Note: Private Access Channel is now available in Oracle Analytics and is recommended by Oracle for new connections to private data sources. For more information on the feature and the data sources it supports refer to:
    Connect to Private Data Sources Through a Private Access Channel
    Supported Data Sources
    A-Team Chronicles Private Access Channel Series

Last validated on October 22, 2020 for OAC 5.8

Introduction

The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.

This post is a step-by-step guide to installing and configuring RDG in a private subnet on Oracle Cloud Infrastructure (OCI) that connects to a public OAC.. It includes scenarios using the Internet and VPN / FastConnect.

This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization

Validations

October 22, 2020 for OAC 5.8

February 14, 2020 for OAC 5.5 and RDG 5.5

November 4, 2019 with OAC 5.4 and RDG 5.4

Topics

Before You Begin

Downloading Remote Data Gateway

Preparing to Install Remote Data Gateway

Preparing to Configure Remote Data Gateway via Internet

Preparing to Configure Remote Data Gateway using VPN / FastConnect

 Before You Begin

Reviewing Supported Data Sources and Operating Systems

Ensure your data source and operating system is supported per OAC documentation.

Common Prerequisites

Deploying RDG requires the following common items:

All Platforms

An OCI Compute Instance to host RDG

Credentials and Privileges to install software on the RDG host.

Database connection information and credentials for validating the installation.

For Linux and Windows Servers

The IP address or host name where RDG is to be installed.

For Linux

SSH Utilities to access Linux.

This post uses a MAC client and an SSH config file. Refer to this post for details and methods.

The relevant entries used in this post are found below:

Internet Scenario

Host    BASTION-HOST
        HostName 132.145.178.234
        User opc
        IdentityFile /Users/dcarley/privateKey

Host    RDG-HOST
        HostName 10.0.3.4
        User opc
        IdentityFile /Users/dcarley/privateKey
        ProxyJump opc@BASTION-HOST
        LocalForward 8080 localhost:8080

VPN / FastConnect Scenario

Host    RDG-HOST
        HostName 10.0.3.4
        User opc
        IdentityFile /Users/dcarley/privateKey
        LocalForward 8080 localhost:8080

For Windows

The Microsoft Remote Desktop (RDP) utility for accessing remote Windows servers.

On-Premise Prerequisites

Internet Scenario

Routing rules allowing user access to Identity Cloud Service (IDCS) and OAC via the Internet.

VPN / FastConnect Scenario

Routing rules allowing user access to the Dynamic Routing Gateway (DRG) described below and to IDCS.  If IDCS is in a different region refer to this post for private methods.

Basic OCI Prerequisites

For additional detail regarding Service Gateway visit Service Gateway for OAC Remote Data Gateway in a Private Subnet

The following must be in place. Links to the relevant documentation are provided.

Compartment to contain a Virtual Cloud Network (VCN) Here

Compartment Privilege Policy statement(s) to create resources and manage instances Here e.g.

Allow group dcarley_compartment_OAC_Group to manage all-resources in compartment OAC_Compartment

VCN Here

Service Gateway allowing private traffic to access OAC inside the Oracle Services Network Here

Route Table associated with the private subnet directing traffic to the Service Gateway Here e.g.

Public Subnet Prerequisites

Internet Scenario Components

Regional Public Subnet Here

Compute Instance acting as a bastion host for access to the RDG host Here

Note: For Linux hosts without a GUI, RDG configuration requires a browser. Your browser and SSH port forwarding may be used together.

Network Security Groups (NSG) or Security List associated with the public subnet to control traffic at the packet level Here

Ingress rules in the above allowing ingress to ports 22 and/or 3389. Port 22 is for SSH access to Linux and port 3389 is for RDP access to Windows. e.g.

Private Subnet Prerequisites

Common Components

Regional Private Subnet Here

Compute Instance with a supported OS image to host the RDG Here

Network Security Groups (NSG) or Security List associated with the private subnet to control traffic at the packet level Here

Ingress rules in the above allowing ingress to ports 22 and/or 3389. Port 22 is for SSH access to Linux and port 3389 is for RDP access to Windows. 

