
















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Oracle Cloud Infrastructure offers autonomous operations, integrated security, and truly elastic, serverless services in our global public cloud regions or within your data center. Run crucial enterprise applications with high performance, scale, and availability while lowering your costs.
Typology: Study notes
1 / 24
This page cannot be seen from the preview
Don't miss anything!

















Offers cloud applications and cloud infrastructure all in one secure, hyperscale cloud. Customers can use it in multiple ways and is very flexible. Can bring their own applications or third parties. Can build new applications using developer services (Apex, Kubernetes) or AI services. Organizations can run their entire business. Very Comprehensive so can serve many roles within an organization. Distributed Cloud – Customers can get oracle cloud services in many ways. Can get through public cloud and gain sustainability, security and scalability benefits. Can also get cloud services on premises through hybrid cloud capabilities (Exadata Cloud@Customer) Or can get the whole portfolio of Oracle Cloud Services through dedicated regions. Multicloud – Customers generally use 2 or more cloud providers to get the best of multiple vendors and benefit from the cloud.
Oracle cloud is classified into 2 categories:
**1. Oracle Cloud Infrastructure
Supply Chain Management provides planning and centralized management of the flow of goods and services (Supply Chain Planning, Inventory Management, Logistics and Blockchain). Human Capital Management includes services for human resources, which includes recruitment, workforce management, payroll and HR analytics services. Oracle Advertising and Customer Experience offers to help with managing and serving lasting customer relationships. Oracle Industry Cloud Solutions and purpose-built applications which will help you build, run, and grow a business from top to bottom. There are several services for construction and engineering, communications, healthcare and many more. There are also Independent software vendor and custom applications which can be deployed on top of OCI.
There are 3 main constructs of this physical architecture of OC,
**1. Regions
Fault domain is a grouping of hardware and infrastructure within each availability domain. All domains allow you to distribute your cloud resources such as compute instances to ensure that they are not all running on the same physical hardware within a single availability domain, helping to avoid any single point of failure. Choosing a Region Location : Closest to the majority of users for reasons such as lower latency and highest performance. Data Residency & Compliance : Many countries have very strict data residency requirements. So, you would select a region in that country if that was the case. OCI Service Availability : Some services are not offered everywhere. New cloud services are made available based on regional demand, regulatory compliance, resource availability and other factors. Availability Domain is one or more data centers located within a region. These availability domains are isolated from each other providing fault tolerance therefore unlikely to fail simultaneously. This is made possible because the physical infrastructure of the availability domain such as the power or cooling and the internal network, they are not shared with another availability domain. This means that failure in one availability domain does not impact resources running on other availability domains within that same region. Fault Domain is grouping of infrastructure and hardware within an availability domain. You control the placement of your infrastructure resources, such as virtual machines or cloud storage to specific fault domains as you're configuring the provisioning of those resources. The key purpose of using separate fault domains is to protect against any
A virtual machine (VM) is a logical server that runs on top of a physical bare metal server, which means there are multiple VMs that can be running within a single physical server. In this case those other virtual machines could be associated with another Oracle customer, but these VMs are highly secured. At the logical level they cant see or access each other. In fact as a cloud customer you don’t even know which physical server is hosting your VM. Virtual Machines are ideal for running many types of applications since most apps don’t require the performance and resources of an entire physical machine. In the Bare Metal machine you are provided a dedicated physical server for the highest performance. Use for workloads that are too CPU-intensive to run on a VM or for running third-party apps that require separate hardware, or you might have a requirement to run performance-intensive workloads. The dedicated VM host allowing you to run your VMs on a dedicated server as opposed to them running on a shared physical server. This compute type is actually a bare metal machine instance. The difference is that it is set up to only host your virtual machines
A template that determines the resources (no. of CPUs, the amount of memory) allocated to an instance. Currently OCI allows to choose either AMD, Intel or Arm-based processor.
