2 Prerequisites

When you request a private endpoint for Retail AI Foundation Cloud Service begin by creating a private subnet in an ideally dedicated compartment and VCN of your choice. Oracle Support will ask for the following information:

  • Tenancy OCID

  • Compartment Name

  • Compartment OCID

  • VCN OCID

  • Subnet OCID

This information is readily available on the OCI Console and is accessible when you create your subnet. You may create a new child compartment as well as a new VCN if you choose. Once you have completed this task, put the following policies in place using the Identity > >Policies screen on your OCI Console.

Allow service ORACLE_INDUSTRY_SAAS to manage vnic in compartment <Customer Compartment Name>

Allow service ORACLE_INDUSTRY_SAAS to use subnets in compartment <Customer Compartment Name>

Allow service ORACLE_INDUSTRY_SAAS to use network-security-groups in compartment <Customer Compartment Name>

Allow service ORACLE_INDUSTRY_SAAS to inspect work-requests in compartment <Customer Compartment Name>

Notification of database credential rotation can be done through email, an http or https endpoint, or neither. If you choose neither, then credentials are fetched as needed. Note, if you use an http or https endpoint for notification, you will need to create an additional private subnet in a dedicated (ideally) compartment and VCN of your choice. Oracle Support will ask for the following information about your subnet and endpoint:

  • VCN OCID

  • Subnet OCID

  • Subnet

  • Fully qualified domain name of notification endpoint

    In addition, if you use an http or https endpoint for notification, you may need to add an ingress rule to ensure that the notification endpoint is reachable from the Credential Exchange Server. If you are uncertain as how you wish to be notified of credential rotation or are uncertain about the specifics, you may provide endpoint details in a later request. See Credentials.

    Note:

    Concerning OCI regions, and the number of availability domains (AD). If your service is within a 3-AD region, you are done. If, however, you are within a single AD region, you will also need to complete the above prerequisites for the standby region as well. The standby details will be provided in your requests. In the event of a Disaster Recovery situation in a single AD region, the customer must perform a number of DNS updates. When the disaster is mitigated, the customer must reverse those updates. The details are found in My Oracle Support Doc ID: 2991525.1.