Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This time I have provisioned a new ADB and want to see how I can connect from my VM running on the same VPC as the ADB.
I’ll use sqlcl to connect to the database, to install it you will need to get java installed and then do setup as per instructions. Fairly simple!
Finding the connection details
After provisioning the database, I need to look for the connection details. Depending on how I’ve provisioned the database I can either use the connection strings, or I have to download the wallet if mTLS is being used.
This time I’ve provisioned the database with TLS only, so I can use the connection strings available. The connection details can be easily found from your GCP Console under the database – Connections as you see below.
If you’re new to Autonomous Database, I highly recommend to learn more on service names and which one to use to connect! Depending on allocated ECPUs, some of the services have certain number of concurrency and parallelism available.
Good documentation link explaining it can be found from here: https://docs.oracle.com/en/cloud/paas/autonomous-database/serverless/adbsb/predefined-database-services-names.html
You can also see the connection details from OCI side, you will need to click the “Manage in OCI” to navigate to your OCI Console. If you’d need to download Wallet, you would do it from there.
Now that I have connection strings, I will just use tp_urgent one to connect to my database using sqlcl. Note, I have not done any network changes or allowed any additional traffic within my VPC. We’ll take a look on default settings after this.
How can I just connect?
Since there are many moving parts, I tried to look why it’s so easy for me to connect when I’m on GCP VPC and spin up ADB-S. What all can we see from the GCP side and also from OCI side?
First of all, I’m using private hostname to connect which is an OCI hostname. Why does it work? Seems to me that on the background, GCP folks create DNS Zone towards the DNS names. From below, you can see there’s a zone which is linked to a DNS name.
If I look deeper, I can see the Zone actually has a DNS forwarder on GCP side which points a private endpoint/IP within my VPC. It’s also within the same range I gave when creating Autonomous DB. Conclusion from this is: One of the IP’s will be reserved for DNS forwarding.
Checking from OCI side, I can see this is actually a private DNS listener. GCP creates DNS forwarding zone which points to OCI side networking (remember OCI creates 1:1 networking what you have on GCP side with CIDR ranges) DNS listener.
Finally, on the OCI side I see two Network Security Groups (NSG) created. One for the DNS traffic and another one for ADB-S traffic towards port 1522.
Summary
After spinning up the Autonomous Database, the only thin you need is pretty much to establish connectivity with your client of choice. I used sqlcl in this example and TLS so was able to connect using the connection string only.
If you use mTLS, you will have to download the wallet and set the connection up using it.
Google and Oracle folks have done fascinating job on making the multicloud setup work with network automation and setup and still keeping it very easy for your average enduser!