Evaluate network perimeters impact on Oracle Analytics Cloud migrations

May 10, 2023 | 4 minute read
Veera Raghavendra Rao Koka
Consulting Member of Technical Staff
Ravi Bhuma
Principal Solutions Architect, Oracle Analytics
Text Size 100%:

REDWOOD

Introduction

When you migrate Oracle Analytics Cloud (OAC) using snapshots, data files aren't migrated to the target OAC instance in a different OCI region. In such cases, using Data Migration Utility to download the data files and restore them in the target OAC instance is recommended.

Data Migration Utility fails when network perimeters are defined in Oracle Identity Cloud Service (IDCS) or IAM Identity Domain. This article provides the details to run OAC Data Migration Utility successfully.

Network perimeters

For security purposes, identity domain administrators, security administrators, and application administrators can define network perimeters in Oracle Identity Cloud Service or IAM Identity Domain. A network perimeter contains a list of IP addresses. Users can log in to Oracle Analytics Cloud using only IP addresses contained in the network perimeter. Users who attempt to log in to Oracle Identity Cloud Service with these IP addresses are accepted. You can also create a list of IP addresses from which users can't log in.

Refer to the Understand Network Perimeters documentation for more information.

Migrate Oracle Analytics Cloud using snapshots

Refer to the Migrate Oracle Analytics Cloud Using Snapshots section in Oracle Analytics Cloud documentation.

During content replication across OCI regions, the snapshot created in the primary OAC instance doesn't migrate data files to the OAC instance in another OCI region. To migrate data files, use Data Migration Utility.

Using Data Migration Utility

Refer to the Migrate File-based Data documentation for more information.

Run Data Migration Utility with network perimeters enabled

Data Migration Utility fails with errors such as the following ones when network perimeters are enabled.

[opc@autodr test]$ /home/opc/jdk1.8.0_361/bin/java -jar /home/opc/migrate-oac-data/migrate-oac-data.jar -d -config config.properties
May 08, 2023 11:48:37 PM oracle.bi.bar.dr.util.DRUtils getOracleHome
INFO: Oracle Home: /bi/app/fmw
Starting Data Migration Utility....
Log Path: /home/opc/migrate-oac-data/logs/1683589717625/datamigration.log
Set Loglevel INFO
Java Version: 1.8.0_361
Recommended Java Version: 1.8+
Status File Path: /home/opc/migrate-oac-data/logs/1683589717625/status.txt
Operation Selected : DownloadDataFiles

Invoking Data files download ...
Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https:// oac-xxxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
Data Migration Failed. Please check the log.

Failure Snippet in the output

Figure1.  Failure snippet in the output.

Here are the contents of the datamigration.log file:

May 04, 2023 10:11:59 PM oracle.bi.migration.util.Util isPodAccessibleWithV2API
INFO: Pod base Url : https:// oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com/bipodadmin/rest/public/v1
May 04, 2023 10:11:59 PM oracle.bi.migration.util.Util isPodAccessibleWithV1API
INFO: Pod base Url : https:// oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com/bipodadmin/rest/public/v1
May 04, 2023 10:11:59 PM oracle.bi.migration.DataMigration main
SEVERE: Pod Migration command execution failed with exception: Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
oracle.bi.migration.exception.DataMigrationException: Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
        at oracle.bi.migration.DataMigration.execute(DataMigration.java:239)
        at oracle.bi.migration.DataMigration.main(DataMigration.java:2195)

Failure Snippet in the log

Figure 2. Failure snippet from the log file.

Suppose the OAC instance and the Data Migration Utility instances are in the OCI Subnets shown in the following table. Allow the required IP CIDR ranges as shown.

Data Migration Utility Compute in Public or Private Subnet OAC in Public or Private Subnet Allowed IP Addresses for Network Perimeters
Public Public Public IP Address of the Data Migration Utility Compute
Public Private 240.0.0.0/4
Private Public 240.0.0.0/4
Private Private 240.0.0.0/4

Refer to the Public IP Ranges and Gateway IPs for Oracle Analytics Cloud Instances section in the documentation.

Call to action

When network perimeters are enabled in IDCS or IAM Identity Domain, OAC Data Migration Utility fails to obtain a token, resulting in authentication failure errors because the requesting client IP address doesn't exist in the allowed IPs in the network perimeter. For best results, allow the Gateway IP CIDR Range of the OAC instances to facilitate Data Migration Utility running successfully.

REDWOOD

 

Veera Raghavendra Rao Koka

Consulting Member of Technical Staff

Oracle Analytics Service Excellence, CEAL Team

Ravi Bhuma

Principal Solutions Architect, Oracle Analytics

Oracle Analytics Service Excellence, CEAL Team


Previous Post

What is AnalyticsOps, and how could it improve your business decisions?

Barry Mostert | 7 min read

Next Post


Use encrypted values from Oracle Cloud vaults and secrets in Oracle Analytics Cloud migration automation