Learn About Deploying an Oracle Exadata Database Service on Dedicated Infrastructure on Oracle Database Service for Microsoft Azure
OracleDB for Azure enables Azure applications to directly use Oracle Exadata Database Service on Dedicated Infrastructure to take advantage of Exadata’s unique underlying optimizations. Oracle Exadata Database Service processes more transactions per second than non-Exadata environments and returns query results faster by using sub-19 microsecond internal SQL latency and 10s of millions of IOs per second. Azure users can now benefit from simplifying the development of innovative applications with the Oracle Database converged architecture.
Before You Begin
When planning to implement this solution, review the following:
- Ensure that you have adequate Oracle Exadata Database Service Limits and OCI Service limits prior to provisioning. See OCI Service limits for more information. See Requesting a Service Limit Increase for how to increase service resources.
- Planning your network topology:
- You need at least one Azure Virtual Network (VNet) that you can pair with a corresponding OCI Virtual Cloud Network (VCN).
- The CIDR blocks for any Azure VNets and OCI VCNs must not overlap.
Architecture
The following shows the Oracle Database Service for Microsoft Azure architecture.
Description of the illustration exadata-db-azure.png
This architecture supports the following Oracle components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN.
VCN and subnets are automatically created by the service (Oracle Database Service for Microsoft Azure).
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
Route tables are automatically created by the service (Oracle Database Service for Microsoft Azure).
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Oracle Database Service for Microsoft
Azure
Oracle Database Service for Microsoft Azure (OracleDB for Azure) is an Oracle Cloud Infrastructure (OCI) service with your database resources residing in OCI. Your OCI account is linked to your Azure account through Oracle Database Service for Microsoft Azure Network Link, which is an Oracle-managed tunnel connection. OracleDB for Azure connects components in your Azure and OCI tenants.
OracleDB for Azure allows you to easily integrate Oracle Cloud Infrastructure Database into your Azure cloud environment. OracleDB for Azure uses a service-based approach and is an alternative to manually creating complex cross-cloud deployments for your application stacks.
- Oracle Exadata Database Service on Dedicated
Infrastructure
Oracle Exadata Database Service on Dedicated Infrastructure runs on Oracle Exadata Cloud Infrastructure on OCI. For those who want to run in the public cloud, this is the ideal solution for running enterprise-class databases as a service in the cloud. You get all the power and functionality of the Oracle Database, plus that of the Exadata Platform. It is dedicated to you, but still provides all the cloud benefits of Oracle managing the infrastructure, extensive cloud automation, and pay-for-use cloud economics.
- Oracle Database Service for Microsoft
Azure Network Link
Communication between the two cloud environments happens through the peering of an Azure Virtual Network (VNet) with an OCI Virtual Cloud Network (VCN). You choose the Azure Virtual Network you want to use when you provision OracleDB for Azure database systems. Network traffic moves over the OracleDB for Azure Network Link. OracleDB for Azure configures Azure DNS to access the Oracle Database on OCI.
This architecture supports the following Microsoft Azure components:
- Microsoft Azure VNet and subnet
Microsoft Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure virtual machines (VM), to securely communicate with each other, the internet, and on-premises networks.
You define the VNet in Azure. It can have multiple non-overlapping CIDR blocks subnets that you can add after your create the VNet. You can segment a VNet into subnets, which you can scope to a region or to availability zones. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VNet. Use VNet to isolate your Azure resources logically at the network level.
- Virtual network gateway
A virtual network gateway allows traffic between an Azure VNet and a network outside Azure, either over the public internet or using ExpressRoute, depending on the gateway type that you specify. This network gateway is not used for the Oracle Database Service for Microsoft Azure Network Link. Instead you can use it to manage networks to on-premises in the VNet where you peered OracleDB for Azure.
- Microsoft Azure Route table (User Defined Route –
UDR)
Route tables direct traffic between Azure subnets, VNets, and networks outside Azure.
Virtual route tables contain rules to route traffic from subnets to destinations outside a VNet, typically through gateways. Route tables are associated with subnets in a VNet.
- Microsoft Azure Availability
Domain
Azure Availability Domain, or availability set, is a logical grouping of virtual machines.
About Oracle Database Service for Microsoft Azure
Oracle Database Service for Microsoft Azure (OracleDB for Azure) is an Oracle-managed service that enables customers to easily provision, access, and operate enterprise-grade Oracle Database services in Oracle Cloud Infrastructure (OCI) with a familiar Azure-like experience.
OracleDB for Azure facilitates the OCI to Azure interconnect (OracleDB for Azure Network Link) to simplify the setup, management, connectivity of Azure applications to databases running in OCI, and if needed, Azure Active Directory credentials can authenticate users across Azure and OCI.
Underpinned by the Oracle and Microsoft strategic partnership, OracleDB for Azure provides joint customers the best technology capabilities by connecting Azure and Oracle Clouds with low end-to-end latency. In just a couple of clicks, OracleDB for Azure connects your Azure subscription with your OCI tenancy, automates the network configuration, and uses Azure Active Directory credentials to authenticate users across Azure and OCI. OracleDB for Azure creates a graceful co-existence of Azure applications connecting to Oracle Database services as if operating in one cloud, over a secure, private high-speed interconnect. OracleDB for Azure connectivity is Oracle managed, which provides customers automated bandwidth so there is no need to size bandwidth upfront. With Oracle Database services in OCI, Azure users can simplify the development of innovative applications with the Oracle Database converged architecture and can benefit from the fully managed Oracle Autonomous Database, experience the performance of the Exadata platform, and achieve high availability with Oracle Real Application Clusters (Oracle RAC). MySQL HeatWave is also available with OracleDB for Azure.
OracleDB for Azure is available in OracleDB for Azure Network Link regions around the world and connectivity is backed by an Oracle - Microsoft Collaborative Support Model. OracleDB for Azure supports Oracle Autonomous Database on Shared Exadata Infrastructure, Oracle Exadata Database Service on Dedicated Infrastructure, Oracle Base Database Service, and MySQL Heatwave. Support for other Oracle Cloud database services will be added in future releases.
Requirements and Considerations
When planning to implement this solution, determine if you have adequate platform service limits, and review the tenancy, region, and network considerations.
Consider the following:
- The tenancy must support OCI identity domains. You can create an OCI tenancy when signing up.
- Exadata Database Service provisioning in Oracle Database Service for Microsoft Azure requires a direct billing relationship, a Pay-As-You-Go subscription is not valid.
- Region Planning:
-
A region is a localized geographic area composed of one or more availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or continents).
OracleDB for Azure uses the OracleDB for Azure Network Link and OracleDB for Azure database resources must be provisioned in these OCI regions. - Identify the primary OracleDB for Azure Network Link region you want to use as your default region for OracleDB for Azure resource provisioning. During onboarding, this region will become the primary OCI region associated with your OCI account.
- The application in Azure and the Oracle Database in OCI must reside in the same geographical region. For example, the application in Azure West European (located in Amsterdam, Netherlands) and the Oracle Database in OCI in The Netherlands Northwest (Amsterdam).
-
About Required Services and Roles for Deploying Oracle Exadata Database Service with OracleDB for Azure
This solution requires the following Oracle Cloud Infrastructure (OCI) and Microsoft Azure services:
- OCI tenancy with support for identity domains
- Oracle Exadata Database Service on Dedicated Infrastructure
- Oracle Database Service for Microsoft Azure (OracleDB for Azure)
- Microsoft Azure Subscription
The automated onboarding process requires that an Azure user onboarding to
OracleDB for
Azure has at least one of the following admin roles: Application
Administrator, Cloud Application Administrator,
Privileged Role Administrator, or Global
Administrator.
OracleDB for Azure creates user groups in Azure Active Directory (AAD) during the initial account linking stage of your OracleDB for Azure sign-up. You must assign Azure users to the appropriate OracleDB for Azure user groups in AAD to enable access to database and infrastructure resources. You must also assign users to the OracleDB for Azure enterprise application and to the related Microsoft Azure Resource Manager (ARM) role for the application.
Oracle Database Service for Microsoft
Azure users must have the Contributor ARM role for each subscription in
which they'll be managing OracleDB for
Azure resources, as well as the ARM roles for OracleDB for
Azure for networking, events and monitoring metrics found in the table below.
Assign the user the Contributor role with the subscriptions
that the user will be accessing OracleDB for
Azure. As a contributor, the user has full access to manage OracleDB for
Azure resources including databases, database system infrastructure, and networking, but
cannot assign roles in Azure role-based access control (RBAC) to other Azure users.
Assign the OracleDB for Azure Database Admin the following Microsoft Azure roles:
| Microsoft Azure: Role | Required to... |
|---|---|
Microsoft Azure: Admin |
set up users and roles. |
Microsoft Azure: Contributor |
grant the user full access to manage OracleDB for Azure resources including databases, database system infrastructure, and networking, but cannot assign roles in Azure role-based access control (RBAC) to other Azure users. |
Microsoft Azure: Multicloud
Link |
manage all aspects of the OracleDB for Azure multicloud link resource. This resource manages links between your Azure account and your OCI account. It also manages the linking of your Azure subscriptions to OracleDB for Azure, and other cross-cloud configuration. |
|
Microsoft Azure: |
send events to Event Grid topics and enables publishing metrics against Azure resources. |
|
Microsoft Azure: |
enable publishing metrics against Azure resources. |
|
Microsoft Azure: |
manage networks. It doesn't provide access to the networks. |
Microsoft Azure: Metrics |
access Azure Insights metrics. |
Microsoft Azure user groups allow you to control user access to specific Oracle Database services in OracleDB for Azure. To complete the sign up process for OracleDB for Azure, you must have an Azure user account with administration privileges and ownership of the Azure subscriptions that you want to link to OCI.
User groups define the level of access for the resource, so a user group
only with list and get
operations has read-only access to OracleDB for
Azure resources displayed in the OracleDB for
Azure portal. A user group with create, update, and delete operations
can create, manage, and delete OracleDB for
Azure resources in the portal.
- Clone database
- Create database automatic or manual backup
- Restore database backup to an existing database
- Create user defined tags
- Generate Azure connection string
- Display database metrics
| OracleDB for Azure Exadata Groups | Required to... |
|---|---|
| OracleDB for Azure Exadata Infrastructure Administrators |
perform
|
| OracleDB for Azure Database Administrators |
perform
|
| OracleDB for Azure Database Developers |
perform
|