Oracle Cloud Infrastructure Architect Associate - Activity Guide

Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Activity Guide
jai
S1104309GC10
m
e
ag
u iar
(ja
im
ee
lic agu
en iar
se @
Architect Associate
to gm
us ail
e .co
th m
is )
Learn more from Oracle University at education.oracle.com

Gu ha
ide s a
. no
n-
Oracle Cloud Infrastructure

tra
ns
fe
ra
ble
Copyright © 2023, Oracle and/or its affiliates.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual
property laws. The document may not be modified or altered in any way. Except where your use constitutes
"fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform,
reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the
express authorization of Oracle.
The information contained in this document is subject to change without notice and is not warranted to be
error-free. If you find any errors, please report them to us in writing.
ble
Restricted Rights Notice
ra
fe
If this documentation is delivered to the United States Government or anyone using the documentation on
behalf of the United States Government, the following notice is applicable:
ns
tra
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
any programs embedded, installed or activated on delivered hardware, and modifications of such
n-
programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S.
. no
Government end users are "commercial computer software" or "commercial computer software
documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific
ide s a
supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure,
modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any
Gu ha
operating system, integrated software, any programs embedded, installed or activated on delivered
hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle
is )
data, is subject to the rights and limitations specified in the license contained in the applicable contract. The
th m
terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract
e .co
for such services. No other rights are granted to the U.S. Government.
us ail
Trademark Notice
to gm
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
se @
of their respective owners.

en iar
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
lic agu
Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
ee
Third-Party Content, Products, and Services Disclaimer

im
(ja
This documentation may provide access to or information about content, products, and services from third
parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of
iar
any kind with respect to third-party content, products, and services unless otherwise set forth in an
applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible
u
for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or
ag
services, except as set forth in an applicable agreement between you and Oracle.
e
m
1105162023
jai
Table of Contents
Identity and Access Management (IAM): Enable Multi-Factor Authentication (MFA) ............... 5
Get Started ...................................................................................................................................... 6
Enable Multi-Factor Authentication (With Identity Domains Enabled) ............................................ 7
ble
Enable Multi-Factor Authentication (Without Identity Domains Enabled) ....................................... 10
ra
Identity and Access Management (IAM): Create IAM Components ............................................ 12
fe
ns
Get Started ...................................................................................................................................... 13
tra
Create a Compartment (With Identity Domains Enabled) .............................................................. 15
Create a User (With Identity Domains Enabled) ............................................................................. 16
n-
. no
Create a Group, and Add a User to the Group (With Identity Domains Enabled) .......................... 17
Create a Policy (With Identity Domains Enabled) ........................................................................... 18
ide s a
Create a Dynamic Group (With Identity Domains Enabled) ........................................................... 19
Gu ha
Create a Compartment (Without Identity Domains Enabled) ......................................................... 21
Create a User (Without Identity Domains Enabled) ........................................................................ 22
is )
th m
Create a Group, and Add a User to the Group (Without Identity Domains Enabled) ..................... 23
e .co
Create a Policy (Without Identity Domains Enabled) ...................................................................... 24

us ail
Create a Dynamic Group (Without Identity Domains Enabled) ...................................................... 26

to gm
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network .............. 27
se @
Get Started ...................................................................................................................................... 28

en iar
Create a Virtual Cloud Network ...................................................................................................... 29

lic agu
Networking - Virtual Cloud Network: Configure Local VCN Peering .......................................... 30

Get Started ...................................................................................................................................... 31
ee
im
Create Virtual Cloud Network 01 .................................................................................................... 33

(ja

Add a Local Peering Gateway (LPG) to each VCN .......................................................................... 35
iar
Connect the VCNs........................................................................................................................... 36

u
ag
Add Route Rules ............................................................................................................................. 37

e
Add Security Rules .......................................................................................................................... 38

m
jai
Networking - Virtual Cloud Network: Configure Remote VCN Peering....................................... 39

Get Started ...................................................................................................................................... 40
Create a Dynamic Routing Gateway in Each OCI Region ............................................................. 44
Create Remote Peering Connection Attachments and Establish the Connection Between the
Two DRGs....................................................................................................................................... 46
Oracle Cloud Infrastructure Architect Associate – Table of Contents iii

Add Route Rules ............................................................................................................................. 48

Add Security Rules ......................................................................................................................... 50
Networking: OCI Load Balancer...................................................................................................... 52
Get Started ...................................................................................................................................... 53
Create Two Compute Instances (Back-End Servers) ..................................................................... 56
Create a Load Balancer .................................................................................................................. 59
ble
Purge Instructions ........................................................................................................................... 61
ra
Networking – DNS Management: Create a Private DNS Zone ..................................................... 64
fe
ns
Get Started ...................................................................................................................................... 65
tra
n-
Create Two Compute Instances ..................................................................................................... 68
. no
Create a Private DNS Zone ............................................................................................................ 71
Access the Private DNS Zone from Your Windows Compute Instance ......................................... 72
ide s a
Compute: Create a Web Server on a Compute Instance .............................................................. 74
Gu ha
Get Started ...................................................................................................................................... 75
is )
th m
Launch Cloud Shell ......................................................................................................................... 76
e .co
Generate SSH Keys........................................................................................................................ 77

Create a Virtual Cloud Network and Its Components ..................................................................... 79
us ail
Create a Compute Instance ............................................................................................................ 82

to gm
Install an Apache HTTP Server on the Instance............................................................................. 84

se @
Compute: Create a Capacity Reservation and Launch Instances ............................................... 86

en iar
Get Started ...................................................................................................................................... 87

lic agu
Create a Virtual Cloud Network and a Subnet ................................................................................ 88

ee
Create a Capacity Reservation ....................................................................................................... 89

Add a Capacity Configuration ......................................................................................................... 90
im
Create Instances in a Capacity Reservation................................................................................... 91

(ja
Move an Instance out of a Capacity Reservation ........................................................................... 93

iar
Adding an Instance to a Capacity Reservation ............................................................................... 94

u
ag
Compute: Configure Metric-Based Autoscaling .......................................................................... 95

Get Started ...................................................................................................................................... 96
e
m

jai
Create a Load Balancer .................................................................................................................. 100

Create a Compute Instance and a Custom Image ......................................................................... 102
Create an Instance Configuration ................................................................................................... 106
Create an Instance Pool ................................................................................................................. 107
Create a Metric-Based Autoscaling Configuration .......................................................................... 109
Test Autoscaling ............................................................................................................................. 111
Object Storage: Create and Manage OCI Object Storage ............................................................ 113
iv Oracle Cloud Infrastructure Architect Associate – Table of Contents

Get Started ...................................................................................................................................... 114

Create an Object Storage Bucket ................................................................................................... 117
Upload an Object to a Bucket ......................................................................................................... 119
Configure a Lifecycle Policy Rules for the Bucket .......................................................................... 120
Create a Replication Policy for the Bucket ..................................................................................... 122
Create a Retention Rule for the Bucket .......................................................................................... 124
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) ................................ 126
ble
Get Started ...................................................................................................................................... 127
ra
Access Cloud Shell via the Console ............................................................................................... 129
fe
ns
Create a Standard Default Storage Tier Bucket Using CLI (Cloud Shell) ...................................... 130
Upload a File (Larger than 100 MiB) to Cloud Shell ....................................................................... 131
tra
Perform a Multipart Upload Using the CLI (Cloud Shell) ................................................................ 132
n-
. no
Block Storage: Create, Attach, Detach, and Resize a Block Volume .......................................... 133
Get Started ...................................................................................................................................... 134
ide s a
Gu ha
Create a VM Instance ..................................................................................................................... 138
is )
Create a Block Volume ................................................................................................................... 141
th m
e .co
Attach a Block Volume to a Compute Instance .............................................................................. 142

Resize a Block Volume ................................................................................................................... 145
us ail
Detach a Block Volume................................................................................................................... 147

to gm
Block Storage: Create a Volume Group and Enable Cross Region Replication ........................ 148
se @
Get Started ...................................................................................................................................... 149

en iar
Create Two Block Volumes............................................................................................................. 150

lic agu
Create a Volume Group .................................................................................................................. 152

Enable Cross-Region Replication for the Volume Group ............................................................... 154
ee
Activate the Volume Group Replica ................................................................................................ 156

im
Disable Replication for a Volume Group ......................................................................................... 157

(ja
File Storage: Create and Mount a File System .............................................................................. 158

iar
Get Started ...................................................................................................................................... 159

u

ag

e
m
Create a File System ...................................................................................................................... 167

jai
Configure VCN Security Rules for File Storage .............................................................................. 169

Mount the File System from an Instance ........................................................................................ 176
File Storage: Configure NFS Export Options ................................................................................ 178
Get Started ...................................................................................................................................... 179
Create a File System ...................................................................................................................... 187
Oracle Cloud Infrastructure Architect Associate – Table of Contents v

Configure VCN Security Rules for File Storage .............................................................................. 189

Set Export Options for the File System ........................................................................................... 196
Mount the File System from Both the Instances ............................................................................. 198
Perform Testing .............................................................................................................................. 199
Database System: Provisioning and Connecting to a Database System ................................... 201
Get Started ...................................................................................................................................... 202
ble
Provision a Database System ......................................................................................................... 204
ra
Connect to the Database ................................................................................................................ 207
fe
ns
Autonomous Database: Scaling Resources in an Autonomous
Database ............................................................................................................................................ 210
tra
Get Started ...................................................................................................................................... 211
n-
Provision an Autonomous Database .............................................................................................. 213
. no
Manually Scale the Number of OCPUs .......................................................................................... 215
ide s a
Enable Automatic Scaling for Storage ............................................................................................ 216
Gu ha
Security: Enable Cloud Guard......................................................................................................... 217
is )
Get Started ...................................................................................................................................... 218
th m
e .co

Explore Cloud Guard ...................................................................................................................... 221
us ail
Create a Cloud Guard Target ......................................................................................................... 223

to gm
Create a Scenario to Verify Cloud Guard Monitoring ..................................................................... 224

se @
Remediate the Problems Identified by Cloud Guard ...................................................................... 225

en iar
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data ..... 227
lic agu
Get Started ...................................................................................................................................... 228

Create a Vault and a Master Encryption Key.................................................................................. 229
ee
Perform Encryption ......................................................................................................................... 230

im
Perform Decryption ......................................................................................................................... 232

(ja
Observability and Management: Configure Alarms with Notifications and Create

iar
Monitoring Queries ........................................................................................................................... 234

u
Get Started ...................................................................................................................................... 235

ag
Set Up the Environment .................................................................................................................. 236

e
Create Alarms and View Service Metrics ....................................................................................... 242

m
jai
Create CPU Stress and Fire Alarm ................................................................................................. 246

Create Queries ................................................................................................................................ 249
Observability and Management: Configure Service Connectors ................................................ 253
Get Started ...................................................................................................................................... 254
Set Up the Environment .................................................................................................................. 255
Enable Service Logs ....................................................................................................................... 257
Export Logs Using Service Connectors .......................................................................................... 260
vi Oracle Cloud Infrastructure Architect Associate – Table of Contents

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
(MFA)
is )
Gu ha
ide s a
Lab 1-1 Practices
. no
n-
tra
ns
fe
Identity and Access
ra
ble
Management (IAM): Enable
Multi-Factor Authentication
Get Started
Overview
Multi-Factor Authentication (MFA) is a method of authentication that requires the use of more
than one factor to verify a user’s identity.
With MFA enabled in the IAM service, a user signs in to the Oracle Cloud Infrastructure (OCI)
ble
console and is prompted to enter two factors:
ra
fe
• Their username and password, which are things that they know
ns
tra
• A verification code from a registered MFA device, which is something that they have
n-
. no
The two factors work together, requiring an extra layer of security to verify the user’s identity
and complete the sign-in process.
ide s a
Gu ha
In this lab, you'll enable Multi-Factor Authentication in OCI.
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
Note: We have instructions for accounts with and without Identity Domains enabled.
e
m
Prerequisites
jai
• You must install a supported authenticator app (Oracle Mobile Authenticator or

Google Authenticator) on the mobile device you intend to register for MFA.
6 Identity and Access Management: Enable Multi-Factor Authentication

Enable Multi-Factor Authentication (With Identity
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
ble
Tasks:
ra
fe
1. Sign in to the OCI Console.
ns
tra
2. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A list
n-
of domains in your tenancy appears.
. no
Note: Select the compartment that is allotted to you.
ide s a
Gu ha
3. Select the domain that is allotted to you. Otherwise, you can click the Default domain.
is )
th m
4. In the left navigation pane, navigate to: Identity domain > Security > MFA.
e .co
us ail
5. Select the Mobile app passcode option on the Multi-factor authentication (MFA) settings
to gm
details page.
se @
6. Click Save Changes.

en iar
lic agu
7. Click Save Changes on the Save MFA settings popup.

ee
8. Use the breadcrumb trail to go back to the Default Domain page and click Groups.
im
(ja
9. Click Create Group.

iar
10. Enter the following:

u
ag
a. Name: Enter a unique name for the group (e.g.: MFAGroup)

e
m
b. Description: Enter a group-related description.

jai
11. Click Create.
Note: Do not add any user as of now. We will create a new user in the next step.
12. Use the breadcrumb trail to go back to the Default Domain page and click Users.
13. Click Create User.
Identity and Access Management: Enable Multi-Factor Authentication 7

a. First Name: Enter the first name of the user.
b. Last Name: Enter the last name of the user.
c. Username/Email: Enter an email address for the user.
d. Select Use the same email address as the username. Do not select the Assign
ble
cloud account administrator role check box.
ra
fe
e. Select the group that was created in Step 10 (MFAGroup).
ns
tra
15. Click Create.
n-
. no
16. Use the breadcrumb trail to go back to the Default Domain page and click Security.
ide s a
17. Under Security, click Sign-on Policies.
Gu ha
18. Click Default Sign-On Policy. is )
th m
e .co
19. Click Add Sign-on Rule.

us ail

to gm
se @
a. Rule Name: Enter a rule name.

en iar
b. Group Membership: Select the group that was created in Step 10 (MFAGroup).
lic agu
c. Select Allow Access under Actions (selected by default).

ee
im
i. Select Prompt for an additional factor.

(ja
ii. Select Specified factors only.

u iar
ag
iii. Select Mobile app passcode.

e
iv. Select Every time under Frequency.

m
jai
v. Select Required under Enrollment.
21. Click Add Sign-on Rule.
22. Select the Sign-on Rule you created just now and click Edit Priority.

23. Bring the Sign-on Rule on top of the priority list by clicking the up arrow button and click
Save Changes.
24. Use the breadcrumb trail to go back to the Default Domain page and click Users.
25. Click the user created in Step 14 and click Reset Password.
26. Click Reset Password when prompted. You’ll receive an email on registered mail address.
ble
27. Log in to the OCI console using credentials generated for MFA-enabled user created in
ra
Step 14.
fe
ns
28. The OCI Console will prompt to enable secure verification.
tra
n-
29. Click Enable Secure Verification.
. no
30. Follow the instructions in the dialog box:
ide s a
a. Install Oracle Mobile Authenticator or a similar authenticator app on your mobile
Gu ha
device. is )
th m
e .co
b. Open the app and add a new account. Scan the QR code from the dialog box when
prompted.
us ail
to gm
c. If you already have another authenticator app installed, select Offline Mode or Use
se @
Another Authenticator App.

en iar
d. Enter the code displayed by the app.

lic agu
ee
31. Click Verify.

im
32. Click Done.

(ja
iar
Important: The authenticator app generates a new, time-based, one-time passcode every 30
u
seconds. You must enter a code while the code is still valid. If you miss the time window for
ag
one passcode, you can enter the next one that is generated.
e
m
jai
You have successfully enabled MFA in Identity Domain enabled tenancies.

Enable Multi-Factor Authentication (Without Identity
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
ble
Tasks
ra
fe
Sign in to the Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
ns
1.
method.
tra
n-
Note: If the Customize your Console pop-up window appears, select the profiles that
. no
best describe your Oracle Cloud Infrastructure work or interests.
ide s a
2. In the console ribbon at the top of the screen, click the Profile icon and click the
Gu ha
<username> with which you logged in to the OCI Console.
is )
th m
3. On the User Details page, click Enable Multi-Factor Authentication to open a dialog box.
e .co
4. Follow the instructions in the dialog box:

us ail
to gm
a. Install Oracle Mobile Authenticator or a similar authenticator app on your mobile

se @
device.
en iar
b. Open the app and add a new account. Scan the QR code from the dialog box when
lic agu
prompted.
ee
c. Enter the code displayed by the app.

im
(ja
5. After you’ve entered the code into the Verification Code box, click Verify. Multi-Factor
iar
Authentication is now enabled.

u
ag
6. Click the Profile icon at the top right of the screen and click Sign out.
e
m
7. Sign in to your Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
jai
method:
a. Enter your <username> in the User Name field.
b. Enter your <password> in the Password field.
c. Click Sign In.

Note: After your username and password are authenticated, you have successfully
supplied the first factor for authentication. The second factor appears on an
authentication page and prompts you to enter a one-time passcode.
8. Open the Oracle Mobile Authenticator app on your registered mobile device and then
open the account for your Oracle Cloud Infrastructure (OCI) tenancy.
9. Enter the passcode displayed by your authenticator app and then click Sign In. You are
ble
now successfully signed in to the OCI Console.
ra
Important: The authenticator app generates a new time-based, one-time passcode every
fe
ns
30 seconds. You must enter a code while the code is still valid. If you miss the time
tra
window for one passcode, you can enter the next one that is generated.
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 2-1 Practices
. no
n-
tra
ns
IAM Components
fe
Identity and Access
ra
ble
Management (IAM): Create
Get Started
Overview
Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.
In this lab, we will help you create a compartment, group, user, and policy. We will also provide
ble
the steps to create a dynamic group.
ra
fe
Note: We have instructions for accounts with and without Identity Domains enabled.
ns
tra
In this lab, you’ll:
n-
. no
a. Create a compartment
ide s a
b. Create a user
Gu ha
c. Create a group, and add a user to the group
is )
th m
e .co
d. Create a policy
us ail
Create a dynamic group

to gm
e.
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Identity and Access Management: Create IAM Components 13

14
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
Identity and Access Management: Create IAM Components

Create a Compartment (With Identity Domains Enabled)
A compartment is a collection of related resources. Compartments are fundamental

components of OCI and are used for organizing and isolating your cloud resources.
In this practice, you will learn how to create a compartment.
Tasks
ble
ra
1. Sign in to the OCI Console.
fe
ns
2. Open the Main Menu and select Identity & Security. Under Identity,
tra
click Compartments. A list of the compartments to which you have access appears.
n-
3. Click Create Compartment.
. no
4. Do the following:
ide s a
Gu ha
a. Name: Enter a unique name for the compartment. The name must be unique across
all the compartments in your tenancy. is )
th m
e .co
b. Description: Enter a compartment-related description.

us ail
Parent Compartment: The compartment you are in appears by default.

to gm
c.
se @
5. Click Create Compartment. The Child Compartment now appears in the list of
en iar
compartments.
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a User (With Identity Domains Enabled)
A user is an individual employee or system that needs to manage or use your

company’s OCI resources.
In this practice, you’ll learn how to create a user.
Tasks
ble
ra
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
fe
list of domains in your tenancy appears.
ns
tra
2. Select the Domain that is allotted to you. Otherwise, you can click on the Default domain.
n-
. no
3. Under Identity domain, click Users. A list of the users in your domain appears.
ide s a
Gu ha
5. Enter the following: is )
th m
e .co
a. First Name: Enter first name of user.

us ail
b. Last Name: Enter last name of user.

to gm
se @
c. Username/Email: Enter an email address for the user.

en iar
d. Check the Use the same email address as the username. Do not select the
lic agu
Assign cloud account administrator role check box.

ee
6. Click Create. The user now appears in the list of users.

im
(ja
uiar
ag
e
m
jai
16 Identity and Access Management: Create IAM Components

Create a Group, and Add a User to the Group (With
Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.
In this practice, you’ll learn how to create a group, and add a user to a group.
ble
Tasks
ra
fe
Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
ns
1.
tra
n-
2. Click on the Default domain.
. no
Under Identity domain, click Groups. A list of the groups in your domain appears.
ide s a
3.
Gu ha
4. Select the Administrators group.
is )
th m
5. Click Assign User to Groups.
e .co
Select the user created earlier from the Users drop-down list, and then click Add. The user
us ail
6.
now appears in the group.
to gm
se @
7. Use the breadcrumb trail to go back to the Groups page and click Create Group.
en iar

lic agu
a. Name: Enter a unique name for the group.

ee
im
b. Description: Enter a group-related description.

(ja
9. Click Create. The group now appears in the list of groups.

u iar
ag
e
m
jai

Create a Policy (With Identity Domains Enabled)
A policy is a document that specifies who can access which resources, and how.
In this practice, you’ll learn how to create a policy.
Tasks
ble
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
ra
fe
2. Click Create Policy.
ns
Enter the following:
tra
3.
n-
a. Name: Enter a unique name for the policy.
. no
ide s a
b. Description: Enter a policy-related description.
Gu ha
c. Compartment: If you want to attach the policy to a compartment other than the one
is )
you’re viewing, select it from the drop-down list. Remember, where the policy is
th m
e .co
attached controls who can later modify or delete it.

us ail
to gm
4. In the Policy Builder section, click Show manual editor and enter the policy statement.
se @
en iar
Note: A sample statement would look like the following:

lic agu
allow group <group_name> to manage virtual-network-family in

compartment <compartment_name>
ee
im
5. Click Create. The policy now appears in the list of policies.

(ja
uiar
ag
e
m
jai

Create a Dynamic Group (With Identity Domains
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
ble
group.
ra
In this practice, you’ll learn how to create a dynamic group.
fe
ns
Tasks
tra
n-
Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
. no
1.
ide s a
Click on the Default domain.
Gu ha
2.
is )
th m
3. Under Identity domain, click Dynamic Groups.
e .co
4. Click Create Dynamic Group.

us ail
to gm

se @
a. Name: Enter a unique name for the group. The name must be unique across all groups
en iar
in your tenancy, including dynamic groups and user groups.

lic agu
b. Description: Enter a friendly description.

ee
6. Enter the Matching Rules. Resources that meet the rule criteria are members of the
im
dynamic group.
(ja
a. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

iar
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
u
https://docs.oracle.com/en-
ag
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
e
Note: You can manually enter the rule in the text box or launch the rule builder.
m
jai
− For example, to include all instances that are in a specific compartment, add a rule
with the following syntax:
instance.compartment.id = '<compartment_ocid>'
b. Enter additional rules as needed. To add a rule, click +Additional Rule.
7. Click Create. The dynamic group now appears in the list of dynamic groups.

20
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
Identity and Access Management: Create IAM Components

Create a Compartment (Without Identity Domains
Enabled)
A compartment is a collection of related resources. Compartments are fundamental
components of OCI and are used for organizing and isolating your cloud resources.
In this practice, you will learn how to create a compartment.
ble
Tasks
ra
fe
Sign in to the OCI Console.
ns
1.
tra
2. Open the Main Menu and select Identity & Security. Under Identity,
n-
click Compartments. A list of the compartments to which you have access appears.
. no
3. Under Child Compartment, click Create Compartment.
ide s a
4. Do the following:
Gu ha
Name: Enter a unique name for the compartment. The name must be unique across
a.
is )
th m
all the compartments in your tenancy.
e .co
us ail
b. Description: Enter a compartment-related description.

to gm
Parent Compartment: The compartment you are in appears by default. To choose

se @
c.
another compartment in which to create this compartment, select from the drop-
en iar
down list.
lic agu
5. Click Create Compartment. The Child Compartment now appears in the list of
ee
compartments.
im
(ja
u iar
ag
e
m
jai

Create a User (Without Identity Domains Enabled)
A user is an individual employee or system that needs to manage or use your

company’s OCI resources.
In this practice, you’ll learn how to create a user.
Tasks
ble
ra
1. Open the Main Menu and select Identity & Security. Under Identity, click Users. A list of
fe
users in your tenancy appears.
ns
tra
n-
. no
ide s a
e. Name: Enter a unique name or email address for the user.
Gu ha
f. Description: This value could be the user’s full name, a nickname, or any other
is )
th m
descriptive information.
e .co
g. Email: Enter an email address for the user. This email address is used for
us ail
password recovery.
to gm
se @
4. Click Create. The user now appears in the list of users.

en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Create a Group, and Add a User to the Group (Without
Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.
In this practice, you’ll learn how to create a group, and add a user to a group.
ble
Tasks
ra
fe
Open the Main Menu and select Identity & Security. Under Identity, click Groups. A list
ns
1.
of the groups in your tenancy appears.
tra
n-
2. Click on the Administrators group.
. no
Click Add User to Group.
ide s a
3.
Gu ha
4. Select the user created earlier from the Users drop-down list, and then click Add. The user
now appears in the group. is )
th m
e .co
5. Use the breadcrumb trail to go back to the Groups page and click Create Group.
us ail

to gm
se @
c. Name: Enter a unique name for the group.

en iar
d. Description: Enter a group-related description.

lic agu
7. Click Create. The group now appears in the list of groups.

ee
im
(ja
u iar
ag
e
m
jai

Create a Policy (Without Identity Domains Enabled)
A policy is a document that specifies who can access which resources, and how.
In this practice, you’ll learn how to create a policy.
Tasks
ble
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
ra
fe
2. Choose a compartment.
ns
3. A list of the policies in the compartment you’re currently viewing appears.
tra
n-
. no
ide s a
Gu ha
d. Name: Enter a unique name for the policy.
is )
th m
e. Description: Enter a policy-related description.
e .co
f. Compartment: If you want to attach the policy to a compartment other than the one
us ail
you’re viewing, select it from the drop-down list. Remember, where the policy is
to gm
attached controls who can later modify or delete it.

se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

6. In the Policy Builder section, click Show manual editor and enter the policy statement.
Note: A sample statement would look like the following:

allow group <group_name> to manage virtual-network-family in
compartment <compartment_name>
7. Click Create. The policy now appears in the list of policies.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a Dynamic Group (Without Identity Domains
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
ble
group.
ra
In this practice, you’ll learn how to create a dynamic group.
fe
ns
Tasks
tra
n-
Open the Main Menu and select Identity & Security. Under Identity, click Dynamic
. no
1.
Groups.
ide s a
2. Click Create Dynamic Group.
Gu ha
is )
th m
e .co
c. Name: Enter a unique name for the group. The name must be unique across all groups
in your tenancy, including dynamic groups and user groups.
us ail
to gm
d. Description: Enter a friendly description.

se @
4. Enter the Matching Rules. Resources that meet the rule criteria are members of the
en iar
dynamic group.
lic agu
c. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

ee
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
im
(ja
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
Note: You can manually enter the rule in the text box or launch the rule builder.
uiar
− For example, to include all instances that are in a specific compartment, add a rule
ag
with the following syntax:

e
m
instance.compartment.id = '<compartment_ocid>'
jai
d. Enter additional rules as needed. To add a rule, click +Additional Rule.
5. Click Create. The dynamic group now appears in the list of dynamic groups.

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Network
Gu ha
Lab 3-1 Practices

ide s a
. no
n-
tra
ns
fe
Network: Create and
ra
ble
Configure a Virtual Cloud
Networking - Virtual Cloud
Get Started
Overview
In this practice, you will configure and deploy a Virtual Cloud Network (VCN).
A VCN is a software-defined network specific to your OCI tenancy or a compartment in a
specified region.
Upon creation, a VCN automatically includes route tables, security lists (with default security
ble
rules), and a set of DHCP options. The VCN also has access to a DNS resolver.
ra
A VCN that is launched with the OCI VCN Wizard tool automatically creates the following:
fe
• Public and Private subnets
ns
• Internet Gateway (IG)
tra
• NAT Gateway (NAT)
n-
• Service Gateway (SG)
. no
• Two Route Tables (RT)
ide s a
• Two Security Lists (SL)
Gu ha
For more information about Virtual Cloud Networks, see the OCI Networking Documentation:
is )
th m
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/landing.htm
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai
28 Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network
Create a Virtual Cloud Network
In this lab, you will create a VCN and associated resources by using the VCN Wizard.
Steps
1. Log in to the Oracle Cloud Infrastructure (OCI) console.
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
ble
3. Click the Main Menu, click Networking, and then click Virtual Cloud Networks.
ra
4. Click Start VCN Wizard.
fe
5. Select the Create VCN with Internet Connectivity option, and then click Start VCN
ns
Wizard.
tra
6. Enter the following values:
n-
Name: FRA-AA-LAB03-VCN-01
. no
Compartment: Select your <assigned compartment>.
ide s a
7. Leave the default values for the remaining fields. Click Next.
Gu ha
8. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
is )
th m
and private subnets. It will also set up security list rules and route table rules to enable
e .co
basic access to the VCN.

us ail
9. Click Create.
to gm
10. When complete, click View Virtual Cloud Network.

se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network 29
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
Lab 4-1 Practices

ide s a VCN Peering
. no
n-
tra
ns
fe
ra
ble
Network: Configure Local
Get Started
Overview
In this practice, you will configure Local Peering Gateways (LPGs) to interconnect two Virtual
Cloud Networks (VCNs).
Local VCN Peering
ble
Local VCN peering is the process of connecting two VCNs in the same region so that their
resources can communicate using private IP addresses.
ra
fe
Local Peering Gateway
ns
tra
A Local Peering Gateway is a component on a VCN for routing traffic to a locally peered VCN.
n-
Summary of Networking Components for Peering Using an LPG
. no
The Networking service components required for a local peering include:
ide s a
• Two VCNs with non-overlapping CIDRs, in the same region
Gu ha
• A local peering gateway (LPG) on each VCN in the peering relationship
is )
•
th m
A connection between those two LPGs
e .co
• Supporting route rules to enable traffic to flow over the connection

us ail
• Supporting security rules to control the types of traffic allowed to and from the
to gm
instances in the subnets that need to communicate with the other VCN
se @
en iar
In this lab, you will:

lic agu
1. Create Virtual Cloud Network 01.

2. Create Virtual Cloud Network 02.
ee
3. Add a Local Peering Gateway (LPG) to each VCN.

im
4. Connect the VCNs.

(ja
5. Add Route Rules.

iar
6. Add Security Rules.

u
ag
e
m
jai
Networking - Virtual Cloud Network: Configure Local VCN Peering 31

32
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
Networking - Virtual Cloud Network: Configure Local VCN Peering

Create Virtual Cloud Network 01
In this section, you will create the first of two VCNs by using the Start VCN Wizard.
Tasks
2. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
ble
3. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
ra
4. In the left navigation pane, under List Scope select your <assigned compartment>.
fe
ns
tra
Wizard.
n-
. no
• VCN Name: FRA-AA-LAB04-1-VCN-01
ide s a
• Compartment: Select your <assigned compartment>.
Gu ha
• VCN CIDR Block: 172.16.0.0/16
•
is )
Public Subnet CIDR Block: 172.16.0.0/24
th m
e .co
• Private Subnet CIDR Block: 172.16.1.0/24

us ail
to gm
se @
en iar

lic agu
10. Click Create.

ee

im
(ja
u iar
ag
e
m
jai

In this section, you will create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
ble
ra
fe
ns
Wizard.
tra
n-
. no
• Compartment: Select your <assigned compartment>.
ide s a
• VCN CIDR Block: 192.168.0.0/16
Gu ha
• Public Subnet CIDR Block: 192.168.0.0/24
is )
•
th m
Private Subnet CIDR Block: 192.168.1.0/24
e .co
us ail
to gm
se @

en iar
9. Click Create.
lic agu
10. Once complete, click View Virtual Cloud Network.

ee
im
(ja
u iar
ag
e
m
jai
34 Networking - Virtual Cloud Network: Configure Local VCN Peering

Add a Local Peering Gateway (LPG) to each VCN
In this section, you will add LPGs to the VCNs.
Tasks
3. Select FRA-AA-LAB04-1-VCN-01.
ble
4. In the left navigation pane, under Resources, click Local Peering Gateways (0).
ra
5. Click Create Local Peering Gateway.
fe
ns
6. In the Name field, enter: FRA-AA-LAB04-1-LPG-01.
tra
n-
. no
ide s a
10. In the left menu, under Resources, click Local Peering Gateways (0).
Gu ha
is )
12. In the Name field, enter: FRA-AA-LAB04-1-LPG-02.
th m
e .co

us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Connect the VCNs
In this section, you will establish the peering connection between the two VCNs.
Tasks
3. In the left navigation pane, under Resources, click on Local Peering Gateways (1).
ble
4. Click the three dots to the right of FRA-AA-LAB04-1-LPG-01 to open the Actions menu and
ra
select (Establish Peering Connection).
fe
5. Click Browse Below.
ns
6. Select FRA-AA-LAB04-1-VCN-02 in Virtual Cloud Network.
tra
7. Select FRA-AA-LAB04-1-LPG-02 from the Unpeered Peer Gateway list.
n-
8. Click Establish Peering Connection.
. no
9. Wait for the Peering Status field to change to Peered - Connected to a peer.
ide s a
10. Verify that Peer Advertised CIDRs is 192.168.0.0/16.
Gu ha
is )
th m
e .co
13. In the left menu, under Resources, click Local Peering Gateways (1).
14. Verify that Peering Status is Peered - Connected to a peer.
us ail
to gm
15. Verify that Peer Advertised CIDRs is 172.16.0.0/16.

se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Add Route Rules
In this section, you will add route rules to the route table to allow traffic over the peered
connection.
Tasks
ble
3. In the left navigation pane, under Resources, click Route Tables (2)
ra
4. Click Default Route Table for FRA-AA-LAB04-1-VCN-01.
fe
5. Click Add Route Rules.
ns
6. Select Local Peering Gateway under Target Type.
tra
7. In the Destination CIDR Block field, enter 192.168.0.0/24.
n-
. no
8. Select FRA-AA-LAB04-1-LPG-01 under Target Local Peering Gateway in <assigned
ide s a
compartment>
Gu ha
is )
th m
e .co
12. In the left navigation pane, under Resources, click Route Tables (2).
us ail
13. Click Default Route Table for FRA-AA-LAB04-1-VCN-02 .

to gm

se @
15. Select Local Peering Gateway under Target Type.

en iar
16. In the Destination CIDR Block field, enter 172.16.0.0/24.

lic agu
17. Select FRA-AA-LAB04-1-LPG-02 under Target Local Peering Gateway in <assigned

ee
compartment>
im

(ja
u iar
ag
e
m
jai

Add Security Rules
In this section, you will enable ICMP from the private IP addresses to the public subnet, allowing
ping communications.
Tasks
ble
3. In the left navigation pane, under Resources, click Security Lists (2).
ra
4. Click Default Security List for FRA-AA-LAB04-1-VCN-01.
fe
5. Click Add Ingress Rules.
ns
6. In the Source CIDR field, enter 192.168.0.0/24.
tra
7. Select ICMP under IP Protocol.
n-
8. In the Type field, enter 8.
. no
ide s a
Gu ha
11. Select FRA-AA-LAB04-1-VCN-02
is )
th m
e .co

us ail
to gm
15. Enter 172.16.0.0/24 in the Source CIDR field.

16. In the IP Protocol field, select ICMP.
se @

en iar

lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 4-2 Practices
. no
VCN Peering
n-
tra
ns
fe
ra
ble
Network: Configure Remote
Get Started
Overview
In this lab, you will use Dynamic Routing Gateways (DRGs) to inter-connect two Virtual Cloud
Networks (VCNs) in different OCI regions.
Note: This lab requires you to subscribe to two regions. Hence, you will not be able to perform
ble
it in Free Tier account.
ra
fe
Remote VCN Peering
ns
tra
Remote VCN peering is the process of connecting two VCNs, typically, but not required to be
n-
in different regions. Peering allows VCNs' resources to communicate using private IP
. no
addresses.
ide s a
Dynamic Routing Gateway
Gu ha
A Dynamic Routing Gateway is a powerful virtual router that enables VCN connectivity to
is )
th m
on-premises resources and to remote and local VCNs in the current tenancy and in other
e .co
tenancies.
us ail
to gm
Summary of Networking Components for Remote Peering

se @
The Networking service components required for a remote peering include:

en iar
• DRG attachment to each VCN in the peering relationship.

lic agu
• A remote peering connection (RPC) on each DRG in the peering relationship.

ee
• A connection between those two RPCs.

im
• Supporting route rules to enable traffic to flow over the connection.

(ja
• Supporting security rules to control the types of traffic allowed to and from the
iar
instances in the subnets that need to communicate with the other VCN.
u
ag

e
a. Create Virtual Cloud Network 01.

m
jai
b. Create Virtual Cloud Network 02.
c. Create a Dynamic Routing Gateway in each OCI region.
d. Create Remote Peering Connection attachments and establish the connection

between the two DRGs.
e. Add Route Rules.
40 Networking - Virtual Cloud Network: Configure Remote VCN Peering

f.
jai
m
e
ag
uiar
Add Security Rules.
(ja
im
ee
lic agu
en iar
se @
to gm
Networking - Virtual Cloud Network: Configure Remote VCN Peering

us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
41
In this section, you will first create the first of two VCNs by using the Start VCN Wizard.
Tasks
ble
2. In the console ribbon at the top of the screen, open the Regions menu and select
ra
Germany Central (Frankfurt).
fe
ns
tra
n-
. no
ide s a
Wizard.
Gu ha
6. Enter the following values: is )
th m
e .co
• Compartment: Select your assigned <compartment name>

us ail
• VCN CIDR Block: 172.17.0.0/16

to gm

se @

en iar
lic agu
ee
im
(ja
iar

u
ag
9. Click Create.
e
m

jai

In this section, you will first create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon, at the top of the screen, open the Regions menu and select US
West (Phoenix).
ble
ra
fe
ns
tra
4. Select the Create VCN with Internet Connectivity option and then click Start VCN
n-
Wizard.
. no
ide s a
Gu ha
• VCN Name: PHX-AA-LAB04-2-VCN-01
•
is )
Compartment: Select your assigned <compartment name>.
th m
e .co
• VCN CIDR Block: 10.0.0.0/16

us ail

to gm

se @
en iar
lic agu
ee
im

(ja
iar
8. Click Create.
u
ag

e
m
jai
Networking - Virtual Cloud Network: Configure Remote VCN Peering 43

Create a Dynamic Routing Gateway in Each OCI Region
In this section, you will create two DRGs, one in each OCI region, and attach them to the VCNs
you just created.
Tasks
ble
ra
fe
2. From the Main Menu, select Networking, and under Customer Connectivity
ns
click Dynamic Routing Gateways.
tra
In the left navigation pane, under List Scope select your <assigned compartment>.
n-
3.
. no
4. Click Create Dynamic Routing Gateway.
ide s a
In the Name field enter FRA-AA-LAB04-2-DRG-01.
Gu ha
5.
is )
th m
6. In the Compartment, select your assigned <compartment name>.
e .co

us ail
to gm
8. Click Create Virtual Cloud Network Attachment.

se @
Leave the Attachment name field blank.

en iar
9.
lic agu
10. Select FRA-AA-LAB04-2-VCN-01 from the Virtual Cloud Network in…

ee
11. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
im
(ja
12. Open the Regions menu and select US West (Phoenix).

iar
13. Click Create Dynamic Routing Gateway

u
ag
14. In the Name field, enter PHX-AA-LAB04-2-DRG-01.

e
m
15. Set the Create in Compartment select your assigned <compartment name>.
jai
17. Click Create Virtual Cloud Network Attachment.
18. Leave the Attachment name field blank.

19. Select PHX-AA-LAB04-2-VCN-01 from the Virtual Cloud Network in…
20. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create Remote Peering Connection Attachments and
Establish the Connection Between the Two DRGs

In this section, you will establish the remote peering connection between the two DRGs.
Tasks
In the console ribbon at the top of the screen, open the Regions menu and select US
ble
1.
West (Phoenix).
ra
fe
2. From the Main Menu, select Networking, and then under Customer Connectivity
ns
click Dynamic Routing Gateways.
tra
n-
3. Click PHX-AA-LAB04-2-DRG-01.
. no
4. In the left navigation pane, under Resources, click Remote Peering Connections
ide s a
Attachments (0).
Gu ha
Click the Create Remote Peering Connection button.
5. is )
th m
e .co
6. Enter PHX-AA-LAB04-2-RPC-01 in the Name field.

us ail
to gm
7. Set the Create in compartment field to your assigned <compartment name>.

se @
8. Click Create Remote Peering Connection.

en iar
lic agu
9. Select PHX-AA-LAB04-2-RPC-01 in the Remote Peering Connection list.

ee
10. Click to Copy the RPC OCID and save the value to Notepad for later use.
im
11. Open the Regions menu and select Germany Central (Frankfurt).
(ja
iar
12. Click FRA-AA-LAB04-2-DRG-01.

u
ag
13. Under Resources, click Remote Peering Connections Attachments (0).

e
m

jai
15. Enter FRA-AA-LAB04-2-RPC-01 in the Name field.
16. Set the Create in compartment field to your assigned <compartment name>.

18. Select FRA-AA-LAB04-2-RPC-01 in the Remote Peering Connection list.
19. Click Establish Connection.
20. In the console ribbon at the top of the screen, open the Regions menu and select US
West (Phoenix). (us-phoenix-1)
21. Paste the OCID you previously copied and saved to your Notepad into the Remote
ble
Peering Connection OCID field.
ra
22. Click Establish Connection.
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Add Route Rules
In this section, you will add route rules to the route table to enable traffic over the peered
connection.
Tasks
ble
1. In the console ribbon at the top of the screen, from the Regions menu, select Germany
ra
Central (Frankfurt).
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
7. Select Dynamic Routing Gateway under Target Type.

us ail
to gm
8. Set the Destination CIDR Block field to 10.0.0.0/24.

se @
9. Notice that for Target Dynamic Routing Gateway, the DRG: FRA-AA-LAB04-2-DRG-01
en iar
is automatically selected, as well as your assigned Compartment.

lic agu
10. Click the Add Route Rules button.

ee
im
Note: The route rules that will route traffic from Frankfurt to Phoenix via the DRG have
(ja
been successfully added. Now we will configure the return direction.

iar
11. In the console ribbon at the top of the screen, open the Regions menu and select US
u
ag
West (Phoenix).
e
12. Select PHX-AA-LAB04-2-VCN-01.

m
jai
14. Click Default Route Table for PHX-AA-LAB04-2-VCN-01.
16. Select Dynamic Routing Gateway under Target Type.

17. Set the Destination CIDR Block field to 172.17.0.0/24.
18. Note that the value for Target Dynamic Routing Gateway is automatically set to PHX-
AA-LAB04-2-DRG-01 along with your assigned <compartment name>.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Add Security Rules
In this section, you will enable ICMP from the private IP addresses to the public subnet,
allowing ping communications.
Tasks
ble
1. In the console ribbon at the top of the screen, from the Regions menu, select US West
ra
(Phoenix).
fe
ns
tra
n-
3. Select PHX-AA-LAB04-2-VCN-01.
. no
ide s a
Gu ha
5. Click Default Security List for PHX-AA-LAB04-2-VCN-01.
is )
th m
e .co
us ail

to gm
8. Select ICMP from the IP Protocol field.

se @
en iar
9. In the Type field enter 8.

lic agu

ee
im
(ja

iar
12. Select FRA-AA-LAB04-2-VCN-01

u
ag
e
m

jai
17. Select ICMP in the IP Protocol field.

.
jai
m
e
ag
u
This completes the lab.
iar
(ja
im
ee
lic agu
en iar
se @
to gm
Networking - Virtual Cloud Network: Configure Remote VCN Peering

us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
51
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
Balancer
ide s a
Lab 5-1 Practice
. no
n-
tra
ns
fe
ra
ble
Networking: OCI Load
Get Started
Overview
In this practice, you will configure a Public Load Balancer, including a set of two back-end
compute instances.
Load Balancer
ble
ra
The OCI Load Balancer provides automated traffic distribution from one entry point to
fe
multiple back-end servers in your VCN. It operates at the connection level and balances
ns
incoming client connections to healthy back-end servers. The service offers a load balancer
tra
with your choice of a regional public or private IP address and provisioned bandwidth.
n-
. no
Summary of Components for OCI Load Balancer Used in This Lab
ide s a
• Listener: A logical entity that checks for incoming traffic on the load balancer's IP
Gu ha
address
•
is )
Back-end server: An application server responsible for generating content in reply to
th m
the incoming traffic
e .co
• Back-end set: A logical entity defined by a list of backend servers

us ail
to gm
• Load balancing policy: A load-balancing policy tells the load balancer how to
distribute incoming traffic to the back-end servers
se @
• Health check: A test to confirm the availability of back-end servers

en iar
lic agu
• Shape: The Bandwidth capacity of the load balancer

ee

im

(ja
a.
iar
b. Create two compute instances

u
ag
c. Create a load balancer

e
m
jai
OCI Load Balancer 53

54
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
OCI Load Balancer

In this practice, you will create a VCN and associated resources using the VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
ble
ra
fe
ns
tra
Select the Create VCN with Internet Connectivity option, and then click Start VCN
n-
4.
. no
Wizard.
ide s a
Gu ha
• Name: FRA-AA-LAB05-VCN-01
is )
• Compartment: Select your assigned <compartment name>.
th m
e .co
• VCN CIDR Block: 172.17.0.0/16

us ail

to gm

se @
Leave the default values for the remaining fields. Click Next.
en iar
6.
lic agu
ee
im

(ja
iar
8. Click Create.
u
ag

e
m
10. In the left navigation pane, under Resources, click Security Lists.
jai
11. Select Default Security List for FRA-AA-LAB05-VCN-01.

12. Click Add Ingress Rule.
a. For Source CIDR, enter 0.0.0.0/0.
b. For Destination Port Range, enter 80.
c. Click Add Ingress Rules.

Create Two Compute Instances (Back-End Servers)
In this lab, you will create two compute instances and configure them to provide web services.
They will serve as the back-end servers, and will reside in a private subnet.
Tasks
Build the First Compute Instance
ble
ra
fe
ns
tra
2. From the Main Menu, select Compute, and then click Instances.
n-
. no
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
ide s a
4. Click Create Instance and enter the following values:
Gu ha
• Name: FRA-AA-LAB05-VM-01
is )
• Compartment: Your assigned <compartment name>.
th m
e .co
• Placement: AD-1
us ail
• Image: Oracle Linux

to gm
• Shape: Click Change Shape

se @
• Instance Type: Virtual Machine

en iar
• Shape Series: Ampere

lic agu
• Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

ee
• Click Select Shape.

im
• Networking:
(ja
• Primary network: Select existing virtual cloud network.

iar
• Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB05-VCN-01

u
Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB05-VCN-01

ag
•
(regional)
e
m
• Add SSH Key: No SSH Keys

jai
• Click Show advanced options

• On the Management tab, click Paste cloud-init script under Initialization script.
56 OCI Load Balancer

• Copy and paste the following into the Cloud-init script field (Tip: Copy the below
script in a notepad and ensure that the last 2 lines of the script are copied in a single
line as a single command):
#!/bin/bash -x
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
yum -y install httpd
systemctl enable httpd.service
systemctl start httpd.service
ble
firewall-offline-cmd --add-service=http
ra
firewall-offline-cmd --add-service=https
fe
systemctl enable firewalld
ns
systemctl restart firewalld
tra
echo Hello World! My name is FRA-AA-LAB05-WS-01>
n-
/var/www/html/index.html
. no
Note: This script configures and enables the compute instance’s firewall and httpd
ide s a
processes.
5. Click Create.
Gu ha
is )
th m
e .co
Note: The process will take approximately two minutes.

us ail
to gm
se @
Build the Second Compute Instance

en iar
lic agu
ee
im
(ja
iar
u

ag
e
m
• Compartment: Your assigned <compartment name>

jai
• Placement: AD-2
• Instance Type: Virtual Machine
• Shape Series: Ampere

• Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)
• Click Select Shape

• Networking:
• Primary network: Select existing virtual cloud network.
• Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB05-VCN-01
• Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB05-VCN-01
(regional)
ble
ra
fe
• Click Show advanced options
ns
tra
• Copy and paste the following into the Cloud-init script field (Tip: Copy the below
n-
script in a notepad and ensure that the last 2 lines of the script are copied in a single
. no
line as a single command):
ide s a
#!/bin/bash -x
Gu ha
yum -y install httpd is )
th m
e .co

us ail
to gm
se @

en iar

lic agu
ee
im
processes.
(ja
5. Click Create.
iar
u
Note: The process will take approximately two minutes.

ag
e
m
jai

Create a Load Balancer
In this lab, you will create a Load Balancer, and configure the listener, the health check, and
back-end set. You will then add a security rule to the security list of the private subnet.
Tasks
1. From the Main Menu, select Networking, and then click Load Balancers.
ble
ra
fe
ns
3. Click Create Load Balancer.
tra
4. Select Load Balancer, click Create Load Balancer and enter the following values:
n-
. no
• Load Balancer Name: FRA-AA-LAB05-LB-01
ide s a
• Choose visibility type: Public
Assign a public IP address: Ephemeral IP Address
Gu ha
•
• In the Bandwidth section, under Shapes, select Flexible Shapes (Specify Minimum
is )
th m
Bandwidth as 10 Mbps and Maximum Bandwidth as 20 Mbps).
e .co
• Under Choose Networking, for the Virtual Cloud Network in <compartment

us ail
name>, select FRA-AA-LAB05-VCN-01 and for the Subnet in <compartment name>,

to gm
select Public Subnet-FRA-AA-LAB05_VCN-01.

se @
• Click Next.
en iar
• Under Choose Backends select Weighted Round Robin.

lic agu
• Click Add Backends.

ee
• Select both FRA-AA-LAB05-VM-01 and FRA-AA-LAB05-VM-02.

im
• Click Add Selected Backends.

(ja
• Leave all values at defaults in the Specify Health Check Policy section.
iar
• Click Next.
u
ag
• On the Configure Listener page, enter the following values:

Listener Name: FRA-AA-LAB05-Listener-01
e
•
m
• Specify the type of traffic you listener handles: HTTP

jai
Note: The Specify the port your listener monitors for ingress traffic value will
become 80.
• Click Next.
• On the Manage Logging page, set Error Logs to Not Enabled.
5. Click Submit and wait for the status to become Active.

Note: The process will take approximately three minutes.
6. Verify that the Backend Set Health status is OK.
7. Locate and copy the Load Balancer’s IP Address.
8. Paste the copied value into your browser’s address bar to visit the site.
9. A webpage stating Hello World! My name is FRA-AA-LAB05-WS-01 will appear.
ble
ra
10. Reload the page to see the other back-end server has provided the message, Hello World!
fe
My name is FRA-AA-LAB05-WS-02.
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Purge Instructions
Purge Load Balancer
2. From the navigation menu, select Networking, and then click Load Balancers.
ble
ra
fe
ns
4. Click FRA-AA-LAB05-LB-01.
tra
5. Click Terminate.
n-
. no
6. Click Terminate when prompted.
ide s a
Gu ha
is )
Purge the First Oracle Linux Compute Instance
th m
e .co
us ail
to gm
From the navigation menu, select Compute, and click Instances.

se @
2.
en iar
lic agu
4. Click FRA-AA-LAB05-VM-01.
ee
im
5. Click Terminate.
(ja
Check Permanently delete the attached boot volume when prompted.

iar
6.
u
Click Terminate instance.

ag
7.
e
Note: The status for the compute instance will show Terminating.
m
jai
8. Eventually you will see the status of the compute instance will show Terminated and all
buttons for administrative tasks for this Linux Machine will be disabled.

Purge the Second Oracle Linux Compute Instance
2. From the navigation menu, select Compute, and click Instances.
ble
ra
fe
5. Click Terminate.
ns
tra
6. Check Permanently delete the attached boot volume when prompted.
n-
. no
7. Click Terminate instance.
ide s a
Note: The status for the compute instance will show Terminating.
Gu ha
8. Eventually you will see the status of the compute instance will show Terminated and all
is )
th m
buttons for administrative tasks for this Linux machine will be disabled.
e .co
us ail
to gm
Purge VCN
se @
en iar
1. Click the navigation menu, click Networking, and then click Virtual Cloud Networks.
lic agu
2. In the left navigation pane, under List Scope, select your assigned compartment from the
ee
Compartment drop-down menu.

im
(ja
3. In the list of VCNs, click the three dots on the right of FRA-AA-LAB05-1-VCN-01 to open
the Actions menu. Select Delete.
u iar
4. Make sure that the Search compartments for resources associated with this VCN check
ag
box is selected.
e
m
5. In the white box that starts with Select which compartments to search for associated
jai
resources, select the Specific compartments option and select your assigned
compartment from the drop-down menu.
6. Click Scan.

OCI Load Balancer

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
7. After the scan is completed, click Delete All.
Note: This process can take up to 2 minutes.
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
63
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 6-1 Practices
. no
n-
tra
ns
Private DNS Zone
fe
Networking – DNS
ra
ble
Management: Create a
Get Started
Overview
In this practice, you will configure a private DNS zone and create a DNS A record that
corresponds to a private IP address. You will create two compute instances, one running
Oracle Linux that will be used as a web server, and another running Microsoft Windows, which
ble
will be used as a client.
ra
Private DNS Zones
fe
ns
Private DNS zones contain DNS data that is accessible only from within a Virtual Cloud
tra
Network (VCN). A private DNS zone has capabilities similar to an Internet DNS zone but
n-
provides responses only for clients that can reach it through a private VCN. Each zone belongs
. no
to a single view.
ide s a
Gu ha
is )
th m
a.
e .co
b. Create two compute instances

us ail
to gm
c. Create a private DNS zone

se @
d. Access the private DNS zone from your Windows compute instance
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Networking – DNS Management: Create a Private DNS Zone 65

Prerequisites
• You will use Remote Desktop Connection (RDC) to access a Windows compute
instance from your personal workstation. You can download RDC here.
Note: Oracle does not provide support for Remote Desktop Connection.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
iar
u
ag
e
m
jai
66 Networking – DNS Management: Create a Private DNS Zone

In this practice, you will create a VCN and associated resources by using the VCN Wizard.
Tasks
ble
ra
fe
ns
tra
n-
4.
. no
Wizard.
ide s a
Gu ha
• Name: FRA-AA-LAB06-VCN-01
is )
th m
e .co
• VCN CIDR Block: 172.17.0.0/16

us ail

to gm

se @
Leave the default values for the remaining fields. Click Next.
en iar
6.
lic agu
ee
im

(ja
iar
8. Click Create.
u
ag
9. Once complete, click View Virtual Cloud Network.

e
m
10. Under Resources, select Security Lists

jai
11. Select Security List for Private Subnet-FRA-AA-LAB06-VCN-01.

12. Click Add Ingress Rules and enter the following:
• Source CIDR: 172.16.0.0/12
• Destination Port Range: 80

Create Two Compute Instances
In this practice, you will create two compute instances. One will run Oracle Linux and the
Apache web server and the other will run Microsoft Windows as its operating system.
Tasks
Build the First Compute Instance
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
• Placement: AD-1
us ail

to gm

se @
o Instance Type: Virtual Machine

en iar
o Shape Series: Ampere

lic agu
o Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

ee
• Click Select Shape.

im
• Networking:
(ja
o Primary network: Select an existing virtual cloud network.

iar
o Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB06-VCN-01

u
Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB06-VCN-01

ag
o
(regional)
e
m

jai
• Click Show advanced options.


• Copy and paste the following into the Cloud-init script field:
#!/bin/bash -x
yum -y install httpd
ble
ra
fe
ns
tra
n-
. no
processes.
ide s a
Gu ha
5. Click Create and wait for the status to become Active.
is )
th m
Note: The process will take approximately three minutes.
e .co
us ail
6. Locate the compute instance’s Private IP address under Primary VNIC. Copy the value to
to gm
Notepad for later use.

se @
7. Under Instance details, click Virtual cloud network: FRA-AA-Lab06-VCN-01.

en iar
lic agu
8. Under Resources, click Security List (2).

ee
9. Under Security Lists in <Your Compartment> Compartment, click Default Security List
im
for FRA-AA-LAB06-VCN-01.
(ja

iar
• Source CIDR: 172.16.0.0/12

u
ag

e
• Click + Another Ingress Rule

m
jai
• Under Ingress Rule 2, in the Source CIDR field enter 0.0.0.0/0


Build the Second Compute Instance
ble
ra
fe
ns
tra
• Placement: AD-2
n-
• Image and Shape: Click Change Image.
. no
o Select Windows (Windows Server 2022 Standard)
ide s a
o Select I have reviewed and accept the following documents Oracle and
Gu ha
Microsoft Windows Terms of Use.
is )
th m
Note: It is your responsibility to read and understand the terms of use before
e .co
accepting.
us ail
o Click Select image.

to gm
• Click Change shape.

se @
o Instance Type: Virtual Machine

en iar
o Shape Series: AMD

lic agu
o Shape Name: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)

ee
• Click Select shape.

im
• Networking:
(ja
o Primary network: Select Existing virtual cloud network.

iar
o Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB06-VCN-01

u
o Subnet in <assigned compartment>: Public Subnet-FRA-AA-LAB06-VCN-01

ag
(regional)
e
m
5. Click Create.
jai

Create a Private DNS Zone
In this practice, we will create a private DNS zone and access it from the Windows compute
instance located on the same Virtual Cloud Network where the web server is.
Tasks
ble
Ensure that you are in correct region, Germany Central (Frankfurt).
ra
fe
2. From the Main Menu, select Networking, Under DNS Management, click Zones.
ns
tra
n-
. no
4. Click the Private Zones tab.
ide s a
5. Click Create Zone and enter the following values:
Gu ha
• Zone Name: FRA-AA-LAB06-PrivateZone-01.com
is )
• Under DNS Private View, click Selecting existing DNS Private View.
th m
e .co
• Under DNS Private View in <assigned compartment>, select FRA-AA-LAB06-VCN-

01.
us ail
to gm
6. Click Create.
se @
en iar
7. Click Add Record.

lic agu
8. Under Record Type, select A-IPv4 Address.

ee
9. Under TTL, click the lock and set TTL to 30 seconds.

im
(ja
10. In the Address field, enter the web server’s private IP address that you previously pasted
iar
into Notepad.
u
ag
11. Click Submit.

e
m
12. Click Publish Changes.

jai
13. Click Publish Changes to confirm.

Access the Private DNS Zone from Your Windows
Compute Instance
In this practice, you will connect to your Windows compute instance from your personal
workstation by using Remote Desktop Connection, launch Internet Explorer, and access the
private DNS zone URL, FRA-AA-LAB06-PrivateZone-01.com.
ble
Tasks
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
5. Under Instance Access, click Copy to save your Initial password to your clipboard.
th m
e .co
6. Save the copied value to your Notepad.

us ail
to gm
7. Copy the Public IP Address.

se @
8. On your personal workstation, open Remote Desktop Connection.

en iar
lic agu
9. Paste the public IP address of your Windows compute instance into the Computer field,
and click Connect.
ee
im
Note: If there is a warning message, click Yes. If you are connected to any VPN or working on
(ja
a restricted network connection, you will not be able to connect to the Windows machine by
using RDP (Remote Desktop Protocol).
uiar
ag
10. Paste the Initial password value that you pasted to Notepad in the Password field.
e
11. Click Connect.

m
jai
Note: You will be prompted to change your password upon your first connection. Do so
and proceed.
12. Once connected to your Windows compute instance with RDC, launch Internet Explorer
(IE).

13. In the top right of the browser window, click the configuration icon and select Internet
Options.
14. Click the Security tab.
15. Deselect Enable Protected Mode and click OK.
Note: You must restart Internet Explorer for the setting to take effect.
ble
16. Restart Internet Explorer.
ra
fe
17. In the address field, enter FRA-AA-LAB06-PrivateZone-01.com.
ns
tra
18. You will see the custom message: Hello World! My name is FRA-AA-LAB06-WS-01.
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha Instance
ide s a
. no
Lab 07-1 Practices
n-
tra
ns
fe
ra
Server on a Compute
ble
Compute: Create a Web
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Compute lets you provision and manage compute hosts,
known as instances. You can launch instances as needed to meet your compute and
application requirements. In this lab, you will create a web server on a compute instance.
ble
ra
• Launch Cloud Shell
fe
ns
• Generate SSH keys
tra
• Create a Virtual Cloud Network and its components
n-
• Create a compute instance
. no
• Install an Apache HTTP server on the instance
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
iar
Prerequisites
u
ag
• You must have access to the OCI Console.

e
m
jai
Assumptions
• In this lab, Germany Central (Frankfurt) is considered as your region.
• You must be familiar with navigating the OCI Console.
Compute: Create a Web Server on a Compute Instance 75

Launch Cloud Shell
The OCI Cloud Shell is a web browser–based terminal accessible from the OCI Console. It
provides access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
ble
ra
1. Sign in to your Oracle Cloud Infrastructure Console.
fe
ns
2. In the Console ribbon at the top of the screen, click the Region icon to expand the menu.
tra
n-
. no
3. Click the Cloud Shell icon next to the Region in the Console ribbon.
ide s a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu ha
selected in the Console's region selection menu when the Cloud Shell is started.
is )
th m
This displays the Cloud Shell in a "drawer" at the bottom of the console.
e .co
You can use the icons in the top-right corner of the Cloud Shell window to minimize,
us ail
4.
maximize, and close your Cloud Shell session.
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
76 Compute: Create a Web Server on a Compute Instance

Generate SSH Keys
In this practice, you will generate SSH keys using Cloud Shell.
Tasks
1. From the OCI Console, click the Cloud Shell icon next to the region in the Console ribbon.
ble
2. After the Cloud Shell has started, run the following commands:
ra
fe
$ mkdir .ssh
ns
Important: In case you get an error that says, “cannot create director: File exists”, you can
tra
skip running the first command.
n-
. no
$ cd .ssh
ide s a
$ ssh-keygen -b 2048 -t rsa –f <<sshkeyname>>
Gu ha
Replace <<sshkeyname>> with ociaalab7key. Select the key name you can
is )
th m
remember. This will be the key name you will use to connect to the compute instance you
e .co
create.
us ail
to gm
Note: If you receive an error message for the above command, enter the command
manually.
se @
en iar
Remember:
lic agu
▪ After entering the third command, press Enter twice for no passphrase.
ee
im
▪ Do not include the angle brackets «» and $ symbol when pasting code into Cloud
(ja
Shell.
iar
3. Examine the two files that you just created by running the following command:
u
ag
$ ls
e
m
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
jai
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.

4. To list the contents of the public key, run the following command:
$ cat <<sshkeyname>>.pub
Replace <<sshkeyname>> with ociaalab7key.
Note: The angle brackets «» should not appear in your code.
5. Copy the contents of the public key as you will require this in a subsequent step. Make
ble
sure that you remove any hard returns that may have been added when copying.
ra
The .pub key should be one line.
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Create a Virtual Cloud Network and Its Components
In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway
and add route rules in the route table.
Tasks
1. From the Main Menu, under Networking, click Virtual Cloud Networks.
ble
ra
2. Click Create VCN.
fe
ns
3. In the Create a Virtual Cloud Network dialog box, populate the following information:
tra
Name: FRA-AA-LAB07-1-VCN-01
n-
a.
. no
b. Create in Compartment: <your compartment>
ide s a
IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
Gu ha
c.
is )
Keep the other options default and click Create VCN.
th m
4.
e .co
You can see that the VCN is created successfully.

us ail
to gm
5. Click FRA-AA-LAB07-1-VCN-01 VCN to view the details page.

se @
6. Click Create Subnet.

en iar
lic agu
7. In the Create Subnet dialog box, populate the following information:

ee
a. Name: FRA-AA-LAB07-1-SNET-01
im
(ja
b. Create in Compartment: <your compartment>

iar
c. Subnet Type: Regional

u
ag
d. IPv4 CIDR Blocks: 10.0.1.0/24

e
m
Subnet Access: Public Subnet

jai
e.
8. Keep the other options default and click Create Subnet.
You can see that the subnet is created successfully, and the state is Available.
9. Under Resources in the left navigation panel, click Internet Gateways.

10. Click Create Internet Gateway.
11. In the Create Internet Gateway dialog box, populate the following information:
a. Name: FRA-AA-LAB07-1-IG-01
b. Create In Compartment: <your compartment>
ble
ra
You can see that Internet Gateway is created successfully and the state is Available.
fe
ns
13. Under Resources in the left navigation panel, click Route Tables.
tra
n-
. no
ide s a
16. In the Add Route Rules dialog box, populate the following information:
Gu ha
is )
th m
a. Target Type: Internet Gateway
e .co
b. Destination CIDR Block: 0.0.0.0/0

us ail
to gm
c. Target Internet Gateway: FRA-AA-LAB07-1-IG-01

se @

en iar
lic agu
You can see that the route rule is successfully added in the default Route Table.
ee
18. Navigate back to the Virtual Cloud Networks page from the Main Menu.
im
(ja
19. Click FRA-AA-LAB07-1-VCN-01 VCN to view the details page.

iar
20. Under Resources in the left navigation panel, click Security Lists.
u
ag

e
m
22. Here, you need to open port 80. Click Add Ingress Rules.
jai

23. In the Add Ingress Rules dialog box, populate the following information:
a. Source Type: CIDR
b. Source CIDR: 0.0.0.0/0
c. IP Protocol: TCP
Destination Port Range: 80
ble
d.
ra
Note: Do not select the Stateless check box. The Source Port Range field is set to All by
fe
default.
ns
tra
24. Click Add Ingress Rule.
n-
. no
You can see that the rule is successfully added.
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a Compute Instance
In this practice, you will launch a compute instance and connect to it.
Tasks
1. From the OCI Console Main Menu, under Compute, click Instances.
ble
2. Click Create instance.
ra
fe
3. In the Create compute instance dialog box, populate the following information:
ns
Name: FRA-AA-LAB07-1-VM-01
tra
a.
n-
b. Create in compartment: <your compartment>
. no
ide s a
c. Placement (Availability domain): AD 1
Gu ha
Click Show advanced options and select On-demand capacity under Capacity type.
is )
th m
Image: Oracle Linux 8
e .co
d.
us ail
e. Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]

to gm
f. Primary network: Select an existing virtual cloud network.

se @
en iar
g. Virtual cloud network in <your compartment>: FRA-AA-LAB07-1-VCN-01

lic agu
h. Subnet: Select an existing subnet.

ee
im
i. Subnet in <your compartment>: FRA-AA-LAB07-1-SNET-01 (regional)

(ja
j. Public IP address: Assign a public IPv4 address.

u iar
k. Add SSH keys: Paste public keys.

ag
e
l. SSH Keys: <public key> (Paste the public key which you copied in Step 5 of Generate
m
SSH Keys practice.)

jai
Note: Keep the default option for Boot volume.
4. Click Create.
You will see that the Instance is created successfully, and the state is Running.

5. Copy the Public IP corresponding to the FRA-AA-LAB07-1-VM-01 instance and paste it in
the Notepad.
6. Click the Cloud Shell icon next to the Region at the top of the screen.
7. Run the following command using SSH to connect to your instance:
$ ssh -i <private_key_file> <username>@<public-ip-address>
ble
a. The <private_key_file> is the full path and name of the file that contains the
ra
private key associated with the instance you want to access.
fe
ns
b. The <username> is the default user opc.
tra
n-
c. The <public-ip-address> is the public IP address of the instance.
. no
Note: Enter yes in response to - Are you sure you want to continue connecting (yes/no)?
ide s a
Gu ha
You are now connected to the instance FRA-AA-LAB07-1-VM-01.
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Install an Apache HTTP Server on the Instance
The HTTP Server is an open-source web server developed by the Apache Software
Foundation. The Apache server hosts web content and responds to requests for this content
from web browsers such as Chrome or Firefox.
In this practice, you will install an Apache HTTP web server and connect to it over the public
Internet.
ble
ra
Tasks
fe
ns
1. On the OCI Console, click the Cloud Shell icon at the top of the screen.
tra
n-
2. While connected to your compute instance via SSH, run the following commands:
. no
a. Install Apache HTTP:
ide s a
Gu ha
$ sudo yum install httpd -y
is )
th m
b. Start the Apache server and configure it to start after system:
e .co
$ sudo apachectl start

us ail
to gm
$ sudo systemctl enable httpd

se @
c. Run a quick check on Apache configurations:

en iar
lic agu
$ sudo apachectl configtest

ee
d. Create firewall rules to allow access to the ports on which the HTTP server listens:
im
$ sudo firewall-cmd --permanent --zone=public --add-

(ja
service=http
uiar
$ sudo firewall-cmd --reload

ag
e. Create an index file for your web server.

e
m
jai
$ sudo bash -c 'echo This is my Web-Server running on Oracle

Cloud Infrastructure >> /var/www/html/index.html'

3. Open your browser and enter http://Public-IPAddress in the address bar (the IP
Address of the Compute Instance).
You should see the index page of the web server we created in the second step (last point).
This is my Web-Server running on Oracle Cloud Infrastructure.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha Instances
ide s a
. no
Lab 08-1 Practices
n-
tra
ns
fe
ra
ble
Reservation and Launch
Compute: Create a Capacity
Get Started
Overview
The capacity reservations allow you to reserve compute capacity in advance and use this
capacity when you create instances against the reservation. There is no minimum time or size
commitment. You can create, modify, and terminate your capacity reservation at any time.
ble
ra
• Create a Virtual Cloud Network and a subnet
fe
ns
• Create a capacity reservation
tra
• Add a capacity configuration
n-
• Create instances in a capacity reservation.
. no
• Move an instance out of a capacity reservation.
ide s a
• Add an instance to a capacity reservation
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
Prerequisites
iar

u
ag
Assumptions
e
m

jai
Compute: Create a Capacity Reservation and Launch Instances 87

Create a Virtual Cloud Network and a Subnet
In this practice, you will create a Virtual Cloud Network (VCN) and a subnet.
Tasks
1. Sign in to your Oracle Cloud Infrastructure (OCI) Console.
ble
2. From the Main Menu, under Networking, select Virtual Cloud Networks.
ra
fe
ns
In the Create a Virtual Cloud Network dialog box, populate the following information:
tra
4.
n-
a. Name: FRA-AA-LAB08-1-VCN-01.
. no
ide s a
Gu ha
c. IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
is )
th m
Keep all the other options default and click Create VCN.
e .co
5.
us ail
You can see that the VCN is created successfully.

to gm
6. Click FRA-AA-LAB08-1-VCN-01 VCN to view the details page and click Create Subnet.
se @
en iar

lic agu
a. Name: FRA-AA-LAB08-1-SNET-01
ee
im

(ja
c. Subnet Type: Regional (Recommended)

uiar
d. IPv4 CIDR Blocks: 10.0.1.0/24.

ag
e
e. Subnet Access: Public Subnet

m
jai
8. Keep all the other options default and click Create Subnet.
You can see that the subnet is created successfully, and the state is Available.
88 Compute: Create a Capacity Reservation and Launch Instances

Create a Capacity Reservation
In this practice, you will create a capacity reservation.
Tasks
1. From the Main Menu, under Compute, click Capacity Reservations.
ble
2. Click Create capacity reservation.
ra
fe
3. In the Create capacity reservation dialog box, populate the following information in the
ns
Add basic details section:
tra
Name: FRA-AA-LAB08-1-RESV-01
n-
a.
. no
ide s a
Availability domain: <first availability domain>
Gu ha
c.
is )
Note: Do not select the Make this reservation the default for this availability
th m
e .co
domain check box.

us ail
4. Click Next.
to gm
se @
5. In the Add capacity configurations dialog box, populate the following information:
en iar
a. Fault Domain: First available

lic agu
Shape: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

ee
b.
im
c. Count: 1
(ja
Click Next.
iar
6.
u
ag
7. Review the capacity reservation and capacity configuration information.

e
Click Create.
m
8.
jai
You can now see that the capacity reservation is created successfully.

Add a Capacity Configuration
In this practice, you will add a capacity configuration to an existing capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Capacity Reservations.
ble
2. Click the capacity reservation FRA-AA-LAB08-1-RESV-01.
ra
fe
3. Click Add capacity configuration.
ns
In the Add capacity configurations dialog box, populate the following information:
tra
4.
n-
a. Fault Domain: First available
. no
ide s a
b. Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
Gu ha
c. Count: 1 is )
th m
Click Add configuration.
e .co
5.
us ail
You can now see two capacity configurations in the capacity reservation.
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create Instances in a Capacity Reservation
In this practice, you will create instances in a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Capacity Reservations.
ble
ra
fe
3. Under Resources in the left navigation panel, click Created instances.
ns
Click Create instance and populate the following information:
tra
4.
n-
a. Name: FRA-AA-LAB08-1-VM-01
. no
ide s a
Gu ha
c. Placement (Availability domain): AD 1 is )
th m
Capacity type: Capacity reservation
e .co
d.
us ail
e. Capacity reservation: FRA-AA-LAB08-1-RESV-01

to gm
f. Fault Domain: Let Oracle choose the best fault domain.

se @
en iar
g. Image: Oracle Linux 8

lic agu
h. Shape: VM.Standard.A1.Flex (1 OCPU, 6GB Memory)

ee
im
Note: If the capacity reservation doesn’t have a configuration for a shape, you will see
(ja
this icon in front of the Shape name.

u iar
i. Networking: FRA-AA-LAB08-1-VCN-01
ag
Subnet: FRA-AA-LAB08-1-SNET-01 (regional)

e
j.
m
jai
k. Public IP address: Do not assign a public IPv4 address.
l. Add SSH keys: No SSH keys
Note: Keep the default option for Boot volume.

5. Click Create.
In a couple of minutes, you can see that the instance is created successfully, and the state
is Running.
6. Navigate back to the Capacity Reservations page under Compute from the Main Menu.
ble
Under Capacity configurations, you can see that the Used capacity for
ra
VM.Standard.A1.Flex Instance type is 1, and the Reserved capacity is 1.
fe
ns
8. Repeat steps 1 through 5 to create another instance with the following changes:
tra
Name: FRA-AA-LAB08-1-VM-02
n-
a.
. no
b. Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
ide s a
For changing Shape, click Change Shape and click AMD under Shape series. Then
Gu ha
select VM.Standard.E4.Flex is )
th m
e .co
9. Populate all other fields as per Step 4 and click Create.

us ail
10. Navigate back to the Capacity Reservations page from the Main Menu.
to gm

se @
en iar
Under Capacity configurations, you can see that the Used capacity for
lic agu
VM.Standard.E4.Flex Instance type is 1. The Reserved capacity is 1.

ee
im
(ja
u iar
ag
e
m
jai

Move an Instance out of a Capacity Reservation
In this practice, you will move an instance out of a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Instances.
ble
2. Click the instance FRA-AA-LAB08-1-VM-02.
ra
fe
3. From the More Actions drop-down menu, select Edit.
ns
Click Show advanced options, and then click the Placement tab.
tra
4.
n-
5. Deselect the Apply a capacity reservation check box.
. no
ide s a
6. Click Save changes.
Gu ha
7. Navigate back to the Main Menu and click Compute. Under Compute, click Capacity
is )
Reservations.
th m
e .co

us ail
to gm
9. Under Capacity configurations, you can see that the Used capacity for
se @
VM.Standard.E4.Flex Instance type is 0.

en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Adding an Instance to a Capacity Reservation
In this practice, you will add an instance to a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Instances.
ble
ra
fe
3. From the More Actions drop-down menu, select Edit.
ns
Click Show advanced options, and then click the Placement tab.
tra
4.
n-
5. Select the Apply a capacity reservation check box.
. no
ide s a
6. Select FRA-AA-LAB08-1-RESV-01 under Capacity reservation.
Gu ha
7. Click Save changes. is )
th m
Navigate back to the Main Menu and select Compute. Under Compute, click Capacity
e .co
8.
Reservations.
us ail
to gm

se @
10. Under Capacity configurations, you can see that the Used capacity for
en iar
VM.Standard.E4.Flex Instance type is 1.

lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
. no
Lab 09-1 Practices
n-
tra
ns
fe
ra
Compute: Configure
ble
Metric-Based Autoscaling
Get Started
Overview
Autoscaling lets you automatically adjust the number or the lifecycle state of compute
instances in an instance pool. This helps you provide consistent performance for your end
users during periods of high demand, and reduce your costs during periods of low demand.
ble
ra
fe
a. Create a Virtual Cloud Network (VCN) and its components
ns
tra
b. Create a load balancer
n-
. no
c. Create a compute instance and a custom image
ide s a
d. Create an instance configuration
Gu ha
e. Create an instance pool is )
th m
e .co
f. Create a metric-based autoscaling configuration

us ail
g. Test autoscaling
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
96 Compute: Configure Metric-Based Autoscaling

Prerequisites
Assumptions
ble
• In this lab we are using Germany Central (Frankfurt) region.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Compute: Configure Metric-Based Autoscaling 97

In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway,
and add route rules in the route table.
Tasks
ble
ra
2. From the navigation menu, under Networking, select Virtual Cloud Networks.
fe
ns
tra
In the Create a Virtual Cloud Network dialog box, populate the following information:
n-
4.
. no
• Name: FRA-AA-LAB09-1-VCN-01
ide s a
• Create In Compartment: <your compartment>
Gu ha
is )
• IPv4 CIDR Blocks: 10.0.0.0/16
th m
e .co
5. Keep all the other options default and click Create VCN.
us ail
to gm
Note: You can see that the VCN is created successfully.

se @
Click FRA-AA-LAB09-1-VCN-01 to view the details and click Create Subnet.

en iar
6.
lic agu

ee
• Name: FRA-AA-LAB09-1-SNET-01
im
(ja

iar
• Subnet Type: Regional

u
ag
• IPv4 CIDR Blocks: 10.0.1.0/24

e
m
• Subnet Access: Public Subnet

jai
8. Keep all the other options default and click Create Subnet.
9. Under Resources in the left navigation panel, click Internet Gateways.

10. Click Create Internet Gateway and populate the following information:
• Name: FRA-AA-LAB09-1-IG-01
You can see that the internet gateway is created successfully, and the state is Available.
ble
ra
12. Under Resources in the left navigation panel, click Route Tables.
fe
ns
tra
14. Click Add Route Rules and populate the following information:
n-
. no
• Target Type: Internet Gateway
ide s a
• Destination CIDR Block: 0.0.0.0/0
Gu ha
is )
th m
• Target Internet Gateway: FRA-AA-LAB09-1-IG-01
e .co

us ail
to gm
16. Using the breadcrumb list at the top of the screen, return to the VCN page by selecting
se @
FRA-AA-LAB09-1-VCN-01.
en iar
17. Under Resources in the left navigation panel, click Security Lists.
lic agu

ee
im
19. Click Add Ingress Rule and populate the following information:
(ja
iar
• Source Type: CIDR

u
ag
• Source CIDR: 0.0.0.0/0

e
m
• IP Protocol: TCP
jai
• Source Port Range: All
Note: Do not select Stateless.

Create a Load Balancer
The Oracle Cloud Infrastructure (OCI) Load Balancer provides automated traffic distribution
from one entry point to multiple servers reachable from your VCN. A load balancer improves
resource utilization, facilitates scaling, and helps ensure high availability.
In this practice, you will create a public load balancer.
ble
Tasks
ra
fe
1. From the navigation menu, under Networking, select Load Balancers.
ns
tra
2. Click Create Load Balancer.
n-
. no
3. Select Load Balancer Type as Load Balancer and click Create Load Balancer.
ide s a
4. In the Add Details section, populate the following information:
Gu ha
• Load Balancer Name: FRA-AA-LAB09-1-LB-01
is )
th m
e .co
• Choose visibility type: Public

us ail
• Assign a public IP address: Ephemeral IP Address

to gm
se @
• Shapes: Flexible Shapes

en iar
• Choose the minimum bandwidth: 10

lic agu
• Choose the maximum bandwidth: 20

ee
im
• Virtual Cloud Network in <your compartment>: FRA-AA-LAB09-1-VCN-01

(ja
Subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01 (regional)

iar
•
u
ag
5. Click Next.
e
In the Choose Backends section, select Weighted Round Robin in the Specify a Load
m
6.
jai
Balancing Policy field.
Note: Do not click Add Backends and keep the Specify Health Check Policy field default.
7. Click Show Advanced Options and enter FRA-AA-LAB09-1-LB-BS-01 in the Backend

Set Name field.

8. Click Next.
9. In the Configure Listener section, populate the following information:
• Listener Name: FRA-AA-LAB09-1-LB-LS-01
• Specify the type of traffic your listener handles: HTTP
• Specify the port your listener monitors for ingress traffic: 80
ble
ra
10. Click Next.
fe
ns
11. In the Manage Logging section, disable Error Logs and Access Logs.
tra
n-
12. Click Submit.
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a Compute Instance and a Custom Image
In this practice, you will create SSH keys, launch a compute instance, install Apache HTTP
server, and create a custom image.
Tasks
1. Click the Cloud Shell icon in the console header next to the Region icon.
ble
ra
2. After the Cloud Shell has started, run the following command:
fe
$ mkdir .ssh
ns
tra
Important: In case you get an error that says, “cannot create director: File exists”, you can
n-
skip running the first command.
. no
$ cd .ssh
ide s a
Gu ha
Replace <sshkeyname> with ociaalab9key. Select the key name you can remember.
This will be the key name you will use to connect to the compute instance you create.
is )
th m
e .co
Remember:
us ail
to gm
• After entering the third command, press Enter twice for no passphrase.
se @
• Do not include the angle brackets «» and $ symbol when pasting code into Cloud
en iar
Shell.
lic agu
ee
$ ls
im
(ja
Note: In the output there are two files, a private key: <sshkeyname> and a public
key: <sshkeyname>.pub. Keep the private key safe and don’t share its content with
iar
u
ag
e
m
4. To list the contents of the public key, run the following command:
jai
Replace <<sshkeyname>> with ociaalab9key.
5. Copy the contents of the public key as you will need this in a subsequent step. Make sure
that you remove any hard returns that may have been added when copying. The .pub
key should be one line.

6. From the navigation menu, under Compute, click Instances.
7. Click Create instance and populate the following information:
• Name: FRA-AA-LAB09-1-VM-01
• Create in compartment: <your compartment>
• Availability Domain: AD 1
ble
ra
fe
ns
• Image: Oracle Linux 8
tra
Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
n-
•
. no
• Primary Network: Select existing virtual cloud network.
ide s a
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
Gu ha
is )
th m
• Subnet: Select existing subnet.
e .co
• Subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01 (regional)

us ail
to gm
• Public IP address: Assign a public IPv4 address.

se @
• Add SSH keys: Paste public keys.

en iar
lic agu
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
ee
8. Keep the Boot Volume default and click Create.

im
(ja
Note: In a couple of minutes, you will see that the Instance is created successfully, and the
state is Running.
u iar
ag
9. Open Cloud Shell and log in to your instance by running the following command:
e
m
jai
Remember:
• <private_key_file> is the full path and name of the file that contains the private
key associated with the instance you want to access.
• <username> is the default user opc.

• <public-ip-address> is the public IP address of the instance.
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”.
10. While connected to your Compute instance via SSH, run the following commands:
• Install Apache http:

$ sudo yum install httpd -y
ble
• Start the Apache server and configure it to start after system:
ra
$ sudo apachectl start
fe
ns
$ sudo systemctl enable httpd
tra
• Run a quick check on Apache configurations:
n-
$ sudo apachectl configtest
. no
• Create firewall rules to allow access to the ports on which the HTTP server listens:
ide s a
$ sudo firewall-cmd --permanent --zone=public --add-service=http
Gu ha
$ sudo firewall-cmd --reload
is )
th m
• Create an index file for your web server:
e .co
$ sudo bash -c 'echo $(hostname) >> /var/www/html/index.html'

us ail
to gm
11. Now that you have a compute instance and Apache web server installed, you need to
create a custom image from it.
se @
en iar
12. From the navigation menu, under Compute, select Instances.

lic agu
13. Click the FRA-AA-LAB09-1-VM-01 instance.

ee
im
14. From the More Actions drop-down list, select Create custom image.
(ja
15. In the Create custom image dialog box, populate the following information:
uiar

ag
e
• Name: FRA-AA-LAB09-1-CIM-01
m
jai
16. Click Create custom image.
Note: Now, you need to create a new compute instance based on the custom image. Once
the custom image has been successfully created, you have to delete the instance FRA-
AA-LAB09-1-VM-01 as it is no longer required.

18. Click Create instance and populate the following information:
• Name: FRA-AA-LAB09-1-VM-02
• Availability Domain: AD 1
ble
ra
• Image: FRA-AA-LAB09-1-CIM-01
fe
ns
Note: To select the custom image, click Change image and select Custom images in
tra
the Image source field. Select <your compartment> in the Compartment field. Then,
n-
select the custom image you just created from the list.
. no
• Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
ide s a
Gu ha
• Primary Network: Select existing virtual cloud network.
is )
th m
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
e .co
• Subnet: Select an existing subnet.

us ail
to gm
• Subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01 (regional)

se @
en iar
• Public IP address: Assign a public IPv4 address.

lic agu
• Add SSH keys: Paste public keys.

ee
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
im
(ja
19. Keep the Boot Volume default and click Create.

u iar
ag
e
m
jai

Create an Instance Configuration
The instance configurations let you define the settings to use when creating compute
instances.
In this practice, you will create an instance configuration and subsequently use it to create one
or more instances in an instance pool.
ble
Tasks
ra
fe
ns
tra
2. Click FRA-AA-LAB09-1-VM-02 (the instance of an image you want to use as a template
n-
to create the instance configuration).
. no
3. From the More Actions drop-down list, select Create instance configuration.
ide s a
Gu ha
4. In the Create instance configuration dialog box, populate the following information:
is )
th m
e .co
• Name: FRA-AA-LAB09-1-INST-CF-01
us ail
to gm
5. Click Create instance configuration.

se @
en iar
Note: You will see that the instance configuration is created successfully.
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create an Instance Pool
The instance pools let you create and manage multiple compute instances within the same
region as a group. Before you create an instance pool, you need an instance configuration and
optionally a load balancer and back-end set.
In this practice, you will create an instance pool.
ble
Tasks
ra
fe
1. From the navigation menu, under Compute, select Instance Pools.
ns
tra
2. Click Create instance pool.
n-
. no
3. In the Add basic details section, populate the following information:
ide s a
• Name: FRA-AA-LAB09-1-INST-PL-01
Gu ha
is )
th m
e .co
• Instance configuration in <your compartment>: FRA-AA-LAB09-1-INST-CF-01

us ail
• Number of instances: 2
to gm
se @
4. Click Next.
en iar
5. In the Configure pool placement section, you will select the location where you want to
lic agu
place the instances. Populate the following information:

ee
• Availability domain: AD 1
im
(ja
• Select a virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01

iar
• Select a subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01

u
ag
Note: You can leave the Fault domains field blank.

e
m
jai
6. To create instances in more than one availability domain, click + Another availability
domain and populate the following information:
• Availability domain: AD 2
• Select a virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01

• Select a subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01
Note: You can leave the Fault domains field blank.
7. Select the Attach a load balancer check box and populate the following information:
• Load balancer type: Load Balancer
• Load balancer in <your compartment>: FRA-AA-LAB09-1-LB-01
ble
ra
• Backend set: FRA-AA-LAB09-1-LB-BS-01
fe
ns
• Port: 80
tra
n-
Note: This field is the server port on the instances to which the load balancer must
. no
direct traffic.
ide s a
• VNIC: Primary VNIC
Gu ha
8. Click Next. is )
th m
e .co
9. Review the instance pool details and click Create.

us ail
Note: You will see that the instance pool creation is successful.
to gm
se @
10. Under Resources in the left navigation panel, click Attached instances. You should see
en iar
two instances in the Running state.

lic agu
ee
im
(ja
uiar
ag
e
m
jai

Create a Metric-Based Autoscaling Configuration
In metric-based autoscaling, you select a performance metric to monitor, and set thresholds
that the performance metric must reach to trigger an autoscaling event. When system usage
meets a threshold, autoscaling dynamically resizes the instance pool in near-real time. As load
increases, the pool scales out. As load decreases, the pool scales in.
In this practice, you will create a metric-based autoscaling configuration.
ble
ra
Tasks
fe
ns
1. From the navigation menu, under Compute, click Autoscaling Configurations.
tra
n-
2. Click Create autoscaling configuration.
. no
3. In the Add basic details section, populate the following information:
ide s a
Gu ha
• Name: FRA-AA-LAB09-1-AS-CF-01
is )
th m
e .co
• Instance Pool: FRA-AA-LAB09-1-INST-PL-01

us ail
to gm
4. Click Next.
se @
en iar
5. In the Configure autoscaling policy section, select Metric-based autoscaling. Then

lic agu
populate the following information:

ee
• Autoscaling policy name: FRA-AA-LAB09-1-AS-POL-01

im
• Cooldown in seconds: 300

(ja
iar
• Performance metric: CPU utilization

u
ag
6. In the Scale-out rule subsection, populate the following information:

e
m
• Scale-out operator: Greater than (>)

jai
• Threshold percentage: 70
• Number of instances to add: 1

7. In the Scale-in rule subsection, populate the following information:
• Scale-in operator: Less than (<)
• Threshold percentage: 20
• Number of instances to remove: 1
8. In the Scaling limits subsection, populate the following information:
ble
ra
• Minimum number of instances: 1
fe
ns
• Maximum number of instances: 3
tra
n-
• Initial number of instances: 2
. no
9. Click Next.
ide s a
Gu ha
10. Review the autoscaling configuration and click Create.
is )
th m
Note: You will see that the autoscaling configuration is created successfully and the state
e .co
is Enabled.
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Test Autoscaling
In the metric-based autoscaling, you choose a performance metric to monitor, and set
thresholds that the performance metric must reach to trigger an autoscaling event. When
system usage meets a threshold, autoscaling dynamically resizes the instance pool in
near-real time. As load increases, the pool scales out. As load decreases, the pool scales in.
In this practice, you will test a metric-based autoscaling configuration.
ble
ra
Tasks
fe
ns
tra
n-
2. Click FRA-AA-LAB09-1-INST-PL-01.
. no
3. Under Resources in the left navigation panel, click Attached instances.
ide s a
Gu ha
Note: After a few minutes, you will notice that one of the instances is terminated due to
the scale-in rule you defined. Please note that initially two instances were in Running
is )
th m
state.
e .co
us ail
Note: You might have to wait for a couple of minutes before the scale in occurs.
to gm
4. Click the instance. (You will see only one instance here.)
se @
en iar
5. Open Cloud Shell and use SSH to log in to your instance by running the following
lic agu
command:
ee
im
Remember:
(ja
• <private_key_file> is the full path and name of the file that contains the private
iar

u
ag
• <username> is the default user opc.

e
m
• <public-ip-address> is the public IP address of the instance.

jai
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”
6. To install the stress package, run the following command:

$ sudo dnf makecache
$ sudo dnf install stress-ng-0.14.00-1.el8.aarch64

7. To generate stress, run the following command:
$ stress-ng --cpu 2 -t 5m
9. Click FRA-AA-LAB09-1-INST-PL-01.
10. Under Resources in the left navigation panel, click Attached instances.
ble
Note: After a few minutes, you will notice that one of the instances will be added to the
ra
instance pool due to the scale-out rule you defined.
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 10-1 Practices
. no
n-
tra
ns
fe
ra
ble
Object Storage: Create and
Manage OCI Object Storage
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage provides unlimited capacity with high
durability and scalability. It is highly reliable and cost efficient. The object storage resources
include namespace, bucket, and object.
ble
The Object Storage is characterized with strong consistency and security with encryption. By
ra
creating unlimited buckets, you can add as many objects as required with a maximum of 10TiB
fe
per object. In this lab, you will work on buckets, object versioning, object lifecycle
ns
management, replication policy, and retention rule.
tra
n-
. no
• Create an object storage bucket
ide s a
• Upload an object to a bucket
Gu ha
• Configure a lifecycle policy rule for the bucket
is )
th m
• Create a replication policy for the bucket
e .co
• Create a retention rule for the bucket

us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
114 Object Storage: Create and Manage OCI Object Storage

jai
m
e
ag
uiar
(ja
im
ee
lic agu
Object Storage: Create and Manage OCI Object Storage

en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
115
116
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
Object Storage: Create and Manage OCI Object Storage

Create an Object Storage Bucket
In this practice, you will create an Object Storage bucket.
Select the region available in the tenancy allotted to you. In this lab, we will use Germany
Central (Frankfurt) as our region.
If you are not in the Germany Central (Frankfurt) region, specify the correct region key
ble
corresponding to your region in place of FRA. Visit Regions and Availability Domains
ra
(oracle.com) for information about the region key.
fe
ns
Tasks
tra
n-
1. Sign in to your Oracle Cloud Infrastructure (OCI) account.
. no
2. From the Main Menu, select Storage.
ide s a
Gu ha
3. Under Object Storage and Archive Storage, click Buckets.
is )
th m
4. From the left navigation panel, select the compartment in which you have permission to
e .co
work. Then the page updates to display only the resources in that compartment.
us ail
Click Create Bucket.

to gm
5.
se @
6. In the Create Bucket dialog box, specify the following attributes of the bucket:
en iar
▪ Bucket Name: Enter FRA-AA-LAB10-1-BKT-01-xxx as the name for the bucket.

lic agu
Specify a random number in place of xxx to make it unique.

ee
im
▪ Default Storage Tier: Select the default tier in which you want to store the data. After
(ja
it is set, you cannot change the default storage tier of a bucket. When you upload
objects, this tier will be selected by default. You can, however, select a different tier. In
iar
this case, select Standard, which is the primary and default storage tier used for the
u
ag
Object Storage.
e
▪ Enable Auto-Tiering: Auto-Tiering helps you automatically move objects between

m
jai
Standard and Infrequent Access tiers based on their access patterns. Do not enable this
field now.
▪ Enable Object Versioning: Versioning directs object storage to automatically create an

object version each time a new object is uploaded, an existing object is overwritten, or
when an object is deleted. You can enable it while creating a bucket or later. Do not
enable this field now.
Object Storage: Create and Manage OCI Object Storage 117

▪ Emit Object Events: Emit Object Events lets the bucket to emit events for object state
changes. Do not select this field now.
▪ Encryption: Buckets are encrypted with keys managed by Oracle by default, but you
can optionally encrypt the data in this bucket using your own vault encryption key.
Select the Encrypt using Oracle managed keys option.
▪ Tags: If you have permissions to create a resource, then you also have permissions to
ble
apply free-form tags to that resource. Skip this option. You can always apply tags later.
ra
Click Create.
fe
7.
ns
The bucket is created immediately, and you can add objects to it.
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Upload an Object to a Bucket
In this practice, you will upload an object to your bucket. Object Storage supports uploading
individual files up to 10 TiB.
Before you upload an object to a bucket, you must have a bucket. In this case, you will use the
bucket that is created from the previous practice.
ble
Tasks
ra
fe
1. In the Main Menu, navigate to Storage, and then select Buckets.
ns
tra
2. Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
n-
. no
3. Under Objects, click Upload.
ide s a
4. In the Object Name Prefix field, enter the file name prefix oci/ for the files you plan to
Gu ha
upload. This step is optional.
is )
th m
5. The Storage Tier field is populated as Standard. You can optionally change the storage
e .co
tier (to Infrequent Access or Archive) to upload objects. In this case, keep it as Standard.
us ail
Select the objects to upload (browse any object from your local machine) by using one of
to gm
6.
the following options:
se @
en iar
▪ Drag files from your computer into the Drop files here... section.
lic agu
▪ Click the Select Files link to display a file selection dialog box.
ee
im
As you select files to upload, they are displayed in a scrolling list. If you decide that you
(ja
do not want to upload a file that you have selected, click X to the right of the file name.
iar
If selected files to upload and files already stored in the bucket have the same name,
u
warning messages to overwrite are displayed.

ag
e
7. Click Upload.
m
jai
The selected objects are uploaded. Click Close to return to the bucket.

Configure a Lifecycle Policy Rules for the Bucket
In this practice, you will use Object Lifecycle Management to manage the object storage data.
You will define a rule that automatically moves standard tier objects to the archive tier 90 days
after creation or last update.
Before you configure a lifecycle policy rule for the bucket, you must have a bucket.
ble
Tasks
ra
fe
1. In the Main Menu, navigate to Storage, then Buckets.
ns
tra
2. Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
n-
. no
3. Under Resources in the left navigation panel, click Lifecycle Policy Rules to access the
lifecycle policy rule list.
ide s a
Gu ha
4. Click Create Rule.
is )
th m
The Console checks the IAM policies that are in place to ensure policy rule creation
e .co
success.
us ail
Provide the following information:

to gm
5.
se @
▪ Name: The system generates a default rule name that reflects the current year, month,
en iar
day, and time. In this case, enter FRA-AA-LAB10-1-LPR-01 as the name.

lic agu
▪ Target: Select the target to which the lifecycle rule applies. In this case, select Objects.
ee
im
▪ Lifecycle Action: If the rule target is Objects, you will get three options: Move to
(ja
Archive, Move to Infrequent Access, and Delete. In this case, select Move to Archive.
iar
▪ Number of Days: This field implies the number of days until the specified action is
u
taken. In this case, enter 90 days.

ag
e
Note: Values in the Name and Target fields are required.

m
jai

6. Use Object Name Filters to specify the object where the lifecycle rule applies.
You can choose objects using prefixes and pattern matching. If no name filter is specified,
the rule applies to all objects in the bucket.
To create an object name filter:
▪ Click Add Filter.
ble
▪ Select the Filter Type - Include by prefix.
ra
fe
▪ Enter the Filter Value - oci/.
ns
tra
7. Select whether the rule is enabled or disabled upon creation using the State selector. In
n-
this case, ensure that the State is Enabled.
. no
Click Create.
ide s a
8.
Gu ha
The lifecycle policy rule is successfully configured for this bucket.
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a Replication Policy for the Bucket
In this practice, you will create a replication policy to replicate objects in one bucket to another
in a different region.
Before you configure a replication policy for the bucket, you must have two buckets in two
different regions.
ble
Please note that in our case Germany Central (Frankfurt) is the source region and we have
ra
selected US West (Phoenix) as the target region.
fe
ns
tra
n-
. no
Tasks
ide s a
1. As a first step, you will create a destination bucket in the destination region. To do this:
Gu ha
▪ In the console ribbon at the top of the screen, click the Region icon to expand the menu
is )
th m
and select destination region US West (Phoenix) - PHX.
e .co
us ail
▪ Create a destination bucket named PHX-AA-LAB10-1-BKT-02-xxx (specify a random

to gm
number in place of xxx to make it unique) using the Create an Object Storage bucket
practice instructions.
se @
en iar
lic agu
Select Germany Central (Frankfurt).

ee

im
(ja
4. On the Buckets screen, click the bucket name FRA-AA-LAB10-1-BKT-01-xxx to view its
details.
uiar
ag
5. Under Resources in the left navigation panel, click Replication Policy to access the
replication policy list.
e
m
jai
The Console checks the IAM policies that are in place to ensure replication policy creation
success.

7. In the Create Replication Policy dialog box, enter the following:
▪ Name: The system generates a default policy name that reflects the current year,
month, day, and time. Enter FRA-AA-LAB10-1-RP-01 as the name.
▪ Destination Region: This refers to the OCI region containing the destination bucket
that you want to replicate to. Your tenancy must be subscribed to a region for you to
replicate to that region. In this case, select US West (Phoenix).
ble
▪ Destination Bucket: This refers to the name of the destination bucket for replication.
ra
Select the PHX-AA-LAB10-1-BKT-02-xxx bucket that is created in the destination
fe
ns
region. Please note that the replication cannot automatically create the bucket.
tra
Note: Entry in the Name and Destination Region fields are required.
n-
. no
8. Click Create.
ide s a
After the policy is created, Replication: Source is added to the Bucket Information tab.
Gu ha
The objects uploaded to the source bucket after policy creation are asynchronously
is )
th m
replicated to the destination bucket.
e .co
Navigate back to the Buckets screen and click the bucket FRA-AA-LAB10-1-BKT-01-xxx.
us ail
9.
Upload another object using Upload Objects to a Bucket practice instruction.
to gm
se @
10. Navigate to the destination region using the region menu. In this case, it’s Phoenix and
en iar
click the bucket name PHX-AA-LAB10-1-BKT-02-xxx.

lic agu
11. Validate that the uploaded object to the source bucket FRA-AA-LAB10-1-BKT-01-xxx is
ee
asynchronously replicated to the destination bucket PHX-AA-LAB10-1-BKT-02-xxx.

im
(ja
u iar
ag
e
m
jai

Create a Retention Rule for the Bucket
In this practice, you will create a time-bound retention rule to protect your data from
accidental or malicious update, overwrite, or deletion.
Before you configure a retention rule for the bucket, you must have a bucket.
Tasks
ble
ra
fe
ns
2. In the Console ribbon at the top of the screen, ensure you are in the correct region,
tra
n-
. no
3. Click the bucket name FRA-AA-LAB10-1-BKT-01-xxx created earlier to view its details.
ide s a
4. Under Resources in the left navigation panel, click Retention Rules to access the
Gu ha
retention rule list.
is )
th m
5. Click Create Rule.
e .co
In the Create Retention Rule dialog box, enter FRA-AA-LAB10-1-RR-01 as the name.
us ail
6.
to gm
7. Select Retention Rule Type that you want to create:

se @
en iar
▪ Time-Bound: These rules have a user-defined duration. The object modification is

lic agu
prevented for the duration specified. The duration is applied to each object
individually and is based on the object's Last Modified timestamp.
ee
im
▪ Indefinite: These rules have no duration or expiration. The object modification is

(ja
prevented until an indefinite rule is deleted.

iar
In this case, select Time-Bound retention rule type.

u
ag
8. Enter the following retention rule duration attributes:

e
▪ Retention Time Amount: 1

m
jai
▪ Retention Time Unit: Years
The retention duration that you specify is applied to each object individually and is based
on the object's Last Modified timestamp.

9. Do not select Enable Retention Rule Lock. When a rule is locked, only an increase in the
retention duration is allowed and the rule can be deleted only by deleting the bucket. A
bucket must be empty to be deleted.
10. Click Create.
11. Under Resources in the left navigation panel, click Objects.
ble
12. Next, try deleting one of the objects uploaded in the earlier steps. To do this, click the
ellipsis icon corresponding to an object and click Delete.
ra
fe
13. Click Delete.
ns
tra
You will notice that the delete was unsuccessful. This is because if you have active
n-
retention rules, the actions that you can perform on a bucket are limited. You cannot
. no
update, overwrite, or delete objects or object metadata, or delete the bucket until the
ide s a
retention duration expires or the retention rule is deleted.
Gu ha
14. Click Cancel. is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 11-1 Practices
. no
n-
tra
ns
fe
(Using Cloud Shell)
ra
ble
Object Storage: Perform
Multipart Upload Using CLI
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage supports multipart uploads for more
efficient and resilient uploads, especially for large objects. With multipart uploads, the
individual parts of an object can be uploaded in parallel to reduce the amount of time you
ble
spend uploading. In this lab, you will perform a multipart upload on the Command Line
Interface (CLI) using Cloud Shell.
ra
fe
ns
tra
• Access Cloud Shell via the Console
n-
. no
• Create a standard default storage tier bucket using CLI (Cloud Shell)
ide s a
• Upload a file (larger than 100 MiB) to Cloud Shell
•
Gu ha
Perform a multipart upload using the CLI (Cloud Shell)
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) 127
128
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Access Cloud Shell via the Console
The OCI Cloud Shell is a web browser–based terminal accessible from the Console. It provides
access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
ble
ra
fe
ns
tra
Select Germany Central (Frankfurt) as the region.
n-
. no
3. Click the Cloud Shell icon next to the Region selection menu in the console header.
ide s a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu ha
selected when the Cloud Shell starts.
is )
th m
4. Now, the Cloud Shell is displayed in a "drawer" at the bottom of the Console.
e .co
You can use the icons in the upper-right corner of the Cloud Shell window to minimize,
us ail
5.
maximize, and close your Cloud Shell session.
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Create a Standard Default Storage Tier Bucket Using CLI
(Cloud Shell)
In the OCI Object Storage, a bucket is a container for storing objects in a compartment within
an object storage namespace.
In this practice, you will create a standard default storage tier bucket using the CLI.
ble
Tasks
ra
fe
Ensure that the Cloud Shell session is running.
ns
1.
tra
2. Run the following command to get your object storage namespace:
n-
. no
$ oci os ns get
ide s a
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
Gu ha
Your object storage namespace is returned. Please make a note of it as you will be using it
is )
th m
in the subsequent task.
e .co
Run the following command to get the OCID of the compartment. Replace <compartment-
us ail
3.
to gm
name> with the compartment name assigned to you.

se @
$ oci iam compartment list --name <compartment-name>

en iar
Make note of the value corresponding to the “id” (without the ditto/quotation mark). You
lic agu
will use this in the subsequent task. The following is an example of how it looks:
ee
im
"id": "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(ja
4. Create a bucket by using the following command.

iar
$ oci os bucket create --namespace <object_storage_namespace> --

u
ag
name <bucket_name> --compartment-id <target_compartment_id>

e
m
▪ Replace <object_storage_namespace> with the name returned in Step 2.

jai
▪ Replace <bucket_name> with FRA-AA-LAB11-1-BKT-01-xxx. Specify a random

number in place of xxx to make it unique.
▪ Replace <target_compartment_id> with the compartment ID returned in Step 3.
A standard tier bucket is created immediately.
130 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Upload a File (Larger than 100 MiB) to Cloud Shell
In this practice, you will transfer a file larger than 100 MiB (~105 MB) from your local machine
to the Cloud Shell.
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
ble
ra
2. In the Cloud Shell window, click the Cloud Shell Menu icon at the top-right corner and
fe
select Upload. The File Upload to your Home Directory dialog box appears.
ns
tra
3. Drag and drop a file or click Select from your computer.
n-
. no
Note: The File Transfer dialog box supports selecting only one file at a time to transfer.
Select any file larger than 100 MiB.
ide s a
Gu ha
Tip: You can optionally download a sample file which is around 247 MB from the
following link. is )
th m
e .co
https://yum.oracle.com/ISOS/OracleLinux/OL6/u8/x86_64/x86_64-boot-uek.iso
us ail
Click Upload.
to gm
4.
se @
5. Wait for the file transfer to finish. The file transfers that are in-process are shown with a
en iar
progress bar and the completed file transfers are shown with a green check mark.
lic agu
6. After the file transfer is complete, you can hide the File Transfer dialog box by
clicking Hide.
ee
im
(ja
u iar
ag
e
m
jai
Perform a Multipart Upload Using the CLI (Cloud Shell)
In this practice, you will perform a multipart upload by using the CLI (Cloud Shell).
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
ble
2. To perform a multipart upload of an object, run the following command in Cloud Shell:
ra
$ oci os object put --namespace <object_storage_namespace> --
fe
bucket-name <bucket_name> --file <file_location> --name
ns
<object_name> --part-size <upload_part_size_in_MB> --parallel-
upload-count <maximum_number_parallel_uploads>
tra
n-
▪ Replace <object_storage_namespace> with the name returned in Step 2 of Create
. no
a Standard default storage tier bucket using CLI (Cloud Shell).
ide s a
▪ Replace <bucket_name> with FRA-AA-LAB11-1-BKT-01-xxx that was created earlier.
Gu ha
▪ Replace <file_location> with the path to the downloaded file that you uploaded to
is )
th m
the Cloud Shell.
e .co
▪ Replace <object_name> with FRA-AA-LAB11-1-OBJ-01.

us ail
to gm
▪ The --part-size value represents the size of each part in mebibytes (MiBs). It must
be an integer. Replace <upload part size in MB> with 20.
se @
en iar
▪ Optionally, you can use the --parallel-upload-count flag to set the maximum
lic agu
number of parallel uploads allowed. By default, the CLI limits the number of parts that
can be uploaded in parallel to three. In this case, replace
ee
<maximum_number_parallel_uploads> with 5.
im
(ja
3. You specify the part size of your choice, and the object storage splits the object into parts
iar
and performs the upload of all parts automatically. You will see that the uploading object
u
operation is 100% complete. When using the CLI, you do not have to perform a commit
ag
when the upload is complete.

e
From the Main Menu, select Storage. Under Object Storage & Archive Storage, click
m
4.
jai
Buckets.
5. From the Buckets screen, click the bucket name FRA-AA-LAB11-1-BKT-01-xxx to view its
details.
6. Under Objects, validate that the object FRA-AA-LAB11-1-OBJ-01 is present.
132 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
jai
m
e
ag
uiar
(ja
im
Create, Attach, Detach, and Resize a Block Volume

ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 12-1 Practices
. no
Block Volume
n-
tra
ns
fe
ra
ble
Block Storage: Create,
Attach, Detach, and Resize a
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes. You can create, attach, connect, and move volumes, as well as
change volume performance, as needed, to meet your storage, performance, and application
ble
requirements.
ra
fe
ns
a. Create a Virtual Cloud Network and its components
tra
n-
b. Create a VM instance
. no
c. Create a block volume
ide s a
Gu ha
d. Attach a block volume to a compute instance
is )
th m
e. Resize a block volume
e .co
Detach a block volume

us ail
f.
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
134 Block Storage: Create, Attach, Detach, and Resize a Block Volume
jai
m
Assumptions
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
Block Storage: Create, Attach, Detach, and Resize a Block Volume

us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
In this lab, we consider Germany Central (Frankfurt) as your region.
fe
ra
ble
135
In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, and
Internet Gateway, and add route rules in the Route Table.
Tasks
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console.
ble
ra
fe
ns
tra
n-
. no
a. Name: Enter FRA-AA-LAB12-1-VCN-01.
ide s a
b. Create in Compartment: Select the <compartment name> assigned to you.
Gu ha
IPv4 CIDR Blocks: Type 10.0.0.0/16 and press Enter on your keyboard to add.
c. is )
th m
e .co
Note: You can leave all the other options as default.

