Service Gateway

Oracle Cloud Service Gateway provides a customer’s on-premises network with private access to Oracle Cloud services. Once connected to your VCN, Service Gateway allows secure, private connectivity to Oracle Cloud services like compute instances, cloud storage, containers, and databases.

Service Gateway features

Private access to Oracle Cloud

Network traffic avoids public internet

Available at no charge, Oracle Service Gateway provides secure, private access to Oracle Cloud from a customer’s virtual cloud network (VCN), enabling access to 50+ Oracle Cloud services without exposing network traffic to the public internet. On-premises hosts use their private IP addresses and traffic is routed to Oracle Cloud via virtual private network (VPN) or FastConnect.

Isolated by design

Just like within a traditional data center network, customer’s use the VCN and Service Gateway to create isolated subnets, route tables, and stateful firewalls aligned to Service Gateway endpoints. As a result, consumer-to-service private connections (C2S) are established without ever having to traverse the public internet.

Simplified deployment and management

Easy to configure

Customers use the Oracle Cloud Infrastructure (OCI) Console to create a Service Gateway in minutes with as little as five clicks. Additional Service Gateway access methods include the Command Line Interface and OCI API.

Adapts to network changes

The Service Gateway automatically adapts to accommodate new service usage and changes in network topology or IP addresses. Instead of using IP addresses to configure routes and security rules, Service Gateway uses Classless Inter Domain Routing (CaIDR) to route requests and traffic through private network nodes.

End-to-end network security

Isolated network virtualization

Prevent attacks with isolated network virtualization—a foundational element of Oracle Cloud Infrastructure’s security-first architecture. A custom-designed SmartNIC uses software-defined Networking to virtualize network traffic, removing control of the network from the host.

Maximum Security Zones

With Oracle Maximum Security Zones, Oracle is the first public cloud provider to activate security policy enforcement of best practices automatically from day one, so customers can prevent misconfiguration errors and deploy workloads securely.

Oracle Cloud Guard

For day-to-day operations, Oracle Cloud Guard continuously monitors configurations and activities to identify threats and automatically acts to remediate them across all Oracle Cloud global regions. Oracle is the only cloud service provider to offer a cloud security posture management dashboard at no additional cost, with numerous pre-built tools that automate response to reduce customer risk quickly and efficiently.

Supported cloud services

Service Gateway access

More than 50 Oracle Cloud services can be accessed from the private subnets in your VCN via Service Gateway. Learn more about Service Gateway.

Additional network gateways

Oracle offers customers four additional gateways to accommodate specific networking requirements:

  • Internet Gateway: provides subnets with direct access to public endpoints on the internet. Connections can be initiated from the subnet or from the internet.
  • Network Address Translation (NAT) Gateway: enables private resources in a VCN to access hosts on the internet without exposing those resources to incoming internet connections. Connections can be initiated only from the subnet.
  • Dynamic Routing Gateway (DRG): provides connectivity to networks outside the VCN's region (for example, your on-premises network by way of an IPSec VPN or FastConnect, or a peered VCN in another region).
  • Local Peering Gateway (LPG): provides connectivity to a peered VCN in the same Oracle region.

Oracle Service Gateway use cases

  • Privately connect microservices applications to key Oracle Cloud services

    Use the Service Gateway to connect containers within Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), Object Storage, and Oracle Autonomous Database for distributed application data sharing.

    Learn more about using the Service Gateway to connect containers

  • Service Gateway versus private endpoints

    Customers enable private access to discreet services within Oracle Cloud Infrastructure from their VCN or on-premises network using either a private endpoint or a service gateway. Private endpoints provide access to a single resource within the Oracle service of interest (for example, Oracle Autonomous Database and shared Oracle Exadata infrastructure) while the Service Gateway provides access to 50+ Oracle services. With either private access option, the traffic stays within the Oracle Cloud Infrastructure network and does not traverse the internet.

    Learn more about Service Gateway versus private endpoints

March 12, 2019

Access Oracle Services Privately with a Service Gateway

Vijay Kannan, Principal Product Manager, Oracle

Oracle Cloud Infrastructure provides a wide selection of flexible and powerful services. The Service Gateway enables private access to multiple Oracle services in the Oracle Services Network, a conceptual network that is reserved for Oracle services and composed of a list of regional CIDR blocks.

Read the complete post

Get started with Service Gateway

Oracle Cloud Free Tier

Build, test, and deploy applications on Oracle Cloud—for free. Sign up once, get access to two free offers.

Cloud Training—Oracle Cloud Infrastructure

Explore cloud training resources with Oracle Cloud Infrastructure training videos, self-paced learning labs, and certifications.

Explore Oracle Cloud Infrastructure

Oracle Cloud Infrastructure combines the elasticity and utility of the public cloud with the control, security, performance, and predictability of on-premises computing environments.