Connecting to OCI DB System with SQLDeveloper via Bastion Box


Recipe for creating a secure connection between sqlDeveloper in our local machine and an Oracle Cloud Infra DB System created in a private subnet of a Virtual Cloud Network network not opened to internet

Steps

  • Create a Virtual cloud network (VCN) with, at least 2 subnets, one public and the other private
  • Create a bastion host VM in the public subnet
  • Create an internet gateway in the VCN
  • Create a route for the public subnet so that the traffic to 0.0.0.0/0 goes through the internet gateway (no other routes are needed, routing between both subnets is enabled by default in the VCN)
  • Create a new DB System in the private subnet and grab the private IP of the database system node
t5
  • Create a compute VM with public IP exposed
  • In your remote client machine open a ssh tunnel this way:
ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip
  • Grab the database connection details
t10
  • Create a connection in sqlDeveloper
t2
  • Test the connection
t1

Hope it helps! 🙂

3 comments

  1. Hi Jav,Whenever I need to access OCI DB in private subnet through sql developer I need to create the tunneling right ?

    SSH tunneling command you mentioned (ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip ) where do I need to execute that ?Do I need to run this bastion compute VM (Bastion Jumpbox)?

    Like

  2. Hi Jav,Whenever I need to access OCI DB in private subnet through sql developer I need to create the tunneling right ?

    SSH tunneling command you mentioned (ssh -i privatekeyfile -N -L localhost:1521:dbnodeprivateip:1521 opc@jumpboxpublicip ) where do I need to execute that ?Do I need to run this bastion compute VM (Bastion Jumpbox)?

    Like

    1. Hi, I’ve updated the post with more instructions. You need to create a VCN with one public and one private subnets, then create the dbsystem in the private and a bastion vm machine in the public.

      Like

Leave a Reply to Chiranjib Nandy Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: