OCI Introduction

Presented By: Rahul Miglani

Knoldus is a team of passionate technologists with a product
mindset who work along with businesses to deliver solutions
at the speed of competitive advantage.

Our main capabilities are around Reactive Products, IoT,

Microservices & API, Data Science, Data Engineering and
DevOps.

We also have our strategic partnerships with Databricks,

Lightbend, Confluent, Snowflake and many more, to deliver
more value to clients.
Our Agenda
Oracle Cloud Infrastructure Logging

01 OCI Overview

02 How Free Tier works

03 OCI benefits

04 OCI Services

05 OCI Console Demo

 Overview
Oracle Cloud Infrastructure is a set of complementary cloud services that enable you
to build and run a wide range of applications and services in a highly available hosted
environment. Oracle Cloud Infrastructure (OCI) offers high-performance compute
capabilities (as physical hardware instances) and storage capacity in a flexible overlay
virtual network that is securely accessible from your on-premises network.

The Free Trial provides you with $300 of cloud credits that are valid for up to 30 days.
You may spend these credits on any eligible Oracle Cloud Infrastructure service.
 Always Free Resources
All Oracle Cloud Infrastructure accounts (whether free or paid) have a set of resources that are free of
charge for the life of the account. These resources display the Always Free label in the Console (for Ampere
A1 Compute shapes, see Compute).

Using the Always Free resources, you can provision a virtual machine (VM) instance, an Oracle Autonomous
Database, and the networking, load balancing, and storage resources needed to support the applications
that you want to build. With these resources, you can do things like run small-scale applications or perform
proof-of-concept testing.
 OCI Basics
OCI Regions
A collection of availability domains located in a single geographic location.

Availability Domains
One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as
instances, volumes, and subnets. A region contains one or more availability domains.

Fault Domains
A logical grouping of hardware and infrastructure within an availability domain. Fault domains
isolate resources during hardware failure or unexpected software changes.

Compartments
A collection of related resources that can be accessed only by groups that have been given
permission by an administrator in your organization.

DevOps is a continuous integration/continuous delivery (CI/CD) service that automates the

delivery and deployment of software to Oracle Cloud Infrastructure (OCI) compute platforms.
Image Courtesy : ORACLE

OCI Architecture

REGION AD FD

Within the region we have this concept of Availability Domain, these are also referred to as ADs.
ADs are completely isolated data centers located within a region, but connected to each other by low
latency, high bandwidth network. Within an AD, we have the Fault Domains, also known as FDs. FDs
act as a logical data center within an Availability Domain.
Image Courtesy : ORACLE

OCI Architecture

REGION AD FD

Application running on multiple Fault Domains are protected against hardware failures.
Applications running across multiple Availability Domains are protected against physical data
center outages, and applications running across regions are protected against regional failures.
Running applications in multiple Fault Domains, Availability Domains, and regions can also provide load
balancing capabilities for better performance and scalability on top of high availability.
Image Courtesy : ORACLE

Multi AD Architecture

Availability Domains don't share any physical infrastructure, such as power and cooling, and they don't share
an internal network.If anyone becomes unavailable for any reason, let's say because of a natural disaster or
power failure, your Availability Domain 2 and Availability Domain 3 are still operational, and applications on
Availability Domain 2 and Availability Domain 3 are still up and running and serving our end users. So multiple
Availability Domains inside the regions are providing high availability for applications, and protecting them
against what we call site failures. If one site goes down, the other sites are still up and running.

Image Courtesy : ORACLE

Image Courtesy : ORACLE

Multi AD-Multi FD Architecture

In this example, we have a region with three Availability Domains, and within each Availability Domain, there
are three Fault Domains, Fault Domain 1, Fault Domain 2, and Fault Domain 3. If one Fault Domain is not
available for any reason, the other Fault Domains are still up and running. In a nutshell, Fault Domains are
protecting our applications against software and hardware failure.

As a best practice, always design your architecture to deploy instances that perform the same tasks in
different Fault Domains in one AD, and different Availability Domains in a region.
Image Courtesy : ORACLE
Image Courtesy : ORACLE

Compartments

Resources and compartments can be added and deleted any time by following a proper procedure.
Resources can be moved from one compartment to another, so it is a very flexible design. You may
decide that resources need to be moved, because your company made an acquisition, or maybe
there's a re-org. Compartments are logical, so resources from multiple regions can be in the same
compartment. We can have subcompartments within compartments, and this nesting can be six levels
deep.

Now here is the most important key point, when the administrator writes a policy for identity and
access management, the policy is always written for a group, and it is always attached to a
compartment or a subcompartment.
Image Courtesy : ORACLE

OCI Compute Services

● CODE ● CODE ● CODE ● CODE ● CODE

● APP CONTAINER ● APP CONTAINER ● APP CONTAINER ● APP CONTAINER
● LANGUAGE RUNTIME ● LANGUAGE RUNTIME ● LANGUAGE RUNTIME
● OS ● OS ● OS
● VIRTUALIZATION
Image Courtesy : ORACLE

OCI Storage Services

Block volumes are used when we have to deploy storage area network or SAN mode Local NVMe can be
e.

used for OLTP, NoSQL, and data warehousing type workloads. Block volumes can be used for database,
VM system, boot, and data storage requirements. File storage can be used for general purpose file system
for EBS and HPC workloads. Object Storage can be used for unstructured data, including logs, images, and
videos. Archive Object Storage can be used for backups and long term archival needs for compliance
requirements.
Image Courtesy : ORACLE

OCI Networking
VCN
Oracle VCN is a software defined private network in
OCI. It enables OCI resources, such as compute
instances, to securely communicate with internet and
other instances inside OCI or your on-premise data
centers. Just like a traditional data center network,
the VCN provides you with complete control over
your network environment.
VCN is highly available, scalable, and secure.
Customers define VCNs according to specific
workload IP address requirements. You can divide a
VCN into smaller ranges using private or public
subnets. Each VCN can provide different type of
connectivity using gateways. Let's look at various
gateways options.
Image Courtesy : ORACLE

OCI Networking Gateways

● Internet Gateway
● NAT Gateway
● DRG - Dynamic Routing Gateway -IPSec VPN , FastConnect
● Service Gateway
● Local VCN peering
● Remote VCN peering
OCI Load Balancer
OCI load balancing service provides an automatic traffic
distribution from one entry point into multiple backend
servers in your VCN. This helps to load balance large amount
of traffic, which could overwhelm a single server. It gives a
mechanism to scale out application tier by adding more
servers, and also provides the application high availability, so
even if one availability domain has an issue, you can still be
up and running with other availability domains.
Image Courtesy : ORACLE

OCI IAM

We have root compartment. Then we have organized our resources into network compartment and
storage compartment. We have also created network admin group, and for network admins, we can write
policies to network resources in network compartment. For storage admins, we can write policy for storage
resources in storage compartment. This way, users in each group can only work and administer resources
that they are authorized for.
 OCI Authentication

Let's look at various options for authentication. Oracle Access Management seamlessly integrates your
identities and systems to secure access from anywhere at any time and by any method by delivering risk
aware end to end user authentication and single sign on. OCI provides users and applications many ways
to authenticate themselves. Username and password is pretty common.

OCI also support API signing keys in conjunction SDK and CLI. Or tokens are Oracle generated tokens
strings to authenticate with third party APIs that do not support OCI signature based authentication. One
example would be autonomous data warehousing database.
Image Courtesy : ORACLE

OCI Policy

There are four verbs starting with Inspect; then Read, which is
superset of Inspect; then Use, which is superset of Read; and finally,
Manage, which is all permissions. Resource types or all resources,
database family, instance family, object family, VCN, volume, cluster,
file, and DNS
 DEMO
on OCI Console
Thank You !
Get in touch with us:

Lorem Studio, Lord Building

D4456, LA, USA