Request for Private Endpoint (PE)

A private endpoint is a private IP address within your VCN that you can use to access a given service within Oracle Cloud Infrastructure. The service sets up the private endpoint in a subnet of your choice with in the VCN. This can be used to establish the connection between your on-premises network to the SaaS Service (Customer-to-Service).

If the customer requirement is to access the cloud services via private network, they must create a service request with the Oracle Cloud Operations team.

Pre-requisites for Requesting a Private Endpoint

  • The customer must provide the IP/CIDR blocks and or VCN OCID of inbound allow list as a separate service request. Please refer to section “Request for Inbound Allow List”.

Request Specifications

  • The customer must provide the following as part of the service request:
    • Customer Tenancy Name
    • Customer Tenancy OCID
    • The compartment name
    • The compartment OCID
    • Customer VCN Name
    • Customer VCN OCID
    • The DNS of the Customer's VCN
    • The CIDR Range of the Customer's VCN
    • The private subnet name in the customer's tenancy
    • The OCID of the subnet
    • The CIDR range of the subnet
    • Tenant/Domain/Application Name of the cloud service (Example: zyu001/dev/ccs)

Customer Obligations

  • The customer must perform the following activities prior to raising the private endpoint service request.
    • Step 1: Create a VCN with a private subnet where the PE can be created
    • Step 2: Add the necessary policy to allow PE creation on customer tenancy

Add the following IAM Policy to allow Oracle to create Private endpoint in the compartment in your tenancy:

allow service ORACLE_INDUSTRY_SAAS to manage vnics in compartment <Customer Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to use subnets in compartment <Customer Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to use network-security-groups in compartment <Customer Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to inspect work-requests in compartment <Customer Compartment Name>

Example: 

allow service ORACLE_INDUSTRY_SAAS to manage vnics in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to use subnets in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to use network-security-groups in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to inspect work-requests in compartment JI_PE_POC

Oracle Cloud Operations Team Obligations

  • Acknowledge and schedule the execution of service request.
  • Execute steps to complete the service request
  • Notify the customer upon completion of the activity

Service Level Objective

  • Advanced Notice:5 business days
  • Acknowledge/Schedule:2 business days
  • Execution Time:15 business days
  • Outage Expected:Yes