If your Autonomous Database is configured to use a Private Endpoint, then you can only access private data sources from clients in the same Virtual Cloud Network (VCN). See Configuring Network Access with Private Endpoints for detailed instructions.

After you have configured network access using private endpoints, you need to do the following additional configurations for Oracle Data Transforms to communicate with private data sources. This chapter includes the following topics:

• Configuring DNS and Traffic Management
• Configuring RCE Proxy on the Private Endpoint

Configuring DNS and Traffic Management

You need to set up a fully qualified domain name (FQDN) and specify this FQDN in the connection host field when you create the connection. Refer to https://docs.oracle.com/en-us/iaas/Content/DNS/Concepts/views.htm for more information.

The VCN DNS resolver should know about the FQDN and be able to resolve it to a Type A IP address.

If you are not able to test a connection in Data Transforms on an Autonomous Database that is configured to use private endpoints, then do the following:

• Check whether the query to set the ROUTE_OUTBOUND_CONNECTIONS database property to PRIVATE_ENDPOINT is run. See Enhanced Security for Outbound Connections with Private Endpoints for more information.
• Make sure that the FQDN is used as the host so that the framework resolves the FQDN to the required IP address.

  Ensure that the data source VM has the FQDN set up with the required security rules.

If test connection fails even after using an FQDN, then do the following:

• From the OCI services menu, click DNS Management under Networking. Configure private DNS zones views and resolvers.
• Create and publish a record using the FQDN and the private IP (Type A) of the target database.
  Note
  
  Do not use *.oraclecloud.com as the domain name when you set up the FQDN because it is a reserved domain name.
• Retry test connection.

  The test connection operation should complete successfully.

Configuring RCE Proxy on the Private Endpoint

For Autonomous Databases that are configured to use a private endpoint, the Autonomous Database service supports RCE to access resources in the customer subnet through a private route.

If you encounter a "failed to connect" error when you try to test a connection, contact your database administrator to check whether the database is RCE-enabled.

Note that RCE proxy can forward the reverse traffic only to the default OCI DNS resolver. If there is any overridden resolver, then connectivity will fail.

First, specify ssl_server_dn_match=yes in the JDBC URL for the CMAN to accept the request. Next, use the ssl_server_cert_dn parameter to specify the DN of the database server. Note that the order in which the keys are placed in ssl_server_cert_dn is important. The sequence should be CN, O, L, ST, C.

For example:

jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=xxxxx.adb.us-phoenix-1.oraclevcn.com))(connect_data=(service_name=xxxxx.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)(ssl_server_cert_dn="CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US")))

To get the values for ssl_server_cert_dn:

1. Login to the VM that is in the same subnet where your Autonomous Database lies.
2. Type the following command:

   openssl s_client -connect xxxxx.adb.us-phoenix-1.oraclevcn.com:1521 -showcerts

   You will find the values for the following under Server Certificate details:

   CN, O, L, ST, C

   For example, "CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US"

To increase the memory of the ODI Agent:

1. Edit the /u01/oracle/transforms_home/common/scripts/jettyServer.sh file.
2. Add the java -Xms1024m -Xmx4096m parameter.
3. Restart the jetty server. Log in as OPC user and execute the following commands:

   ssh -i <path to id_rsa> opc@<Instance IP>
   sudo su
   systemctl stop|start jettyserver.service
   exit