You can set up a Dedicated Vantage Point to define a location within your own
tenancy to run your monitors securely.
You can use a Dedicated Vantage Point to monitor applications behind a firewall or in a corporate network environment, which cannot be accessed by a public vantage point. The Dedicated Vantage Point cannot be used by anyone outside your tenancy and you have complete control over network settings. In this way, you can make a Dedicated Vantage Point a part of your corporate network and monitor endpoints that are not publicly accessible.
A Dedicated Vantage Point is an Application Performance Monitoring resource, which can be set up in a tenancy using the Oracle-provided APM Availability Monitoring Dedicated Vantage Point template available in the Oracle Cloud Infrastructure Resource Manager service. A template is a pre-built Terraform configuration used to deploy cloud resources in a common scenario. The APM Availability Monitoring Dedicated Vantage Point template can be used to provision the infrastructure and prerequisites for a Dedicated Vantage Point in Application Performance Monitoring. For more information on Resource Manager, see Overview of Resource Manager.
Here's an architecture diagram that provides an overview of a Dedicated
Vantage Point within a secure network that includes a Virtual Cloud Network (VCN), and
how it sends data from monitor runs to Application Performance Monitoring:
The following list describes the flow of data in the diagram:
A – Metrics, HTTP Archive (HAR) files, and screenshots sent to the APM domain
B – Flow of monitor configuration files and edits between the Deployment
Manager and the APM domain
C – Traces, spans, and metrics sent to the APM domain
Perform Dedicated Vantage Point
Prerequisite Tasks 🔗
Here are the prerequisite tasks that must be performed before you set up a
Dedicated Vantage Point.
Task
More Information
Ensure that you have sufficient quota for the resources required to create a stack using the APM Availability Monitoring Dedicated Vantage Point template.
To check resource quota in the compartment in which the Dedicated Vantage Point will be set up:
Open the navigation menu and click Governance & Administration. Under Governance, click Limits, Quotas and Usage.
On the Limits, Quotas and Usage page, select the following services in the Services drop-down list and verify the availability of quota:
Streaming: At least 1 partition must be available.
Compute: At least 2 compute instances must be available for the selected shape, having 2 cores each. The supported compute shapes are VM.Standard.E3.Flex and VM.Standard.E4.Flex.
Container Engine: At least 1 cluster and 2 nodes must be available.
Key Management: If you want to use the Oracle Cloud Infrastructure Vault service, quota for the virtual-vault-count resource-type should be available in the required compartment.
Resource Management/Private Endpoints: When using private endpoints, at least one private-endpoint-count must be available.
For information on quota in Oracle Cloud Infrastructure, see Compartment
Quotas.
Ensure that the user setting up the Dedicated Vantage
Point has the permissions to access the Resource Manager service, create
a stack (resource-type: orm-stacks) and view jobs
(resource-type: orm-jobs), and create and access the
following resources.
IAM resources (resource-types:
policies, tag-namespaces,
dynamic-groups)
Vault service resources (resource-types:
vaults, keys)
Logging service resources (resource-types:
log-groups,
unified-configuration)
Note that the VCN must be created manually and the
other resources listed above are created as part of the Resource
Manager stack.
OKE Private Endpoints: In addition to
the above resources access, ensure the user has the permission to
create resource manager private endpoint,(resource-type:
orm-private-endpoints)
Create a VCN and add the following security
rules:
For Oracle Kubernetes Engine (OKE) Public
Endpoint:
Ingress rules for the Oracle Kubernetes Engine API
public endpoint (Kubernetes API public endpoint) in a security
list of the public subnet where the public endpoint is hosted.
Note that the Worker Nodes CIDR is the CIDR range for the
private subnet where the cluster worker nodes are hosted.
State: Stateful, Source: VCN
CIDR, Protocol/Dest.Port: ICMP 3,
Description: VCN to Kubernetes API endpoint
communication
State: Stateful, Source:
Worker Nodes CIDR, Protocol/Dest.Port: TCP/12250,
Description: Kubernetes worker to control
plane communication
State: Stateful, Source:
0.0.0.0/0 or specific subnets,
Protocol/Dest.Port: TCP/6443, Description:
Client access to Kubernetes API endpoint, includes
Source: Worker Nodes CIDR- For
Kubernetes worker to Kubernetes API endpoint
communication
Source: 0.0.0.0/0-
For Helm Chart deployment
Egress rules for the Kubernetes API public endpoint
in a security list of the public subnet where the public
endpoint is hosted. Note that the Worker Nodes CIDR is the CIDR
range for the private subnet where the cluster worker nodes are
hosted.
State: Stateful, Destination:
All <region> Services in Oracle Services Network,
Protocol/Dest.Port: TCP/443,
Description: Allow Kubernetes control plane
to communicate with OKE
State: Stateful, Destination:
Worker Nodes CIDR, Protocol/Dest.Port: TCP/ALL,
Description: All traffic to worker nodes
Ensure that an APM Domain is created and generate a
private data key for the Dedicated Vantage Point. The Dedicated Vantage
Point will be registered to the APM Domain and the private data key is
required to ensure that Application Performance Monitoring accepts the monitoring metrics and data collected by
the Dedicated Vantage Point. It's recommended that the name of the
private data key is in the following format:
dvp_<dvp
name>_<region>
For information on creating an APM Domain and generating
data keys, see Create an APM Domain.
Generate an auth token to pull Dedicated Vantage Point
artifacts from the Container Registry.
To set up a Dedicated Vantage Point using Resource Manager, you must create a stack using the APM Availability Monitoring Dedicated Vantage Point template.
Before you set up a Dedicated Vantage Point, you must perform all the
prerequisite tasks to obtain permissions and ensure the availability of the resources
required. For information on the prerequisite tasks, see Perform Dedicated Vantage Point Prerequisite Tasks.
To set up a Dedicated Vantage Point:
Open the navigation menu, click Developer Services.
Under Resource Manager, click
Stacks.
On the left pane, select the compartment in which you want to set up the
Dedicated Vantage Point.
Click Create Stack.
The Create Stack Wizard is
displayed.
On the Stack Information page:
Select Template.
Click Select Template.
In the Browse Templates dialog box, click the Services tab, select APM Availability Monitoring Dedicated Vantage Point, and click Select Template.
The fields on the Stack Information page are updated with Dedicated Vantage Point details, and you can make changes to the name and description, select a different compartment in which to create a stack, and so on.
Click Next.
On the Configure Variables page, configure the variables
for the infrastructure resources that the stack will create while setting up the
Dedicated Vantage Point.
Dedicated Vantage Point Name
Dedicated Vantage Point
Name: Enter a unique name for the Dedicated Vantage
Point. This name will be used to register the Dedicated Vantage
Point with an APM Domain and will be prefixed to the
infrastructure resources created by the stack.
VCN Configuration
Note that the values selected
in the VCN Configuration fields cannot be
changed later.
Use private Kubernetes API endpoint:
Select to create OKE cluster on private subnet.
Network Compartment: Select the
compartment in which the VCN resides.
VCN: Select the VCN that the
Dedicated Vantage Point will use.
Cluster Worker Nodes Subnet: Select the
subnet used by the worker nodes in the Dedicated Vantage Point
cluster.
Public Kubernetes API Endpoint Subnet:
Select the public subnet to host the Kubernetes API public
endpoint.
Private Kubernetes API Endpoint Subnet:
Select the same subnet used in bullet d. Cluster
Worker Nodes Subnet.
Domain Configuration
Auth Token of the User Executing the
Stack: Enter the auth token of the user
executing the stack. The auth token is required to pull
Dedicated Vantage Point artifacts from the Container
Registry.
Domain Private Data Keys:
Enter the APM Domain private data key generated for the
Dedicated Vantage Point in the following
format:
Kubernetes Version: Select
the Kubernetes version of the cluster worker nodes. Note that
the downgrade of the Kubernetes version is not supported.
Shape: Select the compute
instance shape of the worker nodes to be created in the
Dedicated Vantage Point node pool. Note that only
VM.Standard.E3.Flex and VM.Standard.E4.Flex are supported.
Node Pool Size: Select the
number of worker nodes in the Dedicated Vantage Point node
pool.
SSH Key: Optionally, provide
the SSH public key to access private worker nodes in the
cluster, by selecting the Choose SSH Key
File option and uploading the SSH key
(.pub) file, or selecting the
Paste SSH Key option and pasting the
SSH key. Note that the key will only be applied to new
nodes.
Proxy Configuration
Use Target URL Proxy?:
Select to provide proxy details if the monitored targets are
behind a proxy server. On selecting this check box, the
following fields are displayed:
Is HTTPS Proxy?: Select if proxy
access is secure.
Proxy URL: Enter the
URL of the target proxy server. For example,
https://proxy.example.com.
Proxy Port: Enter the
port number of the target proxy server. For example,
8080.
Bypass URL: Enter
comma-separated domain names to bypass proxy settings.
For example, example1.com and
example2.com. Note that you must
avoid wild card characters such as an asterisk
(*).
Auth Type: Select the
authentication type for the target proxy server. The
default option is NONE, however,
if you select BASIC in the
drop-down list, you must specify the user name and
password in the User Name and
Password fields.
