Register an Oracle Cloud@Customer Database

You can register Oracle Cloud@Customer databases as target databases in Oracle Data Safe.

In Oracle Data Safe, use the Oracle Cloud@Customer databases wizard to register the following databases:

  • Oracle Exadata Database Service on Cloud@Customer
  • Oracle Autonomous AI Database on Exadata Cloud@Customer

Note:

Be sure to complete the preregistration tasks before using the wizard and the post-registration tasks afterward.

Preregistration Tasks

The following table lists the preregistration tasks for an Oracle Cloud@Customer database.

Task Number Task Link to Instructions
1 In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to register your target database. Permissions to Register an Oracle Cloud@Customer Database with Oracle Data Safe
2 (Oracle Exadata Database Service on Cloud@Customer) Create an Oracle Data Safe service account on your target database and grant it Oracle Data Safe roles. Create the service account as the SYS user.

Create an Oracle Data Safe Service Account on Your Database
3 (Oracle Exadata Database Service on Cloud@Customer) Grant the Oracle Data Safe service account on your target database Oracle Data Safe roles.

Grant Roles to the Oracle Data Safe Service Account on Your Target Database
4 (Oracle Exadata Database Service on Cloud@Customer) If you plan to connect to the target database via an Oracle Data Safe private endpoint and want to configure a TLS connection, create a wallet or certificates.

Create a Wallet or Certificates for a TLS Connection.

Run the Oracle Cloud@Customer Databases Wizard

The following sections detail the workflow for the Oracle Cloud@Customer databases registration wizard.

Step 1: Select database

  1. On the Overview page in Oracle Data Safe, find Oracle Cloud@Customer databases, and then select Start wizard.
    The wizard opens on step 1, Select database.
  2. For Cloud@Customer database type, select Oracle Exadata Database Service on Cloud@Customer or Autonomous AI Database on Exadata Cloud@Customer.
  3. (Oracle Exadata Database Service on Cloud@Customer) Select the compartment that contains the VM cluster, and then select the VM cluster name.
  4. (Autonomous AI Database on Exadata Cloud@Customer) Select the compartment that contains the database, and then select the database name.
  5. For Data Safe target display name, enter a target database name that is meaningful to you. Oracle Data Safe uses this name in its reports.
  6. For Compartment, select the compartment where you want to store the Oracle Data Safe target database. The target database does not need to be stored in the same compartment as the VM cluster or database.
  7. (Optional) For Description, enter a description that is meaningful to you.
  8. (Oracle Exadata Database Service on Cloud@Customer) Select Select PDB from list or Enter database service name.
    • For PDB: Select the name of your database and a PDB name. The PDB name is the OCID of the VM cluster of Oracle Exadata Database Service.
    • For database service name: Enter the database service name of the PDB or CDB; for example, ORCL.
  9. (Oracle Exadata Database Service on Cloud@Customer) If you did not already grant roles to the database user during the preregistration tasks, select Download privilege script and save the datasafe_privileges.sql script to your computer. The script includes instructions on how to use it to grant privileges to the Oracle Data Safe service account on your target database. You should also refer to the preregistration task Grant Roles to the Oracle Data Safe Service on a Non-Autonomous AI Database for additional details.
  10. (Oracle Exadata Database Service on Cloud@Customer) For Database user name and Database password, enter the credentials for the Oracle Data Safe user account that you created on your target database during the preregistration tasks. Oracle Data Safe uses this account to connect to the database. If the user name is mixed case, enclose it in double-quotes (" "). The password must be between 14 and 30 characters long and must contain at least 1 uppercase, 1 lowercase, 1 numeric, and 1 special character.
  11. (Autonomous AI Database on Exadata Cloud@Customer) For Database admin user and Database password, enter the credentials of the database ADMIN user to unlock the Oracle Data Safe user account that exists by default on the database.
  12. (Optional) To add a tag to organize and track this resource in your tenancy, select Add tag. Select a namespace, select a key, and enter a key value.
  13. Select Next.

Step 2: Connectivity option

In this step, choose to connect to the target database through either an Oracle Data Safe on-premises connector or an Oracle Data Safe private endpoint. If you have FastConnect or VPN Connect set up between your network and a virtual cloud network (VCN) in Oracle Cloud Infrastructure, you can register your database with Oracle Data Safe by using an Oracle Data Safe private endpoint.

For Oracle Exadata Database Service on Cloud@Customer, you can choose the connectivity protocol TCP or TLS. For an Autonomous AI Database on Exadata Cloud@Customer database, Oracle Data Safe automatically uses TLS.
  1. Select On-premises connector or Private endpoint.
  2. (Oracle Exadata Database Service on Cloud@Customer) For TCP/TLS, select TCP or TLS as the network protocol. If you select TCP (the default), you are not prompted for any additional details. If you select TLS and you are using a private endpoint, you need to perform the following additional steps:
    1. Select One way TLS or Mutual TLS.
    2. If you select One way TLS, upload the TrustStore of your database in PEM, PKCS#12 wallet, or JKS wallet format. You can also enter the wallet password if required. This file is required whether client authentication is enabled or disabled on your target database.
    3. If you select Mutual TLS, upload the TrustStore of your database in the format of PEM file, PKCS#12 wallet, or JKS wallet and enter the wallet password. This file is required whether client authentication is enabled or disabled on your target database. When client authentication is enabled on your target database, upload the KeyStore of your database in the format of PEM file, PKCS#12 wallet, or JKS wallet. This file is not required when client authentication is disabled.
  3. (Autonomous AI Database on Exadata Cloud@Customer) If you are using an on-premises connector, be sure to configure a TLS connection between the on-premises connector on your host machine and your target database. See Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and an Autonomous AI Database on Exadata Cloud@Customer Database. If you are using a private endpoint, no additional steps are needed for the TLS connection.
  4. (Oracle Exadata Database Service on Cloud@Customer) If the database listener is not running on the default port, enter the custom port number; otherwise, leave this field blank.

