1. Using Oracle Big Data Cloud Service
  2. Get Started with Oracle Big Data Cloud Service
  3. Before You Begin with Oracle Big Data Cloud Service
  4. Enabling IPsec VPN Access to Oracle Big Data Cloud Service

Enabling IPsec VPN Access to Oracle Big Data Cloud Service

Oracle Network Cloud Service — VPN for Engineered Systems is an add-on service available at an additional subscription fee. Using this service, you can create a secure virtual private network (VPN) tunnel over the Internet that connects your corporate network to Oracle Public Cloud services, such as Oracle Big Data Cloud Service. The service uses IPsec, which is a suite of protocols designed to authenticate and encrypt all IP traffic between two locations.

Note:

For information on IPSec standards, see the Internet Engineering Task Force (IETF) Request for Comments (RFC) 6071: IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap.

Before you request VPN, ensure these requirements are met at your site:

  • VPN device requirements. You need a VPN gateway device that uses current IPSec standards to establish a secure tunnel between your network and the Oracle Public Cloud. You will provide the details of your device to Oracle. The device must support:

    • IPv4 traffic with support for ICMP, TCP and UDP. Multicast traffic is not supported.

    • Tunnel mode sessions: Tunnel mode is used to create a virtual private network between your network and the Oracle Public Cloud, rather than between a specific set of hosts. It is used to protect all communications between both networks.

    • Authentication with pre-shared keys. The same pre-shared key is configured on each IPSec VPN gateway device.

    • Dynamic rekeying: IPsec uses dynamic rekeying to control how often a new key is generated during communication. Communication is sent in blocks and each block of data is secured with a different key.

  • Network requirements for an IPSec VPN connection. Both sides must provide subnets:

    • On your side, dedicate subnets in your network for this VPN connection. You will indicate these subnets to Oracle. You will give the necessary information about these subnets to Oracle. To prevent an IP address conflict in the end-to-end network connection, mask your internal systems with a public or non-RFC 1918 address range.

    • On the Oracle side, the network engineers from the Oracle Cloud Operations will provide the destination subnets in a way that avoids IP address conflicts.

To request a VPN provisioning by Oracle Support:

  1. Contact your sales representative and ask them to place an order for Oracle Network Cloud Service — VPN for Engineered Systems — Non-metered. This can be a separate order, or it can be made in conjunction with an order for Oracle Big Data Cloud Service.

  2. Once you have an active subscription to Oracle Network Cloud Service — VPN for Engineered Systems, go to the My Oracle Support Note 2056914.1 and follow its instructions.

Oracle engineers will receive your information and check that all prerequisites are met. Next, during an agreed maintenance window, Oracle together with your network engineers will provision the VPN service and run through a post-configuration checklist to ensure that the VPN connection is working and that the setup is completed.