Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

Similar documents
Establishing secure connections between Oracle Ravello and Oracle Database Cloud O R A C L E W H I T E P A P E R N O V E M E B E R

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Siebel CRM Applications on Oracle Ravello Cloud Service ORACLE WHITE PAPER AUGUST 2017

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

Deploy VPN IPSec Tunnels on Oracle Cloud Infrastructure. White Paper September 2017 Version 1.0

Oracle Cloud Infrastructure Virtual Cloud Network Overview and Deployment Guide ORACLE WHITEPAPER JANUARY 2018 VERSION 1.0

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

Bastion Hosts. Protected Access for Virtual Cloud Networks O R A C L E W H I T E P A P E R F E B R U A R Y

Deploying Custom Operating System Images on Oracle Cloud Infrastructure O R A C L E W H I T E P A P E R M A Y

Loading User Update Requests Using HCM Data Loader

Creating Custom Project Administrator Role to Review Project Performance and Analyze KPI Categories

Tutorial on How to Publish an OCI Image Listing

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Oracle Secure Backup. Getting Started. with Cloud Storage Devices O R A C L E W H I T E P A P E R F E B R U A R Y

Generate Invoice and Revenue for Labor Transactions Based on Rates Defined for Project and Task

Configuring Oracle Business Intelligence Enterprise Edition to Support Teradata Database Query Banding

April Understanding Federated Single Sign-On (SSO) Process

Correction Documents for Poland

Oracle Data Masking and Subsetting

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

An Oracle White Paper September Security and the Oracle Database Cloud Service

Integration Guide. Oracle Bare Metal BOVPN

Corente Cloud Services Exchange

Leverage the Oracle Data Integration Platform Inside Azure and Amazon Cloud

Best Practices for Deploying High Availability Architecture on Oracle Cloud Infrastructure

Oracle Fusion Configurator

Oracle Clusterware 18c Technical Overview O R A C L E W H I T E P A P E R F E B R U A R Y

SOA Cloud Service Automatic Service Migration

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

Oracle Cloud Applications. Oracle Transactional Business Intelligence BI Catalog Folder Management. Release 11+

Oracle DIVArchive Storage Plan Manager

JD Edwards EnterpriseOne Licensing

Oracle Data Provider for.net Microsoft.NET Core and Entity Framework Core O R A C L E S T A T E M E N T O F D I R E C T I O N F E B R U A R Y

Automatic Receipts Reversal Processing

August 6, Oracle APEX Statement of Direction

Migration Best Practices for Oracle Access Manager 10gR3 deployments O R A C L E W H I T E P A P E R M A R C H 2015

An Oracle White Paper October The New Oracle Enterprise Manager Database Control 11g Release 2 Now Managing Oracle Clusterware

Transitioning from Oracle Directory Server Enterprise Edition to Oracle Unified Directory

Oracle Service Registry - Oracle Enterprise Gateway Integration Guide

How to Monitor Oracle Private Cloud Appliance with Oracle Enterprise Manager 13c O R A C L E W H I T E P A P E R J U L Y

Working with Time Zones in Oracle Business Intelligence Publisher ORACLE WHITE PAPER JULY 2014

Oracle VM 3: IMPLEMENTING ORACLE VM DR USING SITE GUARD O R A C L E W H I T E P A P E R S E P T E M B E R S N

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

An Oracle White Paper September, Oracle Real User Experience Insight Server Requirements

An Oracle White Paper February Combining Siebel IP 2016 and native OPA 12.x Interviews

Hard Partitioning with Oracle VM Server for SPARC O R A C L E W H I T E P A P E R J U L Y

An Oracle White Paper December, 3 rd Oracle Metadata Management v New Features Overview

Extreme Performance Platform for Real-Time Streaming Analytics

Sun Fire X4170 M2 Server Frequently Asked Questions

Load Project Organizations Using HCM Data Loader O R A C L E P P M C L O U D S E R V I C E S S O L U T I O N O V E R V I E W A U G U S T 2018

October Oracle Application Express Statement of Direction

Oracle Enterprise Data Quality New Features Overview

Oracle WebLogic Server Multitenant:

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Oracle Privileged Account Manager

Using the Oracle Business Intelligence Publisher Memory Guard Features. August 2013

Installing Oracle WebCenter Sites on Oracle Java Cloud Service

An Oracle White Paper October Minimizing Planned Downtime of SAP Systems with the Virtualization Technologies in Oracle Solaris 10

An Oracle Technical White Paper May Deploying Oracle Beehive with BlackBerry Enterprise Server for MDS Applications

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

Oracle Best Practices for Managing Fusion Application: Discovery of Fusion Instance in Enterprise Manager Cloud Control 12c

An Oracle White Paper. Released April 2013

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Increasing Network Agility through Intelligent Orchestration

Oracle Communications Operations Monitor

Oracle Database Vault

Product Release Notes

Oracle Linux Management with Oracle Enterprise Manager 13c O R A C L E W H I T E P A P E R J U L Y

Oracle Forms Services Oracle Traffic Director Configuration

SonicMQ - Oracle Enterprise Gateway Integration Guide

Oracle Business Activity Monitoring 12c Best Practices ORACLE WHITE PAPER DECEMBER 2015

Oracle Database Vault

Oracle Database 10g Release 2 Database Vault - Restricting the DBA From Accessing Business Data

Creating Active Directory Domain Services in Oracle Cloud Infrastructure

Oracle Grid Infrastructure 12c Release 2 Cluster Domains O R A C L E W H I T E P A P E R N O V E M B E R

Oracle Enterprise Performance Management Cloud

Oracle Financial Services Regulatory Reporting for US Federal Reserve Lombard Risk Integration Pack

Oracle Virtual Directory 11g Oracle Enterprise Gateway Integration Guide

Oracle NoSQL Database For Time Series Data O R A C L E W H I T E P A P E R D E C E M B E R

Oracle WebLogic Portal O R A C L E S T A T EM EN T O F D I R E C T IO N F E B R U A R Y 2016

An Oracle White Paper October Release Notes - V Oracle Utilities Application Framework

VPN Solutions for Zerto Virtual Replication to Azure. IPSec Configuration Guide

PeopleSoft Fluid Navigation Standards

CONTAINER CLOUD SERVICE. Managing Containers Easily on Oracle Public Cloud

Application Container Cloud

See What's Coming in Oracle CPQ Cloud

Your New Autonomous Data Warehouse

Repairing the Broken State of Data Protection

An Oracle White Paper October Deploying and Developing Oracle Application Express with Oracle Database 12c

Oracle Learn Cloud. Taleo Release 16B.1. Release Content Document

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

Oracle Event Processing Extreme Performance on Sparc T5

Configuration Guide. How to connect to an IPSec VPN using an iphone in ios. Overview

E-BUSINESS SUITE APPLICATIONS R12 (R12.2.5) HR (OLTP) BENCHMARK - USING ORACLE11g ON ORACLE S CLOUD INFRASTRUCTURE

Best Practice Guide for Implementing VMware vcenter Site Recovery Manager 4.x with Oracle ZFS Storage Appliance

APPLICATION BUILDER CLOUD. Application Creation Made Easy

Transcription:

