Oracle Cloud Infrastructure Documentation

Create Non-TLS Database Links from Autonomous Database to an Autonomous Database

You can create Non-TLS database links from an Autonomous Database on Dedicated Exadata Infrastructure to a target Autonomous Database that is on a private endpoint.

Parent topic: Link Data

Prerequisites for Non-TLS Database Links from Autonomous Database to a Target Autonomous Database

Lists the prerequisites to create Non-TLS database links to a target Autonomous Database that is on a private endpoint.

To create a database link to a target Autonomous Database on a private endpoint:

  • The target database must be accessible from the source database's Oracle Cloud Infrastructure VCN. For example, you can connect to the target database when:

    • The target database is on a private endpoint.

    • Both the source database and the target database are in the same Oracle Cloud Infrastructure VCN.

    • The source database and the target database are in different Oracle Cloud Infrastructure VCNs that are paired.

    • The target database is connected to the source database's Oracle Cloud Infrastructure VCN using FastConnect or VPN.

  • For a target on a private endpoint, DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK supports specifying a single hostname with the hostname parameter. On a private endpoint, using an IP address, SCAN IP, or a SCAN hostname is not supported (when the target is on a public endpoint, CREATE_DATABASE_LINK supports using an IP address, a SCAN IP, or a SCAN hostname).

  • DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK does not support a value of localhost for the hostname parameter.

  • The following ingress and egress rules must be defined for the private endpoint:

    • Define an egress rule in the source database's subnet security list or network security group such that the traffic over TCP is allowed to the target database's IP address and port number.

    • Define an ingress rule in the target database's subnet security list or network security group such that the traffic over TCP is allowed from the source database IP address to the destination port.

Create Non-TLS Database Links to a Target Autonomous Database

You can create Non-TLS database links from an Autonomous Database on Dedicated Exadata Infrastructure to a target Autonomous Database that is on a private endpoint.

Perform the prerequisite steps, as required. See Prerequisites for Non-TLS Database Links from Autonomous Database to a Target Autonomous Database for details.

To create a Non-TLS database link to a target Autonomous Database on a private endpoint:

  1. Create credentials to access the target Autonomous Database instance. The username and password you specify with DBMS_CLOUD.CREATE_CREDENTIAL are the credentials for the target database used within the database link, (where the target database is accessed through the VCN).

    For example:

    BEGIN
     DBMS_CLOUD.CREATE_CREDENTIAL(
         credential_name => 'PRIVATE_ENDPOINT_CRED',
         username => 'NICK',
         password => 'password'
         );
END;
/

    The characters in the username parameter must be all uppercase letters.

    This operation stores the credentials in the database in an encrypted format. You can use any name for the credential name.

  2. Create the database link to the target database using DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK.

    For example:

    BEGIN
     DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
         db_link_name => 'PRIVATE_ENDPOINT_LINK', 
         hostname => 'exampleHostname',
         port => '1521',
         service_name => 'example_high.adb.oraclecloud.com',
         credential_name => 'PRIVATE_ENDPOINT_CRED',
         directory_name => NULL,
         private_target => TRUE);
END;
/

    For a target on a private endpoint, DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK supports specifying a single hostname with the hostname parameter. On a private endpoint, using an IP address, SCAN IP, or a SCAN hostname is not supported (when the target is on a public endpoint, CREATE_DATABASE_LINK supports using an IP address, a SCAN IP, or a SCAN hostname).

    Users other than ADMIN require privileges to run DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK.

    As shown in the example, to create a database link with DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK to a target database on a private endpoint without a wallet, all of the following are required:

    • The port parameter value must be set to 1521 for Non-TLS connections. However, if a different SCAN listener port number was chosen while provisioning the AVMC, you must use that port number. See Create Autonomous Exadata VM Cluster for more information.

      The directory_name parameter must be NULL.

    • The ssl_server_cert_dn parameter can either be omitted or if included, specify a NULL value.

    • The private_target parameter must be TRUE.

      Note

      Setting the private_target parameter to TRUE creates the database link using the TCP protocol instead of TCPS, thereby not validating the SSL certificate during the connection.
  3. Use the database link you created to access data in the target database.

    For example:

    SELECT * FROM employees@PRIVATE_ENDPOINT_LINK;
Note

For the credentials you create in Step 1, the Oracle Database credentials, if the password of the target user changes you can update the credential that contains the target user's credentials as follows:
BEGIN
     DBMS_CLOUD.UPDATE_CREDENTIAL (
         credential_name => 'DB_LINK_CRED',
         attribute => 'PASSWORD',
         value => 'password');
END;
/

Where password is the new password.

After this operation, the existing database links that use this credential continue to work without having to drop and recreate the database links.

See CREATE_DATABASE_LINK Procedure for additional information.

Database Link Notes with a Target that is an Autonomous Database

Provides notes for creating database links to a target that is another Autonomous Database.

Notes for database links to another Autonomous Database:

  • Only one wallet file is valid per directory for use with database links. You can only upload one cwallet.sso at a time to the directory you choose for wallet files (for example DBLINK_WALLET_DIR). This means with a cwallet.sso in DBLINK_WALLET_DIR you can only create database links to the databases for which the wallet in that directory is valid. To use multiple cwallet.sso files with database links you need to create additional directories and put each cwallet.sso in a different directory. When you create database links with DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK, specify the directory that contains the wallet with the directory_name parameter.

    See Create Directory in Autonomous Database for information on creating directories.

  • To list the database links, use the ALL_DB_LINKS view. See ALL_DB_LINKS for more information.

  • The wallet file, along with the Database user ID and password provide access to data in the target Autonomous Database. Store wallet files in a secure location. Share wallet files only with authorized users.