Manually Register a Target Database

You can manually register all supported target databases with Oracle Data Safe from the Target Databases page in Oracle Cloud Infrastructure.

Overview

Advanced users may prefer to register target databases manually with Oracle Data Safe instead of using a wizard. Manual registration requires that you're familiar with target registration concepts and know how to fulfill all of the preregistration tasks without the assistance of the wizard.

You can also choose to register an Autonomous Database directly from the database's details page in Oracle Cloud Infrastructure. If your Autonomous Database has a public IP address, you simply click the Register link and you are done. If you are registering an Autonomous Database with a private IP address, you need have an Oracle Data Safe private endpoint created beforehand. When registering an Autonomous Database on Dedicated Exadata Infrastructure, you need to provide the ADMIN database user credentials.

Preregistration Tasks for Manual Target Database Registration

Before manually registering a database as an Oracle Data Safe target database, be sure to complete the following preregistration tasks.

• Obtain permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) for registering your target database. See the following:
  • Permissions to Register an Autonomous Database with Oracle Data Safe
  • Permissions to Register an Oracle Cloud Database with Oracle Data Safe
  • Permissions to Register an On-Premises Oracle Database with Oracle Data Safe
  • Permissions to Register an Oracle Database on Compute with Oracle Data Safe
  • Permissions to Register an Oracle Cloud@Customer Database with Oracle Data Safe
• If needed, create an Oracle Data Safe private endpoint or an Oracle Data Safe on-premises connector to connect Oracle Data Safe to your target database. See the following:
  • Create an Oracle Data Safe Private Endpoint
  • Create an Oracle Data Safe On-Premises Connector
• If you are using an Oracle Data Safe private endpoint to connect your target database to Oracle Data Safe, create the necessary ingress and/or egress security rules. See Add Security Rules.
• (Oracle Cloud Databases only) If your database has a public IP address, then add Oracle Data Safe's NAT gateway IP address to your virtual cloud network's network security group (NSG) or security list. See Add Oracle Data Safe's NAT Gateway IP Address to Your Virtual Cloud Network's Security List.
• (Non-Autonomous Databases only) Create an Oracle Data Safe service account on your database. See Create an Oracle Data Safe Service Account on Your Target Database.
• Grant and revoke roles from the Oracle Data Safe service account on your target database to allow or disallow Oracle Data Safe features on the database. See Grant Roles to the Oracle Data Safe Service Account on Your Target Database.
• (Non-Autonomous Databases only) If you plan to configure a TLS connection to your target database, then you need to do the following:
  • If you are connecting to your target database via an Oracle Data Safe private endpoint, create a wallet or certificate. See Create a Wallet or Certificates for a TLS Connection.
  • If you are connecting to your target database via an Oracle Data Safe on-premises connector, configure the TLS connection between your on-premises database and the on-premises connector on your host machine. See Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and Your Oracle Database.
• (Autonomous Database on Dedicated Exadata Infrastructure) If Database Vault is enabled on the database, connect to your database as a user with the DV_ACCTMGR role and temporarily grant the c role to the ADMIN user.
• (Autonomous Database on Exadata Cloud@Customer) Configure a TLS connection between the on-premises connector on your host machine and your Autonomous Database. See Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and an Autonomous Database on Exadata Cloud@Customer Database.

Manually Register an Autonomous Database

Oracle recommends using the Oracle Data Safe registration wizard for Autonomous Databases; however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterwards.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Autonomous Database.
6. Configure the fields as described in the following table.

   Field	Instruction
   Select Database	Select the name of your database. If needed, click Change Compartment, select a different compartment, and then select the name of your database.
   Data Safe Target Display Name	Enter a friendly name for your target database.This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The compartment doesn't have to be the same compartment in which the actual database resides. You cannot change the compartment after the target database is registered.

7. Click Register.

Manually Register an Oracle Cloud Database

Oracle recommends using the Oracle Data Safe registration wizard for Oracle Cloud Databases; however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterwards.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Oracle Cloud Database.
6. Configure the fields as described in the following table.

