Oracle Cloud Overview: Architecture, Services, and Use Cases, Study notes of Computer Applications

Oracle Cloud Infrastructure offers autonomous operations, integrated security, and truly elastic, serverless services in our global public cloud regions or within your data center. Run crucial enterprise applications with high performance, scale, and availability while lowering your costs.

Typology: Study notes

2018/2019

Uploaded on 10/11/2023

shreeyas-sambandan-prabakaran
shreeyas-sambandan-prabakaran 🇮🇳

3 documents

1 / 24

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ORACLE CLOUD OVERVIEW
WHY ORACLE CLOUD?
Offers cloud applications and cloud infrastructure all in one secure, hyperscale
cloud.
Customers can use it in multiple ways and is very flexible.
Can bring their own applications or third parties.
Can build new applications using developer services (Apex, Kubernetes) or AI
services.
Organizations can run their entire business.
Very Comprehensive so can serve many roles within an organization.
Distributed Cloud – Customers can get oracle cloud services in many ways.
Can get through public cloud and gain sustainability, security and scalability
benefits.
Can also get cloud services on premises through hybrid cloud capabilities
(Exadata Cloud@Customer)
Or can get the whole portfolio of Oracle Cloud Services through dedicated
regions.
Multicloud – Customers generally use 2 or more cloud providers to get the best
of multiple vendors and benefit from the cloud.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18

Partial preview of the text

Download Oracle Cloud Overview: Architecture, Services, and Use Cases and more Study notes Computer Applications in PDF only on Docsity!

ORACLE CLOUD OVERVIEW

WHY ORACLE CLOUD?

Offers cloud applications and cloud infrastructure all in one secure, hyperscale cloud. Customers can use it in multiple ways and is very flexible. Can bring their own applications or third parties. Can build new applications using developer services (Apex, Kubernetes) or AI services. Organizations can run their entire business. Very Comprehensive so can serve many roles within an organization. Distributed Cloud – Customers can get oracle cloud services in many ways. Can get through public cloud and gain sustainability, security and scalability benefits. Can also get cloud services on premises through hybrid cloud capabilities (Exadata Cloud@Customer) Or can get the whole portfolio of Oracle Cloud Services through dedicated regions. Multicloud – Customers generally use 2 or more cloud providers to get the best of multiple vendors and benefit from the cloud.

INTRODUCTION

Oracle cloud is classified into 2 categories:

**1. Oracle Cloud Infrastructure

  1. Oracle Cloud Applications OCI** These are infrastructure and platform services that are designed to run any type of application, could be modern cloud-native application or service or any other mission-critical workloads. The Global Cloud Datacenter Infrastructure is the physical foundation organized into geographic regions that comprise the OCI platform. Compute, Storage and Networking together form the core services of OCI. Compute – provides compute capacity with CPUs and memory, often provisioned as virtual machines. Storage – provides different service types for securely storing your data. Networking – allows you to manage and scale public or private networks, providing all sorts of connectivity options. For any internal or external component Databases are always a critical component where you organize and store info (Oracle Databases, Open Source Databases). These are database services that are cost optimized as well as high performance and autonomous versions of Oracle Database.

Supply Chain Management provides planning and centralized management of the flow of goods and services (Supply Chain Planning, Inventory Management, Logistics and Blockchain). Human Capital Management includes services for human resources, which includes recruitment, workforce management, payroll and HR analytics services. Oracle Advertising and Customer Experience offers to help with managing and serving lasting customer relationships. Oracle Industry Cloud Solutions and purpose-built applications which will help you build, run, and grow a business from top to bottom. There are several services for construction and engineering, communications, healthcare and many more. There are also Independent software vendor and custom applications which can be deployed on top of OCI.

ARCHITECTURE

There are 3 main constructs of this physical architecture of OC,

**1. Regions

  1. Availability domains
  2. Fault domains** Regions represents a localized geographic area that is comprised of one or more availability domains which are essentially physical data centers located within that region. These availability domains are connected to each other by a low latency (delay occurred when data is transferred from 1 system to another), high bandwidth network. Within a region with low latency provides for much better performance for all sorts of different applications and services communicating with each other.

