Managing Connections

To perform migration, create connections to your source and target databases by creating database connection resources. Database Connection resources enable network connectivity to the source and target databases.

Creating Connections

Oracle Cloud Infrastructure Database Migration database connection resources contain the connectivity details of the migration source and target databases. Create connection database resources in the Database Migration Databases Connections page.

Note

Oracle Cloud Infrastructure Database Migration service runs network connectivity tests followed by database login tests (to validate credentials) using the information that you provided while creating database connections. See Testing Connectivity of a Database Connection.

Note

If the source database is a multitenant container database (CDB), and you are performing an online migration, you must create two connection entries for the source database: one for the PDB and one for the CDB. For offline migrations only the PDB connection is required.

You will create only one database connection resource for the target database.

Log in to the Console as a user with permissions to create database connections in Database Migration.
Open the navigation menu. Under Database Migrations click Database Connections.
Click Create Connection.
On the Database Details step, in the Name field, enter a display name for the database connection resource.

This is not the actual database name, but a name that will appear in a list of databases connections on completion of this procedure. Note that the database connection resources for all source databases (CDB and PDB) and target databases will appear the same list.
In Compartment select the compartment in which the Database Connection resource will be created.
In Vault in Compartment select the security vault.

Database Migration uses the OCI Vault to store user secrets such as passwords, wallets, and keys, and encrypts them with the user-supplied encryption key.

You can select a vault in a different compartment by clicking Change Compartment.
In Encryption Key in Compartment select the keystore that you configured in the vault.

Only AES algorithm type keys are supported.
Select and enter the appropriate information for one of the following options.
- Select Database: You can use this option to select a database configured in the same region on OCI.
  
  Note that for this option the following fields are pre-filled with values for the CDB, so if you are registering a PDB you will need to correct the values.
  - Database Type: Select Database (Bare Metal, VM, Exadata) or VM Cluster Database for this option. Note that Autonomous Database is not supported as a source database.
  - Database System in Compartment: Select an OCI database.
  - Database Home: The database home (not applicable to Autonomous Database or VM Cluster)
  - Database: The database (not applicable to Autonomous Database)
  - Connect String: This is the full connect string with host, port, and service name. The default connect string is for the CDB of the given database system. When creating connection for a PDB, update the service name in the connect string. (not applicable to Autonomous Database)
- Manually Configure Database: Use this option to select a source database that is not directly accessible on OCI.
  
  Use this choice if the source database is not in the same region or tenancy in OCI, an on premises database, or a manually installed cloud database.
  
  Note
  
  Databases configured manually cannot be used as target databases in migrations.
  - Database Type: Select Oracle or Amazon RDS for this option.
  - Based on the Database Type selected you then enter connection information in the following fields.
    - For Database Type Oracle:
      
      Host: listener host IP address
      
      Port: listener port number
      
      Service Name: database CDB, PDB, or non-CDB database service name
    - For Database Type Amazon RDS:
      
      Connect String: This is the full connect string with host, port, and service name, for example:
      
      host:port/db-service-name
      
      If a private endpoint is specified in the connection, the host entry should be a valid IP address.
      
      Note
      
      Amazon RDS is only supported as a source database. For more information about the Amazon RDS source database use case, see Migrating Databases from Amazon Web Services RDS to Oracle Autonomous Database
Create private endpoint to access this database indicates whether the database is publicly accessible or if you want to create a private endpoint.

Check this box if you plan to connect your database over a private IP address. Do not check it if the database has a public IP address.

Note that if you are creating connection for an Autonomous Database, the Subnet in Compartment field is populated automatically with the connection string.
In Subnet in Compartment, select the subnet to which a private endpoint is created from the Oracle Cloud Infrastructure Database Migration service tenancy. This creates a network route for the Oracle Cloud Infrastructure Database Migration deployment to connect to the database within your customer tenancy. Select the subnet containing the appropriate Virtual Cloud Network (VCN), then click Next.Click Change Compartment to select a subnet in a different compartment.

If the source database is a PDB, you only need to fill this out in the database connection resource for the PDB, not the CDB.
The Advanced Options section allows you to optionally create tags.
On the Connection Details step, the fields displayed are dependent on which database type you selected in the previous step.
- Database administrator credentials:
  
  Enter the database administrator credentials in Initial load database username and Initial load database password.
  
  For source and target database connections, the user entered must have the required initial load privileges.
  Note
  
  For online migrations, if you want to perform the replication using the initial load user name or a specific replication user name, then this user must have the required replication privileges. See Preparing Your Databases for Migration for further details.
  
  SYS is not accepted.
- Select Use different credentials for replication to enter the credentials for replication. Select this option if you want to use a separate database user for performing replication for your online migrations. The following options are available:
  - Replication database username
  - Replication database password
- In Show optional SSH settings, provide the SSH information for your database hosts if you wish to provide SSH access to the service to perform the migrations. Provide the SSH related information as follows:
  SSH settings:
  Note
  
  Ensure that the private SSH key file is an RSA key in PEM format. See Required Keys and OCIDs for more information.
  
  In SSH database server hostname, enter the IP address of the database host. This will be used by the service to connect to your host through/via SSH to perform the migration. Select the valid private key file used for database host access.
  Note
  
  Enter a valid SSH username that will be used by the service to create a ssh session to the database host. This user should have the sudo privilege to perform the necessary operations.
  
  In SSH Private Key, select the private key file used to access the database server host.
  
  In SSH Username enter an OS user name for the database host. This user must be a privileged user allowed to run sudo.
  
  Note that the opc user is a standard Oracle cloud user that is used to access database servers, but you can use any privileged user that has sudo privileges.
  
  In SSH Sudo Location enter the sudo binary location on the database host.
Click Create.

After you click Create, the database connection name appears in the Connection list while the creating connection operation runs. The creating connection operation can take a few minutes.

You can monitor the operation status in the State column. When the state is Active, the database connection creation is complete and successful.

When the resource creation is complete and successful, check the Security Vault service to verify that the SSH private key file was uploaded and enabled in the vault you configured.

Note

Remember to run through this procedure twice if your source database is a PDB, to create two source database connection resources: one for the PDB and one for the CDB.

Testing Connectivity of a Database Connection

You can test the connectivity of a database connection before you start or create a migration. You can get information about the connection and fix any configuration issues before running the migration.

You can diagnose issues with a database connection such as:

Incorrect IP address and/or port.
Incorrectly declaring a connection public or private.
Incorrect, expired, or locked database credentials.
Missing entries in security lists or NSGs to allow communication with database IP or port.
Connection failures through FastConnect, VPN, or any other network connectivity issues for your on-premises database.
Oracle Cloud Infrastructure Database Migration service runs a network connectivity check followed by JDBC Connection or Socket Connectivity using the Database Connection data that you provide.

To test the connectivity of a database connection use either of the following methods:

From the action menu (three dots), select Test connection.
Select the database connection, which opens the Database connection details page and click the Test connection button.

The Test connection dialog is displayed.

The Test connection dialog displays the following details:

Result of the connection test. Following results are available:
- Diagnostic tests passed, connection to your database was successful.
- Connection diagnostics test failed
Error codes and the accompanying error messages.
Cause: The issue causing the connection failure.
Action: The action you can perform to resolve the error.

Viewing Connection Details

Database connection details page

On the Database connection details page you can view a list of your Connections in a table, which includes the following information:

Name of the Connection resource
State of the Connection resource, which can be any one of the following:
- Creating: The new Connection resource is being created in OCI.
- Updating: Changes to the Connection resource are being registered in OCI.
- Active: The Connection resource has finished being created or updated and is ready for use.
- Inactive: A fallback state for unexpected errors.
- Deleting: This state appears when you delete a Connection resource. The resource remains in this state until deletion is completed, at which point the resource is no longer listed in the console.
- Failed: There are problems with the Connection resource. You can review the Connection resource work requests to investigate the issue.
Created date and time

Database connection details page

Select a Connection from the Database connection details to view its details.

On the Database connection details page you can view the Connection information, including:

OCID: The resource's unique Oracle Cloud ID.
Compartment: The compartment where the Connection resides.
Created: The date and time when the Connection was created.
Encryption Vault: The link takes you to the Vault Details page.
Encryption Key: The link takes you to the Key Details page
Subnet: The link takes you to the Subnet Details page.
Database Type: Autonomous Database, Database (BareMetal, VM, Exadata), VM Cluster Database (Exadata), Oracle, or Amazon RDS
Database: For OCI co-managed databases--Autonomous Database, Database (BareMetal, VM, Exadata), VM Cluster Database (Exadata)--the display name of this Connection is also shown. The link takes you to the Database Details page in OCI.

