Oracle Cloud Database-related Prerequisite Tasks
Before you enable and use Database Management for Oracle Cloud Databases, you must complete the prerequisite tasks listed in the following table.
Currently, you can use Database Management to monitor and manage Oracle Databases on the following co-managed Oracle Database cloud solutions:
- Base Database Service
- Exadata Cloud Infrastructure
| Task | Description | More Information |
|---|---|---|
| Grant a database user the privileges required to monitor and manage the Oracle Cloud Database and save the database user password in a secret | You must grant the database user the privileges required
to monitor and manage the Oracle Cloud Database in Database Management. You can use the available SQL scripts to
create a new database user with the required set of privileges to
monitor the Oracle Cloud Database or to perform advanced diagnostics and
administrative tasks.
Use the Oracle Cloud Infrastructure Vault service to save the database user password in a secret with an encryption key. The Vault service is a managed service that enables you to centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Note that if you change the database user password, then you must also update the secret with the new password by creating a new version of the secret and updating the contents. Configure Gradual Password Rollover For Oracle Databases 19c and later, it's recommended that you define a gradual password rollover time, which allows you to connect to the database using both the old and new passwords during the gradual rollover time period. Since both the old and new passwords are valid for some time, downtime is minimized. Using a gradual password rollover, you can avoid any disruptions in the use of Database Management features for your databases. |
For information on the required database user privileges,
see Database User Privileges Required for Database Management.
For information on the SQL script to create a monitoring user with the privileges required to monitor the Oracle Cloud Database, see Creating the Oracle Database Monitoring Credentials for Database Management (Doc ID 2857604.1) in My Oracle Support. For information on the SQL script to create a user with the privileges required to perform advanced diagnostics and administrative tasks, see Creating the Oracle Database Management Advanced Diagnostics User and Administration User (Doc ID 2978493.1) in My Oracle Support. For information on the Vault service, its concepts, and how to create vaults, keys, and secrets, see Vault. For information on the Gradual Password Rollover feature, see Managing Gradual Database Password Rollover for Applications in Oracle Database Security Guide. |
| Create a Database Management private endpoint | A Database Management private endpoint is required to enable communication between Database Management and the Oracle Cloud Database in a VCN. The Database Management private endpoint is its network point of presence in the VCN in which the Oracle Cloud Database can be accessed. | For information on how to create a Database Management private endpoint, see Create a Database Management Private Endpoint. |
| Enable communication between Database Management and the Oracle Cloud Database | You must add ingress and egress security rules to Network Security Groups (NSGs) or Security Lists in the Oracle Cloud Database's VCN to allow communication between the Database Management private endpoint and the Oracle Cloud Database. | For information on how to enable communication between Database Management and the Oracle Cloud Database, see Enable Communication Between Database Management and Oracle Cloud Databases. |
| Save the database wallet as a secret in the Vault service if you want to use the TCPS protocol when enabling Database Management (Optional) | If you opt to use the TCP/IP with Transport Layer
Security (TCPS) protocol to securely connect to the Oracle Cloud
Database, then you're required to enter the port number and upload the
database wallet when enabling Database Management.
The authentication and signing credentials, including the private keys, certificates, and trusted certificates used by Transport Layer Security (TLS) are stored in a wallet. This wallet must be saved as a secret with an encryption key in the Vault service. The supported database wallet formats are:
Note that the JKS and PKCS wallet formats are not supported in the US Gov realms and only the BCFKS wallet format is supported. |
For information on how to configure TLS authentication,
see Configuring Transport
Layer Security Authentication in Oracle
Database Security Guide.
For information on the Vault service, its concepts, and how to create vaults, keys, and secrets, see Vault. |