Connect a VMware SDDC VM to an Oracle Autonomous Database via Service Gateway

Deploy your VMware workloads in the public cloud while maintaining full control of the environment, by using Oracle Cloud VMware Solution (OCVS), a fully certified and supported software-defined data center (SDDC) solution developed jointly by Oracle and VMware.

My colleague Prasenjit Sarkar has done a nice video on How to Setup Oracle VMware Cloud Solution environment is Oracle OCI, you can find how to set up the connectivity (to Oracle Services Network, to the Internet, and to VCN resources) for an SDDC from the OCI document website.

There is a whitepaper on how to connect a VMware SDDC environment to an autonomous database (with private endpoint functionality) in the same VCN where OVCS deployed. Here I’m writing a short demo on how to connect an autonomous database public endpoint via service gateway.

The diagram below is the logical topology of a deployed OCVS environment:

1. VCN: 192.168.0.0/16
2. Public subnet: 192.168.2.0/24
3. Private subnet for OCVS: 192.168.4.0/25
4. NSX Edge uplink 1 VLAN for SDDC north-south traffic: 192.168.4.128/25
5. VMware NSX overlay network for VMs: 172.16.1.0/24
6. The SDDC north-south traffic is controlled with route rules and a network security group(NSG)
7. VMware SDDC access OCI Services via Service Gateway
8. VMware SDDC can access the Internet via NAT Gateway
9. A bastion server/jumping box for accessing VMware vCenter and NSX-T manager

Here are the steps to connect an SDDC VM (CentOS here) to an Autonomous Data Warehouse via Service Gateway.

1. Deploy a CentOS VM in VMware SDDC, there are many ways to deploy a VM such as:

• Deploy form an existing OVF file
• Deploy VM from an ISO image
• You can upload the image files to VMware datastore for VM installation

2. When VM is deployed, you can Install VM tools trough vSphere web client

3. Setup network and DNS configuration in VM

• Oracle Cloud VMware Solution is a one-click VMware SDDC deployment from Oracle Cloud Infrastructure Console. The automation of Oracle Cloud VMware Solution deploys standard settings for VMware vSphere, NSX-T, and VSAN, such as default hostnames, VLANS, network security groups (NSGs), route tables, security lists, DHCP for overlay network, and so on.
• SDDC Networks deployed by OCVS

• SDDC Provisioning Subnet, three ESXi Bare Metal hosts are running in this subnet

• Route table for SDDC North-South traffic

• NSX-T Edge Uplink VIP

• Network Security Group rules for SDDC North-South traffic

• NSX-T Network setup with Tier-0 and Tier-1 gateway pairs, Tier-1 gateway provide SDDC VM segments (in this case 172.16.1.0/24), Tier-0 gateway provides the uplinks to OCI VCN

• Two transport zones and two segments are created

• Tier-0 gateway setup

• Tier-0 gateway VIP configuration

• Tier-0 gateway static route for north-south traffic and its next-hop ( the IP address of Edge uplink 1 VLAN default gateway)

• Tier-1 Gateway Setup, one VM segment attached to Tier-1

• DHCP services attach Tier-1 gateway for the IPAM of SDDC VMs

• DNS: You can deploy a windows server compute instance in Oracle Cloud Infrastructure in the same VCN where the OCVS is deployed and perform standard DNS and Active Directory Domain functionality as needed to meet your requirements. I have another blog on how to configure DNS forwarder in OCVS NSX-T and route in OCI VCN to forward the DNS request (from SDDC workloads) to an external DNS server located in VCN. Here I’m using the Google DNS server for this short demo.

4. Install Oracle Instance client and sqlplus add-on

• wget https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-basic-19.8.0.0.0-1.x86_64.rpm
• rpm -ivh oracle-instantclient19.8-basic-19.8.0.0.0–1.x86_64.rpm
• wget https://download.oracle.com/otn_software/linux/instantclient/19800/oracle-instantclient19.8-sqlplus-19.8.0.0.0-1.x86_64.rpm
• rpm -ivh oracle-instantclient19.8-sqlplus-19.8.0.0.0–1.x86_64.rpm

5. Follow the steps to deploy Autonomous DW in the same region with OCVS. For the network access, I choose “Allow secure access from everywhere” with controlled network access lists (ACLs)

6. Upload the ADW connection wallet to OCI object storage and create a Pre-Authenticated Request URL

7. In CentOS VM, download the Wallet_CKDB.zip from object storage via the pre-authenticated URL and unzip it.

• Edit the sqlnet.ora file provided in the client credentials, replacing “?/network/admin” with the full path of the directory where you unzipped the client credentials
• export TNS_ADMIN=<full path of the directory where you unzipped the client credentials>

8. Connect using a database user, password, and database service name provided in the tnsnames.ora file

9. Done, you have connected an SDDC VM to Oracle Autonomous Data Warehouse: