Connecting to an Exadata Cloud Infrastructure Instance

This topic explains how to connect to an Exadata Cloud Infrastructure instance using SSH or SQL Developer.

How you connect depends on how your cloud network is set up. You can find information on various networking scenarios in Networking Overview, but for specific recommendations on how you should connect to a database in the cloud, contact your network security administrator.

Note

Exadata Cloud Infrastructure servers cannot be joined to Active Directory domains, and the service does not support the use of Active Directory for user authentication and authorization.

Prerequisites

List of the requirements for SSH access to a compute node in an Exadata Cloud Infrastructure instance.

You'll need the following:

  • The full path to the file that contains the private key associated with the public key used when the system was launched.

  • The public or private IP address of the Exadata Cloud Infrastructure instance.

    Use the private IP address to connect to the system from your on-premises network, or from within the virtual cloud network (VCN). This includes connecting from a host located on-premises connecting through a VPN or FastConnect to your VCN, or from another host in the same VCN. Use the public IP address to connect to the system from outside the cloud (with no VPN). You can find the IP addresses in the Oracle Cloud InfrastructureConsole as follows:

    • Cloud VM clusters ( new resource model ): On the Exadata VM Cluster Details page, click Virtual Machines in the Resources list.
    • DB systems: On the DB System Details page, click Nodes in the Resources list.

    The values are displayed in the Public IP Address and Private IP Address & DNS Name columns of the table displaying the Virtual Machines or Nodes of the Exadata Cloud Infrastructure instance.

About Connecting to a Compute Node with SSH

You can connect to the compute nodes in an Exadata Cloud Infrastructure system by using a Secure Shell (SSH) connection.

Most Unix-style systems (including Linux, Oracle Solaris, and Apple MacOS) include an SSH client. For Microsoft Windows, you can download a free SSH client called PuTTY from the following address: http://www.putty.org

Connecting from a Unix-Style System

To access a virtual machine on an Oracle ExaDB-D system from a Unix-style system using SSH, use this procedure.

  • Enter the following SSH command to access the virtual machine:
    ssh –i private-key user@node

    In the preceding syntax:

    • private-key is the full path and name of the file that contains the SSH private key that corresponds to a public key that is registered in the system.
    • user is the operating system user that you want to use to connect:
      • To perform operations as the Oracle Database software owner, connect as as opc and su oracle. The oracle user does not have root user access to the virtual machine.
      • To perform operations that require root access to the virtual machine, such as patching, connect as opc. The opc user can use the sudo -s command to gain root access to the virtual machine.
    • node is the host name or IP address for the virtual machine that you want to access.

Connecting to a Virtual Machine from a Microsoft Windows System Using PuTTY

Learn to access a virtual machine from a Microsoft Windows system using PuTTY.

Before you begin

Before you use the PuTTY program to connect to a virtual machine, you need the following:
  • The IP address of the virtual machine

  • The SSH private key file that matches the public key associated with the deployment. This private key file must be in the PuTTY .ppk format. If the private key file was originally created on the Linux platform, you can use the PuTTYgen program to convert it to the .ppk format.

To connect to a virtual machine using the PuTTY program on Windows:

  1. Download and install PuTTY.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

  2. Run the PuTTY program (putty.exe).

    The PuTTY Configuration window is displayed, showing the Session panel.

  3. In the Host Name (or IP address) field, enter the host name or IP address of the virtual machine that you want to access.
  4. Confirm that the Connection type option is set to SSH.
  5. In the Category tree, expand Connection if necessary and then click Data.

    The Data panel is displayed.

  6. In the Auto-login username field, enter the operating system user you want to connect as:
    1. Connect as the user opc to perform operations that require root or oracle access to the virtual machine, such as backing up or patching; this user can use the sudo command to gain root or oracle access to the VM.
  7. Confirm that the When username is not specified option is set to Prompt.
  8. In the Category tree, expand SSH and then click Auth.

    The Auth panel is displayed.

  9. Click the Browse button next to the Private key file for authentication field. Then, in the Select private key file window, navigate to and open the private key file that matches the public key that is associated with the deployment.
  10. In the Category tree, click Session.

    The Session panel is displayed.

  11. In the Saved Sessions field, enter a name for the connection configuration. Then, click Save.
  12. Click Open to open the connection.

    The PuTTY Configuration window closes and the PuTTY terminal window displays.

    If this is the first time you are connecting to the VM, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.

To access a database after you connect to the compute node

To connect to the database, you set environment information for the database.

  1. Log in as opc and then use sudo to connect as the oracle user.
    login as: opc
    			
    [opc@<host_name> ~]$ sudo su - oracle
  2. Source the database's .env file to set the environment.
    
    [oracle@<host_name>]# . <database_name>.env

    In the following example, the host name is "ed1db01" and the database name is "cdb01".

    [oracle@ed1db01]# . cdb01.env
    ORACLE_SID = [root] ? +ASM1
    The Oracle base has been set to /u01/app/grid

Connect to the Exadata Cloud Infrastructure Service

Learn how to connect to an Exadata Cloud Infrastructure system using SSH, and how to connect to an Exadata Cloud Infrastructure database using Oracle Net Services (SQL*Net).

Connecting to a Database with SQL Developer

You can connect to a database with SQL Developer by using one of the following methods:

  • Create a temporary SSH tunnel from your computer to the database. This method provides access only for the duration of the tunnel. (When you are done using the database, be sure to close the SSH tunnel by exiting the SSH session.)
  • Open the port used as the Oracle SCAN listener by updating the security list used for the cloud VM cluster or DB system resource in the Exadata Cloud Service instance. The default SCAN listener port is 1521. This method provides more durable access to the database. For more information, see Updating the Security List.

After you've created an SSH tunnel or opened the SCAN listener port as described above, you can connect to an Exadata Cloud Infrastructure instance using SCAN IP addresses or public IP addresses, depending on how your network is set up and where you are connecting from. You can find the IP addresses in the Console, in the Database details page.

Connecting to a Database with Oracle Net Services

You can connect to the virtual machines in an Exadata Cloud Infrastructure system using Oracle Net Services.

Using Oracle Net Services to Connect to a Database

Oracle Database Exadata Cloud Infrastructure supports remote database access by using Oracle Net Services.

Because Exadata Cloud Infrastructure uses Oracle Grid Infrastructure, you can make Oracle Net Services connections by using Single Client Access Name (SCAN) connections. SCAN is a feature that provides a consistent mechanism for clients to access the Oracle Database instances running in a cluster.

By default, the SCAN is associated with three virtual IP addresses (VIPs). Each SCAN VIP is also associated with a SCAN listener that provides a connection endpoint for Oracle Database connections using Oracle Net Services. To maximize availability, Oracle Grid Infrastructure distributes the SCAN VIPs and SCAN listeners across the available cluster nodes. In addition, if there is a node shutdown or failure, then the SCAN VIPs and SCAN listeners are automatically migrated to a surviving node. By using SCAN connections, you enhance the ability of Oracle Database clients to have a reliable set of connection endpoints that can service all of the databases running in the cluster.

The SCAN listeners are in addition to the Oracle Net Listeners that run on every node in the cluster, which are also known as the node listeners. When an Oracle Net Services connection comes through a SCAN connection, the SCAN listener routes the connection to one of the node listeners, and plays no further part in the connection. A combination of factors, including listener availability, database instance placement, and workload distribution, determines which node listener receives each connection.

Note

This documentation provides basic requirements for connecting to your Exadata Cloud Infrastructure databases by using Oracle Net Services.

Prerequisites for Connecting to a Database with Oracle Net Services

Review the prerequisites to connect to an Oracle Database instance on Oracle ExaDB-D using Oracle Net Services.

To connect to an Oracle Database on Exadata Cloud Infrastructure with Oracle Net Services, you need the following:
  • The IP addresses for your SCAN VIPs, or the hostname or IP address for a virtual machine that hosts the database that you want to access.
  • The database identifier: Either the database system identifier (SID), or a service name.
Connecting to a Database Using SCAN

To create an Oracle Net Services connection by using the SCAN listeners, you can choose between two approaches.

Identifying IP Addresses Using the SDK or CLI

You can use the SDK or the OCI CLI to identify the IP addresses of Exadata Cloud Infrastructure compute nodes. You can then use the IP addresses to connect to your system.

  1. Use the GetDbNode API to return the details of the Exadata Cloud InfrastructuredbNode. Note the OCIDs returned for the hostIpId and backupIpId parameters of the dbNode.
  2. With the OCIDs found in the hostIpId and backupIpId parameters, you can use the GetPrivateIp API to get the private IP addresses used by the client and backup subnets. For public subnet IP addresses, use the GetPublicIpByPrivateIpId API.
Connecting to a Database Using a Connect Descriptor that References All of the SCAN VIPs

You can set up a connect descriptor for Oracle Exadata Database Service on Dedicated Infrastructure System using multiple SCAN listeners.

This approach requires you to supply all of the single client access name (SCAN) virtual IP (VIP) addresses, and enables Oracle Net Services to connect to an available SCAN listener.

  1. Use the following template to define a Net Services alias, which is typically used to provide a convenient name for the connect descriptor:
    alias-name = (DESCRIPTION=
      (ADDRESS_LIST=
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-1)(PORT=1521))
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-2)(PORT=1521))
        (ADDRESS=(PROTOCOL=tcp)(HOST=SCAN-VIP-3)(PORT=1521)))
      (CONNECT_DATA=(sid-or-service-entry)))

    Where:

    alias-name is the name you use to identify the alias.

    SCAN-VIP-[1–3] are the IP addresses for the SCAN VIPs.

    sid-or-service-entry identifies the database SID or service name using one of the following formats:
    • SID=sid-name. For example: SID=S12C1.
    • SERVICE_NAME=service-name. For example: SERVICE_NAME=PDB1.example.yourcloud.com.
    Note

    By default, Oracle Net Services randomly selects one of the addresses in the address list to balance the load between the SCAN listeners.

Connecting to a Database Use a Connect Descriptor that References a Custom SCAN Name

You can set up a connect descriptor for Oracle Exadata Database Service on Dedicated Infrastructure System using a custom SCAN name.

Using this approach, you define a custom single client access name (SCAN) name in your domain name server (DNS), which resolves to the three SCAN virtual IP addresses (VIPs).

  1. Use the following template to define a Net Services alias that references the custom SCAN name:
    alias-name = (DESCRIPTION=
      (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=scan-name)(PORT=1521)))
      (CONNECT_DATA=(sid-or-service-entry)))

    Where:

    alias-name is the name you use to identify the alias.

    scan-name is the custom SCAN name.

    sid-or-service-entry identifies the database SID or service name using one of the following formats:
    • SID=sid-name. For example: SID=S12C1.
    • SERVICE_NAME=service-name. For example: SERVICE_NAME=PDB1.example.yourcloud.com.
    Alternatively, you can use the easy connect method to specify a connect descriptor with the following format:
    scan-name:1521/sid-or-service-entry
    For example:
    exa1scan.example.com:1521/S12C1
    Or
    exa1scan.example.com:1521/PDB1.example.yourcloud.com
Connecting to a Database Using a Node Listener

To connect to an Oracle Database instance on Exadata Cloud Infrastructure with a connect descriptor that bypasses the SCAN listeners, use this procedure to route your connection directly to a node listener.

By using this method, you give up the high-availability and load-balancing provided by SCAN. However, this method may be desirable if you want to direct connections to a specific node or network interface. For example, you might want to ensure that connections from a program that performs bulk data loading use the backup network.

Using this approach, you direct your connection using the hostname or IP address of the node.

Example 5-1 Defining a Net Service Alias That Directly References the Node

alias-name = (DESCRIPTION=
  (CONNECT_TIMEOUT=timeout)					
  (ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=node)(PORT=1521)))
  (CONNECT_DATA=(sid-or-service-entry)))

Where:

alias-name is the name you use to identify the alias.

timeout specifies a timeout period (in seconds), which enables you to terminate a connection attempt without having to wait for a TCP timeout. The (CONNECT_TIMEOUT=timeout) parameter is optional.

node is the hostname or IP address for the virtual machine that you want to use.

sid-or-service-entry identifies the database SID or service name using one of the following formats:
  • SID=sid-name. For example, SID=S12C1.
  • SERVICE_NAME=service-name. For example, SERVICE_NAME=PDB1.example.oraclecloudatcust.com.
Alternatively, you can use the easy connect method to specify a connect descriptor with the following format:
node:1521/sid-or-service-entry
For example:
exa1node01.example.com:1521/S12C1
Or
exa1node01.example.com:1521/PDB1.example.oraclecloudatcust.com