Previous
Next
JavaScript must be enabled to correctly display this content
If you don't have a configured Oracle Cloud
Infrastructure (OCI) instance, then you'll need to set up the Virtual Cloud Network (VCN), along
with Subnets, Security List, Route Tables, Internet and Service Gateways. After
setting up the VCN, you'll provision an autonomous database with a private endpoint
in the VCN.
About Extending Your On-Premises
Network
You can use VPN Connect to make a VCN an extension of your on-premises
network by using a virtual private network (VPN) connection.
VPN Connect offers a simple and secure way to connect your corporate network to Oracle
Cloud Infrastructure over your existing internet connection. The IPSec protocol suite
encrypts IP traffic before the packets are transferred from the source to the
destination and decrypts the traffic when it arrives.
Using a VPN to extend your on-premises network offers the following advantages:
- You can use public internet lines when leased lines are not required.
- The IP addresses spaces involved are private and not exposed to the external
world.
- The communication between networks is encrypted.
- A site-to-site VPN allows multiple users to access the cloud resources through a
single connection instead of multiple connections, reducing the management
overhead.
VPN Connect provides site-to-site IPSec VPN connectivity between your
on-premises network and VCNs in Oracle Cloud Infrastructure. When your autonomous
database is in a private subnet, you can use VPN IPsec to connect to the database from a
private endpoint.
Create a VCN
Create a Virtual Cloud Network (VCN), which includes an internet gateway, a
NAT gateway, and a service gateway. The VCN also includes a regional public subnet with
routing to the internet gateway.
Instances in a public subnet may optionally have public IP addresses. A regional
private subnet with routing to the NAT gateway and service gateway (and Oracle
Services Network).
Instances in a private subnet cannot have public IP addresses. Basic security list
rules for the two subnets, including SSH access.
- Log into the Oracle Cloud
Infrastructure
Console.
- Click Networking: Set up a network with a wizard.
- Click Networking Quickstart.
- Select VCN with Internet Connectivity, and then click Start
Workflow.
- Enter the following:
- VCN Name: Enter a name for your cloud network. The name is
incorporated into the names of all the related resources that are
automatically created. Avoid entering confidential information.
- Compartment: This field defaults to your current compartment.
Select the compartment you want to create the VCN and related resources
in, if not already selected.
- VCN CIDR Block: Enter a valid CIDR block for the VCN. For
example 10.0.0.0/16.
- Public Subnet CIDR Block: Use the default CIDR blocks listed for
the VCN and subnets, or specify a different range for the subnet. The
value must be within the VCN's CIDR block. For example:
10.0.0.0/24.
- Private Subnet CIDR Block: Use the default CIDR blocks listed
for the VCN and subnets, or specify a different range for the subnet.
The value must be within the VCN's CIDR block and not overlap with the
public subnet's CIDR block. For example: 10.0.1.0/24.
- Accept the defaults for any other fields.
- Click Next.
- Review the list of resources that the workflow will create for you.
The workflow will set up security list rules and route table rules to enable
basic access for the VCN.
- Click Create to create the VCN.
Provision an Oracle Autonomous
Database
Provision an Oracle Autonomous Database with a private endpoint within the
VCN.
- Log into the Oracle Cloud
InfrastructureConsole.
- Click Oracle Database in the left menu. Select your
region and compartment.
- Click Create Autonomous Database.
- Provide basic information for the Autonomous Database.
- Select a compartment.
- Enter a display name.
The display name is a user-friendly description or other information
that helps you easily identify the resource. The display name does not
have to be unique. However, you cannot change the display name.
- Enter a database name.
The database name must consist of letters and numbers only. The
maximum length is 14 characters. The same database name cannot be used
for multiple Autonomous Databases in the same tenancy in the same
region.
- Select Data Warehouse as the workload type.
- Choose a deployment type, in this case select Shared
Infrastructure.
- Shared Infrastructure: Run Autonomous Database on
shared Exadata infrastructure.
- Dedicated Infrastructure: Run Autonomous Database
on dedicated Exadata infrastructure
- Configure the database.
Select CPU and storage that are appropriate for your workload based on the
number of concurrent user and queries, the volume of data, and so on. For a
small data sample (1 MB file) for example, specify a CPU Core Count of 1 and 1
TB of storage.
- Database version: Select the database
version.
- OCPU Count: Specify the number of CPU cores for
your database
- Storage: Specify the storage you wish to make
available to your database, in terabytes.
- Create administrator credentials.
- Username: This is a read only field.
- Password: Set the password for the Autonomous
Database Admin user that meets the strong password complexity criteria
based on Oracle Cloud security standards. Enter the same password again
to confirm your new password.
- Choose Virtual Cloud Network access.
- Virtual Cloud Network: Select the VCN in which
to launch the database. Click Change Compartment
to select a VCN in a different compartment.
- Subnet: Select the subnet to attach to the
database. Click Change Compartment to select a
subnet in a different compartment.
- Hostname prefix: Optionally, specify a host name
prefix for the database and associate a DNS name with the database
instance.
- Network security groups: Specify at least one
network security group (NSG) for your database. An NSG functions as a
virtual firewall, allowing you to apply a set of ingress and egress
security rules to your database.
- Choose a license type. Click Bring Your Own License if
you want to use an existing on-premises license or click License
Included to provision a license with the data warehouse.
- Click Create Autonomous Database.
On the Oracle Cloud Infrastructure console the Lifecycle State shows
Provisioning until the new database is available.
Create a Key Pair
Before you create and access the compute instance, you must generate a
public/private key pair in OpenSSH format using a utility such as
ssh-keygen
for Linux-type systems.
Instances use an SSH key pair to authenticate a remote user. A key pair file contains
a private key and public key. You keep the private key on your computer and provide
the public key every time you launch an instance
- Run the command
ssh-keygen
to generate ssh-keys for your
machine.
- When prompted, enter the path to the file in which you want to save the key or
press Enter to use the default shown.
- When prompted, enter a password. Enter the password again to confirm it.
The password isn't displayed when you type it in. Remember the password. If
you forget the password, you can't recover it.
The command generates an SSH key pair consisting of a public key and a private key,
and saves them in the specified path. The file name of the public key is created
automatically by appending .pub
to the name of the private key
file. For example, if the file name of the SSH private key is id_rsa, then the file
name of the public key is id_rsa.pub
. Make a note of the path where
you've saved the SSH key pair. When you create instances, you must provide the SSH
public key. When you log in to an instance, you must specify the corresponding SSH
private key and enter the password when prompted.
Create a Compute Instance for the
Bastion Server
Create a virtual Linux machine as the compute instance for the bastion
server.
- Go to the Oracle Cloud
Infrastructure
Console and open the navigation menu.
- Under Core Infrastructure, click
Compute and then click
Instances. Then, choose a Compartment you have
permission to work in.
- Click Create Instance.
- Specify a name in Name your instance.
You can add or change the name later. The name doesn't need to be unique,
because an Oracle Cloud Identifier (OCID) uniquely identifies the
instance.
- Use the default image or click Change Image and choose
from the options.
- Click Show Shape, Network, Storage Options if not
already displayed and verify the domain, shape, compartment, VCN, and
subnet.
- Ensure that Assign Public IP Address is selected.
This is required for the bastion server.
- Click Paste SSH Keys and paste your previously created
public key into the SSH key box.
You'll provide the associated private key when you connect to the
instance.
- Click Create.
The provisioning work request is displayed. While the instance is being
created, the status is displayed as PROVISIONING. The status changes to
RUNNING when the instance is fully operational.
When the instance is fully provisioned and running, you can connect to it using
secure shell (SSH).