My keynote presentation on #OUGF2018 about Oracle Cloud Infrastructure.
Overview of Oracle Cloud Infrastructure (OCI) services and how you can deploy them using either console, oci-cli or terraform.
5. BUILDING BLOCKS FOR OCI
IDENTITY & ACCESS
MANAGEMENT
VIRTUAL MACHINE
VIRTUAL CLOUD
NETWORK
BARE METAL
LOAD BALANCER OBJECT STORAGE
DATABASE BLOCK STORAGE
AUDIT FILE STORAGE
EMAIL CONTAINERS
DATA TRANSFER DNS
6. Each and every resource
in OCI has always an
OCID
User: ocid1.user.oc1..aaaaaaaa43unp7xlqstas6ugiyjdltw3fe2uilskcs3medspgbeuu6patgia
Tenancy: ocid1.tenancy.oc1..aaaaaaaazw33gsdom5s1mk3yj4u5hoeohgym6gd6oygpp2zvauwwx74olktq
7. To build an infrastructure we will
need to create resources in your
TENANCY
8. PICK A REGION
FOR YOUR
INFRASTRUCTURE
Phoenix - PHX
Ashburn - IAD
London - LHR
Frankfurt - FRA
Each region has multiple Availability Domains
Enables you to build HA configurations easily!
10. Create users, groups and
compartments using IAM service
My favourite service with OCI - easy to
control everything under one account
with compartments
IAM is a global service
Users belong to groups
11. Policies
Policies grant users access to specific
resources in compartments by
ALLOW
Policy is one of inspect, read, use or
manage
Some policies are granted to tenancy
Resource types are individual or family
Allow group <group name> to <verb> <resource-type> in compartment <compartment name>
13. ResourceResource #1#1 #2#2 #3#3
Subnets One subnet - One AD Private or Public
Three IP's per subnet
reserved by Oracle
Gateways /
Connections
Internet, Dynamic, Local Fast Connect vs IpSec VPN VCN peering
Route Tables
Route subnet traffic to IGW,
DRG, LRG, NAT GW etc.
No route required for
subnets under same VCN
Overlapping case most
specific rule used
Security Lists
Assigned to subnet but
managed on instance level
Stateful or stateless
Changes are applied always
immediately
VNIC
One primary private IPV4
address (32 total) / subnet
Optional public IPV4
address for each private
IPV4
Disable Source/destination
check for NAT GW
IP Address &
DNS
Public or Private
Ephemeral or reserved
public IP
DNS VCN & Internet
Resolver or custom
VCN RESOURCES
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
14. Your basic VCN could look like this
Compartment
VCN 10.0.0.0/16
PublicSubnet 10.0.0.0/24 PrivateSubnet 10.0.2.0/24
AD1 AD2
PublicSubnet 10.0.1.0/24
AD1
16. COMPUTE
Shutdown instances when you
don't need them
Resilient hardware but design
for failure
Optimize
Use pre-build Linux or Windows
images to standardize your
operations
Bring your own images to
match existing On-Premise
standards
Standardize
Pick from wide range of shapes ,
new X7 based 2.X shapes
available
Scale up/down when needed
Oracle manages physical
security layer
Default access to instances via
SSH keypairs
Access to services through
instance principals
Utilize KSplice without additional
cost
SecurityPerformance
17. Choose between BareMetal and Virtual Machine
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Great for
isolated
workloads
Either local
(NVMe) or
block storage
Performance
Standard,
DenseIO,
GPU shapes
Runs on
same
hardware as
BM but
shared
Attach block
storage
Standard,
DenseIO
shapes
19. Choose between
BM, VM or Exadata
for your DB
Options: SE, EE, EE
- High perf, EE -
Extreme perf
Bring your own
license (BYOL) or
license included
11.2, 12.1, 12.2, 18.1
(no Exa)
All standard database
features exist and can be
used! (RAC included)
Licensing "benefits"
Requires public subnet
for backups to object
storage
All user created
tablespaces encrypted by
default TDE
21. Block Object File
Attach block volume to
compute instance (iSCSI
or PV)
Two types: Block & Boot
Volumes accessed by
instances on the same
AD
Boot volumes can be
preserved during
termination
Size between 50GB and
16TB
Encrypted at rest
Backup & Restore &
Store any type of objects
Either Object or Archive
Consists of an object,
bucket, namespace &
compartment
Strong consistency,
across multiple ADs
Use pre-authenticated
request to give access
Archive storage for
seldom accessed data -
minimum retention 90
days
4 hours for TTFB
Network file system
Use for any application
requiring NFS / shared
file system (eBS)
Service runs on each AD
and is replicated within
AD
Filesystem mount can be
shared within a region
22. Additional network related services
DNS LOAD BALANCING
Create and manage your own
DNS zones
Supports variety of different
record types (A, AAAA, ALIAS
etc.)
Public (two subnets) or Private
(one subnet)
No primary LB , floating IP
Consists of listener, backend set,
backend servers and a policy for
load balancing and health
Remember to modify security
lists to allow traffic
23. Additional services
EMAIL AUDIT
Send emails :)
Set up an approved sender to
deliver high volume emails
to recepients
Manage email service also
through policies
Supported by all services &
all calls on API endpoints
logged
By default events are logged
for 90 days
Can be extended to 365 days
but no archive possibility
25. Every EBS needs a database! Pick VM,
BM or Exadata
1. Database
Private LB on one AD to distribute
traffic to web/forms nodes.
5. Load Balancer
Use for backups
6. Object Storage
Mount targets for shared FS and create
rules to allow traffic to all nodes
4. File Storage
Three instances. Two for web/forms
and one for CM server.
2. Compute
Provision required volumes for
each compute
3. Block Storage
29. TERRAFORM
Orchestration tool
to take benefit of
Infrastructure as
Code
Saves state of your
resources
Providers for OCI,
AWS, Azure etc.
Pre-build modules
are great!
30. Terraform is
quite simple to
master.
Define variables
and call
resources to
create/modify/
delete
resources
32. OCI has potential
to become
premier cloud
pick for enterprise
applications but
more integreated
services are
needed
33. OCI Kubernetes
Released few weeks ago
Container engine service
Create and manage
Kubernetes clusters
Pull docker images from OCI
registry service
Step in the
right direction!
34. OCI Summary
Deploy resilient infrastructure
Deploy high availability infrastructure
as code
Leverage cloud options
Integrated cloud services
Modernize your enterprise applications by
saving costs, optimizing performance
Good basis exists but overall
improvements required to integrate OCI
with other cloud resources