diff --git a/debian/control b/debian/control
index 19a705fab45a..5ed5c97c2d7c 100644
--- a/debian/control
+++ b/debian/control
@@ -70,7 +70,7 @@ Depends: ${misc:Depends}, vlan,
 # perl uncategorized modules
  libapache-htpasswd-perl, libbit-vector-perl, libtext-csv-perl, libtext-csv-xs-perl,
  libcgi-session-serialize-yaml-perl, libtimedate-perl, libapache-dbi-perl,
- libdbd-mysql-perl, libfile-tail-perl, libnetwork-ipv4addr-perl,
+ libdbd-mysql-perl (>= 4.052), libfile-tail-perl, libnetwork-ipv4addr-perl,
  libiptables-parse-perl, libiptables-chainmgr-perl, iptables (>= 1.4.0), iptables-netflow-dkms,
  liblwp-useragent-determined-perl,
  liblwp-protocol-connect-perl,
diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
index 46f7e8a90f9a..63eebdf62270 100644
--- a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
+++ b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm
@@ -261,7 +261,7 @@ sub field_list {
                     type => 'PathUpload',
                     accessor => $old_name,
                     config_prefix => $doc_section->{ext},
-                    upload_namespace => $name,
+                    upload_namespace => 'pf',
                 };
             };
         }
diff --git a/html/pfappserver/lib/pfappserver/Model/DB.pm b/html/pfappserver/lib/pfappserver/Model/DB.pm
index 024acabd0b38..41b6fce604a8 100644
--- a/html/pfappserver/lib/pfappserver/Model/DB.pm
+++ b/html/pfappserver/lib/pfappserver/Model/DB.pm
@@ -23,6 +23,7 @@ use pf::file_paths qw($install_dir);
 use pf::error;
 use pf::util;
 use File::Slurp qw(read_dir);
+use File::Temp qw(tempfile);
 
 extends 'Catalyst::Model';
 
@@ -37,56 +38,169 @@ our $dbHandler;
 
 sub assign {
     my ( $self, $db, $user, $password ) = @_;
+    return $self->_assign($dbHandler, $db, $user, $password);
+}
+
+sub get_db_type {
+    my ($dbh) = @_;
+    my $data = $dbh->selectrow_arrayref("SELECT VERSION()");
+    if (!defined $data || !@$data) {
+        return
+    }
+
+    my $version = $data->[0];
+    ($version, my $type) = split('-', $version);
+    $type //= "MySQL";
+    return ($version, $type);
+}
+
+sub assign_database {
+    my ($self, $args) = @_;
     my $logger = get_logger();
+    my $db = delete $args->{database};
+    $args->{database} = '';
+    my ($dbh, undef, $user) = connect_to_database($args);
+    if (!$dbh) {
+        $logger->warn("$DBI::errstr");
+        return ( $STATUS::INTERNAL_SERVER_ERROR, [ "Error creating the user $user on database $db}"] );
+    }
 
-    my $status_msg;
+    return $self->_assign($dbh, $db, $args->{pf_username}, $args->{pf_password});
+}
 
-    $db = $dbHandler->quote_identifier($db);
+sub _assign {
+    my ($self, $dbh, $db, $user, $password ) = @_;
+    my $logger = get_logger();
+
+    my $status_msg;
+    my ($version, $type) = get_db_type($dbh);
+    $db = $dbh->quote_identifier($db);
 
