Month: July 2019

Multitenant Common Users Accessing Application Tables in PDBs

I recently had a requirement where the Common User in a Multitenant DB environment wanted to access application tables across Pluggable Databases (PDBs) but at the same time access dictionary views across all PDBs without the need to manually switch between containers. 

This was because I had to setup a monitoring user account to monitor all PDBs performance as well as application workload.

In this example I will show you how the Common User (created at CDB level) can be configured to access the application tables (create at PDB level)

Continue reading “Multitenant Common Users Accessing Application Tables in PDBs”

Advertisement

OCI – Remote Peering 2 Virtual Cloud Networks across different Regions

In a previous blog, I explained how to local peer two Virtual Cloud Networks (VCNs) located in the same Region. In this blog, I am going to show you how you can remote peer two VCNs located in different Regions. You might want to use this approach for High Availability or Disaster Recovery scenarios or simply to interconnect private workloads across multiple regions. In order to remote peering 2 VCNs, we are going to use a new type of Networking Gateway in Oracle Cloud Infrastructure, called Dynamic Routing Gateway (DRG). It is important to mention that the communication between the 2 regions does not route over the Internet, but via a dedicated network pre-established private fast connection/backbone, so the communication is secured and low latency. Just for the record, DRGs are the same type of gateways that you would use to establish connectivity between any other Data centres (e.g. on-premise DC or other Cloud providers, e.g. AWS, MS Azure, GCP), as well as to establish IPsec VPN connections or during a dedicated Fast Connect Private Peering communication, but that would be another blog.

For this demo, we are going to connect workloads between Phoenix and Ashburn. Each region will have its own VCN and within each VCN we are going to deploy a private subnet with 1 Linux VM, used to test the inter-communication across the regions.

For the purpose of this demonstration, I am going to show how to:

  1. Attach and configure DRG to each of your VCNs, located in different regions and establish the remote peering.
  2. Configure 2 private VMs, each in a different VCNs (different AD)
  3. Use public bastion host to connect to 1 of the private VMs and then confirm connectivity into the other private VM (cross-region connectivity).

This is a high-level visual representation:

Ok, let’s have fun!!!

Continue reading “OCI – Remote Peering 2 Virtual Cloud Networks across different Regions”

Enabling REST APIs to consume data from Oracle Autonomous Databases (ADW/ATP)

In a previous blog, I showed how to develop microservices to connect to Autonomous Databases and consume data (read/write) via REST APIs. Although I still highly recommend that approach, the reality is that there is an easier way to do it using Oracle REST Data Services modules that come included with any Oracle Autonomous Database (ADW/ATP).

This way you simply have to:

  1. Configure the API endpoint (Method + URL) that you want to expose as a REST API
  2. Define the underlying SQL statement that will serve to your endpoint (i.e. SELECT, INSERT, UPDATE, DELETE statements or a more complex PL/SQL script)
  3. Define the security mechanism to properly protect your APIs

That’s pretty much it, this should be a very quick, yet powerful alternative to building your own microservices to consume data from Autonomous DBs.

Continue reading “Enabling REST APIs to consume data from Oracle Autonomous Databases (ADW/ATP)”

Calling OCI APIs from Postman

Oracle’s Cloud Infrastructure has been designed in an API-first manner, which is awesome for all sorts of infrastructure automation tasks. It also implements an interesting API security model, in which all requests must be signed using a private key, associated with a public key which has already been configured in OCI (here, the developers are showing their infrastructure roots, as this echoes how SSH Auth is normally handled). The documentation of this model provides sample code in a number of languages, which is perfect if you are writing automation scripts, but is a little inflexible for ad-hoc testing. Typically I much prefer to use a rich graphical REST client, such a Postman, so that I can easily tweak my parameters and try out different types of calls before I write any code. Unfortunately while Postman is well equipped for Basic and Token based Auth, HTTP-Signature is not natively implemented, and rather than abandon Postman for a new tool, I set out to implement it using Postman’s powerful scripting capabilities. In this blog post I provide the result of this, which is a downloadable collection which provides all of the required scripts, and discuss the approach used.

Continue reading “Calling OCI APIs from Postman”

OCI – Local Peering 2 Virtual Cloud Networks across different Availability Domains in the same region

In a previous blog, I explained how to get started with Oracle Cloud Infrastructure Networking primitives to allow Internet traffic into your Virtual Cloud Network. In this blog, I will show you how to peer 2 different Virtual Cloud Networks (VCNs), using VMs across different Availability Domains (AD) in the same region. For this, we are going to use a new type of OCI Networking Gateway, called Local Peering Gateway (LPG).

In Oracle Cloud Infrastructure, VCN are regional and subnets can be configured as regional resources too. This means that they can span across multiple Availability Domains within the same region (normally 3 ADs per region). For this demo, we are going to provision a private VM in a different Availability Domain (AD), each in a different VCN, so that we can make sure that we can establish connectivity across 2 VMs located in different VCNS and Ads, via the Local Peering

For the purpose of this demonstration, I am going to show how to:

  1. Attach LPG to each of your VCNs in the same region and establish the local peering.
  2. Configure 2 private VMs, each in a different VCNs (different AD)
  3. Use public bastion host to connect to 1 of the private VMs and then confirm connectivity into the other private VM.

This is a high-level visual representation:

Ok, let’s have fun!!!

Continue reading “OCI – Local Peering 2 Virtual Cloud Networks across different Availability Domains in the same region”

Getting started with Oracle Cloud Infrastructure Internet and NAT Gateways

Oracle Cloud Infrastructure makes it easy to allow secured ways to let your compute instances in the Oracle Public Cloud to reach the internet, as well as being reachable from the Internet when needed. There are 2 main types of Networking Gateways that makes this easy to implement:

  • Internet Gateway: This type of gateway is directly attached to your Virtual Cloud Network (VCN) and lets your compute instances, that reside in a public subnet, to reach the Internet and being reachable from the Internet. A classic example of this is a bastion host that needs to be accessed via SSH from outside your VCN and that also needs connectivity to the Internet.
Continue reading “Getting started with Oracle Cloud Infrastructure Internet and NAT Gateways”
%d bloggers like this: