Deploy DNS Components for Oracle Fusion Analytics Service Endpoints Internet Access

March 2, 2024 | 13 minute read
Text Size 100%:
rw

Published v4 March 12, 2024.

Introduction

Oracle Fusion Analytics (Fusion Analytics) is a family of prebuilt, cloud-native analytics services that run on OCI (Oracle Cloud Infrastructure). About Fusion Analytics is an overview.

overall

Private Fusion Analytics enables private network access to Fusion Analytics via private service endpoints and disallows traffic from the internet. Direct access is allowed only from private hosts in OCI or connected to OCI via a DRG (Dynamic Routing Gateway).
Internet access is possible using public proxies that connect privately to the service endpoints.

This post is a member of the Private Fusion Analytics series. It also:

Prerequisites

The following are required:

Deployed Fusion Analytics Example Environment

The following items are described in and deployed using the Deploy Network Components for Oracle Fusion Analytics Service Endpoints blog post:

  • OCI Privileges
  • OCI Terraform Resources
  • OCI Components

Provisioned Fusion Analytics Instance

A Fusion Analytics instance with service endpoints described in and deployed using the Provision Oracle Fusion Analytics Service Endpoints blog post.


Base Network Components for Internet Access Deployed in the Example Environment

The base network components for internet access deployed in the example environment using the Deploy Network Components for Oracle Fusion Analytics Service Endpoints Internet Access blog post.


DNS Alternatives

This post describes three alternatives for resolving Fusion Analytics service endpoint FQDNs.

Client (Local) DNS

A file on a client computer, typically named /etc/hosts, acts as a DNS private zone for that client.


Customer DNS Private Zone

A private zone in the customer DNS containing the FQDNs and respective NLB public IP addresses. Clients must be configured to use the Customer DNS.


OCI (Oracle Cloud Infrastructure) Private DNS

An OCI VCN, named in the examples as DNS_VCN, whose DNS resolver contains a DNS listener and is configured with an additional private view. This private view contains a private zone containing the Fusion Analytics FQDNs and respective NLB public IP addresses.

The customer DNS must be configured to forward Fusion Analytics FQDN DNS queries to the OCI private DNS listener via an NLB in the DNS VCN.

Clients must be configured to use the Customer DNS or include the OCI private DNS.

rw
Architecture
Initial State

Slide18

This diagram depicts the base network components deployed for Internet access to Fusion Analytics service endpoints.


Local DNS

Slide20

This diagram depicts the local DNS components deployed for Internet access to Fusion Analytics service endpoints.


Customer DNS

Slide21

This diagram depicts the customer DNS components deployed for Internet access to Fusion Analytics service endpoints.


OCI Private DNS

Slide22

This diagram depicts the OCI private DNS components deployed for Internet access to Fusion Analytics service endpoints.

rw
Components

Components descriptions are found in Prepare DNS Components for Oracle Fusion Analytics Service Endpoints Internet Access.


Client (Local) DNSThis alternative uses a downloadable hosts file provided by the Deploy Network Components for Oracle Fusion Analytics Service Endpoints Internet Access blog post.


Customer DNS Private Zone

This alternative uses a private zone in your DNS system. There are many commercial DNS systems available. Refer to your vendor's documentation regarding private zones. This is a private zone, meaning it is not published on the Internet, and the hostnames are not publicly resolvable.


OCI (Oracle Cloud Infrastructure) Private DNSThe deployment package deploys the following components for the OCI DNS alternative. Component dependencies are illustrated below.

IA DNS

rw
Deploy

A downloadable package of OCI Terraform resources, uploaded and run in an OCI Cloud Shell, deploys the DNS components necessary to access Fusion Analytics service endpoints via the Internet.

Client (Local) DNS

A file on a client computer, typically named /etc/hosts, acts as a DNS private zone for that client.

Use the hosts file provided by the Deploy Network Components for Oracle Fusion Analytics Service Endpoints Internet Access blog post.

As an administrator on your workstation, append the contents of the hosts file to:

  • /etc/hosts on Linux and Mac
  • C:\Windows\System32\drivers\etc\hosts on Windows

Customer DNS Private Zone

Many commercial DNS systems are available, and each implements zones differently.

The hosts file provided by the Deploy Network Components for Oracle Fusion Analytics Service Endpoints Internet Access blog post contains the necessary information for the zone.

Create a private zone in the customer DNS containing the FQDNs and respective NLB public IP addresses.
Ensure the client workstations are configured to use the Customer DNS.

Below is an example of an OCI private zone for Fusion Analytics with service endpoints. A zone in a customer DNS can look different.

FA_PRV_ZONE


OCI (Oracle Cloud Infrastructure) Private DNS

An OCI cloud shell simplifies OCI authentication and provides a standardized method for various workstations.

Follow these steps to deploy the example components:

  1. Download the compressed package from here.
  2. Unzip the ZIP archive package.
  3. Determine or obtain the public IP address of the customer DNS forwarder. This address is granted access to the OCI DNS listener.

    Note: This address may be the address of a gateway in the customer network sending traffic to the OCI DNS listener.

  4. Update the iadns_variables_upload.tf file in the unzipped archive package.

    • Open the file from the unzipped folder and follow the instructions.

      • Replace "null" with the public IP address enclosed in quotes.
      • Save and close the file.
         
  5. Sign in to the OCI cloud account.
  6. Change to the OCI region designated for Fusion Analytics.
  7. Click on Developer Tools and select Cloud Shell. Developer Tools
  8. Click on the GearIcon Gear Icon and select Upload.
    • Drop or Select the IA-DNS-v1.zip archive package.
    • Click Upload.
       
  9. Click again on the GearIcon Gear Icon and select Upload
    • Drop or Select the ia-dns_variables_upload.tf file.
    • Click Upload
       
  10. Decompress the uploaded package in Cloud Shell.
    • Copy and paste this code snippet into the Cloud Shell command line.
cd; [ -d $HOME/IA-DNS ] && rm -r $HOME/IA-DNS; unzip $HOME/IA-DNS.zip; 
  1. Deploy the components.
    • Copy and paste this code snippet into the Cloud Shell command line.
cd; bash ~/'IA-DNS/resources/setup' > >(tee -a iadns_setup.log) 2> >(tee -a iadns_setup.log >&2)
  1. Optionally, view the setup log file.
    • Copy and paste this code snippet into the Cloud Shell command line.
cd; more 'iadns_setup.log'
  1. Copy the note on the screen to a text file to access Fusion Analytics and configure the customer DNS forwarder.

    OCI DNS NOTE

  2. Close and exit Cloud Shell, and view the components using the OCI console.
    • Navigate to Networking > Virtual Cloud Networks.
       
    • Choose the example Compartment.
      • Click the example DNS_VCN.
        • View the private subnet and private security list.
        • View the Internet gateway.
        • View the public subnet, security list, and route table.
        • View the DNS Resolver.
          • View the DNS_Custom_View.
            • View the oraclecloud.com private zone.
               
    • Navigate to Networking > Network Load Balancers.
      • View the example DNS_NLB.
        • View the Listener.
        • View the Backend Set.
        • View the Backend.
  3. Configure the customer DNS to forward Fusion Analytics FQDN DNS queries to the OCI private DNS listener in the DNS VCN. Use the nameserver IP address and the Fusion Analytics domain names noted above.

  4. Ensure clients workstations are configured to use the Customer DNS.


Redeployment for a Public IP change

The public IP address may change for various reasons. An IP address (IPv4) has four numerical parts separated by periods, e.g., <part1.part2.part3.part4>, <121.200.33.65>.

If one or both of the first two parts change, redeploy the public IP address.

Follow these steps to redeploy the Public IP address.

  1. Update the ia-dns_variables_upload.tf file in the unzipped archive package.

    • Open the file from the unzipped folder and follow the instructions.
      • Replace the Public IP Address enclosed in quotes.
    • Save and close the file.
       
  2. Sign in to the OCI cloud account.
  3. Change to the OCI region designated for Fusion Analytics.
  4. Click on Developer Tools and select Cloud Shell. Developer Tools
  5. Click on the GearIcon Gear Icon and select Upload.
    • Drop or Select the iadns_variables_upload.tf file.
    • Click Upload
       
  6. Redeploy the public IP address.
    • Copy and paste this code snippet into the Cloud Shell command line.
cd; bash ~/'IA-DNS/resources/setup' > >(tee -a iadns_setup.log) 2> >(tee -a iadns_setup.log >&2)
  1. Optionally, view the setup log file.
    • Copy and paste this code snippet into the Cloud Shell command line.
cd; more 'iadns_setup.log'
  1. Close and exit Cloud Shell, and view the components using the OCI console.
    • Navigate to Networking > Virtual Cloud Networks.
    • Choose the example Compartment.
    • Click the example DNS_VCN.
      • View the public subnet and security list.
        • View the new Public IP CIDR in the security list.
rw
Access

The illustrations in this section depict Internet access to Fusion Analytics service endpoints.

Internet Access Using a Local DNS File

Slide23

This diagram depicts Internet access to Fusion Analytics service endpoints using a local DNS file.
Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.


Internet Access Using a Customer DNS Private Zone

Slide24

This diagram depicts Internet access to Fusion Analytics service endpoints using a customer DNS private zone.
Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.


Internet Access Using OCI Private DNS

Slide27

This diagram depicts Internet access to Fusion Analytics service endpoints using OCI private DNS.
Step 1 resolves a Fusion Analytics hostname, and step 2 uses the result to access Fusion Analytics vi an NLB.

rw
Explore More

You have deployed all components necessary to access Fusion Analytics service endpoints via the Internet. For guidance on the next steps in your journey, return to Overview of Private Fusion Analytics.

Explore Fusion Analytics by visiting the community links, blogs, and library.

Implementing Oracle Fusion Analytics Series

Fusion Analytics Implementation Guide

CEAL Implementation Guidance Sessions, September 2023

Fusion Analytics Community

Fusion Analytics Blogs

Fusion Analytics Library

rw

Dayne Carley


Previous Post

Integration of Oracle Analytics Cloud Semantic Modeler with Git

Govardhana Gurumal | 6 min read

Next Post


Oracle Analytics Cloud March 2024 update

Barry Mostert | 4 min read