You can register the following types of Autonomous AI Databases with Data Safe:

Data Safe sits on its own Virtual Cloud Network (VCN) within your working region on the Oracle Cloud Infrastructure (OCI) network. To register a target database with Data Safe, you must ensure that you have the appropriate permissions enabled through Oracle Cloud Infrastructure Identity and Access Management (IAM), which are assigned to you by your administrator. This includes permission to access the Autonomous AI Database, register a target database with Data Safe, and use or create a Data Safe private endpoint (if the database has a private IP address). When registering an Autonomous AI Database, the connection between your database and Data Safe depends upon if your database has a public or private IP address.

Public IP

Registering Oracle Autonomous AI Database Serverless on a public subnet does not require setting up security rules and network protocols as the IP address of the Data Safe service is allowed by default. The traffic flows from Data Safe to the Service Gateway on Data Safe's VCN to the target database. A service gateway lets your VCN privately access specific Oracle services, such as Data Safe, without exposing the data to the public internet.

Private IP

Registering an Autonomous AI Database with a private IP requires a Data Safe private endpoint to sit within a private subnet of your target database's VCN. During target registration, you can either select an existing Data Safe private endpoint (as one private endpoint can be used to register multiple target databases) or create a new one. However, there can only be one private endpoint per VCN.  Security rules are required to allow communication between the private endpoint and your target database. You can configure the rules in network security groups (NSGs), which is recommended, or security lists (SLs). The egress rule, which needs to be configured in the private endpoint's NSG or SL, allows the private endpoint (from any port) to send requests to the target database IP address on its port. The ingress rule, which is configured in the target database's NSG or SL, allows the database to receive incoming traffic on its port from the private IP address of the private endpoint (from any port). For security rules within Oracle Cloud Infrastructure, you can let the registration wizard configure the security rules for you or you can do it manually. Note that Autonomous AI Database on Dedicated Exadata Infrastructure can have up to eight floating IP addresses for the database nodes; therefore, you need to create an egress rule for each floating IP address.

TLS

Autonomous AI Databases, by default, have TLS encryption enabled with client authentication. During registration, Oracle Cloud Infrastructure automatically creates a TLS connection between the Autonomous AI Database and Data Safe and takes care of the registration details for you. 

Active Data Guard

Data Safe does not support the registration of Active Data Guard associated Autonomous AI Database on Dedicated Exadata Infrastructure or Autonomous AI Database Serverless databases.