When you migrate Oracle Analytics Cloud (OAC) using snapshots, data files aren't migrated to the target OAC instance in a different OCI region. In such cases, using Data Migration Utility to download the data files and restore them in the target OAC instance is recommended.
Data Migration Utility fails when network perimeters are defined in Oracle Identity Cloud Service (IDCS) or IAM Identity Domain. This article provides the details to run OAC Data Migration Utility successfully.
For security purposes, identity domain administrators, security administrators, and application administrators can define network perimeters in Oracle Identity Cloud Service or IAM Identity Domain. A network perimeter contains a list of IP addresses. Users can log in to Oracle Analytics Cloud using only IP addresses contained in the network perimeter. Users who attempt to log in to Oracle Identity Cloud Service with these IP addresses are accepted. You can also create a list of IP addresses from which users can't log in.
Refer to the Understand Network Perimeters documentation for more information.
Refer to the Migrate Oracle Analytics Cloud Using Snapshots section in Oracle Analytics Cloud documentation.
During content replication across OCI regions, the snapshot created in the primary OAC instance doesn't migrate data files to the OAC instance in another OCI region. To migrate data files, use Data Migration Utility.
Refer to the Migrate File-based Data documentation for more information.
Data Migration Utility fails with errors such as the following ones when network perimeters are enabled.
[opc@autodr test]$ /home/opc/jdk1.8.0_361/bin/java -jar /home/opc/migrate-oac-data/migrate-oac-data.jar -d -config config.properties
May 08, 2023 11:48:37 PM oracle.bi.bar.dr.util.DRUtils getOracleHome
INFO: Oracle Home: /bi/app/fmw
Starting Data Migration Utility....
Log Path: /home/opc/migrate-oac-data/logs/1683589717625/datamigration.log
Set Loglevel INFO
Java Version: 1.8.0_361
Recommended Java Version: 1.8+
Status File Path: /home/opc/migrate-oac-data/logs/1683589717625/status.txt
Operation Selected : DownloadDataFiles
Invoking Data files download ...
Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https:// oac-xxxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
Data Migration Failed. Please check the log.
Figure1. Failure snippet in the output.
Here are the contents of the datamigration.log file:
May 04, 2023 10:11:59 PM oracle.bi.migration.util.Util isPodAccessibleWithV2API
INFO: Pod base Url : https:// oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com/bipodadmin/rest/public/v1
May 04, 2023 10:11:59 PM oracle.bi.migration.util.Util isPodAccessibleWithV1API
INFO: Pod base Url : https:// oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com/bipodadmin/rest/public/v1
May 04, 2023 10:11:59 PM oracle.bi.migration.DataMigration main
SEVERE: Pod Migration command execution failed with exception: Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
oracle.bi.migration.exception.DataMigrationException: Operation failed. Reason: Source pod is not accessible from client. Please check source OAC URL and credential. https://oac-xxxxxxxxxxxx-ia.analytics.ocp.oraclecloud.com
at oracle.bi.migration.DataMigration.execute(DataMigration.java:239)
at oracle.bi.migration.DataMigration.main(DataMigration.java:2195)
Figure 2. Failure snippet from the log file.
Suppose the OAC instance and the Data Migration Utility instances are in the OCI Subnets shown in the following table. Allow the required IP CIDR ranges as shown.
| Data Migration Utility Compute in Public or Private Subnet | OAC in Public or Private Subnet | Allowed IP Addresses for Network Perimeters |
|---|---|---|
| Public | Public | Public IP Address of the Data Migration Utility Compute |
| Public | Private | 240.0.0.0/4 |
| Private | Public | 240.0.0.0/4 |
| Private | Private | 240.0.0.0/4 |
Refer to the Public IP Ranges and Gateway IPs for Oracle Analytics Cloud Instances section in the documentation.
When network perimeters are enabled in IDCS or IAM Identity Domain, OAC Data Migration Utility fails to obtain a token, resulting in authentication failure errors because the requesting client IP address doesn't exist in the allowed IPs in the network perimeter. For best results, allow the Gateway IP CIDR Range of the OAC instances to facilitate Data Migration Utility running successfully.