Note: Private Access Channel is now available in Oracle Analytics and is recommended by Oracle for new connections to private data sources. For more information on the feature and the data sources it supports refer to:
    Connect to Private Data Sources Through a Private Access Channel
    Supported Data Sources
    A-Team Chronicles Private Access Channel Series

Last validated October 20, 2020 for OAC 5.8

Introduction

The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.

This post is a step-by-step guide to installing and configuring RDG in a remote region's private subnet on Oracle Cloud Infrastructure (OCI). The term Remote is used here to denote a different region e.g. OAC in Phoenix (PHX) and the DB and RDG in Ashburn (ASH). Although connectivity is simple over the internet, ensuring private connectivity is more complex and is the subject of this post.

The technique described in this post uses the concept of Remote Peering Across Regions. The official documentation is Here

This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization

Note: If IDCS is in a different region than OAC, access to it for authentication may be via an internet or NAT gateway as described in this post. For private access to a remote IDCS refer to Privately Accessing Oracle Services Residing in Different Regions

Validations

October 20, 2020 for OAC 5.8

May 20, 2020 for OAC 5.6

February 14, 2020 for OAC 5.5 and RDG 5.5

December 13, 2019 with OAC 5.4 and RDG 5.4

Topics

Before You Begin

Installing Remote Data Gateway

Configuring Remote Data Gateway

 Before You Begin

The prerequisites listed in this section require a detailed and functioning knowledge of the Oracle Cloud Infrastructure Networking components. It is beyond the scope of this blog to detail all the requirements. Presented is a list of the requirements with links to the official Oracle documentation.

Common Prerequisites

Deploying RDG requires the following common items:

All Platforms

Credentials and Privileges to install software on the RDG host.

Database connection information and credentials for validating the installation.

For Linux and Windows Servers

The IP address or host name where RDG is to be installed.

For Linux

Optionally a Graphical User Interface such as VNC or X11

SSH Utilities to access Linux

For Windows

The Microsoft Remote Desktop (RDP) utility or SSH Utilities for accessing remote Windows servers.

Initial OCI Components

The initial state has these components. Links to relevant documentation are provided. The following figure shows the initial components:

ASHBURN

Compartment to contain a Virtual Cloud Network (VCN) Here 

Compartment Policies to Manage Resources Here

VCN Here 

Regional Private Subnet Here

Network Security Group (NSG) or Security List associated with the private subnet to control traffic at the packet level Here

Supported Private Database Cloud Instance Here

Ingress rule allowing ingress to DB listener port in the above NSG / Security List

PHOENIX

OAC instance

Associated IDCS instance

Additional OCI Components

The figure below shows the additional components required.

ASHBURN

DRG Attached to the VCN Here

Remote Peering Connection (RPC) associated with the DRG for peering with the remote region. Remote Peering Connection

NAT Gateway allowing traffic to an IDCS if it is in a different region than OAC. Here

Private Subnet Route Table Routing Traffic to either the NAT Gateway or to the DRG Here.  An example is below:

Compute Instance in the Private Subnet Hosting RDG Here

NSG / Security List allowing traffic to port 22 (SSH), 1521 (DB) and if using a Windows host port 3389 (Remote Desktop) . An example is below:

PHOENIX

Compartment to contain a Virtual Cloud Network Here 

Compartment Policies to Manage Resources Here

VCN to accommodate a Service Gateway (SG) and a Dynamic Routing Gateway (DRG) Here  Note: The Regional VCN CIDR blocks must not overlap.

Service Gateway (SG) for private traffic into the Oracle Services Network and OAC. For additional detail regarding Service Gateway visit Service Gateway for OAC Remote Data Gateway in a Private Subnet

Dynamic Routing Gateway (DRG) for traffic to and from the remote region Here

DRG Attached to the VCN Here

Remote Peering Connection (RPC) associated with the DRG for peering with the remote region. Remote Peering Connection

Route Table Routing Traffic from the DRG to the SG Here

Route Table Routing Traffic from the SG back to the DRG Here

 Installing Remote Data Gateway

Linux 

SSH into the Linux instance with the private key. e.g.

ssh -i < private key path >  opc@< Public IP address or host name >

Windows

RDP into the Windows instance.

Follow the steps in Installing Oracle Analytics Cloud Remote Data Gatewayto install RDG.

Tip: For higher availability and performance, install an agent in each availability domain. Complete the relevant configuration section for each installation.

 Configuring Remote Data Gateway

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture.

The Process:

RDG initiates the connection to OAC via the Remote Peering Connections and the Service Gateway

User connects to OAC which may include authenticating with IDCS 

User issues a query

OAC passes the query to RDG via the RDG connection

RDG passes the query to the database.

Database returns the data to RDG

RDG passes the result data to OAC via the RDG connection.

 Summary

This post described installing and configuring RDG in a remote region's private subnet on Oracle Cloud Infrastructure (OCI). An example used is with OAC in Phoenix (PHX) and the DB and RDG in Ashburn (ASH).

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley