Using Private Endpoints with Database Tools

This topic describes how to use private endpoints with Database Tools.

Many Oracle Cloud Infrastructure services are protected by multiple layers of network security. For the Database Tools service to access these database services, a path into a customer's virtual cloud network (VCN) must exist. Private endpoints give Database Tools network access to these databases through a customer VCN.

Database Tools uses private endpoints when the network access to a database is restricted from general connections and requires a secure path.
This image depicts the Database Tools service connecting to a private endpoint in a customer subnet located within a customer virtual cloud network.

Prerequisites

To create a private endpoint to use with a Database Tools connection, ensure that the following items exist. Ask your network administrator to create them if needed.

  • A VCN with at least one subnet. See VCNs and Subnets for more information.
  • To use a Database Service system that has an assigned private IP, you must have a security list rule that allows access over port 1521 (or the port the database listener is on) applied to the subnet you are using for access within the VCN or subnet CIDR block. See Security Lists for more information.

  • To use an Autonomous Database that uses a private endpoint, you must have a rule that allows SQL*Net access over the specified port for the service being used. You can set this rule in the network security group or on a security list applied to the subnet being used by the Database Service. The following table contains a port reference:
    Service Port Reference
    Service Port Number

    Autonomous Database on shared Exadata infrastructure using mTLS

    1522

    Autonomous Database on shared Exadata infrastructure using TLS

    1521

    Autonomous Database on dedicated Exadata infrastructure using TCP

    1521

    Autonomous Database on dedicated Exadata infrastructure using TCPS

    2484

    Note

    • A network security group must be available to create a Database Tools private endpoint. See Network Security Groups for more information.
    • A security list rule that allows access over port 1522 is applied to the network security group for access within the VCN or subnet CIDR block. See Security Lists for more information.

Using the Oracle Cloud Infrastructure Console

To create a private endpoint
  1. In the Console, open the navigation menu and click Developer Services.
  2. Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from the Connection Details page.
  3. Click Create Private Endpoint and provide the following information:
    1. Name: Enter the name of the new private endpoint.
    2. Choose a Compartment you have permission to work in for the new private endpoint.
    3. Select either the Select Database option to specify an existing database for the private endpoint, or the Enter Network Information option to only enter the subnet for an existing VCN.

      To select a database:

      1. Select a Database Type. The types are:
        • Autonomous Database
        • Database System (Bare Metal, VM, Exadata)
        • VM Cluster (Exadata)
      2. Select a Database. Only databases of the type selected in the previous step are listed. Optionally, click Change Compartment to choose a database in a different compartment.
      3. Select a Subnet. Optionally, click Change Compartment to choose a subnet in a different compartment.

      To enter network information:

      Select a Subnet for the private endpoint. Optionally, click Change Compartment to choose a subnet in a different compartment.

  4. Show Advanced Options: Optional. The following options are available:
    • Network: Use this option to specify a private endpoint network IP address.
    • Tags: Use this option to apply free-form or defined tags to the private endpoint. You must have permissions to use the tag namespace for defined tags. For more information, see Tagging Overview.
  5. Click Create to create the private endpoint for the selected database.
To list private endpoints
  1. In the Console, open the navigation menu and click Developer Services.
  2. Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
  3. In the List Scope section, select the Compartment containing the private endpoint that you want to view.
  4. To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:

    • Any State (default)
    • Creating
    • Active
    • Updating
    • Failed
    • Deleting
    • Deleted
  5. In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.

  6. Optionally, click the Actions icon (three dots) at the end of each row to perform the following tasks:

    • View Details
    • Rename
    • Move Resource
    • Copy OCID
    • Add Tags
    • View Tags
    • Delete
To view private endpoint details
  1. In the Console, open the navigation menu and click Developer Services.
  2. Under Database Tools, click Private Endpoints. The Private Endpoints window displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
  3. In the List Scope section, select the Compartment containing the private endpoint that you want to view.
  4. To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:

    • Any state (default)
    • Creating
    • Active
    • Updating
    • Failed
    • Deleting
    • Deleted
  5. In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.

  6. To view the details of a private endpoint, click the name of the listed private endpoint. The Private Endpoint Details page for the endpoint is displayed.

You can also view the work requests for this specific private endpoint.

To update a private endpoint
  1. In the Console, open the navigation menu and click Developer Services.
  2. Under Database Tools, click Private Endpoints. The Private Endpoints page displays a list of existing private endpoints. You can also access private endpoints from a Connection Details page.
  3. In the List Scope section, select the Compartment containing the private endpoint that you want to view.
  4. To display only private endpoints in a specific state, use the State menu in the Filters section. The choices are:

    • Any state (default)
    • Creating
    • Active
    • Updating
    • Failed
    • Deleting
    • Deleted
  5. In the Tag filters section, use the add and clear controls to filter your list of connections by defined or free-form tags. See Resource Tags for an information about using tags to manage your OCI resources, and To filter a list of resources by a tag for instructions on filtering resources by tags.

  6. To view the details of a private endpoint, click the name of the listed private endpoint. The Private Endpoint Details page for the endpoint is displayed.
  7. On the Private Endpoint Details page, click each item in the following list to make changes, as needed:
    • Rename: In the Rename Endpoint dialog box, enter the new name for the private endpoint, and then click Save Changes.
    • Move Resource: Use to move the private endpoint (the resource) to a different compartment. In the Move Resource to a Different Compartment dialog, select a new Compartment, then click Move Resource.
    • Add tags: Apply free-form tags or defined tags to this resource. You must have permissions to use the tag namespace for defined tags. See Resource Tags for an information about using tags to manage your OCI resources. See Working with Resource Tags for instructions on adding each tag type.
    • Delete: This permanently deletes the private endpoint.
    • Click the name of the VCN displayed in the Private Endpoint Information tab to display and manage the virtual cloud network (VCN) that contains the private endpoint. See VCNs and Subnets for instructions.
    • Click the name of the Subnet displayed in the Private Endpoint Information tab to display and manage the subnet that contains the private endpoint. See VCNs and Subnets for instructions.
    • To display any work requests associated with the private endpoint updates, click Work Requests in the Resources section. See To view private endpoint work requests and Work Requests for more information.
To view private endpoint work requests

The Private Endpoint Details page includes a section that shows any work requests generated for the private endpoint in the last 72 hours. See Work Requests for more information on using work requests in Oracle Cloud Infrastructure.

  1. Click Work Requests under Resources on the Private Endpoint Details page. See To view private endpoint details for instructions on navigating to a Private Endpoint Details page.
  2. In the list of work requests, click the name of the Operation to display the Work Request Details page.
  3. On the Work Request Details page, under Resources:
    • Click Log Messages to display any logs for the work requests.
    • Click Error Messages to display any error messages for the work requests.
    • Click Associated Resources to show the name of the connection associated with the work request.
To delete a private endpoint

You can delete a private endpoint in the two following locations.

  1. Navigate to the Database Connections list view. See To list private endpoints for instructions.

    1. In the list of private endpoints, find the endpoint you want to delete.
    2. Click the Actions icon (three dots) at the end of the row listing the endpoint.
    3. Click Delete to delete the endpoint.
  2. On the Private Endpoint Details page:

    1. Navigate to the Private Endpoint Details page. See To view private endpoint details for instructions.
    2. Click Delete to delete the endpoint.

Using the APIs

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following APIs to create and manage Database Tools private endpoints:

Note

See Database Tools API Reference for a complete list of the Database Tools APIs.