How to Deploy Oracle 23ai Database on OCI – Complete DBA Implementation Guide.
Introduction
Oracle 23ai is Oracle’s latest AI-enabled database release designed for modern enterprise workloads, AI applications, vector search, JSON-relational architecture, and autonomous operations. Deploying Oracle 23ai on Oracle Cloud Infrastructure (OCI) provides DBAs with high performance, scalability, and enterprise-grade security.
In this guide, we will deploy Oracle 23ai Database on OCI from scratch using:
Virtual Cloud Network (VCN)
Public and Private Subnets
Network Security Groups (NSG)
Oracle DB System
SSH Access Configuration
This article is written from a real DBA operational perspective instead of a basic cloud tutorial.
Architecture Overview
Before deployment, let us understand the architecture.
Components Used
| Component | Purpose |
|---|---|
| VCN | Private cloud network for OCI resources |
| Public Subnet | Used for Bastion / external access |
| Private Subnet | Used for Database deployment |
| NSG | Security-level traffic control |
| Internet Gateway | Internet connectivity |
| Route Table | Controls network routing |
| Oracle DB System | Hosts Oracle 23ai database |
| SSH Key Pair | Secure server access |
Target Architecture
The deployment architecture follows enterprise security standards.
Laptop
|
SSH
|
Public IP
|
OCI Bastion / Public Subnet
|
Private Subnet
|
Oracle 23ai DB System
Prerequisites
Before starting deployment ensure:
OCI account is active
User has Administrator privileges
SSH client installed
Oracle Cloud region selected
OCI Compartment created
Step 1 – Login to OCI Console
Open OCI Console.
Navigate to:
Oracle Cloud Console → Identity & Security → Compartments
Create a new compartment.
Example:
Name: PROD-DBA-LAB
Description: Oracle 23ai Deployment Lab
Compartments help isolate cloud resources.
Step 2 – Create Virtual Cloud Network (VCN)
What is VCN?
VCN acts like a private data center network inside OCI.
Navigate:
Networking → Virtual Cloud Networks → Create VCN
VCN Configuration
| Parameter | Value |
|---|---|
| Name | OCI-23AI-VCN |
| CIDR Block | 10.0.0.0/16 |
| DNS Resolution | Enabled |
Click:
Create VCN
Step 3 – Create Internet Gateway
Navigate:
VCN → Internet Gateways → Create Internet Gateway
Configuration:
| Parameter | Value |
|---|---|
| Name | OCI-IGW |
| Enabled | Yes |
Purpose:
Enables internet communication
Required for package downloads and updates
Step 4 – Create Route Table
Navigate:
VCN → Route Tables → Create Route Table
Add route rule:
| Destination | Target |
|---|---|
| 0.0.0.0/0 | Internet Gateway |
This allows outbound internet access.
Step 5 – Create Subnets
We will create:
Public Subnet
Private Subnet
Step 5A – Create Public Subnet
Navigate:
VCN → Subnets → Create Subnet
Configuration:
| Parameter | Value |
|---|---|
| Name | PUBLIC-SUBNET |
| CIDR | 10.0.1.0/24 |
| Type | Regional |
| Public IP | Enabled |
| Route Table | OCI-RT |
Purpose:
Bastion access
SSH connectivity
Jump server access
Step 5B – Create Private Subnet
Configuration:
| Parameter | Value |
|---|---|
| Name | PRIVATE-DB-SUBNET |
| CIDR | 10.0.2.0/24 |
| Public IP | Disabled |
| Route Table | OCI-RT |
Purpose:
Secure Oracle Database deployment
Internal traffic only
Step 6 – Create Network Security Group (NSG)
Why NSG?
NSG provides instance-level traffic filtering.
Navigate:
Networking → Network Security Groups
Create NSG:
Name: OCI-23AI-NSG
Step 7 – Configure NSG Rules
Ingress Rules
| Source | Port | Protocol | Purpose |
|---|---|---|---|
| Your Public IP | 22 | TCP | SSH Access |
| Application Server | 1521 | TCP | Oracle Listener |
| Internal Network | 5500 | TCP | EM Express |
Egress Rules
Allow all outbound traffic.
