Note: Private Access Channel is now available in Oracle Analytics and is recommended by Oracle for new connections to private data sources. For more information on the feature and the data sources it supports refer to:
Connect to Private Data Sources Through a Private Access Channel
Supported Data Sources
A-Team Chronicles Private Access Channel Series
The latest releases of Oracle Analytics Cloud (OAC) now include the new Remote Data Gateway (RDG) for accessing databases that are not otherwise accessible by OAC.
This post is a step-by-step guide to installing and configuring RDG in a remote region's private subnet on Oracle Cloud Infrastructure (OCI). The term Remote is used here to denote a different region e.g. OAC in Phoenix (PHX) and the DB and RDG in Ashburn (ASH). Although connectivity is simple over the internet, ensuring private connectivity is more complex and is the subject of this post.
The technique described in this post uses the concept of Remote Peering Across Regions. The official documentation is Here
This post is one of the strategies noted in the companion blog Deploying Remote Data Gateway in Oracle Analytics Cloud for Data Visualization
Note: If IDCS is in a different region than OAC, access to it for authentication may be via an internet or NAT gateway as described in this post. For private access to a remote IDCS refer to Privately Accessing Oracle Services Residing in Different Regions
October 20, 2020 for OAC 5.8
May 20, 2020 for OAC 5.6
February 14, 2020 for OAC 5.5 and RDG 5.5
December 13, 2019 with OAC 5.4 and RDG 5.4
Before You Begin
Installing Remote Data Gateway
Configuring Remote Data Gateway
The prerequisites listed in this section require a detailed and functioning knowledge of the Oracle Cloud Infrastructure Networking components. It is beyond the scope of this blog to detail all the requirements. Presented is a list of the requirements with links to the official Oracle documentation.
Deploying RDG requires the following common items:
Credentials and Privileges to install software on the RDG host.
Database connection information and credentials for validating the installation.
The IP address or host name where RDG is to be installed.
Optionally a Graphical User Interface such as VNC or X11
SSH Utilities to access Linux
The Microsoft Remote Desktop (RDP) utility or SSH Utilities for accessing remote Windows servers.
The initial state has these components. Links to relevant documentation are provided. The following figure shows the initial components:
Compartment to contain a Virtual Cloud Network (VCN) Here
Compartment Policies to Manage Resources Here
VCN Here
Regional Private Subnet Here
Network Security Group (NSG) or Security List associated with the private subnet to control traffic at the packet level Here
Supported Private Database Cloud Instance Here
Ingress rule allowing ingress to DB listener port in the above NSG / Security List
OAC instance
Associated IDCS instance
The figure below shows the additional components required.
DRG Attached to the VCN Here
Remote Peering Connection (RPC) associated with the DRG for peering with the remote region. Remote Peering Connection
NAT Gateway allowing traffic to an IDCS if it is in a different region than OAC. Here
Private Subnet Route Table Routing Traffic to either the NAT Gateway or to the DRG Here. An example is below:
Compute Instance in the Private Subnet Hosting RDG Here
NSG / Security List allowing traffic to port 22 (SSH), 1521 (DB) and if using a Windows host port 3389 (Remote Desktop) . An example is below:
Compartment to contain a Virtual Cloud Network Here
Compartment Policies to Manage Resources Here
VCN to accommodate a Service Gateway (SG) and a Dynamic Routing Gateway (DRG) Here Note: The Regional VCN CIDR blocks must not overlap.
Service Gateway (SG) for private traffic into the Oracle Services Network and OAC. For additional detail regarding Service Gateway visit Service Gateway for OAC Remote Data Gateway in a Private Subnet
Dynamic Routing Gateway (DRG) for traffic to and from the remote region Here
DRG Attached to the VCN Here
Remote Peering Connection (RPC) associated with the DRG for peering with the remote region. Remote Peering Connection
Route Table Routing Traffic from the DRG to the SG Here
Route Table Routing Traffic from the SG back to the DRG Here
SSH into the Linux instance with the private key. e.g.
ssh -i < private key path > opc@< Public IP address or host name >
RDP into the Windows instance.
Follow the steps in Installing Oracle Analytics Cloud Remote Data Gatewayto install RDG.
Tip: For higher availability and performance, install an agent in each availability domain. Complete the relevant configuration section for each installation.
After the installation, follow the steps in Completing the Deployment of Remote Data Gateway for OAC to configure RDG.
RDG initiates the connection to OAC via the Remote Peering Connections and the Service Gateway
User connects to OAC which may include authenticating with IDCS
User issues a query
OAC passes the query to RDG via the RDG connection
RDG passes the query to the database.
Database returns the data to RDG
RDG passes the result data to OAC via the RDG connection.
This post described installing and configuring RDG in a remote region's private subnet on Oracle Cloud Infrastructure (OCI). An example used is with OAC in Phoenix (PHX) and the DB and RDG in Ashburn (ASH).
For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley
Next Post