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

Table of Contents APPLICATION ARCHITECTURE OVERVIEW 2 CONNECTING RAVELLO TO ORACLE DBCS VIA SECURED SQL*NET 3 CHANGES MADE TO THE VMS IN RAVELLO 4 SECURING LISTENER PORT ACCESS ON ORACLE DATABASE CLOUD SERVICE 5 VERIFYING THE USE OF NATIVE ENCRYPTION AND INTEGRITY 7 CONNECTING RAVELLO TO ORACLE DBCS VIA A VPN TUNNEL 8 SETTING UP THE DYNAMIC ROUTING GATEWAY IN OCI 8 SETTING UP THE PFSENSE VPN GATEWAY FOR THE APP TIER IN RAVELLO 11 VERIFYING THE SIEBEL CRM APPLICATION RUNNING ON RAVELLO 17 LEARN MORE 20 1 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Oracle Ravello is an overlay cloud service that enables enterprises to run their VMware and KVM applications, with data-center-like (Layer 2) networking, as-is on public clouds without making any modifications. With Ravello, enterprises don t need to convert their VMs or change networking. This empowers businesses to rapidly develop and deploy existing data-center applications on the public cloud without the associated infrastructure and migration cost and overhead for a variety of use-cases such as PoC, dev, test, staging, UAT, production, training etc. Application Architecture Overview Enterprises looking to move their VMware based applications with large databases to the public cloud have multiple options. They can move the entire app onto Ravello on Oracle Cloud Infrastructure (OCI) or use a combination of Ravello on OCI (for web & app tier) in conjunction with Oracle PaaS (e.g. DBCS) on OCI. When used in the latter mode, secure connectivity between the web/app tier on Ravello on OCI and the Database Cloud Service instance on OCI is a key requirement. There are multiple methods to establish secured connections between an application on Ravello and a single instance database on Oracle DBCS. Two of them are described in this whitepaper with Siebel CRM as an example. Figure 1: Siebel CRM architecture distributed between Ravello and DBCS This paper assumes that the Siebel app and web tier have been moved from the customer datacenter to Ravello and the database has been migrated to Oracle Database Cloud Service Classic. The app and web tier of Siebel on Ravello consists of 6 VMs of 2 vcpus and 4 GB of memory each the 2 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Siebel App Server, the Siebel Gateway, the Siebel Web Server, the Siebel file system, the Siebel Tools, and the Siebel Web Client VM. Figure 2: Siebel Deployment in Ravello The Siebel Database is a single instance Oracle Database Cloud Service instance hosted on Oracle Cloud Infrastructure with a configuration of 2 OCPUs and 14 GB of memory. Figure 3: Siebel Database instance in Oracle Database Cloud Service In the case of the above Siebel deployment, three VMs Siebel App. Sever, Siebel Gateway, and Siebel Tools, need a secured connection to the database deployment on Oracle Database Cloud Service. Connecting Ravello to Oracle DBCS via Secured SQL*Net 3 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

To secure connections to Oracle Database Cloud on OCI, native SQL*Net encryption and integrity capabilities can be used. Encryption of network data provides data privacy so that unauthorized parties are not able to view data as it passes over the network. In addition, integrity algorithms protect against data modification and illegitimate replay. Oracle Database provides the Advanced Encryption Standard (AES), DES, 3DES, and RC4 symmetric cryptosystems for protecting the confidentiality of SQL*Net traffic. By default, database deployments on Database Cloud Service are configured to enable native SQL*Net encryption and integrity. Changes made to the VMs in Ravello Port 1521 is used as a listener port for Oracle client connections to the database over Oracle's SQL*Net protocol. The tnsnames.ora file in the client VMs is used to define the connection to the Oracle Database and needs to be modified to point to the Oracle DBCS instance. Follow these steps to check encryption configuration and set up secure connectivity between the app on Ravello and the Oracle DBCS instance. 1. Connect to the Siebel App Server VM via the console. 2. Change directories to the location of the SQL*Net configuration files tnsnames.ora and sqlnet.ora. 3. View the sqlnet.ora file and confirm that it does not contain the following parameter settings: If the client VM has the above parameters set, the connection will fail with the following error: ORA-12660: Encryption or crypto-checksumming parameters incompatible. 4. Update the tnsnames.ora with the host IP address, the port number, and the service name of the DBCS instance. Alternatively, you can also update definethe hostname of the DB in the /etc/hosts file and use host name instead of the host IP address in the tnsnames.ora file. 4 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 4: Relevant DBCS connection information Figure 5: Example tnsnames.ora file 5. Perform steps 1 to 5 for all the VMs that connect to the Oracle Database Cloud instance. In this case, the Siebel App Server, Siebel Gateway and Siebel Tools. Securing listener port access on Oracle Database Cloud Service Follow the given steps to restrict access to the Oracle DBCS instance to only the app VMs on Ravello. 1. Set up elastic IPs for the Siebel App Server VM on Ravello by clicking on the NICs tab. Using an Elastic IP will allow the app server VM to retain the IP address across multiple restarts. 5 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 6: Selecting Elastic IPs for the Siebel App Server 2. Repeat Step 1 for the Siebel Gateway and Siebel Tools VMs. 3. In the OCI console, Select Networking and Virtual Cloud Networks. 4. Choose the VCN to which your DBCS instance is connected. 5. Select Security Lists from the left pane and open the security list associated with the subnet to which the DBCS instance is connected. Figure 7: Select Security Rules from your VCN page. 6. On the Security Lists page, select Edit All Rules and enter the appropriate information as described below. 6 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 8: Create Access Rule for VMs in Ravello a. Source CIDR: Add the Elastic IP address of the VMs that will communicate with the DB (E.g: 85.190.179.173/32) b. Protocol: Select TCP. c. Source Port Range: Leave blank. d. Destination Port Range: Enter 1521. 7. Delete any other rules that allow access to port 1521. 8. Click Save Security List Rules. 9. Access to port 1521 is now restricted to only the VMs running on Ravello. Verifying the use of Native Encryption and Integrity Connect to the Oracle Database Cloud instance from the Siebel App Server VM and verify the use of native SQL*Net encryption and integrity by examining the network service banner entries associated with each connection. This information is contained in the NETWORK_SERVICE_BANNER column of the V$SESSION_CONNECT_INFO view. The following example shows the SQL command used to display the network service banner entries associated with current connection: The following example output shows banner information for the available encryption service and the crypto-checksumming (integrity) service, including the algorithms in use: 7 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Connecting Ravello to Oracle DBCS via a VPN tunnel Another way to establish secure connections to the Oracle Cloud Infrastructure Database Cloud instance is via a VPN tunnel. Oracle Cloud Infrastructure provides a Dynamic Routing Gateway through which an IPSec tunnel can be created. A pfsense Gateway will be added to the app and web tier in Ravello and all external traffic for the app will be routed through this VM. Figure 9: IPsec VPN implementation diagram Setting up the Dynamic Routing Gateway in OCI In order to create a Dynamic Routing Gateway (DRG) for the Cloud Database instance and set up the IPSec tunnel, the following information is needed. The VCN s CIDR The public IP address of the on-premises router The static routes for the IPSec connection Follow these steps to set up the gateway and IPSec tunnel in the Oracle Cloud Infrastructure A. Create the DRG 1. Click Networking, and then click Dynamic Routing Gateways. 2. Click Create Dynamic Routing Gateway. 3. Enter the following: 4. Create in Compartment: Leave as is (the VCN's compartment). 5. Name: A friendly name for the DRG. 8 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

6. Click Create Dynamic Routing Gateway. The DRG will be in the "Provisioning" state for a short period. Make sure it is done being provisioned before continuing. Figure 10: Create a Dynamic Routing Gateway B. Attach the DRG to your VCN 1. Click the DRG that was just created. 2. On the left side of the page, click Virtual Cloud Networks. 3. Click Attach to Virtual Cloud Network. 4. Select the VCN you created earlier, and then click Attach to Virtual Cloud Network. The attachment will be in the "Attaching" state for a short period before it's ready. C. Update the routing in the VCN to use the DRG 1. Click Networking, click Virtual Cloud Networks, and then click the VCN to which the DRG is attached. 2. Click Route Tables to see a list of the route tables. For each subnet that needs to communicate with your on-premises network, update that subnet's route table with a new route for the DRG: a. For a given route table (the default route table in this example), click Create Route Rule. b. Enter the following: CIDR: The CIDR for the on-premises network. Target Type: Dynamic Routing Gateway. Target Compartment: Leave as is. Target: The DRG created earlier. c. Click Create. The route table now directs traffic destined for in your on-premises network to the DRG. 9 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 11: Update Route Rule to use the DRG D. Create a Customer-Premises Equipment (CPE) object and provide your router s public IP address 1. Click Networking, and then click Customer-Premises Equipment. 2. Click Create Customer-Premises Equipment. 3. Enter the following: Create in Compartment: Leave as is (the VCN's compartment). Name: A friendly name for the CPE object. IP Address: The IP address of the on-premises router at the Ravello end of the VPN. 4. Click Create. The CPE object will be in the "Provisioning" state for a short period. E. From the DRG, create an IPSec connection to the CPE and provide the static routes 1. Click Networking, and then click Dynamic Routing Gateways. 2. Click the DRG you created earlier. 3. Click Create IPSec Connection. 4. Enter the following: Create in Compartment: Leave as is (the VCN's compartment). Name: Enter a friendly name for the IPSec connection. It doesn't have to be unique, and it cannot be changed later in the Console (but you can change it with the API). Customer-Premises Equipment Compartment: Leave as is (the VCN's compartment). Customer-Premises Equipment: Select the CPE object you created earlier. Static Route CIDR: The CIDR block for a static route (see the list of information to gather in Before You Get Started). For this example, enter 0.0.0.0/0. 5. Click Create IPSec Connection. The IPSec connection will be in the "Provisioning" state for a short period. 10 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 12: Create an IPSec Connection from the DRG 6. Click the Actions icon ( ), and then click Tunnel Information. The configuration information for each tunnel is displayed (the IP address of the VPN headend and the shared secret). Also, the tunnel's status is displayed (possible values are "Available" or "Down"). At this point, the status will be "Down". 7. The tunnel information will be sued to configure the pfsense Gateway in Ravello. Setting up the pfsense VPN gateway for the app tier in Ravello In order to create an IPSec tunnel between the app and web tier on Ravello and the Oracle Database Cloud instance on OCI, a pfsense Gateway VM needs to be added to the Ravello environment and all external traffic needs to be routed through the pfsense VM. The following steps illustrate the preparation of the Ravello environment to set up a pfsense Gateway. 1. Add a pfsense VM from the Ravello library by dragging it on to the canvas. 11 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 13: Adding a pfsense Gateway VM to the Ravello environment. 2. Open NIC properties of the pfsense VM and configure the public (WAN) and private (LAN) NICs. Configure static IPs for both NICs. For WAN NIC in external access select Elastic IP option and assign an elastic IP from the list. 3. For the LAN NIC configure only Static IP and Netmask. There is no need to fill in the Gateway and DNS fields. Do not configure external access. Figure 14: Public and Private network configurations of the CSG. 4. In the Services tab, on the WAN interface, add the following supplied services 12 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

UDP ports 500 (IPSec Phase 1), 4500 (IPSec Phase 2) and 88 TCP ports 80 and 443 (for the web interface) Figure 15: Adding supplied services on ports 500, 4500, 80, and 443 Next, all external traffic will be routed through the pfsense VM. 5. In the NIC tab of the Siebel App Server VM, remove the Gateway and DNS address from the public NIC and in the private NIC, add the internal IP address of the pfsense VM as the Gateway and DNS address. 13 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 16: Update the Gateway and DNS addresses of all VMs with external traffic 6. Log into the console of the VM and make similar updates as Step 5 to the interface configuration file for the private and public NICs. The if-cfg files are usually found under /etc/sysconfig/network-scripts/ Figure 17: Update the if-cfg files through the console of the VM 7. Repeat Steps 5 and 6 for the Siebel Gateway and Siebel Tools VMs. The next step is to configure the pfsense Services Gateway on Ravello. The VPN IPsec tunnel setting will be created through the web interface of the pfsense virtual appliance. 8. Connect to the pfsense web admin page via the the Elastic IP assigned to the pfsense (use https://<elasticipaddress>). The default login credentials are: Username: admin Password: pfsense 14 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

