Prepare Network Components for Oracle Fusion Analytics Service Endpoints Internet Access

December 1, 2023 | 5 minute read
Text Size 100%:

rw

Published Version 6 on March 11, 2024.

Introduction

Oracle Fusion Analytics (Fusion Analytics) is a family of prebuilt, cloud-native analytics services that run on OCI (Oracle Cloud Infrastructure). About Fusion Analytics is an overview.

overall

Private Fusion Analytics enables private network access to Fusion Analytics via private service endpoints and disallows traffic from the internet. Direct access is allowed only from private hosts in OCI or connected to OCI via a DRG (Dynamic Routing Gateway).
Internet access is possible using public proxies that connect privately to the service endpoints.

This post is a member of the Private Fusion Analytics series. It builds upon the network foundation described in Prepare for Oracle Fusion Analytics Service Endpoints. It guides the initial networking component setup for internet access to Fusion Analytics service endpoints. Included are architectural diagrams, component descriptions, and links for additional references.

rw
Architecture

This section contains initial and prepared architecture diagrams.

Initial State

The initial state contains a provisioned Fusion Analytics instance with three service endpoints.

Refer to Prepare Oracle Fusion Analytics with Service Endpoints and Provision Oracle Fusion Analytics with Service Endpoints for details on a Fusion Analytics instance's provisioned state.

Slide15

This diagram depicts Fusion Analytics service endpoints provisioned in a VCN (Virtual Cloud Network).


Prepared State

Slide16

This diagram depicts the additional and updated components required for Internet access to Fusion Analytics service endpoints.

Redwood
Components

Descriptions of the components depicted in the initial-state architecture diagram are provided in the Prepare for Oracle Fusion Analytics Service Endpoints post.

This section describes the additional and updated components in the prepared-state architecture diagram.

Internet Gateway

An Internet Gateway is added to the VCN to facilitate traffic from and to the Internet.


Public Route Table

A Route Table is added to the VCN and assigned to the public subnet to send Fusion Analytics response traffic through the Internet Gateway.


Public Subnet Security List

A security list is added to the VCN and assigned to the public subnet to allow egress from the subnet and ingress from customer-defined CIDR blocks encompassing user IP addresses.


Public Subnet

A public subnet is added to the VCN to host the Network Load Balancers acting as public proxies and is assigned the public subnet security list and route table .


Network Load Balancers

NLBs (Network Load Balancers) are added as public proxies to the public subnet to receive TCP traffic from the internet and forward it to the relevant Fusion Analytics service endpoints.

Note: Network Load Balancers support only one destination for each port configured. Because Fusion Analytics has two services using port 443, two NLBs are required. The ADW service using port 1522 is assigned to one of the two NLBs.


Network Security Group

The ADW NSG, if used, is updated to allow ingress traffic from the NLB acting as a proxy for the ADW.


Private Subnet Security List

A security list is added to the VCN and assigned to the private subnet to allow ingress traffic from the NLBs.

Redwood
Deploy

It is assumed deployers belong to OCI groups granted permissions via OCI policy rules to manage deployment components, including creating compartments if necessary.

Visit the Deploy Network Components for Oracle Fusion Analytics Service Endpoints Internet Access blog post for an automated method of deploying this architecture via OCI Terraform.

Other frameworks exist to deploy the components:

A typical provisioning sequence follows: Components Created

  1. Internet Gateway
  2. Public Subnet Security List
  3. Public Subnet Route Table
  4. Public Subnet
  5. Network Load Balancers
  6. Private Subnet Security List
Components Updated
  • Private Subnet
  • Network Security Group (if used)

rw
Explore More

Refer to the Overview of Private Fusion Analytics for references to other posts in the series.

Explore and learn about Fusion Analytics by visiting the community links, blogs, and library.

Implementing Oracle Fusion Analytics Series

Fusion Analytics Implementation Guide

CEAL Implementation Guidance Sessions, September 2023

Fusion Analytics Community

Fusion Analytics Blogs

Fusion Analytics Library

rw

Dayne Carley


Previous Post

Provide Personalization in Workbooks in Oracle Analytics Cloud

Abhinav Chaurasia | 5 min read

Next Post


Access Oracle Fusion Analytics Service Endpoints Privately

Dayne Carley | 12 min read