Friday, May 22, 2026

 

Create a Database Link from OCI Autonomous Database to a VM Database in a Different Tenancy

In the previous article, we discussed creating VCN peering between two OCI tenancies in the same region. In this article, we will use the same private networking setup to create a database link from an Oracle Autonomous Database to an Oracle Database running on a VM DB System in a different OCI tenancy. Since VCN peering is already configured between the two tenancies, the database traffic can use private networking instead of traveling over the public internet.

This is a common requirement when organizations manage workloads across multiple OCI tenancies. For example, one tenancy may host an Autonomous Database used for reporting or integration, while another tenancy may host an Oracle Database running on a VM DB System.

Oracle Autonomous Database supports private endpoints, which allow traffic to and from the database to remain within the OCI private network. To route outbound connections through the private endpoint, we need to set the ROUTE_OUTBOUND_CONNECTIONS database property.

 

Item

Example Value

Source tenancy

Tenancy hosting Autonomous Database

Target tenancy

Tenancy hosting VM DB System

Source database

Autonomous Database with private endpoint

Target database

Oracle Database on VM DB System

Source VCN CIDR

192.168.0.0/16

Target VCN CIDR

10.0.0.0/16

Target VM DB private IP

10.0.0.169

Target listener port

1521

Connection type

Private cross-tenancy OCI networking

Create an Autonomous Database in the source tenancy and a standalone Oracle Database on a compute VM in the target tenancy.
On the VM database server, ensure that the listener is running and that the pluggable database service is registered with the listener.

lsnrctl status

Confirm the listener is listening on the expected private IP and port.

Example:

HOST = 10.0.0.169
PORT = 1521

From the VM database server, verify the database service name.

show parameter service_names;

Or check listener services:

lsnrctl services

[oracle@db19c ~]$ lsnrctl status

LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 23-MAY-2026 01:53:09

Copyright (c) 1991, 2025, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.0.0.169)(PORT=1521)))

STATUS of the LISTENER

------------------------

Alias                     LISTENER

Version                   TNSLSNR for Linux: Version 19.0.0.0.0 - Production

Start Date                23-MAY-2026 01:51:16

Uptime                    0 days 0 hr. 1 min. 52 sec

Trace Level               off

Security                  ON: Local OS Authentication

SNMP                      OFF

Listener Parameter File   /u01/app/oracle/product/19c/dbhome_1/network/admin/listener.ora

Listener Log File         /u01/app/oracle/diag/tnslsnr/db19c/listener/alert/log.xml

Listening Endpoints Summary...

  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.0.0.169)(PORT=1521)))

  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))

Services Summary...

Service "513276ca6910454ae06500001727baf7" has 1 instance(s).

  Instance "ORCL", status READY, has 1 handler(s) for this service...

Service "ORCL" has 1 instance(s).

  Instance "ORCL", status READY, has 1 handler(s) for this service...

Service "ORCLXDB" has 1 instance(s).

  Instance "ORCL", status READY, has 1 handler(s) for this service...

Service "orclpdb" has 2 instance(s).

  Instance "ORCL", status READY, has 1 handler(s) for this service...

The command completed successfully

 

Create a Test User in the Target Database

Connect to the target VM database and create a test user.

CREATE USER test IDENTIFIED BY "<YourPasswordHere>";
GRANT CREATE SESSION TO test;
CREATE TABLE test.db_link_test (
    id NUMBER,
    description VARCHAR2(100)
);
INSERT INTO test.db_link_test VALUES (1, 'DB link test from Autonomous Database');
COMMIT;

Confirm Autonomous Database Uses Private Endpoint

In the OCI Console, open the Autonomous Database and verify that it is configured with a private endpoint.

The private endpoint should be placed in the source VCN/subnet that has peering & routing to the target VM DB VCN. The private endpoints allow Autonomous Database traffic to stay off the public internet.

Set Outbound Routing Through Private Endpoint

Connect to Autonomous Database as ADMIN and execute below SQL command.

Kindly note the Autonomous database network connection has been set to Private endpoint access only.  To execute SQL commands, we can invoke SQL Developer web  console from Database Actions in Autonomous database console.

 

In SQL developer web console, provide username as Admin and its password and login into the console.

Execute below command.

ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = 'PRIVATE_ENDPOINT';

This setting routes outbound connections from Autonomous Database through the private endpoint.

SELECT property_name, property_value
FROM database_properties
WHERE property_name = 'ROUTE_OUTBOUND_CONNECTIONS';

Expected result:

ROUTE_OUTBOUND_CONNECTIONS    PRIVATE_ENDPOINT

Test Network Reachability from Autonomous Database

Create credential at Autonomous database for VM database.

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'VMDB_CRED',
    username        => 'TEST',
    password        => 'YourPasswordHere'
  );
END;
/

From Autonomous Database, use DBMS_CLOUD_ADMIN to test whether the target host and port are reachable.

BEGIN
  DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
    db_link_name     => ‘<DB_LINK_NAME>’,
    hostname         => ‘<VM_DB_Hostname>’,
    port             => '1521',
    service_name     => ‘<PDB_SERVICE_NAME>’,
    credential_name  => 'VMDB_CRED',
    directory_name   => NULL,
    private_target   => TRUE
  );
END;
/

The database link requires a hostname in the hostname argument. In this setup, the target VM database private IP is 10.0.0.169. Since Autonomous Database may not resolve the VM hostname by default, create a private DNS zone in the VCN associated with the Autonomous Database private endpoint and add an A record for the VM database hostname.

Query the Target Database Through the DB Link

Run a simple query from Autonomous Database:

SELECT *
FROM test.db_link_test@VMDB_LINK;

Expected result:

ID   DESCRIPTION
1    DB link test from Autonomous Database

 

In this article, we created a database link from an OCI Autonomous Database to a VM database located in a different OCI tenancy using private networking. The key requirements are cross-tenancy VCN peering, correct route table and security rule configuration, an Autonomous Database private endpoint, outbound routing through the private endpoint, private DNS hostname resolution, and a valid database credential. After these components were configured, the Autonomous Database was able to query the target VM database through the database link successfully.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  Create a Database Link from OCI Autonomous Database to a VM Database in a Different Tenancy In the previous article, we discussed creati...

  • (no title)
        OCI - Vision The very common use case seen today is image recognition and detecting objects within that image. The image could have docu...
  • (no title)
      OCI Resource Manager OCI Resource manager is an automation tool for infrastructure. It can be considered as Infrastructure as a code too...
  • (no title)
    Installation of OCI Command line OCI CLI (Oracle Cloud Infrastructure Command Line Interface) is a powerful tool that allows users to mana...