1. Go to the Resources page and click the button.
2. Select Oracle DB.
3. Enter your account credentials and click Connect.
- Encryption (Optional)
- Password (Optional)
- Schemas (Optional)
- SSH Tunnel Method (Optional)
4. Choose tables to import and click Finish Setup.
5. You will see a icon next to your resource. It may take a few minutes to several hours depending on the data size and the number of your tables. Once your data is ready, you will receive a notification email.
Acho has the ability to connect to the Oracle source with 3 network connectivity options:
Unencrypted: the connection will be made using the TCP protocol. In this case, all data over the network will be transmitted in unencrypted form.
Native network encryption: gives you the ability to encrypt database connections, without the configuration overhead of TCP / IP and SSL / TLS and without the need to open and listen on different ports. In this case, the SQLNET.ENCRYPTION_CLIENT option will always be set as REQUIRED by default: The client or server will only accept encrypted traffic, but the user has the opportunity to choose an
Encryption algorithmaccording to the security policies he needs.
TLS Encrypted: if this option is selected, data transfer will be transfered using the TLS protocol, taking into account the handshake procedure and certificate verification. To use this option, insert the content of the certificate issued by the server into the
SSL PEM filefield
Acho has the ability to connect to a Oracle instance via an SSH Tunnel. The reason you might want to do this because it is not possible (or against security policy) to connect to the database directly (e.g. it does not have a public IP address).
When using an SSH tunnel, you are configuring Acho to connect to an intermediate server (a.k.a. a bastion sever) that does have direct access to the database. Acho connects to the bastion and then asks the bastion to connect directly to the server.
Using this feature requires additional configuration, when creating the source. We will talk through what each piece of configuration means.
- 1.Configure all fields for the source as you normally would, except
SSH Tunnel Method.
SSH Tunnel Methoddefaults to
No Tunnel(meaning a direct connection). If you want to use an SSH Tunnel choose
SSH Key Authenticationor
Key Authenticationif you will be using an RSA private key as your secret for establishing the SSH Tunnel (see below for more information on generating this key).
Password Authenticationif you will be using a password as your secret for establishing the SSH Tunnel.
SSH Tunnel Jump Server Hostrefers to the intermediate (bastion) server that Acho will connect to. This should be a hostname or an IP Address.
SSH Connection Portis the port on the bastion server with which to make the SSH connection. The default port for SSH connections is
22, so unless you have explicitly changed something, go with the default.
SSH Login Usernameis the username that Acho should use when connection to the bastion server. This is NOT the Oracle username.
- 6.If you are using
Password Authentication, then
SSH Login Usernameshould be set to the password of the User from the previous step. If you are using
SSH Key Authenticationleave this blank. Again, this is not the Oracle password, but the password for the OS-user that Acho is using to perform commands on the bastion.
- 7.If you are using
SSH Key Authentication, then
SSH Private Keyshould be set to the RSA Private Key that you are using to create the SSH connection. This should be the full contents of the key file starting with
-----BEGIN RSA PRIVATE KEY-----and ending with
-----END RSA PRIVATE KEY-----.
The connector expects an RSA key in PEM format. To generate this key:
ssh-keygen -t rsa -m PEM -f myuser_rsa
This produces the private key in pem format, and the public key remains in the standard format used by the
authorized_keysfile on your bastion host. The public key should be added to your bastion host to whichever user you want to use with Acho. The private key is provided via copy-and-paste to the Acho connector configuration screen, so it may log in to the bastion.