Prerequisite Tasks for Autonomous Databases – Shared
To discover Autonomous Data Warehouse – Shared and Autonomous Transaction Processing – Shared in Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure or on premises, you must first perform the prerequisite tasks listed in these sections:
Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure
You can use Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure and discover Autonomous Databases – Shared.
Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure can access Autonomous Databases – Shared with Private Endpoints or with Public Endpoints using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Shared.
Access Autonomous Database – Shared Using a Private Endpoint
This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Shared in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Shared and private endpoints, see Autonomous Database with Private Endpoint in Oracle Cloud Infrastructure documentation.
- Provision an Autonomous Database – Shared with a Private
Endpoint. A private endpoint is a private IP address within your VCN
that you can use to access the Autonomous Database – Shared within Oracle Cloud
Infrastructure. When you enable a private endpoint for an Autonomous Database –
Shared, the only access path to the database is through a VCN inside your Oracle
Cloud Infrastructure tenancy. This is required for you to securely connect to
the Autonomous Database – Shared from Oracle Enterprise Manager. You can
configure a private endpoint when you provision or clone an Autonomous Database
– Shared.
For information, see:
- Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Download the Client Credentials (Wallet). After you
provision the database, you must download the OCI Client Credential (Wallet) and
save the
.zip
file to provide client access to the Autonomous Database – Shared.For information, see:
- Download Client Credentials (Wallets) in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Download Client Credentials (Wallets) in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Configure and deploy Oracle Enterprise Manager on Oracle Cloud
Infrastructure. Oracle Enterprise Manager should be deployed using a
marketplace image in a Public or Private subnet in the same VCN as the
Autonomous Database – Shared that was configured with private endpoints.
The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.
For information, see the Setting Up Oracle Enterprise Manager 13.4 on Oracle Cloud Infrastructure tutorial.
- Review and use the specified connectivity option to connect
Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous
Database – Shared. With a private endpoint, database traffic remains
private and within Oracle Cloud Infrastructure, thereby ensuring network
security.
For information on connecting from Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to an Autonomous Database – Shared, see Example 1: Connecting from Within Oracle Cloud Infrastructure in Connecting to an Autonomous Database with a Private Endpoint in Oracle Cloud Infrastructure documentation.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Shared using a private endpoint.
Access Autonomous Database – Shared Using the Service Gateway
This section walks you through a scenario in which you enable access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Shared in the Oracle Services Network by using the service gateway. This method should only be used when the Autonomous Database – Shared is not configured with a private endpoint. For information on Oracle Services Network and the Service Gateway, see Access to Oracle Services: Service Gateway in Oracle Cloud Infrastructure documentation.
- Provision an Autonomous Database – Shared. As a first step,
you must ensure that you have provisioned the Autonomous Database – Shared.
For information, see:
- Provision Autonomous Data Warehouse in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Download the Client Credentials (Wallet). After you
provision the database, you must download the OCI Client Credential (Wallet) and
save the
.zip
file to provide client access to the Autonomous Database – Shared.For information, see:
- Download Client Credentials (Wallets) in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Download Client Credentials (Wallets) in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Configure and deploy Oracle Enterprise Manager on Oracle Cloud
Infrastructure. Oracle Enterprise Manager should be deployed in a Public
or Private subnet in the same VCN as the Autonomous Database – Shared.
The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.
For information, see the Setting Up Oracle Enterprise Manager 13.4 on Oracle Cloud Infrastructure tutorial.
- Create a Service Gateway. You must create a service gateway
as a resource in the VCN. This will enable the Oracle Enterprise Manager
Deployed on Oracle Cloud Infrastructure in your VCN to privately access
Autonomous Database – Shared in the Oracle Services Network, without exposing
the data to the public internet.
For information, see Task 1 Create the service gateway in Setting Up a Service Gateway in the Console in Oracle Cloud Infrastructure documentation.
- Review and use the specified connectivity option to connect
Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous
Database – Shared. The next step is to ensure that the subnet in which
Oracle Enterprise Manager resides in your VCN has access to the service gateway.
To do so, you must add a route rule in the private subnet's route table. To do
so, follow the instructions given in Task 2: Update routing for the
subnet in Setting Up a Service Gateway in
the Console in Oracle Cloud Infrastructure documentation, and choose
Service Gateway as the Target
Type and the service CIDR label All <region> Services
in Oracle Services Network as the Destination
Service. The service gateway now provides access to the
Autonomous Databases – Shared within the region in Oracle Services Network.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Shared using a service gateway.
Other Prerequisite Tasks
After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Shared for Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure.
- Create an Oracle Cloud Infrastructure IAM group named
EMGroup, and add the DBA who will be managing and monitoring the
Autonomous Database – Shared using Oracle Enterprise Manager to this group. Note
that this DBA user must have an account in Oracle Cloud Infrastructure.
See To create a group in Oracle Cloud Infrastructure documentation.
- Create the following policies to allow the DBA in EMGroup to
manage and monitor the Autonomous Database – Dedicated using Oracle Enterprise
Manager.
Allow group EMGroup to manage autonomous-database in compartment <compartment in which the Autonomous Database resides>
Allow group EMGroup to manage orm-stacks in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage instance-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage volume-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage load-balancers in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage virtual-network-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage file-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage autonomous-database-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to manage orm-jobs in compartment <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to read resource-availability in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>
Allow group EMGroup to read limits in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>
Note:
For the last two policies listed above, to grant read access toresource-availability
andlimits
, you must use separate statements for each compartment.See To create a policy in Oracle Cloud Infrastructure documentation.
- Create a security list and add the following ingress rules to
ensure secure access:
- Rule for accessing Oracle Enterprise Manager from the public
network, allow Transmission Control Protocol (TCP) traffic for port
7803
. - Rule for accessing Autonomous Database – Shared from Oracle
Enterprise Manager subnet and VCN, allow TCPS traffic for the port value
specified in the
tnsnames.ora
file in the OCI Client Credential (Wallet).
For information, see:
- Security Lists in Oracle Cloud Infrastructure documentation.
- About Connecting to an Autonomous Data Warehouse Instance in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- About Connecting to an Autonomous Transaction Processing Instance in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Rule for accessing Oracle Enterprise Manager from the public
network, allow Transmission Control Protocol (TCP) traffic for port
- Unlock the
adbsnmp
user, which is created out-of-the-box when the Autonomous Database – Shared is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.
Oracle Enterprise Manager Deployed On Premises
You can use Oracle Enterprise Manager deployed on premises to discover Autonomous Databases – Shared.
Oracle Enterprise Manager deployed on premises can access Autonomous Databases – Shared with Private Endpoints or using Transit Routing using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Shared.
Access Autonomous Database – Shared Using a Private Endpoint
This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Shared in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Shared and private endpoints, see Autonomous Database with Private Endpoint in Oracle Cloud Infrastructure documentation.
- Provision an Autonomous Database – Shared with a Private
Endpoint. A private endpoint is a private IP address within your VCN
that you can use to access Autonomous Database – Shared within Oracle Cloud
Infrastructure. When you enable a private endpoint for an Autonomous Database –
Shared, the only access path to the database is through a VCN inside your Oracle
Cloud Infrastructure tenancy. This is required for you to securely connect to
the Autonomous Database – Shared from Oracle Enterprise Manager. You can
configure a private endpoint when you provision or clone an Autonomous Database
– Shared.
For information, see:
- Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Download the Client Credentials (Wallet). After you provision
the database, you must download the OCI Client Credential (Wallet) and save the
.zip
file to provide client access to the Autonomous Database – Shared.For information, see:
- Download Client Credentials (Wallets) in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Download Client Credentials (Wallets) in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Deploy Oracle Enterprise Manager in your on-premises
network. The OMS includes a central Oracle Management Agent that can be
used to discover Autonomous Databases, which are treated as non-host targets.
The central agent is installed by default on the OMS host and must have SQL*Net
access to the Autonomous Database – Shared. Note that if you have an existing
on-premises database or an Oracle Cloud Infrastructure Database system in the
same VCN where the Autonomous Database – Shared resides, you have the option of
using the agent that monitors them, instead of the central agent.
For information, see:
- Installing the Enterprise Manager Cloud Control 13c Release 4 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
- Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
- Review and use the specified connectivity option to connect
Oracle Enterprise Manager on premises with the Autonomous Database –
Shared. Oracle Enterprise Manager is deployed in an on-premises data
center and connects privately to the Autonomous Database – Shared, thereby
ensuring that traffic does not go over public internet.
For information on connecting from Oracle Enterprise Manager deployed on premises to an Autonomous Database – Shared, see Example 2: Connecting from an On-Premises Data Center in Connecting to an Autonomous Database with a Private Endpoint in Oracle Cloud Infrastructure documentation.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Shared using a private endpoint.
Access Autonomous Database – Shared Using Transit Routing
This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Shared in Oracle Services Network using Transit Routing. This method should only be used when the Autonomous Database – Shared is not configured with a private endpoint. For information on Transit Routing, see Overview of On-Premises Network Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.
- Provision an Autonomous Database – Shared. As a first step,
you must ensure that you have provisioned the Autonomous Database – Shared.
For information, see:
- Provision Autonomous Data Warehouse in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Download the Client Credentials (Wallet). After you
provision the database, you must download the OCI Client Credential (Wallet) and
save the
.zip
file to provide client access to the Autonomous Database – Shared.For information, see:
- Download Client Credentials (Wallets) in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- Download Client Credentials (Wallets) in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Deploy Oracle Enterprise Manager in your on-premises
network. The OMS includes a central Oracle Management Agent that can be
used to discover Autonomous Databases, which are treated as non-host targets.
The central agent is installed by default on the OMS host and must have SQL*Net
access to the Autonomous Database – Shared. Note that if you have an existing
on-premises database or an Oracle Cloud Infrastructure Database system in the
same VCN where the Autonomous Database – Shared resides, you have the option of
using the agent that monitors them, instead of the central agent.
For information, see:
- Installing the Enterprise Manager Cloud Control 13c Release 4 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
- Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
- Review and use the specified connectivity option to connect
Oracle Enterprise Manager on premises with the Autonomous Database –
Shared. Oracle Enterprise Manager is deployed in an on-premises data
center and connects to a VCN using FastConnect private virtual circuit or VPN
Connect. Each of these types of connections terminates in a dynamic routing
gateway (DRG) that is attached to the VCN. The VCN also has a service gateway,
which gives the VCN access to the Autonomous Database – Shared. The traffic from
Oracle Enterprise Manager deployed on premises transits through the VCN, through
the service gateway, and to the Autonomous Database – Shared. The responses
return through the service gateway and VCN to Oracle Enterprise Manager deployed
on premises.
For information on how to configure transit routing directly through gateways, see the tasks given in For routing directly between gateways in Setting Up Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Shared using transit routing.
Other Prerequisite Tasks
After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Shared from Oracle Enterprise Manager deployed on premises.
- Create an Oracle Cloud Infrastructure IAM group named
EMGroup, and add the DBA who will be managing and monitoring the
Autonomous Database – Shared using Oracle Enterprise Manager to this group. Note
that this DBA user must have an account in Oracle Cloud Infrastructure.
See To create a group in Oracle Cloud Infrastructure documentation.
- Create the following policy to allow the DBA in EMGroup to
manage and monitor the Autonomous Database – Shared using Oracle Enterprise
Manager:
Allow group EMGroup to manage autonomous-database in <compartment in which the Autonomous Database – Shared resides>
See To create a policy in Oracle Cloud Infrastructure documentation.
- Create a security list and add the following ingress rule to ensure
secure access:
Rule for accessing Autonomous Database – Shared in the Oracle Cloud Infrastructure VCN from Oracle Enterprise Manager deployed on premises, allow TCPS traffic for the port value specified in the
tnsnames.ora
file in the OCI Client Credential (Wallet).For information, see:
- Security Lists in Oracle Cloud Infrastructure documentation.
- About Connecting to an Autonomous Data Warehouse Instance in Using Oracle Autonomous Data Warehouse on Shared Exadata Infrastructure.
- About Connecting to an Autonomous Transaction Processing Instance in Using Oracle Autonomous Transaction Processing on Shared Exadata Infrastructure.
- Unlock the
adbsnmp
user, which is created out-of-the-box when the Autonomous Database – Shared is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.