloud commands on a machine which has connectivity to both the source database and to Google Cloud.
You can use an existing Compute Engine VM instance for this purpose.
Choose the Compute Engine VM instance from the list.
Provide a free port that the SSH tunnel can use.
/etc/ssh/sshd_config file on the target server. After you update the file, restart the sshd service using the sudo systemctl restart sshd.service command.
If you don't want to change the configuration of your existing VM, then create a new VM.
Alternatively, you can create a new VM at this step. Select CREATE A COMPUTE ENGINE VM INSTANCE and the generated script includes instructions to create it.
Provide a name for the VM instance.
Select a machine type for the VM.
Specify a subnet for the VM
Click VIEW SCRIPT to view the generated script.
By default, the script will generate a public IP address for the Compute Engine VM server. If you want the IP address to be private, then do the following:
gcloud compute instances create command by adding the --no-address flag.gcloud compute ssh command by adding the --internal-ip flag.Also, if you want to create a bastion host VM on a subnet which is on a shared VPC, then alter the export SUBNET_NAME command from the generated script to point to /projects/project_name/regions/region_name/subnetworks/subnetwork_name.
For example:
export SUBNET_NAME=projects/myproject/regions/myregion/subnetworks/mysubnetwork
project_name is the name of the project where the shared VPC is placed. A project has regions and subnetworks. region_name and subnetwork_name are the names of the region and subnetwork that are associated with the VPC project.
Run the script on a machine that has access to both the source database and the Compute Engine VM. The script performs the following operations:
Configures the Compute Engine VM as an SSH tunnel bastion server.
Establishes a secure SSH connection between the source database and the VPC.
If you're creating a new Compute Engine VM, then after successfully running the script, copy the VM server IP from the script output and enter it in the provided text field. The Cloud SQL instance will be updated as needed when you later test or start the migration job.
Click CONFIGURE & CONTINUE.
Verify your migration job to confirm that it correctly migrated data from your source database instance to the destination Cloud SQL database instance.
If your source is within a VPN (in AWS, for example, or your own on-premises VPN), proceed to the section on connecting VPCs through VPNs for more information on configuring the source VPN and Google Cloud VPN to work with each other.
After your migration job is configured, connectivity is verified, and VPNs are configured successfully if necessary, then you can run the job.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-09 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-09 UTC."],[[["A secure reverse SSH tunnel can be established to connect the destination database to the source database, requiring a bastion host VM in Google Cloud and a machine with source database connectivity."],["The Database Migration Service for MySQL automatically generates a script to set up the reverse SSH tunnel during migration creation."],["Users can either utilize an existing Compute Engine VM instance or create a new one as the SSH tunnel bastion server, ensuring `GatewayPorts` is set to `yes` and restarting the sshd service on the target server."],["The generated script can be modified to create a VM with a private IP address or to use a subnet within a shared VPC, providing flexibility in network configurations."],["The generated script needs to be executed on a machine with access to both the source database and the Compute Engine VM, and it configures the VM as an SSH tunnel bastion server to establish a secure SSH connection."]]],[]]
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4