There are 2 types of shapes:
File storage is usually used as a shared storage for multiple compute instances. It's ideal for applications that are running on containers or big data and analytics workloads. In contrast to block volumes where data is stored as blocks, in file storage, the data is managed as files. And there are several advanced capabilities that you can leverage when using the file storage service that makes it ideal for running microservices-based appl ications. The object storage service provides internet-scale, high performance storage, which is reliable, and it provides more cost-efficient data durability options. Object storage is most often used for storing unstructured data, such as image files or videos or log files. Data is managed as objects where these objects are stored in a construct called buckets. A bucket can be considered like a folder that's used to contain these objects, and it provides several advanced capabilities which makes this a reliable and durable storage platform. Object Versioning – maintain multiple versions of a particular object.
The core resource you can provision for network computing is called a Virtual Cloud Network (VCN). Instances such as VMs need to communicate with each other. They could also have requirements to access other resources or services available on the internet, or there could be users on the internet that may need to connect to and communicate with one or more of those compute instances. The VCN represents a traditional network, meaning it has all the features of a physical network. You can configure constructs, such as public subnets and private subnets. Think of these as a subdivision of the larger network, sometimes referred to as a subnetwork. The VCN itself is defined as a virtual private network that you can set up for secure communications between resources. It is a regional service, which means a VCN resides in a single OCI region. Fortunately, you can use a VCN across multiple availability domains that belong to that OCI region. This service is designed as highly available, and it is massively scalable. Most importantly, this is a highly secure network since it is designed to be private as its default. Essentially, no one can use or access it unless you explicitly define that specific allow rule. VCN will have a large pool of IP addresses. The IP address 10.0.0.0/16 is using a notation, in this case, 16, which defines over 65,000 IP addresses for the network. An IP address is simply a number that can be attached to a resource such as a compute instance to uniquely identify and locate it.
In this case, we need to add a dynamic routing gateway to the VCN. You'll need another OCI service in addition to the dynamic routing gateway in order to achieve this connectivity to a private on-premises network.
1. Site-to-Site VPN provides a private and secure communications tunnel. When you need to access your corporate office network from your home network you first connect to the corporate VPN, and then you would be able to access internal corporate websites. OCI site-to-site VPN is a similar VPN service.
OCI leverages a Shared Security Model which means that the overall security of your resources in OCI is a shared responsibility between you as the customer and Oracle. To better understand the Shared Security Model, let's contrast by first looking at an onpremises environment where the customer is running their own workloads in their own data center. The customer has full responsibility of managing the security of this entire physical and logical infrastructure stack, everything from the physical data center, the physical network, the servers, all the way up to the applications and the data.
Compare this now to a customer running their workloads on OCI. Oracle maintains responsibility for managing security of the underlying cloud infrastructure, such as the data center facilities, the hardware for the physical network, storage, and servers that run the virtualization software. The customer is responsible for securing workloads and the application stack along with securely configuring cloud resources, such as compute, storage, network, and databases. In this Shared Security Model, OCI provides many security services that you can easily leverage to protect your cloud applications and resources. Starting with the infrastructure protection layer , there are services, such as the web application firewall for securing any internet facing application server, which will filter malicious inbound web traffic. You can configure security lists or network security groups which essentially function as virtual firewalls in your VCN. Additionally, the network firewall service is a cloud native firewall that can control all types of traffic into your applications. The second layer of security services involve Identity and Access Management. By default, access to all cloud resources is completely restricted. No one can access them. But you can explicitly grant access to one or more resources using IAM policies. You can create user accounts and groups and set policies to allow them the most restrictive access to just the specific cloud resources they need. Multifactor authentication provides an additional level of security where user would need to log in using their password, then also provide an additional passcode that is dynamically generated by an authentication app.
