Configuring a Private Network
You can configure your data catalog to access data sources hosted in private networks.
By configuring data catalog to access a private network, you can:
- Harvest Oracle Cloud Infrastructure data sources that are only accessible privately.
- Harvest on-premise data sources that are connected to an Oracle Cloud Infrastructure Virtual Cloud Network (VCN) using Site-to-Site VPN service or FastConnect.
You can access and harvest on premise or private data sources in Data Catalog using either their Fully Qualified Domain Name (FQDN) or private IP. The FQDN must have an A record in the configured DNS server and must not be an Oracle reserved public domain, such as
oracle.com
or
adb.oracle.com
. Valid FQDN examples:
wxyz.adb.oracle.com
and <hostname>.<subnet DNS
label>.<VCN DNS label>.oraclevcn.com
.To allow your data catalog to access a private network, you must:
- Create a private endpoint for your data catalog.
- Attach the private endpoint to your data catalog.
- Use the private endpoint while creating a data asset.
Required IAM Policies
You can create policies to define how you want your users to access data sources hosted in private networks.
View the private endpoints verb to
permission mapping to decide which verb meets your access requirements. For example,
INSPECT
allows users to view the list of available private endpoints.
Allow group <group-name> to manage data-catalog-family in tenancy
Allow group <group-name> to manage data-catalog-family in compartment <compartment-name>
Allow group <group-name> to manage virtual-network-family in tenancy
Allow group <group-name> to manage data-catalog-private-endpoints in tenancy
Allow group <group-name> to manage data-catalog-private-endpoints in compartment <compartment-name>
Prerequisites
One of the ways Oracle Cloud Infrastructure lets you configure private access for your resources is using private endpoints.
Data Catalog uses private endpoints to access the private network where your data sources are hosted. You must have the required data catalog permissions to use the Data Catalog private endpoints.
Additionally, to create, update, or delete private endpoints in Oracle Cloud Infrastructure, you need to obtain certain permissions in Oracle Cloud Infrastructure Identity and Access Management (IAM) for the relevant compartments in your tenancy. The following table lists the required permissions for virtual networking resources in Oracle Cloud Infrastructure for the private endpoint operations.
Operation | Required Access on Underlying Resources |
---|---|
Create a private endpoint |
For the private endpoint compartment:
For the subnet compartment:
|
Update a private endpoint |
For the private endpoint compartment:
|
Delete a private endpoint |
For the private endpoint compartment:
For the subnet compartment:
|
If you are managing the data catalog private endpoints resource, we recommend that
you also have the manage work requests
permission. This ensures
that you are able to view the logs and error messages that are encountered while
working with private endpoints.
Additional Resources
Here are some resources that you can use to learn more about the uses of private endpoint: