Networking Setup
This topic describes how to create and configure a Virtual Cloud Network for use with MySQL DB Systems.
Network Setup for MySQL DB Systems
- Create a Compute instance from which to connect to your DB System. Compute instances, attached to public subnets, can use public IP addresses. This enables you to use SSH or RDP, depending on your platform, to connect to the Compute instance and, from there, to interact with your DB System.
- Create a VPN connection, bridging your local network with your Oracle Cloud Infrastructure VCN.
To configure a network to enable communication between VPN or Compute and DB System, you must configure your VCN's subnets with Security rules. These rules permit traffic from specific IP addresses and ports, or ranges of IP addresses and ports, between resources. For more information on Security Rules, see Network Security Rules.
The Networking service reserves three IP addresses in each subnet, and MySQL Database service requires two IP addresses per DB System in each subnet; one to attach to the DB System, the other for use in maintenance and upgrade operations of that DB System. Take this into account when defining the CIDR blocks of your subnets.
Configuring the Network
VPN Connections
This section describes the VPN options recommended for use with MySQL Database Service.
- VPN Connect: enables you to create a site-to-site IPSec VPN between your on-premises network and your virtual cloud network (VCN) over a secure, encrypted connection. For more information on VPN Connect, see Oracle VPN Connect.
- FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options, and a more reliable and consistent networking experience compared to internet-based connections. For more information on FastConnect, see FastConnect Overview
- OpenVPN: available from the Oracle Cloud Infrastructure Marketplace, creates an OpenVPN Access Server, enabling your client devices to connect directly to Oracle cloud resources, such as MySQL DB Systems. It does not enable you to connect entire sites or networks to an Oracle VCN; for that scenario, Oracle's VPN Connect or FastConnect are recommended.
Note
Access Server is free to install and use for 2 simultaneous VPN connections. For more information on pricing, see OpenVPN Access Server Pricing.
OpenVPN
To connect to Oracle cloud resources using an OpenVPN Access Server, do the following:
- Create the OpenVPN stack. This consists of a Compute instance running the Access Server attached to the same VCN your MySQL DB System is attached to, and the network configuration required for external connections to the Access Server.
- Configure the OpenVPN Access Server to route traffic to your DB System. This requires configuring static IP addresses, routing instead of NAT, and creating and configuring a VPN user.
- Install and configure a VPN client to use with your OpenVPN Access Server and connect to your DB System.
- Define route and ingress rules on the private subnet to allow communications from the OpenVPN Access Server to the MySQL DB System attached to the private subnet.
- It is strongly recommended that you secure your OpenVPN connection with a shared secret key. For more information, see Hardening OpenVPN Security.
Creating the OpenVPN Stack
- You have created a VCN with Public and Private subnets, as described in Network Setup for MySQL DB Systems.
Outputs:admin_password = ********
admin_username = username
instance_public_url = https://193.122.164.108/admin
where the IP address is the public IP of the Compute instance hosting the Access Server. Make note of these details, they are required by the subsequent tasks. Creating an OpenVPN Connection
Create and configure the VPN connection and a VPN user.
- You have created and configured a VCN, as described in Configuring the Network.
- You have created and configured a DB System, as described in Creating a MySQL DB System
- You have created and configured the OpenVPN Stack, as described in Creating the OpenVPN Stack and have recorded the administrator's login details.
Configuring the VCN for OpenVPN Connections
Configure route and ingress rules for the VPN connections.
- You have completed the steps in Creating the OpenVPN Stack and Creating an OpenVPN Connection