Create a Database Management Private Endpoint

You must create a private endpoint to connect Database Management to an Oracle Cloud Database.

The private endpoint is a representation of Database Management in the VCN in which the Oracle Cloud Database can be accessed, and acts as a VNIC with private IP addresses in a subnet of your choice. The private endpoint does not have to be on the same subnet as the Oracle Cloud Database, although, it must be on a subnet that can communicate with the Oracle Cloud Database.

In Database Management, you can create the following types of private endpoints:

  • Private endpoint for single instance Oracle Cloud Databases: You can create a maximum of five Database Management private endpoints in your tenancy (per region) to connect to single instance Oracle Cloud Databases in the Bare Metal and Virtual Machine DB systems. There is no restriction on the number of single instance databases for which you can enable Database Management using a single private endpoint. The private endpoint for single instance Oracle Cloud Databases has only one private IP address.
  • Private endpoint for RAC Oracle Cloud Databases: You can create only one Database Management private endpoint in your tenancy (per region) to connect to RAC Oracle Cloud Databases in the Virtual Machine DB system and Exadata Cloud service. One private endpoint for RAC Oracle Cloud Databases can support up to 15 single client access network listeners (SCANs). In the case of Virtual Machine DB systems, a SCAN is equal to one RAC Virtual Machine DB system. In the case of Exadata Cloud service, it's equal to one Exadata Cloud service VM cluster, regardless of the number of individual RAC databases hosted on the Exadata Cloud service VM cluster. The private endpoint for RAC Oracle Cloud Databases has two private IP addresses.

Note that you can create one private endpoint of each type in a VCN, which means that you can create one private endpoint for single instance databases and one for RAC databases.

Here's a diagram that provides an overview of how a Database Management private endpoint communicates with the Oracle Cloud Database.


Database Management Private Endpoint

For information on private endpoints, see About Private Endpoints.

Before you create a Database Management private endpoint in the VCN, you must:

  • Make a note of the VCN and subnet information, which is available on the Database System Details page of the Oracle Cloud Database.
  • Obtain the permissions required to work with virtual networking resources in Oracle Cloud Infrastructure and create a Database Management private endpoint. For information, see Permissions Required to Enable Database Management for Oracle Cloud Databases.

To create a Database Management private endpoint:

  1. Sign in to the Oracle Cloud Infrastructure console.
  2. Open the navigation menu, click Observability & Management. Under Database Management, click Administration.
  3. On the left pane on the Administration page, click Private Endpoint and select the compartment in which you want to create the private endpoint.
  4. On the Private Endpoints page, click Create Private Endpoint.
  5. In the Create Private Endpoint dialog box:
    1. Name: Enter a name for the private endpoint.
    2. Description: Optionally, enter a description for the private endpoint.
    3. Choose Compartment: Select the compartment in which you want the private endpoint to reside.
    4. Use this private endpoint for RAC databases: Select this check box if you want to create a Database Management private endpoint for RAC Oracle Cloud Databases in the Virtual Machine DB system and Exadata Cloud service. The Database Management private endpoint for RAC Oracle Cloud Databases is a limited resource and you can create only one such private endpoint in your tenancy.
    5. Virtual Cloud Network in <Compartment>: Select the VCN in which the Oracle Cloud Database can be accessed. By default, the compartment selected on the Private Endpoints page is displayed, however, you can click Change Compartment and select another compartment, if required.
    6. Subnet in <Compartment>: Select a subnet within the selected VCN. Depending on whether the new Database Management private endpoint is for single instance or RAC Oracle Cloud Databases, it will take up two or three private IP addresses respectively, in the selected subnet. Note that the subnet can be in a different compartment than the VCN, however, it must have access to the database subnet in the VCN. By default, the compartment selected on the Private Endpoints page is displayed, however, you can click Change Compartment and select another compartment, if required.
    7. Network Security Group: Optionally, select an NSG added to the Bare Metal or Virtual Machine DB system or the Exadata VM cluster. You can also click + Another Security Group to select another NSG.
      Note

      The option to associate existing NSGs in the DB system or VM cluster with the Database Management private endpoint ensures that the private endpoint can access the database. Using the NSG you can add ingress and egress security rules to enable communication between the Database Management private endpoint and the Oracle Cloud Database. For information on NSGs, see Network Security Groups.
    8. Click Create Private Endpoint.
A Database Management private endpoint is created in the VCN, using which you can enable Database Management for Oracle Cloud Databases.

To view details of the private endpoint, click its name. On the Private Endpoint Details page, you can:

  • View details such as the associated VCN and subnet and the private IP addresses assigned to the Database Management private endpoint. Note that the private IP address information is required to configure security rules.
  • View the Registered Databases associated with the private endpoint.
  • Click Work Requests on the left pane under Resources to monitor the work requests pertaining to the private endpoint. You can click a particular work request to go to the Work Requests page and view work request information, log messages, and error messages, if any. For more information on Work Requests, see Work Requests.