06/14/2024 | Press release | Archived content
Published Version 2 on June 28th, 2024.
IntroductionOracle Fusion Analytics (Fusion Analytics) is a component of the Oracle Fusion Data Intelligence (FDI) platform designed to deliver personalized insights for Oracle Fusion Cloud Applications (Fusion Cloud Applications). It combines business data, ready-to-use analytics, and prebuilt AI and machine learning (ML) models to deliver deep insights and actionable results.
This post is a member of the Private Fusion Analytics series. It builds upon the foundation described in Use Custom Hostnames for Oracle Fusion Analytics.
It guides setting up the OCI (Oracle Cloud Infrastructure) network components required to use custom hostnames to access Fusion Analytics service endpoints via the internet. Architectural diagrams, component descriptions, access flows, and links for additional references are included.
Note: This post describes using a custom hostname for two FDI web services, one of which is OAC (Oracle Analytics Cloud). It does not cover using a custom hostname for the FDI ADW (Autonomous Data Warehouse). The Call to Action includes links to relevant ADW documentation.
Note: The Vanity URL feature available in standalone instances of OAC offers more functionality than the method described in this post. However, it is unavailable in the current release of Fusion Analytics. The method described in this post may also be used for standalone instances of OAC if desired.
Use Case
Custom hostnames enable customers to use their registered domains for Fusion Analytics services and a single hostname for multiple web services.
The following shows the Fusion Analytics prebuilt hostnames format as of the current release.
The following shows an example format of a custom hostname used by Myorg, inc., whose registered domain is myorg.com.
Following the guidance in this post requires:
The architecture diagrams depict two alternatives described in Prepare DNS Components for Oracle Fusion Analytics Service Endpoints Internet Access.
Initial States
This diagram depicts the initial state of the Customer DNS alternative.
This diagram depicts the initial state of the OCI DNS alternative.
Prepared States
This diagram depicts the prepared state for the Customer DNS alternative.
This diagram depicts the prepared state for the OCI DNS alternative.
This section describes the additional and updated components in the prepared-state architecture diagrams.
You must supply a certificate to use standard SSL with a load balancer and its resources
Oracle strongly recommends using the Certificates service for creating and managing certificates.
The service stores the uploaded custom hostname certificate.
A public load balancer in a public subnet with a public IP address receives a Fusion Analytics URL containing a custom hostname and redirects it to the actual Fusion Analytics URL.
A rule set is associated with the load balancer's listener and is composed of rules and actions applied to inbound traffic.
A URL redirect rule specifies the path string and match condition the service uses to evaluate an incoming URL. URL redirect rules in the load balancer's rule set specify how to redirect incoming URLs to destination URLs. A destination URL and response code are returned to the client.
A backend set is a logical entity associated with the load balancer listener. It is defined by a load balancing policy, a health check policy, and, optionally, a list of backend servers.
The default backend set is defined without backend servers for URL redirection. It is used only for URLs that cannot be redirected due to the path string and match condition.
Load Balancer ListenerA listener is a logical entity that checks for incoming traffic on the load balancer's IP address. For use with URL redirection, it handles HTTPS traffic arriving on port 443. It is configured with the following:
The customer DNS is modified to add records to a public external zone.
A DNS "A" record is added to a public external zone. It contains the custom hostname and the public IP address of the load balancer.
An example may look like this:
DomainTypeTTLRDATA
analytics.dev.myorg.com A 500 129.35.20.68
Several frameworks exist to deploy the components:
The Call to Action includes links to documentation for using the OCI console.
A typical provisioning sequence follows:
Tip: To utilize existing security rules, use the public subnet containing the NLBs (Network Load Balancers) acting as proxies for the Fusion Analytics service endpoints.
After the components are deployed, custom hostnames can be used to access Fusion Analytics service endpoints.
This diagram depicts the access flow for the Customer DNS alternative.
A client browser sends a DNS query with the Fusion Analytics custom hostname. The query is resolved with the record in the public external zone, and the LB (Load Balancer) IP is returned.
The client browser sends an HTTPs request to the LB with the Fusion Analytics custom hostname in the URL.
The load balancer evaluates the URL path and match rules and returns the URL with the Fusion Analytics hostname.
The browser sends a DNS query with the Fusion Analytics hostname. The query is resolved with the record in the private internal zone, and the NLB IP is returned.
The client browser sends an HTTPs request with the Fusion Analytics hostname in the URL to the NLB, which forwards it on to the Fusion Analytics web service.
This diagram depicts the access flow for the OCI DNS alternative.
A client browser sends a DNS query with the Fusion Analytics custom hostname. The query is resolved with the record in the public external zone, and the LB (Load Balancer) IP is returned.
The client browser sends an HTTPs request to the LB with the Fusion Analytics custom hostname in the URL.
The LB evaluates the URL path and match rules and returns the URL with the Fusion Analytics hostname.
The browser sends a DNS query with the Fusion Analytics hostname.
The query is forwarded by the customer DNS, resolved with the record in the OCI private zone, and the NLB IP is returned.
The client browser sends an HTTPs request with the Fusion Analytics hostname in the URL to the NLB, which forwards it on to the Fusion Analytics web service.
Refer to the Overview of Private Fusion Analytics for references to other posts in the series.
Explore the components used in this post.