JavaScript must be enabled to correctly display this content
Connect to Oracle Autonomous AI Database
Learn to create a connection to Oracle Autonomous AI Transaction Processing or Autonomous AI Lakehouse to use as sources
and targets for OCI GoldenGate.
Configure the required policies to enable secure Vault and
Secrets access, such as use secrets, use vaults, and read
secret-bundles. For more information, see Minimum
recommended policies.
Connect to Autonomous AI Database
Note:
For Autonomous AI Database Serverless connections with remote
peers configured with Data Guard, failover automatically occurs from
the primary to the standby database, so long as you configure your
network to resolve the standby database's host name from the primary
database's subnet. You can select the database or manually enter the
database details when you create the connection. If you manually
enter the database details, ensure that you enter the database
connection string of both the primary and standby databases.
To create an Autonomous AI Database connection:
From the OCI GoldenGate Overview page, click
Connections.
You can also click Create Connection under the
Get started section and skip to step 3.
On the Connections page, click Create Connection.
On the Create Connection page, complete the fields as follows:
For Name, enter a name for the connection.
(Optional) For Description, enter a description that helps
you distinguish this connection from others.
(For GoldenGate on Multicloud only) Select your Subscription, and
then complete the following fields.
From the Compartment dropdown, select the compartment in
which the Resource Anchor resides.
Select the Multicloud partner region.
Select your Partner availability zone. The available options
populate based on the selected Multicloud partner region.
For Compartment, select the compartment in which to create
the connection.
For Type, select Autonomous AI Database.
For Database details, you can
choose:
Select
database to select from a list of
existing Autonomous AI Database
in the selected compartment, and then select a
password secret from the dropdown or click
Change compartment to choose a password
secret in a different compartment.
Note:
When you select an existing Autonomous AI Database, a private endpoint is
created automatically.
Enter database
information and then manually complete
the following fields:
If not using a database wallet,
enter the Database connection string.
If you don't enter a Database
connection string, you use a Wallet
secret.
Note:
If you're using a Wallet, it must at least
contain the cwallet.sso and
tnsnames.ora files.
If you prefer not to use secrets, ensure that
you deselect Use secrets in vault in the
Security section under Advanced Options,
located at the bottom of this form.
For Database username,
enter the username to connect to the database
with.
Select the Database user password
secret. If located in a different compartment, use the dropdown to
change compartments.
Note:
Secrets are credentials such as passwords, certificates,
SSH keys, or authentication tokens that you use with OCI services. To
create a secret, see Creating a secret.
Ensure that you:
Select Manual secret generation.
Paste the credentials into Secret contents.
If you prefer not to use password secrets, ensure that you
deselect Use secrets in vault in the Security section under
Advanced Options, located at the bottom of this form.
If the Autonomous AI Database instance you selected
allows you to change the Security protocol,
select from the following options:
MTLS: provides a higher level of
security, recommended for production environments.
If selected, ensure you refresh the
connection each time you rotate the MTLS
wallet.
Expand Show advanced options. You can configure the following
options:
Security:
Deselect Use vault secrets you prefer not to use
password secrets for this connection. If not selected:
Select Use Oracle-managed encryption key to leave
all encryption key management to Oracle.
Select Use customer-managed encryption key to select
a specific encryption key stored in your OCI Vault to encrypt your
connection credentials.
Network connectivity
Select a Traffic routing
method:
Shared endpoint, to share an endpoint
with the assigned deployment. You must allow connectivity from the
deployment's ingress IP.
Dedicated endpoint, for network
traffic through a dedicated endpoint in the assigned subnet in your VCN. You
must allow connectivity from this connection's ingress IPs.
Note:
If a dedicated connection
remains unassigned for seven days, then the service converts it to a shared
connection.
Then, select a Session mode:
Direct, to use the local listener
running on a single database node, and then select your subnet.
Redirect, to use the SCAN listener used
in Oracle Real Application Cluster (RAC) deployments, and then select your
subnet.
Note:
When
you configure a dedicated connection, the subnet configuration depends on
the access mode of the database:
If it's a private database, then its subnet will be used.
The connection's private endpoint, and thus its ingress IPs, will be
located in the same subnet as the database's private endpoint.
If it's a public database, then you must specify a subnet
in which the connection's private endpoint is created. See GoldenGate
connectivity.
For Dedicated endpoints, select the subnet through which to route
network traffic.
After the connection is created, it appears in the
Connections list. Ensure that you assign the connection to a deployment to use it as a source
or target in a replication.
Known issues with Autonomous AI Database
connections
Action required for Autonomous AI Databases that use mTLS Authentication
When an Autonomous AI Database wallet is rotated, the OCI GoldenGate connection to this database must be refreshed to retrieve the
latest wallet information.
To refresh an Autonomous Database connection: Edit and save the
connection to the Autonomous AI Database (Autonomous AI Transaction Processing or Autonomous AI Lakehouse).
Saving the connection automatically downloads and refreshes the wallet. No other changes
to the connection is needed.
To verify:
Launch the deployment console for a deployment that uses the Autonomous AI Database connection.
In the deployment console, open the navigation menu, and then click
Configuration.
On the Credentials screen, observe the Autonomous AI Database connection string.
Before the wallet is refreshed,
the connection string looks like the
following:
ggadmin@(DESCRIPTION=(TRANSPORT_CONNECT_TIMEOUT=3)(CONNECT_TIMEOUT=60)(RECV_TIMEOUT=120)(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.us-phoenix-1.oraclecloud.com))(CONNECT_DATA=(COLOCATION_TAG=ogginstance)(FAILOVER_MODE=(TYPE=SESSION)(METHOD=BASIC)(OVERRIDE=TRUE))(service_name=<adb-servicename>_low.adb.oraclecloud.com))(security=(MY_WALLET_DIRECTORY=“/u02/connections/ocid1.goldengateconnection.oc1.phx.<ocid>/wallet”)(SSL_SERVER_DN_MATCH=TRUE)(ssl_server_cert_dn=“CN=adwc.uscom-east-1.oraclecloud.com,
OU=Oracle BMCS US, O=Oracle Corporation, L=Redwood City, ST=California,
C=US”)))
After the wallet is refreshed, the connection string is updated to
look like the
following:
Redirect session mode with SCAN
listener connection doesn't support TCPS and TLS
OCI GoldenGate doesn't support connections that
use Redirect session mode with Oracle Single Client Access Name (SCAN) using TCPS and
TLS. TCP is supported.
Workaround: Configure a connection using the Direct
session mode to an individual Real Application Cluster (RAC) node.