X

Best Practices from Oracle Development's A‑Team

Enabling Private Connections to Oracle EPM Cloud Planning

Validated March 23, 2021

Introduction

Oracle Enterprise Performance Management Cloud Planning is now available on Oracle Cloud Infrastructure. This allows the use of dynamic routing gateways and service gateways to ensure private network traffic from your location. Refer here for an overview of the product and here for documentation on the networking aspects.

This post is a step-by-step guide for font the components necessary to simulate private access from your on-premise environments.

Validations

March 31, 2021 with:

Topics

Before You Begin

Deploying Required Components

Validating Private Access

 Before You Begin and Assumptions ℘

Acronyms

EPM Enterprise Performance Management
OCI Oracle Cloud Infrastructure
VCN Virtual Cloud Network
DRG Dynamic Routing Gateway
VPN Virtual Private Network
CPE Customer Premise Equipment
RPC Remote Peering Connection
ACL Access Control List
RDP Microsoft Remote Desktop

 

EPM Cloud Planning

A subscription for an instance running on OCI. This post refers to the service as EPM.

Tenancy

A tenancy subscribed to the region hosting EPM and one other region to simulate your on-premise environment.

Privileges

A user account in the above OCI tenancy for managing compute and network resources
A user account in EPM for validating connectivity.

Initial State

 

 Deploying Required Components 

The following table lists the scenario components deployed with links for reference.

COMPONENT USE REFERENCE
VCN Hosts gateways, subnets, ACLs and route tables link
DRG Facilitates VPN, FastConnect, and Remote Peering link
REMOTE PEERING CONNECTION Simulates VPN and FastConnect link
SERVICE GATEWAY Provides access to and from the public EPM instance link
SUBNET Hosts the compute instance and load balancer link
COMPUTE INSTANCE Provides the browser to reach EPM link
LOAD BALANCER Provides access to the compute instance link
ROUTE RULE Routes a subnet's traffic out of a VCN link
SECURITY LIST Allows ingress and egress for subnet resources link
     

 

The following tables provide component details with example values.

VCN

Create a VCN in each region. 

NAME CIDR REGION
VCN1 10.10.10.0/23 Region 1
VCN2 10.10.20.0/23 Region 2

 

DRG

Create a DRG in each region and attach to the respective VCNs.

NAME VCN  
DRG1 VCN1  
DRG2 VCN2  

 

RPC

Create an RPC for each DRG and peer them.

NAME DRG  
RPC1 DRG1  
RPC2 DRG2  

 

Service Gateway

Create a Service Gateway in the EPM region

NAME VCN  
SG2 VCN2  

 

Subnet

Create a public and private subnet in the simulating region to host the load balancer and browser instance.

NAME CIDR  
VCN1-PUB-SN 10.10.10.0/27  
VCN1-PRV-SN 10.10.10.32/27  

 

Compute Instance

Create a compute instance with a browser in the private subnet 

OS IP SUBNET
WINDOWS 10.10.10.34 VCN1-PRV-SN

 

Optional Load Balancer

Note: If you do not have access to the private Windows instance through VPN, FastConnect etc., use a public Load Balancer or a public Windows instance as a bastion.

Create a load balancer in the public subnet to provide access to the compute instance

SUBNET IP LISTEN PORT BACKEND
VCN1-PUB-SN 149.86.23.12 3389 10.10.10.34

 

Route Rule

Create route rules for traffic leaving region 1 and entering region 2

NAME DESTINATION TARGET ATTACHED TO DESC.
RT1-1 160.94.22.10/32 DRG1 VCN1-PRV-SN EPM
RT1-2 160.98.52.18/32 DRG1 VCN1-PRV-SN EPM-IDCS
RT2-1 ALL SG2 DRG2 TO EPM
RT3-1 ALL DRG2 SG2 FROM EPM

 

Security List

Create security list rules for traffic leaving region 1

NAME DESTINATION TYPE ATTACHED TO DESC.
SL1-1 160.94.22.10/32 Egress VCN1-PRV-SN EPM
SL1-2 160.98.52.18/32 Egress VCN1-PRV-SN EPM-IDCS

 

Deployed State

The deployed components are depicted below. Click here for a short clip of the deployment flow.

 

Validating Private Access

Validate that the private browser instance can connect to EPM.

Connect to the private Windows instance using RDP.
Use a browser and enter the EPM instance URL
Enter credentials on the IDCS login screen
View the EPM home page

 

℘ Connection Flow ℘

The connection flow is shown below. Click here for a short clip of the connection flow.

 

 Summary 

This post provided a step-by-step guide for deploying the components necessary to simulate private access from your on-premise environments to oracle Cloud EPM Planning.

For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha