Oracle Exadata Cloud@Customer runs Oracle Exadata Database Service and Oracle Autonomous Database Service with Oracle-owned and managed infrastructure located in your data center.

Your databases run on one or more virtual machine (VM) clusters that reside on Exadata infrastructure in your data center. Exadata Cloud@Customer also includes control plane server (CPS) infrastructure that connects to an OCI region for cloud automation and administration.

Your client applications and administrators connect to the VM clusters through client and backup networks that you create. You access your databases through standard Oracle database connection methods, such as Oracle Net. You access the VM clusters through standard Oracle Linux methods, such as token-based Secure Shell (SSH).

Your Exadata and Autonomous Database administrators can use the web-based OCI Console, command-line interface (CLI), and REST APIs to connect to your OCI tenancy over an HTTPS connection. Your tenancy sends service management API calls to the Oracle service tenancy. The Oracle service tenancy connects to the Oracle-managed admin virtual cloud network (VCN). An outgoing, persistent, secure automation tunnel connects the CPS infrastructure in your data center to the Oracle-managed admin VCN in the OCI region for delivering cloud automation commands to the VM clusters.

For Autonomous Database, separate persistent automation and temporary operator tunnels are created, targeting separate service tenancy administrative VCNs. If you're using both Oracle Exadata Database Service and Oracle Autonomous Database Service, you'll have two persistent tunnels and, as required, up to two temporary tunnels. These separate tunnels enforce a strict separation of duties for developer operations personnel, who only have authorization to take action on specific VM cluster resources, segregated by service type.

Oracle Cloud Operations can use a console or REST APIs over an HTTPS or SSH connection to manage the infrastructure. Oracle operator SSH connections travel through bastion and management servers, the admin VCN, and an outgoing, temporary, secure operator tunnel from the CPS to the admin VCN. Oracle operator HTTPS connections travel to the infrastructure through the Oracle service tenancy, admin VCN, and the outgoing, persistent, secure automation tunnel.

Oracle operator SSH connections travel through bastion and management servers; the admin VCN; and an outgoing, temporary, secure operator tunnel from the CPS to the admin VCN. You can optionally control authorization of SSH access by Oracle operators by registering infrastructure resources with a separate Operator Access Control.

• Autonomous Database on Dedicated Exadata Infrastructure
• Exadata Database Service on Cloud@Customer Overview
• Network Requirements
• Oracle Operator Access Control
• VM Clusters