Prerequisites for Using Oracle Exadata Cloud Infrastructure Migration Utility
- Authentication Methods
The following authentication methods are supported:
- API Key-Based Authentication
- Instance Principal Authentication
- Resource Principal Authentication
Depending upon authentication method used, set following:
- API Key-Based Authentication
- Create or use an existing user.
For more information on how to create a new user, see Creating a User.
- Add the user to a group
For more information, see Adding a User to a Group.
- Assign the following IAM policies by specifying the user's group name and compartment name.
Allow group '<group name>' to use database-family in compartment <compartment name> Allow group '<group name>' to use virtual-network-family in compartment <compartment name> Allow group '<group name>' to manage db-nodes in compartment <compartment name> Allow group '<group name>' to manage db-homes in compartment <compartment name> Allow group '<group name>' to manage databases in compartment <compartment name> Allow group '<group name>' to manage database-software-image in compartment <compartment name> Allow group '<group name>' to use compartments in compartment <compartment name> Allow group '<group name>' to use resource-availability in compartment <compartment name> Allow group '<group name>' to use tag-namespaces in compartment <compartment name>Additionally, assign the following policies to ExaDB-D only:Allow group '<group name>' to manage cloud-exadata-infrastructures in compartment <compartment name> Allow group '<group name>' to manage cloud-vmclusters in compartment <compartment name>Additionally, assign the following policies to ExaDB-C@C only
Allow group '<group name>' to manage exadata-infrastructures in compartment <compartment name> Allow group '<group name>' to manage vmclusters in compartment <compartment name>Note:
If the target is in a different compartment from the source, assign the above policies to the target compartment as well.
For more information, see Create Identity and Access Management (IAM) Groups and Policies for IAM Users.
- To use the OCI SDK for Java, configure the key pair for the user. This key pair is used to authenticate API requests.
For more information, see:
- Create or use an existing user.
- Instance Principal Authentication and Resource Principal Authentication
- Create or use an existing resource. For example, for
Instance Principal:Compute Instanceand forResource Principal:Functions.For more information on how to create compute instance, see Create a compute instance.
- Create or use an existing dynamic group.
For more information on how to create dynamic group, see Creating a dynamic group.
- Assign the following matching rules for instance principal only:
Any {instance.id = 'ocid1.instance.oc1.phx.anyhqljrabf7htycgenbcutnditrnomyocxhua5rws2nzqefiadmyngnt3dq'}Note:
In this case,
instance.idrefers to the OCID of the Compute instance from which the utility is executed. - Assign the following matching rules for resource principal only:
ALL {resource.type='computecontainerinstance'}If you are running this utility from a container, the resource type specified above (
computecontainerinstance) refers to the container instance from which the utility is executed.Note:
The values for
resource.type,resource.compartment.id, andresource.idtypically refer to the resource where the utility is running. - Assign the following IAM policies by specifying the dynamic group name and compartment name.
Allow dynamic-group '<dynamic group name>' to use database-family in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to use virtual-network-family in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage cloud-exadata-infrastructures in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage cloud-vmclusters in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage db-nodes in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage db-homes in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage databases in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to manage database-software-image in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to use compartments in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to use resource-availability in compartment <compartment name> Allow dynamic-group '<dynamic group name>' to read all-resources in tenancy Allow dynamic-group '<dynamic group name>' to use tag-namespaces in compartment <compartment name>
- Create or use an existing resource. For example, for
- Setup Virtual Cloud Network (VCN).
Note:
Applies to Exadata Database Service on Dedicated Infrastructure (ExaDB-D) only.
- The existing VCN may be used if the target is in the same region or compartment as the source.
- If the requirement is to use a new VCN or the target is going to be in cross region, then a new VCN setup is required.
- The new VCN must have a sufficient number of IP addresses available for creating the VM cluster.
For more information, see Requirements for IP Address Space.
- Ensure that the new VCN has required security lists or rules configured as same as the source VCN.
- For setting up Oracle Data Guard, ensure that the connectivity between the source and the target VCNs is established and if a new VCN is to be used, then ensure that the peering is done for the two VCNs allowing the Data Guard association communication.
- The new VCN must have a sufficient number of IP addresses available for creating the VM cluster.
- Request Service Limits and ensure that sufficient resources are available.
For more information, see Request a Service Limit Increase.
- This utility can be run from any Linux x86-64 machine that can make API calls.
Supported client machine OS version: Oracle Linux 7, Oracle Linux 8, and Oracle Linux 9.
- Port requirement
To make API calls to OCI endpoints ensure that the port 443 (egress) is opened for outgoing connections from the client machine.