The setup of the tunnel is comprised of two phases: Phase 1 specifies how the tunnel connects to its remote peer (DBCS on OCI). Phase 2 specifies which local network traffic/subnets should be sent through the tunnel. This division makes it possible for the tunnel to handle requests from multiple local subnets. In this example, one local subnet: 10.1.0.0/24 connects to 10.0.0.0/16 through the tunnel that has the to endpoints 31.220.71.130 and 129.213.7.49. 1. Add firewall rules to the WAN interface to allow incoming connections (3 rules for UDP ports 88,500,4500): Phase 1 Configuration Figure 18: Firewall rules for IPSec tunnel 1. Click on IPSec under the VPN tab. Click Add P1 2. For pfsense, the P1 options are: ISAKMP Protocol version 1 Remote Gateway: Enter the tunnel IP address assigned to the OCI IPSec connection in Step 6 Authentication method: pre-shared-keys Exchange type: Main mode My Identifier: IP address <Elastic IP of pfsense VM> Pre Shared Key: Enter the key corresponding to the Remote Gateway IP address Encryption: AES-128-cbc, AES-192-cbc, or AES-256-cbc Authentication algorithm: SHA-256, or SHA-384 Diffie-Hellman group: group 1, group 2, or group 5 IKE session key lifetime: 28800 seconds (8 hours) 3. Click Save. 15 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 19: Configuring Phase 1 of IPSec tunnel in pfsense 4. Click Add P2. 5. The P2 options are: Local Network: Lan Subnet Remote Network: Network <Private CIDR of OCI VCN> IPSec protocol: ESP, tunnel-mode Encryption: AES-128-cbc, AES-192-cbc, or AES-256-cbc Authentication algorithm: HMAC-SHA1-96 IPSec session key lifetime: 3600 seconds (1 hour) Perfect Forward Secrecy (PFS): enabled, group 5 6. Click Save and then Apply Changes. 16 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 20: Configuring Phase 2 of VPN tunnel in pfsense 7. To establish the VPN tunnel, click Status and then IPSec. 8. Click Connect VPN. The IPSec connection will shortly be established. Verifying the Siebel CRM application running on Ravello 1. The Cloud Database instance can now be accessed from any VM on Ravello to confirm that the Siebel database and listener service is up and running. Figure 21: Checking database and listener status 2. Check connectivity from the Siebel server using srvrmgr utility 17 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 22: Siebel server verification 3. Test connectivity to the Siebel Web Server from a browser. The IP address for the Web Server is located in Summary tab of the VM. For this Siebel CRM deployment, the Call Center component is enabled, for which is connectivity is shown above using the public IP assigned to the VM. Figure 23: Public IP of Siebel WebServer 18 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Figure 24: Application login 4. Siebel Tools can be verified by connecting to the Tools VM either through RDP or Console access. Figure 25: Siebel Tools verification 5. Shutting down the pfsense Gateway VM in Ravello causes errors while accessing the Siebel app, proving that the VPN setup is functioning as expected. Figure 26: Test to prove functioning VPN Tunnel 19 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Learn more Learn more and sign up for a free trial at https://cloud.oracle.com/ravello Figure 27: Sign up for a free trial. 20 ESTABLISHING SECURE CONNECTIVITY BETWEEN ORACLE RAVELLO AND ORACLE CLOUD INFRASTRUCTURE DATABASE CLOUD

Oracle Corporation, World Headquarters Worldwide Inquiries 500 Oracle Parkway Phone: +1.650.506.7000 Redwood Shores, CA 94065, USA Fax: +1.650.506.7200 CONNECT WITH US blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle oracle.com Copyright 2017, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 1217 Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud December 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback