About Private Endpoints

A private endpoint allows outbound (egress) traffic originating from Oracle Integration to be routed on a private channel within Oracle Cloud Infrastructure without exposing it to the public internet.

Note:

A private endpoint doesn't have any noticeable affect on bandwidth, throughput, or performance.

Example

The following diagram illustrates an example of how Oracle Integration can connect to private resources using a private endpoint.

Your tenancy is in the Oracle Cloud. Your tenancy contains several resources, including your Oracle Integration instance and a VCN, which contains a private subnet. The Oracle Integration instance contains an integration that has a connection based on the Oracle ATP Adapter. Outbound traffic from the Oracle Integration instance flows over a secure connection through the private endpoint and connects to the Virtual Network Interface Card (VNIC), which is in the VCN. The VNIC allows for a connection to an Oracle Autonomous AI Database (ATP) in the subnet.

Described in surrounding text.

Other Private Endpoint Scenarios

Because network topologies can vary greatly, Oracle Integration supports and documents only one private endpoint scenario—securing outbound traffic that connects to a private resource in your VCN. However, other scenarios are possible:

  • Securing outbound traffic that connects to a public-facing endpoint with an access control list (ACL) that accepts requests from specific IP addresses.

    In such cases, you typically create a private NAT gateway, and the ACL accepts requests only from the IP address of the NAT gateway.

  • Securing outbound traffic with Site-to-Site VPN using IPSec tunnels on FastConnect.

Another option for connecting to resources on your on-premises network is the connectivity agent. For information on when to use which option, see Private Endpoint vs. Connectivity Agent.

Send Information to ZPR-Secured OCI Resources

If your Oracle Integration instance needs to send information to a ZPR-secured OCI resource, you also need to add the appropriate security attributes. See Assign ZPR Security Attributes to Your Instance.

Things to Keep in Mind

  • Supported in select adapters

    Private endpoints are supported in select adapters. See Adapters that Support Connecting to Private Endpoints in Using Integrations in Oracle Integration 3.

  • One endpoint per instance

    You can configure only one private endpoint per Oracle Integration instance.

  • No modifications

    You can't modify the private endpoint. If you need to make changes, simply delete the endpoint and create it again. See Delete a Private Endpoint.

  • Outbound traffic only

    A private endpoint doesn't secure inbound (ingress) traffic originating from outside Oracle Integration. To restrict inbound traffic, use access control lists (ACLs), also known as allowlists.