About Network Access to Exadata Cloud Service

Network access to the compute nodes associated with Oracle Database Exadata Cloud Service is primarily provided by Secure Shell (SSH) connections on port 22. Other network protocols and services may also be used, but may require additional configuration.

SSH Access on Port 22

SSH is a cryptographic network protocol that uses two keys, one public and one private, to provide secure communication between two networked computers. Port 22 is the standard TCP/IP port that is assigned to the SSH servers.

The public key is stored in the compute nodes associated with your Exadata Cloud Service environment. If no public key is associated with your Exadata Cloud Service environment you will be prompted to specify a public key when you create a database deployment. You can add a new SSH key to your Exadata Cloud Service environment by using the SSH Access menu option, which can be found in the action menu (Menu icon) that is associated with each database deployment.

When you access any Exadata Cloud Service compute node using SSH, you must provide the private key that matches the public key.

For more information about generating the required SSH public/private key pair, see Generating a Secure Shell (SSH) Public/Private Key Pair.

Port 22 must be open to access the compute nodes associated with your Exadata Cloud Service environment using SSH. The default configuration of port 22 depends on the firewall configuration that is associated with yourExadata Cloud Service environment. If your Exadata Cloud Service environment uses an Oracle-managed firewall, then port 22 is open by default. Otherwise, port 22 is closed by default and you must create your own security rules to manage access via SSH. See Enabling Network Access to a Compute Node.

Other Network Access Options

Additional configuration is required to access network protocols and services on a compute node other than by using SSH on port 22. You may:

  • Enable network access to the port

    You can enable access to a specific compute node port from specific hosts. See Enabling Network Access to a Compute Node

  • Create an SSH tunnel to the port

    Creating an SSH tunnel enables you to access a specific compute node port by using an SSH connection as the transport mechanism. To create the tunnel, port 22 must be open (unblocked) in your Exadata Cloud Service environment and you must have the SSH private key file that matches a public key associated with your environment. See Creating an SSH Tunnel to a Compute Node Port.

  • Configure an IPSec VPN

    Exadata Cloud Service supports virtual private network (VPN) under the IPSec protocol. This enables secure connectivity between a customer network and Oracle Cloud over the Internet. See Enabling IPSec VPN Access to Exadata Cloud Service.

  • Use Oracle Cloud Infrastructure FastConnect Classic

    You can use Oracle FastConnect Classic to create a dedicated private high-speed low-latency network connection between your network and Exadata Cloud Service on Oracle Cloud. See Enabling Access to Exadata Cloud Service Using FastConnect Classic.

Accessing Your Network from Exadata Cloud Service

Additional configuration of your corporate network may be required to support connections originating from Exadata Cloud Service. See Enabling Access to Your Network From Exadata Cloud Service.