us ail
5. Click Create VCN. The VCN is now created successfully.

to gm
Click Create Subnet.

se @
6.
en iar
7. In the Create Subnet dialog box, enter the following:

lic agu
Name: Enter FRA-AA-LAB12-1-SNET-01.

ee
a.
im

(ja
Subnet Type: Select Regional.

iar
c.
u
ag
d. IPv4 CIDR Blocks: Enter 10.0.1.0/24.

e
Subnet Access: Select Public Subnet.

m
e.
jai
8. Click Create Subnet. The subnet is now created successfully, and the state is Available.
9. In the left navigation pane, under Resources, click Internet Gateways.
a. Name: Enter FRA-AA-LAB12-1-IG-01.
12. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
state is Available.
ble
13. In the left navigation pane, under Resources, click Route Tables.
ra
fe
ns
tra
15. Click Add Route Rules and enter the following:
n-
Target Type: Select Internet Gateway from the drop-down list.
. no
a.
ide s a
b. Destination CIDR Block: Enter 0.0.0.0/0.
Gu ha
c. Target Internet Gateway: Select FRA-AA-LAB12-1-IG-01 from the drop-down list.
is )
th m
e .co
16. Click Add Route Rules. The route rule is now successfully added to the default Route
Table.
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Block Storage: Create, Attach, Detach, and Resize a Block Volume 137
Create a VM Instance
In this practice, you will learn how to create SSH keys using Cloud Shell and how to launch an
instance.
Tasks
ble
ra
2. In the console ribbon at the top of the screen, click the Cloud Shell icon next to the
fe
Region selection menu.
ns
tra
3. Once the Cloud Shell is ready, enter the following commands:
n-
. no
$ mkdir .ssh
ide s a
▪ Important: In case you get an error “Cannot create directory: File exists,” you can skip
running this first command.
Gu ha
is )
th m
$ cd .ssh
e .co

us ail
to gm
▪ Remember: After entering this third command, press Enter twice for no passphrase.
se @
Note: Replace <<sshkeyname>> with cloudshellkey. Choose the key name you can
en iar
lic agu
create.
ee
Reminder: The angle brackets «» should not appear in your code.

im
(ja
iar
u
ag
$ ls
e
m
jai
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
systems, as well as copied and pasted to facilitate secure communications in the cloud.
5. To list the contents of the public key, use the following command:
Note: Replace <<sshkeyname>> with cloudshellkey.
ble
ra
fe
ns
7. From the Main Menu, select Compute. Under Compute, click Instances.
tra
n-
8. Click Create instance and enter the following:
. no
a. Name: Enter FRA-AA-LAB12-1-VM-01.
ide s a
Gu ha
b. Create in compartment: Select the <compartment name> assigned to you.
is )
th m
c. Placement: Select Availability Domain AD1. Click Show advanced options and select
e .co
On-demand capacity from the Capacity type menu.

us ail
Image and shape: Choose the image Oracle Linux 8 and shape
to gm
d.
VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere].
se @
en iar
e. Networking: Select the existing virtual cloud network FRA-AA-LAB12-1-VCN-01 and

lic agu
existing subnet FRA-AA-LAB12-1-SNET-01 (regional). Under Public IP address,

select Assign a public IPv4 address.
ee
im
f. Add SSH keys: Select Paste public keys and paste the contents of the public key,
(ja
which you copied in Step 6, in the box.

iar
g. Boot volume: Keep the default selection.

u
ag
9. Click Create.
e
m
Note: After a couple of minutes, you see that the Instance is successfully created and the
jai
state is Running.
10. Under Instance access, copy the Public IP address.
11. Click the Cloud Shell icon to open Cloud Shell, and use SSH to connect to your instance
by using the following command:
Reminders:
ble
▪ <private_key_file> is the full path and name of the file that contains the private
ra
fe
ns
▪ <username> is the default user opc.
tra
n-
▪ <public-ip-address> is the Public IP address of the instance.
. no
ide s a
Gu ha
12. You are now connected to the Instance FRA-AA-LAB12-1-VM-01. Run the following
is )
command to display information about the block devices:
th m
e .co
$ lsblk
us ail
to gm
Note: You will only see the boot disk sda.

se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Create a Block Volume
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes.
In this practice, you will learn how to create a block volume.
Tasks
ble
ra
fe
ns
2. Open the Main Menu and click Storage. Under Block Storage, click Block Volumes.
tra
3. Click Create Block Volume.
n-
. no
4. Fill in the required volume information:
ide s a
a. Name: Enter FRA-AA-LAB12-1-BV-01.
Gu ha
is )
th m
e .co
c. Availability Domain: Select the first availability domain.

us ail
d. Volume Size and Performance: Select Custom and specify the following:
to gm
Volume Size (in GB): Enter 512.

se @
1)
en iar
2) Target Volume Performance: Drag the VPUs/GB slider to the left to make the
lic agu
performance Lower Cost.

ee
e. Backup Policies: Do not specify any policy.

im
(ja
f. Cross Region Replication: Keep the OFF default selection.

iar
g. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

u
ag
5. Click Create Block Volume. You now see that the Block Volume state becomes Available.
e
m
jai
Attach a Block Volume to a Compute Instance
You can create, attach, connect, and move volumes. You can also change volume
performance, as needed, to meet your storage, performance, and application requirements.
After you attach and connect a volume to an instance, you can use the volume like a regular
hard drive.
In this practice, you’ll learn how to attach a block volume to a compute instance and perform
ble
various configuration tasks on the attached volume.
ra
fe
Tasks
ns
tra
1. Open the Main Menu and click Compute. Under Compute, click Instances.
n-
. no
2. In the Instances list, click the instance FRA-AA-LAB12-1-VM-01.
ide s a
3. In the left navigation pane, under Resources, click Attached block volumes.
Click Attach block volume.

Gu ha
4. is )
th m
e .co
5. Specify the volume you want to attach to. For example, to use the volume name,
us ail
choose Select volume, and then select the volume FRA-AA-LAB12-1-BV-01 from
to gm
the Volume drop-down list.

se @
6. If the instance supports consistent device paths, and the volume you are attaching is not a
en iar
boot volume, select the path /dev/oracleoci/oraclevdb from the Device path
lic agu
drop-down list. This enables you to specify a device path for the volume attachment that
remains consistent between instance reboots.
ee
im
7. In the Attachment type section, select Paravirtualized.

(ja
Note: After you attach a volume using the Paravirtualized attachment type, it is ready to
iar
use, and you do not need to run any additional commands.

u
ag
8. In the Access section, select Read/Write.

e
m
jai
Note: This is the default option for volume attachments and, with this option, an instance
can read and write data to the volume.
9. Click Attach. You now see the state as Attached and, since the attachment type
is Paravirtualized, you can use the volume without running any additional commands.
10. Ensure that you are connected to the Instance FRA-AA-LAB12-1-VM-01.
Note: For help with this, refer to Step 11 in the Create a VM Instance practice.
11. Run the following command to display information about the block devices:
$ lsblk
Note: You now see that the system recognizes a new disk device, and the size is 512 GB.
ble
ra
12. To verify that the volume is attached to the instance, run the following command:
fe
ns
$ ll /dev/oracleoci/oraclevd*
tra
13. To partition the disk using fdisk, run the following command:
n-
. no
$ sudo fdisk /dev/oracleoci/oraclevdb
ide s a
Note: Enter the following responses as seen in the Cloud Shell:
Gu ha
Command (m for help): Enter n to create a new partition.
a.
is )
th m
e .co
b. Select (default p): Enter p.

us ail
to gm
c. Partition number (1,4, default 1): Press Enter.

se @
d. First sector: Press Enter.

en iar
lic agu
e. Last sector: Press Enter.

ee
f. Command (m for help): Enter w to write the new partition.

im
(ja
14. To format the partition, run the following command:

iar
$ sudo mkfs -t ext4 /dev/oracleoci/oraclevdb1

u
ag
15. To mount the partition, run the following commands:

e
m
$ sudo mkdir -p /mnt/volume1

jai
$ sudo mount /dev/oracleoci/oraclevdb1 /mnt/volume1
Note: On Linux instances, if you want to automatically mount volumes on an instance

boot, you need to set some specific options in the /etc/fstab file.
16. To display information about the block devices, run the following command:
$ lsblk
Note: You now see the partition and the mountpoint /mnt/volume1.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
iar
u
ag
e
m
jai
Resize a Block Volume
With online resizing, you can expand the volume size without detaching the volume from an
instance.
In this practice, you will resize a block volume.
Tasks
ble
ra
1. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
fe
In the Block Volumes list, select the block volume FRA-AA-LAB12-1-BV-01.
ns
2.
tra
3. Click Edit.
n-
Under Volume Size and Performance, enter the new size 1024 in the Volume Size (in
. no
4.
GB) field.
ide s a
Gu ha
Note: You must specify a larger value than the block volume's current size.
is )
Click Save Changes.
th m
5.
e .co
Note: A window appears with a list of commands. The commands are required to rescan
us ail
the disk after the volume is provisioned. You need to run these commands so that the
to gm
operating system identifies the expanded volume size. Click the Copy link to copy the
commands, and then click Close to close the window.
se @
en iar
6. Connect to your instance FRA-AA-LAB12-1-VM-01.

lic agu
ee
im
7. Paste and run the rescan commands you copied in the previous step into your instance
(ja
session window:
iar
$ sudo dd iflag=direct if=/dev/oracleoci/oraclevdb of=/dev/null

u
count=1
ag
e
$ echo "1" | sudo tee /sys/class/block/`readlink

m
/dev/oracleoci/oraclevdb | cut -d'/' -f 2`/device/rescan

jai
Note: After you've run the volume rescan commands, you need to extend the partition
and grow the file system; however, this is beyond the scope of this lab activity. For more
details on this topic, see Extending the Partition for a Block Volume (oracle.com) at:
us/iaas/Content/Block/Tasks/extendingblockpartition.htm#Extending_the_Partition_
for_a_Block_Volume
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai
Detach a Block Volume
When an instance no longer needs access to a volume, you can detach the volume from the
instance without affecting the volume's data.
In this practice, you will detach a block volume.
ble
Tasks
ra
fe
From the Main Menu, select Compute. Under Compute, click Instances.
ns
1.
tra
2. In the Instance list, click the instance FRA-AA-LAB12-1-VM-01 to display the instance
n-
details.
. no
3. In the left navigation pane, under Resources, click Attached block volumes.
ide s a
4. From the Attached block volumes list, click the three dots on the right to open the
Gu ha
Actions menu, then click Detach.
5.
is )
Click OK to confirm detachment. You now see that there are no block volumes attached to
th m
the instance FRA-AA-LAB12-1-VM-01.
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 13-1 Practices
. no
n-
tra
ns
fe
ra
ble
Block Storage: Create a
Cross Region Replication

Volume Group and Enable
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group. A volume group can include both types
of volumes, boot volumes, which are the system disks for your compute instances, and block
ble
volumes, which are for data storage.
ra
In this lab, you'll work with volume groups. You will:
fe
ns
a. Create two block volumes
tra
n-
b. Create a volume group
. no
c. Enable Cross-Region Replication for the volume group
ide s a
Gu ha
d. Activate the Volume Group replica
is )
th m
e. Disable replication for a volume group
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
iar
Prerequisites
u
ag
• Enabling Cross-Region Replication for the Volume Group requires access to a

e
m
destination region. See Replicating a Volume (oracle.com) for the list of region
jai
mappings for cross-region replication.
Block Storage: Create a Volume Group and Enable Cross Region Replication 149
Create Two Block Volumes
The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and
manage block storage volumes.
In this practice, you will learn how to create two block volumes, which will subsequently be part
of a volume group.
ble
Tasks
ra
fe
1. Use the console to sign in to your Oracle Cloud Infrastructure (OCI) account.
ns
tra
2. Select the region available in the tenancy allotted to you. In this lab, consider Germany
n-
Central (Frankfurt) as your region.
. no
3. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
ide s a
Click Create Block Volume.
Gu ha
4.
5. Fill in the required volume information: is )
th m
e .co
a. Name: Enter FRA-AA-LAB13-1-BV-01.

us ail
Create In Compartment: Select the compartment assigned to you.

to gm
b.
se @
c. Availability Domain: Select the first availability domain.

en iar
Volume Size and Performance: Select the Custom option and enter 512 in the
lic agu
d.
Volume Size field.
ee
im
e. Target Volume Performance: Drag the VPUs/GB slider to the left to make it Lower
(ja
Cost.
iar
f. Backup Policies: Do not specify any policy.

u
ag
g. Cross Region Replication: Select the OFF radio button.

e
m
h. Encryption: Select the Encrypt using Oracle-managed keys radio button.

jai
6. Click Create Block Volume.
Note: The Block Volume state is now Available.
150 Block Storage: Create a Volume Group and Enable Cross Region Replication
7. Repeat steps 3-6 to create a second block volume. Name this volume FRA-AA-LAB13-1-
BV-02.
Note: You now have two block volumes where the state is Available.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Create a Volume Group
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group.
In this practice, you’ll learn how to create a volume group.
Tasks
ble
ra
1. From the Main Menu, select Storage. Under Block Storage, click Volume Groups.
fe
Click Create Volume Group.
ns
2.
tra
3. Fill in the required fields on the Basic Information page:
n-
. no
a. Name: Enter FRA-AA-LAB13-1-VG-01.
ide s a
b. Compartment: Select the compartment assigned to you.
Gu ha
Availability Domain: Select the first availability domain. (This must be the same
c. is )
th m
Availability Domain, which you selected while creating the two block volumes in the
e .co
previous exercise.)
us ail
to gm
4. Click Next to go to the next page.

se @
5. On the Add Volumes page, for each volume you want to add:
en iar
lic agu
a. Select the compartment containing the volume from the Compartment drop-down
list.
ee
im
b. Select the volume FRA-AA-LAB13-1-BV-01 from the Volume drop-down list.

(ja
Click + Additional Volume to add more volumes.

iar
c.
u
Select the compartment containing the volume from the Compartment

ag
1)
drop-down list.
e
m
Select the volume FRA-AA-LAB13-1-BV-02 from the Volume drop-down list.

jai
2)
6. After you've added all the volumes you want to include when creating the volume group,
click Next.
7. On the Cross Region Replication page, you can optionally enable asynchronous cross
region volume replication for the volume group. You will be enabling this option in the
subsequent steps. For now, leave the OFF option selected and click Next.
8. On the Backup Policies page, you can optionally configure scheduled backups for the
volume group by selecting a backup policy to use for scheduled backups. You will not
configure any Backup Policies at this time. Click Next.
ble
9. On the Summary page, review the information. To edit any information, click Edit in the
ra
right corner.
fe
ns
10. Once everything looks correct, click Create to create the volume group. You can see that
tra
the Volume Group is created successfully, and it includes two block volumes.
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Enable Cross-Region Replication for the Volume Group
The Block Volume service provides you with the capability to perform ongoing automatic
asynchronous replication of volume groups to other regions.
In this practice, you’ll learn how to enable replication for a volume group.
ble
ra
fe
Tasks
ns
tra
1. Open the Main Menu and click Storage. Under Block Storage, click Volume Groups.
n-
2. Click the volume group FRA-AA-LAB13-1-VG-01.
. no
Click Edit.
ide s a
3.
Gu ha
4. Click Cross Region Replication on the left of the screen and select the ON option.
is )
th m
5. Enter the following information into the data fields:
e .co
us ail
a. Target Region: Select the UK South (London) region to replicate the volume group.
to gm
Note: See Replicating a Volume (oracle.com) for the list of region mappings for
se @
cross-region replication.
en iar
lic agu
b. Availability Domain: Select the first availability domain to place the volume group
replica in.
ee
im
c. Volume Group Replica Name: Enter LHR-AA-LAB13-1-VGR-01 for the volume

(ja
group replica name.

iar
Note: In this lab, we used Germany Central (Frankfurt) as the source region and UK South
u
ag
(London) as the target region. This might change depending on the region available in the
tenancy allotted to you.
e
m
Select the Confirm check box to acknowledge the cost warning and click Next.
jai
6.
7. Click Summary on the left of the screen.
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
becomes Available.
9. Under Resources in the left navigation pane, click Volume Group Replicas. The replica
LHR-AA-LAB13-1-VGR-01 is now created in the target region, UK South (London).
Select the target region, UK South (London).
11. Under Block Storage in the left navigation menu, click Volume Group Replicas.
Note: You can now see the replica LHR-AA-LAB13-1-VGR-01 and its details such as
ble
OCID, Source Region, Last Sync, and Created.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Activate the Volume Group Replica
To create a new volume group from a volume group replica, you need to activate the replica.
The activation process creates a new volume group by cloning the replica.
In this practice, you’ll learn how to activate a volume group replica.
Tasks
ble
ra
1. Make sure that you are in the correct destination region that contains the volume group
fe
replica you want to activate.
ns
tra
2. Open the Main Menu and click Storage. Under Block Storage, click Volume Group
n-
Replicas.
. no
3. Click the replica LHR-AA-LAB13-1-VGR-01.
ide s a
4. Click Activate.
Gu ha
5. Click Confirm to acknowledge that there may be a delay in the initial replication sync of
is )
th m
the volume group.
e .co
6. In the Activate Volume Group Replica window, select the compartment assigned to you
us ail
and specify the name for the new volume group as LHR-AA-LAB13-1-VG-02.
to gm
se @
7. Click Activate.
en iar
Notes
lic agu
ee
• Activating a volume group from the replica creates a clone of the source volume
group.
im
(ja
• In the left navigation pane, under Resources, you can see and access the
iar
Activated Volume Groups and Block Volume Replicas.

u
ag
e
m
Note: You can now see the volume group LHR-AA-LAB13-1-VG-02 in the volume groups
jai
list along with details such as Number of Volumes and Total Size of the volume groups.
9. In the left navigation pane, under Block Storage, click Block Volumes to see both
activated Block Volumes.
Disable Replication for a Volume Group
When you turn off replication for a volume group, by default, all volumes continue to replicate.
However, as separate Volume Replicas, they are no longer part of a Volume Group Replica. At
this point, you can turn off individual volume replication for all volumes.
In this practice, you’ll learn how to disable replication for a volume group.
ble
Tasks
ra
fe
1. Select the source region where you created your volume group, Germany Central
ns
(Frankfurt).
tra
n-
. no
3. Select the volume group FRA-AA-LAB13-1-VG-01.
ide s a
Gu ha
4. Click Edit.
is )
th m
5. Click Cross Region Replication on the left of the screen and select the OFF option.
e .co
6. Select the Check here to confirm check box to acknowledge that the volume group replica
us ail
will be deleted.
to gm
7. Select the Volume replication off check box to turn off replication for individual volumes.
se @
en iar
8. Click Summary on the left of the screen.

lic agu

ee
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
im
becomes Available.
(ja
iar
Ensure that you are in the correct destination region, UK South (London).
u
ag
11. Open the Main Menu and click Storage. Under Block Storage, click Volume Group
e
m
Replicas.
jai
Note: The LHR-AA-LAB13-1-VGR-01 Volume Group Replica will be in a Terminating state.

After a couple of minutes, it will be terminated.
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 14-1 Practices
. no
n-
tra
ns
fe
ra
Mount a File System
ble
File Storage: Create and
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) File Storage service provides robust and shareable file
systems. Network access to your file system is provided through a mount target, which is an
NFS endpoint that lives in a subnet and connects NFS clients to file systems.
ble
In this lab, you'll learn how to create a file system within the OCI console.
ra
fe
ns
tra
a. Create a Virtual Cloud Network (VCN) and its components
n-
. no
b. Create a VM instance
ide s a
c. Create a file system
Gu ha
d. Configure VCN Security Rules for file storage
is )
th m
e .co
e. Mount the file system from an instance

us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
File Storage: Create and Mount a File System 159

ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
Prerequisites
us ail
to gm

se @
en iar
Assumptions
lic agu

ee
• In this lab, we are considering Germany Central (Frankfurt) as your region.

im
(ja
uiar
ag
e
m
jai
160 File Storage: Create and Mount a File System

In this practice, you will learn how to create a Virtual Cloud Network, Subnet, Internet Gateway,
and Security List, and add route rules in the Route Table.
Tasks
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
IPv4 CIDR Blocks: Enter 10.0.0.0/16. Press Enter to add.
c. is )
th m
e .co
Note: Leave all the other options in their default setting.

us ail
5. Click Create VCN. You now see that the VCN is created successfully and in the Available
to gm
state.
se @

en iar
6.
lic agu

ee
a. Name: Enter FRA-AA-LAB14-1-SNET-01.

im
(ja

iar
c. Subnet Type: Select Regional.

u
ag
d. IPv4 CIDR Block: Enter 10.0.1.0/24.

e
m

jai
e.
8. Click Create Subnet. You now see that the subnet is created successfully and in the
Available state.

9. Click Create Subnet to create another Subnet. In the Create Subnet dialog box, enter the
following:
ble
d. IPv4 CIDR Block: Enter 10.0.2.0/24.
ra
fe
e. Subnet Access: Select Public Subnet.
ns
tra
f. DNS Label: Enter FRAAALAB141SNE2.
n-
. no
ide s a
Gu ha
is )
th m
e .co

us ail

to gm
Name: Enter FRA-AA-LAB14-1-IG-01.

se @
a.
en iar

lic agu
14. Click Create Internet Gateway. You now see that the Internet Gateway is created
ee
successfully and in the Available state.

im
(ja
iar
16. Click to open Default Route Table for FRA-AA-LAB14-1-VCN-01.

u
ag

e
m
Target Type: Select Internet Gateway.

jai
a.
c. Target Internet Gateway: Select FRA-AA-LAB14-1-IG-01.
18. Click Add Route Rules. You now see that the route rule is successfully added in the
default Route Table.

19. Using the breadcrumb trail at the top of the screen, return to your VCN page.
21. Click Create Security List.
Name: Enter FRA-AA-LAB14-1-SL-01.
ble
a.
ra
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. You now see that the security list is created and displayed on
n-
. no
the Security Lists page.
ide s a
Note: As of now, both Subnets FRA-AA-LAB14-1-SNET-01 and FRA-AA-LAB14-1-SNET-02
Gu ha
are using the Default Security List.
is )
th m
24. Leave Subnet FRA-AA-LAB14-1-SNET-01 as is with the Default Security List. Change the
e .co
Security List for Subnet FRA-AA-LAB14-1-SNET-02 by doing the following:

us ail
to gm
a. Click Subnets.
se @
b. Click the subnet FRA-AA-LAB14-1-SNET-02.

en iar
lic agu
c. In the left navigation pane, under Resources, click Security Lists.

ee
d. To add a security list, click Add Security List, and select FRA-AA-LAB14-1-SL-01.
im
Click Add Security List.

(ja
e.
iar
f. To remove the default security list, Default Security List for FRA-AA-LAB14-1-VCN-
u
01, click the three dots on the right to open the Actions menu, then click Remove.
ag
e
g. Click Remove when prompted to confirm removal.

m
jai
Note: The changes take effect within a few seconds.

In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
Instance.
Tasks
ble
ra
fe
ns
tra
3. Once the Cloud Shell is ready, enter the following commands:
n-
. no
$ mkdir .ssh
ide s a
▪ Important: In case you get an error message that says “Cannot create director: File
exists,” you can skip running this first command.
Gu ha
is )
th m
$ cd .ssh
e .co

us ail
to gm
se @
Note: Replace <<sshkeyname>> with ociaalabkey. Choose the key name you can
en iar
lic agu
create.
ee

im
(ja
iar
u
ag
$ ls
e
m
jai
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with

Note: Replace <<sshkeyname>> with ociaalabkey.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
On-demand capacity from the Capacity type menu.

us ail
to gm
d.
se @
en iar
e. Networking: Select the existing virtual cloud network FRA-AA-LAB14-1-VCN-01

lic agu
and existing subnet FRA-AA-LAB14-1-SNET-01 (regional). Under Public IP

address, select Assign a public IPv4 address.
ee
im
(ja

iar
g. Boot volume: Keep the default selections.

u
ag
9. Click Create.
e
m
Note: After a couple of minutes, you can see that the Instance is successfully created and
jai
the state is Running.
10. Under Instance access, copy the Public IP address.

11. Click the Cloud Shell icon to open Cloud Shell, and use SSH to connect to your instance
by using the following command:
Note: Enter yes in response to “Are you sure you want to continue connecting
(yes/no)?”
ble
ra
fe
ns
Reminders:
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
Note: You are now connected to the Instance FRA-AA-LAB14-1-VM-01.

to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Create a File System
You can create a shared file system in the cloud by using the File Storage service. Network
access to your file system is provided through a mount target. Exports control how NFS clients
access file systems when they connect to a mount target. When you use the OCI console to
create your file system, the workflow also creates a mount target and export for it.
In this practice, you will learn how to create a file system.
ble
ra
Tasks
fe
ns
tra
n-
2. From the Main Menu, select Storage. Under File Storage, click File Systems.
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
ide s a
<compartment name> assigned to you.
Gu ha
4. Click Create File System.
is )
5. In the File System Information section, click Edit Details and enter the following:
th m
e .co
a. Name: Enter FRA-AA-LAB14-1-FS-01.

us ail
to gm
b. Availability Domain: Select the first availability domain.

se @
c. Create in Compartment: Select the <compartment name> assigned to you.

en iar
lic agu
d. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

ee
6. In the Export Information section, click Edit Details and enter the following:
im
a. Export Path: Enter /FRA-AA-LAB14-1-EP-01.

(ja
iar
b. Do not select the Use Secure Export Options check box.

u
ag
7. In the Mount Target Information section, click Edit Details and specify the following:
e
a. Select the Create New Mount Target option.

m
jai
b. Enter FRA-AA-LAB14-1-MNT-01 in the New Mount Target Name field.
c. Select FRA-AA-LAB14-1-VCN-01 from the Virtual Cloud Network drop-down list.

d. Select FRA-AA-LAB14-1-SNET-02 from the Subnet drop-down list.
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
few seconds.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Configure VCN Security Rules for File Storage
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
ble
• Network File System (NFS) protocol
ra
fe
• Network File System (MOUNT) protocol
ns
tra
• Network Lock Manager (NLM) protocol
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide s a
Note
Gu ha
is )
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th m
e .co
AA-LAB14-1-SNET-02) than the instance you want to mount the file system to (FRA-AA-
LAB14-1-SNET-01).
us ail
to gm
You need to set up the following security rules in FRA-AA-LAB14-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en iar
the source for ingress rules and the destination for egress rules:
lic agu
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ee
2048, 2049, and 2050

im
(ja
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
2048
u iar
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
ag
the destination instance CIDR block

e
m
Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block
jai

Next, you need to set up the following security rules in Default Security List for FRA-AA-
LAB14-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
ble
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
ra
2048, 2049, and 2050
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide s a
Tasks
Gu ha
is )
th m
e .co
2. Select FRA-AA-LAB14-1-VCN-01 from the list of VCNs.

us ail

to gm
4. Select FRA-AA-LAB14-1-SL-01 from the list of security lists.

se @
en iar
5. In the left navigation pane, under Resources, click Ingress Rules.

lic agu

ee
a. Do not select the Stateless check box.

im
(ja
b. Source Type: Select CIDR.

iar
c. Source CIDR: Enter 10.0.1.0/24.

u
ag
d. IP Protocol: Select TCP.

e
m
e. Source Port Range: By default, it will be All, even if you leave the field blank.
jai
f. Destination Port Range: Enter 111.

ble
ra
fe
ns
f. Destination Port Range: Enter 2048-2050.
tra
n-
. no
10. Click Add Ingress Rule and enter the following:
ide s a
Gu ha
is )
th m
e .co

us ail
to gm
d. IP Protocol: Select UDP.

se @
en iar
lic agu

ee

im
(ja

iar

u
ag

e
m
jai

14. In the left navigation pane, under Resources, click Egress Rules.
15. Click Add Egress Rules and enter the following:
b. Destination Type: Select CIDR.
ble
c. Destination CIDR: Enter 10.0.1.0/24.
ra
fe
ns
tra
e. Source Port Range: Enter 111.
n-
. no
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
ide s a
16. Click Add Egress Rules.
Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar

lic agu
e. Source Port Range: Enter 2048-2050.

ee
im
(ja

uiar

ag
e

m
jai


21. Using the breadcrumb trail at the top of the screen, click back to go to the VCN FRA-AA-
LAB14-1-VCN-01.
ble
23. Click to open Default Security List for FRA-AA-LAB14-1-VCN-01.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
c. Source CIDR: Enter 10.0.2.0/24. is )
th m
IP Protocol: Select TCP.
e .co
d.
us ail

to gm
Destination Port Range: By default, it will be All, even if you leave the field blank.
se @
f.
en iar

lic agu

ee
Do not select the Stateless check box.

im
a.
(ja

iar
Source CIDR: Enter 10.0.2.0/24.

u
c.
ag

e
d.
m
jai

IP Protocol: Select UDP.
ble
d.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar
lic agu

ee
im

(ja

uiar

ag
e

m
jai

ble
ra
fe
ns
tra
n-
. no
ide s a

Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar
lic agu

ee
im

(ja
u iar
ag
e
m
jai

Mount the File System from an Instance
In this practice, you will learn how to mount a file system from an instance.
Tasks
1. From the Main Menu, Storage. Under File Storage, click File Systems.
ble
2. In the File Systems list, click the FRA-AA-LAB14-1-FS-01 file system.
ra
3. In the left navigation pane, under Resources, click Exports.
fe
Locate /FRA-AA-LAB14-1-EP-01 and click the three dots to the right to open the Actions
ns
4.
menu. Then select Mount Commands.
tra
In Image, choose Oracle Linux from the drop-down list.
n-
5.
. no
6. Click the Copy links to copy the three commands listed.
ide s a
Gu ha
is )
th m
e .co
8. Paste and run the commands that you copied in the previous step into your instance
us ail
session window.
to gm
Important: Please run the commands that you copied and not the following commands
se @
which are just for reference:

en iar
lic agu
$ sudo yum install nfs-utils

ee
$ sudo mkdir -p /mnt/FRA-AA-LAB14-1-EP-01

im
$ sudo mount 10.0.2.159:/FRA-AA-LAB14-1-EP-01 /mnt/FRA-AA-LAB14-1-

(ja
EP-01
iar
9. View the file system by entering the following:

u
ag
$ df –h
e
m
10. Write a file to the file system by entering the following:

jai
$ sudo touch /mnt/yourmountpoint/helloworld
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ sudo touch /mnt/FRA-AA-LAB14-1-EP-01/helloworld

11. Verify that you can view the file by entering the following:
$ cd /mnt/yourmountpoint
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ cd /mnt/FRA-AA-LAB14-1-EP-01
$ ls
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 15-1 Practices
. no
n-
Export Options
tra
ns
fe
ra
ble
File Storage: Configure NFS
Get Started
Overview
NFS export options enable you to create more granular access control to limit VCN access. You
can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting
to file systems through exports in a mount target. Doing this provides better security controls
ble
in multi-tenant environments.
ra
Additionally, by using NFS export option access controls, you can limit the clients' ability to
fe
connect to the file system and view or write data.
ns
In this lab, you'll learn how to allow read-only access to the file system from one instance and
tra
read/write access from the other instance.
n-
. no
ide s a
Gu ha
a. Create a Virtual Cloud Network and its components
is )
th m
b. Create two VM instances
e .co
us ail
c. Create a file system

to gm
d. Configure VCN Security Rules for file storage

se @
en iar
e. Set Export Options for the file system

lic agu
f. Mount the file system from both the Instances

ee
im
g. Perform testing
(ja
u iar
ag
e
m
jai
File Storage: Configure NFS Export Options 179

ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
Prerequisites
se @
en iar

lic agu
Assumptions
ee

im
(ja
• In this lab, we are considering Germany Central (Frankfurt) as your region.

uiar
ag
e
m
jai
180 File Storage: Configure NFS Export Options

In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, Internet
Gateway, and Security List, and add route rules in the Route Table.
Tasks
ble
ra
2. Open the Main Menu, click Networking, and then click Virtual Cloud Networks.
fe
ns
tra
n-
. no
ide s a
Gu ha
IPv4 CIDR Block: Enter 10.0.0.0/16. Press Enter to add.
c. is )
th m
e .co

us ail
5. Click Create VCN. The VCN is now created successfully.

to gm

se @
6.
en iar

lic agu

ee
im

(ja
Subnet Type: Select Regional.

iar
c.
u
IPv4 CIDR Block: Enter 10.0.1.0/24.

ag
d.
e

m
e.
jai
8. Click Create Subnet. The subnet is now created successfully and the state is Available.

9. Click Create Subnet to create another subnet. In the Create Subnet dialog box, enter the
following:
ble
d. IPv4 CIDR Blocks: Enter 10.0.2.0/24.
ra
fe
e. Subnet Access: Select Public Subnet.
ns
tra
f. DNS Label: Enter FRAAALAB151SNE2.
n-
g. Note: Leave all the other options in their default setting.
. no
ide s a
Gu ha
is )
th m
e .co

us ail

to gm
a. Name: Enter FRA-AA-LAB15-1-IG-01.

se @
en iar

lic agu
14. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
ee
state is Available.
im
(ja
iar

u
ag

e
m
a. Target Type: Select Internet Gateway.

jai
c. Target Internet Gateway: Select FRA-AA-LAB15-1-IG-01.
18. Click Add Route Rules. The route rule is successfully added in the default Route Table.

19. Using the breadcrumb trail at the top of the screen, return to your VCN page.
21. Click Create Security List.
Name: Enter FRA-AA-LAB15-1-SL-01.
ble
a.
ra
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. The security list is created and displayed on the Security
n-
. no
Lists page.
ide s a
Note: As of now, both the Subnets FRA-AA-LAB15-1-SNET-01 and FRA-AA-LAB15-1-
Gu ha
SNET-02 are using the Default Security List.
is )
th m
24. Leave Subnet FRA-AA-LAB15-1-SNET-01 as is with the Default Security List. Change the
e .co
Security List for Subnet FRA-AA-LAB15-1-SNET-02 by doing the following:

us ail
to gm
a. Click Subnets.
se @
b. Click the subnet FRA-AA-LAB15-1-SNET-02.

en iar
lic agu
c. In the left navigation pane, under Resources, click Security Lists.

ee
d. To add a security list, click Add Security List, and select FRA-AA-LAB15-1-SL-01.
im
To remove the default security list Default Security List for FRA-AA-LAB15-1-VCN-
(ja
e.
01, click the three dots on the right to open the Actions menu, and then
iar
select Remove.
u
ag
f. Click Remove when prompted to confirm removal.

e
m
Note: The changes take effect within a few seconds.

jai

In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
instance.
Tasks
ble
ra
fe
ns
tra
3. After the Cloud Shell is ready, enter the following commands:
n-
. no
$ mkdir .ssh
ide s a
▪ Important: In case you get an error message that says “Cannot create director: File
exists,” you can skip running this first command.
Gu ha
is )
th m
$ cd .ssh
e .co

us ail
to gm
se @
Note: Replace <<sshkeyname>> with ociaalab15key. Choose the key name you can
en iar
lic agu
create.
ee

im
(ja
iar
u
ag
$ ls
e
m
jai
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with

Note: Replace <<sshkeyname>> with ociaalabkey.
ble
ra
fe
ns
7. Open the Main Menu and click Compute. Under Compute, click Instances.
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
On-demand capacity under the Capacity type menu.

us ail
to gm
d.
se @
en iar
e. Networking: Select the existing virtual cloud network FRA-AA-LAB15-1-VCN-01 and

lic agu
existing subnet FRA-AA-LAB15-1-SNET-01 (regional). Under Public IP address

select Assign a public IPv4 address.
ee
im
(ja

iar
g. Boot volume: Keep the default selections.

u
ag
9. Click Create.
e
m
10. To create a second Instance, repeat steps 7–9. Keep all settings the same except enter the
jai
Name as FRA-AA-LAB15-1-VM-02.
Note: Once finished, you see that the both the instances are created successfully and in
the Running state.
11. To connect to the instances, on the Instance information tab and under Instance access,
copy the Public IP address.

12. Open Cloud Shell and use SSH to connect to your instance by using the following
commands:
ble
Reminders:
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Create a File System
You can create a shared file system in the cloud using the File Storage service. Network access
to your file system is provided through a mount target. Exports control how NFS clients access
file systems when they connect to a mount target. When you use the console to create your
file system, the workflow also creates a mount target and an export for it.
In this practice, you will learn how to create a file system.
ble
ra
Tasks
fe
ns
tra
n-
2. Open the Main Menu and click Storage. Under File Storage, click File Systems.
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
ide s a
<compartment name> assigned to you.
Gu ha
4. Click Create File System.
is )
5. In File System Information, click Edit Details and enter the following:
th m
e .co
a. Name: Enter FRA-AA-LAB15-1-FS-01.

us ail
to gm
b. Availability Domain: Select the first availability domain.

se @
c. Create in Compartment: Select the <compartment name> assigned to you.

en iar
lic agu
d. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

ee
6. In the Export Information click Edit Details and enter the following:
im
a. Export Path: Enter /FRA-AA-LAB15-1-EP-01.

(ja
iar
b. Do not select Use Secure Export Options.

u
ag
7. In the Mount Target Information, click Edit Details and specify the following:
e
a. Select the Create New Mount Target option.

m
jai
b. Enter FRA-AA-LAB15-1-MNT-01 in the New Mount Target Name field.
c. Select FRA-AA-LAB15-1-VCN-01 from the Virtual Cloud Network drop-down list.

d. Select FRA-AA-LAB15-1-SNET-02 (regional) from the Subnet drop-down list.
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
ble
few seconds.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Configure VCN Security Rules for File Storage
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
ble
• Network File System (NFS) protocol
ra
fe
• Network File System (MOUNT) protocol
ns
Network Lock Manager (NLM) protocol
tra
•
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide s a
Note
Gu ha
is )
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th m
e .co
AA-LAB15-1-SNET-02) than the instance on which you want to mount the file system (FRA-
AA-LAB15-1-SNET-01).
us ail
to gm
You need to set up the following security rules in FRA-AA-LAB15-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en iar
the source for ingress rules and the destination for egress rules:
lic agu
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ee
2048, 2049, and 2050

im
(ja
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
2048
u iar
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
ag
the destination instance CIDR block

e
m
• Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block
jai

Next, you need to set up the following security rules in Default Security List for FRA-AA-
LAB15-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
ble
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
ra
2048, 2049, and 2050.
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide s a
Tasks
Gu ha
is )
th m
e .co
2. Click FRA-AA-LAB15-1-VCN-01 from the list of VCNs.

us ail

to gm
4. Click FRA-AA-LAB15-1-SL-01.
se @
en iar

lic agu
6. Click Add Ingress Rule and enter the following:

ee

im
(ja

iar

u
ag

e
m
jai

ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co

us ail
to gm

se @
en iar
lic agu

ee

im
(ja

iar

u
ag

e
m
jai

ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar

lic agu

ee
im
(ja

uiar

ag
e

m
jai


21. Click the VCN FRA-AA-LAB15-1-VCN-01.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
d.
e .co

us ail
to gm
f. Destination Port Range: By default, it will be All, even if you leave the field blank).
se @

en iar

lic agu
ee

im

(ja
iar

u
ag

e
m

jai

IP Protocol: Select UDP.
ble
d.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar
lic agu

ee
im

(ja

uiar

ag
e

m
jai

ble
ra
fe
ns
tra
n-
. no
ide s a

Gu ha
is )
th m
e .co

us ail

to gm
se @

en iar
lic agu

ee
im

(ja
u iar
ag
e
m
jai

Set Export Options for the File System
In this practice, you'll learn how to allow read-only access to the file system FRA-AA-LAB15-1-
FS-01 from the Instance FRA-AA-LAB15-1-VM-01 and read/write access from the Instance
FRA-AA-LAB15-1-VM-02.
Tasks
ble
ra
fe
Make a note of the Private IP addresses of both the instances FRA-AA-LAB15-1-VM-01
ns
2.
and FRA-AA-LAB15-1-VM-02.
tra
n-
Note: In this lab, the Private IP addresses are as follows:
. no
▪ 10.0.1.15 for instance FRA-AA-LAB15-1-VM-01
ide s a
Gu ha
▪ 10.0.1.161 for instance FRA-AA-LAB15-1-VM-02
is )
th m
Reminder: In your case, the Private IP address can be different.
e .co
From the Main Menu, click Storage. Under File Storage, click File Systems.
us ail
3.
to gm
4. Click the file system FRA-AA-LAB15-1-FS-01.

se @
5. From the Exports list, select the Export Path /FRA-AA-LAB15-1-EP-01.

en iar
6. Click Edit NFS Export Options.

lic agu
7. In the existing Export Options window, make the following changes:

ee
a. Source: Enter 10.0.1.15/32.

im
(ja
Reminder: The Private IP address of FRA-AA-LAB15-1-VM-01 is 10.0.1.15. However,

iar
when you perform the lab, it might be a different IP address.

u
ag
b. Ports: Select Any.

e
m
c. Access: Select Read Only.

jai
d. Squash: Select None.
8. Click + Another Option to create a new export option entry.

9. In the new entry boxes, specify the following information:
a. Source: Enter 10.0.1.161/32.
Reminder: The Private IP address of FRA-AA-LAB15-1-VM-02 is 10.0.1.161.

However, when you perform the lab, it might be a different IP address.
b. Ports: Select Any.
ble
c. Access: Select Read/Write.
ra
fe
d. Squash: Select None.
ns
tra
10. When you're finished with your entries, click Update.
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Mount the File System from Both the Instances
In this practice, you will learn how to mount a file system from two instances.
Tasks
1. From the Main Menu, select Storage. Under File Storage, click File Systems.
ble
2. In the File Systems list, click the file system FRA-AA-LAB15-1-FS-01.
ra
3. In the left navigation pane, under Resources, click Exports.
fe
Locate /FRA-AA-LAB15-1-EP-01 and click the three dots on the right to open the Actions
ns
4.
menu, and then select Mount Commands.
tra
In Image, choose Oracle Linux from the drop-down menu.
n-
5.
. no
6. Click the Copy links to copy the three commands listed.
ide s a
Gu ha
Note: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
is )
th m
e .co
8. Paste and run the commands that you copied in the previous step into your instance
us ail
session window.
to gm
Important: Please run the commands that you copied and not the following commands
se @
which are just for reference:

en iar
lic agu
$ sudo yum install nfs-utils

ee
$ sudo mkdir -p /mnt/FRA-AA-LAB15-1-EP-01

im
$ sudo mount 10.0.2.227:/FRA-AA-LAB15-1-EP-01 /mnt/FRA-AA-LAB15-1-

(ja
EP-01
iar
9. View the file system by entering the following:

u
ag
$ df –h
e
m
10. To mount the file system from the second instance FRA-AA-LAB15-1-VM-02, perform the
jai
following steps:
a. Open a new duplicate tab in your browser.
b. Repeat steps 7–8 of this practice.
Note: The file system is now mounted from both instances, FRA-AA-LAB15-1-VM-01 and
FRA-AA-LAB15-1-VM-02.

Perform Testing
In this practice, you will validate that you have read-only access to the file system FRA-AA-
LAB15-1-FS-01 from the Instance FRA-AA-LAB15-1-VM-01, and read/write access from the
Instance FRA-AA-LAB15-1-VM-02.
Tasks
ble
ra
fe
ns
Note: For help with this, refer to Steps 11-12 in the Create a VM Instance practice.
tra
Try to write a file to the file system by entering the following:
n-
2.
. no
ide s a
Note: Replace yourmountpoint with the path to the local mount point.
Gu ha
For example:
is )
th m
e .co

us ail
to gm
Important: You will receive an error that validates that the instance FRA-AA-LAB15-1-VM-
01 does not have write access to the file system.
se @
en iar

lic agu
Reminder: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
ee
im
4. Try to write a file to the file system by entering the following:

(ja

u iar
ag
For example:
e
m
jai
5. Once the file is successfully written, verify that you can view the file by entering the
following.
$ cd /mnt/yourmountpoint

For example:
$ cd /mnt/FRA-AA-LAB15-1-EP-01
$ ls
6. Verify that you can view the file by enter the Step 5 commands from the instance FRA-
AA-LAB15-1-VM-01.
ble
Note: You now see that the instance FRA-AA-LAB15-1-VM-01 has read-only access to the
ra
file system.
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 16-1 Practices
. no
n-
tra
ns
Database System:
fe
ra
to a Database System
ble
Provisioning and Connecting
Get Started
Overview
With Oracle Database on OCI, you can create and manage a full featured Oracle, scalable, and
secure database instance in the Oracle Cloud.
You can connect to the database using SSH. This will allow you to connect to the database
ble
without using the network listener. This method of connection should be used by you to
ra
connect to the database for administration purposes only.
fe
ns
When connecting to a multi-node database system, you will connect to each individual node in
tra
the cluster via SSH.
n-
. no
ide s a
a. Create a Virtual Cloud Network
Provision a database system.

Gu ha
b. is )
th m
e .co
c. Connect to the database system with SSH

us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
Prerequisites
jai
• See Connecting to Database Using SSH for more information about connecting to the
database using SSH.
202 Database System: Provisioning and Connecting to a Database System

In this lab, you will create a VCN and associated resources using the VCN Wizard.
Tasks
Ensure that you are in correct region, Germany Central (Frankfurt).
ble
ra
fe
ns
tra
n-
4.
. no
Wizard.
ide s a
Gu ha
• Name: FRA-AA-LAB16-VCN-01 is )
th m
e .co

us ail
to gm
se @
en iar
lic agu
ee
im
8. Click Create.
(ja

iar
u
ag
e
m
jai
Database System: Provisioning and Connecting to a Database System 203

Provision a Database System
Oracle Database on OCI lets you dynamically provision and manage database systems. In this
practice, you will provision a single node virtual machine database system.
Tasks
1. In the console ribbon at the top of the screen, from the Regions menu, select Germany
ble
Central (Frankfurt).
ra
fe
2. From the navigation menu, select Oracle Database, and select Oracle Base Database
ns
(VM, BM).
tra
n-
. no
4. Click Create DB system.
ide s a
5. Fill in the required information in the Create DB system dialog box:
•
Gu ha
Select a compartment: Select your assigned <compartment name>.
is )
th m
e .co
• Name your DB system: FRA-AA-LAB16-DBCS-01

us ail
• Select an availability domain: You may choose from AD-1, AD-2, or AD-3.
to gm
se @
• Select a shape type: Virtual Machine

en iar
lic agu
• Configure shape: Create the database with Intel OCPUs:

ee
1) Click Change Shape and click AMD.

im
From the list of Configure OCPU options, select the shape VM.Standard.E4.Flex
(ja
2)
(1 OCPU, 16 GB Memory)
iar
u
3) Click Select a shape.

ag
e
m
• Configure storage: Use Logical Volume Manager. Click Change Storage. In the
jai
Change Storage dialog box, configure the following:
1) Choose storage management software: Logical Volume Manger
2) Configure storage performance: Balanced
3) Available data storage (GB): 256

4) Click Save changes.
• Configure the DB system – For this lab, you will create a one-node database system:
1) Total node count: Leave value at 1.
2) Oracle Database software edition: Select Enterprise Edition High Performance.
3) Total storage (GB): Leave value at 712.
ble
ra
fe
• Add SSH keys: Generate a public-private key pair to authenticate and connect to the
ns
database:
tra
Select the Generate SSH key pair option.
n-
1)
. no
2) Click Save private key to download the private key to your local system. Later in
ide s a
this lab, you will use that private key to connect to the database.
Gu ha
3) Click License Included in the Choose a license type field.
is )
th m
e .co
us ail
• Specify the network information: You will provide information of the virtual cloud
to gm
network you created before provisioning this database system:

se @
1) Virtual cloud network in assigned <compartment name>: Select FRA-AA-

en iar
LAB16-VCN-01.
lic agu
2) Client subnet in assigned <compartment name>: Select Public Subnet- FRA-

ee
AA-LAB16-VCN-01 (regional).
im
(ja
3) Use network security groups to control traffic: Deselected

iar
4) Hostname prefix – LAB16-DBHST-01

u
ag
5) Host Doman Name: Do not configure.

e
m
Host Domain URL: Do not configure.

jai
6)
7) Private IP address: Do not configure.
• Diagnostics collection: Leave at default settings.
6. Click Next.

7. Enter the required information in the Create DB system dialog box and accept the defaults
for any fields not specified.
• Database name: FRAAADB1
Reminder: A database system is the software system that enables you to create, manage,
and monitor the database. The database is the collection of data.
• Database unique name suffix: Do not configure.
ble
• Database image: You will create an Oracle Database 21c.
ra
Click Change database image.
fe
1)
ns
2) Image Type: Select Oracle Database Software Images.
tra
n-
Oracle Database version: Check 21c
. no
3) Click Select.
ide s a
Gu ha
• PBD name: Do not configure.
• Create administrator credentials: is )
th m
e .co
1) Username: User sys (read-only field)

us ail
Password: Provide the password for User sys. Enter OU_Cl0ud#12345.

to gm
2)
se @
Note: You will need to enter the password twice.

en iar
lic agu
3) Use the administrator password for the TDE wallet: Selected

ee
4) Configure database backups: Deselected

im
8. Click Create DB System.

(ja
Note: The creation will vary from 5 minutes to 45 minutes. The status of the database
iar
system will go from Provisioning to Available.

u
ag
e
m
jai

Connect to the Database
SSH is used to administer Oracle Databases in OCI. SSH or Secure Shell is a network
communication protocol that enables two computers/servers to securely communicate and
share data over unsecured network.
In this practice, you’ll connect to your database system using SSH.
ble
Tasks
ra
fe
1. From the navigation menu, select Oracle Database, and select Oracle Base Database
ns
(VM, BM).
tra
n-
. no
3. Select FRA-AA-LAB16-DBCS-01 from the list of available databases.
ide s a
Gu ha
4. In the left navigation pane, under Resources, click Nodes.
is )
th m
5. Locate and note the Oracle Database Public IP address for use later in this section.
e .co
Convert the .pem file to .ppk file.

us ail
6.
to gm
If you selected Generate SSH key pair to generate the public-private key pair when
se @
provisioning your database system, and you use Putty to connect to the database system,
en iar
then you will need to convert the key file.

lic agu
The key is generated in .pem format, but Putty needs the key to be in .ppk format.
ee
im
You will use PuttyGen to convert the .pem file to .ppk file.
(ja
Note: This instruction set assumes PuTTYGen has been installed on your local system. If
iar
not, download and install PuTTYGen before proceeding.

u
ag
a. Open PuTTYGen and click the Load button.

e
m
Set the file type to All Files *.* so the OCI PEM file (the private key you downloaded
jai
b.
during the provisioning) is visible.
c. Select your OCI PEM file and PuTTYGen will import it

d. Click Save Private Key and PuTTYGen will convert the PEM to a PPK file.
Give a new name to this private key and note its location, because this is the private
key file that you will use to connect to the database.
7. Connect to the Database. You will need to use a tool to establish communication between
your local system and the database system. Depending on your local system’s Operating
System, you will use one of two methods: for Windows, you will use the third-party tool
ble
PuTTY and for macOS or Linux, you will use SSH.
ra
fe
Connect from Windows Using PuTTY
ns
tra
Note: This instruction set assumes PuTTY has been installed on your local system. If not,
n-
download and install PuTTY before proceeding.
. no
a. Open putty.exe.
ide s a
Gu ha
b. To the left, in the Category pane, configure the following:
is )
th m
1) Select Session and enter the following fields:
e .co
Host Name (or IP address): opc@<Oracle Database Public IP

us ail
a)
to gm
address>
se @
b) Connection type: SSH

en iar
lic agu
c) Port: 22
ee
2) To the left, in the Category pane, click the disclosure triangle to reveal
im
Connection options.
(ja
a) Click the disclosure triangle to reveal SSH option, and then click Auth.
iar
u
b) Browse to and select your private key. This is the private key file you had
ag
converted with PuttyGen and saved on your local system.

e
m
3) Click Open to begin your session.

jai
Note: You will connect to the OCI DB System VM as the user opc without
needing to enter password, because you are authenticating with the key file.

4) Click Yes in the dialog box that appears on your first log in.
Note: If you are connected to any VPN or working on a restricted network

connection, you will encounter errors when trying to connect to your database
system.
Connect from a MacOS or Linux System:
ble
a. Open console or terminal.
ra
Issue the following SSH command to access the DB system:
fe
b.
ns
$ ssh –i <private_key> opc@<Oracle Database Public IP address>
tra
Where:
n-
. no
private_key is the name and location of the private key on your local system
ide s a
DB_system_IP_address is the Public IP address of your Oracle Database
Gu ha
Note: After you are connected to the database system, you can execute commands
is )
th m
as you would when connected to the database on a server.
e .co
us ail
Examples:
to gm
• You could switch user accounts. As the opc user, use sudo to become the oracle
se @
user:
en iar
$ sudo – oracle
lic agu
• You could issue the oraenv command to interactively change your Oracle_SID:
$ . oraenv
ee
• You could issue the srvctl command to see information about your database:
im
$ srvctl config database -d <Database Name>

(ja
uiar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 17-1 Practices
. no
n-
tra
ns
fe
ra
ble
Autonomous Database
Autonomous Database:
Scaling Resources in an
Get Started
Overview
Scaling resources is the easiest and the most effective way to improve performance of your
database without changing the configuration of the database or the application code.
With an Oracle Autonomous Database, you can configure the database to automatically scale
ble
to meet the changing workload, or you can manually scale it by increasing or decreasing OCPU
and/or storage resources to meet the needs of your workload.
ra
fe
ns
tra
a. Provision an Autonomous Database
n-
. no
b. Manually scale the number of OCPUs
ide s a
c. Enable automatic scaling for storage
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Autonomous Database: Scaling Resources in an Autonomous Database 211

Prerequisites
• To learn more about scaling an Autonomous Database, see Scaling in Autonomous

Database.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
212 Autonomous Database: Scaling Resources in an Autonomous Database

Provision an Autonomous Database
In this practice, you provision an Autonomous Database.
Tasks
ble
ra
2. From the navigation menu, select Oracle Database, and select Autonomous Database.
fe
ns
tra
Click Create Autonomous Database.
n-
4.
. no
5. Provide the following configuration parameters:
ide s a
Gu ha
• Display Name: FRA-AA-LAB17-ATP-01
is )
th m
• Database Name: AALAB17DBATP
e .co
• Choose a workload type: Transaction processing

us ail
• Choose a deployment type: Shared infrastructure

to gm
• Configure the database:

se @
o Always Free: Disabled

en iar
o Choose database version: Leave at the default, 19c.

lic agu
o OCPU count: 1
ee
o Storage (TB): 1
im
• OCPU auto scaling: Selected

(ja
• Storage auto scaling: Deselected

iar
• Create administrator credentials:

u
ag
o Username Read-only: Leave at the default, ADMIN.

e
m
Note: You will not have access to the database as the sys user. Instead, you will
jai
have access to the database as the ADMIN user. With this account, you can access
Database Actions to perform administrative tasks, such as to create a user
account.
o Create administrator credentials: Provide password for the ADMIN user. You will
need to enter the password twice. Enter OU_Cl0ud#12345.
• Choose network access: Select Secure access from everywhere.

• Choose License and Oracle Database Edition: Select License Included.
• Provide contacts for operational notifications and announcements: Do not

configure.
6. Click Create Autonomous Database.
Note: When provisioning completes, the status of the Autonomous Database will change
from Provisioning to Available.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Manually Scale the Number of OCPUs
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. You can manually change the
OCPU and/or the storge that will be available to your database.
In this practice, you will manually increase the OCPU for your database.
ble
Tasks
ra
fe
1. From the navigation menu, select Oracle Database, and then select Autonomous
ns
Database.
tra
n-
2. Select FRA-AA-LAB17-ATP-01 from the list of databases.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide s a
tab, note the following values:
Gu ha
• OCPU count: 1 is )
th m
• OCPU auto scaling: Enabled
e .co
• Storage: 1 TB
us ail
• Storage auto scaling: Disabled

to gm
Click Manage Scaling.

se @
4.
en iar
5. In the Manage Scaling dialogue box, set the OCPU count to 2.

lic agu
6. Click Apply.
ee
im
(ja
Note: The status of the Autonomous Database will show, Scaling in Progress. Your users
will still be able to access the database during the scaling process.
u iar
ag
When the status of the database shows Available, the scaling process is completed.
e
On the Autonomous Database Information tab, note the following values:

m
7.
jai
• OCPU count: 2
• Storage: 1 TB

Enable Automatic Scaling for Storage
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. By default, OCPU auto scaling is
enabled and Storage auto scaling is disabled.
In this practice, you will enable Storage auto scaling.
ble
Tasks
ra
fe
1. From the navigation menu, select Oracle Database, and then select Autonomous
ns
Database.
tra
n-
2. Select FRA-AA-LAB17-ATP-01 from the list of databases.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide s a
tab, note the following values:
Gu ha
• OCPU count: 2 is )
th m
e .co
• Storage: 1 TB
us ail

to gm
Click Manage Scaling.

se @
4.
en iar
5. In the Manage Scaling dialogue box, select the Storage auto scaling check box.
lic agu
6. Click Apply.
ee
im
Note: The status of the Autonomous database will show, Scaling in Progress.
(ja
When the status of the database shows, Available, the scaling process is completed.
iar
u
On the Autonomous Database Information tab, note the following values:

ag
7.
• OCPU count: 2
e
m

jai
• Storage: 1 TB
• Storage auto scaling: Enabled

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m Guard
is )
Gu ha
ide s a
Lab 18-1 Practices
. no
n-
tra
ns
fe
ra
ble
Security: Enable Cloud
Get Started
Overview
Cloud Guard examines your Oracle Cloud Infrastructure resources for security weakness
related to configuration, and your operators and users for risky activities. Upon
detection, Cloud Guard can suggest, assist, or take corrective actions, based on your
ble
configuration.
ra
fe
ns
a. Create a Virtual Cloud Network
tra
n-
b. Explore Cloud Guard
. no
c. Create a Cloud Guard target
ide s a
Gu ha
d. Create a scenario to verify Cloud Guard monitoring
is )
th m
e. Remediate problems identified by Cloud Guard
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
218 Security: Enable Cloud Guard

jai
m
Prerequisites
Security: Enable Cloud Guard

ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
You must have access to the OCI Console.
us ail
e .co
th m
is )
Gu ha

ide s a
. no
n-
tra
ns
fe
ra
ble
219
In this section, you will create a VCN by using the Start VCN Wizard tool.
Tasks
1. In the console ribbon at the top of the screen, click the Regions menu and select UK
South (London).
ble
ra
fe
ns
tra
n-
Wizard.
. no
ide s a
Gu ha
• VCN Name: LHR-AA-LAB18-1-VCN-01
•
is )
Compartment: Select your assigned <compartment name>.
th m
e .co
us ail
to gm
se @
en iar

lic agu
Click Create.
ee
8.
im

(ja
u iar
ag
e
m
jai

Explore Cloud Guard
In this practice, you will explore Cloud Guard to obtain a unified view of your tenancy's cloud
security posture. You will also explore detector recipes for monitoring targets and responder
recipes for responding with any problems that occur.
Tasks
ble
1. In the console ribbon at the top of the screen, from the Regions menu, select US East
ra
(Ashburn).
fe
ns
2. From the navigation menu, select Identity & Security, and then click Cloud Guard.
tra
n-
Note: A dashboard with the current Cloud Guard observations is displayed. If the Guided
. no
Tour is displayed, go through the same to explore the various features. You can also click
Stop tour if you are not interested in the tour. Once you are done with the tour, the
ide s a
dashboard with various options under Cloud Guard on the left side in the browser window
Gu ha
is displayed. is )
th m
In the left navigation pane, under Cloud Guard, click Detector Recipes.
e .co
3.
us ail
4. In the left navigation pane, under Scope, select <Tenancy Name> (root).
to gm
Click OCI Configuration Detector Recipe (Oracle managed) and view the detector rules
se @
5.
that are included in this recipe.
en iar
lic agu
6. To view the details of a particular rule, click the disclosure triangle, a downward arrow
located next to the three dots the right of the rule.
ee
im
7. Click Risk level to organize rules by their risk level.

(ja
Click Detector Recipes from the breadcrumb list at the top left.
iar
8.
u
ag
9. Click OCI Activity Detector Recipe (Oracle managed) and explore the rules that are
within activity detector recipe. You also see that for the built-in, Oracle-Managed detector
e
m
recipes, you can clone the recipe. You may clone an existing recipe and customize it to
jai
your needs.
10. Click Detector recipes from the breadcrumb list at the top left.
11. In the left navigation pane, under Cloud Guard, click Responder Recipes.
Security: Enable Cloud Guard 221

12. Click OCI Responder Recipe (Oracle Managed).
View the responder rules that are included in this recipe.
13. To view the details of a particular rule, click the disclosure trx1iangle, a downward arrow
located next to the three dots to the right of the rule.
14. Click Responder recipes from the breadcrumb at the top left.
ble
15. In the left navigation pane, under Cloud Guard, click Managed lists.
ra
fe
16. Click the Oracle Cloud Guard CIDR Managed List.
ns
tra
Note: A managed list is a reusable list of parameters that makes it easier to set the scope
n-
for detector and responder rules. A managed list is a tool that can be used to apply certain
. no
configurations to detectors.
ide s a
Under Entries, observe the predefined list of trusted IP address ranges used by Oracle
Gu ha
Cloud Infrastructure (OCI). Cloud Guard also lets you define your own managed lists as
needed.
is )
th m
e .co
For example, you can define lists of states or provinces, ZIP codes, OCIDs, or whatever
us ail
else you may define. Click the Managed Lists breadcrumbs and you will see an option to
to gm
create your own managed list.

se @
17. In the left navigation pane, under Cloud Guard, click Settings.
en iar
lic agu
Note: Observe the reporting region listed. If you are in the home region of your tenancy,
ee
you will also see the option to Disable Cloud Guard (if it is already enabled). If you are in
any other region, this button will be disabled.
im
(ja
uiar
ag
e
m
jai

Create a Cloud Guard Target
In this practice, you will learn to add target to set scope of resources that Cloud Guard
monitors.
Note: Cloud Guard is enabled in your practice tenancy.
Tasks
ble
ra
fe
South (London).
ns
tra
2. Click the navigation menu, click Identity & Security, and then click Cloud Guard.
n-
. no
3. In the left navigation pane, under Cloud Guard, click Targets.
ide s a
4. In the left navigation pane, under List Scope, and select your assigned <compartment
Gu ha
name>.
is )
th m
Note: If you already have a specific target set for your compartment, delete it.
e .co
Click Create New Target.

us ail
5.
to gm

se @
• Target Name: LHR-AA-LAB18-1-CG-01

en iar
• Description: Enter a description.

lic agu
• Compartment: Select your assigned <compartment name>

ee
• Configuration detector recipe: OCI Configuration Detector Recipe (Oracle managed)

im
• Threat detector recipe: OCI Threat Detector Recipe (Oracle managed)

(ja
• Activity Detector Recipe: Oracle Activity Detector Recipe (Oracle managed)

iar
• Responder recipe: OCI Responder Recipe (Oracle managed)

u
ag
7. Click Create.
e
m
Note: The detail page for the new target will be displayed.
jai
8. In the left navigation pane, under Resources, click Detector recipes and view the detector
recipes associated with the created target.

Create a Scenario to Verify Cloud Guard Monitoring
To identify a problem in the set target, you will create a bucket and make its visibility public.
South (London).
2. Click the navigation menu and click Storage. Under Object Storage, click Buckets.
ble
ra
fe
4. Click Create Bucket.
ns
tra
5. In the Create Bucket dialog box, specify the attributes of the bucket:
n-
• Bucket Name: LHR-AA-LAB18-1-BKT-01-<user-id>
. no
Please specify your user ID in place of <user-id> to make it unique.
ide s a
• Default Storage Tier: Select Standard.
Gu ha
is )
Note: Leave all the other options in their default settings.
th m
e .co
6. Click Create.
us ail
to gm
7. Click the three dots on the right to open the Actions menu and select Edit Visibility. Select
Public and click Save Changes.
se @
en iar
Note: You have now created a bucket with public visibility in the assigned compartment.
lic agu
To assure cloud security posture, the detector recipe includes a configuration rule for
Bucket with a public visibility.
ee
im
As a result, you must wait for Cloud Guard to evaluate your allocated detector
(ja
configuration and list its observations on the set target. Wait 30-60 minutes before
iar
checking the Cloud Guard Dashboard to see if the problem has been identified and
u
resolving it.
ag
e
m
jai

Remediate the Problems Identified by Cloud Guard
1. From the navigation menu, select Identity & Security. Click Cloud Guard.
2. In the left navigation pane, under Cloud Guard, click Problems.
ble
4. View the list of problems Cloud Guard has identified with the resources in your assigned
compartment based on your previous practices. The Problems page displays information
ra
fe
about each problem, including:
ns
• Problem Name
tra
• Risk Level
n-
• Detector Type
. no
• Resource affected
ide s a
• Target
Gu ha
• Region is )
th m
• Labels
e .co
• First Detected
us ail
• Last Detected
to gm
se @
Follow this process to remediate the problem Bucket is Public.

en iar
lic agu
1. In the breadcrumbs at the top left, click Problems.

ee
2. In the left navigation pane, under Resource type, select Bucket.

im
(ja
3. Select “Bucket is Public” from the problem list.

iar
4. Check problem details and problem history, before the actions are taken.
u
ag
Note: As per the problem details, you have the option to remediate (if there are any
e
responder suggestions) or mark it as resolved or dismiss the problem.

m
jai
The problem specifies that Bucket has a public visibility, it is recommended to carefully
assess whether public visibility is required for the mentioned resource and to act if it does
not.
5. Click Remediate and confirm that you want to execute the responder to remediate the
problem.

Note: After a couple of minutes, you will see that the problem is successfully resolved,
and the problem icon turns green.
6. To verify, click Buckets under Object storage. Click the bucket LHR-AA-LAB18-1-BKT-
01-<User_Id>. You will now see that the visibility is now Private.
Similarly, Cloud Guard can remediate or resolve identified problems in your OCI tenancy,
ensuring security posture.
ble
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
Data
e .co
th m
is )
Gu ha
ide s a
Lab 19-1 Practices

. no
n-
tra
ns
fe
ra
ble
Encryption/Decryption of
Security: Create a Vault and
Encryption Key and Perform
Get Started
Overview
OCI Vault is a cloud native service that allows customers to securely store and manage their
master encryption keys and configuration information. The OCI Vault service supports several
key encryption algorithms such as the Advanced Encryption Standard (AES), Rivest-Shamir-
Adleman (RSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA).
ble
This lab enables you to encrypt or decrypt sensitive information (such as credit card details,
salary information, and so on) by using the master encryption key stored in OCI Vault.
ra
fe
ns
a. Create a Vault and a master encryption key
tra
b. Perform basic encryption and decryption by using the master encryption key
n-
Prerequisites
. no
• URL of a precreated encryption script located at a predetermined location git
ide s a
• URL of a precreated decryption script located at a predetermined location git
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
228 Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data
Create a Vault and a Master Encryption Key
You’ll create a Vault and a master encryption key required to perform cryptographic operations.
Tasks
2. From the Main Menu, select Identity & Security, and then click Vault.
3. Click Create Vault.
ble
4. In the Create Vault dialog box, provide the following details:
ra
a. Create in Compartment: Select your <compartment_name>
fe
ns
b. Name: ARCHITECT-ASS-VAULT
tra
c. Do not check the “Make it a virtual private vault” option.
n-
5. Click Create Vault.
. no
It will take about a minute to create the vault. The vault will go through the Creating state to
ide s a
the Active state.
Gu ha
6. Select ARCHITECT-ASS-VAULT from the list of vaults in the root compartment.
is )
th m
7. Locate the Cryptographic Endpoint URL on the Vault Information tab. Copy the URL to
e .co
your clipboard and save it somewhere to use later during encryption process.
us ail
a. Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to gm
8. From the left navigation pane under Resources, click Master Encryption Keys, and then
se @
click Create Key.

en iar
9. In the Create Key dialog box, enter the following values for your key:
lic agu
a. Create in Compartment: <Select your compartment>

ee
b. Protection Mode: HSM

im
c. Name: FRA-AA-LAB19-VK-01
(ja
d. Leave everything else to default values and click Create Key. It will take about a
iar
minute to create the master encryption key. The keys will go through the Creating
u
ag
state to the Enabled state.

e
10. Select your compartment from the Compartment drop-down list in the left column under List
m
Scope. To the right, you will see the key that you created. Click your Master Encrypted Key.
jai
11. On the Key Details page, locate the OCID value on the Key Information tab. Click the Copy
link located to the right of the OCID value. Save the OCID value somewhere to use later
during the encryption process.
Sample: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data 229
Perform Encryption
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and plain text to encrypt. The
provided shell script invokes oci kms crypto encrypt to perform data encryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
ble
a. Go to your home directory.
ra
$ cd ~
fe
ns
b. Get the shell script to encrypt the plain text.
$ wget https://raw.githubusercontent.com/ou-developers/oci-
tra
vaultoperations/main/ocivault-encrypt.sh
n-
c. Make the downloaded shell script executable.
. no
$ chmod +x ocivault-encrypt.sh
ide s a
d. Run the shell script.
Gu ha
$ ./ocivault-encrypt.sh
is )
Note: This command will execute the downloaded interactive script, which will prompt you
th m
for the following values. When prompted, locate, and enter the values that you saved in
e .co
the previous section.

us ail
2. Provide the required parameters as input.

to gm
a. Please enter the OCI Vault Cryptographic Endpoint URL

se @
< OCI Vault Cryptographic Endpoint URL>

en iar
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
lic agu
b. Please enter your Master Encryption Key OCID

< Master Encryption Key OCID>
ee
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
im
(ja
uiar
ag
e
m
jai
c. Please enter the text you wish to encrypt
<Plain text to be encrypted>

Example: HelloWorld
3. The Shell script will invoke oci kms crypto encrypt and perform a cryptographic
operation. The following is a sample output of the script:
Please enter the OCI Vault Cryptographic Endpoint URL
ble
https://xxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
ra
Please enter your Master Encryption Key OCID
fe
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
ns
Please enter the text you wish to encrypt
tra
HelloWorld
n-
{
. no
"data": {
ide s a
"ciphertext":
"QRu3Y6UBExxxxxaSCNyAKuhqRsxxxxxuk/shqzs4iimhWgyyAA==",
Gu ha
"encryption-algorithm": "AES_256_GCM",
is )
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
th m
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
e .co
}
us ail
}
to gm
---------- Encrypted Text ----------

se @
QYcEncB2aSYnAC7QkpXd589LxN8XdddFWJzHyFg2gTKCaCcht97rAAAA==
en iar
lic agu
4. Copy and save the Encrypted Text somewhere to use later during the decryption process.
ee
im
(ja
u iar
ag
e
m
jai
Perform Decryption
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and the encrypted text to decrypt.
The provided shell script invokes oci kms crypto decrypt to perform data decryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
ble
a. Go to your home directory.
$ cd ~
ra
fe
b. Get the shell script to decrypt the encrypted text.
ns
$ wget https://raw.githubusercontent.com/ou-developers/oci-
tra
vaultoperations/main/ocivault-decrypt.sh
c. Make the downloaded shell script executable.
n-
. no
$ chmod +x ocivault-decrypt.sh
d. Run the shell script.
ide s a
$ ./ocivault-decrypt.sh
Gu ha
2. Provide the required parameters as input.
is )
th m
a. Please enter the OCI Vault Cryptographic Endpoint URL
e .co
< OCI Vault Cryptographic Endpoint URL>

us ail
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to gm
b. Please enter your Master Encryption Key OCID

se @
< Master Encryption Key OCID>

en iar
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
lic agu
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
c. Please enter the Encrypted Text (Generated Above)
ee
<Encrypted_Text_from_above_step>
im
Example:
(ja
iar
3. The Shell script will invoke oci kms crypto decrypt and perform a cryptographic
u
operation. The following is a sample output of the script:

ag
e
Please enter the OCI Vault Cryptographic Endpoint URL

m
https://xxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
jai
Please enter your Master Encryption Key OCID

ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
Please enter the Encrypted Text (Generated Above)
{
"data": {
....
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
"plaintext": "ampqanNzc3NzCg==",
"plaintext-checksum": "2060560141"
}
}
---------- Plain Text ----------
ble
HelloWorld
ra
--------------------------------
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Queries
Gu ha
ide s a
. no
Lab 20-1 Practices
n-
tra
ns
Observability and
fe
ra
ble
and Create Monitoring
Management: Configure
Alarms with Notifications
Get Started
Overview
Oracle Cloud Infrastructure (OCI) Observability and Management provides visibility and
actionable insights derived using Machine Learning Algorithms. This platform is open and
extensible, and provides cloud-based monitoring and analytics.
ble
Some of the Observability and Management services include Monitoring, Logging, Event
ra
Services, Logging Analytics, and Application Performance Monitoring. In this lab, you will
fe
create alarms and queries, and trigger alarms.
ns
tra
n-
a. Create a Virtual Cloud Network (VCN)
. no
b. Launch three Compute Virtual Machine instances
ide s a
Gu ha
c. Create alarms and view service metrics
is )
d. Create CPU stress and fire alarms
th m
e .co
e. Create queries
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Assumptions
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 235
Set Up the Environment
In this practice, you will configure the cloud environment, create a virtual network, and
compute instances. The resources created in this practice will help you complete the rest of
the lab.
Task 1: Create a VCN
ble
A Virtual Cloud Network (VCN) defines a private network in the cloud environment where you
ra
can specify networking parameters such as CIDR block and route tables, along with security
fe
controls like access control lists and virtual firewalls. You can also allow connectivity to the
ns
public Internet. In this task, you will create a VCN.
tra
n-
Note: For a production VCN environment, it is recommended to further restrict network
. no
access controls to meet your security requirements.
ide s a
Gu ha
2.
is )
In the console ribbon at the top of the screen, click the Region icon to expand the menu
th m
and select Germany Central (Frankfurt).
e .co
us ail
3. From the navigation menu, under Networking, select Virtual Cloud Networks.
to gm
From the left navigation panel, ensure you are in the compartment allotted to you. Click
se @
4.
Create VCN.
en iar
lic agu
5. In the Create a Virtual Cloud Network dialog box, populate the following information:
ee
• Name: FRA-AA-LAB20-1-VCN-01
im
(ja
• Create In Compartment: <your compartment>.

iar
• IPv4 CIDR Block: 10.0.0.0/16 (Press Enter to add the IP block.)

u
ag
6. Leave other fields as default. Click Create VCN.

e
m
After the VCN is created, click FRA-AA-LAB20-1-VCN-01 VCN to view the details page.
jai
7.
Under Resources in the left navigation panel, click Internet Gateways.
236 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
9. In the Create Internet Gateway dialog box, populate the following information:
• Name: FRA-AA-LAB20-1-IG-01
11. Next, make a quick update to the VCN route table to make use of the Internet Gateway
ble
created in the previous step. Under Resources in the left navigation panel, click Route
ra
Tables.
fe
ns
12. Click Default Route Table for FRA-AA-LAB20-1-VCN-01 and then, click Add Route
tra
Rules.
n-
13. In the Add Route Rules dialog box, populate the following information:
. no
ide s a
• Target Type: Internet Gateway
Gu ha
• Destination CIDR Block: 0.0.0.0/0
is )
th m
• Target Internet Gateway: FRA-AA-LAB20-1-IG-01
e .co
us ail
14. Click Add Route Rules to complete the process.

to gm
15. Finally, create a subnet in the VCN to identify IP space and deploy a VM. Return to the
se @
VCN details page by clicking FRA-AA-LAB20-1-VCN-01 in the breadcrumb list at the top
en iar
of the page.
lic agu
16. Under Resources in the left navigation panel, click Subnets. Then, click Create Subnet.
ee
im
(ja
• Name: FRA-AA-LAB20-1-SNET-01
iar
• Create In Compartment: <your compartment>.

u
ag
• Subnet Type: Regional (Recommended)

e
m
• IPv6 CIDR Block: 10.0.0.0/24

jai
• Route Table Compartment in <your compartment>: Default Route Table
• Subnet Access: Public Subnet
18. Leave other fields as default. Click Create Subnet.
Task 2: Set Up SSH Keys for Virtual Machine Instance
Before launching a Virtual Machine instance, you will create SSH keys to authenticate the
Instance using Oracle Cloud Shell.
1. In the OCI Console ribbon at the top of the screen, ensure that the correct Region is
ble
selected. In this case, the region is Germany Central (Frankfurt).
ra
Click Cloud Shell icon next to the region.
fe
2.
ns
In the Cloud Shell, ensure that you are in the home directory of your account. To check,
tra
3.
run the following command:
n-
. no
$ pwd
ide s a
Gu ha
is )
If you are in your home directory, the value will be /home/<user_name>.
th m
e .co
4. To change the directory to .ssh directory, run the following command:

us ail
to gm
$ cd .ssh/
se @
5. If the previous step shows an error as “No such file or directory,” then run the following
en iar
command:
lic agu
$ mkdir .ssh/
ee
im
6. Now, change directory to .ssh/ by running the following command:

(ja
$ cd .ssh/
uiar
7. To create ssh keys, run the following command:

ag
$ ssh-keygen -b 2048 -t rsa -f sshkeys

e
m
jai
8. Do not enter a password when prompted, press Enter.
Note: There are two files saved into the .ssh directory: sshkeys.pub (public key) and
sshkeys (private key). sshkeys.pub will be used while creating compute instances, and
sshkeys will be used to authenticate.
9. Run the following command to view the contents of the sshkeys.pub public key.
$ cat /home/<user_name>/.ssh/sshkeys.pub
Note: Replace <user_name> with your username as noted in step 3.
10. Copy and paste the content of sshkeys.pub public key into a Notepad file. You will use
this content while creating compute instance.
11. Close the Cloud Shell by clicking X at the top-right corner. Then, click Exit.
ble
ra
fe
Task 3: Launch Compute Virtual Machine Instance
ns
tra
Now, you will launch a Virtual Machine in your newly created VCN. For this lab, you will create
n-
three instances.
. no
In the OCI Console ribbon at the top of the screen, ensure that you have selected the same
ide s a
1.
region where you created the VCN.
Gu ha
2.
is )
From the navigation menu, under Compute, click Instances.
th m
e .co
3. From the left navigation panel, ensure that you are in the compartment allotted to you. To
us ail
create the first instance, click Create instance.

to gm
In the Create compute instance dialog box, enter FRA-AA-LAB20-1-VM-01 in the Name
se @
4.
field.
en iar
lic agu
5. In the Create in compartment field, select <your compartment>.

ee
6. The Availability Domain will be pre-populated to match the subnet you created earlier.
im
(ja
7. Ensure that the Image is selected as Oracle Linux 8. If not, click Change Image and select
Oracle Linux 8.
u iar
ag
8. In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
Memory) [Shape series: Ampere].
e
m
jai
Note: Your options and naming conventions may not match exactly as given here, so
select an appropriate shape if it is shown different for your region.
9. In the Primary network field, select Select Existing Virtual Cloud Network and ensure
FRA-AA-LAB20-1-VCN-01 is specified in the Virtual cloud network field.
10. In the Subnet field, select Select Existing Subnet. Ensure the Subnet is specified as FRA-
AA-LAB20-1-SNET-01.
If not, double-check the compartment is set to <your compartment>. You may have to
switch to a different Availability Domain (see above – the Availability Domain of your
subnet and compute instance must match) to allow the selection of your existing subnet,
if not already selected.
ble
11. In the Public IP address field, select Assign a public IPv4 address.
ra
12. In the Add SSH keys field, select Paste public keys. Then copy the sshkeys.pub public
fe
ns
key from the Notepad (copied earlier in previous task) and paste it in the SSH keys field.
tra
13. Keep the other options default and click Create. The first compute instance is successfully
n-
created.
. no
ide s a
14. Navigate back to the Instances page from the navigation menu. Ensure that the State of
Gu ha
the instance you just created is Running.
is )
th m
15. Copy the Public IP corresponding to the FRA-AA-LAB20-1-VM-01 instance and paste it in
e .co
the Notepad.
us ail
16. Now, click the Cloud Shell icon next to the Region at the top of the screen.
to gm
se @
17. Run the following command with pasting the sshkeys - private key and Public IP:
en iar
$ ssh -i /home/<user_name>/.ssh/sshkeys opc@X.X.X.X

lic agu
▪ Replace <user_name> with your username.

ee
im
▪ Replace X.X.X.X with the public IP address copied in step 15.

