Create a Database Management Private Endpoint for Oracle Cloud Databases

You can create a private endpoint to connect Database Management to an Oracle Cloud Database in the Base Database Service, ExaDB-D, or ExaDB-XS.

The private endpoint is a representation of Database Management in the VCN in which the Oracle Cloud Database can be accessed, and acts as a VNIC with private IP addresses in a subnet of your choice. The private endpoint created in a VCN can be used to enable Database Management Diagnostics & Management for the Oracle Cloud Databases available in the same VCN and it cannot be used across multiple VCNs. The private endpoint does not have to be on the same subnet as the Oracle Cloud Database, although it must be on a subnet that can communicate with the Oracle Cloud Database.

In Database Management, you can create the following types of private endpoints:

• Private endpoint for single instance Oracle Cloud Databases: You can create a maximum of seven Database Management private endpoints in your tenancy (per region) to connect to single instance Oracle Cloud Databases in the Base Database Service. There's no restriction on the number of single instance databases for which you can enable Diagnostics & Management using a single private endpoint. The private endpoint for single instance Oracle Cloud Databases has only one private IP address.
• Private endpoint for RAC Oracle Cloud Databases: You can create three Database Management private endpoints in your tenancy (per region) to connect to RAC Oracle Cloud Databases in the Base Database Service, ExaDB-D, and ExaDB-XS. The private endpoint for RAC Oracle Cloud Databases has two private IP addresses.

Note that you can create one private endpoint of each type in a VCN, which means that you can create one private endpoint for single instance databases and one for RAC databases. If you need more private endpoints than the default limit of seven single instance private endpoints and three RAC private endpoints in a tenancy, you can request for an increase to the private endpoint limit. For information, see Errors Encountered When Enabling Diagnostics & Management for Oracle Cloud Databases.

Here's a diagram that provides an overview of how a Database Management private endpoint communicates with the Oracle Cloud Database.

For information on private endpoints, see About Private Endpoints.

Before you create a Database Management private endpoint in the VCN, you must obtain the permissions required to work with virtual networking resources in Oracle Cloud Infrastructure and create a Database Management private endpoint. For information, see Permissions Required to Enable Diagnostics & Management for Oracle Cloud Databases.

1. Sign in to the Oracle Cloud Infrastructure console.
2. Open the navigation menu, click Observability & Management. Under Database Management, click Administration.
3. In the left pane, click Private Endpoints.
4. On the Private endpoints page, click Create private endpoint.
5. In the Create private endpoint panel:
   1. Provide the following details:
      1. Name: Enter a name for the private endpoint.
      2. Description: Optionally, enter a description for the private endpoint.
      3. Compartment: Select the compartment in which you want the private endpoint to reside. By default, the compartment selected on the Private endpoints page is displayed, however, you can select another compartment in the drop-down list.
      4. Virtual cloud network: Select the virtual cloud network compartment, and then select the VCN in which the Oracle Cloud Database can be accessed.
      5. Subnet: Select the subnet compartment, and then select a subnet within the selected VCN. Depending on whether the new Database Management private endpoint is for single instance or RAC Oracle Cloud Databases, it will take up two or three private IP addresses respectively, in the selected subnet. Note that the subnet can be in a different compartment than the VCN, however, it must have access to the database subnet in the VCN.
      6. Network security group: Optionally, turn on Use network security groups to control traffic to select an NSG added to the Virtual Machine DB system or the Exadata VM cluster. You can also click + Another security group to select another NSG.
         Note
         
         The option to associate existing NSGs in the DB system or VM cluster with the Database Management private endpoint ensures that the private endpoint can access the database. Using the NSG you can add ingress and egress security rules to enable communication between the Database Management private endpoint and the Oracle Cloud Database. For information on NSGs, see Network Security Groups.
      7. Tags: Optionally, add free-form or defined tags to the Database Management private endpoint. If you have the permissions required to create a Database Management private endpoint, then you also have permissions to add free-form tags. To add a defined tag, you must have permissions to use the tag namespace.

         For information on:

         • Tagging concepts and the permissions required to work with tags, see Overview of Tagging.
         • How to add a tag during resource creation, see To add a tag during resource creation.
   2. Click Create.