Note: Private Access Channel is now available in Oracle Analytics and is recommended by Oracle for new connections to private data sources. For more information on the feature and the data sources it supports refer to:
Connect to Private Data Sources Through a Private Access Channel
Supported Data Sources
A-Team Chronicles Private Access Channel Series
The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.
This post is a step-by-step guide to installing and configuring RDG in a Linux compute instance in a region's private subnet using Local Peering Gateways. The term Local is used here to denote different VCNs with region
The technique described in this post uses the concept of Local Peering within Regions. The official documentation is Here
This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization
The use case is for users to install and configure RDG in a private VCN via public access to a bastion host in a public VCN. RDG then connects privately to OAC and to a private database.
March 26, 2020 for OAC 5.5 and RDG 5.5
Oracle Analytics Cloud version 105.5x +
MacBook Pro OS 10.13.6
Linux 7.7 Compute Instance
Oracle 12c Database
Before You Begin
Downloading Remote Data Gateway
Installing Remote Data Gateway
Configuring Remote Data Gateway
The prerequisites listed in this section require a detailed and functioning knowledge of the Oracle Cloud Infrastructure Networking components. It is beyond the scope of this blog to detail all the requirements. Presented is a list of the requirements with links to the official Oracle documentation.
Ensure your data source is supported by following the instructions in Supported Data Sources.
Ensure your operating system is supported by viewing the list at OAC Downloads.
Deploying RDG requires the following common items:
Bastion and RDG hosts. Have available the public IP address of the Bastion and the private IP address of the RDG host.
Credentials and Privileges to access the Bastion host and install software on the RDG host.
DB host with connection information and credentials for validating the installation.
SSH Servers in the RDG and Bastion hosts.
Remote Desktop (RDP) on a Windows Bastion host for access to the private RDG Windows Server in lieu of Windows SSH.
SSH Utilities to connect to an RDG host via the Bastion Host (Linux or Windows SSH)
RDP for access to a Windows Bastion host
The initial state has these components. Links to relevant documentation are provided. The following figure shows the initial components:
OAC instance
Associated IDCS instance.
Compartment(s) to contain the Database, Compute, and Networking Resources Here
Group(s) that contain RDG users and are used by compartment policies
Compartment Policies to Manage Resources Here.
Example policy rule:
Allow group RDG_group to MANAGE all-resources in compartment RDG_compartment
Private Oracle 12c DB Instance Here
Refer Here for guidance.
Compute Instance in the Private Subnet Hosting RDG
Compute Instance in the Public Subnet Hosting the Bastion
Refer Here for an Overview of networking and links to the networking components below.
Two Virtual Cloud Networks VCNs with non-over-lapping IP address ranges (CIDR blocks).
Local Peering Gateways (LPGs) Peered in the Public and Private VCNs
Regional Private Subnet
Service Gateway for traffic from RDG to OAC
Ingress Rules
For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from the Public VCN.
For Windows RDP, allowing traffic to port 3389 from the Public VCN.
For the DB, allowing traffic to Port 1521(Listener) from RDG in the same Private Subnet.
Example Ingress Rules:
Route Table
Rule for Traffic to the OSN via the Service Gateway
Rule for Traffic back to the Public Subnet via the LPG
Example Route Table:
Regional Public Subnet in the Public VCN
Internet Gateway for SSH/RDP Responses to the Client
Ingress Rules
For Windows RDP, allowing traffic to port 3389 from your client(s)
For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from your client(s)
Example Ingress Rules:
Route Table
Rule for Traffic to the Private Subnet via the LPG
Rule for Traffic back to the Client via the Internet Gateway
Example Route Table:
Go to the Oracle Technical Network (OTN) site, https://www.oracle.com/technetwork/middleware/oac/downloads/index.html, accept the license agreement, choose the desired platform, and download the installer zip file.
Follow the steps in Installing Oracle Analytics Cloud Remote Data Gateway to install RDG. For reference, the Oracle documentation for all platforms is Install Data Gateway.
User connects to OTN and downloads RDG.
User connects to OAC, enables RDG and notes the OAC URL.
User installs RDG.
User configures RDG, generates the key, and pastes it into OAC.
User Tests, Saves and Enables the RDG Agent.
After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.
RDG initiates the connection to OAC via the Service Gateway.
User connects to OAC and issues a query.
OAC passes the query to RDG via the RDG connection.
RDG passes the query to the database.
Database returns the data to RDG.
RDG passes the result data to OAC via the RDG connection.
This post described installing and configuring RDG in a region's private VCN using a Bastion host in a Public VCN on Oracle Cloud Infrastructure (OCI). The VCNs are linked via Local Peering Gateways.
For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley