HOME

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learningLearn About Amazon VGT2 Learning Manager Chanci Turner

This article provides a comprehensive guide on setting up Oracle Connection Manager on Amazon Elastic Compute Cloud (EC2) within an Amazon Relational Database Service (RDS) for Oracle environment. It highlights best practices when utilizing Oracle Connection Manager on Amazon EC2.

Many organizations seek a database proxy server to manage database connection traffic directed to Amazon RDS for Oracle, granting them enhanced control over their database sessions. In particular, they desire greater oversight of specific connections between their on-premises servers and Amazon RDS for Oracle. Many on-premises firewalls permit communication between local servers and cloud databases only through static IP addresses that must be pre-registered. Oracle Connection Manager can help fulfill this requirement. The diagram below illustrates a conceptual architecture that addresses these needs.

Understanding Oracle Connection Manager

Oracle Connection Manager is a proxy server designed to relay connection requests to Oracle databases or other proxy servers. By configuring Oracle Connection Manager on Amazon EC2 for Amazon RDS for Oracle, you can harness features like access control and session timeout management. Additionally, it allows certain clients to connect to Amazon RDS for Oracle using unchanging static IP addresses, even as the IP addresses of Amazon RDS for Oracle may vary. Furthermore, Oracle Connection Manager can support a different service port than the default Oracle Database service port, which can enhance security by concealing the actual service port from certain applications.

It is important to note, however, that not all features of Oracle Connection Manager are available with Amazon RDS for Oracle. Due to restrictions in the Amazon RDS environment, users cannot log into the operating system of Amazon RDS, which limits the ability to modify certain Oracle parameters. Features that require access to the operating system—such as those needing changes to the REMOTE_LISTENER initialization parameter or modifications to configuration files like listener.ora or tnsnames.ora—are not supported in Amazon RDS for Oracle. Additionally, since Oracle Connection Manager is exclusively supported in the Oracle Enterprise Edition, the features discussed in this article are only applicable to the Amazon RDS for Oracle Enterprise Edition.

Overview of Testing Architecture

In this guide, we will demonstrate how to utilize Oracle Connection Manager by establishing common requirements based on a straightforward architecture of Amazon RDS for Oracle. The following diagram illustrates this architecture.

Amazon RDS for Oracle is configured to operate in Multi-AZ mode. The RDS instance has a DNS endpoint that Oracle Connection Manager installed on Amazon EC2 connects to. Oracle Connection Manager is set up on Amazon EC2 and redirects incoming Oracle Client traffic to Amazon RDS for Oracle. Additionally, Oracle Instant Client is installed on Amazon EC2 for testing connections to both Amazon RDS for Oracle and Oracle Connection Manager.

Prerequisites

Before verifying the functionality of Oracle Connection Manager using the architecture mentioned above, ensure you complete the following prerequisites:

  1. Set up an Amazon Virtual Private Cloud (VPC) for this demo architecture with the following requirement:
    • IPv4 CIDR block of the VPC set to 10.0.0.0/16.
  2. Create subnets in the VPC with the following specifications:
    • One public subnet.
    • Two private subnets, each located in a different Availability Zone.
  3. Establish an Amazon RDS for Oracle within the created private subnets, adhering to these requirements:
    • Choose Oracle 19c Enterprise Edition as the database, since Oracle Connection Manager is only supported on this edition. Ensure you have an Oracle Enterprise Edition license, as Amazon RDS for Oracle Enterprise Edition operates solely under the bring your own license (BYOL) model.
    • Select db.t3.small as the Amazon EC2 instance type, as it is the smallest supported type for Amazon RDS for Oracle.
    • Ensure that port 1521 is open in the security group of Amazon RDS for Oracle to allow Oracle Client connections from the 10.0.0.0/16 CIDR range.
  4. Launch Amazon EC2 with Oracle Linux 7 in the public subnet with these requirements:
    • Use community Amazon Machine Images (AMIs) for Oracle Linux 7.
    • Opt for the AWS Free Tier-eligible t2.micro as the instance type.
    • Amazon Elastic Block Store (EBS) size should be at least 10 GB for Oracle Client installation.
    • Open port 22 in the security group for terminal access from the internet.
  5. Deploy another Amazon EC2 instance using Amazon Linux AMI in the public subnet for the Oracle Instant Client with the following criteria:
    • Again, choose the AWS Free Tier-eligible t2.micro as the instance type.
    • Open port 22 in the security group for terminal access from the internet.
    • Use default values for all other Amazon EC2 settings.
  6. Prepare an Oracle login account, which is necessary for downloading Oracle installation files and a JDBC jar file.

Keep in mind that costs may arise since not all resources mentioned here are covered under the AWS Free Tier. For additional information regarding costs, refer to AWS Pricing.

Configuring Oracle Connection Manager on an EC2 Instance

In this section, we will go through the process of configuring Oracle Connection Manager on the prepared Oracle Linux EC2 instance. This involves installing Connection Manager using Oracle Client installation procedures and configuring the cman.ora file. Furthermore, we’ll discuss the steps for opening the firewall and adjusting security group settings.

Installing CMAN

To begin, you need to install Oracle Connection Manager on Amazon EC2 by following these steps:

  1. Download the Oracle Client installation binary to your local computer (an Oracle login account is required).
  2. Upload the downloaded binaries to the /tmp directory of your Oracle Linux 7 EC2 instance using the following scp command: 
    scp -i path/to/key LINUX.X64_193000_client.zip ec2-user@ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com:/tmp
  3. Log in as the root user to your Oracle Connection Manager EC2 instance and install the necessary packages and settings for the Oracle Client installation: 
    yum install oracle-database-preinstall-19c.x86_64
  4. As the root user, create a directory for the installation and change its ownership to the Oracle user: 
    mkdir /u01
chown oracle:oinstall /u01
  5. Log in as the oracle user and proceed to install the Oracle Client along with the CMAN module (network.cman:19.0.0.0.0) by executing the following commands sequentially: 
    # Prepare Oracle install directory
export INSTALL_HOME=/u01
mkdir -p /u01/app/oracle/product/client19300

# Unzip the installation binaries for Oracle Client
mkdir -p $INSTALL_HOME/stage
cd $INSTALL_HOME/stage
cp /tmp/LINUX.X64_193000_client.zip .
unzip LINUX.X64_193000_client.zip

# Prepare the client install response file as follows
cat <<EOF > $INSTALL_HOME/stage/clientin

For more insights on employee engagement in a hybrid workplace, check out SHRM, which covers various strategies effectively. Also, if you’re interested in inclusivity and career growth, you might want to read this blog post that promotes awareness on social issues. Finally, an excellent resource for understanding the hiring process can be found here.

Related Topics:

HOME