Restricting Access to Fusion Data Intelligence by IP Range

Introduction

You might choose to limit access to your Oracle Fusion Data Intelligence environment so that no one can sign in to your environment outside of your VPN or intranet. Be aware that Fusion Data Intelligence includes multiple components (especially Oracle Autonomous Data Warehouse and Oracle Analytics Cloud) that allow your data to be accessible through external connections. You likely want to limit access to these components while not hampering the internal communication among Oracle Services, especially the data pipeline that loads data into the data warehouse.

Solution

Step 1: Secure Access to Autonomous Data Warehouse

See How to Make Your Autonomous Database Even More Secure Using Network ACLs.

Follow the steps as described in this blog with one difference. When specifying the CIDR blocks for IPs that can access the database, create at least two entries:

• In one entry, include the CIDR block required to provide access from your VPN or intranet.
• In the second entry, include “240.0.0.0/4”, the CIDR block for the IPs range of the Oracle Service Gateway for internal communication among Oracle Servers.

Step 2: Secure Access to Oracle Analytics Cloud

See Network Access in Create Oracle Analytics Cloud Public Endpoint.

Using this network configuration, you can limit the IP addresses that can access Oracle Analytics Cloud. However you must ensure to include a rule type “Service”. System will automatically select “All Services on the Oracle Services Network in this region”. You don’t need to include the CIDR block of the Service Gateway.

Summary

After implementing these steps, you’ll see the following for your environment:

• Connection from outside your VPN or intranet is denied.
• Connection from your VPN and from your intranet (from the company’s office) is authorized.
• Data Pipeline is executed successfully.