   Field	Instruction
   Cloud Database type	Select Oracle Base Database (VM, BM) or Exadata on Oracle Public Cloud (select this option to register an Exadata DB system that uses the new resource model - Exadata VM cluster).
   Select Database	Select the name of your database. If needed, click Change Compartment, select a different compartment, and then select your database name.
   Data Safe Target Display Name	Enter a friendly name for your target database.This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The compartment doesn't have to be the same compartment in which the actual database resides. You cannot change the compartment after the target database is registered.
   Database with Private IP?	If your database has a private IP address, select Yes. If your database has a public IP address, select No.
   Select Private Endpoint	(If your database has a private IP address) Select an Oracle Data Safe private endpoint. If needed, click Change Compartment to browse to a different compartment and select a private endpoint. If you do not have a private endpoint created, exit manual registration and create one.
   TCP/TLS	Select TCP or TLS as the connection protocol. If you select TLS, upload your JKS wallet's truststore.jks file, and enter the wallet password. If client authentication is enabled on your target database, also upload the JKS wallet's keystore.jks file. This file is not required if client authentication is not enabled.
   Database Service Name	Enter the long version of the database service name for the target database; for example, abc_prod.subnetad3.tttvcn.companyvcn.com. You can find the database service name in the tnsnames.ora file for your target database, or by running the following statement when connected to the PDB via SQL Plus: select sys_context('userenv','service_name') from dual;
   Database Port Number	Enter a custom port number; otherwise the default, pre-filled port number is used. For an Exadata on Oracle Public Cloud database, enter the port number of the SCAN listener.
   Data Safe User and Database Password	Enter the credentials for the Oracle Data Safe user account on your target database. A default Oracle Data Safe user name is displayed if it exists on your target database (for example, DATASAFE$ADMIN). The user name is case-insensitive, unless you enclose it in quotation marks. You cannot specify database roles, such as SYSDBA or SYSKM, and you cannot specify SYS as the user.
   Download Privilege Script	To grant roles to the Oracle Data Safe user account on your target database, click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions. Also see Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database.

7. Click Register.

Manually Register an Oracle On-Premises Database

Oracle recommends using the Oracle Data Safe registration wizard for Oracle On-Premises Databases; however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterwards.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Oracle On-Premises Database.
6. Configure the fields as described in the following table.

   Field	Instruction
   Data Safe Target Display Name	Enter a friendly name for your target database.This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The compartment doesn't have to be the same compartment in which the actual database resides. You cannot change the compartment after the target database is registered.
   Choose a connectivity option	Select On-Premises Connector or Private Endpoint.
   Select Private Endpoint	(If you chose private endpoint) Select the name of an existing Oracle Data Safe private endpoint. If needed, click Change Compartment to browse to a different compartment and select a private endpoint.
   Select On-Premises Connector	(If you chose on-premises connector) Select the name of an existing Oracle Data Safe on-premises connector. If needed, click Change Compartment to browse to a different compartment and select an on-premises connector.
   Connection Protocol	Select TCP or TLS. If you select TLS, upload your JKS wallet's truststore.jks file, and enter the wallet password. If client authentication is enabled on your target database, also upload the JKS wallet's keystore.jks file. This file is not required if client authentication is not enabled.
   Database Service Name	Enter the long version of the database service name for the target database; for example, abc_prod.subnetad3.tttvcn.companyvcn.com. You can find the database service name in the tnsnames.ora file for your target database, or by running the following statement when connected to the PDB via SQL Plus: select sys_context('userenv','service_name') from dual;
   Database IP Address	Enter the database IP addresses for each database node listener. Separate the IP addresses with a comma. For a RAC database, enter the IP addresses for the RAC database nodes.
   Database Port Number	Enter a custom port number; otherwise the default, pre-filled port number is used. All node listeners have to run on the same port for on-premises databases.
   Data Safe User and Database Password	Enter the credentials for the Oracle Data Safe user account on your target database. A default Oracle Data Safe user name is displayed (DATASAFE$ADMIN). The user name is case-insensitive, unless you enclose it in quotation marks. You cannot specify database roles, such as SYSDBA or SYSKM, and you cannot specify SYS as the user.
   Download Privilege Script	To grant roles to the Oracle Data Safe user account on your target database, click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions. Also see Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database.

7. Click Register.

Manually Register an Oracle Database on Compute

Oracle recommends using the Oracle Data Safe registration wizard for an Oracle Database on Compute; however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterwards.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Oracle Database on Compute.
6. Configure the fields as described in the following table.

   Field	Instruction
   Cloud environment	Select Oracle Cloud Infrastructure if your database runs in Oracle Cloud Infrastructure, or select Other cloud environment if your target database runs in a non-Oracle cloud environment.
   Select Database	(If your target database runs in Oracle Cloud Infrastructure) Select the name of your database. If needed, click Change Compartment, select a different compartment, and then select your database name.
   Data Safe Target Display Name	Enter a friendly name for your target database.This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The compartment doesn't have to be the same compartment in which the actual database resides. You cannot change the compartment after the target database is registered.
   Choose a connectivity option	Select On-Premises Connector or Private Endpoint. If your target database runs in Oracle Cloud Infrastructure, Oracle recommends you use a private endpoint. If your target database runs in a non-Oracle cloud environment, Oracle recommends you use an on-premises connector.
   Select Private Endpoint	(If you chose private endpoint) Select the name of an existing Oracle Data Safe private endpoint. If needed, click Change Compartment to browse to a different compartment and select a private endpoint.
   Select On-Premises Connector	(If you chose on-premises connector) Select the name of an existing Oracle Data Safe on-premises connector. If needed, click Change Compartment to browse to a different compartment and select an on-premises connector.
   Connection Protocol	Select TCP or TLS. If you select TLS, upload your JKS wallet's truststore.jks file, and enter the wallet password. If client authentication is enabled on your target database, also upload the JKS wallet's keystore.jks file. This file is not required if client authentication is not enabled.
   Database Service Name	Enter the long version of the database service name for the target database; for example, abc_prod.subnetad3.tttvcn.companyvcn.com. You can find the database service name in the tnsnames.ora file for your target database, or by running the following statement when connected to the PDB via SQL Plus: select sys_context('userenv','service_name') from dual;
   Database IP Address	(Non-Oracle cloud environments) Enter the database IP address for your target database.
   Database Port Number	Enter a port number.
   Data Safe User and Database Password	Enter the credentials for the Oracle Data Safe user account on your target database. A default Oracle Data Safe user name is displayed (DATASAFE$ADMIN). The user name is case-insensitive, unless you enclose it in quotation marks. You cannot specify database roles, such as SYSDBA or SYSKM, and you cannot specify SYS as the user.
   Download Privilege Script	To grant roles to the Oracle Data Safe user account on your target database, click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions. Also see Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database.

7. Click Register.

Manually Register a Cloud@Customer Database

Oracle recommends using the Oracle Data Safe registration wizard for Oracle Cloud@Customer Databases; however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterwards.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Oracle Cloud@Customer Database.
6. For Choose a target type, select Exadata Cloud@Customer or Autonomous Database on Exadata Cloud@Customer, configure the fields for your target type, and then click Register.
   • Exadata Cloud@Customer database
   • Autonomous Database on Exadata Cloud@Customer

   Select VM Cluster	Select a VM cluster. If needed, click Change Compartment, select a different compartment, and then select a VM cluster.
   Data Safe Target Display Name	Enter a friendly name for your target database. This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The target database does not need to be stored in the same compartment as the VM cluster or database. You cannot change the compartment after the target database is registered.
   Choose a connectivity option	Select On-Premises Connector or Private Endpoint, and then select the name of an existing Oracle Data Safe private endpoint or Oracle Data Safe on-premises connector. If needed, click Change Compartment, browse to a different compartment, and then make your selection.
   Connection Protocol	Select TCP or TLS. If you select TLS, upload your JKS wallet's truststore.jks file, and enter the wallet password. If client authentication is enabled on your target database, also upload the JKS wallet's keystore.jks file. This file is not required if client authentication is not enabled.
   Database Service Name	Enter the long version of the database service name for the target database; for example, abc_prod.subnetad3.tttvcn.companyvcn.com. You can find the database service name in the tnsnames.ora file for your target database, or by running the following statement when connected to the PDB via SQL Plus: select sys_context('userenv','service_name') from dual;
   Database Port Number	(Optional) If the database listener is not running on the default port, enter the custom port number; otherwise, leave this field blank.
   Data Safe User and Database Password	Enter the credentials for the Oracle Data Safe user account on your target database. A default Oracle Data Safe user name is displayed (DATASAFE$ADMIN). The user name is case-insensitive, unless you enclose it in quotation marks. The password must be between 14 and 30 characters long and must contain at least 1 uppercase, 1 lowercase, 1 numeric, and 1 special character. You cannot specify database roles, such as SYSDBA or SYSKM, and you cannot specify SYS as the user.
   Download Privilege Script	To grant roles to the Oracle Data Safe user account on your target database, click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions. Also see Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database.

   Select Database	Select a database. If needed, click Change Compartment, select a different compartment, and then select your database name.
   Data Safe Target Display Name	Enter a friendly name for your target database. This name can be any name you want, and all characters are accepted. The maximum number of characters is 255. This name is displayed in all of the Oracle Data Safe reports that pertain to your target database.
   Description	(Optional) Enter a description that is meaningful to you.
   Compartment	Select the compartment where you want to store the target database registration information. The compartment doesn't have to be the same compartment in which the actual database resides. You cannot change the compartment after the target database is registered.
   Choose a connectivity option	Select On-Premises Connector or Private Endpoint, and then select the name of an existing Oracle Data Safe private endpoint or Oracle Data Safe on-premises connector. If needed, click Change Compartment, browse to a different compartment, and then make your selection. If you choose on-premises connector, be sure to configure a TLS connection between the Connection Manager of the on-premises connector on your host machine and your target database. See Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and Your Oracle Database.
   Database Admin User and Database Password	Enter the credentials for the ADMIN user account on your target database. This is required to unlock the Oracle Data Safe user account that already exists on your database.

Manually Register an Amazon RDS for Oracle database

Oracle recommends using the Oracle Data Safe registration wizard however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterward.

Preregistration Tasks for Registering Amazon RDS for Oracle with Private IP

The below topics should be completed before registering an Amazon RDS for Oracle database. Select the tab for registering with an Oracle Data Safe private endpoint if you have an established FastConnect or VPNConnect connection between your OCI tenancy and your Amazon cloud environment. If you are establishing a TCP connection, you do not need to perform the steps to create a wallet for TLS connection.

• On-Premises Connector
• Private Endpoint

Task Number	Task	Link to Instructions
1	In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to register a database with Oracle Data Safe	Permissions to Register a Target Database with Oracle Data Safe
2	In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to use an On-Premises Connector	Permissions for an Oracle Data Safe On-Premises Connector
3	Create an Oracle Data Safe service account on your target database and grant it Oracle Data Safe roles. Create the service account as the SYS user. Make sure to run the privilege script with the-RDSORACLE parameter as it is required if you are registering an Amazon RDS for Oracle database.	Create an Oracle Data Safe Service Account on Your Target Database Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database
4	Create an On-premises Connector	Create an Oracle Data Safe On-Premises Connector
5	Add the security certificate for the Amazon RDS specific region	Add the Security Certificate for the Amazon RDS Specific Region
6	TLS connection only: Configure a connection between the on-premises connector and your target database	Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and Your Oracle Database

Task Number	Task	Link to Instructions
1	In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to register a database with Oracle Data Safe	Permissions to Register a Target Database with Oracle Data Safe
2	In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to use an Oracle Data Safe Private Endpoint	Permissions for an Oracle Data Safe Private Endpoint
3	In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to use the underlying virtual networking resources of the private endpoint.	Virtual Cloud Networking Resources
4	Create an Oracle Data Safe service account on your target database and grant it Oracle Data Safe roles. Create the service account as the SYS user. Make sure to run the privilege script with the-RDSORACLE parameter as it is required if you are registering an Amazon RDS for Oracle database.	Create an Oracle Data Safe Service Account on Your Target Database Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database
5	Create an Oracle Data Safe private endpoint.	Create an Oracle Data Safe Private Endpoint
6	Add the security certificate for the Amazon RDS specific region	Add the Security Certificate for the Amazon RDS Specific Region
7	TLS connection only: Create a wallet or certificate	Create a Wallet or Certificates for a TLS Connection

Manually Register Amazon RDS for Oracle

Oracle recommends using the Oracle Data Safe registration wizard however, advanced users can also use the manual registration option as described below. Be sure to complete the pre-registration tasks beforehand and the post-registration tasks afterward.

