Before You Begin
This 30-minute tutorial describes options available for networking resources including multiple Virtual Cloud Network (VCNs), multiple compartments, private domain name service (DNS) zones, and Network Security Groups. Advanced users can consider these options to use with PeopleSoft Cloud Manager.
Background
When you use Resource Manager to install the Cloud Manager stack, you can create a VCN and necessary networking resources as part of the Resource Manager process. With a single VCN, the Cloud Manager instance and the provisioned PeopleSoft environments will use the same networking resources. The features described in this tutorial give you expanded flexibility in setting up networks.
The use of the Oracle Cloud Infrastructure resources described here require an advanced networking configuration. This material is meant for advanced users who want to design and set up the network resources manually.
This is the fifth tutorial in the Install PeopleSoft Cloud Manager series. Read the tutorials in the order listed. The optional tutorials offer alternate methods for setup.
- Prepare to Install PeopleSoft Cloud Manager
- Verify Oracle Cloud Account Information for PeopleSoft Cloud Manager
- Plan the Virtual Cloud Network for PeopleSoft Cloud Manager (Optional)
- Create a Virtual Cloud Network for PeopleSoft Cloud Manager in the Oracle Cloud Infrastructure Console (Optional)
- Use Custom or Private Network Resources with PeopleSoft Cloud Manager (Optional)
- Create a Custom Linux Image for PeopleSoft Cloud Manager (Optional)
- Create a Custom Windows Image for PeopleSoft Cloud Manager in Oracle Cloud Infrastructure (Optional)
- Create Vault Resources for Password Management for PeopleSoft Cloud Manager
- Generate API Signing Keys for PeopleSoft Cloud Manager
- Install the PeopleSoft Cloud Manager Stack with Resource Manager
- Log in to the Cloud Manager Instance
- Specify Cloud Manager Settings
- Use File Storage Service for PeopleSoft Cloud Manager Repository
- Manage Cloud Manager Users, Roles, and Permission Lists
- Configure a Web Proxy for PeopleSoft Cloud Manager (Optional)
- Create a Load Balancer in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager Environments (Optional)
- Create Defined Tags in Oracle Cloud Infrastructure for PeopleSoft Cloud Manager (Optional)
- Create Data Science Resources for Auto Scaling in PeopleSoft Cloud Manager (Optional)
Use Multiple VCNs and Compartments for Provisioned and Migrated Environments
When creating and migrating PeopleSoft environments, you can specify different VCNs and different compartments for the various nodes. For example:
- Set up the Cloud Manager instance on one VCN, and the provisioned PeopleSoft environments on separate VCNs.
- Use different compartments and VCNs for development and test environments.
- Set up the middle tier, database tier, and PeopleSoft Windows Client on separate VCNs.
This illustration shows four compartments with four VCNs.

- Compartment 1 and VCN 1 hold a full-tier node.
- Compartment 2 and VCN 2 hold an Elasticsearch, Logstash, and Kibana (ELK stack) node.
- Compartment 3 and VCN 3 hold a PeopleSoft Windows Client node.
- Compartment 4 and VCN 4 hold a Database on Compute Database Service (DBS) and an Autonomous Database on dedicated infrastructure (ADB-D).
- VCN peering has been set up to allow communication between the four VCNs.
To use multiple VCNs and compartments with Cloud Manager and provisioned PeopleSoft environments:
- Create the VCNs.
When you use the Resource Manager stack to install Cloud Manager, you can create a VCN for the Cloud Manager instance. You must create other VCNs separately in Oracle Cloud Infrastructure.
Review the tutorial Install the PeopleSoft Cloud Manager Stack with Resource Manager for information about the VCN that the Resource Manager process creates.
Review the tutorial Create a Virtual Cloud Network for PeopleSoft Cloud Manager in the Oracle Cloud Infrastructure Console (Optional) for an example of creating a VCN with internet gateway, NAT gateway, service gateway, subnets, and basic security rules.
See Virtual Networking Quickstart in the Oracle Cloud Infrastructure documentation for more information
- Set up local VCN peering.
You must set up local VCN peering to allow the resources in the VCN to communicate. Local VCN peering connects two VCNs in the same region so that their resources can communicate using private IP addresses without routing the traffic over the internet or through your on-premise network.
See Local VCN Peering Using Local Peering Gateways in the Oracle Cloud Infrastructure documentation.
