Creating a VPN Connection for Oracle Analytics Cloud on Oracle Cloud Infrastructure – Classic

Introduction

This post details the steps required to create a Virtual Private Network (VPN) connection for Oracle Analytics Cloud (OAC) Data Visualization (DV) using Oracle’s VPN as a Service (VPNaaS). VPNaaS is deployed on Oracle Cloud Infrastructure – Classic (OCI-C). VPN is not available on Oracle Cloud Infrastructure (OCI) for Autonomous OAC yet.

The specific use case is adding security to a (DV) data connection to a remote database.

Topics

Creating an IP Network

Provisioning DbaaS on an IP Network

Provisioning Load Balancer on an IP Network

Provisioning OAC on an IP Network

Preparing the Remote VPN Client

Creating a VPN Connection

Completing the Remote VPN Client Configuration

The following illustration depicts these components:

Creating an IP Network

An IP Network must be created in advance of provisioning anything else.

The detailed instructions are in Creating an IP Network.

Access the Compute Classic service console either directly or via the My Services home page.

Click the Network tab, expand IP Network, click IP Networks and then click Create IP Network.

Enter a unique Name.

Enter an IP Address Prefix in CIDR format

Accept the default Not Set for IP Exchange.

Optionally enter a Description.

Optionally enter Tags.

Click Create

The IP Network appears in the list.

Provisioning DbaaS on an IP Network

In this example, the Database as a Service (DbaaS) is used only as a prerequisite for OAC. The provisioning process is detailed in Create Instance: Instance Details Page. Additional options are required and presented when provisioning DBaaS with an IP Network. For the additional options:

Select the same Region used for the IP Network created above.

Select the IP Network.

Accept the checked Assign Public IP box.

Provisioning Load Balancer on an IP Network

A public load balancer is a required prerequisite for OAC instances on an IP network. It acts as a parent to the load balancer created by the OAC provisioning process. It must be created on the same IP network as OAC. The detailed instructions are found in Creating a Load Balancer.

Access the Compute Classic service console either directly or via the My Services home page.

Click the Network tab, expand Load Balancers, click Load Balancers and then click Create Load Balancer.

Enter a unique Name.

Select the IP network to be associated with the load balancer (created above).

Optionally enter a Description.

Leave Permitted Methods blank.

Select Internet Facing for Scheme (this ensures a public load balancer).

Accept the remaining defaults and click Create.

The load balancer shows in the list. After it is provisioned the load balancer shows Healthy but Incomplete. This is OK.

Provisioning OAC on an IP Network

The provisioning process is detailed in Creating a Service. Additional options are required and presented when provisioning OAC with an IP Network. For the additional options:

Select the same Region as the database service you set up for Oracle Analytics Cloud.

Select the same IP Network used for the database service.

Accept the checked Assign Public IP box and click Next.

Select Public Load Balancer to use the public load balancer on the IP network created above.

A new load balancer is provisioned and configured on the IP network by the OAC provisioning process.

Preparing the Remote VPN Client

VPNaaS requires a third-party VPN device in the remote data center. Refer to Third-Party VPN Device Configurations for certified third-party VPN device configurations.

The actual configuration of the device is outside the scope of this post. The configuration is performed by a certified network engineer/administrator.

Make a note of the third-party VPN device’s Public IP Address, domain name, LAN address in Classless Inter-Domain Routing (CIDR) format and the pre-shared key (PSK) to use for the VPN connection.

Creating a VPN Connection

Refer to Creating VPN Connections Using VPNaaS for detailed instructions. This post supplements the instructions with screen shots.

Access the Compute Classic service console either directly or via the My Services home page.

Click the Network tab, expand VPN then VPNaaS, click VPN Connections and then click Create VPN Connection.

Provide the following. An example follows.

Enter a Name.

Select the IP Network (created above).

Leave Connected IP Networks blank.

Select the vNICsets (these were created as part of the DB and OAC provisioning processes).

Enter the Customer Gateway (the public IP address of the VPN device in your data center).

Enter the Customer Reachable Routes (in CIDR format a comma-separated list of subnets in your data center that are reachable using this VPN connection).

Enter a Pre-shared Key (PSK) (This is a text field that must match the key on the gateway in your data center e.g. ATeamPreSharedKey).

Leave the IKE ID blank (it is populated with the Public IP of the VPN Connection during provisioning).

Accept the defaults for the remaining fields and click Create.

The provisioning process may take up to an hour. The status is displayed in the Life Cycle Status field.

Completing the Remote VPN Client Configuration

The actual configuration of the third-party VPN device is outside the scope of this post. This configuration is performed by a certified network engineer/administrator.

Update the device’s VPN/IPsec settings with the Public IP address of the Cloud VPN connection and the Private IP subnet used by OAC.

Summary

This post detailed the steps required to create a VPN connection for OAC DV using Oracle’s VPNaaS.

For more OAC, BICS and BI best practices, tips, tricks, and guidance that the A-Team members gain from real-world experiences working with customers and partners, visit Oracle A-Team Chronicles for BICS and Oracle A-Team Chronicles for OAC.

References

Creating an IP Network

Create DBaaS Instance Details

Creating a Load Balancer

Creating an OAC Service

Creating VPN Connections Using VPNaaS

Oracle A-Team Chronicles for BICS

Oracle A-Team Chronicles for OAC

Add Your Comment