Creating a Recovery Service Subnet in the Database VCN

Use the OCI Console to configure a private subnet for Recovery Service in your database virtual cloud network (VCN), and then register the private subnet as a Recovery Service subnet.

1. In the navigation menu, select Networking, and then select Virtual cloud networks to display the Virtual Cloud Networks page.
2. Select the VCN in which your database resides.
3. Use these steps to create a Recovery Service subnet with a security list. If you choose to use network security groups, then proceed to step 4.
   1. Under Resources, select Security Lists.
   2. Select the security list that is used for the VCN.
      You must add two ingress rules to allow destination ports 8005 and 2484.
   3. Click Add Ingress Rules and add these details to set up a stateful ingress rule that allows HTTPS traffic from anywhere:
      • Source Type: CIDR
      • Source CIDR: Specify the CIDR of the VCN where the database resides.
      • IP Protocol: TCP
      • Source Port Range: All
      • Destination Port Range: 8005
      • Description: Specify an optional description of the ingress rule to help manage the security rules.
   4. Click Add Ingress Rule and add these details to set up a stateful ingress rule that allows SQLNet traffic from anywhere:
      • Source Type: CIDR
      • Source CIDR: Specify the CIDR of the VCN where the database resides.
      • IP Protocol: TCP.
      • Source Port Range: All
      • Destination Port Range: 2484.
      • Description: Specify an optional description of the ingress rule to help manage the security rules.

      Note:

      Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.
      See: Subnet Size Requirements and Security Rules for Recovery Service Subnet for more information.
   5. In the Virtual Cloud Networks Details page, click Create Subnet.
   6. Create a private subnet with a minimum subnet size of /24 (256 IP addresses). Alternatively, select a suitable private subnet that already exists in the VCN.
   7. In the Subnet Details page, under Resources select Security Lists. Add the security list that includes the ingress rules to allow destination ports 8005 and 2484.

      Note:

      If your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database subnet to the Recovery Service subnet that you create.
4. Use these steps to create a Recovery Service subnet with network security groups (NSG).
   1. Under Resources, select Network Security Groups.
   2. Click Create Network Security Group.
      Use one of these supported methods to configure security rules using NSGs:

      • To implement network isolation, create one NSG for the database VNIC (add egress rules to allow ports 2484 and 8005) and a separate NSG for Recovery Service (add ingress rules to allow ports 2484 and 8005).
      • Create and use a single NSG (with egress and ingress rules) for the database VNIC and Recovery Service.
      The Network Security Group page lists the NSGs that you create.
5. After you create the Recovery Service subnet in the database VCN, you must register the subnet as a Recovery Service subnet. If you have implemented security rules using NSGs, then you must also ensure to add the Recovery Service NSG to the Recovery Service subnet.
   Oracle recommends that you register a single Recovery Service subnet per VCN. See Register Recovery Service Subnets for more information.

For additional configuration details, refer the relevant database service documentation.