Oracle Cloud Infrastructure Documentation

Configure Autonomous Database for Proof of Concept (POC)

This use case demonstrates how to quickly configure your Autonomous Database resources on Dedicated Exadata Infrastructure for developing proof of concept (POC) applications.

Oracle Autonomous Database on Dedicated Exadata Infrastructure is a highly automated, fully managed database environment running in Oracle Cloud Infrastructure (OCI) with committed hardware and software resources. These isolated resources enable organizations to meet stringent security, availability, and performance requirements while reducing cost and complexity.

If you are looking to quickly create an Autonomous Database POC environment, continue to read on.

Tip:

For a comprehensive and recommended configuration that involves setting up separate development and production Autonomous Database environments, see Configure Autonomous Database with Reference Architecture.

Prerequisite Knowledge

To fully understand and appreciate this use case, you should have a basic understanding of Autonomous Database on Dedicated Exadata Infrastructure, including its deployment options, key infrastructure components, user roles, and main features. For more detailed information, please refer to About Autonomous Database on Dedicated Exadata Infrastructure.

Use Case

Acme Company is considering Autonomous Database on Dedicated Exadata Infrastructure for its internal project applications. Before finalizing, Acme I.T. decides to develop a proof of concept (POC) application called PocApp using Autonomous Database on Dedicated Exadata Infrastructure to help them evaluate the service capabilities.

Acme I.T. department will assume the role of fleet administrator, responsible for creating and managing Exadata Infrastructure (EI) and Autonomous Exadata VM Cluster (AVMC) resources for the company. It also takes on the application DBA role to create Autonomous Container Database (ACD) and Autonomous Database for their database users.

Note

This example illustrates the fleet administrator creating and managing Autonomous Container Database and Autonomous Database resources. However, your organization may prefer that the application DBA undertake this task.

Resources Needed

OCI IAM Components


Description of adbd-poc-iamcomps.eps follows

  • One compartment named AcmeComp to place the resources.
  • One group named AcmeGroup to which users can be assigned.
    Note

    Any user added to this group can perform as a fleet administrator, application DBA, or developer.
  • One policy called AcmeCompPolicy to specify user access to the resources at the compartment and tenancy levels.

Network Resources


Description of configure-adbd-poc-network.png follows

security list icon represents a security list.

  • Oracle Public Cloud deployments:

    • One VCN to provide network connectivity to all dedicated infrastructure resources. This VCN will connect to the Acme Company VPN using an IPSec VPN and have an Internet Gateway resource that blocks all incoming internet traffic. It will be named AcmeVCN.
    • Two subnets to provide network access isolation, one for the Autonomous Database resources and another for the application's client and mid-tier resources. These subnets will be named AcmeSubnet and AppSubnet respectively.
    Note

    For simplicity, we are using a single VCN and leveraging subnets to provide network isolation. However, you can also create multiple VCNs to provide the required network access isolation. In this example, we create both AcmeSubnet and AppSubnet under AcmeComp for simplicity. Depending on your requirements, you can optionally place these subnets in separate compartments.

  • Exadata Cloud@Customer deployments:

    • Set up network rules as listed in Network Requirements for Oracle Exadata Database Service on Cloud@Customer in Preparing for Exadata Database Service on Cloud@Customer.
    • Additionally, open Port 1522 to allow TCP traffic between primary database and standby database in an Autonomous Data Guard setup.

Autonomous Database Resources


Description of adbd-config-poc.eps follows

Autonomous Database resources as per the configuration depicted above.
  • One Exadata Infrastructure named AcmeInfrastructure.
  • One Autonomous Exadata VM Cluster (AVMC) within AcmeInfrastructure. This AVMC is named PocAVMC.
  • PocAVMC hosts the Autonomous Container Database (ACD) and Autonomous Database, which are named PocACD and PocADB respectively, for developing the PocApp application.

High-Level Steps

Before Acme I.T. begins configuring Autonomous Database resources on Dedicated Exadata Infrastructure, it requests a service limit increase using the OCI console to add Exadata Infrastructure resources - Database Servers and Storage Servers to the tenancy. Refer to Request a Service Limit Increase for more details.

Listed below are the high-level steps to implement this use case:

  1. Acme I.T. or security administrator for Acme Company's cloud tenancy creates the AcmeComp compartment, AcmeGroup group, and AcmePolicy compartment policy for resource isolation.
  2. For access isolation:
    • For Oracle Public Cloud deployments, Acme I.T. or the network administrator for Acme creates the following network resources in the AcmeComp compartment:
      • VCN: AcmeVCN
      • Private subnets: AcmeSubnet
      • Public subnet: AppSubnet
    • For Exadata Cloud@Customer deployments, Acme I.T. or the network administrator of Acme ensures to:
      • Set up network rules as listed in Network Requirements for Oracle Exadata Database Service on Cloud@Customer in Preparing for Exadata Database Service on Cloud@Customer.
      • Open Port 1522 to allow TCP traffic between primary database and standby database in an Autonomous Data Guard setup.
  3. After creating network resources, the security administrator adds the cloud user of a designated Acme I.T. member to the AcmeGroup, thus authorizing that user as the fleet administrator.
  4. The newly authorized fleet administrator creates the following dedicated infrastructure resources in the AcmeComp compartment, in the below listed order:
    • Exadata Infrastructure resource named AcmeInfrastructure.
    • Autonomous Exadata VM Cluster (AVMC) named PocAVMC, specifying the newly created Exadata Infrastructure.
      Note

      For Oracle Public Cloud deployments, use AcmeVCN and AcmeSubnet as its VCN and subnet.
    • Autonomous Container Database (ACD) named PocACD in the AcmeComp compartment, specifying PocAVMC as its underlying resource.
    • Autonomous Database named PocADB in the AcmeComp compartment, specifying PocACD as its underlying resource.

Step 1. Create OCI IAM Components

In this step, the security administrator for Acme Company's cloud tenancy creates the following OCI IAM components for resource isolation:

  • AcmeComp compartment.

    To perform this step, the security administrator follows the instructions in Managing Compartments in Oracle Cloud Infrastructure Documentation to create a compartment using the Oracle Cloud console. When following these instructions, the security administrator specifies the root compartment of the tenancy as the parent compartment of AcmeComp compartment.

  • AcmeGroup group.

    To perform this step, the security administrator follows the instructions in Managing Groups in Oracle Cloud Infrastructure Documentation to create a group using the Oracle Cloud console.

  • AcmeCompPolicy Policy

    To perform this step, the security administrator follows the instructions in Managing Policies in Oracle Cloud Infrastructure Documentation to create a policy using the Oracle Cloud console.

    Note

    In addition to creating the required policy statements, in this example the security administrator also creates "USE tag-namespaces" policy statements to permit group members to assign existing tags to the resources they create. To permit group members to create tags as well as use existing tags, the security administrator would instead create "MANAGE tag-namespaces" policy statements.

    When following these instructions to create AcmeCompPolicy, the security administrator:

    1. Sets the Compartment in the side menu to AcmeComp before clicking Create Policy.

    2. Adds either of the following Policy Statements depending on their deployment platform:

      • Oracle Public Cloud deployments:
        • Allow group AcmeGroup to MANAGE cloud-exadata-infrastructures in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE cloud-autonomous-vmclusters in compartment AcmeComp
        • Allow group AcmeGroup to USE virtual-network-family in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-container-databases in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-databases in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-backups in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE instance-family in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE metrics in compartment AcmeComp
        • Allow group AcmeGroup to INSPECT work-requests in compartment AcmeComp
        • Allow group AcmeGroup to USE tag-namespaces in compartment AcmeComp
      • Exadata Cloud@Customer deployments:
        • Allow group AcmeGroup to MANAGE exadata-infrastructures in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-vmclusters in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-container-databases in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-databases in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE autonomous-backups in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE instance-family in compartment AcmeComp
        • Allow group AcmeGroup to MANAGE metrics in compartment AcmeComp
        • Allow group AcmeGroup to INSPECT work-requests in compartment AcmeComp
        • Allow group AcmeGroup to USE tag-namespaces in compartment AcmeComp

Step 2. Create the VCN and Subnets

APPLIES TO: Applicable Oracle Public Cloud only

In this step, Acme I.T. or the network administrator of Acme creates the AcmeVCN VCN and the AcmeSubnet and AppSubnet subnets in the AcmeComp compartment.

To perform this step, Acme I.T. first confers with the Acme I.T. department's networking to reserve a CIDR IP address range that will not conflict with the company's on-premises network. (Otherwise, the VCN would conflict with the on-premises network and an IPSec VPN could not be set up.) The reserved range is CIDR 10.0.0.0/16.

Then, Acme I.T. adapts the instructions in Scenario B: Private Subnet with a VPN in Oracle Cloud Infrastructure Documentation to create the VCN, the Subnets and other network resources using the Oracle Cloud console.

In this example, the following CIDR blocks will be used for the two (2) subnets in AcmeVCN:
  • 10.0.10.0/24 for AcmeSubnet (private subnet)
  • 10.0.100.0/24 for AppSubnet (public subnet)
When adapting these instructions, Acme I.T. manually creates security lists (instead of using the default security lists) to isolate and separate security rules and thus make network management simpler. These security lists are:
  • AcmeSeclist: the basic security list for AcmeSubnet. It is used when the AcmeSubnet subnet is created.
  • AppSeclist: the basic security list for AppSubnet. It is used when the AppSubnet subnet is created.

For more details on AVMC ingress and egress requirements, see Requirements to Provision an Autonomous Exadata VM Cluster.

Security Rules in AcmeSeclist

Here are the ingress rules created in AcmeSeclist:

Stateless Source IP Protocol Source Port Range Destination Port Range Type and Code Allows
No 10.0.10.0/24 ICMP All All All ICMP traffic for : All
No 10.0.10.0/24 TCP All All   TCP traffic for ports: All
No 10.0.100.0/24 TCP All 1521   TCP traffic for port: 1521 Oracle Net
No 10.0.100.0/24 TCP All 2484   TCPS traffic for port: 2484 Oracle Net
No 10.0.100.0/24 TCP All 6200   ONS/FAN for ports: 6200
No 10.0.100.0/24 TCP All 443   HTTPS traffic for port: 443

Here are the egress rules created in AcmeSeclist:

Stateless Destination IP Protocol Source Port Range Destination Port Range Type and Code Allows
No 10.0.10.0/24 ICMP All All All All ICMP traffic within DevVMSubnet
No 10.0.10.0/24 TCP All All   All TCP traffic within DevVMSubnet

Security Rules in AppSeclist

Here is the ingress rule created in AppSeclist:

Stateless Source IP Protocol Source Port Range Destination Port Range Type and Code Allows
No 0.0.0.0/0 TCP All 22 All SSH traffic for ports: 22
Note

It is recommended to change 0.0.0.0/0 in the security rules to your approved list of CIDR range/IP addresses.

Here are the egress rules created in AppSeclist:

Stateless Destination IP Protocol Source Port Range Destination Port Range Type and Code Allows
No 10.0.10.0/24 TCP All 1521    
No 10.0.10.0/24 TCP All 2484  
No 10.0.10.0/24 TCP All 443    
No 10.0.10.0/24 TCP All 6200    

Step 3. Assign Fleet Administrator

In this step, the security administrator adds the cloud user of a designated Acme I.T. member to the AcmeGroup.

To perform this step, the security administrator follows the instructions in Managing Users in Oracle Cloud Infrastructure Documentation to add a user to a group using the Oracle Cloud console.

Step 4. Create Autonomous Database Resources

In this step, the fleet administrator creates the following dedicated infrastructure resources in the AcmeComp compartment as per the following sequence:

  1. Exadata Infrastructure

    In this step, the fleet administrator follows the instructions in Create an Exadata Infrastructure Resource to create an Exadata Infrastructure resource named AcmeInfrastructure.

  2. Autonomous Exadata VM Cluster

    In this step, the fleet administrator follows the instructions in Create an Autonomous Exadata VM Cluster to create PocAVMC with the following specifications, leaving all the other attributes at their default settings.

    Setting Value
    AVMC Name PocAVMC
    Underlying Exadata Infrastructure AcmeInfrastructure
    Virtual cloud network (VCN)

    APPLIES TO: Applicable Oracle Public Cloud only

    		 AcmeVCN
    Subnet

    APPLIES TO: Applicable Oracle Public Cloud only

    		 AcmeSubnet

  3. Autonomous Container Database

    In this step, the fleet administrator follows the instructions in Create an Autonomous Container Database to create PocACD with the following specifications, leaving all other attributes at their default settings.

    Setting Value
    ACD Name PocACD
    Underlying AVMC PocAVMC
    Container Database Software version Latest software version (N)

  4. Autonomous Database

    In this step, the fleet administrator follows the instructions in Create an Autonomous Database to create PocADB. These databases are created with the following specifications, leaving all other attributes at their default settings.

    Setting Value
    Database Name PocADB
    Underlying ACD PocACD
    Database instance Can choose to create an Autonomous Database or an Autonomous Database for Developers

The Autonomous Database on Dedicated Exadata Infrastructure is now configured to develop quick proof of concept applications.