Using Private Endpoints with Database Tools
This topic describes how to use private endpoints with Database Tools.
Many Oracle Cloud Infrastructure services are protected by multiple layers of network security. For the Database Tools service to access these database services, a path into a customer's virtual cloud network (VCN) must exist. Private endpoints give Database Tools network access to these databases through a customer VCN.

Prerequisites
To create a private endpoint to use with a Database Tools connection, ensure that the following items exist. Ask your network administrator to create them if needed.
- A VCN with at least one subnet. See VCNs and Subnets for more information.
-
To use a Database Service system that has an assigned private IP, you must have a security list rule that allows access over port 1521 (or the port the database listener is on) applied to the subnet you are using for access within the VCN or subnet CIDR block. See Security Lists for more information.
- To use an Autonomous Database that uses a private
endpoint, you must have a rule that allows SQL*Net access over the specified port
for the service being used. You can set this rule in the network security group or
on a security list applied to the subnet being used by the Database Service. The
following table contains a port reference:
Service Port Reference Service Port Number Autonomous Database on shared Exadata infrastructure using mTLS
1522
Autonomous Database on shared Exadata infrastructure using TLS
1521
Autonomous Database on dedicated Exadata infrastructure using TCP
1521
Autonomous Database on dedicated Exadata infrastructure using TCPS
2484
Note
- A network security group must be available to create a Database Tools private endpoint. See Network Security Groups for more information.
- A security list rule that allows access over port 1522 is applied to the network security group for access within the VCN or subnet CIDR block. See Security Lists for more information.
Using the Oracle Cloud Infrastructure Console
- In the Console, open the navigation menu and click Developer Services.
- Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from the Connection Details page.
- Click Create Private Endpoint and provide the following
information:
- Name: Enter the name of the new private endpoint.
- Choose a Compartment you have permission to work in for the new private endpoint.
-
Select either the Select Database option to specify an existing database for the private endpoint, or the Enter Network Information option to only enter the subnet for an existing VCN.
To select a database:
- Select a Database Type. The types are:
- Autonomous Database
- Database System (Bare Metal, VM, Exadata)
- VM Cluster (Exadata)
- Select a Database. Only databases of the type selected in the previous step are listed. Optionally, click Change Compartment to choose a database in a different compartment.
- Select a Subnet. Optionally, click Change Compartment to choose a subnet in a different compartment.
To enter network information:
Select a Subnet for the private endpoint. Optionally, click Change Compartment to choose a subnet in a different compartment.
- Select a Database Type. The types are:
- Show Advanced Options:
Optional. The following options are available:
- Network: Use this option to specify a private endpoint network IP address.
- Tags: Use this option to apply free-form or defined tags to the private endpoint. You must have permissions to use the tag namespace for defined tags. For more information, see Tagging Overview.
- Click Create to create the private endpoint for the selected database.
- In the Console, open the navigation menu and click Developer Services.
- Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
- In the List Scope section, select the Compartment containing the private endpoint that you want to view.
-
To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:
- Any State (default)
- Creating
- Active
- Updating
- Failed
- Deleting
- Deleted
-
In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.
-
Optionally, click the Actions icon (three dots) at the end of each row to perform the following tasks:
- View Details
- Rename
- Move Resource
- Copy OCID
- Add Tags
- View Tags
- Delete
- In the Console, open the navigation menu and click Developer Services.
- Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
- In the List Scope section, select the Compartment containing the private endpoint that you want to view.
-
To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:
- Any state (default)
- Creating
- Active
- Updating
- Failed
- Deleting
- Deleted
-
In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.
- To view the details of a private endpoint, click the name of the listed private endpoint. The Private Endpoint Details page for the endpoint is displayed.
You can also view the work requests for this specific private endpoint.
- In the Console, open the navigation menu and click Developer Services.
- Under Database Tools, click Private Endpoints. The Private Endpoints page displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
- In the List Scope section, select the Compartment containing the private endpoint that you want to view.
-
To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:
- Any state (default)
- Creating
- Active
- Updating
- Failed
- Deleting
- Deleted
-
In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.
- To view the details of a private endpoint, click the name of the listed private endpoint. The Private Endpoint Details page for the endpoint is displayed.
- On the Private Endpoint Details page, click each item in
the following list to make changes, as needed:
- Rename: In the Rename Endpoint dialog box, enter the new name for the private endpoint, and then click Save Changes.
- Move Resource: Use to move the private endpoint (the resource) to a different compartment. In the Move Resource to a Different Compartment dialog, select a new Compartment, then click Move Resource.
- Add tags: Apply free-form tags or defined tags to this resource. You must have permissions to use the tag namespace for defined tags. See Resource Tags for an information about using tags to manage your OCI resources. See Working with Resource Tags for instructions on adding each tag type.
- Delete: This permanently deletes the private endpoint.
- Click the name of the VCN displayed in the Private Endpoint Information tab to display and manage the virtual cloud network (VCN) that contains the private endpoint. See VCNs and Subnets for instructions.
- Click the name of the Subnet displayed in the Private Endpoint Information tab to display and manage the subnet that contains the private endpoint. See VCNs and Subnets for instructions.
- To display any work requests associated with the private endpoint updates, click Work Requests in the Resources section. See To view private endpoint work requests and Work Requests for more information.
The Private Endpoint Details page includes a section that shows any work requests generated for the private endpoint in the last 72 hours. See Work Requests for more information on using work requests in Oracle Cloud Infrastructure.
- Click Work Requests under Resources on the Private Endpoint Details page. See To view private endpoint details for instructions on navigating to a Private Endpoint Details page.
- In the list of work requests, click the name of the Operation to display the Work Request Details page.
- On the Work Request Details page, under Resources:
- Click Log Messages to display any logs for the work requests.
- Click Error Messages to display any error messages for the work requests.
- Click Associated Resources to show the name of the connection associated with the work request.
You can delete a private endpoint in the two following locations.
-
Navigate to the Database Connections list view. See To list private endpoints for instructions.
- In the list of private endpoints, find the endpoint you want to delete.
- Click the Actions icon (three dots) at the end of the row listing the endpoint.
- Click Delete to delete the endpoint.
-
On the Private Endpoint Details page:
- Navigate to the Private Endpoint Details page. See To view private endpoint details for instructions.
- Click Delete to delete the endpoint.
Using the APIs
For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.
Use the following APIs to create and manage Database Tools private endpoints:
- CreateDatabaseToolsPrivateEndpoint to create a Database Tools private endpoint.
- ListDatabaseToolsPrivateEndpoints to list Database Tools private endpoints.
- GetDatabaseToolsPrivateEndpoint to get the details of a Database Tools private endpoint.
- UpdateDatabaseToolsPrivateEndpoint to update a Database Tools private endpoint.
- DeleteDatabaseToolsPrivateEndpoint to delete a Database Tools private endpoint.