    Note:

    For an Autonomous AI Database on Exadata Cloud@Customer, you cannot enter a port number because it is automatically determined from the database.
  5. For Do you want to use an existing on-premises connector (or private endpoint)?, toggle Yes or No.
    • If Yes: Select the compartment where the on-premises connector (or private endpoint) resides, and then select the on-premises connector (or private endpoint). Note that a private endpoint needs to be in a VCN that can access your on-premises database.
    • If No: For an on-premises connector, select a compartment to store the on-premises connector, enter name for the on-premises connector, and enter a description. For a private endpoint, enter a display name, select a compartment to store the private endpoint, select a virtual network compartment and virtual cloud network, select a subnet compartment and subnet, and optionally enter a private IP address.
  6. Select Next.

Step 3: Add peer database

If you're registering an Active Data Guard associated database, then you can add peer databases during this step.

It is also possible to register peer databases after you register the primary database. See Manage Peer Databases Associated with a Registered Active Data Guard Primary Database.

  1. If you're not registering an Active Data Guard associated database, select Next to skip this step.
  2. For each peer database that you want to add, provide the following information as needed:
    • Peer display name
    • Database service name
    • Database IP address
    • Database port number
    • TCP or TLS
    • If you are configuring a TLS connection, select a TLS type (One way TLS or Mutual TLS). For Mutual TLS, upload a truststore wallet, upload a keystore wallet, and enter the wallet password. For One way TLS, upload a truststore wallet and enter the wallet password.
  3. Select Add row.
  4. Repeat steps 2 and 3 to add additional peer databases.
  5. Select Next.

Step 4: Add security rule

This step applies if you are using an Oracle Data Safe private endpoint. To allow communication between an Oracle Cloud@Customer database and an Oracle Data Safe private endpoint, you must create an egress security rule in Oracle Cloud Infrastructure (OCI). You can allow the wizard to create the rule for you, create it manually in OCI (see Security Rules for Oracle Cloud@Customer Databases), or skip this step if you already have a security rule you want to use. The target database remains inactive in Oracle Data Safe until the required security rule is configured.

See Also:

For more information about security lists and network security groups, see Access and Security in the Oracle Cloud Infrastructure documentation.
  1. To bypass security rule configuration, select No.
  2. To allow the wizard to configure the security rule, select Yes. Select Security list or Network security group, and then select the name of the security list or NSG. You can change the compartment if needed. The wizard displays the rule that will be added.

    Note:

    If you add peer databases during registration, the same egress rule is created for the database and each peer database.
  3. Select Next to continue in the wizard.

Step 5: Review and submit

The Review and submit page displays the configuration for the previous steps in the wizard.

To review the target database configuration:
  1. If the information is correct, select Register.
  2. If the information is incorrect, select Previous to return to any of the earlier steps, or select Close to cancel the registration.

Step 6: Registration progress

After you select Register in the wizard, you can monitor the progress of the target registration. Each task is listed and processed sequentially. If any errors occur, they are displayed. You can select Previous to return to earlier pages and correct them.

Important:

Do not select the Close button in the wizard, sign out of OCI, or close the browser tab until the wizard shows that all of the tasks listed are resolved. If you close prematurely, then the information for all of the tasks that have not yet been completed is lost and the target database is not registered.

If there is no further work to do, the registration completes, and the wizard presents the Target database information page. Here you can again review the registration details and complete any post-registration tasks as required.

Post Registration Tasks

The following table lists tasks that you need to complete after you run the Oracle Cloud@Customer databases wizard.

Task Number Task Link to Instructions
1

(If you selected to create an Oracle Data Safe on-premises connector) Download the install bundle for the on-premises connector and then install the on-premises connector on a host machine on your network.

Create an Oracle Data Safe On-Premises Connector
2 (If you are using a TLS connection and an Oracle Data Safe on-premises connector) Configure a TLS connection between the on-premises connector and your target database. For Autonomous AI Database on Exadata Cloud@Customer, see Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and an Autonomous AI Database on Exadata Cloud@Customer Database. For Oracle Exadata Database Service on Cloud@Customer, see Configure a TLS Connection Between the On-Premises Connector on Your Host Machine and Your Database
3

(Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking roles from the account. You need to be the SYS user.

Grant Roles to the Oracle Data Safe Service Account on Your Target Database
4

(Optional) Grant users access to Oracle Data Safe features with the target database by configuring policies in Oracle Cloud Infrastructure Identity and Access Management.

Create IAM Policies for Oracle Data Safe Users
5

(If needed) Update the ADMIN credentials for your target database on the Target Database Details page.

Manage Target Databases (see Update the Database User)
6

Make sure to allow ingress traffic to your target database from the Oracle Data Safe private endpoint or Oracle Data Safe on-premises connector.

(none)