Stay organized with collections
Save and categorize content based on your preferences.
To use Datastream to create a stream from the source database to the
destination, you must establish connectivity to the source database. Use the
information in the following table to help you decide which method works best
for you for your specific workload.
Works by configuring the source database server to allow incoming connections from Datastream's external IP addresses. To find out the IP addresses for your regions, see IP allowlists and regions.
The source database is exposed to a public IP address.
The connection isn't encrypted by default. SSL must be enabled on the source database to encrypt the connection.
Configuring the firewall may require assistance from the IT department.
Works by creating a private connectivity configuration. Datastream uses this configuration to communicate with the data source over a private network. This communication happens through a network attachment set up in the customer VPC network.
Requires setting up a network attachment and adjusting firewall rules.
You can't migrate existing private connectivity configurations to Private Service Connect interfaces.
You can't change the network attachment after you create your Private Service Connect interface connection.
Allowlisting incoming connections from the Datastream IP addresses is available only on a project ID basis.
Works by creating a private connectivity configuration. Datastream uses this configuration to communicate with the data source over a private network. This communication happens through a Virtual Private Cloud (VPC) peering connection.
Requires a private network connection (VPN, Interconnect, etc.) between the database and Google Cloud.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-18 UTC."],[[["Datastream requires connectivity to the source database to stream data, and it supports three networking methods: IP allowlist, forward SSH tunnel, and VPC peering."],["IP allowlists involve configuring the source database server to permit connections from Datastream's external IP addresses, offering ease of setup but with potential security and management concerns."],["Forward SSH tunnels establish a secure, encrypted connection between Datastream and the source database through a designated host, offering security at the cost of potential bandwidth limitations and server maintenance."],["VPC peering creates a secure, private channel for Datastream to communicate with the data source over a private network, requiring a private network connection and enabling internal IP address usage."],["Setting up a tunnel involves choosing a host, creating an IP allowlist, providing tunnel details, and generating keys for authentication."]]],[]]