Oracle Cloud Infrastructure (OCI) Tutorial for Beginners

 Oracle Cloud Infrastructure (OCI) Tutorial for Beginners

Presentation by:

www.EasyReliable.COM

Phone:  +080-41156843/+91 9606734482

Email:  easyreliable@gmail.com/support@easyreliable.com

Website: http://www.easyreliable.com

 

l  Cloud Over Overview

l  Oracle Cloud Over Overview

l  OCI Key Concepts and Terminology

l  Identify and Access Management

l  Networking - VCN, FastConnect, Load Balancer

l  Storage Services(Local NVMe,Block,Object Storage etc)

l  Oracle Database on OCI

l  Autonomous Database

Cloud Overview

Three primary models of cloud computing typically implemented as services are Infrastructure, Platform, and Software as a Service—or IaaS, PaaS and SaaS.

•   IaaS   A collection of servers, storage, and network infrastructure onto which you deploy your platform and software. This is most akin to provisioning your own hardware in an on-premises data center. Teams of hardware engineers, storage specialists, network specialists, system administrators, and database administrators are usually involved in installing and configuring on-premises infrastructure. With IaaS, no hardware engineers or storage specialists are required. A good cloud architect (like you) is all that is required to design and provision this infrastructure. The cloud vendor provides the hardware engineers and storage specialists.

•   PaaS   A collection of one or more preconfigured infrastructure instances usually provided with an operating system, database, or development platform onto which you can deploy your software. The primary benefit of PaaS is convenience as the cloud vendor provides and supports the underlying infrastructure and platform. A subset of PaaS is Database as a Service (DBaaS).

 SaaS   Applications are deployed on a cloud and all you do is access them through your browser. These could range from webmail to complex ERP and BI Analytic systems.

Oracle Cloud encompasses the Oracle Public Cloud, which represents a collection of infrastructure, platforms, and applications exposed as services on cloud.oracle.com. 

 

Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers. The company allows these services to be provisioned on demand over the Internet.

Oracle Cloud provides Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Data as a Service (DaaS). These services are used to build, deploy, integrate, and extend applications in the cloud. This platform supports numerous open standards (SQL, HTML5, REST, etc.), open-source applications (Kubernetes, Hadoop, Kafka, etc.), and a variety of programming languages, databases, tools, and frameworks including Oracle-specific, Open Source, and third-party software and systems

 

 Regions and Availability Domains

Oracle Cloud Infrastructure is physically hosted in regions and availability domains. A region is a localized geographic area, and an availability domain is one or more data centers located within a region . A region is composed of one or more availability domains.

Oracle Cloud Infrastructure resources are either region-specific, such as a virtual cloud network, or availability domain-specific, such as a compute instance.

 Availability domains are isolated from each other, fault tolerant, and very unlikely to fail simultaneously or be impacted by the failure of another availability domain.

 When you configure your cloud services, use multiple availability domains to ensure high availability and to protect against resource failure.

Be aware that some resources must be created within the same availability domain, such as an instance and the storage volume attached to it

  

Currently Oracle operate in 16 region .This include 11 commercial region and 5 government region. These region is inter connected with azure as well

OCI Key Concepts and Terminology

 

• A tenancy is synonymous with your cloud account and comprises a hierarchy of compartments with the root compartment at the top. There can be many compartments, and as of this writing, compartments may have child compartments nested six levels deep. The below Figure lists the root compartment (RC) along with three nested or child compartments (subcompartments) named Lab, Managed Services, and Managed Compartment ForPaaS

•       Compartments :Compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources (such as instances, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator. A compartment should be thought of as a logical group and not a physical container. When you begin working with resources in the Console, the compartment acts as a filter for what you are viewing. When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources. You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment. When you create a cloud resource such as an instance, block volume, or cloud network, you must specify to which compartment you want the resource to belong. Ultimately, the goal is to ensure that each person has access to only the resources they need.

•       Users :An OCI user is an individual or system that requires access to OCI resources. There are three types of users:

1.        Local users

2.        Federated users

3.       Provisioned (or synchronized) users

 

•       Local users are created and managed in OCI’s IAM service. Local users can only access OCI services. For example, user Jason is created using OCI’s IAM service by navigating to Identity | Users and selecting Create User. After providing a name and description and choosing Create, a new local user is created. This user has a local password and, by default, is capable of logging in to the OCI console. When the tenancy is provisioned, the administrator receives a customized URL for your cloud account and a base URL, as in these examples:When you connect to the console using either of these URLs (explicitly specifying the tenancy when using the latter URL), you will be challenged for an OCI username and password. Once these credentials are provided, you sign in to the console with your local user.

•       Federated users are created and managed in an identity provider outside of OCI’s IAM service such as Microsoft Active Directory or Oracle Identity Cloud Service (IDCS). The identity provider discussed from here on will be IDCS, but the principles discussed next apply to other identity providers as well.

 

 

 •       Provisioned users are automatically created in OCI’s IAM service based on federated users in an identity provider. A provisioned user does not exist without a corresponding federated user. If your tenancy has been federated to another identity provider and you attempt to access the OCI console using the preceding URLs, you will be prompted to either use a single sign-on (SSO) credential or to specify your local username and password. Provisioned users allow federated users to sign in to the OCI console using a password managed by their identity provider

•       Groups :OCI users are organized into groups. A user may belong to many groups. When your OCI account is created, a default Administrators group is created. The Administrators group initially has a single member—the user that was created when the tenancy was provisioned. As an administrator, you may create additional administrator users and add them to this group or create other groups for duty separation. The administrator users have complete control over all resources in the tenancy so access to this group should be tightly regulated. It is good practice to set up groups for teams of users who perform similar work.

•       Policies :Policies that determines how groups of users interact with OCI resources that are grouped into compartments. You may want the HR application administrators to manage all resources in a compartment dedicated to the HR department: Allow group HR Admins to manage all-resources in compartment HR.This policy statement expressed in simple language is all that is required to authorize the users that belong to the HR Admins group to manage all resources in the HR compartment. The manage verb is the most powerful and includes all permissions for the resource. The policy statements are submitted as free-form text. As of this writing, there is no tool provided to assist with constructing these policy statements.

•       Virtual Cloud Network (VCN) :A virtual cloud network is a virtual version of a traditional network—including subnets, route tables, and gateways—on which your instances run. A cloud network resides within a single region but includes all the region's availability domains. Each subnet you define in the cloud network can either be in a single availability domain or span all the availability domains in the region (recommended). You need to set up at least one cloud network before you can launch instances. You can configure the cloud network with an optional internet gateway to handle public traffic, and an optional IPSec VPN connection or FastConnect to securely extend your on-premises network.

•       A Load Balancer (LB) is a network device you may provision that receives incoming traffic on an IP address and routes the traffic to one or more underlying instances. The OCI LB service is a regional service that distributes traffic to instances either within the same availability domain or across multiple availability domains.

•       The protocol and ports being serviced by an LB are specified in an entity called the Listener. When creating an LB, you specify the VCN in which incoming traffic is accepted as well as whether it will be a private or public LB. You also choose the shape of the LB, which limits the speed at which network traffic is routed. LBs are commonly used to support high availability and scaling out of web servers.

•        LBs distribute traffic to backend servers based on a set of policies known as    a backend set. Routing algorithms, including Weighted Round-Robin, IP Hash, and Least Connections, are specified when creating the backend set.

 

•       FastConnect : which provides a dedicated, high-speed, private connection between OCI and your existing on-premises infrastructure. FastConnect requires that you must be either collocated with Oracle in a FastConnect location or that you connect through a third-party FastConnect provider that is already connected to Oracle

•       Compute :When you provision a compute instance, you can choose a virtual machine (VM) or a bare-metal (BM) server. Bare-metal servers provide your instance with exclusive use of the hardware. Not sharing hardware with other instances comes at a cost and bare-metal instances are more expensive that similarly sized virtual machines. BM servers are only available with a much higher CPU and memory footprint than entry-level VMs.

•       Instance :An instance is a compute host running in the cloud. An Oracle Cloud Infrastructure compute instance allows you to utilize hosted physical hardware, as opposed to the traditional software-based virtual machines, ensuring a high level of security and performance.

 

•       Path Route Sets specify a set of rules to route requests to different backend sets but this is optional and is only used if this level of sophistication is necessary. Finally, backend sets reference one or more hostnames, which are the target compute instances, which may be running a web server.

•       Domain Name Service :OCI also provides a Domain Name Service (DNS) that lets you create and manage DNS zones, add records to zones, and allow the VCN to resolve DNS queries from your on-premises domain and vice versa. One of the primary services DNS provides is hostname resolution. For example, it is DNS that allows you to connect to http://cloud.oracle.com instead of http://23.9.97.203. This abstraction provides network resiliency to underlying network changes.

•       Dynamic Routing Gateway and FastConnect :Connecting your existing on-premises infrastructure with your OCI VCN is a common step in the journey to OCI. This connectivity is enabled from OCI using a Dynamic Routing Gateway (DRG) that connects to an on-premises router created in OCI as Customer Premises Equipment (CPE). Your on-premises network is then bridged to your VCN using an encrypted IPSec VPN tunnel.

•       Resources :Typical on-premises IT infrastructure resources include servers, SANs, and network infrastructure. OCI infrastructure resources have a parallel definition and refer to artifacts, including compute instances, block storage volumes, object storage buckets, file system storage, virtual cloud networks (VCNs), load balancers, and Dynamic Routing Gateways.

•       OCI resources are categorized by resource-types. An individual resource-type is the most granular and includes vcn, subnet, instance, and volume resources. Individual resource-types are grouped into family resource-types such as virtual-network-family, instance-family, and volume-family. Resource-types may also be referenced as an aggregation of all resources at both compartment and tenancy levels as all-resources. These resource-types are important for defining resource management policies.

•       Bare Metal Host : Oracle Cloud Infrastructure provides you control of the physical host (“bare metal”) machine. Bare metal compute instances run directly on bare metal servers without a hypervisor. When you provision a bare metal compute instance, you maintain sole control of the physical CPU, memory, and network interface card (NIC).You can configure and utilize the full capabilities of each physical machine  as if it were hardware running in your own data center. You do not share the physical machine with any other tenants.

 

•        Shape: In Compute, the shape specifies the number of CPUs and amount of memory allocated to the instance. Oracle Cloud Infrastructure offers shapes to fit various computing requirements.. In Load Balancing, the shape determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include 100 Mbps, 400 Mbps, and 8000 Mbps

.

•       Key Pair :A key pair is an authentication mechanism used by Oracle Cloud Infrastructure. A key pair consists of a private key file and a public key file. You upload your public key to Oracle Cloud Infrastructure. You keep the private key securely on your computer. The private key is private to you, like a password. Key pairs can be generated according to different specifications. Oracle Cloud Infrastructure uses two types of key pairs for specific purposes:

•       Instance SSH Key pair: This key pair is used to establish secure shell (SSH) connection to an instance. When you provision an instance, you provide the public key, which is saved to the instance's authorized key file. To log on to the instance, you provide your private key, which is verified with the public key.

•       API signing key pair: This key pair is in PEM format and is used to authenticate you when submitting API requests. Only users who will be accessing Oracle Cloud Infrastructure via the API need this key pair.

•       Image :The image is a template of a virtual hard drive that defines the operating system and other software for an instance, for example, Oracle Linux. When you launch an instance, you can define its characteristics by choosing its image. Oracle provides a set of images you can use. You can also save an image from an instance that you have already configured to use as a template to launch more instances with the same software and customizations.

•       Storage :Once your compute instance is provisioned, it will have a boot volume and usually no other storage. Four storage types are available on OCI:

•        Block volumes

•       Object storage

•       Archive storage

•        File storage

.

Managing Tags and Tag Namespaces :Tagging is a service available to all OCI tenants by default. Tagging in not an IAM concept but is being discussed here to encourage the best practice of tagging your resources in a planful manner. As your OCI estate expands, resource sprawl is inevitable and tagging from the beginning is a great way to remain organized and in control of your OCI resources.

A tag is simply a key-value pair that you associate with a resource. There are two types of tagging: free-form and defined tags.

1) Free-Form Tags

Free-form tags are limited and offer a pretty basic form of tagging. You can apply as many tags as you want to a resource, but there is a 5-kilobyte JSON limitation on all applied tags and their values per resource.

2) Defined Tags

Defined or schema tagging is the recommended enterprise-grade mechanism for organizing, reporting, filtering, managing, and performing bulk actions on your OCI resources.

Defined tags rely on a tenant-wide unique namespace that consists of tag keys and tag values. The tag namespace serves as a container for use with IAM policies.

Networking - VCN, FastConnect, Load Balancer

 

CIDR : The dominant version of network addressing is Internet Protocol version 4 (IPv4). There is a growing prevalence of IPv6 addressing, but the de facto standard remains IPv4 addressing. In the early days of the Internet (1981–93), the 32-bit IPv4 address space was divided into address classes based on the leading four address bits and became known as classful addressing.

The class A address space accommodated 128 networks with over 16 million addresses per network while the class B address space accommodated 16,384 networks with 65,536 addresses per network;

finally, the class C address space accommodated over 2 million networks with 256 addresses per network.

 Class A network blocks are too large and class C network blocks are too small for most organizations so many class B network blocks were allocated although they were still too large in most cases. Classful addressing was wasteful and accelerated the consumption of available IP addresses. To buy time before the IP exhaustion problem manifests, a new scheme known as Classless Inter-Domain Routing (CIDR) was introduced in 1993.

 

CIDR notation is based on an IPv4 or IPv6 network or routing prefix separated by a slash from a number indicating the prefix length. OCI networking uses IPv4 addressing so the address length is 32 bits.

Consider the block of IPv4 addresses specified with the following CIDR notation: 192.168.0.1/30.

CIDR notation may be divided into two components, a network identifier and a host address space. The network identifier is represented by the number of bits specified by the network prefix. The second part is the remaining bits that represent the available IP address space. The routing or network prefix is 30, which means that 30 of the 32 bits in this address space are used to uniquely identify the network while 2 bits are available for host addresses.

In binary, 2 bits let you represent 00, 01, 10 and 11. Therefore, four addresses are available in the host address space.

CIDR notation allows you to calculate the IP address range, the netmask, and the total number of addresses available for host addresses. The netmask, also known as a subnet mask, may be derived from the CIDR notation as follows:

1.   Convert the IP address part to binary notation, with 8-bit parts (octets).

2.   Take the leading bits from 1 to the network prefix and convert these bits to ones.

3.   Convert the remaining bits to zeroes.

4.   Convert the resultant binary string to decimal format.