Fault domain is a grouping of hardware and infrastructure within each availability domain. All domains allow you to distribute your cloud resources such as compute instances to ensure that they are not all running on the same physical hardware within a single availability domain, helping to avoid any single point of failure. Choosing a Region Location : Closest to the majority of users for reasons such as lower latency and highest performance. Data Residency & Compliance : Many countries have very strict data residency requirements. So, you would select a region in that country if that was the case. OCI Service Availability : Some services are not offered everywhere. New cloud services are made available based on regional demand, regulatory compliance, resource availability and other factors. Availability Domain is one or more data centers located within a region. These availability domains are isolated from each other providing fault tolerance therefore unlikely to fail simultaneously. This is made possible because the physical infrastructure of the availability domain such as the power or cooling and the internal network, they are not shared with another availability domain. This means that failure in one availability domain does not impact resources running on other availability domains within that same region. Fault Domain is grouping of infrastructure and hardware within an availability domain. You control the placement of your infrastructure resources, such as virtual machines or cloud storage to specific fault domains as you're configuring the provisioning of those resources. The key purpose of using separate fault domains is to protect against any

A virtual machine (VM) is a logical server that runs on top of a physical bare metal server, which means there are multiple VMs that can be running within a single physical server. In this case those other virtual machines could be associated with another Oracle customer, but these VMs are highly secured. At the logical level they cant see or access each other. In fact as a cloud customer you don’t even know which physical server is hosting your VM. Virtual Machines are ideal for running many types of applications since most apps don’t require the performance and resources of an entire physical machine. In the Bare Metal machine you are provided a dedicated physical server for the highest performance. Use for workloads that are too CPU-intensive to run on a VM or for running third-party apps that require separate hardware, or you might have a requirement to run performance-intensive workloads. The dedicated VM host allowing you to run your VMs on a dedicated server as opposed to them running on a shared physical server. This compute type is actually a bare metal machine instance. The difference is that it is set up to only host your virtual machines

Compute shapes

A template that determines the resources (no. of CPUs, the amount of memory) allocated to an instance. Currently OCI allows to choose either AMD, Intel or Arm-based processor.

There are 2 types of shapes:

  1. Fixed Shapes – are a specific no. of CPUs in memory and cannot be customized and this applies to all bare metal physical instances. But VMs can also select a fixed shape as well.
  2. Flexible Shapes – allow you to customize the no. of CPUs and the amount of memory you need. This is only an option for VMs. Vertical Scaling – allows you the ability to scale up or scale down. Change the shape or size of the VM to something smaller or larger. Their will be a brief downtime for your VM since it will have to be stopped for resizing it. Than it can be restarted with the new no. of CPUs and memory size. Horizontal Scaling or Auto Scaling – automatically add more compute instances of the same shape or automatically reduce. A primary use-case for autoscaling is that it enables large-scale deployments of VMs allowing you to scale out or scale in automatically. This can be achieved in one of 2 ways:
  3. Metric-based autoscaling – choose a performance metric to be monitored along with setting a threshold for that metric. When the threshold is met, it triggers an autoscaling event to increase or decrease the no. of VMs.
  4. Scheduled-based autoscaling – define specific times of the day or perhaps certain days of the week to automatically increase or decrease the no.of compute instances. Placement – need to select the availability domain in which you want to place the instance. Image – the os that runs on top of the shape

File storage is usually used as a shared storage for multiple compute instances. It's ideal for applications that are running on containers or big data and analytics workloads. In contrast to block volumes where data is stored as blocks, in file storage, the data is managed as files. And there are several advanced capabilities that you can leverage when using the file storage service that makes it ideal for running microservices-based appl ications. The object storage service provides internet-scale, high performance storage, which is reliable, and it provides more cost-efficient data durability options. Object storage is most often used for storing unstructured data, such as image files or videos or log files. Data is managed as objects where these objects are stored in a construct called buckets. A bucket can be considered like a folder that's used to contain these objects, and it provides several advanced capabilities which makes this a reliable and durable storage platform. Object Versioning – maintain multiple versions of a particular object.

NETWORKING SRVICES

The core resource you can provision for network computing is called a Virtual Cloud Network (VCN). Instances such as VMs need to communicate with each other. They could also have requirements to access other resources or services available on the internet, or there could be users on the internet that may need to connect to and communicate with one or more of those compute instances. The VCN represents a traditional network, meaning it has all the features of a physical network. You can configure constructs, such as public subnets and private subnets. Think of these as a subdivision of the larger network, sometimes referred to as a subnetwork. The VCN itself is defined as a virtual private network that you can set up for secure communications between resources. It is a regional service, which means a VCN resides in a single OCI region. Fortunately, you can use a VCN across multiple availability domains that belong to that OCI region. This service is designed as highly available, and it is massively scalable. Most importantly, this is a highly secure network since it is designed to be private as its default. Essentially, no one can use or access it unless you explicitly define that specific allow rule. VCN will have a large pool of IP addresses. The IP address 10.0.0.0/16 is using a notation, in this case, 16, which defines over 65,000 IP addresses for the network. An IP address is simply a number that can be attached to a resource such as a compute instance to uniquely identify and locate it.

In this case, we need to add a dynamic routing gateway to the VCN. You'll need another OCI service in addition to the dynamic routing gateway in order to achieve this connectivity to a private on-premises network.

1. Site-to-Site VPN provides a private and secure communications tunnel. When you need to access your corporate office network from your home network you first connect to the corporate VPN, and then you would be able to access internal corporate websites. OCI site-to-site VPN is a similar VPN service.

  1. FastConnect is creating a dedicated private connection between your on- premises data center and OCI, and this provides higher bandwidth options and a more reliable and consistent network experience as compared to internet-based VPN connection. VCN Wizard – automatically create the VCN and some of its components. CIDR Block – range of private IP addresses

SECURITY SERVICES

OCI leverages a Shared Security Model which means that the overall security of your resources in OCI is a shared responsibility between you as the customer and Oracle. To better understand the Shared Security Model, let's contrast by first looking at an onpremises environment where the customer is running their own workloads in their own data center. The customer has full responsibility of managing the security of this entire physical and logical infrastructure stack, everything from the physical data center, the physical network, the servers, all the way up to the applications and the data.

Compare this now to a customer running their workloads on OCI. Oracle maintains responsibility for managing security of the underlying cloud infrastructure, such as the data center facilities, the hardware for the physical network, storage, and servers that run the virtualization software. The customer is responsible for securing workloads and the application stack along with securely configuring cloud resources, such as compute, storage, network, and databases. In this Shared Security Model, OCI provides many security services that you can easily leverage to protect your cloud applications and resources. Starting with the infrastructure protection layer , there are services, such as the web application firewall for securing any internet facing application server, which will filter malicious inbound web traffic. You can configure security lists or network security groups which essentially function as virtual firewalls in your VCN. Additionally, the network firewall service is a cloud native firewall that can control all types of traffic into your applications. The second layer of security services involve Identity and Access Management. By default, access to all cloud resources is completely restricted. No one can access them. But you can explicitly grant access to one or more resources using IAM policies. You can create user accounts and groups and set policies to allow them the most restrictive access to just the specific cloud resources they need. Multifactor authentication provides an additional level of security where user would need to log in using their password, then also provide an additional passcode that is dynamically generated by an authentication app.

DATABASE SERVICES

Oracle offers a range of database services in Oracle Cloud. In general, we can break them down by where the system is residing, whether it’s Oracle public cloud or is it the customer data center and who is managing the infrastructure and the database. The first offering that we have is the Base Database Service. It is built on standard compute and storage options, and it offers both Oracle Database Standard and Enterprise Edition. It's typically for workloads with smaller processing and storage requirements. Then we have Exadata Database Service on dedicated infrastructure in the public cloud and Exadata Cloud@Customer. They are both built on the Exadata platform and, as a result, offer the highest performance scale and availability. Now Exadata Cloud@Customer offers the same cloud economics and cloud automation as Exadata Database Services on dedicated infrastructure in Oracle public cloud but it's deployed in customer data centers. Then we have the Autonomous Database, which is fully autonomous and managed by Oracle and is available both in Oracle public cloud on OCI and in the customer's data center on Exadata Cloud@Customer. Now when you create an Autonomous Database, you can deploy it to one of two kinds of Exadata infrastructure, shared and dedicated. And then there are different workload types- Autonomous Transaction Processing , which is built for transactional workloads, and Autonomous Data Warehouse that is built for decision support and data warehouse workloads.

