Prerequisite Tasks for Autonomous Databases – Shared

To discover Autonomous Data Warehouse – Shared and Autonomous Transaction Processing – Shared in Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure or on premises, you must first perform the prerequisite tasks listed in these sections:

Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure

You can use Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure and discover Autonomous Databases – Shared.

Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure can access Autonomous Databases – Shared with Private Endpoints or with Public Endpoints using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Shared.

Access Autonomous Database – Shared Using a Private Endpoint

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Shared in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Shared and private endpoints, see Autonomous Database with Private Endpoint in Oracle Cloud Infrastructure documentation.

  • Provision an Autonomous Database – Shared with a Private Endpoint. A private endpoint is a private IP address within your VCN that you can use to access the Autonomous Database – Shared within Oracle Cloud Infrastructure. When you enable a private endpoint for an Autonomous Database – Shared, the only access path to the database is through a VCN inside your Oracle Cloud Infrastructure tenancy. This is required for you to securely connect to the Autonomous Database – Shared from Oracle Enterprise Manager. You can configure a private endpoint when you provision or clone an Autonomous Database – Shared.

    For information, see Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Shared.

    For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Configure and deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure. Oracle Enterprise Manager should be deployed using a marketplace image in a Public or Private subnet in the same VCN as the Autonomous Database – Shared that was configured with private endpoints.

    The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.

    For information, see the Setting Up Oracle Enterprise Manager on Oracle Cloud Infrastructure tutorial.

  • Review and use the specified connectivity option to connect Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous Database – Shared. With a private endpoint, database traffic remains private and within Oracle Cloud Infrastructure, thereby ensuring network security.

    For information on connecting from Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to an Autonomous Database – Shared, see Example 1: Connecting from Within Oracle Cloud Infrastructure in Connecting to an Autonomous Database with a Private Endpoint in Oracle Cloud Infrastructure documentation.

    The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Shared using a private endpoint.



Access Autonomous Database – Shared Using the Service Gateway

This section walks you through a scenario in which you enable access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Shared in the Oracle Services Network by using the service gateway. This method should only be used when the Autonomous Database – Shared is not configured with a private endpoint. For information on Oracle Services Network and the Service Gateway, see Access to Oracle Services: Service Gateway in Oracle Cloud Infrastructure documentation.

  • Provision an Autonomous Database – Shared. As a first step, you must ensure that you have provisioned the Autonomous Database – Shared.

    For information, see Provision Autonomous Database in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Shared.

    For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Configure and deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure. Oracle Enterprise Manager should be deployed in a Public or Private subnet in the same VCN as the Autonomous Database – Shared.

    The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.

    For information, see the Setting Up Oracle Enterprise Manager on Oracle Cloud Infrastructure tutorial.

  • Create a Service Gateway. You must create a service gateway as a resource in the VCN. This will enable the Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure in your VCN to privately access Autonomous Database – Shared in the Oracle Services Network, without exposing the data to the public internet.

    For information, see Task 1 Create the service gateway in Setting Up a Service Gateway in the Console in Oracle Cloud Infrastructure documentation.

  • Review and use the specified connectivity option to connect Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous Database – Shared. The next step is to ensure that the subnet in which Oracle Enterprise Manager resides in your VCN has access to the service gateway. To do so, you must add a route rule in the private subnet's route table. To do so, follow the instructions given in Task 2: Update routing for the subnet in Setting Up a Service Gateway in the Console in Oracle Cloud Infrastructure documentation, and choose Service Gateway as the Target Type and the service CIDR label All <region> Services in Oracle Services Network as the Destination Service. The service gateway now provides access to the Autonomous Databases – Shared within the region in Oracle Services Network.

    The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Shared using a service gateway.



Other Prerequisite Tasks

After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Shared for Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure.

  1. Create an Oracle Cloud Infrastructure IAM group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Database – Shared using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.

    See To create a group in Oracle Cloud Infrastructure documentation.

  2. Create the following policies to allow the DBA in EMGroup to manage and monitor the Autonomous Database – Dedicated using Oracle Enterprise Manager.

    Allow group EMGroup to manage autonomous-database in compartment <compartment in which the Autonomous Database resides>

    Allow group EMGroup to manage orm-stacks in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage instance-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage volume-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage load-balancers in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage virtual-network-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage file-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage autonomous-database-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to manage orm-jobs in compartment <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to read resource-availability in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>

    Allow group EMGroup to read limits in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>

    Note:

    For the last two policies listed above, to grant read access to resource-availability and limits, you must use separate statements for each compartment.

    See To create a policy in Oracle Cloud Infrastructure documentation.

