X

Best Practices from Oracle Development's A‑Team

Deploying Oracle Analytics Cloud Remote Data Gateway in a Private Subnet

Last validated November 4, 2019 with OAC 5.4 and RDG 5.4

Introduction

The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.

This post is a step-by-step guide to installing and configuring RDG in a private subnet on Oracle Cloud Infrastructure (OCI). It includes scenarios using the Internet and VPN / FastConnect.

The official documentation is Connect to On-premises Data Sources and Known Issues.

This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization

Updates

Published on November 4, 2019

Versions

  • Oracle Analytics Cloud version 105.4x

  • MacBook Pro OS 10.13.6 

  • Windows Server R12 Compute Instance

  • Linux 7.2 Compute Instance

Topics

  • Before You Begin

  • Downloading Remote Data Gateway

  • Preparing to Install Remote Data Gateway

  • Preparing to Configure Remote Data Gateway via Internet

  • Preparing to Configure Remote Data Gateway using VPN / FastConnect

 Before You Begin

Reviewing Supported Data Sources and Operating Systems

Ensure your data source is supported by following the instructions in Supported Data Sources.

Ensure your operating system is supported by viewing the list at OAC Downloads.

Common Prerequisites

Deploying RDG requires the following common items:

All Platforms

Credentials and Privileges to install software on the RDG host.

Database connection information and credentials for validating the installation.

For Linux and Windows Servers

The IP address or host name where RDG is to be installed.

For Linux

A Graphical User Interface or alternatives such as VNC and X11 Note: If using X11 for the Internet Scenario, both the bastion and the RDG host must be configured.

SSH Utilities to access Linux

For Windows

The Microsoft Remote Desktop (RDP) utility for accessing remote Windows servers.

On-Premise Prerequisites

Internet Scenario

Routing rules allowing user access to Identity Cloud Service (IDCS) and OAC via the Internet.

VPN / FastConnect Scenario

Routing rules allowing user access to the Dynamic Routing Gateway (DRG) described below; and to IDCS via the internet, if it is in a different region

Basic OCI Prerequisites

For additional detail regarding Service Gateway visit Service Gateway for OAC Remote Data Gateway in a Private Subnet

The following must be in place. Links to the relevant documentation are provided.

  • Compartment to contain a Virtual Cloud Network (VCN) Here

  • Compartment Privilege Policies to create resources and manage instances Here

  • VCN Here

  • Service Gateway allowing private traffic to access OAC inside the Oracle Services Network Here

  • Route Table associated with the private subnet directing traffic to the Service Gateway Here 

Public Subnet Prerequisites

Internet Scenario Components

  • Regional Public Subnet Here

  • Internet Gateway (IG) allowing access into and out of the VCN Here

  • Route table associated with the public subnet directing traffic to the internet gateway Here

  • Compute Instance acting as a bastion host for access to the RDG host Here

  • Note: For Linux hosts without a GUI, RDG installation requires both a Linux and Windows bastion host.

  • Network Security Groups (NSG) or Security List associated with the public subnet to control traffic at the packet level Here

  • Ingress rules in the above allowing ingress to ports 22 and/or 3189. Port 22 is for SSH access to Linux and port 3189 is for RDP access to Windows.

Private Subnet Prerequisites

This post uses a private database in the same private subnet as the RDG.

  • Regional Private Subnet Here

  • Compute Instance with a supported OS image to host the RDG Here

  • Network Security Groups (NSG) or Security List associated with the private subnet to control traffic at the packet level Here

  • Note: If using Linux, port 8080 (default) must be opened in the firewall of the RDG host. See Here for guidance.

  • Ingress rules in the above allowing ingress to ports 22 and/or 3189. Port 22 is for SSH access to Linux and port 3189 is for RDP access to Windows. If using Linux, Port 8080 (default) is required for HTTP access.

  • Supported Private Database Cloud Instance Here

  • Ingress rule allowing ingress to port 1521(default). Port 1521 is the default port for the database listener.

VPN / FastConnect Scenario Components

  • VPN Here or FastConnect Here

  • DRG attached to the VCN allowing ingress Here

  • Route Table attached to the DRG directing traffic to the Service Gateway Here 

 Downloading Remote Data Gateway

Go to the Oracle Technical Network (OTN) site, https://www.oracle.com/technetwork/middleware/oac/downloads/index.html, accept the license agreement, choose the desired platform, and download the installer zip file.

Internet Scenario

Windows

Copy or share via RDP the installer with the bastion host.

Then do the same with the RDG host.

Linux

Use Secure Copy (SCP) to copy the installer to the bastion host. Also copy the SSH private key.

Then SCP the installer to the RDG host. An example SCP command is below:

scp -i <path to installer file> opc@< IP address or host name >:/tmp

VPN / FastConnect Scenario

Windows

Copy or share via RDP the installer with the RDG host.

Linux

Use Secure Copy (SCP) to copy the installer to the RDG host. An example command is above.

 Preparing to Install Remote Data Gateway

The steps for all platforms are documented in Install Data Gateway.

Internet Scenario

Windows

RDP to the bastion host.

Then do the same with the RDG host.

Linux

SSH to the bastion host.

Then do the same with the RDG host.

An example SSH command is below:

ssh -i <path to private key> opc@< IP address or host name

VPN / FastConnect Scenario

Windows

RDP to the RDG host.

Linux

SSH to the RDG host.

An example SSH command is below:

ssh -i <path to private key> opc@< IP address or host name

Follow the steps in Installing Oracle Analytics Cloud Remote Data Gateway to install RDG.

Tip: For higher availability and performance, install an agent in each availability domain. Complete the relevant configuration section for each installation.

 Preparing to Configure Remote Data Gateway via the Internet Scenario

This scenario uses the internet to reach OAC and the bastion host(s). Local routing is used to access the private RDG.

Ensure the OCI components shown below and listed in the prerequisites are configured.

The following shows the installation and configuration architecture.

The Process:

  • User connects to OTN and downloads RDG

  • User uploads the installer to the bastion host.

  • User connects to the bastion host via the Internet Gateway

  • User connects to the RDG host from the bastion host.

  • User installs RDG

  • User connects to OAC and authenticates with IDCS

  • User enables RDG in OAC and notes the OAC URL

  • User opens a browser session on the RDG host from the bastion host, generates the key, and pastes it into the OAC agent configuration

  • Note: If configuring RDG on Linux, the browser session is initiated by a Windows bastion host.

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture.

The Process:

  • RDG initiates the connection to OAC via the Service Gateway

  • User connects to OAC which may include authenticating with IDCS 

  • User issues a query

  • OAC passes the query to RDG via the RDG connection

  • RDG passes the query to the database.

  • Database returns the data to RDG

  • RDG passes the result data to OAC via the RDG connection.

 Preparing to Configure Remote Data Gateway with the VPN or FastConnect Scenario

This scenario uses VPN or FastConnect to reach OAC and RDG.

Ensure the OCI components shown below and listed in the prerequisites are configured.

The official documentation for connecting to OAC via VPN and FastConnect is Transit Routing: Private Access to Oracle Services.

The following shows the installation and configuration architecture.

The Process:

  • User connects to OTN and downloads RDG

  • User uploads the installer to RDG Host

  • User connects to the RDG host via the DRG.

  • User installs RDG

  • User connects to OAC via the Service Gateway and authenticates with IDCS

  • User enables RDG in OAC and notes the OAC URL

  • User configures RDG, generates the key, and pastes it into the OAC agent configuration

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture.

The Process:

  • RDG initiates the connection to OAC

  • User connects to OAC which may include authenticating with IDCS 

  • User issues a query

  • OAC passes the query to RDG via the RDG connection

  • RDG passes the query to the database.

  • Database returns the data to RDG

  • RDG passes the result data to OAC via the RDG connection.

 Summary

This post described installing and configuring RDG in a private subnet on Oracle Cloud Infrastructure (OCI). It included scenarios using the Internet and VPN / FastConnect.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha