Create a Database Management Private Endpoint for Autonomous Databases

You can create a Database Management private endpoint to configure network access between Database Management and an Autonomous Database.

Note

A Database Management private endpoint is required for Autonomous Databases Serverless, except when the Secure access from everywhere network access option is selected. For Autonomous Databases on Dedicated Exadata Infrastructure, a private endpoint is always required. For information, see Autonomous Database-related Prerequisite Tasks.

The private endpoint is a representation of Database Management in the VCN in which the Autonomous Database can be accessed, and acts as a VNIC with private IP addresses in a subnet of your choice. The private endpoint created in a VCN can be used to enable Database Management Diagnostics & Management for the Autonomous Databases available in the same VCN and it cannot be used across multiple VCNs. The private endpoint does not have to be on the same subnet as the Autonomous Database, although it must be on a subnet that can communicate with the Autonomous Database.

In Database Management, you can create the following types of private endpoints:

Private endpoint for Autonomous Databases Serverless: You can create a maximum of five Database Management private endpoints in your tenancy (per region) to connect to an Autonomous Database Serverless. There's no restriction on the number of Autonomous Databases Serverless for which you can enable Diagnostics & Management using a single private endpoint. The private endpoint for Autonomous Databases Serverless has only one private IP address.
Note that you can also use this private endpoint type to connect Database Management to single instance Oracle Cloud Databases, if required. For information, see Create a Database Management Private Endpoint for Oracle Cloud Databases.
Private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure: You can create only one Database Management private endpoint in your tenancy (per region) to connect to Autonomous Databases on Dedicated Exadata Infrastructure. One private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure can support up to 15 Single Client Access Name (SCAN) listeners. The private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure has two private IP addresses.
Note that you can also use this private endpoint type to connect Database Management to RAC Oracle Cloud Databases, if required. For information, see Create a Database Management Private Endpoint for Oracle Cloud Databases.

Note that you can create one private endpoint of each type in a VCN, which means that you can create one private endpoint for Autonomous Databases Serverless and one for Autonomous Databases on Dedicated Exadata Infrastructure. If you need more private endpoints than the default limit of five private endpoints for Autonomous Databases Serverless and one private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure in a tenancy, you can request for an increase to the private endpoint limit.

For information on private endpoints, see About Private Endpoints.

Before you create a Database Management private endpoint in the VCN, you must obtain the permissions required to work with virtual networking resources in Oracle Cloud Infrastructure and create a Database Management private endpoint. For information, see Permissions Required to Enable Diagnostics & Management for Autonomous Databases.

To create a Database Management private endpoint:

Sign in to the Oracle Cloud Infrastructure console.
Open the navigation menu, click Observability & Management. Under Database Management, click Administration.
On the left pane, click Private endpoints.
On the Private endpoints page, click Create private endpoint.
In the Create private endpoint panel:
1. Provide the following details:
  1. Name: Enter a name for the private endpoint.
  2. Description: Optionally, enter a description for the private endpoint.
  3. Choose compartment: Select the compartment in which you want the private endpoint to reside. By default, the compartment selected on the Private endpoints page is displayed, however, you can select another compartment in the drop-down list.
  4. Use this private endpoint for RAC databases or Dedicated Autonomous Databases: Select this check box if you want to create a Database Management private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure. The Database Management private endpoint for Autonomous Databases on Dedicated Exadata Infrastructure is a limited resource and you can create only one such private endpoint in your tenancy.
  5. Virtual cloud network: Select the VCN in which the Autonomous Database can be accessed. By default, the compartment selected on the Private endpoints page is displayed, however, you can click Change compartment and select another compartment, if required.
  6. Subnet: Select a subnet within the selected VCN. Depending on whether the new Database Management private endpoint is for Autonomous Databases Serverless or Autonomous Databases on Dedicated Exadata Infrastructure, it will take up two or three private IP addresses respectively, in the selected subnet. Note that the subnet can be in a different compartment than the VCN, however, it must have access to the database subnet in the VCN. By default, the compartment selected on the Private endpoints page is displayed, however, you can click Change compartment and select another compartment, if required.
  7. Network security group: Optionally, select an NSG added to the Autonomous Database. You can also click + Another security group to select another NSG.
    Note
    
    The option to associate existing NSGs in the Autonomous Database with the Database Management private endpoint ensures that the private endpoint can access the database. Using the NSG you can add ingress and egress security rules to enable communication between the Database Management private endpoint and the Autonomous Database.
    
    For information on NSGs, see Network Security Groups.
    
    For an example of how to add ingress and egress security rules to an NSG, see Enable Communication Between Database Management and Oracle Cloud Databases.
  8. Show advanced options: Optionally, add free-form or defined tags to the Database Management private endpoint. If you have the permissions required to create a Database Management private endpoint, then you also have permissions to add free-form tags. To add a defined tag, you must have permissions to use the tag namespace.
    For information on:
    - Tagging concepts and the permissions required to work with tags, see Overview of Tagging.
    - How to add a tag during resource creation, see To add a tag during resource creation.
2. Click Create private endpoint.

A Database Management private endpoint is created in the VCN, using which you can enable Database Management for Autonomous Databases.

To view details of the Database Management private endpoint, click its name. On the Private endpoint details page, you can:

View details such as the associated VCN and subnet and the private IP addresses assigned to the Database Management private endpoint. Note that the private IP address information is required to configure security rules.
Perform tag-related tasks.
View the Associated databases.
Click Work requests on the left pane under Resources to monitor the work requests pertaining to the private endpoint. You can click a particular work request to go to the Work request details page and view work request information, log messages, and error messages, if any.

Oracle Cloud Infrastructure Documentation