Register an Oracle Cloud Database
You can register Oracle cloud databases as target databases for Oracle Data Safe.
In Oracle Data Safe, use the Oracle Cloud Databases wizard to register the following databases:
- Oracle Base Database Service (DB system - Virtual Machine)
- Oracle Exadata Database Service on Dedicated Infrastructure (Exadata VM cluster)
- Oracle Database@Azure (Oracle Exadata Database@Azure)
Note:
Be sure to complete the preregistration tasks before using the wizard and the post registration tasks after using the wizard.
Preregistration Tasks for an Oracle Cloud Database
The following table lists the preregistration tasks.
Task Number | Task | Link to Instructions |
---|---|---|
1 | In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to register your target database. | Permissions to Register an Oracle Cloud Database with Oracle Data Safe |
2 | Create an Oracle Data Safe service account on your target database and grant it Oracle Data Safe roles. Create the service account as the SYS
user.
|
Create an Oracle Data Safe Service Account on Your Target Database Grant Roles to the Oracle Data Safe Service Account on Your Target Database |
3 | (Optional) If you plan to configure a TLS connection to your target database, create a wallet or certificate. | Create a Wallet or Certificates for a TLS Connection |
4 | If you're planning to register a database with Active
Data Guard association:
|
Use Oracle Data Guard on a DB System |
Run the Oracle Cloud Databases Wizard
There is some variation in the workflow in the wizard, depending on whether you choose the TCP or TLS protocol.
This is the Oracle Cloud Database registration workflow in the wizard:
Step 2: Connectivity Option
If no Oracle Data Safe private endpoint exists in the VCN, the wizard creates one and shows you the proposed configuration. You can change any of the parameters that are automatically entered in the form.
Step 3: Select Peer Database
If you're registering an Active Data Guard associated database then you can select the standby databases at this step. If you're not registering an Active Data Guard associated database, then skip this step by clicking Next.
- On the Select Additional Peer Database to Register
(Optional) page you will see a list of standby database that are
associated with the primary database that you specified in the previous step. Select
from the list which of the standby databases you would like to register as peers.
It is also possible to register standby databases after the primary database has been registered. See Manage Peer Databases Associated with a Registered Active Data Guard Primary Database for more information.
- (Optional) Click + on a standby database to see
the details for and edit any of the following if necessary:
- Peer Display Name
- Database Service Name
- Database Port Number
- TCP/TLS
- Click Next.
Step 4: Add Security Rule
In this step, add the required security rules. To allow communication from Oracle Data Safe to your database, you need to add two security rules:
- Ingress rule for the database: Allow the database to receive incoming traffic on its port from the private IP address of the Oracle Data Safe private endpoint (from any port).
- Egress rule for the Oracle Data Safe private endpoint: Allow the Oracle Data Safe private endpoint (from any port) to send requests to the database IP address(es) on the database's port.
The ingress and egress rules do not need to be stored within the same security list, network security group, or same compartment. If you already created the necessary security rules, you can choose to skip this step.
See Also:
For more information about security lists and network security groups, see Access and Security in the Oracle Cloud Infrastructure documentation.- At Do you want to add the security rules now?
, select either Yes or
No.
If you select No, you can then click Next to bypass the security rules configuration and proceed to Review and Submit. You can configure the security rules later in the Oracle Cloud Infrastructure Console (under Networking). You may want to skip this step now if you already have security rules that you want to apply. Note that the target database remains inactive in Oracle Data Safe until the security rules are configured either in the Oracle Data Safe wizard or in the Oracle Cloud Infrastructure console.
- If you select Yes, then at
Add Ingress Security Rule, select either Security
List or Network Security Group. Then use the
drop-down menu to select the Security List or Network Security Group to which you want
to add the ingress rule.
In the Ingress Rule tile, the wizard shows you the ingress rule to be added to the security list or network security group you selected.
- At Add Egress Security Rule, select either Security List or Network Security Group.
- At the next prompt, select the security list or network
security group where you want to add the rule.
If you are registering peer databases as part of an Active Data Guard associated database, then you will see an egress rule for each standby database that you selected to regiser as a peer database in Step 3: Select Peer Databases.
- Click Next to go to Review and Submit.
Step 5: Review and Submit
If you configured a target database using an Oracle Data Safe private endpoint, the Review and Submit page displays the configuration for Target Database Information, Connectivity Option, and Security Rules.
If you are configured peer databases as part of an Active Data Guard enabled database, then you will review the Peer Target Database Information for each peer as well.
- Review the target database configuration.
- If the information is correct, click Register. If not, click Previous to return to any of the earlier steps, or click Cancel.
Step 6: Registration Progress
Important:
Do not click the Close button in the wizard, sign out of OCI, or close the browser tab until the wizard shows that all of the tasks listed are resolved. If you exit prematurely, then the information for all of the tasks that have not yet been completed is lost and the target database is not registered.After You Submit the Registration
The wizard presents the Target Database
Details page when the registration submission is
finished. On this page, you can again review the registration
details. The wizard displays the NEEDS_ATTENTION
icon if a task must be performed or corrected before the process is
complete. A hint message indicates the pending task. You can make
the necessary changes in the tabs that are available. When you save
your changes, the UPDATING
icon is displayed. If
there is no further work to do, the registration completes.
Post Registration Tasks for an Oracle Cloud Database
The following table lists tasks that you need to complete after you run the Oracle Cloud Databases wizard.
Task Number | Task | Link to Instructions |
---|---|---|
1 |
(Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking
roles from the account. You need to be the |
Grant Roles to the Oracle Data Safe Service Account on Your Target Database |
2 |
(Optional) Grant users access to Oracle Data Safe features with the target database by configuring policies in Oracle Cloud Infrastructure Identity and Access Management. |
Create IAM Policies for Oracle Data Safe Users |