About Connecting to a Dedicated Autonomous Database

Applications and tools connect to a dedicated Autonomous Database using Oracle Net Services (also known as SQL*Net). Oracle Net Services enables a network session from a client application to an Oracle Database server.

When a network session is established, Oracle Net Services acts as the data courier for both the client application and the database. It is responsible for establishing and maintaining the connection between the client application and the database, as well as exchanging messages between them.

Oracle Net Services support a variety of connection types to the Autonomous Database, including:

  • Oracle Call Interface (OCI), which is used by many applications written in C language. Examples include Oracle utilities such as Oracle SQL*Plus, SQL*Loader, and Oracle Data Pump.

  • ODBC drivers, which can be used by applications running on Microsoft Windows, are layered over Oracle Call Interface (OCI).

  • JDBC OCI, which is used by Java language applications. JDBC OCI adds a layer over Oracle Call Interface for Java applications. The Oracle SQLcl command-line interface uses JDBC OCI.

  • JDBC Thin Driver, also for Java applications, is a pure Java driver. Oracle SQL Developer supports JDBC Thin Driver connections.

Third-party products and custom applications may use any of these connection types.

Secure Connections to Autonomous Database

The network path to a dedicated Autonomous Database is through a VCN (virtual cloud network) and subnet defined by the dedicated infrastucture hosting the database. Usually, the subnet is defined as private, meaning that there is no public Internet access to databases.

Autonomous Database provides several pairs of database services to use when connecting to your dedicated database. In each pair, one of the pair provides a secure TCP (TCPS) connection using the TLS protocol, and the other provides a TCP connection. In all other respects, the two members of a pair are the same. To ensure security of data in transit, Oracle strongly recommends that you use a secure connection, even if the database is only available through a private subnet. If you are familiar with using an Oracle Database within your own data center, you may not have previously used these secure connections.

To provide the secure connection, certification authentication uses an encrypted key stored in a wallet on both the client (where the application is running) and the server (where your dedicated Autonomous Database is running). The key on the client must match the key on the server to make a connection. A wallet contains a collection of files, including the key and other information needed to connect to your database . All communications between the client and the server are encrypted.

Oracle Call Interface (OCI) Connections and Wallets

Oracle Net Services can find the location of the Autonomous Database wallet using the WALLET_LOCATION parameter in the sqlnet.ora file.

When WALLET_LOCATION is used, Oracle Net Services automatically uses the wallet. The wallet is used transparently to the application. See Prepare for Oracle Call Interface (OCI), ODBC, and JDBC OCI Connections for information on setting WALLET_LOCATION.

See Download Client Credentials for information on downloading client credentials for Autonomous Database.

Download Client Credentials

Oracle client credentials (wallet files) are downloaded from Autonomous Database by a service administrator. If you are not an Autonomous Database administrator, your administrator should provide you with the client credentials.

To download client credentials, do the following from Oracle Cloud Infrastructure console:

  1. Navigate to the Autonomous Database details page.
  2. Click DB Connection.
  3. On the Database Connection page click Download.
  4. In the Download Wallet dialog, enter a wallet password in the Password field and confirm the password in the Confirm Password field.
    The password must be at least 8 characters long and must include at least 1 letter and either 1 numeric character or 1 special character.

    Note:

    This password protects the downloaded Client Credentials wallet. This wallet is not the same as the Transparent Data Encryption (TDE) wallet for the database; therefore, use a different password to protect the Client Credentials wallet.
  5. Click Download to save the client security credentials zip file.

    By default the filename is: Wallet_databasename.zip. You can save this file as any filename you want.

    You must protect this file to prevent unauthorized database access.

The zip file includes the following:

  • tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net client-side configuration.

  • cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the wallet password provided in the UI.

  • truststore.jks: Java truststore file that is protected by the wallet password provided while downloading the wallet.

  • ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This should be in the same path as tnsnames.ora.

