OCI Auto Discovery

1. Introduction

OCI Auto Discovery is an advanced solution designed to streamline the process of discovering, registering, and managing Oracle Cloud Infrastructure (OCI) resources across multiple services. This technical document provides a comprehensive guide to using OCI Auto Discovery, covering everything from initial setup to ongoing resource management

2. Supported Services

2.1 Fully Supported Services

OCI Auto Discovery offers support for the following services:

• Oracle Autonomous Database. (Transactional Processing only)

• Oracle Base Database Service.

3. Onboarding Process

3.1 Accessing the Onboarding Screen

1. Navigate to the "Datasources" header in the main navigation.

2. Click on the "Cloud Platforms" tab.

3. Select OCI from the left sidebar menu.

4. Click on the Onboard Now button.

Alternative Method:

• Scroll to the bottom of the Datasources page to find a list of supported cloud platforms.

• Click on the Oracle Cloud Infrastructure icon to start the onboarding process.

3.2 Entering OCI Account Details

1. Next, enter the following OCI account details:

• Name for the OCI platform (required)

• Description (optional)

• Primary Owner (required)

• Co-owner (optional)

• OCI Credentials

  • Fingerprint (required)

  • Tenancy OCID (required)

  • User OCID (required)

  • Private Key (required)

  • Tenancy Region (required)

  • Passphrase (optional)

1. After entering the Private Key, the system automatically runs an internal test connection API to validate the credentials.

2. Once you see the message Connection Verified, proceed to the next step.

3.3 Configuring Discovery Settings

1. Set the frequency for scanning resources:

   • Options include daily, weekly, or monthly scans.

1. Click "Save" to confirm your settings and initiate the discovery process.

3.4 Resource Discovery Process

1. After saving, an "in progress" message will appear: "Resource discovery is currently in progress, and this process may take some time."

1. The process typically takes about 5 minutes.

3.5 Reviewing Discovered Resources

1. Refresh the page to view the results. You will see Oracle Base Database service and Oracle Autonomous Databases which have been discovered.

1. Discovered resources are displayed in a table format with the following details:

   • Data source name

   • Data source type

   • Environment (Compartment/ Sub-compartment Name)

   • Region

   • Owner

   • Status (Registered or Unregistered)

2. Initial status:

   • All discovered resources are marked as "Unregistered" with an orange status icon.

   • Each resource has a "Register" button for manual registration.

4. Registration Process (example: Base DB)

1. Click on the "Register" button next to the OCI Base Database - Oracle datasource.

1. Enter the Username and Password to Test Connection. Host, Port and Service Name are already filled as the information is obtained during resource discovery.

1. The next steps in the datasource registration process are the same as described in the Oracle document.

4.1 Post-Registration

• The registered data source will appear in your list of data sources.

• In the Cloud Platforms view, the status for OCI Base Database - Oracle will update to "Sync On".

• You can click on the data source name to access its dashboard.

5. Operational Procedures

5.1 Manual Sync

Users can trigger a manual sync to update the status of discovered resources:

1. Navigate to the Cloud Platforms dashboard.

2. Click the "Manual Sync" button.

3. Wait for the sync process to complete.

5.2 Error Handling

• Resources with errors during discovery or registration are flagged with appropriate status indicators.

• Users can attempt to resolve issues and re-run the registration process.

5.3 Additional Views

An "All Datasources" section is available with two tabs:

• Scanning: Shows data sources currently being scanned.

• Unregistered: Displays discovered but not yet registered data sources.

Appendix

Setting Up OCI Access for LightBeam Auto Discovery

1. Create a Group

Create a group for discovering resources. Assign the user whose credentials will be used for auto-discovery to the group.

2. Create a Policy with the following statements

Add the following statements to the Policy for each compartment that needs to be discovered by Lightbeam.

Allow group 'XYZ' to read compartments in compartment ABC
Allow group 'XYZ' to inspect compartments in compartment ABC
Allow group 'XYZ' to inspect autonomous-database-family in compartment ABC
Allow group 'XYZ' to read autonomous-database-family in compartment ABC
Allow group 'XYZ' to inspect database-family in compartment ABC
Allow group 'XYZ' to read database-family in compartment ABC

Note: If there are sub-compartments in compartment 'ABC', we will discover resources present in the sub-compartment as well.

3. Create User Credentials

1. Log-In as the User whose credentials will be used for auto-discovery. Navigate to User Settings and click on Add API Key.

1. Once the API Key is created, download the Private and Public keys.

1. Note down the values for Fingerprint, User OCID, Private key, Region and Tenancy OCID.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.

For any questions or suggestions, please get in touch with us at: [email protected].