X

Best Practices from Oracle Development's A‑Team

Creating Oracle Analytics Connections to Private Autonomous Databases in Remote Regions

Validated April 7, 2021 for OAC 5.9

Introduction

Oracle Analytics Private Access Channel currently disallows an autonomous database domain name in a remote region. This post is a step-by-step workaround for creating private connections to autonomous databases in remote regions using Private Access Channel. It is one of the posts listed in the OAC Private Access Series.

Note: Only one autonomous database region is allowed for RPD connections defined in the development client tool. Continue using Remote Data Gateway for additional regions.

Validations

April 7, 2021 for OAC 5.9

Topics

Before You Begin

Deploying Required Components

Validating Connections to Private Autonomous Databases in Remote Regions

 Before You Begin and Assumptions ℘

Acronyms

OAC Oracle Analytics Cloud
PE Private Endpoint
VCN Virtual Cloud Network
ADB Autonomous Database
DV Data Visualization
OCI Oracle Cloud Infrastructure
FQDN Fully Qualified Domain Name
PAC Private Access Channel
OSN Oracle Services Network
DRG Dynamic Routing Gateway
DNS Domain Name System
ACL Access Control List - Security List

 

Existing Components

This post assumes the following components are deployed for connectivity to a remote region.

COMPONENT USE REFERENCE
VCNs Hosts OAC and ADB subnets link
DRGs Facilitates VPN, FastConnect, and remote peering between regions link
SUBNET Hosts OAC and ADB instances link
ROUTE RULE Routes OAC traffic to a remote region link
SECURITY LIST Allows ADB ingress and OAC egress link

 

Privileges

A user account in an OCI tenancy for managing OAC and network resources

Initial State

 

 Deploying Required Components 

The following table lists the components to be deployed with links for reference.

COMPONENT USE REFERENCE
FQDN Custom FQDN for Remote ADB link
DNS PRIVATE ZONE Custom Zone for FQDN link
PAC DEFINITION Using Custom Domain link
TNSNAMES Using FQDN link
     

 

The following tables provide component details with example values.

FQDN

Create a custom FQDN for the ADB 

OLD NEW  
ASHHUBPRVADW.adb.us-ashburn-1.oraclecloud.com ASHHUBPRVADW.adb.ashburn-pac.com  

 

DNS PRIVATE ZONE

Find the IP address of the remote ADB. This may have to be performed from an instance in the remote region.

Server:        169.254.169.254
Address:    169.254.169.254#53

Non-authoritative answer:
Name:    ASHHUBPRVADW.adb.us-ashburn-1.oraclecloud.com

Address: 10.228.20.67

 

Create a custom private zone for the custom ADB domain and attach it to the default private view of the VCN hosting PAC.

 

Add an "A" record for the custom FQDN to the zone.

TYPE NAME TARGET
ASHHUBPRVADW.adb.ashburn-pac.com 10.228.20.67

 

PAC DEFINITION

Add the custom domain to the PAC definition

 

TNSNAMES

Unzip the ADB credentials, edit the tnsnames.ora file and change the hostname of the ADB to the custom FQDN. 

host=ASHHUBPRVADW.adb.us-ashburn-1.oraclecloud.com

host=ASHHUBPRVADW.adb.ashburn-pac.com

Save the file and re-zip the credential files.

 

Deployed State

The deployed components are depicted below. Click here for a short clip.

 

℘ Validating Connections to Private ADBs in Remote Regions

Validate that OAC can connect to the private ADB in a remote region.

Sign-in to OAC
Click Create > Connection
Choose Autonomous Data Warehouse as the Connection Type
Upload the modified Client Credentials zip file
Choose the appropriate Service Name
Enter the ADB Username and Password
Click Save

 

℘ Connection Flow ℘

The connection flow is shown below. Click here for a short clip.

 

 Summary 

This post provided a step-by-step guide for creating private connections to autonomous databases in remote regions using Private Access Channel.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha