TLS VPN and Oracle Advanced Support Gateway
The Oracle Advanced Support Gateway is configured with a software TLS-based VPN client. When the Gateway boots up, it opens an outbound connection to one of three Oracle Services Support centers, establishing a TLS VPN tunnel. At that point, this connection is used for inbound connectivity between the Oracle Services Support center and the Gateway. No inbound firewall port openings are required, as the initial connection is outbound. The Gateway is assigned a unique ID and password and connects to one of three Oracle VPN concentrators. The TLS-based VPN has the following features:
-
Connection based on TLS 1.2, AES256 symmetric encryption to ensure traffic integrity and confidentiality;
-
Continuous VPN connection availability through the use of active/passive VPN cluster servers at the Oracle Services Support centers. Any hardware or software issues on the active VPN server failover all connections to the backup VPN.
-
Disaster recovery processes that use multiple clusters around the world. Any connection issue with one of the Oracle Services Support centers failover client connections to the other Oracle Services Support centers.
Figure 2 A TLS-Based VPN Client Connection from Oracle Advanced Support Gateway to Oracle
Note - The TLS VPN is the standard method for establishing the connection with Oracle. Alternative connection methods are available on an exception, customer-by-customer basis that is summarized in Alternative External Connection Option. If you wish to explore these options further, please contact your Oracle Implementation Manager.