Prerequisites for a Private Endpoint

Before you create an Oracle Analytics Cloud instance with a private endpoint, complete the required prerequisites.

The prerequisites are the same for both scenarios:

  • Private access from an on-premise network through an Oracle Cloud Infrastructure VCN
  • Private access from hosts in an Oracle Cloud Infrastructure VCN
  1. Set up the Oracle Cloud Infrastructure VCN with a subnet for Oracle Analytics Cloud.

    The VCN must be in the region where you plan to deploy Oracle Analytics Cloud. See Working with VCNs and Subnets.

    Note

    If you plan to access Oracle Analytics Cloud from an on-premise network, keep some address space available in the VCN for additional subnets in case you need them for host name resolution.
  2. Ensure that you (or whoever plans to create the Oracle Analytics Cloud instance) have the required policies to access the VCN.

    Several options are available. Choose the most appropriate level for you:

    Broad Resource Access Policy

    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ compartments IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO MANAGE virtual-network-family IN TENANCY

    Limited Resource Access Policy

    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ compartments IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ virtual-network-family IN compartment <compartment name of VCN>
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO USE subnets IN compartment <compartment name of subnet>
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO MANAGE vnics IN compartment <compartment name of AnalyticsInstance>

    Moderate Resource Access Policy - Option 1

    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ compartments IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ virtual-network-family IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO USE subnets IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO MANAGE vnics IN TENANCY

    Moderate Resource Access Policy - Option 2

    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO READ compartments IN TENANCY
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO USE virtual-network-family IN compartment <compartment name of VCN>
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO MANAGE virtual-network-family IN compartment <compartment name of AnalyticsInstance>
  3. Optional: If you plan to restrict incoming traffic (ingress) using network security group rules, you can do so when you create your Oracle Analytics Cloud instance or you can save the task for later.
    If you want to configure network security groups when you create your Oracle Analytics Cloud instance, make sure the network security groups exist in the same VCN as your Oracle Analytics Cloud and you have the required policies to use network security groups.
    • ALLOW GROUP <ANALYTICS ADMIN GROUP> TO USE network-security-groups IN TENANCY