Oracle Database Cloud - Database as a Service relies on Oracle Compute Cloud Service to provide secure network access to Database as a Service instances. Therefore, you use the Oracle Compute Cloud Service console to perform network access
operations such as enabling access to a port on a compute node associated with a Database as a Service instance.
When a Database as a Service instance is created, the following Oracle Compute Cloud Service security rules are created, but set to a disabled status.
• ora_p2_dbconsole, which controls access to port 1158, the port used by Enterprise Manager 11g Database Control.
• ora_p2_dbexpress, which controls access to port 5500, the port used by Enterprise Manager Database Express 12c.
• ora_p2_dblistener, which controls access to port 1521, the port used by SQL*Net. • ora_p2_http, which controls access to port 80, the port used for HTTP connections
to the instance.
• ora_p2_httpadmin, which controls access to port 4848, the port used by the Oracle GlassFish Server administration console.
• ora_p2_httpssl, which controls access to port 443, the port used for HTTPS connections to the instance, including Oracle REST Data Services, Oracle Application Express, and the Oracle Cloud on-instance database monitor. To enable access to a compute node port, you enable the appropriate security rule. When you enable one of the predefined security rules, the given port on the compute node is opened to the public internet. If you wish to enable access to a compute node port that is not associated with an existing security rule, you must perform some additional steps to define the protocol associated with the port number and create a security rule. If you wish to restrict access to a compute node port, to only permit connections from specific IP addresses, you must create a Security IP List and associate it to the security rule.
Enabling Port Access by Enabling an Automatically Created Security Rule
To enable one of the automatically created Oracle Compute Cloud security rules:
1. Display the Network Security Rules page of the Oracle Compute Cloud Service
console:
a. Open the Oracle Compute Cloud Service console.
For instructions, see Accessing Oracle Compute Cloud Service in Using Oracle
Compute Cloud Service.
When you open the Oracle Compute Cloud Service console, the Instance Overview page is displayed.
b. Click Network.
The Network page displays with the Security Rules tile foremost.
2. Locate the security rule you want to enable.
3. From the menu for the located security rule, select Update.
The Update Security Rule window is displayed.
4. Change the Status from Disabled to Enabled. 5. Click Update.
The Update Security Rule window closes, and a message indicating that you successfully updated the security rule is displayed above the list of security rules.
Enabling Port Access by Creating a Security Rule
To enable a compute node port, or range of ports, that is not associated with one of the automatically created Oracle Compute Cloud security rules:
1. Display the Network Security Applications page of the Oracle Compute Cloud
Service console:
a. Open the Oracle Compute Cloud Service console.
For instructions, see Accessing Oracle Compute Cloud Service in Using Oracle
Compute Cloud Service.
When you open the Oracle Compute Cloud Service console, the Overview page is displayed with the Instances tile foremost.
b. Click Network.
The Network page displays with the Security Rules tile foremost.
c. Click the Security Applications tile.
The Network page refreshes with the Security Applications tile foremost.
2. Click Create Security Application. In the Create Security Application dialog,
enter the following information.
• Name: Any name to identify the new port; for example, mynetport.
• Port Type: tcp
• Port Range Start: The number of the port you wish to open, or the lowest number in the range of ports that you want to open.
• Port Range End: The number of the port you wish to open, or the highest number in the range of ports that you want to open.
• Description: Any description of your choice.
3. Click Create.
4. Click the Security Rules tile on the left side of the page, and then click Create Security Rule. In the Create Security Rule dialog, enter the following information. • Name: Any name to identify the security rule.
• Status: Enabled
• Security Application: Select the name of the security application you created in the steps above; for example mynetport.
• Source: Select Security IP Lists, and then select public-internet from the list. • Destination: Select the name of the security list to use as the target for this
security rule. By default, Database as a Service instances are assigned to security lists named ora-db.
• Description: Any description of your choice.
5. Click Create.
The port is opened to the public internet.
Restricting Port Access to Specific IP Addresses
If you wish to restrict access to a compute node port, to only permit connections from specific IP addresses:
1. Create a Security IP List that describes the IP addresses of the computers that are
to be granted access to the compute node, as described in Creating a Security IP List in Using Oracle Compute Cloud Service.
2. Create a Security Rule that links your Security IP List to the compute node
Security List on the Security Application (port) you want to open by setting fields in the Create Security Rule dialog as follows:
• Security Application: set to the name of the Security Application (port) on the compute node to which you want to provide access.
• Source: set to the name of the Security IP List you created. • Destination: set to the ora_db security list for the compute node.
Tip: You can use the above procedure Enabling Port Access by Creating a Security Rule to help you create a security rule.
For more information about creating security rules, see Creating a Security Rule in
Using Oracle Compute Cloud Service