Request for Reverse Connection Endpoint (RCE)

A Reverse Connection Endpoint (RCE) enables Oracle services to initiate connections to customer-specified resources within a Virtual Cloud Network (VCN) or on-premises network without traversing the public internet.

Reverse connections or S2C functionality enables Oracle services to privately begin connections to instances within the customer’s OCI VCN or on-premises network.

If the customer requirement is to access the on-premises endpoint from the cloud services via private network, they must create a service request with the Oracle Cloud Operations team.

Request Specifications

  • The customer must provide the following as part of service request:
    • Customer Tenancy Name
    • Customer Tenancy OCID
    • The compartment name
    • The compartment OCID
    • Customer VCN Name
    • Customer VCN OCID
    • The DNS of the Customer's VCN
    • The CIDR Range of the Customer's VCN
    • The private subnet name in the customer's tenancy
    • The OCID of the subnet
    • The CIDR range of the subnet
    • Tenant/Domain/Application Name of the cloud service (Example: zyu001/dev/ccs)
    • IPs of the server hosting the customer endpoint
    • FQDNs of the customer endpoints

Customer Obligations

  • The customer must perform the following activities prior to raising the reverse connection endpoint service request.
    • Step 1: Create a VCN with a private subnet where the RCE can be created (it should be with in the same region where the cloud services are provisioned)
    • Step 2: Add the necessary policy to allow RCE creation on customer tenancy

Add the following IAM Policy to allow Oracle to create Reverse Connection Endpoint in the compartment in your tenancy.:

allow service ORACLE_INDUSTRY_SAAS to manage vnics in compartment <Customer Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to use subnets in compartment Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to use network-security-groups compartment <Customer Compartment Name>
allow service ORACLE_INDUSTRY_SAAS to inspect work-requests in compartment <Customer Compartment Name>

Example: 

allow service ORACLE_INDUSTRY_SAAS to manage vnics in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to use subnets in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to use network-security-groups in compartment JI_PE_POC
allow service ORACLE_INDUSTRY_SAAS to inspect work-requests in compartment JI_PE_POC

Oracle Cloud Operations Team Obligations

  • Acknowledge and schedule the execution of service request.
  • Execute steps to complete the service request
  • Notify the customer upon completion of the activity

Service Level Objective

  • Advanced Notice:5 business days
  • Acknowledge/Schedule:2 business days
  • Execution Time:15 business days
  • Outage Expected:Yes