Oracle Analytics Cloud (OAC) may now be provisioned within a Virtual Cloud network (VCN) with a private IP address.
This post describes the Oracle Cloud Infrastructure (OCI) components required to provision a private OAC instance, the components created by the provisioning process and a step-by-step guide to the process.
For a post about provisioning OAC with a public end-point click here.
July 24, 2020 with OAC 5.7
Before You Begin
Provisioning OAC in OCI with a Private End-Point
Viewing the OAC Instance Details in OCI
Viewing the OAC Application in Identity Cloud Service (IDCS)
The following diagram depicts the prerequisites required before provisioning OAC. This posts assumes new components are desired. You may use an existing compartment and VCN if you have the privileges to do so.
The following tasks must be completed by an IDCS administrator.
If the provisioning user does not have a user account in IDCS, create one. Refer here for documentation.
Create an IDCS group e.g. OAC-IDCS-Admin-Group for the IDCS user. Refer here for documentation. This group is mapped to an OCI group in the next section.
Add the IDCS user to the IDCS group. Refer here for documentation.
The following tasks must be completed by an OCI Identity and Access Management (IAM) administrator.
Create an IAM Group e.g. OAC-IAM-Admin-Group. Refer here for documentation. This group is mapped to the IDCS group above and granted OCI privileges to provision OAC.
Map the IDCS group to the IAM group. Refer here for documentation. This mapping provides the IDCS user/group the privileges to provision OAC.
Create a compartment e.g. OAC-Compartment. Refer here for documentation. This compartment isolates and secures the OAC instances.
allow group <IAM Group> to manage all-resources in compartment <Compartment>
The following tasks may be completed by the provisioning user or by an (IAM) administrator.
If your home region is not enabled for OAC Native, then switch to a region that is e.g. Japan East (Tokyo). Refer here for documentation.
Your current region is displayed at the top of the Console. If your tenancy is subscribed to multiple regions, you can switch regions by selecting a different region from the Region menu.
Create a VCN in the prerequisite compartment from above. Documentation for the VCN and subnet is here.
Note: For your VCN, Oracle recommends using one of the private IP address ranges specified in RFC 1918 (10.0.0.0/8, 172.16/12, and 192.168/16).
Enter a CIDR block that does not overlap any network CIDR blocks the VCN may be peered with e.g. 10.0.3.0/24 (this notation allows for 254 IP addresses and exists inside the 10.0.0.0/8 range above)
Within the VCN create a subnet:
Create a public or private regional subnet. Instances within a public subnet may be public or private. Instances within a private subnet must be private. Use a portion of the VCN's CIDR block as the CIDR notation e.g. 10.0.3.0/26. Allow the defaults for everything else.
The provisioning process creates an OCI OAC instance in the prerequisite compartment from above. It also creates an IDCS application with the standard OAC IDCS application roles and the actual OAC instance in the prerequisite VCN above.
An OCI OAC instance contains metadata such as the URL and IP address and administrative functions such as start, scale and stop. The OCI OAC instance is accessible from the OCI console by the provisioning user.
IDCS applications contain metadata about the application including application roles and their associated IDCS group and user memberships. An ANALYTICSINST<instance name> application is created to provide authentication and optionally authorization for OAC.
The provisioning user is granted the ServiceAdministrator application role in the application.
The OAC instance is provisioned in the VCN with a private IP address and with the BI Service Administrator application role mapped to the IDCS ServiceAdministrator application role allowing the provisioning user to authenticate and access the OAC console.
The following is a step-by-step guide for provisioning OAC with a private end-point.
If you are new user, open your e-mail address, find the welcome email, and change your password. Connect to the OCI console. Refer here for documentation. The URL should be in the format:
https://console.< home region >.oraclecloud.com e.g. https://console.us-ashburn-1.oraclecloud.com
You may be prompted to enter your tenancy name. Enter it and press Continue.
Select the region containing the prerequisite VCN above for OAC.
Navigate to the Analytics Cloud. Refer to Navigating to Oracle Cloud Infrastructure Services for documentation.
Open the navigation menu in the upper left , scroll down and hover over Analytics and click Analytics Cloud.
From the Compartment dropdown, choose the prerequisite compartment from above.
Create the OAC Instance. Refer here for the official documentation.
Click Create Instance.
Ensure the Compartment is the prerequisite compartment from above.
Enter an Instance Name and a brief description. The name must start with a letter and can contain only letters and numbers.
Optionally enter a Description.
Select the Feature Set you want to deploy.
Self Service Analytics: Deploys an instance with data visualization. Select this option if you subscribe to Professional Edition.
Enterprise Analytics: Deploys an instance with enterprise modeling, reporting, and data visualization. Select this option if you subscribe to Enterprise Edition.
For Capacity, select the number of OCPUs that you want for the service.
For production services, select the number of OCPUs you want to deploy (between 2 and 52). If you want to create an instance for trial purposes, you can select 1 OCPU.
For Licensing, select whether you want to use your Oracle Middleware on-premises license with Oracle Analytics Cloud and be charged the Bring Your Own License (BYOL) rate or subscribe to a new Oracle Cloud license for Oracle Analytics Cloud.
Use Network Access to specify how you want users to access Oracle Analytics Cloud: over the public internet or through a private network. This post uses Private access. Private access allows traffic from an on-premise network or hosts on a peered virtual cloud network (VCN). Private access means that traffic doesn't go over the internet. The Private option deploys Oracle Analytics Cloud with a private endpoint.
Select the prerequisite Virtual Cloud Network from above from the drop-down. If necessary click Change Compartment to select the prerequisite compartment from above.
Select the prerequisite Subnet from above from the drop-down. If necessary click Change Compartment to select the prerequisite compartment from above.
Optionally enter Tags.
Verify that the details are correct and click Create.
The Instance Details page shows the initial status Creating. It takes about 20 minutes to create the service. The status to Active when the process is complete.
If necessary connect to the OAC Console, select the region and compartment and navigate to the Analytics Cloud instances.
From the list of instances, click on the Name created above. Click on the Instance Details tab to display the basic and network details as well as useful links to open the URL, stop/start, change capacity and more.
Click on the Additional Details tab to view detailed information about the network and security.
Click on the IDCS APP link shown directly above to navigate to the OAC Application in IDCS.
Click Application Roles to view the roles and your membership in the ServiceAdministrator role.
The private OAC instance is only accessible from a browser or application running in the same VCN, a peered VCN, or a remote network connected to OCI via VPN and/or FastConnect. Configuring these various options to access OAC are described here.
If you are connected to one of the above scenarios, have configured the OAC subnet security, and have configured the proper DNS settings, then navigate to the OAC instance details page and click Open URL to view the OAC home page.
This post described the Oracle Cloud Infrastructure (OCI) components required to provision a private OAC instance, the components created by the provisioning process and a step-by-step guide to the process.
For other posts relating to analytics and data integration visit http://www.ateam-oracle.com/dayne-carley