Fundamentals of Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI) is a platform for cloud computing. It provides servers, storage, network, applications, and services through a global network of Oracle Corporation-managed data centers. Oracle Cloud provides Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Data as a Service (DaaS).
The major business benefits of OCI are
- Swift Deployment,
- Multi-tenancy Support,
- Reduced Operational Costs,
- Optimised Performance, and
- Enhanced Security
What are the different OCI components?
- OCI mitigates the risk of failures by using different availability domains and fault domains. OCI region comprises one or more available domains. Availability domains are fault tolerant
- OCI Regions should be near the user to have low latency; data regulatory compliance requirements also need to be taken into consideration. Availability domains are fault tolerant as they do not share common hardware
- Fault domains are logical data centers and are also fault-tolerant, Fault domains (Fd) help the maintenance of hardware without affecting the other. Hence there will be zero downtime.
- For example, in RAC db, two different nodes are placed in two different FDs and the standby database is kept in different AD
Oracle Cloud Infrastructure Identity and Access Management (IAM) lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources. This section gives you an overview of IAM components
The main components of OCI IAM are
- Resource: Cloud objects that users or admin create, change and use when working with Oracle Cloud Infrastructure. For example, computer instances, block storage volumes, virtual cloud networks (VCNs), subnets, route tables, databases, web servers, etc.
- User: A entity or an individual that needs to work or use your Oracle Cloud Infrastructure resources. As per the business requirement and necessity and need users might need to work with instances, remote disks, and work with your virtual cloud network, and other resources of the OCI.
- Group: A set of users who need the same type of privileges to a set of resources or compartments.
- Compartment: Compartments are virtual components of Oracle Cloud Infrastructure like directories in an OS, used for organizing and isolating your cloud resources. You use them to isolate and group resources to measure usage and billing, access (using policies), etc. Compartments make the management of resources easy. A common approach is to create a compartment for each major part of your organization.
Compartments facilitate better resource management
• Resources can be moved across different compartments.
• We can also create different restrictions on compartments using policies.
• Principal is an IAM entity that is allowed to interact with OCI resources.
- Tenancy: It is a logical and root compartment that contains all the organization’s Oracle Cloud Infrastructure resources. Oracle by default creates your company’s tenancy for you. All the IAM entities like users, groups, compartments, and some policies are inside the tenancy, one can also make and assign policies for compartments inside the tenancy). Other cloud resources (e.g., instances, virtual networks, block storage volumes, etc.) are also present in compartments that you create.
- Policy: – A Policy is a document that has a set of rules that state who can access which Oracle Cloud Infrastructure resources your company has, and how. A policy simply allows a group to work in certain ways with specific types of resources in a particular compartment. The same policy can be used across multiple groups/users.
OCI IAM is used for Authentication (Authn) and Authorization (Autz) purposes for various resources used in the OCI environment. It provides access to appropriate users for handling various resources in OCI or restricting unauthorised access to resources
Authn: Generally, deals with authentication users – Authn can be done by using name and password or using API signing key or by auth tokens.
Autz: what permission users have – Done by policies – Generally, the policies apply to compartments or tenancy.
Autz can be of the below privileges
Oracle Cloud Infrastructure (OCI) networking and connectivity products and services enable customers to manage and scale their networks.
Customers can connect securely to a customizable, isolated virtual cloud network (VCN). High availability, security, and scalability are the main characteristics of VCN. VCN can be further broken down into smaller networks and can be used by different resources.
The Internet gateway is used for managing OCI resource connectivity to the internet. NAT gateway to enable one-way connectivity to the internet. A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet.
Route tables have different rules configured to handle traffic and send the data to the right destination. VCN uses the route tables to send the traffic to the internet, on-premises network, or peered VCN. Each VCN automatically comes with a default route table that has implicit rules which include the routes for VCN CIDRs. If you do not specify otherwise, every subnet uses the VCN’s default route table.
One needs to add a route table at the time of subnet creation itself. Based on the traffic requirement, you can change which route table the subnet uses at any time. One can also edit a route table’s rules or also delete all the rules from the table.
Security List and Security Groups
A ‘security list’ lets you define a set of security rules that applies to all the VNICs in a subnet whereas Network Security Groups (NSG) let you define a set of security rules that applies to a group of VNICs of your choice. NSGs’ security rules apply only to the resources in that NSG. Network security groups (NSGs) also act as virtual firewalls for your compute instances and other kinds of resources.
These rules apply to two types of traffic — Ingress: Incoming Traffic : Egress: Outgoing Traffic
The Oracle Cloud Infrastructure Load Balancer distributes traffic from one entry point to multiple servers at the destination. This can help to distribute the load to many servers and hence gives better performance and fault tolerance. Service offers a load balancer with your choice of a public or private IP address, and provisioned bandwidth.
OCI provides the below types of load balancers
• Layer 3 network load balancer
• Layer 4 network load balancer
• Layer 7 HTTP load balancer
• Advanced features
It provides virtual servers to cater to high computing needs. Here are some of the key features of OCI compute
• High performance
• No pricing
There are three different machine types by which the applications can select based on the compute capacity—small, medium, and large. Based on the need of the application one can choose any of the above machine types.
There are 3 types of Instances in OCI compute.
- Bare Metal (BM) Instance: you will get direct access to the underlying hardware. It gives a dedicated physical server for the Highest performance & strong isolation. It is used for heavy workloads.
- Virtual Machine (VM) Instance: VM instance runs on top of Bare Metal hardware. There is a hypervisor on top of the Bare Metal server to virtualize it in smaller VMs. VMs are ideal for running applications that do not require the performance and resources (CPU, memory, network bandwidth, storage) of an entire physical machine.
- Dedicated VM Host: It is a combination of Bare Metal and Virtual Machine. In this multiple VMs are running on Bare Metal and the whole server is dedicated to a single host. Till now Autoscaling & Instance pool is not supported in these instances.
Scaling for compute instances
Scaling is an important feature of OCI compute and can be done horizontally or vertically
- Horizontal scaling: Scaling can be done by adding more virtual machines to handle more traffic
- Autoscaling: An important feature of OCI which helps in better infrastructure/capacity management and removes manual intervention. Based on some traffic needs, the resources are scaled up or down by OCI.
- Vertical scaling: means changing the type of virtual machine to a larger, more powerful version.
Scale down and scale up are the terms used for horizontal scaling based on if the servers are added or removed to the instances.
OSMS is an OS management service to automate OS management in OCI. It has two important features.
With the OS Management Service (OSMS), Oracle Cloud Infrastructure provides a service to fully automate the patching of your Oracle Linux or Windows instances. It allows you to organize your systems into groups and then schedule jobs to apply the latest updates to all these systems. There is a wide range of predefined software sources to choose from, providing the full wealth of the Oracle yum repositories to your Linux systems. In the simplest case, this will keep all your systems up to date with the latest patches all the time. In many cases, this eliminates the burden of constantly chasing security updates and keeping your fleet patched.