Oracle offers a range of database services in Oracle Cloud. In general, we can break them down by where the system is residing, whether it’s Oracle public cloud or is it the customer data center and who is managing the infrastructure and the database. The first offering that we have is the Base Database Service. It is built on standard compute and storage options, and it offers both Oracle Database Standard and Enterprise Edition. It's typically for workloads with smaller processing and storage requirements. Then we have Exadata Database Service on dedicated infrastructure in the public cloud and Exadata Cloud@Customer. They are both built on the Exadata platform and, as a result, offer the highest performance scale and availability. Now Exadata Cloud@Customer offers the same cloud economics and cloud automation as Exadata Database Services on dedicated infrastructure in Oracle public cloud but it's deployed in customer data centers. Then we have the Autonomous Database, which is fully autonomous and managed by Oracle and is available both in Oracle public cloud on OCI and in the customer's data center on Exadata Cloud@Customer. Now when you create an Autonomous Database, you can deploy it to one of two kinds of Exadata infrastructure, shared and dedicated. And then there are different workload types- Autonomous Transaction Processing , which is built for transactional workloads, and Autonomous Data Warehouse that is built for decision support and data warehouse workloads.
The deployment options- The first one is dedicated , where you have exclusive use of the Exadata hardware. Then we have shared where you can provision and manage only the Autonomous Database, while Oracle is going to handle Exadata infrastructure deployment and management. We also have two more workload types, which is JSON and APEX , which are supported only on shared infrastructure. Autonomous databases automatically backup your database for you. It provides automated patching, upgrades, and tuning, including performing all routine database maintenance tasks while the system is running and all this without any human intervention. MySQL HeatWave A fully managed database service that enables customers to run OLTP, OLAP, and machine learning workloads directly from their MySQL database. It's powered by the integrated HeatWave in-memory query accelerator, and it's the only Cloud native database service that combines transactions, analytics, a nd machine learning services into MySQL database and, in turn, delivering realtime secure analytics without the complexity latency and cost of ETL duplication and it also accelerates MySQL queries by 400 times.
Then we have the OCI DevOps service, a complete continuous integration and continuous delivery platform for developers to simplify and automate their software development lifecycle. And then we have the Resource Manager that lets you deploy infrastructure a scode with managed Terraform. And finally, the Developer Resources , which are tools for writing applications that leverage OCI directly.
The three foundational services- monitoring , logging , and events. To better understand these services, let's look at an example that involves the active monitoring of compute instance virtual machines. So, let's imagine that these three VMs are running one or more applications. And these servers would, of course, be consuming compute resources such as CPUs and memory. This resource utilization data is referred to as metrics. Next, we define some conditions, such as aggregating this data or measuring the latest CPU utilization for each VM. We can then create an alarm. And in this case, we define the criteria for the alarm to be triggered if the CPU utilization goes above 80% on any of these compute VMs. Finally, in this scenario, we configure a notification that sends an email to someone on the operations team when this condition occurs. This is a simple example workflow illustrating the importance of monitoring. Observability , by definition, is the ability to understand the internal state of a system by performing a deeper analysis of the collected data. There are four conceptual observability pillars of data. The first one is metrics , Simply raw data about some system or component, such as resource utilization, CPU use, or memory consumption or it could be data about the amount of storage that has been used.
The second pillar includes logs. These are usually created automatically and are used continuously by any system, such as a virtual machine or a network or even an application. It can be anything. These logs typically provide a timestamp and detailed information as to what is happening at that moment in time. For example, if an application is trying to connect to another application, this will be captured in the log. The third one is traces. Like logs, except they are not scoped to a single system or application. Instead, traces provide data about how separate components are operating and performing with one another. For example, if a user tries to connect to an application running in a VM, trace info would have details about the connection, such as how they connected and from which device the connection was made. The last one is events. Events are similar to both metrics and logs in that they produce data associated with a specific resource but indicate what specific action has occurred. For example, when a new compute VM is created, a VM Create Event is produced with all of the associated metadata about that event. Other examples include deleting a VM, creating or deleting an object storage bucket, or adding a dynamic routing gateway to a VCN. So then, there are several observability and management services that use these data pillars that can be used to analyze deeper as to what is really happening in the entire environment. The monitoring, logging, and event services are essentially the foundation of the Observability and Management platform. But OCI also provides other more advanced services. These include Logging Analytics , Application Performance Monitoring , Database Management Services , and Operations Insights. The OCI Monitoring service enables you to both actively and passively monitor cloud resources. Active monitoring involves the collection of raw metrics about a resource and then you can create alarms to trigger a notification, for example, if something is reported as a failure.