Create a Private Instance Using FastConnect

You may need additional performance or security that may not be available over the public internet. Oracle Cloud Infrastructure FastConnect can be used to provide a more performant, robust, and secure connection to your Oracle Content Management instance. FastConnect provides a dedicated private connection with higher bandwidth and a more reliable and consistent networking experience when compared to internet-based connections. This type of connection is often used by customers who want to ensure access is limited to internal networks or that end users have the best and most reliable connection possible.

Note:

If you're using Oracle Content Management Starter Edition, FastConnect isn't supported. To take advantage of the full feature set, upgrade to the Premium Edition.

If you want to create a private instance, you need to review the feature limitations, set up Oracle Cloud Infrastructure FastConnect, and perform some additional prerequisite steps.

Before you can create a private instance, you need to perform the following prerequisite steps:

1. Review the feature limitations.
2. Set up FastConnect on the tenancy.
3. Get your tenancy OCID and name.
4. Create a local peering gateway.
5. Create a requestor group.
6. Create a requestor policy.
7. Create a support request.
8. Enable access to safe domains.

Review the Feature Limitations

Due to the fact that a private instance has, by design, limited networking capabilities, certain features may not work. Features that rely on services outside of Oracle Content Management and outside of your tenancy may not work due to an inability for those services to connect to Oracle Content Management. Features that only reach out, such as outgoing webhooks, email notifications, and other TCP connections on ports 433, 587, 993, 1344, 1521, and 1521 are supported.

The following features are known to be unavailable in private instances:

• External users
• Oracle Content Management’s built-in Content Delivery Network (CDN) for sites and assets
• Site level vanity domains
• Short paths for instance level vanity domains; only standard paths are supported (for example, example.com/site/SiteName/)
• Incoming webhooks
• Public links (users outside of your tenancy won't be able to access these links)
• Microsoft Office Online
• Content connectors:
  • Contentful
  • Dropbox
  • Drupal
  • Google Drive
  • Microsoft OneDrive
  • Microsoft SharePoint Online
  • Oracle WebCenter Content and Oracle WebCenter Content v2.0
  • WordPress.org
  • YouTube
• Translation connectors
• Sauce Video

Get Your Tenancy OCID

To get your tenancy's OCID, perform the following steps:

1. If you're not already in the Oracle Cloud Console, sign in to Oracle Cloud as the cloud account administrator. You can find your account name and login information in your welcome email.
2. In the Oracle Cloud Console, click , click Governance & Administration, then, under Account Management, click Tenancy Details.
3. Next to the OCID, click Copy. Save this tenancy OCID to include with your support request later.

Create a Local Peering Gateway

For information on peering, see Local VCN Peering (Within Region).

To create a local peering gateway, perform the following steps:

1. In the Oracle Cloud Console, click , click Networking, then click Virtual Cloud Networks.
2. Open the VCN you created when you set up FastConnect on the tenancy.
3. Click Local Peering Gateways.
4. Click Create Local Peering Gateway.
5. Enter a name for the gateway (for example, customer-to-oce-lpg).
6. Select the compartment in which you want to store the peering.
7. Click Create Local Peering Gateway.
8. In the list of Local Peering Gateways, click , and then click Copy OCID. Save this local peering gateway OCID to include with your support request later.

Create a Requestor Group

To create a requestor group and add the Oracle Cloud Infrastructure tenancy administrator, perform the following steps:

1. In the Oracle Cloud Console, click , click Identity & Security, then, under Identity, click Domains.
2. Open the identity domain you're using for Oracle Content Management.
3. In the navigation menu on the left, click Groups.
4. Click Create Group.
5. Enter a name for the requestor group (for example, RequestorGrp).
6. Click Create.
7. Click the group name to open the group details.
8. On the group details page, click Assign user to groups.
9. Select a user with Oracle Cloud Infrastructure tenancy administrator privileges, and then click Add.
10. On the group details page, copy the OCID. Save this requestor group OCID to include with your support request later.

Create a Requestor Policy

To create a requestor policy, perform the following steps:

1. In the Identity & Security area of the Oracle Cloud Console, in the navigation menu on the left, click Policies.
2. Click Create Policy.
3. Enter the following details:
   • Policy: RequestorPolicy
   • Description: Requestor policy for peering
   • Statement:

     Define tenancy Acceptor as OCETenancyOCID
     Allow group RequestorGroup to manage local-peering-from in compartment GroupCompartmentName
     Endorse group RequestorGroup to manage local-peering-to in tenancy Acceptor
     Endorse group RequestorGroup to associate local-peering-gateways in compartment PeeringCompartmentName with local-peering-gateways in tenancy Acceptor

     Replace the following values:

     • OCETenancyOCID: Replace with the realm-specific tenancy OCID from the following table.

       Realm	Tenancy OCID
       oc1	ocid1.tenancy.oc1..aaaaaaaa4yafecztqbebznfxpjzwm52wuaeornzgzqrujpbkmeez6zuigv7a
       oc4	ocid1.tenancy.oc4..aaaaaaaamxjaupllkzz2a2qmvcon7rprzlu4hmyfajsfk3ezzmdstterlbya
       oc8	ocid1.tenancy.oc8..aaaaaaaanpm5o3ejwjerjyiwsh4u5rd6mpme5ftq44ue5pkxnnhvfy3swv2q

     • RequestorGroup: Replace with the name of the requestor group you created.
     • GroupCompartmentName: Replace with the name of the compartment in which you created the requestor group.
     • PeeringCompartmentName: Replace with the name of the compartment in which you created the peering.

     For more information, see Set up the IAM policies (VCNs in different tenancies).

4. Click Create.

Create a Support Request

Create a request with Oracle Support stating you want to create a private service instance. Make sure to include the following information that you collected earlier in your request:

• Tenancy OCID
• Local peering gateway OCID
• Requestor group OCID

Oracle Support will reply with a validation URL for you to test.

What to Do Next

After you've tested the URL, perform any other necessary advanced pre-deployment tasks or skip right to creating your instance:

• Delegate creation of Oracle Content Management instances to other users.
• Create your instance in a secondary domain to accommodate different identity and security requirements (for example, one instance for development and one for production).
• Create your instance in another region to use services available in other data centers.
• Create your Oracle Content Management instance, making sure to set the Instance Access Type to Private. You can create multiple instances that use FastConnect in this same domain just by setting the instance access type to private.

Enable Access to Safe Domains

Throughout Oracle Content Management there are links to documentation, videos, and other such resources outside of Oracle Content Management that your end users will need to access. For this reason, you should consider updating your firewall settings to ensure that any clients using this private instance of Oracle Content Management can reach the following domains:

• static.ocecdn.oraclecloud.com (Required)—This domain is used to load common files for the web client, so if users don't have access to this domain, they won't be able to utilize the web client.
• *.oracleinfinity.io (Required for analytics)
• oracle.com
• www.oracle.com
• docs.oracle.com
• apexapps.oracle.com
• cloudcustomerconnect.oracle.com
• community.oracle.com
• youtube.com
• consent.truste.com
• consent.trustarc.com
• prefmgr-cookie.truste-svc.net
• consent-st.trustarc.com
• consent-pref.trustarc.com