Thursday, June 29, 2023

Connect to Oracle Database System in Private Subnet Using OCI Connection

The Database Tools service allows you to create connections to Oracle database systems running in Oracle OCI. Connections work with Autonomous Database (ADB), Oracle Base Database (VM, BM, and Exadata DB Systems), and customer-managed Oracle databases running on OCI compute instances.

When an Oracle DB System (VM or BM) is configured to restrict network access using a private subnet, then a Database Tools private endpoint should be setup in a subnet such that network traffic can be routed from the Database Tools service to the target database.



Prerequisites:
An Oracle cloud fee trial or paid account.
- OCI Virtual Cloud Network (VCN) with a private subnet.
- Oracle DB system (VM) located in a VCN’s private subnet.


Step #1: Create OCI Vault

Vaults let you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources.


1. Open the navigation menu, click “Identity & Security”, and then click “Vault”.




2. Click “Create Vault”.

3. In the “Create Vault“ dialog box, select the compartment where you want to put your vault and enter vault name, then click “Create Vault”.




4. Create Master Encryption Key: Click your vault name to view vault details. Under “Resources” section, click “Master Encryption Keys”, then click “Create Key”.







5. In “Create Key” dialog window, select the compartment where you want to put your and enter key name. Leave all other options using default values, then click “Create Key”.






6. Create vault’s secret: the secret will be used to store database’s user password. Click your vault name to view vault details. Under “Resources” section, click “Secrets”, then click “Create Secret”.



7. In “Create Secret” dialog window, select the compartment where you want to put your, enter secret name, select master key created in previous step, for “Secret Contents” enter database’s user password, then click “Create Secret”.




Step #2: Create Private Endpoint

Private endpoints allow Database Tools to access databases securely via private networks.

1. Open the navigation menu, click “Developer Services”, and then click “Private Endpoints”. 



2. Click “Create private endpoint”.



3. In “Create private endpoint” dialog window. Select/specify below options then click “Create”.

- Select the compartment where you want to put your private end point.
- Select “select database” option.
- For “Database cloud service” select “Oracle Base Database”.
- For “Database system” select DB system name from the drop list.
- For Subnet select private subnet name where the DB system is located.





Step #3: Create Database Connection

Connections are resources that contain the necessary information for accessing an Oracle Database in Oracle Cloud Infrastructure. Along with information about the database, the connection also contains the user used to connect to the database as well as the location of the password that is stored in the Oracle Cloud Infrastructure vault. Other connection details like the JDBC string and if the connection uses a private endpoint are also stored. 

The database connection will be linked to the private endpoint created in step #2. 

1. Open the navigation menu, click “Developer Services”, and then click “Connections”.

2. Click “Create connection”.



3. In “Create connection” dialog box, select/specify below options then click “Next”.

- Enter connection name.
- Select the compartment where you want to put your connection.
- Select “Select database” option.
- For “Database cloud service” select “Oracle Base Database”.
- For “Database system” select DB system name from the drop list. Database and oracle home will automatically be populated.
- Optionally select “Pluggable database” name from the list if you want to connect to a PDB.
- Enter “Username” and select database user’s “Role” type.
- Select “user password secret”. Select vault’s secret created in step #1 for the database user entered.



Keep wallet format to none and click “Create”.




Step #4: Connect to DB System from SQL Worksheet Service

Use the new connection created in step #3 to connect to Oracle database system from SQL Worksheet Service.

1. In “Database Tools” scree, click “SQL Worksheet”.



2. Select a database connection: select the compartment where the connection has been located and the connection which has been created in step #3 form the list of available connections.




Now we can run SQL commands on Oracle DB system located in private subnet from OCI SQL Worksheet.






 

-










No comments:

Post a Comment

Oracle 23ai: Hybrid Read-Only Mode for Pluggable Databases

  - Overview: Oracle 23ai database introduces a new feature to open Pluggable database in  a new mode called hybrid read-only. Hybrid read-o...