Key Concepts for Oracle Integration Security
Understand the key security concepts for Oracle Integration, including the services where you control access, the different types of network traffic, the ways that you control network traffic, and more.
Services for Controlling Access
You restrict the users and resources that access Oracle Integration in different ways using the following services.
Service | Usage |
---|---|
Oracle Integration |
All organizations that use Oracle Integration have one or more Oracle Integration instances. Within these instances, users with administrator-level service roles control access to:
Users access an instance using its user interface or its built-in APIs. See: |
Oracle Cloud Infrastructure Console |
All organizations that use Oracle Integration have access to the Oracle Cloud Infrastructure Console. Here, users with the appropriate IAM (identity and access management) policies perform the following tasks:
Users access the Oracle Cloud Infrastructure Console from the following:
|
To learn more, see Learn About Users and Resources.
Main Sections of This Guide
This guide presents the following information.
Area | Description |
---|---|
Access control |
Access control focuses on two
areas:
|
Data protection |
Learn how to ensure that only authorized people can view data, and understand how to handle credentials appropriately.
|
Inbound and Outbound Network Traffic
To control network access, first familiarize yourself with the types of traffic to manage.
-
Inbound traffic, also called ingress traffic, originates outside Oracle Integration and goes to:
-
An Oracle Integration instance
-
The Oracle Integration APIs, including the built-in APIs and the customer-built APIs
-
File Server
-
-
Outbound traffic, also called egress traffic, originates in an Oracle Integration instance and goes to:
- A target system
To learn more, see Control Network Access.
Allowlists
Network access control for Oracle Integration is primarily oriented around restricting inbound traffic. To secure Oracle Integration, you must limit the the IP addresses that can access an Oracle Integration instance and its related resources. Use an allowlist, also known as an access control list (ACL) or a whitelist, to restrict this traffic. An allowlist identifies trustworthy IP addresses, Classless Inter-Domain Routing (CIDR) block ranges, and Oracle-assigned unique IDs called VCN OCIDs (virtual cloud network Oracle Cloud Identifiers).
This guide refers to the following allowlists:
-
Allowlist for Oracle Integration
-
Allowlist for File Server
-
Allowlists for the target applications for which allowlists are enabled
To learn more, see Control Network Access.
Authentication and Authorization
Users and applications require access to resources. Authentication and authorization ensure that only the allowed users and applications gain access and can perform only their required tasks after they gain access.
-
Authentication is the process of verifying the user or application that attempts to gain access.
-
Authorization is the process that a resource uses to determine whether a user or application has access to specific activities or objects within the resource.
Oracle Integration and its related resources use various methods for authenticating and authorizing users. To learn more, see Learn About Users and Resources and Control User, Client System, and Connection Access.
Encryption
Encryption is the process of protecting information or data by scrambling it. Oracle Integration provides the following options for encryption:
-
Wire encryption
All inbound traffic is protected by either TLS or SFTP, which are used for secure encrypted transport. See Oracle's Security Responsibilities.
-
Data encryption
All Oracle Cloud Infrastructure services, including Oracle Integration, encrypt all data at rest.
-
Encryption during processing
You can encrypt and decrypt files using the stage file action. See Process Files in Schedule Integrations with a Stage File Action in Using Integrations in Oracle Integration 3.
The stage file action works with the following adapters:
-
File Adapter
See Upload a Certificate to Connect with External Services in Using the File Adapter with Oracle Integration 3.
-
FTP Adapter
See Configure a PGP Encryption Decryption Connection in Using the FTP Adapter with Oracle Integration 3.
The keys that you use for encryption and decryption are under your control: You load them into Oracle Integration, and you can choose to use them across multiple integrations.
-
Audit and Logging
Oracle Integration provides a design-time audit, which is a log of design time actions, the people who completed them, and the time they completed them. See Data Visibility.