When Autonomous Database is configured with a Private Endpoint, you need to explicitly route outbound connectivity through the private endpoint. Additionally, you need to set proper DNS resolution and connection configuration to ensure secure communication between Data Transforms and the database.

To configure Data Transforms with Autonomous Database Private Endpoint access, you need to:

• Route outbound connections through the Private Endpoint. See Configure Outbound Routing to the Private Endpoint.
• Allow sufficient time for routing changes to propagate. See Steps after Configuring Outbound Routing.
• Use DNS-based hostnames (FQDNs) instead of IP addresses. See Configure Data Transforms Connectivity.
• Ensure appropriate network and DNS configuration. See Update Data Transforms Connection Configuration.

Failure to meet these requirements may result in connection issues.

Configure Outbound Routing to the Private Endpoint

You need to route outbound connections from Autonomous Database through the Private Endpoint.

Do the following:

1. To set the routing property, log in to SQL Web as the ADMIN user and execute the following statement:

   ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = 'PRIVATE_ENDPOINT';

   Note:

   If this command fails to execute, contact Oracle Autonomous Database Support.
2. To verify that the routing configuration is set correctly, run the following query:

   SELECT *FROM
         DATABASE_PROPERTIESWHERE PROPERTY_NAME =
         'ROUTE_OUTBOUND_CONNECTIONS';

   The expected value is PRIVATE_ENDPOINT.

Steps after Configuring Outbound Routing

After you set the ROUTE_OUTBOUND_CONNECTIONS property, do the following:

• Wait for a maximum of two hours for the private endpoint configuration to apply.
• Ensure that there are no Data Transforms jobs in the running or pending state.
• Ensure that the Data Transforms instance is not in use. You should be logged out for the query to take effect.

Configure Data Transforms Connectivity

You need to configure Data Transforms connectivity based on the deployment scenario.

If Data Transforms connects to the same Autonomous Database on which it is running, do the following:

• Repackage the database wallet.
• Update the tnsnames.ora file to remove any Private Endpoint–specific prefixes from the host value in the connection string.

  For example,

  Correct format: HOST = adb.eu-frankfurt-1.oraclecloud.com

  Incorrect format: HOST = <private-endpoint-specific>.adb.eu-frankfurt-1.oraclecloud.com

• Configure the connection to use the public Autonomous Database load balancer host.

This ensures correct name resolution and routing within the same Private Endpoint environment.

If Data Transforms and the target database are not in same subnet of the VCN, do the following:

1. Ensure that the Autonomous Database private IP address allows network access. Add an ingress security rule to permit traffic from Autonomous database instance using its private IP.
2. To configure Private DNS Resolution:
   • Log in to the OCI Console.
   • Navigate to the VCN associated with Autonomous Database.
   • Open Private DNS Resolver.
   • Create a new private DNS zone. Ensure that the zone name does not use the *.oraclecloud.com domain.
3. Create a Type A DNS record.
4. Map the fully qualified domain name (FQDN) to the target private IP address.
5. Save and publish the DNS changes.

Update Data Transforms Connection Configuration

Configure the Data Transforms connection to use the newly created FQDN as the host in the connection string.

Data Transforms requires a fully qualified domain name (FQDN) to ensure:

• Proper TLS certificate validation.
• Correct wallet-based connectivity.
• Stable routing through Private Endpoints.

Note the following:

• Using an IP address as the host in the Data Transforms connection string is not supported.
• You may need additional network configuration if the source database is located in a different VCN, or an on-premises network. In such cases, engage your internal network solution architect or raise a service request with OCI Networking Support.

First, specify ssl_server_dn_match=yes in the JDBC URL for the CMAN to accept the request. Next, use the ssl_server_cert_dn parameter to specify the DN of the database server. Note that the order in which the keys are placed in ssl_server_cert_dn is important. The sequence should be CN, O, L, ST, C.

For example:

jdbc:oracle:thin:@(description= (retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1521)(host=xxxxx.adb.us-phoenix-1.oraclevcn.com))(connect_data=(service_name=xxxxx.adb.oraclecloud.com))(security=(ssl_server_dn_match=yes)(ssl_server_cert_dn="CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US")))

To get the values for ssl_server_cert_dn:

1. Login to the VM that is in the same subnet where your Autonomous Database lies.
2. Type the following command:

   openssl s_client -connect xxxxx.adb.us-phoenix-1.oraclevcn.com:1521 -showcerts

   You will find the values for the following under Server Certificate details:

   CN, O, L, ST, C

   For example, "CN=adwc.uscom-east-1.oraclecloud.com, O=Oracle Corporation, L=Redwood City, ST=California, C=US"

To increase the memory of the ODI Agent:

1. Edit the /u01/oracle/transforms_home/common/scripts/jettyServer.sh file.
2. Add the java -Xms1024m -Xmx4096m parameter.
3. Restart the jetty server. Log in as OPC user and execute the following commands:

   ssh -i <path to id_rsa> opc@<Instance IP>
   sudo su
   systemctl stop|start jettyserver.service
   exit 

The default timezone is based on the region where the database repository is located. When you create a schedule, you can select the timezone you want the schedule to run on. Use the Settings page to change the default timezone that appears on the Create Schedule page. See Schedule Data Flows or Workflows for instructions about creating a schedule.

To set the timezone:

1. In the left pane, click Administration.

   A warning message appears.

2. Click Continue.
3. In the left pane, click Settings.
4. In the Settings screen, select the desired timezone from the Timezone drop down.
5. Click Set.

   This timezone is now the default value that appears on the Create Schedule page. You can select a different timezone when you create a schedule. The configuration on the Create Schedule page overrides the settings made here.

   Click Reset if you want to revert the configuration to the default setting.

The updated configuration will apply to newly created schedules. Existing schedules will continue to run in the timezone that was set when the schedule was created.

This is useful if you are running more than one instance of Data Transforms. The color coding helps to differentiate between the environments. For example, you could apply distinct colors to identity whether the instance belongs to a Development, Staging, or Production environment.

To set the color for your instance:

1. In the left pane, click Administration.

   A warning message appears.

2. Click Continue.
3. In the left pane, click Settings.
4. In the Settings screen, under Visual Settings select the color you want to use for your instance. You can see a preview of what the user interface will look like after you apply the color settings.
5. Click Apply.

   The selected color is applied as a border to the working user interface.