1. Sign in to Oracle Cloud Infrastructure (OCI).
2. From the navigation menu in Oracle Cloud Infrastructure, select Oracle Database, and then Data Safe - Database Security.
3. Under Data Safe on the left, click Target Databases.
4. Click Register Database.
5. For Database Type, select Amazon RDS for Oracle.
6. At DATA SAFE TARGET DISPLAY NAME, enter a target display name that is meaningful to you. Data Safe uses this name in its reports. All characters are accepted. The maximum number of characters is 255.
7. (Optional) In the DESCRIPTION field, add a description that is meaningful to you.
8. At COMPARTMENT, use the drop-down menu to select the compartment where you want to store the target database.
9. Select either Private endpoint or On-premises connector as the connectivity option.
10. Select an existing private endpoint or on-premises connector from the appropriate compartment.

11. Select either TCP or TLS connection.

    If you select TLS connection:

    1. (Private endpoint only): Convert the Amazon Web Services (AWS) region certificate that you downloading as a prerequisite from PEM format to JKS truststore format following the steps documented in Converting PEM-format keys to JKS format. For more information see Add the Security Certificate for the Amazon RDS Specific Region.
    2. (Private endpoint only): Upload your JKS wallet's truststore.jks file, and enter the wallet password. This file is required when client authentication is enabled or disabled on your target database.
    3. (Private endpoint only): When client authentication is enabled on your target database, upload the JKS wallet's keystore.jks file. This file is not required when client authentication is disabled.

    Note:

    In your AWS environment you will need to:

    • Configure SSL option group to enable SSL connection. After enabling the SSL connection, the certificate authority would show up. See Oracle Secure Sockets Layer and Creating an option group from Amazon to learn how to enable the SSL option.
    • Modify the inbound rules on port 2484 (opened by default) on Amazon RDS to allow for TLS connection

    .
12. At DATABASE SERVICE NAME, enter the service name of the CDB or PDB.

    You can use the database name on the Configuration tab of the RDS Amazon console for service name.

13. Enter the Database IP address/endpoint.

    Tip:

    For registration via private endpoint, an IP address should be provided.
14. Enter the Database port number.

    The port number can be found under the Connectivity and Security tab of the Amazon RDS console.

15. Perform this step if you did not already granted roles to the database user in the preregistration tasks.

    Click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions on how to use it to grant privileges to the Oracle Data Safe service account on your target database. You should also refer to the preregistration task Grant Roles to the Oracle Data Safe Service on a Non-Autonomous Database for some additional details.

16. At DATABASE USERNAME and DATABASE PASSWORD, enter the name and password of the user you created in the preregistration tasks. Oracle Data Safe uses this account to connect to the target database.
17. Click Register.

Post Registration Tasks for Manual Target Database Registration

After you complete the manual target database registration, perform the following post registration tasks as needed:

• (Optional) Grant users access to Oracle Data Safe features with the target database by configuring IAM policies. See Create IAM Policies for Oracle Data Safe Users.
• (Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking roles from the account. See Grant Roles to the Oracle Data Safe Service Account on Your Target Database.
• For an Autonomous Database on Dedicated Exadata Infrastructure only: If Database Vault is enabled on your target database, connect to your target database as a user with the DV_ACCTMGR role and revoke the DV_ACCTMGR role from the ADMIN user.
• For Oracle Database on a compute instance, make sure the firewall of the compute instance is configured to allow ingress traffic from the Oracle Data Safe private endpoint or Oracle Data Safe on-premises connector.
• For an Oracle On-Premises database or an Oracle Cloud@Customer database, make sure to allow ingress traffic to your target database from the Oracle Data Safe private endpoint or Oracle Data Safe on-premises connector.