Configure NetFoundry Zero Trust Networking for Oracle Autonomous Database (ADW) private endpoint access.

 

Introduction - Oracle Autonomous Database

Oracle Cloud Infrastructure's Autonomous Database is a fully-managed, preconfigured database environment with three workload types available, Autonomous Transaction Processing, Autonomous Data Warehouse and Autonomous JSON Database. You do not need to configure or manage any hardware or install any software. After provisioning, you can scale the number of CPU cores or the storage capacity of the database at any time without impacting availability or performance. Autonomous Database handles creating the database, as well as the following maintenance tasks:

  • Backing up the database
  • Patching the database
  • Upgrading the database
  • Tuning the database

Autonomous Database with Private Endpoint

Private endpoint refers to a network setup for your Autonomous Database with shared Exadata infrastructure where all network traffic moves through a private endpoint within a VCN  in your tenancy. If your organization has strict security mandates that do not allow you to have a public endpoint for your database, this provides you with the necessary private endpoint. Additionally, this configuration uses no public subnets and allows you to keep all traffic to and from your Autonomous Database off of the public internet. The following solution brief provides an outline for configuring NetFoundry networking to access a private endpoint within the Oracle Autonomous Database offering. 

 

NetFoundry Solution Overview

 

adw_with_nf.png

 

Assumptions

You have a working NetFoundry network with NetFoundry Hosted Edge Routers and an Edge Router Policy with at least 1 NetFoundry Hosted Edge Router and endpoints with #all. More information can be found here under Endpoints & Edge Routers.

https://support.netfoundry.io/hc/en-us/categories/360000991011-Docs-Guides

 

policy.png

 

 

Build the environment

 

Step 1

Assumption: You have a working Compartment and a VCN with Internet connectivity established.  The Public Subnet should have an Internet Gateway and the Private subnet should have a NAT Gateway. You should also have a NSG associated with the VCN. We used a single rule of all traffic from VCN subnet only.

 

From the OCI Dashboard select "Create an ADW database"

 

mceclip1.png

 

Choose your desired Database type. Transaction processing and Shared infrastructure are chosen for this example. 

 

oracle_create_2.png

 

oracle_create_3.png

 

oracle_create_4.png

oracle_create_5.png

 

Once completed, you should have a functioning DB with a private endpoint.

 

oracle_create_6.png

 

Step 2

From the NetFoundry console Create an edge router for the instance we will create in OCI.  NOTE: Attribute is optional

 

nfcreate1.png

 

Record / Copy Registration Key

 

nfcreate2.png

 

Return to the Oracle Cloud portal  to create NetFoundry Edge Router from Marketplace. 

 

 

 

createinstance1.png

createinstance2.png

NOTE: paste key into init script to self register the Edge Router during creation.

 

createinstance3.png

 

Step 3

Create your endpoint from the NetFoundry Console, download JWT file and add your identity to finish the installation. These instructions can be found at support.netfoundry.io

 

Next we'll focus on configuring the NetFoundry Service/AppWAN to access the Database privately over the secure connection. From the NetFoundry console, select "Services".

NOTE: Using the data from tnsnames.ora,  identify your db application hostname, Also note your private IP from the OCI portal if you did not record it during build.

Sample

 

services1.png

 

During service creation, deselect Native Application - SDK based and select Router termination.

 

services3.png

 

Provide the Hostname/Port for Client configuration and the Private IP/Port for the server configuration. Select the Router configured in the previous step to host this service from the drop down list.

 

 

services2.png

 

Let's now configure your AppWAN. Select the service from the previous step and the endpoint to connect to the database.

 

appwan1.png

 

Verify that your service is listed in the NetFoundry endpoint software.

 

client1.png

 

To test client db connectivity, you may also need to Configure Oracle Client access and download the client to interact with the database.

Install Oracle client https://cx-oracle.readthedocs.io/en/latest/user_guide/installation.html

 

dbclient1.png

 

 

 

 

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.