rw

Published April 7th, 2025.

Introduction

This post guides you in creating a connection within OAC (Oracle Analytics Cloud) to an ADW (Oracle Autonomous Data Warehouse) that has a private endpoint configured in a VCN (Virtual Cloud Network) but also has public (Internet) access allowed via a public endpoint.

Public access allowed in a private ADW is a recent enhancement and is documented in Use a Private Endpoint with Public Access Allowed. This feature has led to some confusion when configuring OAC to access a single ADW that has both a private and a public endpoint.

The OAC documentation, Connect to Oracle Autonomous Data Warehouse, describes creating connections to both public and private ADW endpoints.

Connecting to a private ADW endpoint requires the use of a PAC (Private Access Channel) or an RDG (Remote Data Gateway). 

PAC is the recommended and best practice for accessing a private ADW endpoint. PAC enables connections to private data source hosts. It enables OAC to access private data sources within a VCN on Oracle Cloud Infrastructure or to other networks peered to the VCN such as a corporate network.

PAC is not recommended for accessing a public ADW endpoint.

An OAC instance therefore should use PAC for private ADW endpoints and not use it for public ADW endpoints.

PAC configuration requires registering a DNS zone with a domain contained within an ADW hostname. A private ADW hostname is in the format <prefix>.<regional ADW domain>. For example, qsxwmrb0.adb.us-ashburn-1.oraclecloud.com.  It is permissible to leave off the prefix and use the regional ADW domain in a PAC DNS zone.

rw
Best Practice

Note ! Using just the regional ADW domain in PAC interferes with an OAC connection to a public ADW endpoint in the same region.

Always specify the complete hostname of a private ADW in the DNS zone when registering a private ADW.

The reason is that the hostname of a public ADW endpoint is the regional ADW domain. In the example above, the public ADW endpoint hostname is adb.us-ashburn-1.oraclecloud.com.

Hostnames for an ADW can be viewed in the OCI console by clicking on Database connection.

ADW Database Connection

rw
Architecture
Private ADW State

PPADW_Slide2

This diagram depicts an ADW instance provisioned with a private endpoint and an OAC instance configured with a PAC.

Private ADW Flow

PPADW_Slide3

This diagram depicts the connection flow from an OAC instance through an OAC PAC and an ADW private endpoint, to an ADW instance.

Private ADW with Public Access State

PPADW_Slide4

This diagram depicts an additional ADW public endpoint when public access is turned on in a private ADW.

Private ADW with Public Access Flow

PPADW_Slide5

This diagram depicts, in blue, the public connection flow from an OAC instance, through an ADW public endpoint, to an ADW instance.

rw
Explore More Explore the Oracle Analytics Community, Blogs, and Library
Explore Analytics Platform Features
Explore Autonomous Database Features
rw
var coll = document.getElementsByClassName(“collapsible”); var i; for (i = 0; i < coll.length; i++) { coll[i].addEventListener("click", function() { this.classList.toggle("active"); var content = this.nextElementSibling; if (content.style.display === "block") { content.style.display = "none"; } else { content.style.display = "block"; } }); }