This image shows Oracle Cloud Infrastructure Bastion connecting an operator to a private subnet in two ways: by using an intermediary target subnet and by connecting directly to the subnet that contains the protected resources.

VCN01 contains a target subnet with a private endpoint IP address and two private subnets, each containing a virtual machine (VM). Subnets provide a security list and a route table. The VCN includes OCI Bastion and a service gateway. OCI Bastion connects to the target subnet’s private endpoint IP address. The target subnet connects to both VMs in the two private subnets. OCI Bastion backend uses the service gateway.

VCN02 contains a private subnet with a private endpoint IP address and a VM. The subnet a provide security list and a route table. The VCN includes OCI Bastion and a service gateway. OCI Bastion connects to the subnet’s private endpoint IP address and the VM in the subnet. OCI Bastion backend uses the service gateway.