Extracting Data from Oracle SaaS to Onprem or Other Clouds through Private High Speed Connection via Service Gateway | Part Two: Hands On

IT by javier mugueta

In previous post we explained the mechanisms to extract data from ERP and put in an Object Storage repository that can be accessed privately from other places in a secure manner.

To demonstrate the use case we are creating a VPN tunnel between Google Cloud and OCI as explained here.

Google Side

Once we have the tunnel up we create a compute VM in the Google side. This VM is in a network that ir routed by the peer VPN device, therefore both can connect directly.

Oracle Side

In the Oracle side we first create a private network with no access to the internet. This is important to avoid traffic trough the external leg of the object storage service. As both subnets are in the same VCN, they can interchange traffic to each other.

The private subnet and the vpn subnet

Then we create a compute VM in the private network with no public IP

At this point we can ssh to the private vm from the Google VM using the VPN VM in the Oracle Cloud side:

Let’s check that there is no way to reach the internet:

And now let’s try to create a bucket in the object storage this way and see that we can’t reach the storage service:

oci os bucket create --name prueba --compartment-id ocid1.compartment.oc1..aaaaaaaaxlyyvfshfysou6hnpaf34ux6nhkqelgtuxjwvpazw7b5uwpydneq
The operation can’t success, there is no route available

Service gateway

A service gateway is a virtual circuit between our network and the PaaS services such as Autonomous Database, Object Storage and the like. First, we create a service gateway in the VCN:

And second, we create a route rule in the routing table of the private subnet in order to reach the PaaS services:

So far, so good. Let’s see if we can create the bucket now:

Nice, the bucket get’s created!

Finally, let’s do a couple of oci-cli commands to operate with the bucket in which we have the ERP exported data in it:

oci os object bulk-download -bn ERPexported_data --download-dir .

Alright, we have the ERP data in a directory of a compute VM, now we can move it throught the VPN tunnel to the other side.

At this point, if you want to automate the movement of files one option is, among others, to deploy a cluster of Oracle Managed File Transfer (MFT) in your tenancy.

Hope it helps! Enjoy 🙂

One Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.