X

Best Practices from Oracle Development's A‑Team

Deploying a Vanity URL for Oracle Analytics

Validated February 18 , 2021 with OAC 5.9

Introduction

Oracle Analytics public and private endpoint instances may now be accessed via an additional web address / Uniform Resource Locator (URL) of your choice. This means your Oracle Analytics address can be suffixed with your organization's domain name e.g. my-large-company.com, my-large-university.edu, my-large-organization.org. This address is referred to as a vanity URL and is subject to the following:

  • You are limited to one additional name and you must choose a standard top-level domain e.g., .com, .edu as defined by the Internet Assigned Numbers Authority. 
  • Subdomains below the top e.g. oraclecloud.com must be registered with a domain name registrar. 
  • Your full address or fully qualified domain name must have an associated transport layer security certificate signed by a trusted certificate authority. 
  • Proof of domain registration is required by the certificate authority.
  • Self-signed certificates are not supported.

Note: Your original OAC address is valid and may be used in conjunction with the new address.

This post provides a step-by-step guide for deploying a vanity URL for an instance of Oracle Analytics and is one of the posts listed in the OAC Private Endpoint Series.

Validations

February 18, 2021 with OAC 5.9 

Topics

Before You Begin

Deploying the Vanity URL

Connecting to Oracle Analytics using the Vanity URL

Connection Flows

 

 Before You Begin and Assumptions  

Acronyms

OAC Oracle Analytics Cloud
CA Certificate Authority
OCI Oracle Cloud Infrastructure
TLS Transport Layer Security
FQDN Fully Qualified Domain Name
SSL Secure Socket Layer
OSN Oracle Services Network
DNS Domain Name System
CNAME Canonical Name
URL Uniform Resource Locator
   

 

Privileges

A user account in an OCI tenancy for managing analytics components.
A user account in an instance of OAC.

OAC

A public or private OAC instance version 5.9 or later.

TLS Trusted Certificate

You must have a X.509 TLS certificate for your vanity domain name signed by a trusted CA and its associated private key.

Domain Name System

DNS provides a worldwide, distributed directory service for translating FQDNs to their associated numerical IP address. Refer here for a post describing various DNS scenarios and the components necessary to resolve vanity URL hostnames. You must have a DNS entry that resolves your vanity FQDN to the IP address of your Oracle Analytics instance. Use the same DNS server that you use to resolve the native FQDN.

If necessary, create a DNS zone for the domain of the vanity FQDN. e.g. myorg.com for a FQDN of my-prefix.myorg.com. Add a CNAME record to the zone mapping the vanity FQDN to the native FQDN. Each DNS is different. An example an OCI DNS CNAME record creation is below:

OAC Connectivity

Ensure you can connect to your OAC instance using both the native and the vanity URLs via TCP. This ensures the proper gateways, access rules and DNS are in place before proceeding.

Linux / Mac

Use the nc command.

nc -v -i 2 -w 2  your-OAC-Native-FQDN 443
nc -v -i 2 -w 2  your-OAC-Vanity-FQDN 443

Windows PowerShell

Use the Test Network Connection (tnc) command.

tnc your-OAC-Native-FQDN -port 443
tnc your-OAC-Vanity-FQDN -port 443

Note: Ensure the original and the vanity FQDNs resolve to the same IP address.

 

OAC Public Initial State

Note: Oracle Analytics is an Oracle-managed service; the architecture and components are hidden from public view. The diagrams presented here are a simplified approximation of the hidden components to help visualize what may be occurring.

 

  • The User has the native OAC URL
  • DNS has a "CNAME" or "A" record for the native FQDN that resolves to the OAC load balancer public IP address
  • The load balancer has a listener with the trusted certificate for the native FQDN

 

OAC Private Initial State

The private state differs from the public state; the DNS record resolves to the IP address of the OAC private endpoint.

 

 Deploying the Vanity URL 

Ensure you have the location of your trusted TLS certificate and private key before performing this step.

Navigate to the Vanity URL Details

Connect to the OCI Console and select Analytics and Analytics Cloud from the menu.

Select your Compartment and click on your Instance. Under Access Information click Create Vanity URL.

Complete the Vanity URL Details

  • Select Choose or Paste and supply the TLS trusted certificate.
  • Select Choose or Paste and supply the certificate's private key.
    • Enter a Private Key Passphrase for the private key if necessary.
  • Click Create.

 

OAC Public Enabled State

  • The User has an additional Vanity OAC URL
  • DNS has an additional "CNAME" or "A" record for the vanity FQDN that resolves to the OAC load balancer public IP address
  • The load balancer has an additional listener with the trusted certificate for the vanity FQDN

 

OAC Private Enabled State

The private state differs from the public state; the vanity DNS record resolves to the IP address of the OAC private endpoint.

 

 Connecting to Oracle Analytics using the Vanity URL 

Note: Wait until the instance is an active state before using the vanity URL.

Connect to OAC

Replace the original Analytics FQDN with your vanity FQDN.

 

℘ Connection Flows ℘

OAC Public Flow

  • The user enters the vanity URL into a browser
  • The browser resolves the vanity FQDN using DNS
  • The browser sends the connection request
  • The vanity URL listener receives the request and sends the trusted certificate
  • The browser begins a session using the vanity URL and certificate

 

OAC Private Flow

The private and public flows are identical.

 

 Summary 

This post provided a step-by-step guide for deploying a vanity URL for an instance of Oracle Analytics.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley