About Connecting to an Autonomous Database Instance

After you create database users, applications and tools connect to Autonomous Databases using Oracle Net Services (also known as SQL*Net). Oracle Net Services enables a network session from a client application to an Oracle Database server.

When a network session is established, Oracle Net Services acts as the data courier for both the client application and the database. It is responsible for establishing and maintaining the connection between the client application and the database, as well as exchanging messages between them.

Oracle Net Services support a variety of connection types to the Autonomous Database, including:

  • Oracle Call Interface (OCI), which is used by many applications written in C language. Examples include Oracle utilities such as Oracle SQL*Plus, SQL*Loader, and Oracle Data Pump.

  • ODBC drivers, which can be used by applications running on Microsoft Windows, are layered over Oracle Call Interface (OCI).

  • JDBC OCI, which is used by Java language applications. JDBC OCI adds a layer over Oracle Call Interface for Java applications. The Oracle SQLcl command-line interface uses JDBC OCI.

  • JDBC Thin Driver, also for Java applications, is a pure Java driver. Oracle SQL Developer supports JDBC Thin Driver connections.

Third-party products and custom applications may use any of these connection types.

See Create Users on Autonomous Database for information on creating database users.

Secure Connections to Autonomous Database

Connections to Autonomous Database are made over the public Internet, and all applications use a secure connection. If you are familiar with using an Oracle Database within your own data center, you may not have previously used these secure connections; next we describe the basic concepts of secure database connections.

Many applications provide support for more than one connection type, but each type of connection to Autonomous Database uses certificate authentication and Secure Sockets Layer (SSL). This ensures that there is no unauthorized access to the Autonomous Database and that communications between the client and server are fully encrypted and cannot be intercepted or altered.

Certification authentication uses an encrypted key stored in a wallet on both the client (where the application is running) and the server (where your database service on the Autonomous Database is running). The key on the client must match the key on the server to make a connection. A wallet contains a collection of files, including the key and other information needed to connect to your database service in the Autonomous Database. All communications between the client and the server are encrypted.

The following figure shows client secure connections to Oracle Autonomous Database over the public Internet. If you configure your database to use private endpoints, then the public internet is not used and the connection uses a private endpoint inside a Virtual Cloud Network (VCN) in your tenancy.

Description of autonomous-database.eps follows
Description of the illustration autonomous-database.eps

Connecting to Autonomous Database Through a Firewall

Most organizations protect networks and devices on a network using a firewall.  A firewall controls incoming and outgoing network traffic using rules which allow the use of certain ports and access to certain computers (or, more specifically IP addresses or host names).  An important function of a firewall is to provide separation between internal networks and the public internet.

Autonomous Database is accessed using the public internet.  To access the Autonomous Database from behind a firewall, the firewall must permit the use of the port specified in the database connection when connecting to the servers in the connection. The default port number for Autonomous Database is 1522 (find the port number in the connection string from the tnsnames.ora file in your credentials ZIP file). For example, see the port value in the following tnsnames.ora file:

db2020adb_high = (description = ( 
                address=(protocol=tcps)
                (port=1522)
                (host=adb.example.oraclecloud.com))
                (connect_data=(service_name=example_high.adb.oraclecloud.com))
                (security=(ssl_server_cert_dn="CN=adb.example.oraclecloud.com,
                 OU=Oracle BMCS US,O=Oracle Corporation,L=Redwood City,ST=California,C=US")))

Your firewall must allow access to servers within the .oraclecloud.com domain using port 1522. To connect to Autonomous Database, depending upon your organization's network configuration, you may need to use a proxy server to access this port or you may need to request that your network administrator open this port.

Using Application Continuity

Application Continuity is a feature that enables the replay, in a non-disruptive and rapid manner, of a request against the database after a recoverable error that makes the database session unavailable so an outage appears to the user as no more than a delayed execution of the request. With Application Continuity, Autonomous Database, the Oracle drivers, and the Oracle connection pools all collaborate to mask many outages in a safe and reliable way.

You can change the failover type on Autonomous Database using the DBMS_CLOUD_ADMIN procedures to enable or to disable Application Continuity. New sessions use the new failover type from the time when you modify the current value.

Note:

By default Application Continuity is disabled.

See Overview of Application Continuity for more information on Application Continuity.

See Enable and Disable Application Continuity for information on enabling and disabling Application Continuity in Autonomous Database.