Oracle Cloud Infrastructure Foundation
There is a free course available in Oraclye university mylearn.oracle.com for OCI Foundation exam. I heard certification is also free of cost. So I am attending this online course and making notes here.
Core Infrastructure contains.
- OS, Vmware
Data & AI
Government & Administration
Region is localized.
- Choosing a region closer to your user for lowest latency and highest performance.
- Many countries have strict data residency requirements.
- Service Availability
- New cloud services are available only in certain regions.
- Region comprises of availability domains.
- Isolated from each other.
- Fault tolerant
- Unlikely to fail simultaneously.
- They don’t share same power, so failing one availability domain unlikely will affect others.
- Particular region has many (3) availability domains.
- Each availability domain has 3 fault domains.
- Fault Domains are logical separation.
- Resources placed in FDs will not share single point of hardware failure. They will have different hardware stack, different power supplies.
- Avoid single point of failure.
OCI Distributed Cloud
Hybrid Cloud Services
- Dedicated Region Cloud@Customer
- Data residency to meet data compliance requirements.
- Latency sensitive application
- Go at customer place and install oracle cloud racks at customer place.
- OCI Azure Interconnect
- private interconnect
- latency is less than 2ms.
- Running database on oracle and application tier on azure.
- Oracle database service for Azure
- Oracle Cloud VMWare Solution
- Autonomous DB on Exadata
IAM stands for Identity and Access Management Service
- Authentication – Who are you?
- Authorization – What are you allowed to access.
Keywords in OCI IAM
Identity Domains -> Contains Users and Groups
- Create Identity Domains
- Create Users and Groups
- Create Policies
- Policies are assigned to tenancy or compartments.
- Policies – you can add predefined roles.
- Policies can be attached to tenancy or compartments.
- Policies are defined using simple English phrases.
- Polices are define at a group level and not at user level.
- Manage – all permission.
- Use – read.
- Inspect – ability to list resources.
- Read – inspect +??
- Authentication in OCI can be done using 3 ways.
How to identify OCI resource -> it has Unique oracle assigned identifier -> also called as Oracle Cloud ID (OCID)
What is “Principals”
What is Compartment -> When you open an account you get tenancy/root compartment.
- In order to isolate your resources, you can create your own compartments in “root compartment”. So, you can create a compartment for network resources etc.
- Each resource belongs to a single compartment.
- Block storage can be in compartment A. Then you can define groups and policies that have to access only to resources belong to compartment A.
- Resources in compartment A can interact with resources in compartment B.
- Resources can be moved from one compartment to another.
- Compartments are global constructs, resources from multiple regions can be in same compartment.
- Compartments can also be nested, it has max 6 levels of nesting.
- You can also set quotas and budget on compartments. Qutoas meaning lets say you cannot create a block storage in networking compartment.