Best Practices from Oracle Development's A‑Team

Deploying Oracle Analytics Cloud Remote Data Gateway using Local Peering Gateways

Last validated March 26, 2020 for OAC 5.5 and RDG 5.5


The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.

This post is a step-by-step guide to installing and configuring RDG in a Linux compute instance in a region's private subnet using Local Peering Gateways. The term Local is used here to denote different VCNs with region 

The technique described in this post uses the concept of Local Peering within Regions. The official documentation is Here

This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization

Use Case

The use case is for users to install and configure RDG in a private VCN via public access to a bastion host in a public VCN. RDG then connects privately to OAC and to a private database.


March 26, 2020 for OAC 5.5 and RDG 5.5


Oracle Analytics Cloud version 105.5x +

MacBook Pro OS 10.13.6 

Linux 7.7 Compute Instance

Oracle 12c Database


Before You Begin

Downloading Remote Data Gateway

Installing Remote Data Gateway

Configuring Remote Data Gateway

 Before You Begin

The prerequisites listed in this section require a detailed and functioning knowledge of the Oracle Cloud Infrastructure Networking components. It is beyond the scope of this blog to detail all the requirements. Presented is a list of the requirements with links to the official Oracle documentation.

Reviewing Supported Data Sources and Operating Systems

Ensure your data source is supported by following the instructions in Supported Data Sources.

Ensure your operating system is supported by viewing the list at OAC Downloads.

Common Prerequisites

Deploying RDG requires the following common items:

Compute Instances

Bastion and RDG hosts. Have available the public IP address of the Bastion and the private IP address of the RDG host.

Credentials and Privileges to access the Bastion host and install software on the RDG host.

DB host with connection information and credentials for validating the installation.

SSH Servers in the RDG and Bastion hosts.

Remote Desktop (RDP) on a Windows Bastion host for access to the private RDG Windows Server in lieu of Windows SSH.


SSH Utilities to connect to an RDG host via the Bastion Host (Linux or Windows SSH)

RDP for access to a Windows Bastion host

Initial OCI Components

The initial state has these components. Links to relevant documentation are provided. The following figure shows the initial components:

Oracle Services Network (OSN)

OAC instance

Associated IDCS instance.


Compartment(s) to contain the Database, Compute, and Networking Resources Here 

Group(s) that contain RDG users and are used by compartment policies

Compartment Policies to Manage Resources Here.

Example policy rule:

Allow group RDG_group to MANAGE all-resources in compartment RDG_compartment


Private Oracle 12c DB Instance Here


Refer Here for guidance.

Compute Instance in the Private Subnet Hosting RDG

Compute Instance in the Public Subnet Hosting the Bastion


Refer Here for an Overview of networking and links to the networking components below.

Two Virtual Cloud Networks VCNs with non-over-lapping IP address ranges (CIDR blocks).

Local Peering Gateways (LPGs) Peered in the Public and Private VCNs

Private VCN

Regional Private Subnet 

Service Gateway for traffic from RDG to OAC

Ingress Rules

For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from the Public VCN.

For Windows RDP,  allowing traffic to port 3389 from the Public VCN.

For the DB, allowing traffic to Port 1521(Listener) from RDG in the same Private Subnet.

Example Ingress Rules:

Route Table

Rule for Traffic to the OSN via the Service Gateway  

Rule for Traffic back to the Public Subnet via the LPG

Example Route Table:

Public VCN

Regional Public Subnet in the Public VCN  

Internet Gateway for SSH/RDP Responses to the Client

Ingress Rules

For Windows RDP,  allowing traffic to  port 3389 from your client(s)

For Linux and Windows SSH, allowing traffic to Port 22 (SSH) from your client(s)

Example Ingress Rules:

Route Table

Rule for Traffic to the Private Subnet via the LPG

Rule for Traffic back to the Client via the Internet Gateway 

Example Route Table:

 Downloading Remote Data Gateway

Go to the Oracle Technical Network (OTN) site, https://www.oracle.com/technetwork/middleware/oac/downloads/index.html, accept the license agreement, choose the desired platform, and download the installer zip file.

 Installing Remote Data Gateway

Follow the steps in Installing Oracle Analytics Cloud Remote Data Gateway to install RDG. For reference, the Oracle documentation for all platforms is Install Data Gateway.

The following shows the Installation architecture and flow:

The Installation and Configuration Process Summary

User connects to OTN and downloads RDG.

User connects to OAC, enables RDG and notes the OAC URL.

User installs RDG.

User configures RDG, generates the key, and pastes it into OAC.

User Tests, Saves and Enables the RDG Agent.

 Configuring Remote Data Gateway

After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.

After RDG is configured and the connection validated, the following shows the operation architecture and flow.

Operational Process Summary

RDG initiates the connection to OAC via the Service Gateway.

User connects to OAC and issues a query.

OAC passes the query to RDG via the RDG connection.

RDG passes the query to the database.

Database returns the data to RDG.

RDG passes the result data to OAC via the RDG connection.


This post described installing and configuring RDG in a region's private VCN using a Bastion host in a Public VCN on Oracle Cloud Infrastructure (OCI). The VCNs are linked via Local Peering Gateways.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha