Integrate Oracle Analytics with OCI Data Science

Integrate Oracle Analytics with Oracle Cloud Infrastructure (OCI) Data Science to perform machine learning and artificial intelligence without needing data scientist expertise. For example, with healthcare data, you might use a predictive model to identify risk factors and predict the risk of patient readmission after discharge.

Topics:

Prerequisites for Integrating OCI Data Science Models With Oracle Analytics

You need these prerequisites to integrate OCI Data Science with Oracle Analytics.

Create a connection between your Oracle Analytics instance and your OCI service - See Create a Connection to Your OCI Tenancy.
In OCI, save the machine learning models in the OCI Data Science Model Catalog. These models should be created and saved using Oracle Accelerated Data Science Software Development Kit 2.6.1 or higher to be compatible with Oracle Analytics.

Policies Required to Integrate OCI Data Science with Oracle Analytics

To integrate Oracle Analytics with OCI Data Science, make sure that you have the required security policies.

The OCI user that you specify in the connection between Oracle Analytics Cloud and your OCI tenancy must have read, write, and delete permissions on the compartment containing the OCI resources you want to use. Ensure that the OCI user belongs to a user group with the following minimum OCI security policies. When you connect to an OCI tenancy from Oracle Analytics, you can use either an OCI API key or resource principal.

Note: For resource principal, to include all Analytics instances under a compartment, specify {request.principal.type='analyticsinstance', request.principal.compartment.id='<compartmentA_ocid>'} instead of {request.principal.id='<analytics_instance_ocid>'}.

Table 32-3 Security policies required for OCI Data Science integration

API Key Policies	Resource Principal Policies
`Allow group <group_name> to read data-science-projects in compartment <compartment_name>`	`Allow any-user to read data-science-projects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to read data-science-models in compartment <compartment_name>`	`Allow any-user to read data-science-models in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to manage data-science-jobs in compartment <compartment_name>`	`Allow any-user to manage data-science-jobs in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to inspect instance-family in compartment <compartment_name>`	`Allow any-user to inspect instance-family in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to manage data-science-job-runs in compartment <compartment_name>`	`Allow any-user to manage data-science-job-runs in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to inspect virtual-network-family in compartment <compartment_name>`	`Allow any-user to inspect virtual-network-family in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow service datascience to use virtual-network-family in compartment <compartment_name>`	`Allow service datascience to use virtual-network-family in compartment <compartment_name>`
`Allow group <group_name> to manage log-groups in compartment <compartment_name>`	`Allow any-user to manage log-groups in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to read buckets in compartment <compartment_name>`	`Allow any-user to read buckets in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`
`Allow group <group_name> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>'`	`Allow any-user to manage objects in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>', target.bucket.name='<staging_bucket_name>'}`
`Allow group <group_name> to read objectstorage-namespaces in compartment <compartment_name>`	`Allow any-user to read objectstorage-namespaces in compartment <compartment_name> where all {request.principal.id='<analytics_instance_ocid>'}`

Table 32-4 OCI Data Science - Dynamic Group policies

Policy	Description
`Allow dynamic-group <dynamic_group> to read data-science-models in compartment <compartment_name>`	Provides Data Science model access to the Data Science job run.
`Allow dynamic-group <dynamic_group> to manage objects in compartment <compartment_name> where target.bucket.name='<staging_bucket_name>'`	Provides Object Storage access to the Data Science job run.
`Allow dynamic-group <dynamic_group> to use log-content in compartment <compartment_name>`	Provides Log access to the Data Science job run.

Note: When you specify <dynamic_group>, use a matching rule with this format:

all { resource.type='datasciencejobrun', resource.compartment.id='<compartment_id>' }

Where <compartment_id> is the OCID of the compartment that contains the Data Science models.

Make an OCI Data Science Model Available in Oracle Analytics

Before you can use Oracle Cloud Infrastructure (OCI) Data Science models to analyze data, you register them in Oracle Analytics.

Register OCI Data Science Models in Oracle Analytics to build machine learning (ML) into your applications without requiring ML expertise.

Before you start, create a connection between your Oracle Analytics instance and your OCI service. See Create a Connection to Your OCI Tenancy.

In addition, make sure that you log into Oracle Analytics as a user with the BI Service Administrator or DV Content Author role.

On the Home page, click Page Menu, then Register Model/Function, then Machine Learning Models.
This option is available for users with the BI Service Administrator or DV Content Author role.
On the Register an ML Model dialog, select the connection to your OCI tenancy.
In Select a Project page, click Select.
In Search Compartment, navigate to your stored model, and then click the model name.
When you select a model, you can review the details in the right-hand panel, for example, name, description, algorithm, and input and output columns.

Description of the illustration ocidatascience1.png
Click Next to display the Enter Resource Parameters dialog, and configure the model:
- Staging Bucket Compartment - Staging bucket's compartment name. Click Select to navigate to and select the compartment of the staging bucket.
  
  Staging Bucket - Staging bucket name is required for data transfer.
  
  Compute Shape - Compute shape is the virtual machine configuration, which is required for Data Science job creation.
  
  OCPUs - Required only if the compute shape is a Flex shape.
  
  Memory (GB) - Required only if the compute shape is a Flex shape.
  
  Storage (GB) - Size of block storage required for the Data Science job.
  
  Use default networking - Option to configure the network configuration. If you're not sure whether to use default networking, ask your Oracle Analytics administrator.
  - Select this option to use default networking, which provides default egress to the public internet. With a default network option, you can skip creating a network and setting up subnets and gateways. If you use the default network configuration, you can’t access or modify the provided default network for other purposes.
  - Deselect this option to configure subnets and Network Address Translation (NAT) gateways. For egress access to the public internet, OCI recommends a private subnet with a route to a NAT Gateway. A NAT gateway gives instances in a private subnet access to the internet. The Virtual Cloud Network (VCN) that is created in this step creates a private subnet with egress access to the internet through the VCN's NAT Gateway.
  VCN Compartment - Name of the compartment containing the VCN you want to use. Required only when Use default networking is deselected.
  
  VCN - The name of an existing VCN. Required only when Use default networking is deselected.
  
  Subnet Compartment - Name of the compartment containing the subnet you want to use. Required only when Use default networking is deselected.
  
  Subnet - Name of an existing subnet. Required only when Use default networking is deselected.
  
  Enable Logging - Option to enable logging in OCI Data Science.
  
  Log Group Compartment - Name of the compartment containing the log group in which Data Science logs are stored. Required only when logging is enabled.
  
  Log Group - Name of an existing log group in which to store logs. Required only when logging is enabled.
Click Register.
Optional: To confirm that the model was registered successfully, from the Home page, click Navigator, click Models, then click Machine Learning to display registered models and confirm that the model was registered successfully. Click Inspect to check that you've configured the model correctly.