Prerequisite Tasks for Autonomous Databases – Serverless

To discover Autonomous Data Warehouse – Serverless and Autonomous Transaction Processing – Serverless in Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure or on premises, you must first perform the prerequisite tasks listed in these sections:

• Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure
• Oracle Enterprise Manager Deployed On Premises

Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure

You can use Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure and discover Autonomous Databases – Serverless.

Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure can access Autonomous Databases – Serverless with Private Endpoints or with Public Endpoints using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Serverless.

Access Autonomous Database – Serverless Using a Private Endpoint

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Serverless in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Serverless and private endpoints, see Configuring Network Access with Private Endpoints in Using Oracle Autonomous Database Serverless.

• Provision an Autonomous Database – Serverless with a Private Endpoint. A private endpoint is a private IP address within your VCN that you can use to access the Autonomous Database – Serverless within Oracle Cloud Infrastructure. When you enable a private endpoint for an Autonomous Database – Serverless, the only access path to the database is through a VCN inside your Oracle Cloud Infrastructure tenancy. This is required for you to securely connect to the Autonomous Database – Serverless from Oracle Enterprise Manager. You can configure a private endpoint when you provision or clone an Autonomous Database – Serverless.

  For information, see Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Database Serverless.

• Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Serverless.

  For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database Serverless.

• Configure and deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure. Oracle Enterprise Manager should be deployed using a marketplace image in a Public or Private subnet in the same VCN as the Autonomous Database – Serverless that was configured with private endpoints.

  The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Serverless. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.

  For information, see the Setting Up Oracle Enterprise Manager on Oracle Cloud Infrastructure tutorial.

• Review and use the specified connectivity option to connect Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous Database – Serverless. With a private endpoint, database traffic remains private and within Oracle Cloud Infrastructure, thereby ensuring network security.

  For information on connecting from Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to an Autonomous Database – Serverless, see Example: Connecting from Inside Oracle Cloud Infrastructure VCN in Using Oracle Autonomous Database Serverless.

  The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Serverless using a private endpoint.

  
  
  
  Description of the illustration adbs_private_endpoint_em_mp.png
  
  

Access Autonomous Database – Serverless Using the Service Gateway

This section walks you through a scenario in which you enable access from your Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure to the Autonomous Database – Serverless in the Oracle Services Network by using the service gateway. This method should only be used when the Autonomous Database – Serverless is not configured with a private endpoint. For information on Oracle Services Network and the Service Gateway, see Access to Oracle Services: Service Gateway in Oracle Cloud Infrastructure documentation.

• Provision an Autonomous Database – Serverless. As a first step, you must ensure that you have provisioned the Autonomous Database – Serverless.

  For information, see Provision Autonomous Database in Using Oracle Autonomous Database Serverless.

• Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Serverless.

  For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database Serverless.

• Configure and deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure. Oracle Enterprise Manager should be deployed in a Public or Private subnet in the same VCN as the Autonomous Database – Serverless.

  The OMS includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Serverless. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.

  For information, see the Setting Up Oracle Enterprise Manager on Oracle Cloud Infrastructure tutorial.

• Create a Service Gateway. You must create a service gateway as a resource in the VCN. This will enable the Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure in your VCN to privately access Autonomous Database – Serverless in the Oracle Services Network, without exposing the data to the public internet.

  For information, see Task 1 Create the service gateway in Setting Up a Service Gateway in the Console in Oracle Cloud Infrastructure documentation.

• Review and use the specified connectivity option to connect Oracle Enterprise Manager on Oracle Cloud Infrastructure with the Autonomous Database – Serverless. The next step is to ensure that the subnet in which Oracle Enterprise Manager resides in your VCN has access to the service gateway. To do so, you must add a route rule in the private subnet's route table. To do so, follow the instructions given in Task 2: Update routing for the subnet in Setting Up a Service Gateway in the Console in Oracle Cloud Infrastructure documentation, and choose Service Gateway as the Target Type and the service CIDR label All <region> Services in Oracle Services Network as the Destination Service. The service gateway now provides access to the Autonomous Databases – Serverless within the region in Oracle Services Network.

  The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure connects with Autonomous Databases – Serverless using a service gateway.

  
  
  
  Description of the illustration adbs_service_gateway_em_mp.png
  
  

Other Prerequisite Tasks

After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Serverless for Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure.

1. Create an Oracle Cloud Infrastructure IAM group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Database – Serverless using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.

   See To create a group in Oracle Cloud Infrastructure documentation.

2. Create the following policies to allow the DBA in EMGroup to manage and monitor the Autonomous Database – Dedicated using Oracle Enterprise Manager.

   Allow group EMGroup to manage autonomous-database in compartment <compartment in which the Autonomous Database resides>

   Allow group EMGroup to manage orm-stacks in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage instance-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage volume-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage load-balancers in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage virtual-network-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage file-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage autonomous-database-family in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to manage orm-jobs in compartment <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to read resource-availability in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>

   Allow group EMGroup to read limits in compartment <compartment in which the Autonomous Database resides> and <compartment in which the Oracle Enterprise Manager stack resides>

   Note:

   For the last two policies listed above, to grant read access to resource-availability and limits, you must use separate statements for each compartment.

   See To create a policy in Oracle Cloud Infrastructure documentation.

3. Create a security list and add the following ingress rules to ensure secure access:
   • Rule for accessing Oracle Enterprise Manager from the public network, allow Transmission Control Protocol (TCP) traffic for port 7803.
   • Rule for accessing Autonomous Database – Serverless from Oracle Enterprise Manager subnet and VCN, allow TCPS traffic for the port value specified in the tnsnames.ora file in the OCI Client Credential (Wallet).

   For information, see:

   • Security Lists in Oracle Cloud Infrastructure documentation.
   • About Connecting to an Autonomous Database Instance in Using Oracle Autonomous Database Serverless.
4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Database – Serverless is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.

Oracle Enterprise Manager Deployed On Premises

You can use Oracle Enterprise Manager deployed on premises to discover Autonomous Databases – Serverless.

Oracle Enterprise Manager deployed on premises can access Autonomous Databases – Serverless with Private Endpoints or using Transit Routing using a Service Gateway. The following sections provide information on both scenarios, however, it is recommended that you configure Private Endpoints to access Autonomous Databases – Serverless.

Access Autonomous Database – Serverless Using a Private Endpoint

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Serverless in Oracle Services Network using a private endpoint. For information on Autonomous Databases – Serverless and private endpoints, see Configuring Network Access with Private Endpoints in Using Oracle Autonomous Database Serverless.

• Provision an Autonomous Database – Serverless with a Private Endpoint. A private endpoint is a private IP address within your VCN that you can use to access Autonomous Database – Serverless within Oracle Cloud Infrastructure. When you enable a private endpoint for an Autonomous Database – Serverless, the only access path to the database is through a VCN inside your Oracle Cloud Infrastructure tenancy. This is required for you to securely connect to the Autonomous Database – Serverless from Oracle Enterprise Manager. You can configure a private endpoint when you provision or clone an Autonomous Database – Serverless.

  For information, see Configure Private Endpoints When You Provision or Clone an Instance in Using Oracle Autonomous Database Serverless.

• Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Serverless.

  For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database Serverless.

• Deploy Oracle Enterprise Manager in your on-premises network. The OMS includes a central Oracle Management Agent that can be used to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Serverless. Note that if you have an existing on-premises database or an Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous Database – Serverless resides, you have the option of using the agent that monitors them, instead of the central agent.

  For information, see:

  • Upgrading the Enterprise Manager Cloud Control 13c Release 5 Software Only with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
  • Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
• Review and use the specified connectivity option to connect Oracle Enterprise Manager on premises with the Autonomous Database – Serverless. Oracle Enterprise Manager is deployed in an on-premises data center and connects privately to the Autonomous Database – Serverless, thereby ensuring that traffic does not go over public internet.

  For information on connecting from Oracle Enterprise Manager deployed on premises to an Autonomous Database – Serverless, see Example: Connecting from Your Data Center to Autonomous Database in Using Oracle Autonomous Database Serverless.

  The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Serverless using a private endpoint.

  
  
  
  Description of the illustration adbs_private_endpoint_em_onprem.png
  
  

Access Autonomous Database – Serverless Using Transit Routing

This section walks you through a scenario in which you enable private access from your Oracle Enterprise Manager deployed on premises to the Autonomous Database – Serverless in Oracle Services Network using Transit Routing. This method should only be used when the Autonomous Database – Serverless is not configured with a private endpoint. For information on Transit Routing, see Overview of On-Premises Network Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.

• Provision an Autonomous Database – Serverless. As a first step, you must ensure that you have provisioned the Autonomous Database – Serverless.

  For information, see Provision Autonomous Database in Using Oracle Autonomous Database Serverless.

• Download the Client Credentials (Wallet). After you provision the database, you must download the OCI Client Credential (Wallet) and save the .zip file to provide client access to the Autonomous Database – Serverless.

  For information, see Download Client Credentials (Wallets) in Using Oracle Autonomous Database Serverless.

• Deploy Oracle Enterprise Manager in your on-premises network. The OMS includes a central Oracle Management Agent that can be used to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Database – Serverless. Note that if you have an existing on-premises database or an Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous Database – Serverless resides, you have the option of using the agent that monitors them, instead of the central agent.

  For information, see:

  • Upgrading the Enterprise Manager Cloud Control 13c Release 5 Software Only with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
  • Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
• Review and use the specified connectivity option to connect Oracle Enterprise Manager on premises with the Autonomous Database – Serverless. Oracle Enterprise Manager is deployed in an on-premises data center and connects to a VCN using FastConnect private virtual circuit or Site-to-Site VPN. Each of these types of connections terminates in a dynamic routing gateway (DRG) that is attached to the VCN. The VCN also has a service gateway, which gives the VCN access to the Autonomous Database – Serverless. The traffic from Oracle Enterprise Manager deployed on premises transits through the VCN, through the service gateway, and to the Autonomous Database – Serverless. The responses return through the service gateway and VCN to Oracle Enterprise Manager deployed on premises.

  For information on how to configure transit routing directly through gateways, see the tasks given in For routing directly between gateways in Setting Up Private Access to Oracle Services in Oracle Cloud Infrastructure documentation.

  The following diagram provides an overview of how Oracle Enterprise Manager deployed on premises connects with Autonomous Databases – Serverless using transit routing.

  
  
  
  Description of the illustration adbs_transit_routing_em_onprem.png
  
  

Other Prerequisite Tasks

After you have ensured that the major components are in place using one of the two options given above, you must perform the following prerequisite tasks to discover an Autonomous Database – Serverless from Oracle Enterprise Manager deployed on premises.

1. Create an Oracle Cloud Infrastructure IAM group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Database – Serverless using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.

   See To create a group in Oracle Cloud Infrastructure documentation.

2. Create the following policy to allow the DBA in EMGroup to manage and monitor the Autonomous Database – Serverless using Oracle Enterprise Manager:

   Allow group EMGroup to manage autonomous-database in <compartment in which the Autonomous Database – Serverless resides>

   See To create a policy in Oracle Cloud Infrastructure documentation.

3. Create a security list and add the following ingress rule to ensure secure access:

   Rule for accessing Autonomous Database – Serverless in the Oracle Cloud Infrastructure VCN from Oracle Enterprise Manager deployed on premises, allow TCPS traffic for the port value specified in the tnsnames.ora file in the OCI Client Credential (Wallet).

   For information, see:

   • Security Lists in Oracle Cloud Infrastructure documentation.
   • About Connecting to an Autonomous Database Instance in Using Oracle Autonomous Database Serverless.
4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Database – Serverless is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or a SQL client.