Use Metric Data Upload Endpoint
Proxy?: Select to provide proxy details to
upload monitored metrics. On selecting this check box, the
following fields are displayed:
Is HTTPS Proxy?: Select if proxy
access is secure.
Proxy URL: Enter the
URL for the metrics data upload endpoint proxy server to
communicate with the APM Collector. For example,
https://127.0.0.1.
Proxy Port: Enter the
port number for the metrics data upload endpoint proxy
server. For example, 8080.
Auth Type: Select
the authentication type for the metrics data upload
endpoint proxy server. The default option is
NONE, however, if you select
BASIC in the drop-down list,
you must specify the user name and password in the
User Name and
Password fields.
Vault Configuration
Enable Vault Support?: Select
to use the Oracle Cloud Infrastructure
Vault service to store secrets and manage encrypted resources.
If you select the option to enable Vault support, the
Use Existing Vault? option is
displayed, and you can select this to use an existing vault to
store secrets and manage encrypted resources. If the
Enable Vault Support? check box is
selected and the Use Existing Vault?
check box is not selected, then a new vault will be created.
Note that the option to disable Vault support is currently not
available.
Log Configuration
Upload Logs?: Select to
upload logs to the Oracle Cloud Infrastructure Logging service.
Auto Upgrade DVP Artifacts
Enable Auto Upgrade?: Select to auto upgrade the Availability Monitoring Deployment Manager and monitors to the latest version.
On the Review page, verify your stack configuration, and perform
one of the following actions:
Select the Run Apply on the created
stack? option and immediately provision the resources
defined in the Terraform configuration by running the
Apply action on the new stack, and click
Create.
Click Create and optionally click
Plan on the Stack
Details page to generate an execution plan (run a plan
job) to identify errors, if any. You can then click
Apply to run the apply job for the stack.
For more information on Resource Manager concepts such as plans
and jobs, see Key Concepts.
For more information on the options available on the
Stack Details page and the tasks that
can be performed, see Managing Stacks
and Managing Jobs.
The resources are created and attached to the stack. After the stack is successfully set up, go to Availability Monitoring and click Dedicated Vantage Points on the left pane. The Dedicated Vantage Point is listed on the Dedicated Vantage Points page. To verify if the Dedicated Vantage Point is ready to be used, go to the Monitors page, click Create Monitor, and on the Run Settings page in the Create Monitor wizard, confirm that the newly created Dedicated Vantage Point is listed in the Vantage Points drop-down list. For information on creating a monitor, see Create a Monitor.
Monitor Dedicated Vantage
Points 🔗
After setting up a Dedicated Vantage Point, you can monitor the Dedicated
Vantage Point.
To monitor a Dedicated Vantage Point:
Navigate to the Availability Monitoring page.
On the left pane, click Dedicated Vantage Points,
select the compartment in which you created the Dedicated Vantage Point, and the APM
Domain to which it's registered.
The Dedicated Vantage Point is
listed.
Click the name of the Dedicated Vantage Point.
The
<name of the Dedicated Vantage Point> page is
displayed.
On the <name of the Dedicated Vantage Point> page, you can:
Review information such as the region, when the Dedicated Vantage
Point was created, and so on. You can also perform actions such as adding tags
or deleting the Dedicated Vantage Point. Note that if you delete the Dedicated
Vantage Point, any monitor that is only running on the Dedicated Vantage Point
will also be deleted. If the monitor is also running on other public or
dedicated vantage points, then it will not be deleted.
Scroll down to view Dedicated Vantage Point-related
Metrics.
Click Monitors under
Resources on the left pane to view the monitors
running on the Dedicated Vantage Point, if any.
Update an Existing Dedicated
Vantage Point 🔗
You can update an existing Dedicated Vantage Point by updating the
configuration of the Dedicated Vantage Point stack in Resource Manager.
Here are the steps to be performed to update a Dedicated Vantage Point:
Create a stack using the latest APM Availability Monitoring Dedicated Vantage Point template. For information, see Set Up a Dedicated Vantage Point.
On the Stack Details page of the newly created stack, click
Plan to generate an execution plan (run a plan job). The
new plan job is listed under Jobs. For information, see To
generate an execution plan (run a plan job) in Managing Stacks and Managing
Jobs.
On the Job Details page of the plan job, click
Download Terraform Configuration to download the
Terraform configuration .zip file. For information, see To view
jobs and job details in Managing Stacks and Managing
Jobs.
Go to the Stacks page and for the Dedicated Vantage Point
that you want to update, click the Edit option. For
information, see To edit a stack in Managing Stacks and Managing
Jobs.
On the Stack Information page in the Edit
Stack wizard, update the configuration stack using the Terraform
configuration .zip file that you downloaded in step 3. For
information, see To update the configuration for a stack in Managing Stacks and Managing
Jobs.