Oracle Cloud Infrastructure Documentation

Oracle Autonomous AI Database on Dedicated Exadata Infrastructure

Use the information in this section to solve common issues of Oracle Autonomous AI Database on Dedicated Exadata Infrastructure.

Verify Network Security Rules

Note

These steps are part of AWS Key Management Service (KMS) integration for Oracle Autonomous AI Database on Dedicated Exadata Infrastructure and explain how to verify Network Security Rules in OCI.
  1. From the OCI console, select Oracle AI Database and then select Autonomous AI Database on Dedicated Infrastructure.
  2. From the left menu, select Autonomous Exadadata VM Clusters, and then select an Autonomous Exadadata VM Clusters that you are using.
  3. From the General information tab, navigate to Network section, and then locate the Network Security Groups and open each group to view the details.This screenshot shows how to view Network Security Groups details.
    Note

    The Network Security Groups use naming patterns such as adb_adjustable_nsg and adb_static_nsg.
    1. From the Network Security Group page, select the Security rules tab, and then verify the security rules for adb_adjustable_nsg.
      Note

      In the Security Rules section, look for two egress rules targeting the AWS KMS and STS endpoints on port 443. The descriptions are similar to the following:
      • Rule required for OCI service to communicate to AWS STS Service
      • Rule required for OCI service to communicate to AWS KMS Service
      This screenshot shows how to view Security Rules.
    2. From the Network Security Group page, select the Security rules tab, and then verify the security rules for adb_static_nsg.
      • Ensure that Direction is set to Egress.
      • Ensure that the Destination Service is set to ALL IAD Services In Oracle Services Network.
      • Ensure that IP Protocol is set to TCP.
      Note

      If any security rules do not exist, you must create them manually. For more information, see the Create Network Security Rules section.
    This screenshot shows how to verify the security rules.

Create Network Security Rules

Note

These steps are part of AWS Key Management Service (KMS) integration for Oracle Autonomous AI Database on Dedicated Exadata Infrastructure and explain how to create Network Security Rules in OCI.
  1. From the AWS console, select Oracle Database@AWS,
  2. From the left menu, select ODB networks, and then select the field of the ODB Network associated with your Autonomous VM Cluster.
  3. Navigate to the Security token service (STS) section, and verify that the status is set to Enabled. Then, note the IPv4 addresses.
  4. From the AWS KMS section, verify that the status is set to Enabled. Then, note the IPv4 addresses.This screenshot shows how to obtain IPv4 address.
  5. From the OCI console, select Oracle AI Database and then select Autonomous AI Database on Dedicated Infrastructure.
  6. From the left menu, select Autonomous Exadadata VM Clusters, and then select an Autonomous Exadadata VM Clusters that you are using.
  7. From the General information tab, navigate to Network section, and then locate the Network Security Groups.
  8. Select the Add rules button, and then complete the following substeps to create the first rule:
    1. From the Direction dropdown list, select Egress.
    2. From the dropdown list, select CIDR as the Destination Type.
    3. For the Destination CIDR, enter the IPv4 address of the AWS STS endpoint that you copied in the step 3 with network mask of 32.
    4. For the IP Protocol field, select TCP.
    5. Enter 443 in the Destination Port Range field.
    6. For the Description, enter Rule required for OCI service to communicate to AWS STS Service.
    7. Select the Add button to save the changes.This screenshot shows how to create security rule.
  9. Select the Add rules button, and then complete the following substeps to create the additional rule for AWS KMS:
    1. From the Direction dropdown list, select Egress.
    2. From the dropdown list, select CIDR as the Destination Type.
    3. For the Destination CIDR, enter the IPv4 address of the AWS KMS that you copied in the step 4 with network mask of 32.
    4. For the IP Protocol field, select TCP.
    5. Enter 443 in the Destination Port Range field.
    6. For the Description, enter Rule required for OCI service to communicate to AWS KMS Service.
    7. Select the Add button to save the changes.This screenshot shows how to create security rule.
  10. Select the Add rules button, and then complete the following substeps to create the security rule for adb_static_nsg
    1. From the Direction dropdown list, select Egress.
    2. From the dropdown list, select Service as the Destination Type.
    3. For the Destination Service, enter the ALL IAD Services In Oracle Services Network.
    4. For the IP Protocol field, select TCP.
    5. For the Description, enter Egress rule to allow access to OCI services.
    6. Select the Add button to save the changes.This screenshot shows how to create security rule.