Oracle Cloud Infrastructure Documentation

Create a Private Endpoint

A private endpoint is a private IP address within your Virtual Cloud Network (VCN) that you can use to access a given service within Oracle Cloud Infrastructure.

Ops Insights communicates with Oracle Cloud Databases via private endpoints defined within a Virtual Cloud Network (VCN). For more information about private access and endpoints to OCI services, see Private Endpoints .

Private endpoints must be created in each service, private endpoints created in other services will not appear in the Ops Insights private endpoint list page. However Database Management endpoints can be converted to Ops Insights endpoints.

Note

Before you create a private endpoint in Ops Insights, you must have the following details:
  • The name of the VCN used to access your database.
  • The name of the subnet in the VCN.
  • The name of the network security group (optional).

The private endpoint is a representation of Ops Insights in the VCN in which the Oracle Cloud Database can be accessed, and acts as a Virtual Network Interface Card (VNIC) with private IP addresses in a subnet of your choice. The private endpoint does not have to be on the same subnet as the Oracle Cloud Database, but it must be on a subnet that can communicate with the Oracle Cloud Database.

Ops Insights lets you create a private endpoint for Oracle Cloud Databases. You can create a maximum of five Ops Insights private endpoints in your tenancy (per region) to connect to Oracle Base Databases, Exadata Database Service on Dedicated Infrastructure, and Autonomous AI Databases. There is no set limit or restriction on the number of databases for which you can enable Ops Insights using a single private endpoint. The private endpoint requires one private IP in the subnet.
Note

In the past a private endpoint for Cloud Oracle Base Databases was available and required for RAC Oracle Cloud Database and Exadata Database Service on Dedicated Infrastructure. Starting December 2023 these are no longer required for Ops Insights to connect to these types of Oracle Cloud Databases.

If you have set up private endpoint for RAC Oracle Cloud Databases, prior to December 2023 these will continue to function.

Dedicated Autonomous AI Databases still require a special DNS proxy enabled private endpoint.

Creating a Private Endpoint

To create a private endpoint:

  1. Open the navigation menu, click Observability & Management, and then click Ops Insights.
  2. In the left pane, click Administration, and then click Private endpoints.

    The Private Endpoints page displays. If endpoints for the compartment were previously defined, they will appear in the table where you can perform administrative functions.

  3. Click Create private endpoint. The Create private endpoint panel displays.
  4. Enter the required parameters to define the endpoint:
    • Name: An easily identifiable name for the endpoint.
    • Description: Optional
    • Compartment: Select a compartment in which to create the private endpoint from the drop-down list. By default, the compartment that was selected prior to clicking Create private endpoint is selected. Note that this does not have to match the database compartment.

    Configuration

    The private endpoint will be created in the VCN and subnet selected here. Select a subnet that has connectivity to the subnet that contains the database that will be added to Ops Insights.
    Note

    Dedicated Autonomous AI Databases require a special DNS proxy enabled private data endpoint. To enable, select Use this private endpoint for Dedicated Autonomous AI Databases. Select this when connecting to Dedicated Autonomous AI Databases. Select this option if at least one Dedicated Autonomous AI Database will be connected to the private endpoint.
    • Virtual Cloud Network in <compartment>: Select the VCN within the current compartment that will be used to access the Cloud database. If desired, use the drop-down list to choose another VCN in that compartment.
    • Subnet in <compartment>: Select a subnet within the chosen VCN. By default, the first subnet in the drop-down list is selected.

    Network Security Groups (optional)

    A network security group provides additional, fine-grained security access for resources that use the private endpoint. A network security group acts as a virtual firewall and lets you separate your VCN's subnet architecture from your security requirements.

    To add a network security group to the private endpoint:

    1. Turn on Use network security groups to control traffic.
    2. Select the compartment and network security group.
    3. To add another network security group, click + Another network security group.

  5. Click Create private endpoint. The Private endpoint details page displays where you can view private endpoint information including direct links to the details pages for the endpoint’s VCN, subnet, and network security groups.

For more information about security groups, see Network Security Groups.

From the Private endpoint details page, you can perform the following operations:

  • Edit the private endpoint (name, description, add/delete network security groups)
  • Move the private endpoint to a different compartment
  • Delete the private endpoint
  • View existing or define new resource tags
  • View the associated databases.
  • View work requests associated with the private endpoint. For more information about work requests, see Work Resources.

Some of these operations can also be performed from the Private Endpoints page by clicking the Actions menu for a private endpoint.

Deleting a Private Endpoint

You can delete a private endpoint from the Private Endpoints page. Important: All databases accessing the private endpoint must first be disabled.