     # Create global PF user
     foreach my $host ("'%'","localhost") {
-        my $sql_query = "GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES,CREATE TEMPORARY TABLES ON $db.* TO ?\@${host} IDENTIFIED BY ?";
-        $dbHandler->do($sql_query, undef, $user, $password);
+        my $sql_query = "DROP USER IF EXISTS ?\@${host}";
+        $dbh->do($sql_query, undef, $user);
         if ( $DBI::errstr ) {
             $status_msg = "Error creating the user $user on database $db";
             $logger->warn("$DBI::errstr");
             return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
         }
-        $sql_query = "GRANT DROP ON $db.radius_nas TO ?\@${host} IDENTIFIED BY ?";
-        $dbHandler->do($sql_query, undef, $user, $password);
+
+        $sql_query = "CREATE USER ?\@${host} IDENTIFIED BY ?";
+        $dbh->do($sql_query, undef, $user, $password);
         if ( $DBI::errstr ) {
             $status_msg = "Error creating the user $user on database $db";
             $logger->warn("$DBI::errstr");
             return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
         }
-        $sql_query = "GRANT SELECT ON mysql.proc TO ?\@${host} IDENTIFIED BY ?";
-        $dbHandler->do($sql_query, undef, $user, $password);
+
+        $sql_query = "GRANT DROP,SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES,CREATE TEMPORARY TABLES ON $db.* TO ?\@${host}";
+        $dbh->do($sql_query, undef, $user);
         if ( $DBI::errstr ) {
             $status_msg = "Error creating the user $user on database $db";
             $logger->warn("$DBI::errstr");
             return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
         }
-        $sql_query = "GRANT BINLOG ADMIN ON *.* TO ?\@${host} IDENTIFIED BY ?";
-        $dbHandler->do($sql_query, undef, $user, $password);
+
+        $sql_query = "GRANT CREATE,DROP ON $db.radius_nas TO ?\@${host}";
+        $dbh->do($sql_query, undef, $user);
         if ( $DBI::errstr ) {
-            $status_msg = "Error granting BINLOG ADMIN for user $user on database";
+            $status_msg = "Error creating the user $user on database $db";
+            $logger->warn("$DBI::errstr");
+            return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+        }
+
+        if ($type ne 'MySQL') {
+            $sql_query = "GRANT SELECT ON mysql.proc TO ?\@${host}";
+            $dbh->do($sql_query, undef, $user);
+            if ( $DBI::errstr ) {
+                $status_msg = "Error creating the user $user on database $db";
+                $logger->warn("$DBI::errstr");
+                return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+            }
+        }
+
+
+        $sql_query = $type eq 'MySQL' ? "GRANT BINLOG_ADMIN ON *.* TO ?\@${host}" : "GRANT BINLOG ADMIN ON *.* TO ?\@${host}";
+        $dbh->do($sql_query, undef, $user);
+        if ( $DBI::errstr ) {
+            $status_msg = "Error granting BINLOG ADMIN for user $user on database $db";
             $logger->warn("$DBI::errstr");
             return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
         }
     }
     # Apply the new privileges
-    $dbHandler->do("FLUSH PRIVILEGES");
+    $dbh->do("FLUSH PRIVILEGES");
     if ( $DBI::errstr ) {
         $status_msg = ["Error creating the user [_1] on database [_2]",$user,$db];
         $logger->warn("$DBI::errstr");
         return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
     }
+
     $status_msg = ["Successfully created the user [_1] on database [_2]",$user,$db];
 
     # return original status message
     return ( $STATUS::OK, $status_msg );
 }
 
+sub connect_to_database {
+    my ($args) = @_;
+    my $fh;
+    $args->{database} //= "mysql";
+    $args->{hostname} ||= "localhost";
+    if ($args->{remote}{ca_cert}) {
+        ($fh, my $filename) = tempfile();
+        print $fh $args->{remote}{ca_cert};
+        $fh->flush();
+        $fh->close();
+        $args->{remote}{ca_file} = $filename;
+    }
+
+    my ($connect_str, $user, $password) = make_connection_str($args);
+    my $dbh = DBI->connect($connect_str, $user, $password);
+    return $dbh, $args->{database}, $user;
+}
+
+sub test_connection {
+    my ($self, $args) = @_;
+    my $logger = get_logger();
+    my ($dbh, $db, $user) = connect_to_database($args);
+    if ( !$dbh ) {
+        my $status_msg = ["Error in connection to the database [_1] with user [_2]",$db,$user];
+        $logger->warn("$DBI::errstr");
+        return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+    }
+
+    my $status_msg = ["Successfully connected to the database [_1] with user [_2]",$db,$user];
+    return ( $STATUS::OK, $status_msg );
+}
+
+sub make_connection_str {
+    my ($args) = @_;
+    my $dsn = "DBI:mysql:dbname=$args->{database}";
+    if (!$args->{is_remote}) {
+        return (
+            "$dsn;mysql_socket=/var/lib/mysql/mysql.sock",
+            $args->{username},
+            $args->{password},
+        );
+    }
+
+    my $remote = $args->{remote};
+    $dsn .= ";host=$remote->{hostname}";
+    my $port = $remote->{port} // '3306';
+    $dsn .= ";port=$port";
+    if ($remote->{encryption} eq "tls") {
+        $dsn .= ";mysql_ssl=1;mysql_ssl_ca_file=$remote->{ca_file}";
+    }
+
+    return (
+        $dsn,
+        $remote->{username},
+        $remote->{password},
+    );
+}
+
 =head2 connect
 
 =cut
@@ -132,6 +246,118 @@ sub create {
     return ( $STATUS::OK, $status_msg );
 }
 
+sub make_mysql_command {
+    my ($args) = @_;
+    if ($args->{is_remote}) {
+        return make_remote_mysql_command($args);
+    }
+
+    my $user = quotemeta ($args->{username});
+    my $password = quotemeta ($args->{password});
+    my $db = quotemeta ($args->{database});
+    my $mysql_cmd = "/usr/bin/mysql --socket=/var/lib/mysql/mysql.sock -u $user -p$password $db";
+    return ($mysql_cmd, undef, "-p$password");
+}
+
+sub make_remote_mysql_command {
+    my ($args) = @_;
+    my $remote = $args->{remote};
+    my $mysql_cmd = "/usr/bin/mysql";
+    if ($remote->{encryption} eq 'tls') {
+        $mysql_cmd .= " --ssl";
+    }
+
+    if ($remote->{port}) {
+        $mysql_cmd .= " -P".  quotemeta($remote->{port});
+    }
+
+    my $fh = make_file_for_cert($remote);
+    if ($remote->{ca_file}) {
+        $mysql_cmd .= " --ssl-ca=".  $remote->{ca_file};
+    }
+
+    my $host = quotemeta ($remote->{hostname});
+    my $user = quotemeta ($remote->{username});
+    my $password = quotemeta ($remote->{password});
+    my $db = quotemeta ($args->{database});
+    $mysql_cmd .= " -h$host -u$user -p$password $db";
+    return ($mysql_cmd, $fh, "-p$password");
+}
+
+sub make_file_for_cert {
+    my ($remote_args) = @_;
+    if (!$remote_args->{ca_cert}) {
+        return undef;
+    }
+
+    my ($fh, $filename) = tempfile();
+    print $fh $remote_args->{ca_cert};
+    $fh->flush();
+    $fh->close();
+    $remote_args->{ca_file} = $filename;
+    return $fh;
+}
+
+sub apply_schema {
+    my ( $self, $args) = @_;
+    my $logger = get_logger();
+
+    my ( $status_msg, $result );
+    my ($mysql_cmd, $fh, $log_strip) = make_mysql_command($args);
+    my $cmd = "$mysql_cmd < $install_dir/db/pf-schema.sql";
+    my $db = $args->{database};
+    eval { $result = pf_run($cmd, (accepted_exit_status => [ 0 ]), log_strip => $log_strip) };
+    if ( $@ || !defined($result) ) {
+        $status_msg = ["Error applying the schema to the database [_1]", $db ];
+        $logger->warn("$@: $result");
+        return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+    }
+    my @custom_schemas = read_dir( "$install_dir/db/custom", prefix => 1, err_mode => 'quiet' ) ;
+    @custom_schemas = sort @custom_schemas;
+    foreach my $custom_schema (@custom_schemas) {
+        my $cmd = "$mysql_cmd < $custom_schema";
+        eval { $result = pf_run($cmd, (accepted_exit_status => [ 0 ]), log_strip => $log_strip) };
+        if ( $@ || !defined($result) ) {
+            $status_msg = ["Error applying the custom schema $custom_schema to the database [_1]", $db ];
+            $logger->warn("$@: $result");
+            return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+        }
+    }
+
+    $status_msg = ["Successfully applied the schema to the database [_1]", $db];
+    # return original status message
+    return ( $STATUS::OK, $status_msg );
+}
+
+=head2 create_database
+
+=cut
+
+sub create_database {
+    my ( $self, $args ) = @_;
+    my $db = $args->{database};
+    my $logger = get_logger();
+    my ( $status_msg, $result );
+    my ($dbh, undef, $user) = connect_to_database({%$args, database => ''});
+    if (!$dbh) {
+        $status_msg = ["Error in creating the database [_1]",$db];
+        $logger->warn($DBI::errstr);
+        return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+    }
+
+    my $db_quoted = $dbh->quote_identifier($db);
+    $result = $dbh->do("CREATE DATABASE $db_quoted DEFAULT CHARACTER SET = 'utf8mb4'");
+    if ( !$result ) {
+        $status_msg = ["Error in creating the database [_1]", $db];
+        $logger->warn($DBI::errstr);
+        return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg );
+    }
+
+    $status_msg = ["Successfully created the database [_1]", $db];
+    # return original status message
+    return ( $STATUS::OK, $status_msg );
+}
+
 =head2 secureInstallation
 
 Intended to integrate the "/usr/bin/mysql_secure_installation" steps
diff --git a/html/pfappserver/root/src/utils/regex.js b/html/pfappserver/root/src/utils/regex.js
index da85058e3bb9..dbabe4c71041 100644
--- a/html/pfappserver/root/src/utils/regex.js
+++ b/html/pfappserver/root/src/utils/regex.js
@@ -1,25 +1,24 @@
+export const reAscii = value => /^([\x20-\x7E]+)$/.test(value)
+
 export const reAlphaNumeric = value => /^[a-zA-Z0-9]*$/.test(value)
 
 export const reAlphaNumericHyphenUnderscoreDot = value => /^[a-zA-Z0-9-_.]*$/.test(value)
 
 export const reCommonName = value => /^([A-Z]+|[A-Z]+[0-9A-Z_:]*[0-9A-Z]+)$/i.test(value)
 
+export const reDomain = value => /^((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9*]+\.)+[a-zA-Z]{2,}))$/.test(value)
+
 export const reEmail = value => /(^$|^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$)/.test(value)
 
-export const reDomain = value => /^((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9*]+\.)+[a-zA-Z]{2,}))$/.test(value)
+export const reFilename = value => /^[^\\/?%*:|"<>]+$/.test(value)
 
 export const reIpv4 = value => /^(([0-9]{1,3}.){3,3}[0-9]{1,3})$/i.test(value)
 
 export const reIpv6 = value => /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/i.test(value)
 
-export const reFilename = value => /^[^\\/?%*:|"<>]+$/.test(value)
-
 export const reMac = value => /^([0-9a-fA-F]{2}[-:]?){5,}([0-9a-fA-F]){2}$/.test(value)
 
 export const reNumeric = value => /^-?[0-9]*$/.test(value)
 
 // eslint-disable-next-line no-useless-escape
 export const reStaticRoute = value => /^(?:[0-9]{1,3}\.){3}[0-9]{1,3}\/?(\d+)?\s+?(via\s+(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s+?)?dev\s+[a-z,0-9\.]+$/i.test(value)
-
- 
-export const reAscii = value => /^([\x20-\x7E]+)$/.test(value)
\ No newline at end of file
diff --git a/html/pfappserver/root/src/utils/yup.js b/html/pfappserver/root/src/utils/yup.js
index 164422a345f3..920084c3b7ef 100644
--- a/html/pfappserver/root/src/utils/yup.js
+++ b/html/pfappserver/root/src/utils/yup.js
@@ -366,6 +366,14 @@ yup.addMethod(yup.string, 'isFQDN', function (message) {
   })
 })
 
+yup.addMethod(yup.string, 'isHostname', function (message) {
+  return this.test({
+    name: 'isFQDN',
+    message: message || i18n.t('Invalid hostname.'),
+    test: value => ['', null, undefined].includes(value) || reIpv4(value) || isFQDN(value)
+  })
+})
+
 yup.addMethod(yup.string, 'isIpv4', function (message) {
   return this.test({
     name: 'isIpv4',
@@ -412,7 +420,7 @@ yup.addMethod(yup.string, 'isPort', function (message) {
   return this.test({
     name: 'isPort',
     message: message || i18n.t('Invalid port.'),
-    test: value => ['', null, undefined].includes(value) || (+value === parseFloat(value) && +value >= 1 && +value <= 65535)
+    test: value => ['', null, undefined].includes(value) || (+value === parseInt(value) && +value >= 1 && +value <= 65535)
   })
 })
 
diff --git a/html/pfappserver/root/src/views/Configurator/packetfence/_components/FormDatabase.vue b/html/pfappserver/root/src/views/Configurator/packetfence/_components/FormDatabase.vue
index cc2dc783cc89..a20e075c881e 100644
--- a/html/pfappserver/root/src/views/Configurator/packetfence/_components/FormDatabase.vue
+++ b/html/pfappserver/root/src/views/Configurator/packetfence/_components/FormDatabase.vue
@@ -23,6 +23,13 @@
         :isLoading="isLoading"
         :readonly="disabled"
       >
+        <form-group-automatic-configuration
+          v-model="remoteDatabase"
+          :column-label="$i18n.t('Remote Database')"
+          :text="$i18n.t('Use a remote MySQL compatible database.')"
+        />
+
+
         <form-group-automatic-configuration v-if="rootPasswordIsRequired && setRootPassword && !rootPasswordIsValid && (!databaseExists || !userIsValid)"
           v-model="automaticConfiguration"
           :column-label="$i18n.t('Automatic Configuration')"
@@ -179,6 +186,61 @@
 
       </base-form>
     </b-form>
+
+    <!--
+      remote database
+      -->
+    <b-modal v-model="remoteDatabaseModal" size="lg" centered id="remoteDatabaseModal" hide-header-close
+      :title="$t('Remote MySQL Database')"
+      @cancel="remoteDatabaseCancel"
+    >
+      <b-alert variant="danger" v-model="remoteDatabaseTestError" fade>
+        <p>{{ remoteDatabaseTestMessage }}</p>
+      </b-alert>
+
+      <base-form ref="remoteDatabaseRef"
+        :form="remoteDatabaseForm"
+        :schema="remoteDatabaseSchema"
+        :isLoading="remoteDatabaseLoading"
+        :readonly="remoteDatabaseDisabled"
+      >
+        <base-form-group-input namespace="username"
+          :column-label="$i18n.t('Privileged user name')"
+          :text="$i18n.t('This user requires SUPER priviliges.')"
+          :disabled="remoteDatabaseDisabled"
+        />
+        <base-form-group-input-password namespace="password"
+          :column-label="$i18n.t('Privileged user password')"
+          :disabled="remoteDatabaseDisabled"
+        />
+        <base-form-group-chosen-one namespace="encryption"
+          :column-label="$i18n.t('Encryption type')"
+          :text="$i18n.t('Only secure connections are supported.')"
+          :disabled="remoteDatabaseDisabled"
+          :options="[
+            { text: 'TLS', value: 'tls' }
+          ]"
+        />
+        <base-form-group-textarea-upload namespace="ca_cert"
+          :column-label="$i18n.t('CA certificate')"
+          :text="$i18n.t('Click the upload icon on the right-side to choose the CA certificate from disk.')"
+          :disabled="remoteDatabaseDisabled"
+        />
+        <base-form-group-input namespace="hostname"
+          :column-label="$i18n.t('Server hostname')"
+          :text="$i18n.t('FQDN or IPv4.')"
+          :disabled="remoteDatabaseDisabled"
+        />
+        <base-form-group-input-number namespace="port"
+          :column-label="$i18n.t('Server port')"
+          :disabled="remoteDatabaseDisabled"
+        />
+      </base-form>
+      <template v-slot:modal-footer>
+        <b-button variant="secondary" class="mr-1" @click="remoteDatabaseCancel">{{ $t('Cancel') }}</b-button>
+        <b-button variant="primary" :disabled="!remoteDatabaseValid" @click="remoteDatabaseTest">{{ $t('Test') }}</b-button>
+      </template>
+    </b-modal>
   </b-card>
 </template>
 <script>
@@ -190,10 +252,13 @@ import {
 
