Perform the following prerequisite steps before configuring a private endpoint:

• Set required policies for the resources you are working with. See IAM Policies Required to Manage Private Endpoints for more information.

• Create a VCN within the region that will contain your private endpoint instance. See VCNs and Subnets for more information. The VCN and the IDCS of the customer's Identity Domain must be in the same region.

• Configure a private subnet within your VCN configured with default DHCP options. See DNS in Your Virtual Cloud Network for more information.

• Configure your subnet to add a NAT Gateway to allow access from the subnet to the public internet. The minimum requirement is to allow access to the content delivery network (CDN) at static.oracle.com on the public internet. The CDN provides resources that are required by the Visual Builder runtime when you stage, publish or use your apps.

• Configure your subnet with a "Service Gateway" to allow connections from the subnet to your Oracle Services (IDCS) instance. For example, you might want to add a Service Gateway to the subnet route table, and set the "Destination" value of the Service Gateway to "All SJC Services In Oracle Services Network". In this case, the subnet security list rules should also allow egress to IDCS using "All SJC Services In Oracle Services Network".

• (Optional) Specify a Network Security Group (NSG) within your VCN. The NSG specifies rules for connections to your instance. See Network Security Groups for more information.