Secure OCI Access through Private Endpoint

Secure OCI Access through Private Endpoint



In the image provided, there is a detailed depiction of the setup for OCI Private Endpoint, showcasing a well-organized structure of resources and connections within an OCI region.

The OCI region includes a virtual cloud network that consists of an Internet Gateway, a Dynamic Routing Gateway, and a Service Gateway. This virtual cloud network further comprises a public subnet housing a virtual machine resource that has connectivity to the Internet via the Internet Gateway.

Moreover, within the virtual cloud network lies a private subnet containing another virtual machine resource. Notably, within this private subnet, there is a private endpoint component that obtains an IP address from the subnet.

A critical aspect of the OCI region is the Oracle Services Network, a collection of Oracle-managed resources such as OCI Object Storage and a database service. These resources can be accessed through the private endpoint without the need to exit the confines of the network within the region.

It is highlighted that resources within the private subnet are limited to accessing only one of the eligible services in the Oracle Services Network through the private endpoint. If there is a necessity to access multiple services, each service would require its private endpoint for secure connectivity.

Overall, the diagram offers a clear and systematic representation of the resource allocation and connections underlying the OCI Private Endpoint setup, emphasizing the seamless access to Oracle-managed resources within the OCI region through private endpoints within the private subnet.

Article Source
https://www.oracle.com/cloud/networking/private-endpoint/