Create a Private Endpoint

A private endpoint is a private IP address within your Virtual Cloud Network (VCN) that you can use to access a given service within Oracle Cloud Infrastructure.

Ops Insights communicates with Oracle Cloud Databases via private endpoints defined within a Virtual Cloud Network (VCN). For more information about private access and endpoints to OCI services, see Private Endpoints .

Private endpoints must be created in each service, private endpoints created in other services will not appear in the Ops Insights private endpoint list page. However Database Management endpoints can be converted to Ops Insights endpoints.

Note

Before you create a private endpoint in Ops Insights, you must have the following details:
  • The name of the VCN used to access your database.
  • The name of the subnet in the VCN.
  • The name of the network security group (optional).

The private endpoint is a representation of Ops Insights in the VCN in which the Oracle Cloud Database can be accessed, and acts as a Virtual Network Interface Card (VNIC) with private IP addresses in a subnet of your choice. The private endpoint does not have to be on the same subnet as the Oracle Cloud Database, but it must be on a subnet that can communicate with the Oracle Cloud Database.

Ops Insights lets you create a private endpoint for Oracle Cloud Databases. You can create a maximum of five Ops Insights private endpoints in your tenancy (per region) to connect to Oracle Base Databases, Exadata Database Service on Dedicated Infrastructure, and Autonomous Databases. There is no set limit or restriction on the number of databases for which you can enable Ops Insights using a single private endpoint. The private endpoint requires one private IP in the subnet.
Note

In the past a private endpoint for Cloud Oracle Base Databases was available and required for RAC Oracle Cloud Database and Exadata Database Service on Dedicated Infrastructure. Starting December 2023 these are no longer required for Ops Insights to connect to these types of Oracle Cloud Databases.

If you have set up private endpoint for RAC Oracle Cloud Databases, prior to December 2023 these will continue to function.

Dedicated Autonomous databases still require a special DNS proxy enabled private endpoint.

Creating a Private Endpoint

To create a private endpoint:

  1. From the Ops Insights main menu, click Administration and then Private Endpoints to access the Private Endpoint Administration page for the currently selected compartment. If endpoints for the compartment were previously defined, they will appear in the table where you can perform administrative functions.
  2. Click Create Private Endpoint. The Create Private Endpoint dialog displays.
    Private Endpoint dialog

  3. Enter the required parameters to define the endpoint:
    • Name: An easily identifiable name for the endpoint.
    • Description: Optional
    • Compartment: Select a compartment in which to create the private endpoint from the drop-down list. By default, the compartment that was selected prior to clicking Create Private Endpoint is chosen. Note that this does not have to match the database compartment.

    Configuration

    The private endpoint will be created in the VCN and subnet selected here. Select a subnet that has connectivity to the subnet which contains the database that will be added to Ops Insights.
    Note

    Dedicated Autonomous databases require a special DNS proxy enabled private data endpoint. To enable, select Use this private endpoint for Dedicated Autonomous Databases. Select this when connecting to Dedicated Autonomous Databases. Select this option if at least one Dedicated Autonomous Database will be connected to the private endpoint.
    • Virtual Cloud Network in <compartment>: Select the VCN within the current compartment that will be used to access the Cloud database. If desired, use the drop-down list to choose another VCN in that compartment.
    • Subnet in <compartment>: Select a subnet within the chosen VCN. By default, the first subnet in the drop-down list is selected.

    Network Security Group (optional)

    A network security group lets you add additional fine-grained security access to any resources that will be using the private endpoint. A security group acts as a virtual firewall that allows you to separate your VCN's subnet architecture from your security requirements.

    To add a network security group to the private endpoint,

    1. Click +Another Network Security Group.
    2. Select an existing network security group from the drop-down selector.
    3. If no security groups exist, click Add new to display the VCN details page where you can define a new Network Security Group for that VCN.
    4. From the Network Security Group region of the Create Private Endpoint dialog, click the refresh icon. The newly defined security group will be available in the drop-down selector.
  4. Click Create Private Endpoint. The Private Endpoint Details page displays where you can view private endpoint information including direct links to the details pages for the endpoint’s VCN, subnet, and network security groups.

For more information about security groups, see Network Security Groups

From the Private Endpoints Details page, you can perform the following operations:

  • View existing or define new resource tags
  • Edit the private endpoint (name, description, add/delete network security groups)
  • Move the private endpoint to a different compartment
  • Add resource tags
  • Delete the private endpoint
  • Register Oracle Cloud Databases with the private endpoint
  • View work requests associated with the private endpoint. Note: By default, the details page displays database resources. To display work resources, click Work Requests in the Resources menu. For more information about work requests, see Work Resources.

The above operations can also be performed from the Private Endpoint Administration page via the context menu (vertical ellipsis) for each private endpoint.

Deleting a Private Endpoint

You can delete a private endpoint from the Private Endpoint Administration page. Important: All databases accessing the private endpoint must first be disabled.