VPN / FastConnect Scenario Components

VPN Here or FastConnect Here

DRG attached to the VCN allowing ingress Here

Route Table attached to the DRG directing traffic to the Service Gateway Here e.g.

 Downloading Remote Data Gateway

Go to the Oracle Technical Network (OTN) site, https://www.oracle.com/technetwork/middleware/oac/downloads/index.html, accept the license agreement, choose the desired platform, and download the installer zip file.

Internet Scenario

Windows

Download the installer using the bastion host.

Copy or share the download with the RDG host.

Linux

Use Secure Copy (SCP) to copy the installer to the RDG host.

An example SCP command is below:

scp <path to installer file> RDG_HOST:/home/opc

VPN / FastConnect Scenario

Windows

Download or copy the installer using / to the RDG host.

Linux

Use Secure Copy (SCP) to copy the installer to the RDG host. An example command is above.

 Preparing to Install Remote Data Gateway

Internet Scenario

Windows

RDP to the bastion host.

Then do the same to the RDG host.

Linux

SSH to the RDG host.

An example SSH command is below:

ssh RDG-HOST

VPN / FastConnect Scenario

Windows

RDP to the RDG host.

Linux

SSH to the RDG host.

An example SSH command is above.

Follow the steps in Installing Oracle Analytics Cloud Remote Data Gateway to install RDG.

Tip: For higher availability and performance, install an agent in each availability domain. Complete the relevant configuration section for each installation.

 Preparing to Configure Remote Data Gateway via the Internet Scenario

This scenario uses the internet to reach OAC and the bastion host(s). Local routing is used to access the private RDG.

Ensure the OCI components shown below and listed in the prerequisites are configured.

The following shows the installation and configuration architecture.

The Process:

User connects to OTN and downloads RDG

User copies the installer to a Linux RDG host or downloads it to the Windows RDG host using the bastion.

User connects to the Windows bastion host via RPD and then connects to the RDG host.

User connects to the Linux RDG hosting SSH.

User installs RDG

User connects to OAC and authenticates with IDCS

User enables RDG in OAC and notes the OAC URL

User opens a local browser session on a Linux RDG host using SSH port forwarding e.g. https://localhost:8080/obiee/config.jsp or the runs the data gateway.exe process on a Windows RDG host.

User generates the key and pastes it into the OAC agent configuration.

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture.

The Process:

RDG initiates the connection to OAC via the Service Gateway

User connects to OAC which may include authenticating with IDCS 

User issues a query

OAC passes the query to RDG via the RDG connection

RDG passes the query to the database.

Database returns the data to RDG

RDG passes the result data to OAC via the RDG connection.

 Preparing to Configure Remote Data Gateway with the VPN or FastConnect Scenario

This scenario uses VPN or FastConnect to reach OAC and RDG.

Ensure the OCI components shown below and listed in the prerequisites are configured.

The official documentation for connecting to OAC via VPN and FastConnect is Transit Routing: Private Access to Oracle Services.

The following shows the installation and configuration architecture.

The Process:

User connects to OTN and downloads RDG

User uploads the installer to RDG Host

User connects to the RDG host via the DRG.

User installs RDG

User connects to OAC via the Service Gateway and authenticates with IDCS

User enables RDG in OAC and notes the OAC URL

User configures RDG, generates the key, and pastes it into the OAC agent configuration

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture.

The Process:

RDG initiates the connection to OAC

User connects to OAC which may include authenticating with IDCS 

User issues a query

OAC passes the query to RDG via the RDG connection

RDG passes the query to the database.

Database returns the data to RDG

RDG passes the result data to OAC via the RDG connection.

 Summary

This post described installing and configuring RDG in a private subnet on Oracle Cloud Infrastructure (OCI). It included scenarios using the Internet and VPN / FastConnect.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley