1. Migrate an IBM Db2 to an Oracle Autonomous Database
  2. Set Up the OCI Infrastructure

Set Up the OCI Infrastructure

If you don't have a configured Oracle Cloud Infrastructure (OCI) instance, then you'll need to set up the Virtual Cloud Network (VCN), along with Subnets, Security List, Route Tables, Internet and Service Gateways. After setting up the VCN, you'll provision an autonomous database with a private endpoint in the VCN.

About Extending Your On-Premises Network

You can use VPN Connect to make a VCN an extension of your on-premises network by using a virtual private network (VPN) connection.

VPN Connect offers a simple and secure way to connect your corporate network to Oracle Cloud Infrastructure over your existing internet connection. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

Using a VPN to extend your on-premises network offers the following advantages:

  • You can use public internet lines when leased lines are not required.
  • The IP addresses spaces involved are private and not exposed to the external world.
  • The communication between networks is encrypted.
  • A site-to-site VPN allows multiple users to access the cloud resources through a single connection instead of multiple connections, reducing the management overhead.

VPN Connect provides site-to-site IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. When your autonomous database is in a private subnet, you can use VPN IPsec to connect to the database from a private endpoint.

Create a VCN

Create a Virtual Cloud Network (VCN), which includes an internet gateway, a NAT gateway, and a service gateway. The VCN also includes a regional public subnet with routing to the internet gateway.

Instances in a public subnet may optionally have public IP addresses. A regional private subnet with routing to the NAT gateway and service gateway (and Oracle Services Network).

Instances in a private subnet cannot have public IP addresses. Basic security list rules for the two subnets, including SSH access.

  1. Log into the Oracle Cloud Infrastructure Console.
  2. Click Networking: Set up a network with a wizard.
  3. Click Networking Quickstart.
  4. Select VCN with Internet Connectivity, and then click Start Workflow.
  5. Enter the following:
    1. VCN Name: Enter a name for your cloud network. The name is incorporated into the names of all the related resources that are automatically created. Avoid entering confidential information.
    2. Compartment: This field defaults to your current compartment. Select the compartment you want to create the VCN and related resources in, if not already selected.
    3. VCN CIDR Block: Enter a valid CIDR block for the VCN. For example 10.0.0.0/16.
    4. Public Subnet CIDR Block: Use the default CIDR blocks listed for the VCN and subnets, or specify a different range for the subnet. The value must be within the VCN's CIDR block. For example: 10.0.0.0/24.
    5. Private Subnet CIDR Block: Use the default CIDR blocks listed for the VCN and subnets, or specify a different range for the subnet. The value must be within the VCN's CIDR block and not overlap with the public subnet's CIDR block. For example: 10.0.1.0/24.
    6. Accept the defaults for any other fields.
  6. Click Next.
  7. Review the list of resources that the workflow will create for you.
    The workflow will set up security list rules and route table rules to enable basic access for the VCN.
  8. Click Create to create the VCN.

Provision an Oracle Autonomous Database

Provision an Oracle Autonomous Database with a private endpoint within the VCN.

  1. Log into the Oracle Cloud InfrastructureConsole.
  2. Click Oracle Database in the left menu. Select your region and compartment.
  3. Click Create Autonomous Database.
  4. Provide basic information for the Autonomous Database.
    1. Select a compartment.
    2. Enter a display name.
      The display name is a user-friendly description or other information that helps you easily identify the resource. The display name does not have to be unique. However, you cannot change the display name.
    3. Enter a database name.
      The database name must consist of letters and numbers only. The maximum length is 14 characters. The same database name cannot be used for multiple Autonomous Databases in the same tenancy in the same region.
  5. Select Data Warehouse as the workload type.
  6. Choose a deployment type, in this case select Shared Infrastructure.
    • Shared Infrastructure: Run Autonomous Database on shared Exadata infrastructure.
    • Dedicated Infrastructure: Run Autonomous Database on dedicated Exadata infrastructure
  7. Configure the database.
    Select CPU and storage that are appropriate for your workload based on the number of concurrent user and queries, the volume of data, and so on. For a small data sample (1 MB file) for example, specify a CPU Core Count of 1 and 1 TB of storage.
    1. Database version: Select the database version.
    2. OCPU Count: Specify the number of CPU cores for your database
    3. Storage: Specify the storage you wish to make available to your database, in terabytes.
  8. Create administrator credentials.
    1. Username: This is a read only field.
    2. Password: Set the password for the Autonomous Database Admin user that meets the strong password complexity criteria based on Oracle Cloud security standards. Enter the same password again to confirm your new password.
  9. Choose Virtual Cloud Network access.
    1. Virtual Cloud Network: Select the VCN in which to launch the database. Click Change Compartment to select a VCN in a different compartment.
    2. Subnet: Select the subnet to attach to the database. Click Change Compartment to select a subnet in a different compartment.
    3. Hostname prefix: Optionally, specify a host name prefix for the database and associate a DNS name with the database instance.
    4. Network security groups: Specify at least one network security group (NSG) for your database. An NSG functions as a virtual firewall, allowing you to apply a set of ingress and egress security rules to your database.
  10. Choose a license type. Click Bring Your Own License if you want to use an existing on-premises license or click License Included to provision a license with the data warehouse.
  11. Click Create Autonomous Database.
    On the Oracle Cloud Infrastructure console the Lifecycle State shows Provisioning until the new database is available.

Create a Key Pair

Before you create and access the compute instance, you must generate a public/private key pair in OpenSSH format using a utility such as ssh-keygen for Linux-type systems.

Instances use an SSH key pair to authenticate a remote user. A key pair file contains a private key and public key. You keep the private key on your computer and provide the public key every time you launch an instance

  1. Run the command ssh-keygen to generate ssh-keys for your machine.
    # ssh-keygen
  2. When prompted, enter the path to the file in which you want to save the key or press Enter to use the default shown.
  3. When prompted, enter a password. Enter the password again to confirm it.
    The password isn't displayed when you type it in. Remember the password. If you forget the password, you can't recover it.

The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_rsa, then the file name of the public key is id_rsa.pub. Make a note of the path where you've saved the SSH key pair. When you create instances, you must provide the SSH public key. When you log in to an instance, you must specify the corresponding SSH private key and enter the password when prompted.

Create a Compute Instance for the Bastion Server

Create a virtual Linux machine as the compute instance for the bastion server.

  1. Go to the Oracle Cloud Infrastructure Console and open the navigation menu.
  2. Under Core Infrastructure, click Compute and then click Instances. Then, choose a Compartment you have permission to work in.
  3. Click Create Instance.
  4. Specify a name in Name your instance.
    You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance.
  5. Use the default image or click Change Image and choose from the options.
  6. Click Show Shape, Network, Storage Options if not already displayed and verify the domain, shape, compartment, VCN, and subnet.
  7. Ensure that Assign Public IP Address is selected.
    This is required for the bastion server.
  8. Click Paste SSH Keys and paste your previously created public key into the SSH key box.
    You'll provide the associated private key when you connect to the instance.
  9. Click Create.

    The provisioning work request is displayed. While the instance is being created, the status is displayed as PROVISIONING. The status changes to RUNNING when the instance is fully operational.

When the instance is fully provisioned and running, you can connect to it using secure shell (SSH).