Allowlisting

Allowlisting is required to specify allowable access destinations on the public internet. There are networking scenarios documented in detail in Chapter 8: Network Integration Guidelines for Integrating Oracle Utilities Cloud Services with External Applications

IP Allowlisting

IP Allowlists enable customers to control how data flows into or out of their SaaS environments.

Outbound Traffic

Outbound traffic is controlled via allowlist of IP addresses. Only HTTPS traffic is allowed to port 443.

The customer or system integrator can request a DNS (Domain name service) name to be added in the allowlist for outbound interface communication. An allowlist provides access to specified DNS addresses that the Oracle network would otherwise prevent access to. For Oracle Utilities cloud services, a customer or system integrator must request a DNS to be added to the allowlist for outbound communication to all external systems.

Once the requested DNS entry is added to the outbound allowlist, it is a customer responsibility to pro-actively maintain the following requirements:

• TLS / SSL Certificate should be issued by a valid SSL Authority

• Certificate's name(s) must match the server / endpoint name

• Installation of TLS / SSL Certificate should include complete authentication chain

• Expiry / Validation of TLS / SSL Certificate of the endpoint

• Support minimum of TLS 1.2

Note: Customers may use TLS / SSL validations tools such as openssl, TLS / SSL verification websites (https://www.ssllabs.com/ etc.) to validate the compliance requirements mentioned above.

Configuring IP Allowlists

To configure IP allowlists, customers must log a service request and follow the steps outlined in the Cloud Operations section of the Oracle Utilities Cloud Services Administration Guide to provide configuration details.