top of page
Search

Oracle Fusion Data Intelligence(FDI) - Connect to Oracle Autonomous Databases(ADB) with private endpoints.

This Blog outlines the steps required for securely connecting public FDI to an Oracle Autonomous Database (ADB) private endpoint.


With increasing security and compliance requirements, many organisations prefer private connectivity over public endpoints when integrating cloud services. If you are using Oracle Fusion Data Intelligence (FDI) and need to connect to an Oracle Autonomous Database (ADB) configured with a Private Endpoint, this guide walks you through the architecture, prerequisites, and step-by-step approach.


1. Understanding the Architecture

When using a Private Endpoint, your Autonomous Database is not exposed to the public internet. Instead, it is accessible only within a Virtual Cloud Network (VCN).


In this setup:

  • Oracle Fusion Data Intelligence (FDI) runs in Oracle-managed tenancy.

  • Autonomous Database (ADB) is deployed in your OCI tenancy.

  • Connectivity is established using:

    • Private Endpoint

    • VCN Peering (Local or Remote)

    • FastConnect (if hybrid)

    • Proper route tables and security rules

The goal is to allow FDI to securely access ADB over private networking.



Below mentioned the simplified reference architecture showing FDI with a public endpoint and ADB deployed on a private endpoint in the same tenancy and region. This setup is for illustrative purposes and only applicable when FDI and the database are in the same region and tenancy.



Prerequisites

Before configuring the connection, ensure:

  • Autonomous Database is provisioned with Private Endpoint enabled

  • You have access to:

    • OCI Console

    • VCN configuration

    • Route tables and Security Lists / NSGs

  • Proper IAM policies are configured

  • Database wallet (if required)

  • Required database credentials created


High-Level Steps

Step 1: Confirm ADB Private Endpoint Configuration

In OCI:

·    Navigate to Autonomous Database

·    Verify:

o    Private Endpoint is enabled

o    Private IP address assigned

o    VCN and Subnet details

Ensure the subnet allows traffic from FDI source CIDR ranges.



Step 2: Configure Networking Between FDI and Your VCN

Since FDI runs in an Oracle-managed tenancy, you must enable private connectivity via:

Option A: VCN Peering

·    Set up Local Peering Gateway (LPG) if within same region

·    Or Remote Peering Gateway (RPG) if cross-region

Option B: FastConnect (Hybrid)

If connecting from on-premise architecture integrated with FDI, use FastConnect.

Update:

·    Route Tables

·    Security Lists

·    Network Security Groups (NSG)

Allow:

·    TCP Port 1522 (mTLS default for ADB)

·    Or Port 1521 (if configured)



Step 3: Update Security Rules

In your ADB subnet:

Add Ingress Rule:

·    Source: FDI private CIDR

·    Protocol: TCP

·    Port: 1522

If using NSGs:

·    Attach NSG to ADB

·    Allow FDI IP ranges



Step 4: Configure Connection in FDI

In Oracle Fusion Data Intelligence:

1. Navigate to Data Configuration → Data Sources

2. Create a new connection

3. Choose:

o    Oracle Autonomous Database

4. Provide:

o    Private Hostname (not public endpoint)

o    Service Name (e.g., high, medium, _low)

o    Port (1522 recommended)

o    Username & Password

If using mTLS:

·    Upload Wallet

·    Configure JDBC string properly

Example JDBC format:

jdbc:oracle:thin:@(description=

  (retry_count=20)

  (retry_delay=3)

  (address=(protocol=tcps)(port=1522)(host=<private-hostname>))

  (connect_data=(service_name=<service_name>))

(security=(ssl_server_dn_match=yes))

)



4. IAM Policies Required

Example policy:

Allow group <FDI_Admin_Group> to manage autonomous-database-family in compartment <Compartment_Name>

Ensure:

·    Network administrators can manage VCN

·    FDI service principal has access


5. Validation & Testing

After configuration:

·    Test connection from FDI

·    Validate DNS resolution of private hostname

·    Check:

o    Route tables

o    Security rules

o    NSG

o    Peering status

Common errors:

·    ORA-12541: No listener → Likely routing issue

·    ORA-29024: Certificate validation failure → Wallet or TLS mismatch

·    Timeout → Security rule or port blocked


6. Best Practices

·    Use mTLS (Port 1522) for secure connectivity

·    Restrict ingress CIDR to minimum required

·    Use NSGs instead of Security Lists where possible

·    Monitor using OCI Logging & ADB metrics

Regularly rotate database credentials


  1. Summary

Connecting Oracle Fusion Data Intelligence to an Autonomous Database Private Endpoint strengthens security by eliminating public exposure.

The key components are:

·    Proper VCN design

·    Secure routing

·    Correct security rules

·    Accurate connection configuration in FDI

Once configured correctly, this architecture provides:

✔ Secure private connectivity✔ Enhanced compliance posture✔ Reliable high-performance data integration


NZOUG Advise : If you're implementing this in a production environment, it’s recommended to validate connectivity in Non-Prod first and document network flows clearly for your cloud and security teams.






 
 
 

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page