Note:
Instead of doing local VCN peering, you can set up a Dynamic Routing Gateway (DRG) to connect the different VCNs.See Dynamic Routing Gateways (DRGs) in the Oracle Cloud Infrastructure documentation.
- Set up domain name service (DNS) resolution between the VCNs if
necessary.
See the following section Add Private DNS Views to a Private DNS Resolver.
- As a result of the VCN peering and DNS configurations in items 2 and 3, VMs in the first VCN’s subnet and VMs in the second VCN’s subnet should be able to connect to each other using each other's private IP addresses and using the FQDNs assigned by OCI.
- In Cloud Manager, use multiple VCNs and compartments to:
- Create environment templates.
You can select separate VCNs and compartments for the nodes. See Managing Templates in the PeopleSoft Cloud Manager documentation, on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Use Shared FSS (Linux Mid-Tier).
If you use a shared FSS for your mid-tier nodes, you can set up the FSS in a separate VCN. This applies to both provisioning new environments and environments you lift and shift. You cannot select different compartments. See the topics Managing Environments and Using the Shift Process to Provision the Migrated Environment in Oracle Cloud, in the PeopleSoft Cloud Manager documentation on the PeopleSoft Cloud Manager page on the Oracle Help Center.
Note:
This applies only to Shared FSS for mid-tier. You cannot use multiple VCNs for the Cloud Manager instance and the FSS file system that is used for the Cloud Manager repository. See the tutorial Use File Storage Service for PeopleSoft Cloud Manager for information on the network requirements. - Provision a migrated (lifted) environment.
You can select separate VCNs and compartments for the nodes. See Using the Shift Process to Provision the Migrated Environment in Oracle Cloud, in the PeopleSoft Cloud Manager documentation on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Set up the PeopleSoft Update Manager (PUM) source for Cloud
Manager self-updates.
You can select separate VCNs for the full-tier and PeopleSoft Client nodes. You cannot select different compartments for the nodes in the PUM source. See Automatically Applying Updates Using Manage Updates, in the PeopleSoft Cloud Manager documentation on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Create environment templates.
Add Private DNS Views to a Private DNS Resolver
Set up DNS resolution in the VCNs in such a way that:
- Any VM in the first VCN's subnet will be able to resolve the fully-qualified domain name (FQDN) of any VM in the second VCN's subnet.
- The reverse is true: Any VM in the second VCN's subnet will be able to resolve the fully-qualified domain name (FQDN) of any VM in the first VCN's subnet.
One way to set up DNS resolution is by adding private views to the private DNS resolver associated with the VCN. When you create a VCN and select the Use DNS hostnames in this VCN option, this choice creates a dedicated private DNS resolver and a default private view with system-managed zones. A private DNS resolver answers DNS queries for a VCN per a configuration you create.
See DNS in Your Virtual Cloud Network, Private DNS Resolvers, in the Oracle Cloud Infrastructure documentation.
- In Oracle Cloud Infrastructure, locate the first VCN, and select View Details from the Action menu.
- Select the DNS Resolver link on the VCN
details page.
Description of this illustration (private_dns_resolver.png) - On the Private Resolver Details page, click Manage
Private Views.
Description of this illustration (priv_dns_manage_priv_views.png) - Choose a private view for the second VCN.
- Click Save Changes.
Description of this illustration (prv_dns_select_priv_view.png) - Similarly, view details for the second VCN and access the Private Resolver Details page.
- Choose a private view for the first VCN and save.
- Verify by trying to resolve a FQDN in the second VCN from a host in the first VCN, and also resolve a FQDN in the first VCN from a host in the second VCN.
Configure a Private DNS Zone
Create a private DNS zone in Oracle Cloud Infrastructure to contain records that associate your private domain names with their IP addresses. This applies to the following scenarios:
- VM instances in different subnets in the same VCN
- VCNs connected through peering
- VCN connected with a customer's on-premises network through a Dynamic Routing Gateway (DRG)
To create a private DNS zone and associate it with a VCN, see Private DNS in the Oracle Cloud Infrastructure documentation. The tutorial Configure private DNS zones, views, and resolvers gives an example of setting up two private zones and records.
Set Up Private Endpoints and Rules
Use listening and forwarding endpoints and rules to direct DNS queries from one VCN to another. A listening endpoint monitors for DNS queries from other networks. A forwarding endpoint directs DNS queries from one VCN on to other networks. By connecting the first VCN's forwarding endpoint with another VCN's listener endpoint, or the listener endpoint for an on-premises DNS, DNS queries can be forwarded from the first VCN to the other VCN. This will allow VMs in the first VCN to resolve DNS names in the other VCNs or on-premise network.