   BaseForm,
   BaseFormGroup,
+  BaseFormGroupChosenOne,
   BaseFormGroupInput,
+  BaseFormGroupInputNumber,
   BaseFormGroupInputPassword,
   BaseFormGroupInputPasswordGenerator,
   BaseFormGroupInputPasswordTest,
+  BaseFormGroupTextareaUpload,
   BaseFormGroupToggleFalseTrue,
   BaseInput,
   BaseInputGroupPassword,
@@ -205,10 +270,14 @@ const components = {
   BaseForm,
   BaseFormGroup,
   FormGroupAutomaticConfiguration:  BaseFormGroupToggleFalseTrue,
+  FormGroupRemoteDatabase:          BaseFormGroupToggleFalseTrue,
+  BaseFormGroupChosenOne,
   BaseFormGroupInput,
+  BaseFormGroupInputNumber,
   BaseFormGroupInputPassword,
   BaseFormGroupInputPasswordGenerator,
   BaseFormGroupInputPasswordTest,
+  BaseFormGroupTextareaUpload,
   BaseInput,
   BaseInputGroupPassword,
   BaseInputGroupPasswordGenerator
@@ -220,11 +289,12 @@ const props = {
   }
 }
 
-import { computed, inject, ref } from '@vue/composition-api'
+import { computed, inject, ref, watch } from '@vue/composition-api'
 import apiCall from '@/utils/api'
 import i18n from '@/utils/locale'
 import password from '@/utils/password'
 import yup from '@/utils/yup'
+import { useDebouncedWatchHandler } from '@/composables/useDebounce'
 
 const passwordOptions = {
   pwlength: 16,
@@ -286,17 +356,17 @@ export const setup = (props, context) => {
       form.value.db = DEFAULT_DATABASE
     if (!user)
       form.value.user = DEFAULT_USERNAME
-    $store.dispatch('$_bases/testDatabase', { username: 'root' }).then(() => {
+    $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value }).then(() => {
       setRootPassword.value = true // root has no password -- installation is insecure
       automaticConfiguration.value = true // enable automatic configuration
-      $store.dispatch('$_bases/testDatabase', { username: 'root', database: form.value.db }).then(() => {
+      $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, database: form.value.db }).then(() => {
         databaseExists.value = true // database exists
       })
     }).catch(() => {
       // noop
     }).finally(() => {
       // Check if user credentials are valid
-      $store.dispatch('$_bases/testDatabase', { username: form.value.user, password: form.value.pass, database: form.value.db }).then(() => {
+      $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, username: form.value.user, password: form.value.pass, database: form.value.db }).then(() => {
         databaseExists.value = true
         userIsValid.value = true
         rootPasswordIsRequired.value = false // we no longer need the root password
@@ -315,7 +385,7 @@ export const setup = (props, context) => {
     form.value.root_pass = password.generate(passwordOptions)
     return secureDatabase().then(() => {
       const databaseReady = new Promise((resolve, reject) => {
-        $store.dispatch('$_bases/testDatabase', { username: 'root', password: form.value.root_pass, database: form.value.db }).then(() => {
+        $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, username: "root", password: form.value.root_pass, database: form.value.db }).then(() => {
           databaseExists.value = true // database exists
           resolve()
         }).catch(() => {
@@ -329,7 +399,7 @@ export const setup = (props, context) => {
           if (form.value.pass) {
             reject()
           } else {
-            $store.dispatch('$_bases/testDatabase', { username: form.value.user, password: form.value.pass, database: form.value.db }).then(() => {
+            $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, username: form.value.user, password: form.value.pass, database: form.value.db }).then(() => {
               databaseExists.value = true
               userIsValid.value = true
               resolve()
@@ -346,9 +416,14 @@ export const setup = (props, context) => {
   }
 
   const secureDatabase = () => {
-    return $store.dispatch('$_bases/secureDatabase', { username: 'root', password: form.value.root_pass }).then(() => {
-      rootPasswordIsValid.value = true
-    })
+    // secure install only localdb (remotedb disabled)
+    if(!remoteDatabase.value) {
+      return $store.dispatch('$_bases/secureDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, username: 'root', password: form.value.root_pass }).then(() => {
+        rootPasswordIsValid.value = true
+      })
+    }
+    // remotedb enabled
+    return new Promise(r => r)
   }
 
   const canCreateDatabase = computed(() => {
@@ -362,6 +437,8 @@ export const setup = (props, context) => {
     isCreatingDatabase.value = true
     databaseCreationError.value = null
     return $store.dispatch('$_bases/createDatabase', {
+      is_remote: remoteDatabase.value,
+      remote: remoteDatabaseForm.value,
       username: 'root',
       password: form.value.root_pass,
       database: form.value.db
@@ -397,8 +474,10 @@ export const setup = (props, context) => {
     isCreatingUser.value = true
     userCreationError.value = null
     return $store.dispatch('$_bases/assignDatabase', {
-      root_username: 'root',
-      root_password: form.value.root_pass,
+      is_remote: remoteDatabase.value,
+      remote: remoteDatabaseForm.value,
+      username: 'root',
+      password: form.value.root_pass,
       pf_username: form.value.user,
       pf_password: form.value.pass,
       database: form.value.db
@@ -474,11 +553,11 @@ export const setup = (props, context) => {
   const isVerifyingRootPassword = ref(false)
   const onVerifyRootPassword = () => {
     isVerifyingRootPassword.value = true
-    return $store.dispatch('$_bases/testDatabase', { username: 'root', password: form.value.root_pass })
+    return $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, password: form.value.root_pass })
       .then(() => {
         rootPasswordIsValid.value = true
         rootPasswordIsUnverified.value = false
-        $store.dispatch('$_bases/testDatabase', { username: 'root', password: form.value.root_pass, database: form.value.db || DEFAULT_DATABASE })
+        $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value, password: form.value.root_pass, database: form.value.db || DEFAULT_DATABASE })
           .then(() => {
             databaseExists.value = true // database exists
           })
@@ -496,6 +575,67 @@ export const setup = (props, context) => {
   })
   _getSystemSummary()
 
+  const remoteDatabase = ref(false)
+  const remoteDatabaseModal = ref(false)
+  const _remoteDatabaseForm = {
+    username: 'root',
+    port: 3306
+  }
+  const remoteDatabaseForm = ref({ ..._remoteDatabaseForm })
+  const remoteDatabaseSchema = computed(() => {
+    return yup.object({
+      username: yup.string().nullable()
+        .required(i18n.t('Priviledged user name required.')),
+      password: yup.string().nullable()
+        .required(i18n.t('Priviledged user password required.')),
+      encryption: yup.string().nullable()
+        .required(i18n.t('Database client encryption type required.')),
+      ca_cert: yup.string().nullable(),
+      hostname: yup.string().nullable()
+        .required(i18n.t('Server hostname required.'))
+        .isHostname(),
+      port: yup.string().nullable()
+        .required(i18n.t('Server port required.'))
+        .isPort(),
+    })
+  })
+  const remoteDatabaseLoading = ref(false)
+  const remoteDatabaseDisabled = ref(false)
+  watch(remoteDatabase, toggle => {
+    remoteDatabaseForm.value.is_remote = toggle
+    if (toggle) {
+      remoteDatabaseModal.value = true
+    }
+    else {
+      remoteDatabaseModal.value = false
+      remoteDatabaseForm.value = { ..._remoteDatabaseForm } // reset (dereferenced)
+    }
+  }, { immediate: true })
+  const remoteDatabaseCancel = () => {
+    remoteDatabase.value = false
+  }
+  const remoteDatabaseTestError = ref(false)
+  const remoteDatabaseTestMessage = ref('')
+  const remoteDatabaseTest = () => {
+    remoteDatabaseLoading.value = true
+    remoteDatabaseTestError.value = false
+    remoteDatabaseTestMessage.value = undefined
+    $store.dispatch('$_bases/testDatabase', { is_remote: remoteDatabase.value, remote: remoteDatabaseForm.value })
+      .then(() => {
+        remoteDatabaseModal.value = false
+      })
+      .catch(error => {
+        const { response: { data: { message = '' } = {} } = {} } = error
+        remoteDatabaseTestError.value = true
+        remoteDatabaseTestMessage.value = message
+      })
+      .finally(() => {
+        remoteDatabaseLoading.value = false
+      })
+  }
+  const remoteDatabaseRef = ref(null)
+  const remoteDatabaseValid = useDebouncedWatchHandler([remoteDatabaseForm, remoteDatabaseModal], () => (!remoteDatabaseRef.value || remoteDatabaseRef.value.$el.querySelectorAll('.is-invalid').length === 0))
+
   return {
     form,
     schema,
@@ -528,7 +668,21 @@ export const setup = (props, context) => {
     canCreateUser,
     onCreateUser: assignDatabase,
     isCreatingUser,
-    userCreationError
+    userCreationError,
+
+    remoteDatabase,
+    remoteDatabaseModal,
+    remoteDatabaseForm,
+    remoteDatabaseSchema,
+    remoteDatabaseLoading,
+    remoteDatabaseDisabled,
+    remoteDatabaseCancel,
+    remoteDatabaseTest,
+    remoteDatabaseTestError,
+    remoteDatabaseTestMessage,
+    remoteDatabaseRef,
+    remoteDatabaseValid,
+
   }
 }
 
