Setting up a direct Interconnection between Azure and Oracle Cloud Infrastructure


Oracle and Microsoft have built a dedicated, high-bandwidth, low-latency private network connection between Azure and Oracle Cloud Infrastructure. Customers can access the connection by using either Oracle FastConnect or Microsoft ExpressRoute, and they don’t need to deal with configuration or third-party carriers.

Using this cross-cloud connectivity, you can partition a multi-tier application to run your database tier on Oracle Cloud Infrastructure (OCI), and the application and other tiers on Microsoft Azure. The experience is like running the entire solution stack in a single cloud.

In this article, I will show you how to create a direct interconnection using the following scenario:

  • A virtual machine DB system running in OCI.
  • A MS Windows Server Machine running in Azure.
  • Then, I will create a connection from SQL Developer in Windows to the Oracle Database in the OCI Virtual Machine. 

The following diagram is a high-level overview of the connected solution:


Before Start, consider that Cross-cloud connectivity is limited to the following regions:

  •  Azure East US (EastUS) & OCI Ashburn, VA (US East)
  • Azure UK South (UKSouth) & OCI London (UK South)
  • Azure Canada Central (CanadaCentral) & OCI Toronto (Canada Southeast)
  • Azure West Europe (WestEurope) & OCI Amsterdam (Netherlands Northwest)
  • Azure Japan East (JapanEast) & OCI Tokyo (Japan East)
  • Azure West US (WestUS) & OCI San Jose (US West)
  • Azure Germany West Central & OCI Germany Central (Frankfurt)
  • Azure West US 3 & OCI US West ((Phoenix)
  • Azure Korea Central region & OCI South Korea Central (Seoul)
  • Azure Southeast Asia region & OCI Singapore (Singapore)
  • Azure Brazil South (BrazilSouth) & OCI Vinhedo (Brazil Southeast)

I’m using Azure East US (EastUS) & OCI Ashburn, VA (US East) regions for this article.

The article is divided in the following sections:

  1. Configure direct connectivity between ExpressRoute and FastConnect.
  2. Creating an Azure VNet and Resources.
  3. Creating an OCI VCN and Resources.
  4. Configuring route tables and security groups between Virtual Cloud Networks.
  5. Testing the direct interconnection between Azure and OCI.

        1. Configure direct connectivity between ExpressRoute and FastConnect

ExpressRoute on Azure

On Azure, go to All Services, Others and ExpressRoute Circuits. Or you can type ExpressRoute in the Search Bar.

Click on Create ExpressRoute Circuits:

Enter the Resource Group and Name for the ExpressRoute and click next:Configuration:

In the configuration tab, select Oracle Cloud FastConnect as Provider. 

An Azure ExpressRoute circuit provides granular bandwidth options, whereas OCI FastConnect supports 1, 2, 5, or 10 Gbps. Therefore, it is recommended to choose one of these matching bandwidth options under ExpressRoute.

Click Review + Create and Finish the configuration.


Note down your ExpressRoute Service key. We will use the service key during the FastConnect configuration.


FastConnect on OCI

On OCI, create a new Dynamic Routing Gateway (DRG). Go to Networking, Dynamic Routing Gateway. Select the compartment you want to use and Click on Create Dynamic Routing Gateway


Enter the name of the DRG and Click Create Dynamic Ruting Gateway.

The connection between Azure VNet and OCI VCN uses BGP dynamic routing, we will need two pairs of IP addresses of /30 for the two redundant BGP sessions between Azure and OCI. These IP Addresses must not overlap any of our Azure or OCI Virtual Networks.

For this exercise I will use:

IP Address

BGP

10.2.0.22/30

Customer Primary BGP

10.2.0.26/30

Customer Secondary BGP

10.2.0.21/30

Oracle Primary BGP

10.2.0.25/30

Oracle Secondary BGP

Go to Networking, FastConnect and Create Connection.


Select FastConnect Partner and find and select Microsoft Azure ExpressRoute as Partner. Click Next.


In the Step 2, enter the Name of the Connection.

Select Private Virtual Circuit.

Select the Dynamic Routing Gateway created in the first step of this section.

Select the desired bandwidth. For optimal performance, the bandwidth must match the bandwidth selected when creating the ExpressRoute circuit. 


In Provider Service Key, paste the ExpressRoute service key taken from Azure.

Then, configure the BGP IP Addresses, as shown in the table.

Finally, click on Create.

Final Validation

Validate the result connection from OCI, the status should be Provisioned:


From Azure, go to the Resource, overview. The List Azure Private should display the configured subnetworks in the list:


So far, we are configured the Direct Connection between the two clouds, we still need to configure the routing between internal Virtual Networks and resources. So let’s start with the interesting part.

 

2. Creating an Azure VNet and Resources 

Vnet Configuration

On Azure, go to All Services, Networking, Virtual Network and Create a new Virtual Network.

Enter the name and the Region for the Virtual Network and click Next:IP Addresses.


I’m using the network 192.168.0.0/16

I added a new Subnetwork: 192.168.0.0/24

Leave all the remaining options as default and click Review+Create. Then Create the Vnet.


Virtual Network Gateway configuration

Go to All Services, Networking, Virtual Network Gateways and Create Virtual Network Gateway.


Enter the Name of the VN Gateway, select ExpressRoute as type, select the VNet created before and enter the network you want to use for the IP Address range.

For IP Address, select Create New and name it. Click on Create+Review and finally click on Create.
The Virtual Network Gateway creation may take from 45 minutes to 1 hour. So be patient. Meanwhile, we can create our Test Virtual Machine. 

Virtual Machine Configuration

Go to All services, Compute, Virtual Machines and Create a New Virtual Machine.


Name your virtual machine, the image type and size can be any. I’m using a Windows Server machine that will connect to an Oracle Database in OCI.


In the networking tab, select the Vnet and Subnet created before, that way the VM will get an IP Address within the Subnet. 

We have finished the resource creation in Azure. Now let’s create the resources in OCI.

3. Creating an OCI VCN and Resources 

Creating a Virtual Cloud Network and DRG attachment

On OCI, go to Networking, Virtual Cloud Networks and Create a New Virtual Cloud Network


Name the Virtual Cloud Network and set the desired IP Address range. Click on Create VCN.

I’m using the network 10.1.0.0/16. When the VCN is ready. In the left menu select subnets and create a new subnet. I’m using the subnet 10.1.0.0/24.


Click on Create Subnet.

Now, we need to attach the Dynamic Routing Gateway created for the FastConnect Connection to our recently created VCN. On the left pane, select Dynamic Routing Gateway and create a new DRG Attachment. Select the name of the DRG and click Ok.


Creating a Virtual Machine DB System

On OCI, go to Oracle Database and Bare Metal, VM and Exadata, and click on create a new DB System


Enter the Name and the type of System, for this article I’m creating a Virtual Machine system with the smallest VM Shape available. 


For the networking configuration, select the VCN and Subnet created before. That way our DB system will get an Ip Address withing the subnet. 

All the remaining options depends on you. Click Create.

Now, We have the Direct connection between the cloud and all the resource in both sides. The only remaining configuration is the Routing between Azure Virtual Network and OCI Virtual Cloud Network. 

 4. Configuring route tables and security groups between Virtual Cloud Networks

Virtual Network Gateway  Connection

On Azure, once the Virtual Network Gateway is deployed, go to the resource, Connections and add a new Connection.


Name the Connection and select ExpressRoute as Connection type.
For ExpressRoute Circuit, Select the ExpressRoute circuit used for the direct interconnection. Click Ok.

Defining a Network Security Group and Inbound rules

On Azure, go to All Services, Networking, Network Security Groups and create a new Network Security Group.


Enter the name and region and click on Create.
Once created, go to the resource and select Associated Subnets. Add a new Subnet.


Select the Virtual Network and Subnet we are using for our resources and click Ok.

Then, in the left pane, select Inbound Rules and add the following inbound rules:

  • TCP connections, we will use it for TCP traffic from Windows Server Network (192.168.0.0/24) to Oracle Database (10.1.0.0/24). 
  • RDP connections, we will use it for accessing the virtual machine from any IP.














Inbound rules in the Network Security Group should look like following table:



Creating a Route Table and rules

Still on Azure, go to All Services, Networking, Route Table and create a new Route Table.

Name the Route table and select the region. Click on Review+Create and then Create.

Once created, go to the resource and select Subnets in the left Pane, and Associate a new Subnet.

.

Select the Virtual Network and the Subnet we are using for our resources and click Ok.

In the left pane, select Routes and add a new Route

We will add a route for the traffic coming from OCI to the Azure Virtual Network. Add the Ip range 10.1.0.0/16 and select Virtual Network Gateway as the hop.

Click Ok to add the route.

Creating a Route Table and security list in OCI

First, we will allow the access to the Virtual Machine DB system through internet. 

On OCI, go to Networking, Virtual Cloud Network and select the VCN where our resources are located. Select Internet Gateway and Add a new Internet Gateway.


Click on Create Internet Gateway.

Return to the Virtual Cloud Network Configuration and go to Route table, Default Route table and Add a new Route rule.



Select Internet Gateway as Target Type and enter the CIDR block: 0.0.0.0/0. Click on Add.

In the same Default Route Table, we will create a new Route Rule for the traffic coming from Azure VNet. Add a new Route Rule.


Select Route Type as Dynamic Routing Gateway and add the CIDR block of the Azure VNet: 192.168.0.0/16.

Click on Add.

Return to the Virtual Cloud Network Configuration and go to Security Lists, Default Security List and Add a new Ingres Rule


Ingress Rule with source CIDR of the Azure VNet Subnet (192.168.0.0/24) and All Protocols.

Now, we are ready for testing the direct interconnection. 

5. Testing the direct interconnection between Azure and OCI

On Azure, Go to your deployed Virtual Machine, Connect and Download the RDP file. 

Open the downloaded file and use the credentials you enter during the VM creation. 






Open a Command Prompt (CMD) and check what is the assigned IP Address. My virtual machine’s IP Address is 192.168.0.4. I will try to ping the Virtual Machine DB system located in 10.1.0.162.

We might receive a successful ping. 

Now, go to the Virtual Machine DB System using an SSH client and test the other side.


As you can see, my VM DB System’s IP Address is 10.1.0.162.

Ping to the Windows Server VM (192.168.0.4) succeeded too. 

Note: If you are not able to ping the Windows VM, check your firewall configuration and add a rule to allow ICMP traffic.

Now, return to the Windows Server VM and test the DB Connection. I installed SQL Developer to test the connection. You can also try using an Oracle Client or any other tool able to create a DB Connection.

I’m using the default service name:


The DB connection succeeded! 

Notes:
  • Remember, the cross-cloud connection between OCI and Azure is only available in the locations listed before and it is fully recommended to choose a matching bandwidth for ExpressRoute in Azure and FastConnect in OCI for optimal performance.
  • I tested a DB connection from Windows Server to an Oracle Database in this article, Oracle has certified these applications to run in Azure when using the Azure/Oracle Cloud interconnect solution:
    • E-Business Suite
    • JD Edwards EnterpriseOne
    • PeopleSoft
    • Oracle Retail applications
    • Oracle Hyperion Financial Management
  • Check the official Microsoft and Oracle documentation for more information. 












































 







Comments

Post a Comment

Popular posts from this blog

MySQL HeatWave - In-Memory Query Accelerator

Image
 MySQL Database Service delivers a database with all the essential features to help you rapidly pioneer innovative applications, MySQL Database Service is easy to use, secure, and enterprise ready, it combines the benefits of a widely adopted open source database solution with a strong ecosystem, millions of users and the backing of Oracle. MySQL HeatWave increases MySQL DB System performance and eliminates the need for a separate database and tools for OLTP, Analytics and Machine Learning features.  MySQL HeatWave combines transaction processing, real-time analytics and machine learning withing a single MySQL database. It stores data in main memory in a hybrid columnar format, its processing engine is enhanced with aggressive compression of the in-memory data, which helps to reduce the memory footprint, also, it uses a HeatWave cluster for massively parallel and high-performance analytics workloads.  MySQL HeatWave architecture To completely understand how HeatWave works...
Read more