Oracle Autonomous Database: Private Access via OCI Load Balancer
We often get asked by customers to provision database in Private network to restrict from which CIDR/IP ranges it can be given access to.
In this blog, we will see at a similar architecture where we will try to access Oracle Autonomous Database created in Private Network via OCI Load Balancer created in Public network and try establishing connection to ADB from local SQL Developer
Pre-Requisite:
- VCN with Public-Private Subnets is already in place.
- Private Subnet is allowing traffic only from Public Subnet.
- Oracle Autonomous Database is already provisioned in Private Network with access only from OCI Load Balancer subnet CIDR. Have explained provisioning ADB in private network in this blog here.
NOTE: Don’t allow traffic on Public/Private Subnets on 0.0.0.0/0. On public subnet allow traffic from a specific range on TCP:1522 which is ADB port. Allow Ingress traffic on Private subnet (ADB Subnet) only from Public subnet CIDR on TCP:1522.
Provisioning Load Balancer
To Provision Load Balancer, go to Networking → Load Balancer → Create Load Balancer.
- Give name to the load balancer
2. Choose Load Balancer Shape, I am going with Flexible Shape and default bandwidth. Also, choose the VCN and Public Subnet on which the Load Balancer is to be created and click “Next”
3. Update Health Check policy in the next screen with TCP:1522 and don’t add any backends at the moment, we will add them later
4. Populate Protocol and Port for Listener as TCP:1522
click next and submit to complete provisioning Load Balancer.
5. Now, the Load Balancer is created without a Backend, hence your Load Balancer will be in incomplete state
6. Let us backends, for this scroll down on the Load Balancer screen → Backends → Click on Backendset Name → Backends → Add Backend
7. Choose Backend as IP Address → Populated Pvt. IP Address of Autonomous Database with port as 1522 and click Add to complete adding backend to Load Balancer.
Private IP of Autonomous Database can be fetched from Autonomous Database instance screen
This completes provisioning of OCI Load Balancer and adding Pvt. ADB as it’s backend. In the next couple of minutes your Load Balancer & it’s backends health should be “OK”
Connect Pvt. ADB from Local SQL Developer
To connect Pvt. ADB from Local SQL Developer, we have to first download wallet file from ADB Instance (Oracle Database → Autonomous Database → Click on Database Name → Database Connection → Download Wallet)
Update an entry in your system /etc/hosts file with Load Balancer Public IP & ADB Host
Go to SQL Developer, click on Create Connection.
Choose Authentication type as default, populate username/password, choose Connection Type as Cloud Wallet, browse the Wallet you have downloaded in previous step (service will be auto populated once you upload the right wallet file). Then click on Test to see that it has successfully connected to Pvt. ADB.
This successfully completes creation of connection to Pvt. ADB from Local SQL Developer using OCI Load Balancer. The process remains the same even if you are using OCI Bastion inplace of Load Balancer, the only change would be you need not create an entry in /etc/hosts file. You’ll create Bastion and establish a port forwarding session in Bastion by providing Private IP of ADB on port 1522.
!!!Happy Reading!!!
