When a Oracle Analytics Cloud instance is created, Oracle provides a default URL that is very hard to remember. If you want to customize the user login experience for Oracle Analytics Cloud, one can use custom or own vanity URL instead of the default URL that Oracle provides. A vanity URL is a unique, customized web address that helps users remember and find the web site.
The below examples show the standard URL for Oracle Analytics Cloud and a sample vanity URL:
In order to protect from malicious and unwanted internet traffic. A Customer managed WAF can be used to secure this internet facing endpoint. Below diagram shows how the user access to OAC would be with and without WAF.
Following is required:
1. Oracle Analytics Cloud(with Public Access)
2. Web Application Firewall
3. Custom domain name one want to use from a web service provider or use the domain name of the company.
4. A Secure Socket Layer (SSL) certificate - Obtain a digital SSL certificate for the vanity(or custom) domain name from a Certificate Authority.
5. Obtain a public digital X.509 certificate (.pem) for the vanity domain name from a Certificate Authority.
6. Obtain a private key file (.pem) that matches the certificate’s public key.
7. Obtain a certificate chain for multiple certificates (.pem).
Use Oracle Cloud Infrastructure Console to configure a vanity URL for the Oracle Analytics Cloud(OAC) instance.
1. In Console, click in the top left corner "Menu Options".
2. Under Solutions and Platform, select Analytics, then Analytics Cloud.
3. Select the compartment that contains the Oracle Analytics Cloud instance.
4. Click the name of the instance you want to configure a vanity URL for.
5. On the Instance Details page, click Create Vanity URL. See below snippet for details.
6. For Hostname, enter the fully qualified domain name/URL.
For example: myanalytics.com.
A preview of the HTTPS URL is displayed.
For example: https://myanalytics.com/ui/
7. Under Certificate section
OR
8.Under Private Key section
OR
9. Optional. In Private Key Passphrase, enter the password for the private key.
Note: A passphrase is usually used to protects private key files. A passphrase will add another level of security by avoiding unauthorized users from encrypting/decrypting the key. The keys can be protected using the passphrase
10. Optional. If the certificate requires or you want to use a custom certificate authority chain, then select Custom Certificate Authority Chain..
Note:A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA's are trustworthy
OR
11. Click Create.
The vanity URL will be ready to use in sometime as the URL becomes a live link in the Access Information section.
Use Oracle Cloud Infrastructure Console to configure WAF instance and to map the WAF to OAC.
1. In Console, click in the top left corner "Menu Options".
2. Under Governance and Administration, select Security, then Web Application Firewall.
3. Select the compartment that contains the Web Application Firewall.
4. Create a WAF Policies in the selected compartment. See below snippet for details.
5. Provide a Name for a WAF Policy.
6. Select or enter the Primary Domain that you intend to use for your OAC's Vanity URL.
7. Enter Origin Name under WAF Origin
Name: Origin Name is a friendly name to refer to the actual OAC instance
8. Enter URI(IPv4 address) of your OAC instance.
9. Click on Create WAF Policy.
Note:
1. Make sure to add a record(C-NAME) for the domain for OAC instance and Publish those changes
2. Open the port to WAF for OAC Instance, and the access can be lock down by filtering WAF rules so that only WAF can reach out to OAC.
3. Create a "Access Control" WAF Policy to redirect HTTP to HTTPS redirect as OAC is only available on HTTPS. So that anyone who tries to access OAC on http should get redirected to https.
4. Create a "Access Control" WAF Policy to redirect for anything that does not begin with "/ui/dv/" as shown in the below snippet
After all the configuration are completed, you will be able to access OAC instance on the Custom Vanity URL. Anyone who is trying to configure a custom Vanity URL for OAC instance, they can use the steps mentioned in this blogpost to access OAC instance on the Custom Vanity URL.