Best Practices from Oracle Development's A‑Team

Connecting to Oracle Analytics Cloud Private Endpoint from within the VCN

Validated October 1, 2020 with OAC 5.8


Oracle Analytics Cloud (OAC) may now be provisioned within a Virtual Cloud network (VCN) with a private IP address.

This post describes the primary Oracle Cloud Infrastructure (OCI) component required to connect to a private OAC instance and a step-by-step guide to the process for connecting from within the same VCN.

This is one of the OAC private endpoint posts listed in this parent post.


October 1, 2020 with OAC 5.8

July 24, 2020 with OAC 5.7 


Before You Begin

Securing Access to OAC in a Private Subnet

Provisioning a Security List for OAC in a Private Subnet

Connecting to OAC

 Before You Begin

The following diagram depicts the prerequisites required. These components are in place after provisioning OAC.

 Securing Access to OAC in a Private Subnet

The process in this post creates a new security list with a rule that opens the https port 443 for access using the OAC URL. The topology is shown below. 

 Creating a Security List for OAC

A security list acts as a virtual firewall for an instance, with ingress and egress rules that specify the types of traffic allowed in and out. This post provisions a new security list with an ingress rule allowing TCP traffic destined to port 443 from a public subnet in the same VCN. 

The following is a step-by-step guide for creating the security list for the private subnet containing OAC.

Connect to the OAC Console and navigate to the VCN where OAC is provisioned.


Under Resources click Security Lists.

Security List

Click Create Security List.

Enter a Name e.g. OACPE-PRVSN-SL

Accept the default for Create in Compartment

Ignore rules for now and click Create Security List

Ingress Rule

Click on the link for the new security list.

Under Ingress Rules click Add Ingress Rule 

Accept the defaults for Stateless and Source Type

Enter a CIDR for Source CIDR e.g. In this post this is the CIDR for the VCN hosting OAC.

Use TCP for the IP Protocol

Optionally enter a Source Port Range

Enter 443 for the Destination Port Range

Optionally enter a Description

Click Add Ingress Rule

Associate with Subnet

Navigate to the subnet provisioned for OAC. Under Security Lists click Add Security List.

Accept the default Security List Compartment

From the drop-down select the Security List created above

Click Add Security List

 Connecting to OAC

Connect to a Windows instance in the same VCN and open a browser session.

Enter the OAC URL and connect as a user with an OAC application role to view the home page. If you need the URL, open a session in the OCI Console and navigate to the OAC instance details.


This post described the primary Oracle Cloud Infrastructure (OCI) component required to connect to a private OAC instance and a step-by-step guide to create it.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha