Professional Documents
Culture Documents
OCI Introduction: Presented By: Rahul Miglani
OCI Introduction: Presented By: Rahul Miglani
01 OCI Overview
03 OCI benefits
04 OCI Services
The Free Trial provides you with $300 of cloud credits that are valid for up to 30 days.
You may spend these credits on any eligible Oracle Cloud Infrastructure service.
Always Free Resources
All Oracle Cloud Infrastructure accounts (whether free or paid) have a set of resources that are free of
charge for the life of the account. These resources display the Always Free label in the Console (for Ampere
A1 Compute shapes, see Compute).
Using the Always Free resources, you can provision a virtual machine (VM) instance, an Oracle Autonomous
Database, and the networking, load balancing, and storage resources needed to support the applications
that you want to build. With these resources, you can do things like run small-scale applications or perform
proof-of-concept testing.
OCI Basics
OCI Regions
A collection of availability domains located in a single geographic location.
Availability Domains
One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as
instances, volumes, and subnets. A region contains one or more availability domains.
Fault Domains
A logical grouping of hardware and infrastructure within an availability domain. Fault domains
isolate resources during hardware failure or unexpected software changes.
Compartments
A collection of related resources that can be accessed only by groups that have been given
permission by an administrator in your organization.
OCI Architecture
REGION AD FD
Within the region we have this concept of Availability Domain, these are also referred to as ADs.
ADs are completely isolated data centers located within a region, but connected to each other by low
latency, high bandwidth network. Within an AD, we have the Fault Domains, also known as FDs. FDs
act as a logical data center within an Availability Domain.
Image Courtesy : ORACLE
OCI Architecture
REGION AD FD
Application running on multiple Fault Domains are protected against hardware failures.
Applications running across multiple Availability Domains are protected against physical data
center outages, and applications running across regions are protected against regional failures.
Running applications in multiple Fault Domains, Availability Domains, and regions can also provide load
balancing capabilities for better performance and scalability on top of high availability.
Image Courtesy : ORACLE
Multi AD Architecture
Availability Domains don't share any physical infrastructure, such as power and cooling, and they don't share
an internal network.If anyone becomes unavailable for any reason, let's say because of a natural disaster or
power failure, your Availability Domain 2 and Availability Domain 3 are still operational, and applications on
Availability Domain 2 and Availability Domain 3 are still up and running and serving our end users. So multiple
Availability Domains inside the regions are providing high availability for applications, and protecting them
against what we call site failures. If one site goes down, the other sites are still up and running.
In this example, we have a region with three Availability Domains, and within each Availability Domain, there
are three Fault Domains, Fault Domain 1, Fault Domain 2, and Fault Domain 3. If one Fault Domain is not
available for any reason, the other Fault Domains are still up and running. In a nutshell, Fault Domains are
protecting our applications against software and hardware failure.
As a best practice, always design your architecture to deploy instances that perform the same tasks in
different Fault Domains in one AD, and different Availability Domains in a region.
Image Courtesy : ORACLE
Image Courtesy : ORACLE
Compartments
Resources and compartments can be added and deleted any time by following a proper procedure.
Resources can be moved from one compartment to another, so it is a very flexible design. You may
decide that resources need to be moved, because your company made an acquisition, or maybe
there's a re-org. Compartments are logical, so resources from multiple regions can be in the same
compartment. We can have subcompartments within compartments, and this nesting can be six levels
deep.
Now here is the most important key point, when the administrator writes a policy for identity and
access management, the policy is always written for a group, and it is always attached to a
compartment or a subcompartment.
Image Courtesy : ORACLE
Block volumes are used when we have to deploy storage area network or SAN mode Local NVMe can be
e.
used for OLTP, NoSQL, and data warehousing type workloads. Block volumes can be used for database,
VM system, boot, and data storage requirements. File storage can be used for general purpose file system
for EBS and HPC workloads. Object Storage can be used for unstructured data, including logs, images, and
videos. Archive Object Storage can be used for backups and long term archival needs for compliance
requirements.
Image Courtesy : ORACLE
OCI Networking
VCN
Oracle VCN is a software defined private network in
OCI. It enables OCI resources, such as compute
instances, to securely communicate with internet and
other instances inside OCI or your on-premise data
centers. Just like a traditional data center network,
the VCN provides you with complete control over
your network environment.
VCN is highly available, scalable, and secure.
Customers define VCNs according to specific
workload IP address requirements. You can divide a
VCN into smaller ranges using private or public
subnets. Each VCN can provide different type of
connectivity using gateways. Let's look at various
gateways options.
Image Courtesy : ORACLE
OCI IAM
We have root compartment. Then we have organized our resources into network compartment and
storage compartment. We have also created network admin group, and for network admins, we can write
policies to network resources in network compartment. For storage admins, we can write policy for storage
resources in storage compartment. This way, users in each group can only work and administer resources
that they are authorized for.
OCI Authentication
Let's look at various options for authentication. Oracle Access Management seamlessly integrates your
identities and systems to secure access from anywhere at any time and by any method by delivering risk
aware end to end user authentication and single sign on. OCI provides users and applications many ways
to authenticate themselves. Username and password is pretty common.
OCI also support API signing keys in conjunction SDK and CLI. Or tokens are Oracle generated tokens
strings to authenticate with third party APIs that do not support OCI signature based authentication. One
example would be autonomous data warehousing database.
Image Courtesy : ORACLE
OCI Policy
There are four verbs starting with Inspect; then Read, which is
superset of Inspect; then Use, which is superset of Read; and finally,
Manage, which is all permissions. Resource types or all resources,
database family, instance family, object family, VCN, volume, cluster,
file, and DNS
DEMO
on OCI Console
Thank You !
Get in touch with us: