Enabling SSIS in Visual Studio 2022

If you're using Visual Studio 2022, you will need to install the SQL Server Integration Services Projects extension to use SSIS.

1. Navigate to Extensions > Manage Extensions.
2. In the Manage Extensions window's search box, search for "SQL Server Integration Services Projects 2022" and select the extension in the list.
3. Click Download.
4. Close Visual Studio and run the downloaded Microsoft.DataTools.IntegrationServices.exe installer. Proceed through the installer with default settings.
5. Open Visual Studio. There should now be an "Integration Services Project" project template available.

Adding the AlloyDB Connection Manager

Create a new connection manager as follows:

1. Create a Visual Studio project with the "Integration Services Project" template.
2. In the project, right-click within the Connection Managers window and select New Connection from the menu.
3. In the Description column, select CData AlloyDB Connection Manager and click Add...
4. Configure the component as described in the next section.

Alternatively, if you have an existing project and CData AlloyDB Source or CData AlloyDB Destination:

1. Right-click your CData AlloyDB source or destination component in your data flow
2. Select Edit... to open an editor window.
3. Click the New... button next to the Connection manager: dropdown selector to create a connection manager.
4. Configure the component as described in the next section.

Connecting to AlloyDB

To connect to AlloyDB, set these properties:

• Server: The host name or IP of the server hosting the AlloyDB database.
• Port (optional): The port of the server hosting the AlloyDB database. This property is set to 5432 by default.
• User: The user which will be used to authenticate with the AlloyDB server.
• Password: The password which will be used to authenticate with the AlloyDB server.
• Database (optional): The database to connect to when connecting to the AlloyDB Server. If this is not set, the user's default database will be used.

Authenticating to AlloyDB

AlloyDB supports authentication through the following methods:

• Standard
• pg_hba.conf
  • MD5
  • SASL
• Kerberos
• OAuthJWT

Standard Authentication

Standard authentication (using the user/password combination supplied earlier) is the default form of authentication.

No further action is required to leverage Standard Authentication to connect.

pg_hba.conf Auth Schemes

There are additional methods of authentication supported by the component which must be enabled in the pg_hba.conf file on the AlloyDB server.

You can find instructions about authentication setup on the AlloyDB Server here.

MD5

You can authenticate using MD5 password verification by setting the auth-method in the pg_hba.conf file to md5.

SASL

The component can authenticate by verifying the password with SASL (particularly, SCRAM-SHA-256).

To use this authentication method, set the auth-method in the pg_hba.conf file to scram-sha-256.

Kerberos

The authentication with Kerberos is initiated by AlloyDB Server when the CData SSIS Components for AlloyDB is trying to connect to it. Set up Kerberos on the AlloyDB Server to activate this authentication method. Once you have Kerberos authentication set up on the AlloyDB server, see Using Kerberos for details regarding how to authenticate with Kerberos by the component.

OAuthJWT

This authentication method allows a Google Cloud service account to authenticate with AlloyDB using a JSON key file.

Prerequisite

Before configuring this authentication method, ensure that you have a Google Cloud service account. You must also generate and download a new key file (JSON-formatted) for that service account.

To obtain this file in the Google Cloud console:

1. Go to IAM & Admin > Service accounts. If you do not have an account already, you must create one (see detailed instructions here.)
2. Click on the email address of your service account (for example, [email protected]).
3. Go to the Keys tab.
4. Select Add Key > Create new key.
5. Select JSON as the key type. Then, click Create.

Note: Once the file for the key is downloaded, it cannot be redownloaded due to security reasons. However, you can generate additional keys as needed.

Authenticate to AlloyDB with OAuthJWT

1. Using IAM administrator tools (IAM & Admin > IAM), grant the new or existing service account the alloydb.databaseUser and serviceusage.serviceUsageConsumer roles.
2. Add that service account to a cluster (see detailed instructions here.)
3. Set the required connection properties:
   • AuthScheme: OAuthJWT.
   • OAuthJWTCertType: GOOGLEJSON.
   • OAuthJWTCert: The path to the service account key file you downloaded (for example, C:\keys\my-gcp-project-service-account.json).
   • User: The service account's address without the .gserviceaccount.com suffix (for example, [email protected]).