(ja
Note: The SSH Key is the private key created in the previous task. It is used to
iar
authenticate.
u
ag
18. Enter Yes when prompted to connect and ensure you are connected to the instance.
e
m
jai
19. Enter exit to close the connection.
20. To create a second instance, repeat steps 2 through 7. Keep all settings the same except
the Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-
VM-02.
22. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
SSH keys field, select No SSH keys.
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
and SSH keys for this instance can be skipped.
ble
23. Keep the other options default and click Create. The second compute instance is
ra
successfully created.
fe
ns
tra
the second instance created is Running.
n-
. no
25. To create a third instance, repeat steps 2 through 7. Keep all settings the same except the
ide s a
Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-VM-
Gu ha
03.
is )
th m
e .co

us ail
27. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
to gm
SSH keys field, select No SSH keys.

se @
en iar
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
lic agu
and SSH keys for this instance can be skipped.

ee
28. Click Create. The third compute instance is successfully created.

im
(ja
the third instance created is Running.

u iar
ag
e
m
jai
Create Alarms and View Service Metrics
In this practice, you will view the service metrics for your instances, confirm that the required
monitoring plug-in is enabled, and set up alarm notifications.
Task 1: Confirm that Compute Instance Monitoring Plug-In Is Enabled
To view the service metrics available in the OCI Console, the compute instance monitoring
ble
plug-in must be enabled. This plug-in emits metrics about the instance's health, capacity, and
ra
performance—such as CPU and memory utilization.
fe
ns
Note: The plug-in will be enabled by default, but it should be confirmed.
tra
n-
1. From the OCI Console navigation menu, under Compute, select Instances.
. no
ide s a
Gu ha
3. Click Oracle Cloud Agent tab.
is )
th m
4. Scroll down to find the Compute Instance Monitoring plug-in and ensure that it is
e .co
running and enabled.

us ail
Navigate back to the Instances page and repeat steps 1-4 for the instance FRA-AA-
to gm
5.
LAB20-1-VM-02.
se @
en iar
6. Repeat steps 1-4 for the instance FRA-AA-LAB20-1-VM-03.

lic agu
ee
im
Task 2: Create a Topic and a Subscription Inside a Topic

(ja
Now that you have confirmed that Monitoring is enabled, you will create an alarm that is
iar
triggered when the service metrics reach a designated threshold. You will see this alarm gets
u
ag
triggered later in the practice when you perform a CPU stress test.
e
To create an alarm, you must first create a notification so that the alarm has a way to notify
m
jai
the relevant parties. For example, an alarm can email an administrator when a CPU usage
threshold has been breached.
1. From the OCI Console navigation menu, select Developer Services. Under Application
Integration, select Notifications.
2. From the left navigation panel, ensure you are in the compartment assigned to you.
3. Click Create Topic.
4. In the Create Topic dialog box, enter FRA-AA-LAB20-1-TOP-01 in the Name field and
enter Description if required as its optional.
5. Click Create.
6. Once the topic state changes to Active, click the topic to view the details.
ble
7. Under Resources, click Create Subscription.
ra
fe
8. In the Create Subscription dialog box, select Email in the Protocol field.
ns
tra
9. In the Email field, enter your email address.
n-
. no
10. Click Create.
ide s a
11. Click the subscription that you just created.
Gu ha
12. The Subscription Information will be displayed with the status as Pending Confirmation.
is )
th m
e .co
13. Check the email account you specified and click the “Confirm subscription” verification
link in it. A pop-up browser window will tell you that the subscription has been confirmed.
us ail
to gm
14. Navigate back to the Subscriptions page and verify that the subscription status has
se @
changed to Active.
en iar
lic agu
Note: You may need to refresh your browser if the status is not updated.
ee
A topic and a subscription inside a topic are successfully created.

im
(ja
iar
Task 3: Create an Alarm for CPU Utilization

u
ag
Now that you’ve created the topic and subscription for a notification, you will create your
e
alarm. This alarm will be activated when the CPU utilization reaches a threshold that you
m
designate.
jai
1. From the OCI Console navigation menu, select Observability & Management. Under
Monitoring, click Alarm Definitions.
2. From the left navigation panel, ensure that you are in the compartment assigned to you.
3. Click Create Alarm.
4. In the Create Alarm dialog box, populate the following information in the Create alarm
section:
• Alarm name: FRA-AA-LAB20-1-ALA-01
• Alarm severity: Critical
• Alarm body: High Usage of CPU
ble
5. The Tags section is optional. Therefore, keep the default selections.
ra
fe
6. Populate the following information in the Metric description section:
ns
tra
• Compartment: <your compartment>
n-
. no
• Metric namespace: oci_computeagent
ide s a
• Metric name: CpuUtilization
Gu ha
• Interval: 1m is )
th m
e .co
• Statistic: Max
us ail
Note: The Resource Group field is optional. Therefore, you can skip it for now.
to gm
se @
7. Populate the following information in the Metric dimensions section:

en iar
• Dimension name: resourceDisplayName

lic agu
• Dimension value: FRA-AA-LAB20-1-VM-01

ee
im
8. Populate the following information in the Trigger rule section:

(ja
• operator: greater than

u iar
ag
• Value: 70
e
• Trigger delay minutes: 1

m
jai
9. Populate the following information in the Define alarm notifications section:
• Destination service: Notifications
• Topic: FRA-AA-LAB20-1-TOP-01
You have created the topic earlier and recall that the topic is the communication channel, such
as email. When the alarm is triggered, a notification is sent to the subscribed email addresses.
10. Select the option Split notifications per metric stream in the Message grouping
section.
With this setting, you are configuring the Alarm to send a message for the specific
instance when it reaches the CPU threshold. The UI shows a message which is just a
ble
reference- Consider limits when the alarm contains a high number of metric streams.
ra
11. You can select the message format, which is generally the first option, Send formatted
fe
ns
messages.
tra
12. You can also choose to have a notification repeated at certain frequencies if an alarm
n-
continues. Keep the Repeat notification option deselected.
. no
ide s a
13. You have the option to suppress the notification. Keep the Suppress notifications option
Gu ha
deselected.
is )
th m
14. Select Enable this alarm and click Save Alarm.
e .co
You should now be able to see the alarm’s details.

us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai
Create CPU Stress and Fire Alarm
In this practice, you will create a CPU Stress on the first instance (FRA-AA-LAB20-1-VM-01),
monitor the effect of CPU stress on the instance, and see an event triggered when the CPU
utilization is greater than the threshold, which causes the alarm to fire.
Task 1: Create CPU Stress for an Instance
ble
Now that you have created an alarm, Observability and Management monitors the working of
ra
instances and sends a notification when the alarm is triggered. For this purpose, the CPU is
fe
subjected to stress and forced to run to its maximum capacity. When the CPU Utilization
ns
metric is greater than the threshold value, the alarm gets triggered.
tra
n-
This is simulated by means of a CPUStress generator. The following steps are with respect to a
. no
Linux OS.
ide s a
1. From the OCI Console navigation menu, under Compute, click Instances.
Gu ha
2.
is )
Click the instance FRA-AA-LAB20-1-VM-01. Copy the Public IP address.
th m
e .co
3. Click the Cloud Shell icon from the Console ribbon at the top of the page.
us ail
to gm
4. Connect to the instance by running the following command:

se @
$ ssh -i /home/<user_name>/.ssh/sshkeys opc@<X.X.X.X>

en iar
lic agu
▪ Replace <user_name> with your username.

ee
▪ Replace X.X.X.X with the public IP address.

im
You should get a message that the FIPS mode is initialized.

(ja
5.
iar
6. Run the following command to install the EPEL (Extra Packages for Enterprise Linux)
u
repository on Linux distributions to install additional standard open-source software

ag
packages by using YUM and DNF package manager. If you are asked if it is OK, enter Y.
e
m
$ sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-

jai
release-latest-8.noarch.rpm
7. Enter Y. You will see Complete! when it is complete.
8. Install the stress package. Stress is a generator tool, devised to subject your system to
configurable measure of CPU, memory, I/O, disk stress. To install, run the following
command:
$ sudo yum install stress
Note: If you are asked if it is OK, enter Y again.
You will get a message when the installation is successful.
ble
ra
fe
ns
Task 2: Include Stress to the Compute Instance
tra
n-
Now, you need to induce stress to the instance. The stress on the compute instances
. no
increases on repeated use of the stress command. Run the following command:
ide s a
$ uptime
Gu ha
$ stress --cpu 8 --timeout 300
is )
th m
e .co
Task 3: Trigger the Alarm

us ail
1. From the OCI Console navigation menu, select Observability & Management. Under
to gm
Monitoring, click Alarm Definitions.

se @
en iar
2. Click FRA-AA-LAB20-1-ALA-01 alarm that you created earlier.

lic agu
3. The icon in FRA-AA-LAB20-1-ALA-01 would have changed to Firing mode due to the
ee
stress induced. This happens when the load on the CPU Utilization crosses the threshold
im
limits. Please wait for a minute if the status is not changed to Firing, and then refresh the
(ja
page.
iar
4. Scroll down to the Alarm history graph, which signifies that the CPU stress has surpassed
u
the set threshold.

ag
e
An email notification is sent to the configured subscription email of the Notifications

m
5.
jai
Topic as Alarm status changes from OK to Firing.
6. The email provides details about Alarm OCID, Number of Metrics breaching threshold,
and Dimensions.
7. Navigate back to the Alarm Definitions page and select the check box against the FRA-
AA-LAB20-1-ALA-01 alarm.
8. Click Actions and select Add suppressions from the drop-down list.
9. In the Suppress Alarms Wizard, select the default Start time and End time and click
Apply suppressions to confirm.
10. Click Close and verify that the column Suppressed shows the alarm is suppressed for the
period.
ble
11. Click the Cloud Shell icon to open Cloud Shell where the stress was initiated on the
Instance. Press Ctrl + C to stop the stress.
ra
fe
12. Navigate back to the Alarm Definitions page and click the FRA-AA-LAB20-1-ALA-01
ns
alarm.
tra
n-
13. The CPU-usage-alarm icon would have changed to OK mode as the stress is now stopped.
. no
ide s a
14. Verify an email notification is not received by the configured subscription email for the
status being changed from Firing to OK. This notification is not sent due to Alarm being
Gu ha
suppressed for the period. is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai
Create Queries
In this practice, you will create different types of queries and see how they are all represented
graphically.
Task 1: Create Standard Queries
In this task, you will learn about query expressions and components, and you will execute
ble
sample queries that can be used with the Monitoring service. The Metrics Explorer creates
ra
queries that are used to search and aggregate metric data points collected from resources.
fe
ns
A standard query includes a metric namespace (the source or application being measured),
tra
metric (what is being measured), interval (over what period), and statistic (how it’s being
n-
measured, e.g., a sum, rate, or max value).
. no
From the OCI Console navigation menu, select Observability & Management. Under
ide s a
1.
Monitoring, click Metrics Explorer.
Gu ha
2.
is )
To create a standard query, populate the following information in the Query section:
th m
e .co

us ail
to gm
• Metric namespace: oci-computeagent

se @

en iar
lic agu
• Interval: 5m
ee
• Statistic: Max
im
(ja
3. Click Update Chart.

iar
The chart generated is the output of the query. It represents the CPU utilization
u
(CpuUtilization) of all instances (oci_computeagent) in the past five minutes. The

ag
corresponding Monitoring Query Language (MQL) is displayed under Query 1.

e
m
jai
Task 2: Create Standard Queries with a Filter
A filter condition is used along with a standard query to display the graphs that satisfy specific
conditions. The filter condition is entered in the Metric Dimensions area and includes a name
and (optional) a value.
1. From the navigation menu, select Observability & Management. Under Monitoring,
click Metrics Explorer.
ble
ra
2. Populate the following information to create a grouping function using Basic mode in the
fe
Query section:
ns
tra
n-
. no
ide s a
Gu ha
• Interval: 5m is )
th m
e .co
• Statistic: Max
us ail
3. In the Metric dimensions section, populate the following information:

to gm
• Dimension name: availabilityDomain

se @
en iar
• Dimension value: Select an availability domain.

lic agu

ee
im
The chart displays the CPU utilization of the compute instances in an interval of five minute
(ja
for the inputted availability domain.

uiar
ag
Task 3: Create Aggregation Using Basic Queries

e
m
jai
Simple aggregation (grouping) function queries return the combined value of all metric
streams for the selected statistic. They can be written manually in the Query Code Editor pane
by checking the Advanced mode option, or you can use the Standard Query mode used above.
Query section:
ble
• Interval: 5m
ra
fe
• Statistic: Max
ns
tra
3. In the Metric dimensions section, populate the following information:
n-
. no
• Dimension name: availabilityDomain
ide s a
• Select the Aggregate metric streams check box.
Gu ha
Note: You can leave the Dimension value field blank for now.
is )
th m
e .co

us ail
The graph displays the aggregation of CPU utilization of all availability domains, with an
to gm
interval of five minutes, and a statistic option of the Max function.

se @
en iar
The selection of Aggregate metric streams check box is referred to as grouping function
lic agu
while using Advanced mode. This query can be viewed with selecting Advanced mode check
box.
ee
im
(ja
Task 4: Create Advanced Queries

u iar
The nested queries are written as part of the Advanced mode in the Query code editor.
ag
e
m

jai
2. Select the Advanced mode check box at the top right of the Query 1 section.
Query section:
▪ Compartment: <your compartment>
▪ Metric namespace: oci-computeagent
4. Enter the following code in the Query code editor field.
ble
(CpuUtilization[1m].max() > 5).grouping().max()
ra
fe
ns
tra
The displayed output groups the compute instances and displays the ones whose
n-
CpuUtilization is more than 5 percent in the past minute.
. no
GroupBy is a grouping function, which can be written using Advanced mode. It is another way
ide s a
to aggregate metric streams. For example, you can group by shape used by the Instance.
1.
Gu ha
To group by shape, enter the following code into the Query code editor.
is )
th m
e .co
CpuUtilization[5m].groupBy(shape).max()
us ail

to gm
The displayed output groups compute instances by shape and displays the CpuUtilization
se @
with an interval of 5 mins and showing the maximum reported value in the graph.
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai
jai
m
e
ag
uiar
(ja
im
ee
lic agu
en iar
se @
to gm
us ail
e .co
th m
is )
Gu ha
ide s a
Lab 21-1 Practices
. no
n-
tra
ns
Observability and
fe
Service Connectors
ra
ble
Management: Configure
Get Started
Overview
A service connector specifies the source logs, optional filtering/processing, execution

frequency, and the destination Object Storage bucket. In this lab, we will enable service logs
for Object Storage events and export them into another Object Storage bucket.
ble
ra
fe
a. Enable service logs
ns
tra
b. Export logs using service connectors
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
Assumptions
ee
im

(ja

u iar
ag
e
m
jai
254 Observability and Management: Configure Service Connectors

Set Up the Environment
In this practice, you will create an automated job to export your log data into the Object
Storage bucket for long-term storage and archive. The Oracle Cloud Infrastructure (OCI)
makes this easy via service connectors, which provide a framework for creating jobs to filter,
process, and move log data from Logging to Object Storage.
Task 1: Create Object Storage Buckets
ble
ra
An Object Storage bucket is a logical container for storing objects. A bucket is associated with
fe
a single compartment that has policies to determine what actions a user can perform on a
ns
bucket and on all the objects in the bucket. The objects can store any type of data regardless
tra
of the content type. In this task, you will create two buckets: one for enabling logging and
n-
another for archiving logs.
. no
ide s a
Gu ha
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu
is )
th m
and select Germany Central (Frankfurt).
e .co
3. From the navigation menu, select Storage. Under Object Storage & Archive Storage,
us ail
click Buckets.
to gm
se @

en iar
In the Create Bucket dialog box, enter FRA-AA-LAB21-1-BKT-01-xxx in the Name

lic agu
5.
field.
ee
Please specify a random number in place of xxx to make it unique.

im
(ja
6. In the Default Storage Tier field, select Standard.

iar
In the Encryption field, select Encrypt using Oracle managed keys.

u
7.
ag
Keep the rest of the options as default and click Create.

e
8.
m
jai
You will now create a second bucket, which will be used as the archive bucket to move
logs generated for read events occurred for the first bucket.
9. Navigate back to the Buckets page from the navigation menu.
Observability and Management: Configure Service Connectors 255

11. In the Create Bucket dialog box, enter FRA-AA-LAB21-1-BKT-02-xxx in the Name
field.
Please specify a random number in place of xxx to make it unique.
12. In the Default Storage Tier field, select Standard.
Note: The Default Storage Tier can also be selected as Archive; however, in this lab, you
ble
will select Standard to immediately download the transitioned log. An object in Archive
Storage Tier needs to be restored first before it can be downloaded.
ra
fe
13. Keep the rest of the options as default and click Create.
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Enable Service Logs
In this practice, you will enable automatic log collection for Object Storage activity (read, write)
for the bucket created earlier.
Task 1: Create a Log Group
1. From the navigation menu, select Observability & Management. Under Logging, click
ble
Log Groups.
ra
fe
ns
tra
3. Click Create Log Group.
n-
. no
4. In the Create Log Group dialog box, ensure that the Compartment field is populated with
<your compartment>.
ide s a
Gu ha
5. In the Name field, enter FRA-AA-LAB21-1-LGP-01.
is )
th m
6. In the Description field, enter a brief description.
e .co
Click Create.
us ail
7.
to gm
se @
en iar
Task 2: Enable Object Storage Log

lic agu
In this task, you will enable logging on the Object Storage bucket created earlier.
ee
im
(ja
Log Groups.
iar
u
ag
3. Click the FRA-AA-LAB21-1-LGP-01 log group.

e
m
4. From the left navigation panel, select Logs.

jai
5. Click Enable service log.

6. In the Enable Resource Log dialog box, populate the following information:
• Resource Compartment: <your compartment>
• Service: Object Storage
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
• Log Category: Read Access Events
ble
ra
• Log Name: FRA-AA-LAB21-1-SLOG-01
fe
ns
7. Click Enable Log.
tra
n-
8. Review the log details page. It may take a couple minutes for the service to complete
. no
configurations. The Status under Log Information should be Active.
ide s a
9. Navigate back to the Logs page and click Enable service log.
Gu ha
10. In the Enable Resource Log dialog box, populate the following information:
is )
th m
e .co
• Resource Compartment: <your compartment>

us ail
• Service: Object Storage

to gm
se @
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
en iar
• Log Category: Write Access Events

lic agu
ee
• Log Name: FRA-AA-LAB21-1-SLOG-02

im
11. Click Enable Log.

(ja
iar
12. Review the log details page. It may take a couple minutes for the service to complete
u
configurations. The Status under Log Information should be Active.

ag
e
m
click Buckets.
jai
14. Click the FRA-AA-LAB21-1-BKT-01-xxx bucket.
15. Under Resources in the left navigation panel, click Logs.
16. Verify that the status of Read Access Events is Active and Enabled with Log Group FRA-
AA-LAB21-1-LGP-01 and Log Name FRA-AA-LAB21-1-SLOG-01.

17. Verify that the status of Write Access Events is Active and Enabled with Log Group FRA-
AA-LAB21-1-LGP-01 and Log Name FRA-AA-LAB21-1-SLOG-02.
18. Under Resources in the left navigation panel, click Objects.
19. Verify that the bucket is empty.
Note: Leave the bucket empty for now. In a later task, you will upload a few objects into
ble
the bucket that generates write events and those logs (applied with a filter) will be
transitioned into the second Object Storage bucket.
ra
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
u iar
ag
e
m
jai

Export Logs Using Service Connectors
In this practice, you will explore the contents of your logs using the built-in search capabilities
provided by the Logging service. This will validate that the logging is working for FRA-AA-
LAB21-1-BKT-01.
In a later task, you will configure a service connector to export logs into second Bucket FRA-
AA-LAB21-1-BKT-02.
ble
ra
Task 1: Validate Logs with Log Search
fe
ns
tra
Search. You will now create search criteria and look for logs pertaining to your bucket,
n-
FRA-AA-LAB21-1-BKT-01-xxx.
. no
Click Select logs to search text field.
ide s a
2.
Gu ha
3. In the Select logs to search field, click x to remove <your compartment> if selected by
default.
is )
th m
e .co
4. Expand the (root) compartment under the Compartment column and select <your
us ail
compartment> from the Compartment list.

to gm
Note: Do not click the plus (+) sign. Click the compartment name only.
se @
en iar
This step will bring up the log groups in that compartment without including the
lic agu
compartment itself as part of the search criteria. You don’t want the compartment itself
included, because you don’t want all the logs for that compartment in the search results.
ee
im
5. In the Log Groups column, select the FRA-AA-LAB21-1-LGP-01 log group, but again, click
(ja
the name only without clicking the plus sign. This will bring up the logs for that log group.
iar
In the Logs column, select FRA-AA-LAB21-1-SLOG-01.

u
6.
ag
7. This time, click the plus (+) sign to add it as the only search criteria. The Select logs to
e
m
search field at the top of the dialog box will be updated.

jai
8. Click Continue to execute the search.
9. Verify that the graph shows the corresponding log records. If the graph is not displayed,
change the Filter by time field to Past hour.

10. In the Custom filters field at the top of the Search area, enter data.message =. You can
then select from the list to further refine your search. Select one of the log records listed
that contains the specific message.
The graph and log section will be updated based on the selected data.message.
ble
Task 2: Create a Service Connector
ra
fe
ns
Service Connectors.
tra
Click Create Service Connectors.
n-
2.
. no
3. In the Create service connectors dialog box, populate the following information:
ide s a
• Connector name: FRA-AA-LAB21-1-SC-01
Gu ha
is )
• Description: <description>
th m
e .co
• Resource compartment: <your compartment>

us ail
to gm
• Source: Logging
se @
• Target: Object Storage

en iar
lic agu
4. In the Configure source section, ensure that the following information is populated:
ee

im
(ja
• Log Group: FRA-AA-LAB21-1-LGP-01

iar
• Logs: FRA-AA-LAB21-1-SLOG-02
u
ag
5. Wait a few seconds for Log filter task section to load. Then in the Property field, enter
e
m
data.requestAction.
jai
6. In the Operator field, select =.
7. In the Value field, enter PUT and press the Enter key.

8. Keep the Configure task section as default. In the Configure target section, populate the
following information:
• Bucket: FRA-AA-LAB21-1-BKT-02-xxx
Note: Do not click Create in the “Create default policy allowing this service connector to
ble
write to Object Storage in compartment <your compartment>” message box. The policies
are already added to your compartment.
ra
fe
Click Create.
ns
9.
tra
10. Navigate to the Service Connectors page using the breadcrumb list.
n-
. no
11. Verify that the Status column shows Active for FRA-AA-LAB21-1-SC-01, the Source
ide s a
column shows as Logging, and the Target column as Object Storage.
Gu ha
Note: The service connector is created to move log data that contains the
is )
data.requestAction=PUT into the Object Storage bucket- FRA-AA-LAB21-1-BKT-02-xxx.
th m
e .co
The log message is generated when an object is uploaded in the bucket. To generate a
specific log with PUT action, you will upload objects into the bucket using OCI CLI.
us ail
to gm
se @
Task 3: Upload Objects into Object Storage Bucket

en iar
lic agu
1. In the OCI Console header, click the Cloud Shell icon next to the Region icon.
ee
Once the Cloud Shell launches, run the following commands:

im
2.
(ja
$ echo "Object Storage Bucket Write Event 1" >> labobject1.txt

iar

u
ag
e
m
3. Run the following command to verify if the files are created successfully:
jai
$ 1s
The three files, labobject1.txt, labobject2.txt, and labobject3.txt, should be

listed.

4. Run the following command to upload the labobject1.txt file into the bucket:
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-xxx" --

name labobject1.txt --file ./labobject1.txt
An output in JSON format should be returned with etag, last-modified, opc-content-md5

along with each of their values.
5. Run the following command to upload the labobject2.txt file:
ble
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-
<User_Id>" --name labobject2.txt --file ./labobject2.txt
ra
fe
6. Run the following command to upload the labobject3.txt file:
ns
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-xxx" --
tra
name labobject3.txt --file ./labobject3.txt
n-
. no
7. Once done, close the Cloud Shell window.
ide s a
Gu ha
Task 4: Verify the Logs Archived by Using Service Connector
is )
th m
e .co
The log content archived to Object Storage is aggregated via batches (default every seven
us ail
minutes) and stored in .gz format. The timestamps allows easy retrieval by time ranges. In
to gm
this task, you will locate the archived content and optionally download/extract/view to
validate the storage integrity.
se @
en iar
Note: This task needs to be run after 7 minutes, which is the rollover time for uploading files
lic agu
into the Object Storage bucket.

ee
im
click Buckets.
(ja
iar
2. Click the FRA-AA-LAB21-1-BKT-01-xxx bucket.

u
ag
3. Verify that the new objects, labobject1.txt, labobject2.txt, and

labobject3.txt, are uploaded and displayed.
e
m
jai
4. Navigate back to the Object Storage page by using the breadcrumb list and click the
FRA-AA-LAB21-1-BKT-02-xxx bucket.

5. Verify that there is a folder created for the service connector, and expand the bucket
contents to view archive content in timestamped log.gz format.
Note: It may take a few minutes after creating the connector for initial content to land in
the bucket.
6. Select the content check box and click the three dots on the right to download, extract,
and view the file.
ble
User your preferred log or text viewer to verify the content.
ra
7.
fe
ns
tra
n-
. no
ide s a
Gu ha
is )
th m
e .co
us ail
to gm
se @
en iar
lic agu
ee
im
(ja
uiar
ag
e
m
jai

Oracle Cloud Infrastructure Architect Associate - Activity Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oracle Cloud Infrastructure Architect Associate - Activity Guide

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Learn more from Oracle University at education.oracle.com

Oracle Cloud Infrastructure

of their respective owners.

Third-Party Content, Products, and Services Disclaimer

Create a Policy (Without Identity Domains Enabled) ...................................................................... 24

Create a Dynamic Group (Without Identity Domains Enabled) ...................................................... 26

Get Started ...................................................................................................................................... 28

Create a Virtual Cloud Network ...................................................................................................... 29

Networking - Virtual Cloud Network: Configure Local VCN Peering .......................................... 30

Create Virtual Cloud Network 01 .................................................................................................... 33

Create Virtual Cloud Network 02 .................................................................................................... 34

Connect the VCNs........................................................................................................................... 36

Add Route Rules ............................................................................................................................. 37

Add Security Rules .......................................................................................................................... 38

Networking - Virtual Cloud Network: Configure Remote VCN Peering....................................... 39

Copyright © 2023, Oracle and/or its affiliates.

Oracle Cloud Infrastructure Architect Associate – Table of Contents iii

Add Route Rules ............................................................................................................................. 48

Generate SSH Keys........................................................................................................................ 77

Create a Compute Instance ............................................................................................................ 82

Install an Apache HTTP Server on the Instance............................................................................. 84

Compute: Create a Capacity Reservation and Launch Instances ............................................... 86

Get Started ...................................................................................................................................... 87

Create a Virtual Cloud Network and a Subnet ................................................................................ 88

Create a Capacity Reservation ....................................................................................................... 89

Create Instances in a Capacity Reservation................................................................................... 91

Move an Instance out of a Capacity Reservation ........................................................................... 93

Adding an Instance to a Capacity Reservation ............................................................................... 94

Compute: Configure Metric-Based Autoscaling .......................................................................... 95

Create a Virtual Cloud Network and Its Components ..................................................................... 98

Create a Load Balancer .................................................................................................................. 100

iv Oracle Cloud Infrastructure Architect Associate – Table of Contents

Get Started ...................................................................................................................................... 114

Attach a Block Volume to a Compute Instance .............................................................................. 142

Detach a Block Volume................................................................................................................... 147

Get Started ...................................................................................................................................... 149

Create Two Block Volumes............................................................................................................. 150

Create a Volume Group .................................................................................................................. 152

Activate the Volume Group Replica ................................................................................................ 156

Disable Replication for a Volume Group ......................................................................................... 157

File Storage: Create and Mount a File System .............................................................................. 158

Get Started ...................................................................................................................................... 159

Create a Virtual Cloud Network and Its Components ..................................................................... 161

Create a VM Instance ..................................................................................................................... 164

Create a File System ...................................................................................................................... 167

Configure VCN Security Rules for File Storage .............................................................................. 169

Oracle Cloud Infrastructure Architect Associate – Table of Contents v

Configure VCN Security Rules for File Storage .............................................................................. 189

Create a Virtual Cloud Network ...................................................................................................... 220

Create a Cloud Guard Target ......................................................................................................... 223

Create a Scenario to Verify Cloud Guard Monitoring ..................................................................... 224

Remediate the Problems Identified by Cloud Guard ...................................................................... 225

Get Started ...................................................................................................................................... 228

Perform Encryption ......................................................................................................................... 230

Perform Decryption ......................................................................................................................... 232

Observability and Management: Configure Alarms with Notifications and Create

Monitoring Queries ........................................................................................................................... 234

Get Started ...................................................................................................................................... 235

Set Up the Environment .................................................................................................................. 236

Create Alarms and View Service Metrics ....................................................................................... 242

Create CPU Stress and Fire Alarm ................................................................................................. 246

Copyright © 2023, Oracle and/or its affiliates.

vi Oracle Cloud Infrastructure Architect Associate – Table of Contents