6 Frequently Asked Questions

Here are answers to common questions asked by administrators creating and managing services for Oracle Analytics Cloud.

Topics

Top FAQs for Administration

The top FAQs for Oracle Analytics Cloud administration are identified in this topic.

What do I use the Oracle Cloud Infrastructure Console? Is this the same as the Console available in my service?

  • Oracle Cloud Infrastructure Console — You use the Oracle Cloud Infrastructure Console to create your service instance and perform instance-level operations such as delete, scale, start, and stop.

  • Console in Oracle Analytics Cloud — When you sign in to a particular service, you see a different administrative console where you can customize and manage the environment for that service only.

    To access the Console for a service, sign in to the service, open the Navigator, and then click Console.

What is an OCPU?  

An Oracle Compute Unit (OCPU) is the processing unit that Oracle uses to build your service. The larger the compute size, the greater the processing power. When you create a service with Oracle Analytics Cloud, you specify the number of OCPUs you want to deploy. For more information, see What Sizing Options Are Available to You?

See also, Oracle PaaS and IaaS Universal Credits Service Descriptions.

How can I determine the right compute size for my initial deployment?

A good starting point, is a size that closely matches your on-premises hardware for business intelligence.

If you're not sure which size to use, contact your Oracle representative to discuss sizing guidelines.

How do I access my service once it's created?

It’s accessible from the Oracle Cloud Infrastructure Console. Navigate to Analytics Cloud, click the name of the service instance you want to access, and then click Analytics Home Page.

How do I patch (or upgrade) my service?

You don’t need to patch your service. Oracle takes care of patching for you.

I want to connect to the database where my organization’s analytics data is stored. Do I do this from Oracle Cloud Infrastructure Console?

No. You connect to the data you want to analyze within a given service that you created. See How do I access my service once it's created?

What network options can I use to manage access into and out from my service?

Oracle Analytics Cloud provides options to restrict access when deployed with a public endpoint or a private endpoint. See Restrict Access to Oracle Analytics Cloud Deployed with a Public Endpoint and Deploy Oracle Analytics Cloud with a Private Endpoint.

How do I add the IP address of my Oracle Analytics Cloud instance to my database allowlist?

See Add the IP Address of Your Oracle Analytics Cloud Instance to Allowlists.

How do I configure VPN connectivity for my service to my network?

VPN is a separate feature from your service and is available to use with some Oracle Cloud services. Contact your Oracle representative for more information.

Is IPv6 supported?

No, not currently.

How do I get support for Oracle Analytics Cloud?

Go to My Oracle Support and create a service request.

Is there a charge for Oracle Support in addition to my subscription fee?

No. Support is included in your subscription fee.

Do I have direct access to the file system associated with my service?

No. You can’t access the file system for your service. Your service is managed by Oracle.

Top FAQs for Backup and Restore

The Oracle Cloud Hosting and Delivery Policy describes the backup strategy for Oracle Cloud Services. Oracle recommends that customers using Oracle Analytics Cloud take their own regular backups of their service.

The top FAQs for Oracle Analytics Cloud backup and restore are identified in this topic.

What do I need to back up?

Oracle recommends that you regularly back up all the content that users create to a file called a snapshot. User content includes catalog content such as reports, dashboards, data visualization workbooks, pixel perfect reports, datasets, data flows, semantic models, security roles, service settings, and so on.

If something goes wrong with your content or service, you can revert to the content you saved in a snapshot. Snapshots are also useful if you want to move or share content from one service to another.

To back up user content, see Take a Snapshot.

To restore user content, see Restore from a Snapshot.

How often should I take snapshots?

Oracle recommends that you take snapshots at significant checkpoints, for example, before you make a major change to your content or environment. In addition, Oracle recommends that you take regular weekly snapshots or at your own defined frequency based on the rate of change of your environment and rollback requirements.

You can keep up to 40 snapshots online and export as many as you want offline (that is, to your local file system or to your own Oracle Cloud storage).

When should I export snapshots?

Oracle recommends that you adopt a regular practice of exporting snapshots to offline storage. You can export snapshots to your own file system and store them locally. Or, you can export snapshots to your own Oracle Cloud storage. See Export Snapshots.