The deployment options- The first one is dedicated , where you have exclusive use of the Exadata hardware. Then we have shared where you can provision and manage only the Autonomous Database, while Oracle is going to handle Exadata infrastructure deployment and management. We also have two more workload types, which is JSON and APEX , which are supported only on shared infrastructure. Autonomous databases automatically backup your database for you. It provides automated patching, upgrades, and tuning, including performing all routine database maintenance tasks while the system is running and all this without any human intervention. MySQL HeatWave A fully managed database service that enables customers to run OLTP, OLAP, and machine learning workloads directly from their MySQL database. It's powered by the integrated HeatWave in-memory query accelerator, and it's the only Cloud native database service that combines transactions, analytics, a nd machine learning services into MySQL database and, in turn, delivering realtime secure analytics without the complexity latency and cost of ETL duplication and it also accelerates MySQL queries by 400 times.

Then we have the OCI DevOps service, a complete continuous integration and continuous delivery platform for developers to simplify and automate their software development lifecycle. And then we have the Resource Manager that lets you deploy infrastructure a scode with managed Terraform. And finally, the Developer Resources , which are tools for writing applications that leverage OCI directly.

OBSERVABILITY & MANAGEMENT SERVICES

The three foundational services- monitoring , logging , and events. To better understand these services, let's look at an example that involves the active monitoring of compute instance virtual machines. So, let's imagine that these three VMs are running one or more applications. And these servers would, of course, be consuming compute resources such as CPUs and memory. This resource utilization data is referred to as metrics. Next, we define some conditions, such as aggregating this data or measuring the latest CPU utilization for each VM. We can then create an alarm. And in this case, we define the criteria for the alarm to be triggered if the CPU utilization goes above 80% on any of these compute VMs. Finally, in this scenario, we configure a notification that sends an email to someone on the operations team when this condition occurs. This is a simple example workflow illustrating the importance of monitoring. Observability , by definition, is the ability to understand the internal state of a system by performing a deeper analysis of the collected data. There are four conceptual observability pillars of data. The first one is metrics , Simply raw data about some system or component, such as resource utilization, CPU use, or memory consumption or it could be data about the amount of storage that has been used.

The second pillar includes logs. These are usually created automatically and are used continuously by any system, such as a virtual machine or a network or even an application. It can be anything. These logs typically provide a timestamp and detailed information as to what is happening at that moment in time. For example, if an application is trying to connect to another application, this will be captured in the log. The third one is traces. Like logs, except they are not scoped to a single system or application. Instead, traces provide data about how separate components are operating and performing with one another. For example, if a user tries to connect to an application running in a VM, trace info would have details about the connection, such as how they connected and from which device the connection was made. The last one is events. Events are similar to both metrics and logs in that they produce data associated with a specific resource but indicate what specific action has occurred. For example, when a new compute VM is created, a VM Create Event is produced with all of the associated metadata about that event. Other examples include deleting a VM, creating or deleting an object storage bucket, or adding a dynamic routing gateway to a VCN. So then, there are several observability and management services that use these data pillars that can be used to analyze deeper as to what is really happening in the entire environment. The monitoring, logging, and event services are essentially the foundation of the Observability and Management platform. But OCI also provides other more advanced services. These include Logging Analytics , Application Performance Monitoring , Database Management Services , and Operations Insights. The OCI Monitoring service enables you to both actively and passively monitor cloud resources. Active monitoring involves the collection of raw metrics about a resource and then you can create alarms to trigger a notification, for example, if something is reported as a failure.