1. Using Oracle Cloud Infrastructure Database Migration Service
  2. Getting Started with Oracle Cloud Infrastructure Database Migration

2 Getting Started with Oracle Cloud Infrastructure Database Migration

Before you can start using Oracle Cloud Infrastructure Database Migration service and before migrating your databases, you must perform the following preparatory tasks:

  1. Create Database Migration policies in your tenancy.
  2. Create any dependent objects needed for the migration.
  3. Configure the source and target databases as required.

Before You Begin

Before you begin working with Oracle Cloud Infrastructure Database Migration, you must have an Oracle Cloud Infrastructure account with administrator privileges.

See Add a User with Oracle Cloud Administrator Permissions for details.

Creating Resources

Use the following instructions to create the resources that Oracle Cloud Infrastructure Database Migration operations depend on.

Create a Compartment

If you don't already have a compartment, create a compartment in your tenancy.

For more information, see Working with Compartments.

Create a Virtual Cloud Network

Create a Virtual Cloud Network (VCN) with at least one subnet in the compartment.

The subnet must be regional, spanning all availability domains.

For more information, see VCNs and Subnets.

Note:

If you don't see your subnet listed, go back and check that it was created as a regional subnet. By default, the VCN wizard creates non-regional subnets.

Create a Database Migration User Group

Create a user group to manage agents, database connections, migrations, and jobs, and then add users in charge of database migrations to the group.

Take note of the group name. You will create policies for the group in Creating Resource Policies. For more information, see Managing Groups.

Create an OCI API Key Pair

Create an OCI API key pair if you intend to directly use the REST API, OCI Software Development Kits and Command Line Interface, or if you are installing the Database Migration agent.

Follow the instructions in Required Keys and OCIDs.

Select a Data Transfer Medium

The following data transfer mediums are available:
  • Data Pump via database link
  • Data Pump via object storage
If you are not using a database link to transfer files directly from the source to the target database server, you must set up an Object Storage Service bucket for temporary storage of the Data Pump export dumps.

See Creating a Bucket for details.

Make sure that the file system used for the Data Pump export directory has sufficient space to store Data Pump dump files.

Select or Create a Vault

Create a Vault and Create a Secret in a Vault.

Alternatively, select a vault when creating database connections. Create a key in the Master Encryption Keys to use with Database Migration. Optionally, you can create vault during database migrations.

Giving Permissions to Database Migration Users

Use IAM policies to grant certain capabilities to the Oracle Cloud Infrastructure Database Migration user group.

Previously, in Creating Resources you created a user group for Oracle Cloud Infrastructure Database Migration. Now you will configure group permissions so that members can manage Database Migration resources.

The examples in this procedure use the group name dmsGroup.

Remember that only resources within the same compartment can access each other, unless the proper permissions are granted. Ensure that you have the proper permissions to view and select the appropriate VCN and subnet when creating Connections.

Allowing Database Migration resource management

The following statements give a group of users permission to manage connections (database registrations), migrations, agents, and jobs in Database Migration: 

allow group dmsGroup to manage odms-connection in compartment dmsCompartment
allow group dmsGroup to manage odms-migration in compartment dmsCompartment
allow group dmsGroup to manage odms-agent in compartment dmsCompartment
allow group dmsGroup to manage odms-job in compartment dmsCompartment

The manage permission lets users create and delete Database Migration resources, such as migrations and database registrations.

Limiting users to only "use" capability

If you want a group of users that only have the ability to use the Database Migration resources, but not create and delete them, then create a separate group for users and replace manage with use. 

allow group dmsUserGroup to use odms-connection in compartment dmsCompartment
allow group dmsUserGroup to use odms-migration in compartment dmsCompartment
allow group dmsUserGroup to use odms-agent in compartment dmsCompartment
allow group dmsUserGroup to use odms-job in compartment dmsCompartment

Only users with a manage permission for the odms-migration resources can create and delete migrations. Users with the use permission can perform migrations and edit resources, but cannot create or delete the resources.

Allowing network resource management

To let users of dmsGroup manage the network resources for Database Migration resources: 

allow group dmsGroup to manage virtual-network-family in compartment dmsCompartment

If the manage virtual-network-family policy is restricted because of security reasons then the following policies are required: 

allow group dmsGroup to inspect vcns in compartment dmsCompartment
allow group dmsGroup to use subnets in compartment dmsCompartment
allow group dmsGroup to manage vnic in compartment dmsCompartment

This way, you can view the list of existing VCNs, view and work with subnets, and have all of the permissions on VNIC. These policies are required when you create a database registration.

Allowing tag-namespaces and tag management

To let users of dmsGroup manage tag-namespaces and tags, add the policy: 

allow group dmsGroup to manage tag-namespaces in compartment dmsCompartment

Note:

To apply a defined tag, you must at least have permission to use the tag namespace. To learn more about tagging, see Resource Tags.

Configuring SUDO Access

You may need to grant certain users authority to perform operations using sudo on the source database servers.

To configure sudo access for source database servers:

If the source database server is accessed through SSH, then configure sudo operations to run without prompting for a password for the database installed user and the root user.

For example, if database installed user is oracle, then run sudo su - oracle.

Note that the opc user is a standard Oracle cloud user that is used to access database servers, but you can use any privileged user that has sudo privileges.

For the root user run sudo su -.

Also, note that because the target database server is on the cloud only any sudo operations are configured already.

Accessing the Database Migration Service

You can access Oracle Cloud Infrastructure Database Migration using the Oracle Cloud Interface Console (a browser based interface), REST APIs, or Oracle Cloud Infrastructure Software Development Kits and Command Line Interface.

To access Database Migration using the Console:

  1. Use a supported browser to access the Console.

    See Signing In to the Console for details.

  2. Enter your cloud tenant, user name, and password, when prompted.

  3. Click Sign in.

  4. In the upper-right corner of the window, select a region that offers the Database Migration service enabled; for example, US East (Ashburn).

    Database Migration resources, such as database registrations, migrations, agents, and jobs, are region-specific. Therefore, you want to make sure that you select Database Migration in the region that contains the resources that you need.

  5. From the navigation menu, select Database Migration.

    The Migrations page for the Database Migration service is displayed.

Using Database Migration APIs

OCI Database Migration service APIs are documented at https://docs.oracle.com/iaas/api/#/en/database-migration/20210929/.

See REST APIs and Software Development Kits and Command Line Interface for more information about using REST APIs and the OCI Software Development Kits and Command Line Interface.