If you regularly export large snapshots (over 5GB or larger than the download limit of your browser), Oracle recommends that you set up a storage bucket on Oracle Cloud and save your snapshots to cloud storage. This way, you can avoid export errors due to size limitations and timeouts that can sometimes occur when you export snapshots on your local file system. See Set Up a Oracle Cloud Storage Bucket for Snapshots.

Can I use APIs to automate snapshot operations?

Yes. See Manage Snapshots Using REST APIs.

What capabilities in Oracle Analytics Cloud can I use to implement a disaster recovery plan?

The Oracle PaaS and IaaS Public Cloud Services - Pillar document provides information about Oracle Cloud Service continuity policy and service level agreements.

If an unforeseen disaster happens, a well-architected business continuity plan will enable you to recover as quickly as possible and continue to provide services to your Oracle Analytics Cloud users.

Oracle Analytics Cloud offers several features that you can implement to minimize disruption for users:

  • Snapshots: Oracle recommends that you back up user content regularly to a snapshot. If required, you can restore the content in your snapshot to a redundant Oracle Analytics Cloud environment. See Take Snapshots and Restore.

  • Pause and resume: You can deploy a passive backup Oracle Analytics Cloud environment, and use the pause and resume feature to control metering and minimize costs. See Pause and Resume a Service.

  • Diverse regional availability: Oracle Analytics Cloud is available in several global regions. You can deploy a redundant Oracle Analytics Cloud environment in a different region to mitigate the risk of region-wide events. See Data Regions for Platform and Infrastructure Services.

Top FAQs for Public or Private Endpoint Security

The top FAQs for securing access to Oracle Analytics Cloud through a public or private endpoint are identified in this topic.

In which regions is this feature available?

All regions.

Can I use REST API or Command Line Interface (CLI) to create my Oracle Analytics Cloud instance with a public or private endpoint?

Yes. You can use the Console, REST API or CLI commands. See Create a Service.

Why can't I see the VCN I want to use in the Create Instance dialog?

You must select the compartment in which the VCN was created and you must have the required permissions. See Prerequisites for a Public Endpoint and Prerequisites for a Private Endpoint.

My Oracle Analytics Cloud instance has a public endpoint. Can I change this to a private endpoint?

No. You can create an instance with a public endpoint or a private endpoint. You can't switch between the two.

If you want to protect your public endpoint, you can add very specific access control rules to control incoming traffic (ingress). See Manage Ingress Access Rules for a Public Endpoint using the Console.

How can I control access to my public endpoint?

If you want to protect your public endpoint, you can add very specific access control rules to control the incoming traffic (ingress). See Manage Ingress Access Rules for a Public Endpoint using the Console.

I created an Oracle Analytics Cloud instance with a public endpoint and defined access rules but I'm unable to access the Oracle Analytics Cloud URL from my browser?

Check that the machine from which you're trying to access Oracle Analytics Cloud is included in the access control list. You can review the current access rules to check whether it's missing using the console. See Manage Ingress Access Rules for a Public Endpoint using the Console.

How many different access rules can I define for a public endpoint?

Oracle Analytics Cloud enables you to add up to 20 access control rules. See Manage Ingress Access Rules for a Public Endpoint using the Console.

How can I control access to my private endpoint?

If you want to protect your private endpoint, you can use predefined network security groups to control the incoming traffic (ingress). See Manage Ingress and Egress Access Rules for a Private Endpoint using the Console.

I created an Oracle Analytics Cloud instance with a private endpoint but I'm unable to access the Oracle Analytics Cloud URL from my browser?

After creating your Oracle Analytics Cloud instance, you must configure Domain Name Server (DNS) resolution on your private network to access the private endpoint. See Typical Workflow to Deploy Oracle Analytics Cloud with a Private Endpoint.

Where can I find the IP address for my Oracle Analytics Cloud instance?

You can find the IP address, Gateway IP address, and other useful information on the Additional Details tab in the Oracle Cloud Infrastructure. See Find the IP Address or Host Name of Your Oracle Analytics Cloud Instance.

Do I have any tools to test or debug network issues from my corporate network?

You can use nslookup to find IP address information for your Oracle Analytics Cloud instance.

# Use nlslookup
nslookup <OAC hostname> <DNS server IP address>

You can use netcat or cURL to check whether your Oracle Analytics Cloud instance is accessible:

# Use Netcat
nc -zv <OAC hostname> 443
# Use cURL
curl -v https://<OAC hostname>/public/dv/ping

In Oracle Cloud Infrastructure Console, navigate to the Additional Details tab of your Oracle Analytics Cloud instance to determine the Hostname .

