X

Welcome to All Things Data Integration: Announcements, Insights, Best Practices, Tips & Tricks, and Trend Related...

Understanding VCN Configuration for Oracle Cloud Infrastructure (OCI) Data Integration

ADITYA DUVURI
Product Manager

Let's learn more about Oracle Cloud Infrastructure Data Integration. Today's blog will help you understand and teach you Virtual Cloud Network (VCN) configuration for Oracle Cloud Infrastructure Data Integration. Check out the previous blog written on Oracle Cloud Infrastructure Data Integration about Workspaces.

Overview of Virtual Cloud Network (VCN)

A virtual cloud network (VCN) is a customizable and private network in Oracle Cloud Infrastructure. Just like a traditional data center network, the VCN provides complete control over the network environment. This includes assigning own private IP address space, creating subnets, route tables, and configuring stateful firewalls. VCN resides within a single region but can cross multiple Availability Domains.

Once users, groups, and compartments are created then start with VCN creation. 

By default, there are two subnets in the VCN (Region Specific). 

  • Private Subnet - Instances contain private IP addresses assigned to Virtual Network Interface Card (VNIC)
  • Public Subnet - Contains both private and public IP addresses assigned to VNICs

For more understanding of VCN can refer to - https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm

Oracle Cloud Infrastructure Data Integration and Virtual Cloud Networks

Now coming to the main topic "Understanding VCN with Oracle Cloud Infrastructure Data Integration". Oracle Cloud Infrastructure Data Integration is in the Oracle Tenancy which resides outside the user tenancy. For Data Integration to access the resources in the user tenancy and get the information related to VCN and subnets the following policy needs to be set at the compartment level/tenancy level i.e. policy set at default root compartment level.

allow service dataintegration to use virtual-network-family in tenancy (or) allow service dataintegration to use virtual-network-family in compartment <vcn_compartment>

Different Options when Creating a Workspace

While creating workspaces there are two options provided i.e. Enable Private Network or using Public Network. Oracle Cloud Infrastructure Data Integration only supports regional subnets i.e. subnet across all Availability Domains. Regional subnets are used for high availability purposes. 

While in the process of creating a Workspace using "Enable Private Network", Oracle Cloud Infrastructure Data Integration VCN gets extended with the user-selected VCN. When the option is not selected then Oracle Cloud Infrastructure services like Object Storage get accessed through Service Gateway defined at the tenancy level and the rest of the resources like Database are accessed through Public Internet.

Let us consider multiple Scenarios to understand the Oracle Cloud Infrastructure Data Integration with VCN by selecting Private/Public subnet and accessing its resources. Before testing multiple scenarios following are pre-requisites created in the environment:

  1. Created VCN with the name "VCN_DI_CONCEPTS" in the respective compartment.

     
  2. Created four subnets within the mentioned VCN. Oracle Cloud Infrastructure Data Integration only supports regional subnet. For more information on the regional subnets, refer to https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVCNs.htm

    Below is the list of resources created belonging to Subnet and Region while Testing

     

  3. For Autonomous Data Warehouse (ADW) to be in private instance Network Security Group (NSG) needs to be defined. In NSG defined two ingress rule for PUBLIC_SUBNET_DI (10.0.2.0/24) and PRIVATE_SUBNET_DI (10.0.1.0/24)

     
  4. For DB Systems in Private subnet, the following rules in the ROUTE table are included

     
  5. For Service Gateway, select the option "All IAD Services in Oracle Services Network". To understand more about this option, refer https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/servicegateway.htm

 

Scenario 1 - Accessing ADW, Object Storage, and Databases in the same Region using DI workspace in Private Subnet

  • Oracle Cloud Infrastructure Data Integration workspace was created in PRIVATE_SUBNET_DI (10.0.1.0/24)

  • Service Gateway used in the PRIVATE_SUBNET_DI

 

 

Scenario 2 - Accessing ADW, Object storage in different regions, and accessing Database Systems residing in a public subnet.

    • To access ADW in different regions and DB Systems in public subnet a NAT Gateway is required. 
    • Service Gateway is required for Object storage along with NAT Gateway for cross traffic.
    • Route Rules screenshot(added NAT Gateway with the existing Service Gateway):


 

 


Scenario 3Accessing ADW, Object Storage, and Database in the same Region using DI workspace in Public Subnet

  • OCI DI Workspace in Public Subnet "PUBLIC_SUBNET_DI" (10.0.2.0/24)

Depending on the requirement if Oracle Cloud Infrastructure Data Integration Workspace has been assigned in a VCN and wants to connect resources residing in another VCN which might be in the same region or different region then Local or Remote peering is required accordingly. To understand more about Local or remote peering, refer https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/VCNpeering.htm. If the resources are having Public IP then NAT or Service Gateway can be used accordingly.

Scenario 4 - ADW, Object Storage, Database systems residing in the public subnet and all these resources are in different tenancy, different region, and different VCN

To test this scenario we have created the following resources in the Mumbai region and different tenancy. The workspace of Oracle Cloud Infrastructure Data Integration is in Public Subnet (10.0.2.0/24). DI Workspace is created in the Ashburn region.

 

Scenario 5 - Connecting ADW, Databases and Object Storage using DI workspace with "Enable Private Network" Disabled

  • While creating workspace if the option "Enable Private Network" is not selected

     
  • This non - enabling option means public connectivity option is selected where the Oracle Cloud Infrastructure Data Integration can access all the public services using Service Gateway and NAT Gateway from Oracle Tenancy.
  • Here, Oracle Cloud Infrastructure Data Integration can't access private resources since for the workspace no VCN is assigned.
  • In this example, Oracle Cloud Infrastructure Data Integration is enabled in the Ashburn region.
     

 

Scenario 6 - Connecting Oracle Cloud Infrastructure Data Integration with On-Premise DB

  • There are two methods where Oracle Cloud Infrastructure Data Integration can connect to On-Premise DB
    • IPSec VPN
    • FastConnect
  • Below are the details on how using FastConnect Oracle Cloud Infrastructure Data Integration can access the Database. To understand more about FastConnect, refer https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnect.htm
     
  • Oracle Cloud Infrastructure Data Integration workspace should be in the same subnet where FastConnect is configured.
     
  • In the below example, VCN is created by Oracle as part of FastConnect with the name "####-iad.vcn"

     
  • Regional Public subnet is created within the VCN

     
  • Dynamic Route Gateway (DRG) is configured which is used as a virtual router that provides a path for private traffic (that is, traffic that uses private IPv4 addresses) between user VCN and networks outside the VCN's region. For more information on DRG, refer - https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingDRGs.htm
     
  • DRG can be configured with IPSec or Oracle FastConnect

     
  • Within the DRG two virtual network have been configured using FastConnect

     
  • Route Rules defined in the VCN

     
  • OCI DI workspace created in the subnet

     
  • Under Data Asset Create and Test the connection

 

Summary - We can observe that Scenario 1 and Scenario 2 are the same irrespective of Subnet allocated to the workspace.  Since the secondary VNIC extended to the users VCN/tenancy is always Private.

Oracle Cloud Infrastructure Data Integration Workspace is assigned to Public or Private Subnet

Oracle Cloud Infrastructure Data Integration Workspace is not assigned any network - Disabled "Enable Private Network" Option

We just recently announced the general availability of Oracle Cloud Infrastructure Data Integration. With a series of upcoming blogs, we look forward to introducing various concepts. This concludes our blog on how to use VCN in Oracle Cloud Infrastructure Data Integration. To learn more, check out some Oracle Cloud Infrastructure Data Integration Tutorials and the Oracle Cloud Infrastructure Data Integration Documentation.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.