Oracle Cloud Infrastructure Documentation

Configure a Private Endpoint for an Instance

A private endpoint lets your integrations connect to private resources in your virtual cloud network (VCN). All traffic goes through a private channel that is set up within Oracle Cloud Infrastructure. You can configure one private endpoint per instance.

Do you need a private endpoint?

To learn more about private endpoints, see Connect to Private Resources.

Prerequisites

Complete all prerequisites before configuring a private endpoint. Here is an overview of the prerequisites:

  1. If you don't already have a VCN and subnet for your Oracle Integration instance, create them.
    • The private resources must be in the same customer tenancy in which Oracle Integration is provisioned.
    • The VCN must be in the same region as your Oracle Integration instance.
    • The VCN and subnet can be in any compartment within the customer tenancy.
    • The subnet can be public or private.
  2. Place any private resources that you want integrations to access in your subnet.
  3. Create a policy that allows the private endpoint to create a virtual network interface card (VNIC) in the compartment that contains the subnet.
Note

If you don't complete the prerequisite tasks, the endpoint can't be created.

To configure a private endpoint:

  1. In the Oracle Cloud Infrastructure Console, open the navigation menu and click Developer Services, then, under Application Integration, click Integration.
  2. Open the Oracle Integration instance to which you want to add a private endpoint.
    If you don't see the instance you're looking for, make sure you're viewing the correct region (in the banner) and compartment (at the top of the instance list, next to Applied filters).
  3. On the Integration instance details page, in the tabs across the top, click Networking.
  4. Under Private endpoints, click Create private endpoint.
  5. In the Create private endpoint panel, fill in the fields:
    • Virtual cloud network compartment: If the virtual cloud network (VCN) with the private resources is in a different compartment, select the appropriate compartment.
    • Virtual cloud network: Select the VCN that contains the subnet with the private resources. In the drop-down list, each VCN includes its DNS domain name in parentheses.
    • Subnet compartment: If the subnet with the private resources is in a different compartment, select the appropriate compartment.
    • Subnet: Select the subnet that contains the private resources. The private endpoint connects to this subnet. In the drop-down list, each subnet includes its DNS domain name and classless inter-domain routing (CIDR) block in parentheses.
  6. Click Create.

    The private endpoint appears below the Private endpoint heading, but it isn't available for use yet. A work request is created. It takes about five minutes for the work request to complete.

  7. Monitor the work request until the private endpoint is completed.
    1. In the tabs across the top, click Work requests.
    2. Find the work request in the table.
    3. Periodically refresh the page, and wait until the Status for the work request changes to Succeeded and the % Complete value is 100.
    4. To view details about a work request, click the work request entry in the Operation column.
      The Log messages panel opens with details about the work request.
    Note

    If the work request doesn't succeed, the work request will show that it has failed, and the private endpoint entry is removed from the table on the Networking tab. If the work request fails, your policy might not be set correctly, or you might not have completed another prerequisite task. See Troubleshoot Private Endpoints.
After the private endpoint is created, it's available for use, and you can begin creating connections that use the private endpoint to secure outbound traffic. See Create a Connection and Adapters that Support Connecting to Private Endpoints in Using Integrations in Oracle Integration 3.
You can't modify the private endpoint. If you need to make changes, simply delete the endpoint and create it again. See Delete a Private Endpoint.