Configure the Solution
Configuing this solution is a two-stage process, configuring the networking infrastructure and then installing the Management Gateway and Management Agent. The following procedures will walk you through these stages.
Configure Networking
Use the following steps to set up the IPSec VPN tunneling between AWS to OCI to enable communication between the RDS and O&M services. This setup will work with OCI Site-to-Site VPN Version 2.
Create a Temporary Customer Gateway for AWS
Use the temporary customer gateway to initially provision the AWS Site-to-Site VPN, exposing the AWS VPN endpoint for your tunnel. OCI requires a public IP of the remote VPN peer before it you can create an IPSec connection. After you finish this process, a new customer gateway representing the actual OCI VPN endpoint public IP is configured.
Create and Attach a Virtual Private Gateway for AWS
A virtual private gateway (VPG) allows resources that are outside of your network to communicate to resources that are inside of your network. To create and attach a VPG for AWS, use this procedure.
Create a VPN Connection for AWS
To connect OCI to AWS by using the native VPN services, use this procedure.
Download the AWS Configuration
While your VPN connection is provisioning, download the configuration of all tunnel information. This text file is required to complete configuring the tunnel in the OCI Console.
Create Customer Premises Equipment for OCI
Next, you need to configure the on-premises device (Customer Premises Equipment, or CPE) at your end of the Site-to-Site VPN so traffic can flow between your on-premises network and virtual cloud network (VCN). Use this procedure.
Create an IPSec Connection for OCI
Now, you need to create the IPSec tunnels and configure the type of routing, either static or BGP Dynamic routing. Use this procedure.
Create a New AWS Customer Gateway
Now, create a new customer gateway on top of the existing customer gateway by using the details captured from the OCI IPSec connection.
Modify the VPN Connection with the New AWS Customer Gateway
This task replaces the temporary Customer Gateway with one that uses the OCI VPN IP address.
Validate the Connectivity
Browse to your IPSec connection in OCI and the Site-to-Site VPN connections in AWS to verify tunnel status.
- Your OCI tunnel under IPSec connection displays Up for IPSec status to confirm an operational tunnel.
- The IPv4 BGP Status also displays Up, indicating an established BGP session.
- The tunnel status on the Tunnel Details tab for your Site-to-Site VPN connection in AWS displays Up.
Install the Management Gateway and Agent
Refer Secure on-premises observability data upload using Management Gateway to learn about the architecture to install the Agent and gateway in a Site-to-Site VPN environment.
Install the Management Gateway
Install the Management Agent
First, you need to install the Management Agent. Since this task is beyond the scope of this document, you can refer to "Management Agent Installation" for detailed steps. You can find a link to this procedure in the "Explore More" topic, elsewhere in this playbook.
Deploy Service Plug-ins
Management Agents allow you to deploy service plug-ins for different Oracle Cloud Infrastructure (OCI) services. Service plug-ins can be deployed to management agents enabling to perform tasks for those services. Any given management agent can have multiple service plug-ins.
Deploy the following plug-ins on the management agent.
- Database Management and Operations Insights Service
- Logging Analytics
- Operations Insights Host Service
- Stack Monitoring.
Deploy a Service Plug-in on the Agent
Use this method when the Management Agent is already installed as described in Install Management Agents.
- From the left menu, click Agents to open up the Agents page.
- From the Agents list, click the desired agent where you want to deploy the plug-in. The Agent detail page appears.
- Click Deploy Plug-ins. The Deploy Plug-ins window appears. Select the plug-in and click Update. The selected plug-in will be deployed on the desired agent.
- Check the status of the agent and plug-ins on the Agent home page.