diff --git a/lib/pf/UnifiedApi/Controller/Config/Bases.pm b/lib/pf/UnifiedApi/Controller/Config/Bases.pm
index 83b4448d8955..76c2440ba99d 100644
--- a/lib/pf/UnifiedApi/Controller/Config/Bases.pm
+++ b/lib/pf/UnifiedApi/Controller/Config/Bases.pm
@@ -27,11 +27,13 @@ use pf::pfqueue::status_updater::redis;
 use pf::util::pfqueue qw(consumer_redis_client);
 use pf::config;
 use pf::util;
+use pf::file_paths qw($conf_uploads);
 use pfappserver::Form::Config::Pf;
 use pf::I18N::pfappserver;
 use pf::error qw(is_error);
 use pf::ConfigStore::Pf;
 use pf::ConfigStore::Network;
+use pfappserver::Model::Config::Pfconfig;
 use pf::config qw(
     %Config
     %Doc_Config
@@ -132,8 +134,9 @@ sub database_test {
         $self->render(json => {message => "Unable to parse JSON payload"}, status => 400);
         return;
     }
-    my $db = $json->{database} // "mysql";
-    my ($status, $status_msg) = $self->database_model->connect($db, $json->{username}, $json->{password});
+
+    $json->{database} //= "mysql";
+    my ($status, $status_msg) = $self->database_model->test_connection($json);
     $self->render(json => {message => pf::I18N::pfappserver->localize($status_msg)}, status => $status);
 }
 
@@ -208,24 +211,21 @@ sub database_create {
 
 sub do_database_create {
     my ($self, $json) = @_;
-    my ($status, $status_msg) = $self->database_model->connect("mysql", $json->{username}, $json->{password});
-    if(is_error($status)) {
-        return $status, {message => pf::I18N::pfappserver->localize($status_msg), status => $status};
-    }
-
-    ($status, $status_msg) = $self->database_model->create($json->{database}, $json->{username}, $json->{password});
+    my ($status, $status_msg) = $self->database_model->create_database($json);
     if(is_error($status)) {
         return $status, {message => pf::I18N::pfappserver->localize($status_msg), status => $status};
     }
 
-    ($status, $status_msg) = $self->database_model->schema($json->{database}, $json->{username}, $json->{password});
+    ($status, $status_msg) = $self->database_model->apply_schema($json);
     if(is_error($status)) {
         return $status, {message => pf::I18N::pfappserver->localize($status_msg), status => $status};
     }
 
     my $pf_cs = pf::ConfigStore::Pf->new;
-    $pf_cs->update("database", {db => $json->{database}});
+    my $db = $json->{database};
+    $pf_cs->update("database", {db => $db});
     $pf_cs->commit();
+    pfappserver::Model::Config::Pfconfig->new->update_db_name($db);
     return 200, {message => "Created database and loaded the schema"};
 }
 
@@ -237,26 +237,38 @@ sub database_assign {
         return;
     }
 
-    my ($status, $status_msg) = $self->database_model->connect("mysql", $json->{root_username}, $json->{root_password});
+    my ($status, $status_msg) = $self->database_model->assign_database($json);
     if(is_error($status)) {
         $self->render(json => {message => pf::I18N::pfappserver->localize($status_msg)}, status => $status);
         return;
     }
 
-    ($status, $status_msg) = $self->database_model->assign($json->{database}, $json->{pf_username}, $json->{pf_password});
-    if(is_error($status)) {
-        $self->render(json => {message => pf::I18N::pfappserver->localize($status_msg)}, status => $status);
-        return;
-    }
-
-    require pfappserver::Model::Config::Pfconfig;
     pfappserver::Model::Config::Pfconfig->new->update_mysql_credentials($json->{pf_username}, $json->{pf_password});
 
     my $pf_cs = pf::ConfigStore::Pf->new;
-    $pf_cs->update("database", {user => $json->{pf_username}, pass => $json->{pf_password}});
+    my %database = (user => $json->{pf_username}, pass => $json->{pf_password});
+    if ($json->{is_remote}) {
+        my $remote = $json->{remote};
+        my %database_proxysql = (
+            status => 'enabled',
+            backend => $remote->{host},
+        );
+        if ($remote->{ca_cert}) {
+            my $path = "$conf_uploads/pf/database_proxysql_cacert.crt";
+            open(my $fh, ">", $path);
+            print $fh $remote->{ca_cert};
+            close($fh);
+            $database_proxysql{cacert} = $path;
+        }
+        $pf_cs->update("database_proxysql", \%database_proxysql);
+        $database{port} = '6033';
+        $database{host} = '100.64.0.1';
+    }
+    $pf_cs->update("database", \%database);
     $pf_cs->commit();
-
     $self->render(json => {message => "Granted rights to user and adjusted the configuration"}, status => 200);
+
+    return;
 }
 
 sub test_smtp {
@@ -288,7 +300,8 @@ sub test_smtp {
         return $self->render_error(400, pf::util::strip_filename_from_exceptions($@));
     }
 
-    return $self->render(json => { message => 'Testing SMTP success' });
+    $self->render(json => { message => 'Testing SMTP success' });
+    return;
 }
 
 =head2 fields_to_mask
diff --git a/t/html/pfappserver/cypress/specs/e2e/00-configurator/01-configurator.cy.js b/t/html/pfappserver/cypress/specs/e2e/00-configurator/01-configurator.cy.js
index 7e6b3ccc6b18..f2096ec2b793 100644
--- a/t/html/pfappserver/cypress/specs/e2e/00-configurator/01-configurator.cy.js
+++ b/t/html/pfappserver/cypress/specs/e2e/00-configurator/01-configurator.cy.js
@@ -129,9 +129,11 @@ describe('Configurator', () => {
     cy.get('button[type="button"]:contains(Next Step)').should('have.attr', 'disabled', 'disabled')
 
     // automatic database enabled
+    /*
     cy.get('*[data-form="database"] input[type="range"]').invoke('val').then(value => {
       expect(value).to.equal('1') // enabled
     })
+    */
 
     // fill administrator form
     cy.fixture('configurator').then(configurator => {
diff --git a/t/venom/test_suites/configurator/20_run_configurator_step2.yml b/t/venom/test_suites/configurator/20_run_configurator_step2.yml
index 0e72f80b137b..a5588a968436 100644
--- a/t/venom/test_suites/configurator/20_run_configurator_step2.yml
+++ b/t/venom/test_suites/configurator/20_run_configurator_step2.yml
@@ -74,8 +74,8 @@ testcases:
         "database": "{{.configurator.db.name}}",
         "pf_username": "{{.configurator.db.users.pf.id}}",
         "pf_password": "{{.configurator.db.users.pf.password}}",
-        "root_username": "{{.configurator.db.users.root.id}}",
-        "root_password": "{{.configurator.db.users.root.password}}"
+        "username": "{{.configurator.db.users.root.id}}",
+        "password": "{{.configurator.db.users.root.password}}"
       }
     headers:
       "Content-Type": "application/json"
diff --git a/t/venom/test_suites/configurator_inline/20_run_configurator_step2.yml b/t/venom/test_suites/configurator_inline/20_run_configurator_step2.yml
index 0e72f80b137b..a5588a968436 100644
--- a/t/venom/test_suites/configurator_inline/20_run_configurator_step2.yml
+++ b/t/venom/test_suites/configurator_inline/20_run_configurator_step2.yml
@@ -74,8 +74,8 @@ testcases:
         "database": "{{.configurator.db.name}}",
         "pf_username": "{{.configurator.db.users.pf.id}}",
         "pf_password": "{{.configurator.db.users.pf.password}}",
-        "root_username": "{{.configurator.db.users.root.id}}",
-        "root_password": "{{.configurator.db.users.root.password}}"
+        "username": "{{.configurator.db.users.root.id}}",
+        "password": "{{.configurator.db.users.root.password}}"
       }
     headers:
       "Content-Type": "application/json"
diff --git a/t/venom/test_suites/configurator_inline_l2/20_run_configurator_step2.yml b/t/venom/test_suites/configurator_inline_l2/20_run_configurator_step2.yml
index 0e72f80b137b..a5588a968436 100644
--- a/t/venom/test_suites/configurator_inline_l2/20_run_configurator_step2.yml
+++ b/t/venom/test_suites/configurator_inline_l2/20_run_configurator_step2.yml
@@ -74,8 +74,8 @@ testcases:
         "database": "{{.configurator.db.name}}",
         "pf_username": "{{.configurator.db.users.pf.id}}",
         "pf_password": "{{.configurator.db.users.pf.password}}",
-        "root_username": "{{.configurator.db.users.root.id}}",
-        "root_password": "{{.configurator.db.users.root.password}}"
+        "username": "{{.configurator.db.users.root.id}}",
+        "password": "{{.configurator.db.users.root.password}}"
       }
     headers:
       "Content-Type": "application/json"