Introduction
The OIC (Oracle Integration Cloud) in OCI is a public endpoint and has a public IP, so it can be accessible over the internet. To make the private connection from on-premises environment to the OIC keep the data privacy and integration secure and also its the customer requirement most of the time.
To achieve the private connection, We can make use of the VPN tunnel, which provides encrypted connectivity between on-premises systems and OCI. In this blog, we will explore how to establish secure access to OIC using a VPN tunnel, while also incorporating key OCI components for optimal performance.
OCI Components to be Used:
- IPSec Tunnel:- Encrypted link between your on-premises network and OCI. It uses IPSec (Internet Protocol Security) to ensure that data transmitted over public networks remains private and secure. This component is critical for safeguarding data in transit between the on-premises environment and OIC.
- Dynamic Routing Gateway v2 (DRGv2):- The DRGv2 acts as a virtual router that facilitates private connectivity between your VCN and external networks, such as on-premises systems. It routes traffic efficiently between the VCN and on-premises network over the VPN, playing a pivotal role in complex networking topologies.
- Virtual Cloud Network (VCN):- A VCN is a customizable network within OCI that serves as the foundational structure for deploying cloud resources. It provides a secure environment where cloud resources can communicate with each other and with on-premises systems over a VPN tunnel.
- Service Gateway (SGW):- The Service Gateway allows private resources within a VCN to access Oracle services without needing to route traffic over the public internet. This ensures that data flows securely and directly within Oracle's network, minimizing latency and enhancing security.
What we need for the setup:
- OCI Tenancy with VCN, service gateway and security rule configured.
- Already configured OIC instance
- IPSec tunnel setup
Solution:-
To enable on-premises access to OIC via a VPN tunnel, the following steps should be followed to configure routing and ensure secure connectivity:
- As we already have working IPSec tunnel, Need to create a route table within the VCN that directs traffic to the Service Gateway (SGW), allowing access to all regional Oracle services. This will accept the incoming traffic coming from on-premise to the OCI and send it to the OSN where OIC resides.
VCN ---> Route table -> Create Route table -> add below entry to the table.
2. Attach the newly above created route table to the DRG VCN attachment as VCN route table. When you go to to the VCN and then click on VCN attachment, so attach the route table to the VCN attachment.
In highlighted yellow color, attach the created route table.
3. Now need to Create a New VCN Routing Table for On-Premises Traffic. This route table will send the OSN traffic to the on-premise network.
The destination would be on-premise CIDR range and target should be the Dynamic routing gateway.
4. Attach the above create routing table to the service gateway. So all the traffic coming from OSN will go to the on-premise via DRG.
5. In OIC, control the OIC network access. We need to only allow network access to OIC from on-premises. So need to enable network access for on-premises CPE and CIDR range.
Conclusion
By following these detailed steps, you can establish secure access from your on-premises network to Oracle Integration Cloud over a VPN tunnel. This setup leverages OCI’s networking capabilities, including the VPN tunnel, DRG, SGW, and VCN, to create a robust, secure connection that supports data privacy and integration efficiency.
No comments:
Post a Comment