Step 8 – Generate SSH Key Pair
Linux / macOS
Run:
ssh-keygen -t rsa -b 4096
Windows (PowerShell)
ssh-keygen
Files generated:
| File | Purpose |
|---|---|
| id_rsa | Private Key |
| id_rsa.pub | Public Key |
Important:
Never share private keys.
Step 9 – Create Oracle 23ai DB System
Navigate:
Oracle Database → Base Database Service → Create DB System
Step 10 – Configure DB System
Basic Information
| Parameter | Value |
|---|---|
| DB System Name | OCI23AI-DB |
| Compartment | PROD-DBA-LAB |
| Availability Domain | AD-1 |
| Shape | VM.Standard.E5.Flex |
| OCPU | 2 |
| Memory | 32 GB |
Step 11 – Configure Networking
| Parameter | Value |
|---|---|
| VCN | OCI-23AI-VCN |
| Subnet | PRIVATE-DB-SUBNET |
| NSG | OCI-23AI-NSG |
| Hostname | oci23ai-db |
Step 12 – Database Configuration
Database Details
| Parameter | Value |
|---|---|
| Database Version | Oracle 23ai |
| Database Name | ORCL23AI |
| PDB Name | ORCLPDB1 |
| Character Set | AL32UTF8 |
| Workload Type | OLTP |
Step 13 – Upload SSH Public Key
Paste contents of:
id_rsa.pub
OCI injects this key into the server during provisioning.
Step 14 – Create the DB System
Click:
Create DB System
Provisioning typically takes:
20 to 40 minutes
Step 15 – Verify Deployment
After deployment verify:
Database Status
Available
Listener Status
lsnrctl status
Database Status
sqlplus / as sysdba
Then:
select name,open_mode from v$database;
Expected:
READ WRITE
Step 16 – SSH Access to Oracle Server
SSH Command
ssh -i id_rsa opc@<PUBLIC-IP>
Switch to Oracle user:
sudo su - oracle
Step 17 – Verify Oracle 23ai Features
Connect database:
sqlplus / as sysdba
Check version:
select banner_full from v$version;
Expected output:
Oracle Database 23ai Enterprise Edition
Step 18 – Configure Automatic Backups
Navigate:
DB System → Backup Configuration
Enable:
Automatic backups
Recovery window
Object storage backup
Recommended:
| Setting | Recommended Value |
|---|---|
| Backup Window | Night Time |
| Retention | 30 Days |
| Incremental Backup | Enabled |
Step 19 – Enable Monitoring and Alerts
OCI monitoring helps DBAs proactively identify issues.
Navigate:
Observability & Management → Monitoring
Create alerts for:
CPU utilization
Tablespace usage
Memory pressure
Backup failures
Storage growth
Step 20 – Security Best Practices
Recommended Security Standards
1. Use Private Subnet for Databases
Never expose database servers directly to internet.
2. Restrict SSH Access
Allow SSH only from office or VPN IP.
3. Enable TDE
Transparent Data Encryption should remain enabled.
4. Rotate SSH Keys
Rotate keys periodically.
5. Enable Audit Policies
Monitor database login activities.
DBA Operational Validation Checklist
| Validation | Status |
|---|---|
| Listener Running | Verified |
| Database Open | Verified |
| SSH Access | Verified |
| NSG Rules Applied | Verified |
| Backup Enabled | Verified |
| Monitoring Enabled | Verified |
Common Deployment Issues
Issue 1 – SSH Timeout
Cause:
NSG rule missing
Port 22 blocked
Solution:
Verify ingress rules
Verify public IP
Issue 2 – Listener Not Reachable
Cause:
Port 1521 blocked
Solution:
Add NSG ingress rule
Issue 3 – Database Creation Failed
Cause:
Insufficient quota
Wrong shape
Solution:
Verify tenancy limits
Real DBA Recommendations
Recommended Shapes
| Environment | Shape Recommendation |
|---|---|
| Dev | VM.Standard.E4.Flex |
| Test | VM.Standard.E5.Flex |
| Production | Exadata / DenseIO |
Why Oracle 23ai on OCI?
Key Benefits
AI-ready database engine
Integrated vector search
High scalability
Enterprise-grade HA
Built-in security
Automated patching
Cloud-native architecture
No comments:
Post a Comment