In previous post we explained the mechanisms to extract data from ERP and put it in an Object Storage repository that can be accessed privately from other places in a secure manner.
To demonstrate the use case we are creating a VPN tunnel between Google Cloud and OCI as explained here.
Once we have the tunnel up we create a compute VM in the Google side. This VM is in a network that ir routed by the peer VPN device, therefore both can connect directly.
In the Oracle side we first create a private network with no access to the internet, this is important to avoid traffic by the external leg of the object storage service. As both subnets are in the same VCN they can change traffic to each other.
Then we create a compute VM in the private network with no public IP
At this point we can ssh to the private vm from the Google VM using the VPN VM in the Oracle Cloud side:
Let’s check that there is no way to reach the internet:
And now let’s try to create a bucket in the object storage this way:
oci os bucket create --name prueba --compartment-id ocid1.compartment.oc1..aaaaaaaaxlyyvfshfysou6hnpaf34ux6nhkqelgtuxjwvpazw7b5uwpydneq
A service gateway is a virtual circuit between our network and the PaaS services such as Autonomous Database, Object Storage and the like. First we create a service gateway in the CVN:
And second, we create a route rule in the routing table of the private subnet in order to reach the PaaS services:
So far, so good. Let’s see if we can create the bucket now:
Nice, the bucket get’s created!
Finally let’s do a couple of oci-cli commands to operate with the bucket in which we have the ERP exported data in it:
oci os object bulk-download -bn ERPexported_data --download-dir .
Alright, we have the ERP data in a directory of a compute VM, now we can move it throught the VPN tunnel to the other side.
At this point, if you want to automate the movement of files one option is, among others, to deploy a cluster of Oracle Managed File Transfer (MFT) in your tenancy.
Hope it helps! Enjoy 🙂