Top FAQs for Private Data Sources
The top FAQs when setting up a private access channel for Oracle Analytics Cloud are identified in this topic.
What data sources can I connect to over a private access channel?
Private access channels enable you to connect to private data source hosts. You can't use a private access channel to access any other type of private host. For example, you can't use private access channels to access private hosts that represent FTP servers, SMTP servers, printers , MapViewer configuration, or any other type of private host you might you use.
When I connect to my private data source in Oracle Analytics Cloud, do I specify the domain name or the IP address of my private data source?
You must specify the Fully Qualified Domain Name (FQDN) of your private
data source in the connect dialog. This is the same FQDN that’s registered in the
private access channel. For example, domain names such as custcorp.com,
example.com, adb.us-ashburn-1.oraclecloud.com
, and so on. See About Private Data Sources.
You can’t use IP addresses to connect to private data sources.
My private Oracle Database has a Single Client Access Name (SCAN). Can I use the SCAN host name to connect to my private data source?
Yes. Register the SCAN host name and the SCAN port in private access
channel. For example, SCAN host names such as
db01-scan.corp.example.com
,
prd-db01-scan.mycompany.com
, and the port where the SCAN
protocol connects, for example 1521
. See About Private Data Sources.
At least one DNS Zone is required on the private access channel. Select Virtual Cloud Network’s domain name as DNS zone to add the default domain.
I have several private data sources. Do I access all of them over a single private access channel?
Yes. Your Oracle Analytics Cloud instance supports a single private access channel. You can connect to multiple data sources through the same channel.
- DNS Zones: You can add up to 30 DNS zone entries.
- SCAN Hosts: You can add up to 15 SCAN host entries.
How long does it take to create, update, or delete private data sources?
It takes between 7 and 30 minutes to add or modify DNS zone and SCAN host entries.
How do I control access to the private data sources on my private access channel?
You can use egress rules defined in network security groups to restrict access to your private data sources. The way you configure network security groups depends whether the endpoint of your Oracle Analytics Cloud instance is public or private. See Manage Egress Access Rules for a Public Endpoint using the Console or Manage Ingress and Egress Access Rules for a Private Endpoint using the Console.
Can I add and remove data sources or edit the private access channel?
Yes. You can manage the DNS zones and SCAN hosts accessible through the private access channel. If your Oracle Analytics Cloud has a public endpoint, you can also change the VCN and subnet that the private access channel uses to access the private data sources and control access with one or more network security groups . See Edit a Private Access Channel.
You can monitor the progress of Edit Private Access Channel operations in the activity log. In the unlikely event an edit operation fails, Oracle recommends that you delete the private access channel and recreate it. See Monitor Status.
Can I use both a private access channel and Remote Data Gateway?
Yes. You can use both these methods to connect to your remote data sources.
Can I set up a private access channel with Oracle Analytics Cloud Classic or Oracle Analytics Cloud Gen 1?
No. The private access channel feature is available only with Oracle Analytics Cloud Gen 2.
Can I use the private access channel to access a private data source on a different OCI region?
No. Oracle Analytics Cloud and the Oracle Cloud Infrastructure VCN that's hosting the private data source must be in the same region. See Prerequisites for a Private Access Channel.
If you need to connect to a private Oracle Autonomous Data Warehouse in a different region, you can set up a custom domain for Oracle Autonomous Data Warehouse with a custom private zone. For details, refer to the blog Creating Oracle Analytics Connections to Private Autonomous Databases in Remote Regions.
If my private Oracle Analytics Cloud and my private data source are in the same subnet, do I need a private access channel?
Yes. You must configure a private access channel to connect to your private data source even when it's in the same subnet as your Oracle Analytics Cloud.
Can I use a private access channel to access Oracle-specific DNS zones?
In most cases, no. Access to most Oracle-specific DNS zones is restricted, for
example oracle.com
and oraclecloud.com
. You can’t
register these DNS zones as private sources and connect to them over a private
access channel.
The only Oracle-specific DNS zone you can register as a private source
in a private access channel is adb.<region>.oraclecloud.com
.
For example, adb.us-ashburn-1.oraclecloud.com
. You can use this
format to access private Oracle Autonomous Data Warehouse and Oracle Autonomous Transaction
Processing databases.
How do I connect to a private Oracle Autonomous Data Warehouse in a customer VCN?
-
In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses a subnet in the virtual cloud network (VCN) where the private Oracle Autonomous Data Warehouse is deployed. See Configure a Private Access Channel using the Console.
-
Ensure that the subnet the private access channel uses has an egress rule to communicate with the private Oracle Autonomous Data Warehouse on port 1522. See Working with Security Lists.
-
Register Oracle Autonomous Data Warehouse as a private source in the private access channel using the DNS zone format
adb.<region>.oraclecloud.com
. For example,adb.us-ashburn-1.oraclecloud.com
. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console. -
Obtain the regional wallet for the private Oracle Autonomous Data Warehouse. See Download Client Credentials (Wallets).
-
In Oracle Analytics Cloud, create a connection to Oracle Autonomous Data Warehouse that uses the regional wallet and select the service name of the private Oracle Autonomous Data Warehouse instance you want to connect to from the list. See Connect to Oracle Autonomous Data Warehouse.
How do I connect to a private data source in my Oracle Cloud Infrastructure VCN?
-
In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses a subnet in the virtual cloud network (VCN) where the private data source is deployed. See Configure a Private Access Channel using the Console.
In the Configure Private Access Channel page, select the checkbox VIRTUAL CLOUD NETWORK's DOMAIN NAME as DNS ZONE.
-
Ensure that the subnet the private access channel uses has an egress rule to communicate with the private data source on its port. See Working with Security Lists.
-
If you didn't select the checkbox in step 1, register the DNS zone of your VCN in the format
. For example,<VCN DNS label>.oraclevcn.com
example.oraclevcn.com
. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console. -
In Oracle Analytics Cloud, create a connection that specifies the hostname of the VCN where the private data source is deployed. See
Connect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.
How do I connect to a private data source in my corporate network peered to an Oracle Cloud Infrastructure VCN?
- Set up a direct connection between your corporate network and Oracle Cloud Infrastructure VCN. See Access to Your On-Premises Network.
- Set up a private DNS resolver in the Oracle Cloud
Infrastructure VCN.
Configure a DNS forwarder in the private DNS resolver to forward corporate hostname resolution to your company's DNS server. See Private DNS and Private DNS Implementation (A-Team Blog).
-
In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses the subnet in the virtual cloud network (VCN) that is connected to the corporate network . See Configure a Private Access Channel using the Console.
-
Ensure that the subnet the private access channel uses has an egress rule to communicate with IP address and port of the private data source. See Working with Security Lists.
-
Register the DNS zone of the data source in the format
<domain name>
. For example, if the data source FQDN hostname isdata-source-ds01.example.com
, add the DNS Zone asexample.com
. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console. -
In Oracle Analytics Cloud, create a data source connection using the FQDN hostname
data-source-ds01.example.com
. SeeConnect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.
How do I connect to a private data source using an IP address in my corporate network peered to an Oracle Cloud Infrastructure VCN?
- Set up a direct connection between your corporate network and Oracle Cloud Infrastructure VCN. See Access to Your On-Premises Network.
- Create a private DNS view and then add a zone (in the view) for your
custom domain. For example,
ocivcn.example.com
. See Private DNS. - In the zone you just created, add a DNS record type A, and map the
IP address to the fully qualified hostname. For example,
datasource-ds-01.ocivcn.example.com
. - Navigate to the DNS Resolver option for your VCN and associate the
private DNS VCN you created in step 2. See Private DNS Resolver.
Configure one of the following:
- DNS forwarder: Configure a DNS forwarder in the private DNS resolver to forward corporate hostname resolution to your company's DNS server. See Private DNS and Private DNS Implementation (A-Team Blog).
- Hostname to IP address mapping: Add a custom record type A
entry for the data source IP address mapping to an FQDN hostname under a
unique DNS domain.
For example, if the data source IP address in your corporate network is
10.40.100.55
and your corporate DNS Zone domain isexample.com
, add a DNS record type A that mapsdatasource-ds-01.ocivcn.example.com
to10.40.100.55
.
-
In Oracle Cloud Infrastructure Console, configure a private access channel for the Analytics instance that uses the subnet in the virtual cloud network (VCN) that is connected to the corporate network . See Configure a Private Access Channel using the Console.
-
Register the DNS zone of the data source in the format
ocivcn.<domain name>
. For example, if the data source DNS record isdatasource-ds-01.ocivcn.example.com
, add the DNS Zone asocivcn.example.com
. See Manage the Private Data Sources You Can Access on a Private Access Channel using the Console. -
In Oracle Analytics Cloud, create a data source connection using the hostname
datasource-ds-01.ocivn.example.com
. SeeConnect to Data for Visualizations and Analyses and Manage Database Connections for Semantic Models.
Do I have any tools to troubleshoot connection issues to my private data sources?
Yes. You can use the Network Path Analyzer that's available in Oracle Cloud Infrastructure Console to troubleshoot connectivity issues. See Troubleshoot Connectivity Issues Using Network Path Analyzer.