See DNS in Your Virtual Cloud Network, Private DNS resolvers in the Oracle Cloud Infrastructure documentation.
Use Network Security Groups
When you create an instance, you assign it to a subnet of a VCN. Each subnet has a primary VNIC, and a list of security rules. With network security group (NSGs), you can organize security rules into smaller groups. In this way you have more control over the rules associated with the components of an instance, such as the nodes of a PeopleSoft environment.
An NSG consists of a set of VNICs and a set of security rules that apply to those VNICs. An NSG provides a virtual firewall for a set of cloud resources that all have the same security posture. For example: a group of Compute instances that all perform the same tasks and thus all need to use the same set of ports.
See Network Security Groups in the Oracle Cloud Infrastructure documentation.
After you create one or more NSGs in Oracle Cloud Infrastructure, you can associate them to components in provisioned and migrated environments in Cloud Manager. Here is a summary of the steps:
- Select the VCN that you want to use for your NSGs.
If you want to use more VCNs in addition to that created by the Cloud Manager installation, create them in Oracle Cloud Infrastructure. To create a VCN with internet gateway, NAT gateway, service gateway, subnets, and basic security rules, see Virtual Networking Quickstart in the Oracle Cloud Infrastructure documentation.
- Add one or more NSGs to the VCN and add the required security
rules.
See Network Security Groups in the Oracle Cloud Infrastructure documentation.
- In Cloud Manager, use NSGs in these cases:
- Create environment templates.
You can associate up to five NSGs with each tier. See Managing Templates in the PeopleSoft Cloud Manager documentation, on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Add a node to an environment.
You can associate up to five NSGs with each node. See Managing Environments in the PeopleSoft Cloud Manager documentation on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Provision a migrated (lifted) environment.
You can associate up to five NSGs with each tier. See Using the Shift Process to Provision the Migrated Environment in Oracle Cloud in the PeopleSoft Cloud Manager documentation on the PeopleSoft Cloud Manager page on the Oracle Help Center.
- Create environment templates.
Create a Network Security Group
In this example, we add network security group, NSG1, to VCN, pscm_network. NSG1 is set up to allow ingress only from CIDR 10.0.1.0/24, which is the subnet for a full-tier instance in this example, on TCP ports 5601 and 9200 for Elasticsearch and Kibana, and SSH on port 22.
- In the details page for the VCN, select Network Security Groups
from the list of Resources on the left.
Description of this illustration (vcn_details_select_nsg.png) - Click Create Network Security Group.
Description of this illustration (vcn_details_click_create_nsg.png) - Enter a name for the NSG and select the compartment where you
want to create it.
Click Next.
Description of this illustration (create_nsg_page.png) - Specify values to allow incoming traffic on port 9200 for
Elasticsearch.
Description of this illustration (create_nsg_add_sec_rule.png) - Direction: Ingress
- Source Type: CIDR
- Source CIDR: 10.0.1.0/24
- IP Protocol: TCP
- Source Port Range: All
- Destination Port Range: 9200
- Click +Another Rule.
- Specify the following values to allow incoming traffic on port
5601 for Kibana.
- Direction: Ingress
- Source Type: CIDR
- Source CIDR: 10.0.1.0/24
- IP Protocol: TCP
- Source Port Range: All
- Destination Port Range: 5601
- Click +Another Rule.
- Specify the following values to allow SSH access on port 22.
- Direction: Ingress
- Source Type: CIDR
- Source CIDR: 10.0.1.0/24
- IP Protocol: SSH
- Source Port Range: All
- Destination Port Range: 22
- Click Create to finish.
- Use the NSG in Cloud Manager as described in the section Use Network Security Groups.
Next Steps
Create a Custom Linux Image for PeopleSoft Cloud Manager (Optional)
Learn More
- PeopleSoft Cloud Manager Home Page, My Oracle Support, Doc ID 2231255.2
- Cumulative Feature Overview Tool (Click Generate a CFO report and select PeopleSoft Cloud Manager at the top.)
- Oracle Cloud Documentation in Oracle Help Center
Use Custom or Private Network Resources with PeopleSoft Cloud Manager (Optional)
F38657-07
August 2025
Copyright © 2025, Oracle and/or its affiliates.
Use multiple VCNs, multiple compartments, custom DNS zones, or network security groups with PeopleSoft Cloud Manager and PeopleSoft environments.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.