X

Information, tips, tricks and sample code for Big Data Warehousing in an autonomous, cloud-driven world

  • February 25, 2020

Announcing Private Endpoints in Autonomous Database on Shared Exadata Infrastructure

Yasin Baskan
Director, Product Management

Access to a database using private IP addresses has been one of the most common requests for Autonomous Database on Shared Exadata Infrastructure, especially from enterprise customers. Today, we are announcing support for private IP addresses in Autonomous Database on Shared Exadata Infrastructure.

With the Private Endpoints functionality Autonomous Database customers will now be able to assign a private IP address and a private hostname to their database in their Virtual Cloud Network. This completely disables the public endpoint for the database, ensuring that no client can access the database from the public internet. For a detailed explanation of this feature including configuration examples, please see this blog post.

Private Endpoints functionality further enhances the security of the Autonomous Database for customers with on-premises and Virtual Cloud Network connectivity requirements. We believe the Private Endpoints functionality will be especially beneficial for customers whose security standards mandate private IP addresses for their applications and databases.

Autonomous Database continues to offer access via public endpoints as well. Note that private endpoints and public endpoints are mutually exclusive. If you want your databases to be accessible from the public internet in addition to your Virtual Cloud Network and your on-premises network, you should choose to use a public endpoint. Even with public endpoints, you can configure your database so that it is only accessible from trusted clients or networks. You can also ensure the network traffic between the database and your clients in your Virtual Cloud Network or your on-premises network stays private and does not traverse the public internet. To configure databases with public endpoints, you can use the following features:

  • The Service Gateway for connecting your clients running in your Virtual Cloud Network to the database privately without going through the public internet.
  • FastConnect or VPN Connect for connecting your on-premises clients to the database privately without going through the public internet.
  • Network access control lists (ACLs) for restricting access to your database from only specific client IP addresses or networks so that untrusted clients cannot reach the database from the public internet.

Note that Autonomous Database on Shared Exadata Infrastructure always uses SSL authentication and encryption between clients and the database - for both public and private endpoints. All users of a database must have a wallet containing the required connectivity files like SSL certificates, SQL*Net and JDBC configuration files. Any user who does not have access to these files and a database username/password is not able to connect to the database. SSL certificates ensure that, even with a public endpoint, only authorized users are able to attempt to connect to a database.

Stay tuned for more posts on networking and connectivity with Autonomous Database!

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.