Description of oac_console_hostname.jpg follows
Description of the illustration oac_console_hostname.jpg

Top FAQs for Network Security Groups

The top FAQs when configuring network security groups (NSGs) for Oracle Analytics Cloud are identified in this topic.

What is a network security group or NSG?

Network security groups act as a virtual firewall for Oracle Cloud Infrastructure resources such as Oracle Analytics Cloud. An NSG consists of a set of ingress and egress security rules that apply only to a set of VNICs of your choice in a single VCN. To learn more about NSGs and how to manage ingress and egress security rules, see Network Security Groups.

Can I use NSGs in Oracle Analytics Cloud?

Yes.

Can I use NSG ingress rules to restrict access into my public Oracle Analytics Cloud instance?

No. To restrict incoming traffic (ingress) to your public Oracle Analytics Cloud instance, use access control rules. See Control Incoming Traffic for a Public Endpoint (Ingress).

I applied a NSG to my Oracle Analytics Cloud instance and now I need to update the rules. Can I update or add new rules to the NSG?

Yes. Oracle Analytics Cloud applies the latest NSG rules for access to and from Oracle Analytics Cloud.

I applied a NSG with both ingress and egress rules to my Oracle Analytics Cloud instance. What's the impact on access to and from Oracle Analytics Cloud?

  • Private Oracle Analytics Cloud instance: Ingress rules defined in the NSG control incoming traffic (ingress) to Oracle Analytics Cloud.
  • Private data sources: Egress rules defined in the NSG control outgoing traffic.

How many NSGs can I apply to my Oracle Analytics Cloud instance?

Five.

If I apply multiple NSGs to my Oracle Analytics Cloud instance, what happens?

The set of rules applied is the union of the rules from all the NSGs.

Can I use one set of NSGs to control access to my private Oracle Analytics Cloud instance and a different set of NSGs to control access to my private data sources?

No. You must apply a single set of NSGs. The ingress rules in these NSGs control the incoming traffic and the egress rules in the NSGs control access to the private data sources.

Top FAQs for Private Data Sources

The top FAQs when setting up a private access channel for Oracle Analytics Cloud are identified in this topic.

What data sources can I connect to over a private access channel?

To find out which data sources you can connect to through a private access channel, see Supported Data Sources. Look for the data sources with the connectivity option private access channel in the "Use in Datasets" and "Use in Semantic Models" columns.

Note:

Private access channels enable you to connect to private data source hosts. You can't use a private access channel to access any other type of private host. For example, you can't use private access channels to access private hosts that represent FTP servers, SMTP servers, printers , MapViewer configuration, or any other type of private host you might you use.

When I connect to my private data source in Oracle Analytics Cloud, do I specify the domain name or the IP address of my private data source?

You must specify the Fully Qualified Domain Name (FQDN) of your private data source in the connect dialog. This is the same FQDN that’s registered in the private access channel. For example, domain names such as custcorp.com, example.com, adb.us-ashburn-1.oraclecloud.com, and so on. See About Private Data Sources.

You can’t use IP addresses to connect to private data sources.

My private Oracle Database has a Single Client Access Name (SCAN). Can I use the SCAN host name to connect to my private data source?

Yes. Register the SCAN host name and the SCAN port in private access channel. For example, SCAN host names such as db01-scan.corp.example.com, prd-db01-scan.mycompany.com, and the port where the SCAN protocol connects, for example 1521. See About Private Data Sources.

Note:

At least one DNS Zone is required on the private access channel. Select Virtual Cloud Network’s domain name as DNS zone to add the default domain.

I have several private data sources. Do I access all of them over a single private access channel?

Yes. Your Oracle Analytics Cloud instance supports a single private access channel. You can connect to multiple data sources through the same channel.

  • DNS Zones: You can add up to 30 DNS zone entries.
  • SCAN Hosts: You can add up to 15 SCAN host entries.

How long does it take to create, update, or delete private data sources?

It takes between 7 and 30 minutes to add or modify DNS zone and SCAN host entries.

How do I control access to the private data sources on my private access channel?

You can use egress rules defined in network security groups to restrict access to your private data sources. The way you configure network security groups depends whether the endpoint of your Oracle Analytics Cloud instance is public or private. See Manage Egress Access Rules for a Public Endpoint using the Console or Manage Ingress and Egress Access Rules for a Private Endpoint using the Console.

Can I add and remove data sources or edit the private access channel?

Yes. You can manage the DNS zones and SCAN hosts accessible through the private access channel. If your Oracle Analytics Cloud has a public endpoint, you can also change the VCN and subnet that the private access channel uses to access the private data sources and control access with one or more network security groups . See Edit a Private Access Channel.

You can monitor the progress of Edit Private Access Channel operations in the activity log. In the unlikely event an edit operation fails, Oracle recommends that you delete the private access channel and recreate it. See Monitor Status.

Can I use both a private access channel and Remote Data Gateway?

Yes. You can use both these methods to connect to your remote data sources.

Can I set up a private access channel with Oracle Analytics Cloud Classic or Oracle Analytics Cloud Gen 1?

No. The private access channel feature is available only with Oracle Analytics Cloud Gen 2.

Can I use the private access channel to access a private data source on a different OCI region?

No. Oracle Analytics Cloud and the Oracle Cloud Infrastructure VCN that's hosting the private data source must be in the same region. See Prerequisites for a Private Access Channel.

Can I use a private access channel to access Oracle-specific DNS zones?

In most cases, no. Access to most Oracle-specific DNS zones is restricted, for example oracle.com and oraclecloud.com. You can’t register these DNS zones as private sources and connect to them over a private access channel.

The only Oracle-specific DNS zone you can register as a private source in a private access channel is adb.<region>.oraclecloud.com. For example, adb.us-ashburn-1.oraclecloud.com. You can use this format to access private Oracle Autonomous Data Warehouse and Oracle Autonomous Transaction Processing databases.

How do I connect to a private Oracle Autonomous Data Warehouse in a customer VCN?

  1. In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses a subnet in the virtual cloud network (VCN) where the private Oracle Autonomous Data Warehouse is deployed. See Configure a Private Access Channel using the Console.

  2. Ensure that the subnet the private access channel uses has an egress rule to communicate with the private Oracle Autonomous Data Warehouse on port 1522. See Working with Security Lists.

  3. Register Oracle Autonomous Data Warehouse as a private source in the private access channel using the DNS zone format adb.<region>.oraclecloud.com. For example, adb.us-ashburn-1.oraclecloud.com. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console.

  4. Obtain the regional wallet for the private Oracle Autonomous Data Warehouse. See Download Client Credentials (Wallets).

  5. In Oracle Analytics Cloud, create a connection to Oracle Autonomous Data Warehouse that uses the regional wallet and select the service name of the private Oracle Autonomous Data Warehouse instance you want to connect to from the list. See Connect to Oracle Autonomous Data Warehouse.

How do I connect to a private data source in my Oracle Cloud Infrastructure VCN?

  1. In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses a subnet in the virtual cloud network (VCN) where the private data source is deployed. See Configure a Private Access Channel using the Console.

    In the Configure Private Access Channel page, select the checkbox VIRTUAL CLOUD NETWORK's DOMAIN NAME as DNS ZONE.

  2. Ensure that the subnet the private access channel uses has an egress rule to communicate with the private data source on its port. See Working with Security Lists.

  3. If you didn't select the checkbox in step 1, register the DNS zone of your VCN in the format <VCN DNS label>.oraclevcn.com. For example, example.oraclevcn.com. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console.

  4. In Oracle Analytics Cloud, create a connection that specifies the hostname of the VCN where the private data source is deployed. See

    Connect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.

How do I connect to a private data source in my corporate network peered to an Oracle Cloud Infrastructure VCN?

  1. Set up a direct connection between your corporate network and Oracle Cloud Infrastructure VCN. See Access to Your On-Premises Network.
  2. Set up a private DNS resolver in the Oracle Cloud Infrastructure VCN.

    Configure a DNS forwarder in the private DNS resolver to forward corporate hostname resolution to your company's DNS server. See Private DNS and Private DNS Implementation (A-Team Blog).

  3. In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses the subnet in the virtual cloud network (VCN) that is connected to the corporate network . See Configure a Private Access Channel using the Console.

  4. Ensure that the subnet the private access channel uses has an egress rule to communicate with IP address and port of the private data source. See Working with Security Lists.

  5. Register the DNS zone of the data source in the format <domain name>. For example, if the data source FQDN hostname is data-source-ds01.example.com, add the DNS Zone as example.com. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console.