  3. Create a security list and add the following ingress rules to ensure secure access:
    • Rule for accessing Oracle Enterprise Manager from the public network, allow Transmission Control Protocol (TCP) traffic for port 7803.
    • Rule for accessing Autonomous Database – Shared from Oracle Enterprise Manager subnet and VCN, allow TCPS traffic for the port value specified in the tnsnames.ora file in the OCI Client Credential (Wallet).

    For information, see:

  4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Database – Shared is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.

Oracle Enterprise Manager Deployed On Premises

You can use Oracle Enterprise Manager deployed on premises to discover Autonomous Databases – Shared.

Oracle Enterprise Manager deployed on premises can access Autonomous Databases – Shared with Private Endpoints or using Transit Routing using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Shared.

Access Autonomous Database – Shared Using a Private Endpoint

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Shared in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Shared and private endpoints, see Autonomous Database with Private Endpoint in Oracle Cloud Infrastructure documentation.

  • Provision an Autonomous Database – Shared with a Private Endpoint. A private endpoint is a private IP address within your VCN that you can use to access Autonomous Database – Shared within Oracle Cloud Infrastructure. When you enable a private endpoint for an Autonomous Database – Shared, the only access path to the database is through a VCN inside your Oracle Cloud Infrastructure tenancy. This is required for you to securely connect to the Autonomous Database – Shared from Oracle Enterprise Manager. You can configure a private endpoint when you provision or clone an Autonomous Database – Shared.

    For information, see Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Shared.

    For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Deploy Oracle Enterprise Manager in your on-premises network. The OMS includes a central Oracle Management Agent that can be used to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Note that if you have an existing on-premises database or an Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous Database – Shared resides, you have the option of using the agent that monitors them, instead of the central agent.

    For information, see:

  • Review and use the specified connectivity option to connect Oracle Enterprise Manager on premises with the Autonomous Database – Shared. Oracle Enterprise Manager is deployed in an on-premises data center and connects privately to the Autonomous Database – Shared, thereby ensuring that traffic does not go over public internet.

    For information on connecting from Oracle Enterprise Manager deployed on premises to an Autonomous Database – Shared, see Example 2: Connecting from an On-Premises Data Center in Connecting to an Autonomous Database with a Private Endpoint in Oracle Cloud Infrastructure documentation.

    The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Shared using a private endpoint.



Access Autonomous Database – Shared Using Transit Routing

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Shared in Oracle Services Network using Transit Routing. This method should only be used when the Autonomous Database – Shared is not configured with a private endpoint. For information on Transit Routing, see Overview of On-Premises Network Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.

  • Provision an Autonomous Database – Shared. As a first step, you must ensure that you have provisioned the Autonomous Database – Shared.

    For information, see Provision Autonomous Database in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Shared.

    For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database on Shared Exadata Infrastructure.

  • Deploy Oracle Enterprise Manager in your on-premises network. The OMS includes a central Oracle Management Agent that can be used to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Shared. Note that if you have an existing on-premises database or an Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous Database – Shared resides, you have the option of using the agent that monitors them, instead of the central agent.

    For information, see:

  • Review and use the specified connectivity option to connect Oracle Enterprise Manager on premises with the Autonomous Database – Shared. Oracle Enterprise Manager is deployed in an on-premises data center and connects to a VCN using FastConnect private virtual circuit or Site-to-Site VPN. Each of these types of connections terminates in a dynamic routing gateway (DRG) that is attached to the VCN. The VCN also has a service gateway, which gives the VCN access to the Autonomous Database – Shared. The traffic from Oracle Enterprise Manager deployed on premises transits through the VCN, through the service gateway, and to the Autonomous Database – Shared. The responses return through the service gateway and VCN to Oracle Enterprise Manager deployed on premises.

    For information on how to configure transit routing directly through gateways, see the tasks given in For routing directly between gateways in Setting Up Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.

    The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Shared using transit routing.



Other Prerequisite Tasks

After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Shared from Oracle Enterprise Manager deployed on premises.

  1. Create an Oracle Cloud Infrastructure IAM group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Database – Shared using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.

    See To create a group in Oracle Cloud Infrastructure documentation.

  2. Create the following policy to allow the DBA in EMGroup to manage and monitor the Autonomous Database – Shared using Oracle Enterprise Manager:

    Allow group EMGroup to manage autonomous-database in <compartment in which the Autonomous Database – Shared resides>

    See To create a policy in Oracle Cloud Infrastructure documentation.

  3. Create a security list and add the following ingress rule to ensure secure access:

    Rule for accessing Autonomous Database – Shared in the Oracle Cloud Infrastructure VCN from Oracle Enterprise Manager deployed on premises, allow TCPS traffic for the port value specified in the tnsnames.ora file in the OCI Client Credential (Wallet).

    For information, see:

  4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Database – Shared is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.