Network security groups

On the Database connection details page, under the Resources on the left side of the page, you can find the Network Security Groups that can be associated, with this database connection.

Note

You can associate NSGs available in your VCN to the connection. The NSGs that are listed for a subnet are only applicable to your current VCN.
You can add network security groups in Database Migration Service to control traffic, if you have connected over private endpoints while registering databases. The advantage of network security groups (NSGs) is that rules can be limited to individual resources within a subnet, whereas Security Lists apply to all resources within a subnet.
Associating NSGs to database connections provides you fine grained control over the access to your database connection resources that are involved in the migration process (Source and Target). See Network Security Groups for more information.

Click Add network security groups to open the Add network security groups panel.
Select a network security group from the compartment and click Add network security groups.
You can add up-to five unique network security groups by clicking on Another network security group.

You can view the following details associated with the Network security groups Resource:

Name : The name of the added network security group.
State: The state of the network security group.
Compartment : The compartment where the network security group resides.
Created : The date and time when the network security group was created.

Select single or multiple network security groups to remove them by clicking Remove in the Remove network security groups confirmation dialog.

Select View details from the actions menu (three dots) for a specific NSG to view information related to VCN.

Work Requests

On the Database connection details page, under the Connection information box you can find the Work Requests list. Work Requests lists any work requests sent to OCI to facilitate the creation, update, or deletion of this resource. Click the work request to go to the Work Request Details page for more information about the work request.

Editing a Connection

To edit a connection:

In the list of databases on the Databases connection details page, select the Name of the Connection you want to edit.
In the Database connection details page, select Rename to change the name of the Connection.
Select Edit next to any of the following fields to update the settings:
- Encryption Key: You can change the selected vault, encryption key, and compartment in which to create a secret. Only AEP algorithm type keys are supported.
- Subnet: You can update the subnet and private endpoint compartment network connectivity settings.
- Database: you can update the database administrator user name and password used to connect to the database. When editing a non-Autonomous database connection, you can also edit connect string, SSH details, and TLS details. The following options are available:
  - Connect string
  - Initial load database username
  - Initial load database password
  - If you select Use different credentials for replication , enter the following details:
    - Replication database username
    - Replication database password
  - Keep existing certificates/key pair configuration
  - Remove certificate/key pair configuration
  - Update certificate/key pair configuration
  - In the Show optional SSH settings, provide the SSH information for your database hosts if you wish to provide SSH access to the service to perform the migrations. Provide the SSH related information.
Click Save Changes.

Moving a Connection

You can move a Connection from one compartment to another.

To move a Connection:

In the list of databases on the Database connection details page, select Move Resource from the Actions (three dots) menu for the database you want to move.
You can also select Move Resource on the Database connection details page.
In the Move Resource to a Different Compartment dialog, select the compartment to move the Connection to from the dropdown.
Click Move Resource.

After you move the Connection to the new compartment, inherent policies apply immediately and may affect access to the Connection through the Console. For more information, see Managing Compartments.

Deleting a Connection

Before you delete a Connection, ensure that you carefully review any resources that reference the Connection. It is not possible to delete a Connection if it is references by a migration. You must delete the migration before deleting the associated Connections.

Deleting a Connection also deletes the private connection and database credentials, so it will no longer be accessible to migrations. After you delete a Connection, it cannot be restored.

Note

Connections also capture and synchronize database credentials to Database Migration. Any change made to the credential, such as updating or deleting, synchronizes to Database Migration. You will encounter issues when the Replicat or Extract attempts to reconnect to a deleted Connection.

To delete a Connection:

In the list of databases on the Database connection details page, select Delete from the Actions (three dots) menu of the database you want to delete.
You can also click Delete on the Database connection page.
In the Delete dialog, click Delete.

Managing Tags for Connections

Tags help you locate resources within your tenancy. You can add and view a connection's tags from the Database Connections page and from the Database connection details page.

On the Database connection details page, from the Connection's Actions (three dots) menu, select Add Tags or View Tags.

On the Database connection details page, you can select Add Tags above the Connection Information box, or click the Tags tab to view and edit tags.

See Managing Tags and Tag Namespaces to learn more about tagging.

Using the Connection API

You can use the following operations to manage Connection resources:

For information about using the API and signing requests, see REST APIs and Security Credentials. For more information about SDKs, see Software Development Kits and Command Line Interface.

Oracle Cloud Infrastructure Documentation