Oracle Fusion Analytics (Fusion Analytics) is a family of prebuilt, cloud-native analytics services that run on OCI (Oracle Cloud Infrastructure). About Fusion Analytics is an overview.
Private Fusion Analytics enables private network access to Fusion Analytics via private service endpoints and disallows traffic from the internet. Direct access is allowed only from private hosts in OCI or connected to OCI via a DRG (Dynamic Routing Gateway). Internet access is possible using public proxies that connect privately to the service endpoints.
This post describes three alternatives for resolving Fusion Analytics service endpoint FQDNs.
Client (Local) DNS
A file on a client computer, typically named /etc/hosts, acts as a DNS private zone for that client.
Customer DNS Private Zone
A private zone in the customer DNS containing the FQDNs and respective NLB public IP addresses. Clients must be configured to use the Customer DNS.
OCI (Oracle Cloud Infrastructure) Private DNS
An OCI VCN, named in the examples as DNS_VCN, whose DNS resolver contains a DNS listener and is configured with an additional private view. This private view contains a private zone containing the Fusion Analytics FQDNs and respective NLB public IP addresses.
The customer DNS must be configured to forward Fusion Analytics FQDN DNS queries to the OCI private DNS listener via an NLB in the DNS VCN.
Clients must be configured to use the Customer DNS or include the OCI private DNS.
Architecture
Initial State
This diagram depicts the base network components deployed for Internet access to Fusion Analytics service endpoints.
Local DNS
This diagram depicts the local DNS components deployed for Internet access to Fusion Analytics service endpoints.
Customer DNS
This diagram depicts the customer DNS components deployed for Internet access to Fusion Analytics service endpoints.
OCI Private DNS
This diagram depicts the OCI private DNS components deployed for Internet access to Fusion Analytics service endpoints.
This alternative uses a private zone in your DNS system. There are many commercial DNS systems available. Refer to your vendor’s documentation regarding private zones. This is a private zone, meaning it is not published on the Internet, and the hostnames are not publicly resolvable.
OCI (Oracle Cloud Infrastructure) Private DNS
The deployment package deploys the following components for the OCI DNS alternative. Component dependencies are illustrated below.
Deploy
A downloadable package of OCI Terraform resources, uploaded and run in an OCI Cloud Shell, deploys the DNS components necessary to access Fusion Analytics service endpoints via the Internet.
Client (Local) DNS
A file on a client computer, typically named /etc/hosts, acts as a DNS private zone for that client.
Create a private zone in the customer DNS containing the FQDNs and respective NLB public IP addresses. Ensure the client workstations are configured to use the Customer DNS.
Below is an example of an OCI private zone for Fusion Analytics with service endpoints. A zone in a customer DNS can look different.
OCI (Oracle Cloud Infrastructure) Private DNS
An OCI cloud shell simplifies OCI authentication and provides a standardized method for various workstations.
Follow these steps to deploy the example components:
Copy and paste this code snippet into the Cloud Shell command line.
cd; bash ~/'IA-DNS/resources/setup' > >(tee -a iadns_setup.log) 2> >(tee -a iadns_setup.log >&2)
Optionally, view the setup log file.
Copy and paste this code snippet into the Cloud Shell command line.
cd; more 'iadns_setup.log'
Copy the note on the screen to a text file to access Fusion Analytics and configure the customer DNS forwarder.
Close and exit Cloud Shell, and view the components using the OCI console.
Navigate to Networking > Virtual Cloud Networks.
Choose the example Compartment.
Click the example DNS_VCN.
View the private subnet and private security list.
View the Internet gateway.
View the public subnet, security list, and route table.
View the DNS Resolver.
View the DNS_Custom_View.
View the oraclecloud.com private zone.
Navigate to Networking > Network Load Balancers.
View the example DNS_NLB.
View the Listener.
View the Backend Set.
View the Backend.
Configure the customer DNS to forward Fusion Analytics FQDN DNS queries to the OCI private DNS listener in the DNS VCN. Use the nameserver IP address and the Fusion Analytics domain names noted above.
Ensure clients workstations are configured to use the Customer DNS.
Redeployment for a Public IP change
The public IP address may change for various reasons. An IP address (IPv4) has four numerical parts separated by periods, e.g., <part1.part2.part3.part4>, <121.200.33.65>.
If one or both of the first two parts change, redeploy the public IP address.
;Follow these steps to redeploy the Public IP address.
Update the ia-dns_variables_upload.tf file in the unzipped archive package.
Open the file from the unzipped folder and follow the instructions.
Replace the Public IP Address enclosed in quotes.
Save and close the file.
Sign in to the OCI cloud account.
Change to the OCI region designated for Fusion Analytics.
Click on Developer Tools and select Cloud Shell.
Click on the Gear Icon and select Upload.
Drop or Select the iadns_variables_upload.tf file.
Click Upload
Redeploy the public IP address.
Copy and paste this code snippet into the Cloud Shell command line.
cd; bash ~/'IA-DNS/resources/setup' > >(tee -a iadns_setup.log) 2> >(tee -a iadns_setup.log >&2)
Optionally, view the setup log file.
Copy and paste this code snippet into the Cloud Shell command line.
cd; more 'iadns_setup.log'
Close and exit Cloud Shell, and view the components using the OCI console.
Navigate to Networking > Virtual Cloud Networks.
Choose the example Compartment.
Click the example DNS_VCN.
View the public subnet and security list.
View the new Public IP CIDR in the security list.
Access
The illustrations in this section depict Internet access to Fusion Analytics service endpoints.
Internet Access Using a Local DNS File
This diagram depicts Internet access to Fusion Analytics service endpoints using a local DNS file. Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.
Internet Access Using a Customer DNS Private Zone
This diagram depicts Internet access to Fusion Analytics service endpoints using a customer DNS private zone. Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.
Internet Access Using OCI Private DNS
This diagram depicts Internet access to Fusion Analytics service endpoints using OCI private DNS. Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.
Explore More
You have deployed all components necessary to access Fusion Analytics service endpoints via the Internet. For guidance on the next steps in your journey, return to Overview of Private Fusion Analytics.
Explore Fusion Analytics by visiting the community links, blogs, and library.
