Connecting to Autonomous Database Running on Google Cloud

Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This time I have provisioned a new ADB and want to see how I can connect from my VM running on the same VPC as the ADB.

I’ll use sqlcl to connect to the database, to install it you will need to get java installed and then do setup as per instructions. Fairly simple!

Finding the connection details

After provisioning the database, I need to look for the connection details. Depending on how I’ve provisioned the database I can either use the connection strings, or I have to download the wallet if mTLS is being used.

This time I’ve provisioned the database with TLS only, so I can use the connection strings available. The connection details can be easily found from your GCP Console under the database – Connections as you see below.

If you’re new to Autonomous Database, I highly recommend to learn more on service names and which one to use to connect! Depending on allocated ECPUs, some of the services have certain number of concurrency and parallelism available.

Good documentation link explaining it can be found from here: https://docs.oracle.com/en/cloud/paas/autonomous-database/serverless/adbsb/predefined-database-services-names.html

You can also see the connection details from OCI side, you will need to click the “Manage in OCI” to navigate to your OCI Console. If you’d need to download Wallet, you would do it from there.

Wallet Download from OCI side

 

 

 

 

 

Connection strings are available also on OCI side

Now that I have connection strings, I will just use tp_urgent one to connect to my database using sqlcl. Note, I have not done any network changes or allowed any additional traffic within my VPC. We’ll take a look on default settings after this.

Connecting to Autonomous Database is simple using sqlcl installed on my GCP VM

 

 

 

 

 

 

How can I just connect?

Since there are many moving parts, I tried to look why it’s so easy for me to connect when I’m on GCP VPC and spin up ADB-S. What all can we see from the GCP side and also from OCI side?

First of all, I’m using private hostname to connect which is an OCI hostname. Why does it work? Seems to me that on the background, GCP folks create DNS Zone towards the DNS names. From below, you can see there’s a zone which is linked to a DNS name.

If I look deeper, I can see the Zone actually has a DNS forwarder on GCP side which points a private endpoint/IP within my VPC. It’s also within the same range I gave when creating Autonomous DB. Conclusion from this is: One of the IP’s will be reserved for DNS forwarding.

DNS Zone forwarding towards Private endpoint

Checking from OCI side, I can see this is actually a private DNS listener. GCP creates DNS forwarding zone which points to OCI side networking (remember OCI creates 1:1 networking what you have on GCP side with CIDR ranges) DNS listener.

OCI side automatically creates DNS listener

Finally, on the OCI side I see two Network Security Groups (NSG) created. One for the DNS traffic and another one for ADB-S traffic towards port 1522.

NSGs created automatically on OCI side

Summary

After spinning up the Autonomous Database, the only thin you need is pretty much to establish connectivity with your client of choice. I used sqlcl in this example and TLS so was able to connect using the connection string only.

If you use mTLS, you will have to download the wallet and set the connection up using it.

Google and Oracle folks have done fascinating job on making the multicloud setup work with network automation and setup and still keeping it very easy for your average enduser!

Simo

Recent Posts

Autonomous Database Audit Logs to Logging Service Part 1

I recently came across requirement to get OCI Oracle Autonomous Database audit logs to OCI…

3 weeks ago

Can you believe it? Provisioning Autonomous Database in GCP!

I bet few years back folks didn't expect that by 2024 we would be able…

3 months ago

IP Address Insights with CLI

My previous post on IP Address Insights I mentioned it wasn't yet available with CLI…

7 months ago

Thoughts on Oracle Database@Azure

This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…

7 months ago

OCI Vulnerability Scanning Setup

Many times when you work for someone, they already have their own vulnerability scanning throughout…

7 months ago

OCI IP Address Insights

Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…

7 months ago