Register an Oracle Cloud Database

You can register Oracle cloud databases as target databases in Oracle Data Safe.

In Oracle Data Safe, use the Oracle cloud databases registration wizard to register the following databases:

  • Oracle Base Database Service (DB system - Virtual Machine)
  • Oracle Exadata Database Service on Dedicated Infrastructure (Exadata VM cluster)
  • Oracle Database@AWS - Oracle Exadata Database Service
  • Oracle Database@Azure - Oracle Exadata Database Service
  • Oracle Database@Google Cloud - Oracle Exadata Database Service

Note:

Be sure to complete the preregistration tasks before using the wizard and the post-registration tasks afterward.

Preregistration Tasks

The following table lists the preregistration tasks for an Oracle cloud database.

Task Number Task Link to Instructions
1 In Oracle Cloud Infrastructure Identity and Access Management (IAM), obtain permissions to register your database. Permissions to Register an Oracle Cloud Database with Oracle Data Safe
2 Create an Oracle Data Safe service account on your database and grant it Oracle Data Safe roles. Create the service account as the SYS user. Create an Oracle Data Safe Service Account on Your Database or Grant Roles to the Oracle Data Safe Service Account on Your Target Database
3 (Optional) If you plan to configure a TLS connection to your database, create a wallet or certificates. Create a Wallet or Certificates for a TLS Connection
4 (Optional) If you're planning to register a database with Active Data Guard association: 1) Ensure that the primary and standby databases use the same private endpoint to connect to Oracle Data Safe. 2) Ensure that your Active Data Guard association follows the prerequisites of using Oracle Data Guard on a DB System. Use Oracle Data Guard on a DB System

Run the Oracle Cloud Databases Wizard

The following sections detail the workflow in the Oracle cloud databases registration wizard.

Step 1: Select database

  1. On the Overview page in Oracle Data Safe, find Oracle cloud databases, and then select Start wizard.
    The wizard opens on step 1, Select database.
  2. For Cloud database type, select a database type (Oracle Base Database, Oracle Exadata Database Service on Dedicated Infrastructure, or Oracle Exadata Database Service on Exascale Infrastructure).
  3. Select a database or VM cluster. If you're registering a database with Active Data Guard, Oracle recommends you select the primary database here and then add the standby databases as peers later in the wizard.
    • (Oracle Base Database Service) For Select database compartment, select the database's compartment. For Select database, select your database.
    • (Oracle Exadata Database Service on Dedicated Infrastructure) For Select VM cluster compartment, select the VM cluster's compartment. For Select VM cluster, select your VM cluster.
    • (Oracle Exadata Database Service on Dedicated Infrastructure) For Select VM cluster compartment, select the VM cluster's compartment. For Select VM cluster, select your VM cluster.
  4. Select Select PDB from list or Enter database service name. Note that the option to select a PDB is not available for Oracle databases on Azure, GCP, or AWS.
    • For PDB: Select the name of your database and a PDB name. The PDB name is the OCID of Oracle Base Database Service or the OCID of the VM cluster of Oracle Exadata Database Service.
    • For database service name: Enter the database service name of the PDB or CDB; for example, ORCL.
  5. For Display name, enter a target display name that is meaningful to you. Oracle Data Safe uses this name in its reports. All characters are accepted. The maximum number of characters is 255.
  6. For Compartment, select the compartment that you want to register the target database to. The compartment doesn't need to be the same as the compartment where the database or VM cluster is stored.
  7. (Optional) For Description, enter a description that is meaningful to you.
  8. If applicable, enter the Database service name.
  9. For Database port number, the default port number is pre-filled. You may enter in a custom port number, otherwise the default will be used. For an Oracle Exadata Database Service on Dedicated Infrastructure database, enter the port number of the SCAN listener.
  10. For TCP/TLS, select TCP or TLS for the network protocol. If you select TLS, you need to perform the following additional steps:
    1. Select One way TLS or Mutual TLS.
    2. If you select One way TLS, upload the TrustStore of your database in the format of PEM file, PKCS#12 wallet, or JKS wallet and optionally, enter the wallet password. This file is required whether client authentication is enabled or disabled on your target database.
    3. If you select Mutual TLS, upload the TrustStore of your database in the format of PEM file, PKCS#12 wallet, or JKS wallet and enter the wallet password. This file is required whether client authentication is enabled or disabled on your target database. When client authentication is enabled on your target database, upload the KeyStore of your database in the format of PEM file, PKCS#12 wallet, or JKS wallet. This file is not required when client authentication is disabled.
  11. Perform this step if you did not already grant roles to the database user in the preregistration tasks.
    Click Download Privilege Script and save the datasafe_privileges.sql script to your computer. The script includes instructions on how to use it to grant privileges to the Oracle Data Safe service account on your target database. You should also refer to the preregistration task Grant Roles to the Oracle Data Safe Service on a Non-Autonomous AI Database for some additional details.
  12. For Database user name and Database password, enter the name and password of the user you created in the preregistration tasks. If the user name is mixed case, enclose it in double-quotes (" ").
    Oracle Data Safe uses this account to connect to the target database.
  13. (Optional) To add a tag to organize and track this resource in your tenancy, select Add tag. Select a namespace, select a key, and enter a key value.
  14. Select Next.

Step 2: Connectivity option

An Oracle Data Safe private endpoint is required. Because you can only have one private endpoint in each VCN, if one already exists in the VCN (Virtual Cloud Network) of the database, Oracle Data Safe automatically selects it for you. You can then select Next to go directly to step 3, Add security rule.

If no Oracle Data Safe private endpoint exists in the VCN, the wizard creates one and shows you the proposed configuration. You can change any of the parameters that are automatically entered in the form.

  1. For Display name, accept the given private endpoint name or enter a different one.
  2. For Compartment, select the compartment to store the private endpoint. The compartment doesn't need to be the same as the database's compartment.
  3. For Virtual cloud network compartment and Virtual cloud network, select your VCN's compartment, and then select the VCN. The private endpoint must run in the same VCN as the database or the VCN of the private endpoint must have VCN peering set up with the VCN of the target database.
  4. For Subnet compartment and Subnet, select your subnet's compartment, and then select the subnet. You can use any subnet; however, Oracle recommends that you use the same subnet as your database.
  5. (Optional) At Private IP, enter the private IP address that should be assigned to the private endpoint. If you do not enter a private IP address, Oracle Data Safe assigns one automatically.
  6. (Optional) To add a tag to organize and track this resource in your tenancy, select Add tag. Select a namespace, select a key, and enter a key value.
  7. Select Next.

Step 3: Add peer database

If you're registering an Active Data Guard associated database, then you can add peer databases during this step.

It is also possible to register peer databases after you register the primary database. See Manage Peer Databases Associated with a Registered Active Data Guard Primary Database.

  1. If you're not registering an Active Data Guard associated database, select Next to skip this step.
  2. For each peer database that you want to add, provide the following information as needed:
    • Peer display name
    • Database service name
    • Database IP address
    • Database port number
    • TCP or TLS
    • If you are configuring a TLS connection, select a TLS type (One way TLS or Mutual TLS). For Mutual TLS, upload a truststore wallet, upload a keystore wallet, and enter the wallet password. For One way TLS, upload a truststore wallet and enter the wallet password.
  3. Select Add row.
  4. Repeat steps 2 and 3 to add additional peer databases.
  5. Select Next.

Step 4: Add security rule

This step applies if you are using an Oracle Data Safe private endpoint. To allow communication between an Oracle cloud database and an Oracle Data Safe private endpoint, you must create both an ingress security rule and an egress security rule in Oracle Cloud Infrastructure (OCI). You can allow the wizard to create the rules for you, create them manually in OCI (see Security Rules for Oracle Cloud Databases), or skip this step if you already have security rules you want to use. The ingress and egress rules do not need to be in the same security list, network security group (NSG), or compartment. The target database remains inactive in Oracle Data Safe until the required security rules are configured.

See Also:

For more information about security lists and network security groups, see Access and Security in the Oracle Cloud Infrastructure documentation.
  1. To bypass security rule configuration, select No.
  2. To allow the wizard to configure the security rules, select Yes. For both the ingress and egress security rule configuration, select Security list or Network security group, and then select the name of the security list or NSG. You can change the compartment if needed. The wizard displays the rules that will be added.

    Note:

    If you add peer databases during registration, the same egress rule is created for the database and each peer database.
  3. Select Next to continue in the wizard.

Step 5: Review and submit

The Review and submit page displays the configuration for the previous steps in the wizard.

To review the target database configuration:
  1. If the information is correct, select Register.
  2. If the information is incorrect, select Previous to return to any of the earlier steps, or select Close to cancel the registration.

Step 6: Registration progress

After you select Register in the wizard, you can monitor the progress of the target registration. Each task is listed and processed sequentially. If any errors occur, they are displayed. You can select Previous to return to earlier pages and correct them.

Important:

Do not select the Close button in the wizard, sign out of OCI, or close the browser tab until the wizard shows that all of the tasks listed are resolved. If you close prematurely, then the information for all of the tasks that have not yet been completed is lost and the target database is not registered.

If there is no further work to do, the registration completes, and the wizard presents the Target database information page. Here you can again review the registration details and complete any post-registration tasks as required.

Post Registration Tasks

The following table lists tasks that you need to complete after you run the Oracle cloud databases wizard.

Task Number Task Link to Instructions
1

(Optional) Change which features are allowed for the Oracle Data Safe service account on your target database by granting/revoking roles from the account. You need to be the SYS user.

Grant Roles to the Oracle Data Safe Service Account on Your Target Database
2

(Optional) Grant users access to Oracle Data Safe features with the target database by configuring policies in Oracle Cloud Infrastructure Identity and Access Management.

Create IAM Policies for Oracle Data Safe Users