  • hostinfo.json: Host information file with a list of IP addresses that are part of the cluster used by the Autonomous Database.

Note:

Wallet files, along with the Database user ID and password provide access to data in your Autonomous Database. Store wallet files in a secure location. Share wallet files only with authorized users. If wallet files are transmitted in a way that might be accessed by unauthorized users (for example, over public email), transmit the wallet password separately and securely.

Autonomous Database uses strong password complexity rules for all users based on Oracle Cloud security standards. For more information on the password complexity rules see .

Predefined Database Service Names for Autonomous Databases

Autonomous Database provides multiple sets of database services to use when connecting to your dedicated database. In each set, one service provides a secure TCP (TCPS) connection using the TLS protocol, and another provides a TCP connection. The databases configured to use Autonomous Data Guard have two additional services with the same connection types (TCPS and TCP) to the standby database for read-only access.

These connection services are designed to support different kinds of database operations:
  • tpurgent_tls, tpurgent, tpurgent_ro_tls, and tpurgent_ro: For high priority, time critical transaction processing operations.
  • tp_tls, tp, tp_ro_tls, and tp_ro: For typical transaction processing operations.
  • high_tls, high, high_ro_tls, high_ro: For high priority reporting and batch operations.
  • medium_tls, medium, medium_ro_tls, medium_ro: For typical reporting and batch operations.
  • low_tls, low, low_ro_tls, low_ro: For low priority reporting and batch operations.
Databases provisioned on fractional OCPUs can only connect to:
  • The tp and low services for the Autonomous Transaction Processing workloads, and
  • The low services for Autonomous Data Warehousing workloads.

Key Characteristics of the Predefined Database Services

  • Concurrent Statements: The maximum number of SQL statements that an Autonomous Database can be processing for a consumer group before queuing the statements.
  • Degree of Parallelism: Parallel execution is one of the Oracle Autonomous Database's features that creates and uses multiple processes to execute a single SQL statement. The degree of parallelism specifies the number of processes that can be used. Due to the performance cost of creating additional processes, parallel execution is generally worthwhile when:
    • The query references a large data set.
    • There is low concurrency.
    • The elapsed time is critical.
  • Resource Shares: Oracle Autonomous Database uses Oracle Database Resource Manager consumer groups to provide different resource allocations to each database service pair. Resource Shares define the fraction of resources guaranteed to a consumer group. However, any consumer group can use more than its Resource Shares when no resource contention exists.
  • FAN Enabled: Indicates if Fast Application Notification is enabled by default.
  • TAC Enabled: Indicates if Transparent Application Continuity is enabled by default.
The following table compares the different sets of database services based on the characteristics discussed above.
Service Names Degree of Parallelism Resource Shares Concurrent Statements FAN Enabled TAC Enabled
tpurgent_tls, tpurgent, tpurgent_ro_tls, and tpurgent_ro Set manually 12 300 x OCPUs Yes Yes
tp_tls, tp, tp_ro_tls, and tp_ro 1 8 300 x OCPUs Yes Yes
high_tls, high, high_ro_tls, and high_ro OCPUs 4 3 Yes No
medium_tls, medium, medium_ro_tls, and medium_ro 4 2 1.25 × OCPUs Yes No
low_tls, low, low_ro_tls, and low_ro 1 1 300 x OCPUs Yes No

Where the number of OCPUs is the CPU Core Count shown in the Oracle Cloud console.

The number of concurrent statements supported by the tp and low services on fractional OCPUs is calculated precisely in the same way as calculated for full core OCPUs, that is, 300 x OCPUs. For example, for a value of 0.5 OCPU, the total number of concurrent statements that can be handled by tp and low services is 300 X 0.5, that is, 150.

Note:

After connecting to your dedicated database using a service, do not attempt to switch that connection to a different service by changing the consumer group of the connection manually. Please note that the Autonomous Database performs more actions to configure the connection than just setting its consumer group while connecting to your dedicated database using a service.