  6. In Oracle Analytics Cloud, create a data source connection using the FQDN hostname data-source-ds01.example.com. See

    Connect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.

How do I connect to a private data source using an IP address in my corporate network peered to an Oracle Cloud Infrastructure VCN?

  1. Set up a direct connection between your corporate network and Oracle Cloud Infrastructure VCN. See Access to Your On-Premises Network.
  2. Create a private DNS view and then add a zone (in the view) for your custom domain. For example, ocivcn.example.com. See Private DNS.
  3. In the zone you just created, add a DNS record type A, and map the IP address to the fully qualified hostname. For example, datasource-ds-01.ocivcn.example.com.
  4. Navigate to the DNS Resolver option for your VCN and associate the private DNS VCN you created in step 2. See Private DNS Resolver.

    Configure one of the following:

    • DNS forwarder: Configure a DNS forwarder in the private DNS resolver to forward corporate hostname resolution to your company's DNS server. See Private DNS and Private DNS Implementation (A-Team Blog).
    • Hostname to IP address mapping: Add a custom record type A entry for the data source IP address mapping to an FQDN hostname under a unique DNS domain.

      For example, if the data source IP address in your corporate network is 10.40.100.55 and your corporate DNS Zone domain is example.com, add a DNS record type A that maps datasource-ds-01.ocivcn.example.com to 10.40.100.55.

  5. In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses the subnet in the virtual cloud network (VCN) that is connected to the corporate network . See Configure a Private Access Channel using the Console.

  6. Register the DNS zone of the data source in the format ocivcn.<domain name>. For example, if the data source DNS record is datasource-ds-01.ocivcn.example.com, add the DNS Zone as ocivcn.example.com. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console.

  7. In Oracle Analytics Cloud, create a data source connection using the hostname datasource-ds-01.ocivn.example.com. See

    Connect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.

Top FAQs for Vanity URLs

The top FAQs when setting up a vanity URL for Oracle Analytics Cloud are identified in this topic.

How many vanity URLs can I create for my Oracle Analytics Cloud instance?

One. See Set Up a Custom Vanity URL.

Does the standard URL continue to work?

Yes.

Can I use a self-signed certificate when defining a vanity URL?

No. Self-signed certificates aren't supported. However, you can create your own root signing certificate and use that to sign a certificate that you generate yourself. See Prerequisites for a Vanity URL.

Are wildcard certificates supported?

Yes.

Can I try this feature without registering a public DNS entry?

Yes. In the /etc/hosts file on your client machine, add an entry for the vanity host name you plan to use that points to the IP address of your Oracle Analytics Cloud instance. The vanity URL works on that machine.

Top FAQs for Data Encryption

The top FAQs when using custom data encryption in Oracle Analytics Cloud are identified in this topic.

What is the difference between Oracle-managed and customer-managed encryption?

Oracle-managed is the default encryption for Oracle Analytics Cloud and many other services in Oracle Cloud Infrastructure. Oracle-managed means sensitive data in Oracle Analytics Cloud will be encrypted with an encryption key whose lifecycle management is controlled by Oracle. Customers who don’t want to manage or access their encryption keys and are looking for the easiest way to protect all their data stored in Oracle Analytics Cloud can choose Oracle-managed encryption.

Customer-managed encryption is offered by the Vault service in Oracle Cloud Infrastructure. With customer-managed encryption, you control and manage the keys that protect your data.

Why can't I see the vault or encryption key I want to use for my Oracle Analytics Cloud instance?

You must have access to the compartment where the vault and master encryption key is stored, and you must have the required permissions to read and manage keys. See Prerequisites for Custom Encryption.

What happens if the custom encryption key my Oracle Analytics Cloud instance uses is deleted or disabled?

Disabling or deleting a customer-managed key makes your content within Oracle Analytics Cloud unreadable for everyone (including Oracle) and anyone who tries to access Oracle Analytics Cloud sees a 403 error (forbidden).

Your Oracle Analytics Cloud instance is unavailable (403 error) when the state of the master encryption key is any of the following: DISABLING, DISABLED, DELETING, DELETED, SCHEDULING_DELETION, PENDING_DELETION.

If the key is disabled and you decide to enable the key, Oracle Analytics Cloud becomes accessible. See Enable a key.

If the key was deleted, you might be able to cancel the delete operation. See Cancel the deletion of a key.