Deploying Oracle Analytics Cloud Remote Data Gateway using Local Peering Gateways

April 1, 2020 | 6 minute read
Text Size 100%:

 

Note: Private Access Channel is now available in Oracle Analytics and is recommended by Oracle for new connections to private data sources. For more information on the feature and the data sources it supports refer to:
    Connect to Private Data Sources Through a Private Access Channel
    Supported Data Sources
    A-Team Chronicles Private Access Channel Series

Last validated March 26, 2020 for OAC 5.5 and RDG 5.5

Introduction

The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.

This post is a step-by-step guide to installing and configuring RDG in a Linux compute instance in a region's private subnet using Local Peering Gateways. The term Local is used here to denote different VCNs with region 

The technique described in this post uses the concept of Local Peering within Regions. The official documentation is Here

This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization

Use Case

The use case is for users to install and configure RDG in a private VCN via public access to a bastion host in a public VCN. RDG then connects privately to OAC and to a private database.

Validations

March 26, 2020 for OAC 5.5 and RDG 5.5

Versions

Oracle Analytics Cloud version 105.5x +

MacBook Pro OS 10.13.6 

Linux 7.7 Compute Instance

Oracle 12c Database

Topics

Before You Begin

Downloading Remote Data Gateway

Installing Remote Data Gateway

Configuring Remote Data Gateway

 Before You Begin

The prerequisites listed in this section require a detailed and functioning knowledge of the Oracle Cloud Infrastructure Networking components. It is beyond the scope of this blog to detail all the requirements. Presented is a list of the requirements with links to the official Oracle documentation.

Reviewing Supported Data Sources and Operating Systems

Ensure your data source is supported by following the instructions in Supported Data Sources.

Ensure your operating system is supported by viewing the list at OAC Downloads.

Common Prerequisites

Deploying RDG requires the following common items:

Compute Instances

Bastion and RDG hosts. Have available the public IP address of the Bastion and the private IP address of the RDG host.

Credentials and Privileges to access the Bastion host and install software on the RDG host.

DB host with connection information and credentials for validating the installation.

SSH Servers in the RDG and Bastion hosts.

Remote Desktop (RDP) on a Windows Bastion host for access to the private RDG Windows Server in lieu of Windows SSH.

Client

SSH Utilities to connect to an RDG host via the Bastion Host (Linux or Windows SSH)

RDP for access to a Windows Bastion host

Initial OCI Components

The initial state has these components. Links to relevant documentation are provided. The following figure shows the initial components:

Oracle Services Network (OSN)

OAC instance

Associated IDCS instance.

Identity

Compartment(s) to contain the Database, Compute, and Networking Resources Here 

Group(s) that contain RDG users and are used by compartment policies

Compartment Policies to Manage Resources Here.

Example policy rule:

Allow group RDG_group to MANAGE all-resources in compartment RDG_compartment

Database

Private Oracle 12c DB Instance Here

Compute 

Refer Here for guidance.

Compute Instance in the Private Subnet Hosting RDG

Compute Instance in the Public Subnet Hosting the Bastion

Networking

Refer Here for an Overview of networking and links to the networking components below.

Two Virtual Cloud Networks VCNs with non-over-lapping IP address ranges (CIDR blocks).

Local Peering Gateways (LPGs) Peered in the Public and Private VCNs

Private VCN

Regional Private Subnet 

Service Gateway for traffic from RDG to OAC

Ingress Rules

For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from the Public VCN.

For Windows RDP,  allowing traffic to port 3389 from the Public VCN.

For the DB, allowing traffic to Port 1521(Listener) from RDG in the same Private Subnet.

Example Ingress Rules:

Route Table

Rule for Traffic to the OSN via the Service Gateway  

Rule for Traffic back to the Public Subnet via the LPG

Example Route Table:

Public VCN

Regional Public Subnet in the Public VCN  

Internet Gateway for SSH/RDP Responses to the Client

Ingress Rules

For Windows RDP,  allowing traffic to  port 3389 from your client(s)

For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from your client(s)

Example Ingress Rules:

Route Table

Rule for Traffic to the Private Subnet via the LPG

Rule for Traffic back to the Client via the Internet Gateway 

Example Route Table:

 Downloading Remote Data Gateway

Go to the Oracle Technical Network (OTN) site, https://www.oracle.com/technetwork/middleware/oac/downloads/index.html, accept the license agreement, choose the desired platform, and download the installer zip file.

 Installing Remote Data Gateway

Follow the steps in Installing Oracle Analytics Cloud Remote Data Gateway to install RDG. For reference, the Oracle documentation for all platforms is Install Data Gateway.

The following shows the Installation architecture and flow:

The Installation and Configuration Process Summary

User connects to OTN and downloads RDG.

User connects to OAC, enables RDG and notes the OAC URL.

User installs RDG.

User configures RDG, generates the key, and pastes it into OAC.

User Tests, Saves and Enables the RDG Agent.

 Configuring Remote Data Gateway

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture and flow.

Operational Process Summary

RDG initiates the connection to OAC via the Service Gateway.

User connects to OAC and issues a query.

OAC passes the query to RDG via the RDG connection.

RDG passes the query to the database.

Database returns the data to RDG.

RDG passes the result data to OAC via the RDG connection.

 Summary

This post described installing and configuring RDG in a region's private VCN using a Bastion host in a Public VCN on Oracle Cloud Infrastructure (OCI). The VCNs are linked via Local Peering Gateways.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley

 

Dayne Carley


Previous Post

Secure way of managing secrets in OCI

Kiran Thakkar | 4 min read

Next Post


Extending SaaS with Cloud Native (Part 1)

Maximilian Froeschl | 1 min read