It is a quite common requirement to integrate Oracle E-Business Suite instances running on Oracle Cloud Infrastructure (OCI) through Oracle Integration Cloud (OIC). In the past this required - since E-Business Suite is nevertheless an "on Premise Solution" to install a Connectivity Agent to connect to the database of Oracle E-Business Suite through the database adapter. Recently it is possible to skip that step by using a private endpoint.

Let us have a closer look at this!

Architecture when using the Connectivity Agent

Traditionally when connecting from Oracle Integration Cloud (that runs in the OCI data center) to on premise environments the natural solution is to leverage a Connectivity Agent. This is described over there (for OIC3): https://docs.oracle.com/en/cloud/paas/application-integration/integrations-user/downloading-and-running-premises-agent-installer.html#GUID-C12FA0F2-6264-4C60-BC90-C76850317304

My colleague Yves Chassein has covered that in great detail over here.

Integration Pattern when using the Connectivity Agent

Note: It doesn't matter here if the "Customer on prem application" is technically running on OCI as well. You still had to install the Connectivity Agent on a virtual machine in OCI to allow (private) connectivity between OIC (on OCI) and your own Virtual Cloud Networks (on OCI as well).

Private Endpoints

Luckily recently Oracle OIC is providing more and more "private endpoints". This results in an architecture as follows:

Architecture with private endpoints

So using this concept you're able to directly connect from the OIC instance that runs in a "special network" in OCI to a Virtual Cloud Network (VCN) of your own OCI Tenancy.

Setup Step-by-Step

The actual setup is very easy:

First, we create an appropriate subnet in your OCI VCN and allow it to access your target instance; here that is an OCI Base Database Service:

Subnets used for the OIC private endpoint (named soa-subnet here)

Ingress rule attached to the database network allowing connectivity from the OIC private endpoint network

After that we can create a private endpoint in the Oracle Integration Cloud (OCI console part):

Private endpoint connecting OIC to a OCI VCN Subnet

Finally, you can change your database connection to be a DBaaS (instead of a regular Database) Adapter Connection and then enter the details to connect to the database as follows:

Connecting through a Base Database through a private endpoint

The DBaaS adapter has the same capabilities as the "regular", "onPrem" Database adapter of OIC. Note: as the documentation states, it is mandatory to provide the hostname and NOT the IP address of the database to be connected; otherwise, you'll get a very difficult to understand or correlate error:

{"detail":"","status":"HTTP 500 Internal Server Error","title":"Operation [testConnection] failed: This connection is configured with an address which is not in an allowable range","type":"https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1"}

The documentation for this can be found here: https://docs.oracle.com/en/cloud/paas/application-integration/dbaas-adapter/using-oracle-database-cloud-service-adapter-oracle-integration-3.pdf

Summary

Using a private endpoint provides a much easier way to access databases in an OCI network from OIC. Unfortunately, when scanning through the list of all OIC adapters (https://docs.oracle.com/en/cloud/paas/application-integration/find-adapters.html), not all adapters so far support private endpoints. The feature is available e.g. for:

• Oracle Database Cloud Service Adapter
• REST Adapter
• AQ Adapter

It is not available however for:

• Oracle Database Adapter
• Oracle E-Business Suite Adapter
• MySQL Adapter

So unfortunately, so far you can not use a private endpoint to

• access a database that is just running on an OCI compute instance or
• use an IPSEC VPN Tunnel to get from the private endpoint network to some onPrem database instance.

This seems "highly random", and I hope this will be changed soon. Eventually/Probably you can work around this by just using the Database Cloud Service Adapter instead and still connect to an OnPrem / OnCompute Database instance.