noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Technology

Oracle Corporation

06/14/2024 | Press release | Archived content

Prepare Custom Hostnames for Internet Access to Oracle Fusion ...

Published Version 2 on June 28th, 2024.

Introduction

Oracle Fusion Analytics (Fusion Analytics) is a component of the Oracle Fusion Data Intelligence (FDI) platform designed to deliver personalized insights for Oracle Fusion Cloud Applications (Fusion Cloud Applications). It combines business data, ready-to-use analytics, and prebuilt AI and machine learning (ML) models to deliver deep insights and actionable results.

This post is a member of the Private Fusion Analytics series. It builds upon the foundation described in Use Custom Hostnames for Oracle Fusion Analytics.

It guides setting up the OCI (Oracle Cloud Infrastructure) network components required to use custom hostnames to access Fusion Analytics service endpoints via the internet. Architectural diagrams, component descriptions, access flows, and links for additional references are included.

Note: This post describes using a custom hostname for two FDI web services, one of which is OAC (Oracle Analytics Cloud). It does not cover using a custom hostname for the FDI ADW (Autonomous Data Warehouse). The Call to Action includes links to relevant ADW documentation.

Note: The Vanity URL feature available in standalone instances of OAC offers more functionality than the method described in this post. However, it is unavailable in the current release of Fusion Analytics. The method described in this post may also be used for standalone instances of OAC if desired.

Use Case

Custom hostnames enable customers to use their registered domains for Fusion Analytics services and a single hostname for multiple web services.

The following shows the Fusion Analytics prebuilt hostnames format as of the current release.

Fusion Analytics Console
- --prod.data.analyticsapps..ocs.oraclecloud.com
Oracle Analytics Cloud
- oax--to.analytics.ocp.oraclecloud.com

The following shows an example format of a custom hostname used by Myorg, inc., whose registered domain is myorg.com.

For all Fusion Analytics services
- analytics..myorg.com

Prerequisites

Following the guidance in this post requires:

Fusion Analytics Components
- All components described in Prepare DNS Components for Oracle Fusion Analytics Service Endpoints Internet Access for the DNS (Domain Name System) alternative in use.
- An accessible Fusion Analytics environment using default Fusion Analytics hostnames.
Custom hostname components described in Use Custom Hostnames for Oracle Fusion Analytics:
- The custom hostname designated for the Fusion Analytics environment.
- The certificate for the hostname signed by a CA (Certificate Authority).
Privileges to
- Manage load-balancers, certificate-authority-family, and virtual-network-family in the compartment hosting the Fusion Analytics environment.
- Create, register, and publish DNS entries for the custom hostnames.

Architecture

The architecture diagrams depict two alternatives described in Prepare DNS Components for Oracle Fusion Analytics Service Endpoints Internet Access.

Click to toggle the architecture diagrams.

Initial States

This diagram depicts the initial state of the Customer DNS alternative.

This diagram depicts the initial state of the OCI DNS alternative.

Prepared States

This diagram depicts the prepared state for the Customer DNS alternative.

This diagram depicts the prepared state for the OCI DNS alternative.

Components

This section describes the additional and updated components in the prepared-state architecture diagrams.

Click to toggle the component descriptions.

OCI Certificates Service

You must supply a certificate to use standard SSL with a load balancer and its resources

Oracle strongly recommends using the Certificates service for creating and managing certificates.
The service stores the uploaded custom hostname certificate.

Public Load Balancer

A public load balancer in a public subnet with a public IP address receives a Fusion Analytics URL containing a custom hostname and redirects it to the actual Fusion Analytics URL.

Load Balancer Rule Set

A rule set is associated with the load balancer's listener and is composed of rules and actions applied to inbound traffic.

Load Balancer URL Redirect Rules

A URL redirect rule specifies the path string and match condition the service uses to evaluate an incoming URL. URL redirect rules in the load balancer's rule set specify how to redirect incoming URLs to destination URLs. A destination URL and response code are returned to the client.

Load Balancer Backend Set

A backend set is a logical entity associated with the load balancer listener. It is defined by a load balancing policy, a health check policy, and, optionally, a list of backend servers.

The default backend set is defined without backend servers for URL redirection. It is used only for URLs that cannot be redirected due to the path string and match condition.

Load Balancer Listener

A listener is a logical entity that checks for incoming traffic on the load balancer's IP address. For use with URL redirection, it handles HTTPS traffic arriving on port 443. It is configured with the following:

SSL using the custom hostname certificate managed by the Certificate service.
The load balancer rule set defined for URL redirection
The null backend set.

Customer DNS

The customer DNS is modified to add records to a public external zone.

Public External Zone Records

A DNS "A" record is added to a public external zone. It contains the custom hostname and the public IP address of the load balancer.

An example may look like this:

DomainTypeTTLRDATA
analytics.dev.myorg.com A 500 129.35.20.68

Deploy

Several frameworks exist to deploy the components:

The Call to Action includes links to documentation for using the OCI console.

A typical provisioning sequence follows:

Import the custom hostname certificate determined in Use Custom Hostnames for Oracle Fusion Analytics to the OCI Certificates Service.
Create a public load balancer with a public IP address in a public subnet.
Tip: To utilize existing security rules, use the public subnet containing the NLBs (Network Load Balancers) acting as proxies for the Fusion Analytics service endpoints.
- Accept the defaults for the backend set. Do not add backend servers.
- Configure the listener for the HTTPs protocol and port 443.
  - Configure SSL for the listener.
Update the load balancer.
- Create a rule set.
  - Add the URL redirection rules to the rule set.
- Associate the rule set to the load balancer listener.
Follow your organization's procedures for adding a DNS record to the public external zone containing the custom hostname and the load balancer's public IP address.

Access Flows

After the components are deployed, custom hostnames can be used to access Fusion Analytics service endpoints.

Click to toggle the access flow diagrams.

This diagram depicts the access flow for the Customer DNS alternative.

A client browser sends a DNS query with the Fusion Analytics custom hostname. The query is resolved with the record in the public external zone, and the LB (Load Balancer) IP is returned.

The client browser sends an HTTPs request to the LB with the Fusion Analytics custom hostname in the URL.

The load balancer evaluates the URL path and match rules and returns the URL with the Fusion Analytics hostname.

The browser sends a DNS query with the Fusion Analytics hostname. The query is resolved with the record in the private internal zone, and the NLB IP is returned.

The client browser sends an HTTPs request with the Fusion Analytics hostname in the URL to the NLB, which forwards it on to the Fusion Analytics web service.

This diagram depicts the access flow for the OCI DNS alternative.

A client browser sends a DNS query with the Fusion Analytics custom hostname. The query is resolved with the record in the public external zone, and the LB (Load Balancer) IP is returned.

The client browser sends an HTTPs request to the LB with the Fusion Analytics custom hostname in the URL.

The LB evaluates the URL path and match rules and returns the URL with the Fusion Analytics hostname.

The browser sends a DNS query with the Fusion Analytics hostname.

The query is forwarded by the customer DNS, resolved with the record in the OCI private zone, and the NLB IP is returned.

The client browser sends an HTTPs request with the Fusion Analytics hostname in the URL to the NLB, which forwards it on to the Fusion Analytics web service.

Call to Action

Refer to the Overview of Private Fusion Analytics for references to other posts in the series.

Explore the components used in this post.

DNS server software uses various methods to create DNS zones. Below is a link to the OCI DNS method.

Creating an OCI Public DNS Zone

Explore Fusion Analytics by visiting the community links, blogs, and library.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format