Connecting to an Exadata Cloud Infrastructure Instance

This topic explains how to connect to an Exadata Cloud Infrastructure instance using SSH or SQL Developer.

How you connect depends on how your cloud network is set up. You can find information on various networking scenarios in Networking Overview, but for specific recommendations on how you should connect to a database in the cloud, contact your network security administrator.

Note

Exadata Cloud Infrastructure servers cannot be joined to Active Directory domains, and the service does not support the use of Active Directory for user authentication and authorization.

Prerequisites

List of the requirements for SSH access to a compute node in an Exadata Cloud Infrastructure instance.

You'll need the following:

  • The full path to the file that contains the private key associated with the public key used when the system was launched.

  • The public or private IP address of the Exadata Cloud Infrastructure instance.

    Use the private IP address to connect to the system from your on-premises network, or from within the virtual cloud network (VCN). This includes connecting from a host located on-premises connecting through a VPN or FastConnect to your VCN, or from another host in the same VCN. Use the public IP address to connect to the system from outside the cloud (with no VPN). You can find the IP addresses in the Oracle Cloud InfrastructureConsole as follows:

    • Cloud VM clusters ( new resource model ): On the Exadata VM Cluster Details page, click Virtual Machines in the Resources list.
    • DB systems: On the DB System Details page, click Nodes in the Resources list.

    The values are displayed in the Public IP Address and Private IP Address & DNS Name columns of the table displaying the Virtual Machines or Nodes of the Exadata Cloud Infrastructure instance.

SCAN Listener Port Setting

When creating a cloud VM cluster, you can optionally designate a different SCAN listener port number.

The default SCAN listener port for cloud VM clusters is 1521. When using the console To create a cloud VM cluster resource, you can optionally designate a different SCAN listener port number. In the OCI Console, this option appears under Advanced Options when creating the cluster.

Note

Manually changing the SCAN listener port of a VM cluster after provisioning using the backend software is not supported. This change can cause Data Guard provisioning to fail.

Connecting to a Virtual Machine with SSH

You can connect to the virtual machines in an Exadata Cloud Infrastructure system by using a Secure Shell (SSH) connection.

Most Unix-style systems (including Linux, Oracle Solaris, and macOS) include an SSH client. For Microsoft Windows systems, you can download a free SSH client called PuTTY from the following site: "http://www.putty.org".

Related Topics

Connecting from a Unix-Style System

To access a virtual machine on an Oracle ExaDB-D system from a Unix-style system using SSH, use this procedure.

  • Enter the following SSH command to access the virtual machine:
    ssh –i private-key user@node

    In the preceding syntax:

    • private-key is the full path and name of the file that contains the SSH private key that corresponds to a public key that is registered in the system.
    • user is the operating system user that you want to use to connect:
      • To perform operations as the Oracle Database software owner, connect as as opc and su oracle. The oracle user does not have root user access to the virtual machine.
      • To perform operations that require root access to the virtual machine, such as patching, connect as opc. The opc user can use the sudo -s command to gain root access to the virtual machine.
    • node is the host name or IP address for the virtual machine that you want to access.

Connecting to a Virtual Machine from a Microsoft Windows System Using PuTTY

Learn to access a virtual machine from a Microsoft Windows system using PuTTY.

Before you begin

Before you use the PuTTY program to connect to a virtual machine, you need the following:
  • The IP address of the virtual machine

  • The SSH private key file that matches the public key associated with the deployment. This private key file must be in the PuTTY .ppk format. If the private key file was originally created on the Linux platform, you can use the PuTTYgen program to convert it to the .ppk format.

To connect to a virtual machine using the PuTTY program on Windows:

  1. Download and install PuTTY.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

  2. Run the PuTTY program (putty.exe).

    The PuTTY Configuration window is displayed, showing the Session panel.

  3. In the Host Name (or IP address) field, enter the host name or IP address of the virtual machine that you want to access.
  4. Confirm that the Connection type option is set to SSH.
  5. In the Category tree, expand Connection if necessary and then click Data.

    The Data panel is displayed.

  6. In the Auto-login username field, enter the operating system user you want to connect as:
    1. Connect as the user opc to perform operations that require root or oracle access to the virtual machine, such as backing up or patching; this user can use the sudo command to gain root or oracle access to the VM.
  7. Confirm that the When username is not specified option is set to Prompt.
  8. In the Category tree, expand SSH and then click Auth.

    The Auth panel is displayed.

  9. Click the Browse button next to the Private key file for authentication field. Then, in the Select private key file window, navigate to and open the private key file that matches the public key that is associated with the deployment.
  10. In the Category tree, click Session.

    The Session panel is displayed.

  11. In the Saved Sessions field, enter a name for the connection configuration. Then, click Save.
  12. Click Open to open the connection.

    The PuTTY Configuration window closes and the PuTTY terminal window displays.

    If this is the first time you are connecting to the VM, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.

Accessing a Database After You Connect to the Virtual Machine

After you connect to a virtual machine, you can use the following series of commands to identify a database and connect to it.

  1. SSH in as the opc user.
  2. sudo su oracle
  3. Use the srvctl utility located under the Oracle Grid Infrastructure home directory to list the databases on the system. For example:
    /u01/app/12.2.0.1/grid/bin/srvctl config database -v
    nc122   /u02/app/oracle/product/12.2.0/dbhome_6 12.2.0.1.0
    s12c    /u02/app/oracle/product/12.2.0/dbhome_2 12.2.0.1.0
  4. Identify the database instances for the database that you want to access. For example:
    /u01/app/12.2.0.1/grid/bin/srvctl status database -d s12c
    Instance s12c1 is running on node node01
    Instance s12c2 is running on node node02
  5. Configure the environment settings for the database that you want to access. For example:
    . oraenv
    ORACLE_SID = [oracle] ? s12c
    The Oracle base has been set to /u02/app/oracle
    export ORACLE_SID=s12c1
  6. You can use the svrctl command to display more detailed information about the database. For example:
    srvctl config database -d s12c
    Database unique name: s12c
    Database name:
    Oracle home: /u02/app/oracle/product/12.2.0/dbhome_2
    Oracle user: oracle
    Spfile: +DATAC4/s12c/spfiles12c.ora
    Password file: +DATAC4/s12c/PASSWORD/passwd
    Domain: example.com
    Start options: open
    Stop options: immediate
    Database role: PRIMARY
    Management policy: AUTOMATIC
    Server pools:
    Disk Groups: DATAC4
    Mount point paths:
    Services:
    Type: RAC
    Start concurrency:
    Stop concurrency:
    OSDBA group: dba
    OSOPER group: racoper
    Database instances: s12c1,s12c2
    Configured nodes: node01,node02
    CSS critical: no
    CPU count: 0
    Memory target: 0
    Maximum memory: 0
    Default network number for database services:
    Database is administrator managed
  7. You can access the database by using SQL*Plus. For example:
    sqlplus / as sysdba
    
    SQL*Plus: Release 12.2.0.1.0 Production ...
    
    Copyright (c) 1982, 2016, Oracle.  All rights reserved.
    
    Connected to:
    Oracle Database 12c EE Extreme Perf Release 12.2.0.1.0 - 64bit Production

Using Oracle Net Services to Connect to a Database

Oracle Database Exadata Cloud Infrastructure supports remote database access by using Oracle Net Services.

Because Exadata Cloud Infrastructure uses Oracle Grid Infrastructure, you can make Oracle Net Services connections by using Single Client Access Name (SCAN) connections. SCAN is a feature that provides a consistent mechanism for clients to access the Oracle Database instances running in a cluster.

By default, the SCAN is associated with three virtual IP addresses (VIPs). Each SCAN VIP is also associated with a SCAN listener that provides a connection endpoint for Oracle Database connections using Oracle Net Services. To maximize availability, Oracle Grid Infrastructure distributes the SCAN VIPs and SCAN listeners across the available cluster nodes. In addition, if there is a node shutdown or failure, then the SCAN VIPs and SCAN listeners are automatically migrated to a surviving node. By using SCAN connections, you enhance the ability of Oracle Database clients to have a reliable set of connection endpoints that can service all of the databases running in the cluster.

The SCAN listeners are in addition to the Oracle Net Listeners that run on every node in the cluster, which are also known as the node listeners. When an Oracle Net Services connection comes through a SCAN connection, the SCAN listener routes the connection to one of the node listeners, and plays no further part in the connection. A combination of factors, including listener availability, database instance placement, and workload distribution, determines which node listener receives each connection.

Note

This documentation provides basic requirements for connecting to your Exadata Cloud Infrastructure databases by using Oracle Net Services.

Prerequisites for Connecting to a Database with Oracle Net Services

Review the prerequisites to connect to an Oracle Database instance on Oracle ExaDB-D using Oracle Net Services.

To connect to an Oracle Database on Exadata Cloud Infrastructure with Oracle Net Services, you need the following:
  • The IP addresses for your SCAN VIPs, or the hostname or IP address for a virtual machine that hosts the database that you want to access.
  • The database identifier: Either the database system identifier (SID), or a service name.

Connecting to a Database with SQL Developer

You can connect to a database with SQL Developer by using one of the following methods:

  • Create a temporary SSH tunnel from your computer to the database. This method provides access only for the duration of the tunnel. (When you are done using the database, be sure to close the SSH tunnel by exiting the SSH session.)
  • Open the port used as the Oracle SCAN listener by updating the security list used for the cloud VM cluster or DB system resource in the Exadata Cloud Service instance. The default SCAN listener port is 1521. This method provides more durable access to the database. For more information, see Updating the Security List.

After you've created an SSH tunnel or opened the SCAN listener port as described above, you can connect to an Exadata Cloud Infrastructure instance using SCAN IP addresses or public IP addresses, depending on how your network is set up and where you are connecting from. You can find the IP addresses in the Console, in the Database details page.

To connect using SCAN IP addresses

You can connect to the database using the SCAN IP addresses if your client is on-premises and you are connecting using a FastConnect or Site-to-Site VPN connection.

You have the following options:
  • Use the private SCAN IP addresses, as shown in the following tnsnames.ora example:

    testdb=
      (DESCRIPTION =
        (ADDRESS_LIST=
          (ADDRESS = (PROTOCOL = TCP)(HOST = <scanIP1>)(PORT = 1521))
          (ADDRESS = (PROTOCOL = TCP)(HOST = <scanIP2>)(PORT = 1521)))
        (CONNECT_DATA =
          (SERVER = DEDICATED)
          (SERVICE_NAME = <dbservice.subnetname.dbvcn.oraclevcn.com>)
        )
      )
  • Define an external SCAN name in your on-premises DNS server. Your application can resolve this external SCAN name to the DB System's private SCAN IP addresses, and then the application can use a connection string that includes the external SCAN name. In the following tnsnames.ora example, extscanname.example.com is defined in the on-premises DNS server.

    testdb =
      (DESCRIPTION =
        (ADDRESS = (PROTOCOL = TCP)(HOST = <extscanname.example.com>)(PORT = 1521))
        (CONNECT_DATA =
          (SERVER = DEDICATED)
          (SERVICE_NAME = <dbservice.subnetname.dbvcn.oraclevcn.com>)
        )
      )
To connect using public IP addresses

You can use the node's public IP address to connect to the database if the client and database are in different VCNs, or if the database is on a VCN that has an internet gateway.

However, there are important implications to consider:

  • When the client uses the public IP address, the client bypasses the SCAN listener and reaches the node listener, so server side load balancing is not available.
  • When the client uses the public IP address, it cannot take advantage of the VIP failover feature. If a node becomes unavailable, new connection attempts to the node will hang until a TCP/IP timeout occurs. You can set client side sqlnet parameters to limit the TCP/IP timeout.

The following tnsnames.ora example shows a connection string that includes the CONNECT_TIMEOUT parameter to avoid TCP/IP timeouts.

test=
  (DESCRIPTION =
    (CONNECT_TIMEOUT=60)
    (ADDRESS_LIST=
      (ADDRESS = (PROTOCOL = TCP)(HOST = <publicIP1>)(PORT = 1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = <publicIP2>)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = <dbservice.subnetname.dbvcn.oraclevcn.com>)
    )
  )

Connecting to a Database Using SCAN

To create an Oracle Net Services connection by using the SCAN listeners, you can choose between two approaches.

Connecting to a Database Using a Connect Descriptor that References All of the SCAN VIPs

You can set up a connect descriptor for Oracle Exadata Database Service on Dedicated Infrastructure System using multiple SCAN listeners.

This approach requires you to supply all of the single client access name (SCAN) virtual IP (VIP) addresses, and enables Oracle Net Services to connect to an available SCAN listener.

  1. Use the following template to define a Net Services alias, which is typically used to provide a convenient name for the connect descriptor:
    alias-name = (DESCRIPTION=
      (ADDRESS_LIST=
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-1)(PORT=1521))
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-2)(PORT=1521))
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-3)(PORT=1521)))
      (CONNECT_DATA=(sid-or-service-entry)))

    Where:

    alias-name is the name you use to identify the alias.

    SCAN-VIP-[1–3] are the IP addresses for the SCAN VIPs.

    sid-or-service-entry identifies the database SID or service name using one of the following formats:
    • SID=sid-name. For example: SID=S12C1.
    • SERVICE_NAME=service-name. For example: SERVICE_NAME=PDB1.example.yourcloud.com.
    Note

    By default, Oracle Net Services randomly selects one of the addresses in the address list to balance the load between the SCAN listeners.

Connecting to a Database Use a Connect Descriptor that References a Custom SCAN Name

You can set up a connect descriptor for Oracle Exadata Database Service on Dedicated Infrastructure System using a custom SCAN name.

Using this approach, you define a custom single client access name (SCAN) name in your domain name server (DNS), which resolves to the three SCAN virtual IP addresses (VIPs).

  1. Use the following template to define a Net Services alias that references the custom SCAN name:
    alias-name = (DESCRIPTION=
      (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=scan-name)(PORT=1521)))
      (CONNECT_DATA=(sid-or-service-entry)))

    Where:

    alias-name is the name you use to identify the alias.

    scan-name is the custom SCAN name.

    sid-or-service-entry identifies the database SID or service name using one of the following formats:
    • SID=sid-name. For example: SID=S12C1.
    • SERVICE_NAME=service-name. For example: SERVICE_NAME=PDB1.example.yourcloud.com.
    Alternatively, you can use the easy connect method to specify a connect descriptor with the following format:
    scan-name:1521/sid-or-service-entry
    For example:
    exa1scan.example.com:1521/S12C1
    Or
    exa1scan.example.com:1521/PDB1.example.yourcloud.com

Connecting to a Database Using a Node Listener

To connect to an Oracle Database instance on Exadata Cloud Infrastructure with a connect descriptor that bypasses the SCAN listeners, use this procedure to route your connection directly to a node listener.

By using this method, you give up the high-availability and load-balancing provided by SCAN. However, this method may be desirable if you want to direct connections to a specific node or network interface. For example, you might want to ensure that connections from a program that performs bulk data loading use the backup network.

Using this approach, you direct your connection using the hostname or IP address of the node.

Example 4-2 Defining a Net Service Alias That Directly References the Node

alias-name = (DESCRIPTION=
  (CONNECT_TIMEOUT=timeout)					
  (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=node)(PORT=1521)))
  (CONNECT_DATA=(sid-or-service-entry)))

Where:

alias-name is the name you use to identify the alias.

timeout specifies a timeout period (in seconds), which enables you to terminate a connection attempt without having to wait for a TCP timeout. The (CONNECT_TIMEOUT=timeout) parameter is optional.

node is the hostname or IP address for the virtual machine that you want to use.

sid-or-service-entry identifies the database SID or service name using one of the following formats:
  • SID=sid-name. For example, SID=S12C1.
  • SERVICE_NAME=service-name. For example, SERVICE_NAME=PDB1.example.oraclecloudatcust.com.
Alternatively, you can use the easy connect method to specify a connect descriptor with the following format:
node:1521/sid-or-service-entry
For example:
exa1node01.example.com:1521/S12C1
Or
exa1node01.example.com:1521/PDB1.example.oraclecloudatcust.com