Configure Autonomous Database for Proof of Concept (POC)

This use case demonstrates how to quickly configure your Autonomous Database resources on Dedicated Exadata Infrastructure for developing proof of concept (POC) applications.

Oracle Autonomous Database on Dedicated Exadata Infrastructure is a highly automated, fully managed database environment running in Oracle Cloud Infrastructure (OCI) with committed hardware and software resources. These isolated resources enable organizations to meet stringent security, availability, and performance requirements while reducing cost and complexity.

If you are looking to quickly create an Autonomous Database POC environment, continue to read on.

Tip:

For a comprehensive and recommended configuration that involves setting up separate development and production Autonomous Database environments, see Configure Autonomous Database with Reference Architecture.

Prerequisite Knowledge

To fully understand and appreciate this use case, you should have a basic understanding of Autonomous Database on Dedicated Exadata Infrastructure, including its deployment options, key infrastructure components, user roles, and main features. For more detailed information, please refer to About Autonomous Database on Dedicated Exadata Infrastructure.

Use Case

Acme Company is considering Autonomous Database on Dedicated Exadata Infrastructure for its internal project applications. Before finalizing, Acme I.T. decides to develop a proof of concept (POC) application called PocApp using Autonomous Database on Dedicated Exadata Infrastructure to help them evaluate the service capabilities.

Acme I.T. department will assume the role of fleet administrator, responsible for creating and managing Exadata Infrastructure (EI) and Autonomous Exadata VM Cluster (AVMC) resources for the company. It also takes on the application DBA role to create Autonomous Container Database (ACD) and Autonomous Database for their database users.

Note:

This example illustrates the fleet administrator creating and managing Autonomous Container Database and Autonomous Database resources. However, your organization may prefer that the application DBA undertake this task.

Resources Needed

OCI IAM Components

Description of the illustration adbd-poc-iamcomps.eps

• One compartment named AcmeComp to place the resources.
• One group named AcmeGroup to which users can be assigned.

  Note:

  Any user added to this group can perform as a fleet administrator, application DBA, or developer.
• One policy called AcmeCompPolicy to specify user access to the resources at the compartment and tenancy levels.

Network Resources

• Oracle Public Cloud deployments:

  • One VCN to provide network connectivity to all dedicated infrastructure resources. This VCN will connect to the Acme Company VPN using an IPSec VPN and have an Internet Gateway resource that blocks all incoming internet traffic. It will be named AcmeVCN.
  • Two subnets to provide network access isolation, one for the Autonomous Database resources and another for the application's client and mid-tier resources. These subnets will be named AcmeSubnet and AppSubnet respectively.

  Note:

  For simplicity, we are using a single VCN and leveraging subnets to provide network isolation. However, you can also create multiple VCNs to provide the required network access isolation. In this example, we create both AcmeSubnet and AppSubnet under AcmeComp for simplicity. Depending on your requirements, you can optionally place these subnets in separate compartments.

• Exadata Cloud@Customer deployments:

  • Set up network rules as listed in Network Requirements for Oracle Exadata Database Service on Cloud@Customer in Preparing for Exadata Database Service on Cloud@Customer.
  • Additionally, open Port 1522 to allow TCP traffic between primary database and standby database in an Autonomous Data Guard setup.

Autonomous Database Resources

Description of the illustration adbd-config-poc.eps

Autonomous Database resources as per the configuration depicted above.

• One Exadata Infrastructure named AcmeInfrastructure.
• One Autonomous Exadata VM Cluster (AVMC) within AcmeInfrastructure. This AVMC is named PocAVMC.
• PocAVMC hosts the Autonomous Container Database (ACD) and Autonomous Database, which are named PocACD and PocADB respectively, for developing the PocApp application.

High-Level Steps

Before Acme I.T. begins configuring Autonomous Database resources on Dedicated Exadata Infrastructure, it requests a service limit increase using the OCI console to add Exadata Infrastructure resources - Database Servers and Storage Servers to the tenancy. Refer to Request a Service Limit Increase for more details.

Listed below are the high-level steps to implement this use case:

1. Acme I.T. or security administrator for Acme Company's cloud tenancy creates the AcmeComp compartment, AcmeGroup group, and AcmePolicy compartment policy for resource isolation.
2. For access isolation:
   • For Oracle Public Cloud deployments, Acme I.T. or the network administrator for Acme creates the following network resources in the AcmeComp compartment:
     • VCN: AcmeVCN
     • Private subnets: AcmeSubnet
     • Public subnet: AppSubnet
   • For Exadata Cloud@Customer deployments, Acme I.T. or the network administrator of Acme ensures to:
     • Set up network rules as listed in Network Requirements for Oracle Exadata Database Service on Cloud@Customer in Preparing for Exadata Database Service on Cloud@Customer.
     • Open Port 1522 to allow TCP traffic between primary database and standby database in an Autonomous Data Guard setup.
3. After creating network resources, the security administrator adds the cloud user of a designated Acme I.T. member to the AcmeGroup, thus authorizing that user as the fleet administrator.
4. The newly authorized fleet administrator creates the following dedicated infrastructure resources in the AcmeComp compartment, in the below listed order:
   • Exadata Infrastructure resource named AcmeInfrastructure.
   • Autonomous Exadata VM Cluster (AVMC) named PocAVMC, specifying the newly created Exadata Infrastructure.

     Note:

     For Oracle Public Cloud deployments, use AcmeVCN and AcmeSubnet as its VCN and subnet.
   • Autonomous Container Database (ACD) named PocACD in the AcmeComp compartment, specifying PocAVMC as its underlying resource.
   • Autonomous Database named PocADB in the AcmeComp compartment, specifying PocACD as its underlying resource.

Step 1. Create OCI IAM Components

In this step, the security administrator for Acme Company's cloud tenancy creates the following OCI IAM components for resource isolation:

• AcmeComp compartment.

  To perform this step, the security administrator follows the instructions in Managing Compartments in Oracle Cloud Infrastructure Documentation to create a compartment using the Oracle Cloud console. When following these instructions, the security administrator specifies the root compartment of the tenancy as the parent compartment of AcmeComp compartment.

• AcmeGroup group.

  To perform this step, the security administrator follows the instructions in Managing Groups in Oracle Cloud Infrastructure Documentation to create a group using the Oracle Cloud console.

• AcmeCompPolicy Policy

  To perform this step, the security administrator follows the instructions in Managing Policies in Oracle Cloud Infrastructure Documentation to create a policy using the Oracle Cloud console.

  Note:

  In addition to creating the required policy statements, in this example the security administrator also creates "USE tag-namespaces" policy statements to permit group members to assign existing tags to the resources they create. To permit group members to create tags as well as use existing tags, the security administrator would instead create "MANAGE tag-namespaces" policy statements.

  When following these instructions to create AcmeCompPolicy, the security administrator:

  1. Sets the Compartment in the side menu to AcmeComp before clicking Create Policy.

  2. Adds either of the following Policy Statements depending on their deployment platform:

     • Oracle Public Cloud deployments:
       • Allow group AcmeGroup to MANAGE cloud-exadata-infrastructures in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE cloud-autonomous-vmclusters in compartment AcmeComp
       • Allow group AcmeGroup to USE virtual-network-family in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-container-databases in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-databases in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-backups in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE instance-family in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE metrics in compartment AcmeComp
       • Allow group AcmeGroup to INSPECT work-requests in compartment AcmeComp
       • Allow group AcmeGroup to USE tag-namespaces in compartment AcmeComp
     • Exadata Cloud@Customer deployments:
       • Allow group AcmeGroup to MANAGE exadata-infrastructures in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-vmclusters in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-container-databases in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-databases in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE autonomous-backups in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE instance-family in compartment AcmeComp
       • Allow group AcmeGroup to MANAGE metrics in compartment AcmeComp
       • Allow group AcmeGroup to INSPECT work-requests in compartment AcmeComp
       • Allow group AcmeGroup to USE tag-namespaces in compartment AcmeComp

Step 2. Create the VCN and Subnets

APPLIES TO: Oracle Public Cloud only

In this step, Acme I.T. or the network administrator of Acme creates the AcmeVCN VCN and the AcmeSubnet and AppSubnet subnets in the AcmeComp compartment.

To perform this step, Acme I.T. first confers with the Acme I.T. department's networking to reserve a CIDR IP address range that will not conflict with the company's on-premises network. (Otherwise, the VCN would conflict with the on-premises network and an IPSec VPN could not be set up.) The reserved range is CIDR 10.0.0.0/16.

Then, Acme I.T. adapts the instructions in Scenario B: Private Subnet with a VPN in Oracle Cloud Infrastructure Documentation to create the VCN, the Subnets and other network resources using the Oracle Cloud console.

In this example, the following CIDR blocks will be used for the two (2) subnets in AcmeVCN:

• 10.0.10.0/24 for AcmeSubnet (private subnet)
• 10.0.100.0/24 for AppSubnet (public subnet)

When adapting these instructions, Acme I.T. manually creates security lists (instead of using the default security lists) to isolate and separate security rules and thus make network management simpler. These security lists are:

• AcmeSeclist: the basic security list for AcmeSubnet. It is used when the AcmeSubnet subnet is created.
• AppSeclist: the basic security list for AppSubnet. It is used when the AppSubnet subnet is created.

For more details on AVMC ingress and egress requirements, see Requirements to Provision an Autonomous Exadata VM Cluster.

Security Rules in AcmeSeclist

Here are the ingress rules created in AcmeSeclist:

Stateless	Source	IP Protocol	Source Port Range	Destination Port Range	Type and Code	Allows
No	10.0.10.0/24	ICMP	All	All	All	ICMP traffic for : All
No	10.0.10.0/24	TCP	All	All		TCP traffic for ports: All
No	10.0.100.0/24	TCP	All	1521		TCP traffic for port: 1521 Oracle Net
No	10.0.100.0/24	TCP	All	2484		TCPS traffic for port: 2484 Oracle Net
No	10.0.100.0/24	TCP	All	6200		ONS/FAN for ports: 6200
No	10.0.100.0/24	TCP	All	443		HTTPS traffic for port: 443

Here are the egress rules created in AcmeSeclist:

Stateless	Destination	IP Protocol	Source Port Range	Destination Port Range	Type and Code	Allows
No	10.0.10.0/24	ICMP	All	All	All	All ICMP traffic within DevVMSubnet
No	10.0.10.0/24	TCP	All	All		All TCP traffic within DevVMSubnet

Security Rules in AppSeclist

Here is the ingress rule created in AppSeclist:

Stateless	Source	IP Protocol	Source Port Range	Destination Port Range	Type and Code	Allows
No	0.0.0.0/0	TCP	All	22	All	SSH traffic for ports: 22

Note:

It is recommended to change 0.0.0.0/0 in the security rules to your approved list of CIDR range/IP addresses.

Here are the egress rules created in AppSeclist:

Stateless	Destination	IP Protocol	Source Port Range	Destination Port Range	Type and Code	Allows
No	10.0.10.0/24	TCP	All	1521
No	10.0.10.0/24	TCP	All	2484
No	10.0.10.0/24	TCP	All	443
No	10.0.10.0/24	TCP	All	6200

Step 3. Assign Fleet Administrator

In this step, the security administrator adds the cloud user of a designated Acme I.T. member to the AcmeGroup.

To perform this step, the security administrator follows the instructions in Managing Users in Oracle Cloud Infrastructure Documentation to add a user to a group using the Oracle Cloud console.

Step 4. Create Autonomous Database Resources

In this step, the fleet administrator creates the following dedicated infrastructure resources in the AcmeComp compartment as per the following sequence:

1. Exadata Infrastructure

   In this step, the fleet administrator follows the instructions in Create an Exadata Infrastructure Resource to create an Exadata Infrastructure resource named AcmeInfrastructure.

2. Autonomous Exadata VM Cluster

   In this step, the fleet administrator follows the instructions in Create an Autonomous Exadata VM Cluster to create PocAVMC with the following specifications, leaving all the other attributes at their default settings.

   Setting	Value
   AVMC Name	PocAVMC
   Underlying Exadata Infrastructure	AcmeInfrastructure
   Virtual cloud network (VCN) APPLIES TO: Oracle Public Cloud only	AcmeVCN
   Subnet APPLIES TO: Oracle Public Cloud only	AcmeSubnet

3. Autonomous Container Database

   In this step, the fleet administrator follows the instructions in Create an Autonomous Container Database to create PocACD with the following specifications, leaving all other attributes at their default settings.

   Setting	Value
   ACD Name	PocACD
   Underlying AVMC	PocAVMC
   Container Database Software version	Latest software version (N)

4. Autonomous Database

   In this step, the fleet administrator follows the instructions in Create an Autonomous Database to create PocADB. These databases are created with the following specifications, leaving all other attributes at their default settings.

   Setting	Value
   Database Name	PocADB
   Underlying ACD	PocACD
   Database instance	Can choose to create an Autonomous Database or an Autonomous Database for Developers

The Autonomous Database on Dedicated Exadata Infrastructure is now configured to develop quick proof of concept applications.

---

Title and Copyright Information

Configure Autonomous Database for Proof of Concept (POC)

Copyright ©2024,

Oracle and/or its affiliates.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.