Introduction to Oracle Cloud Infrastructure Services
0 likes2,732 views
Knoldus is a technology consulting firm that delivers solutions using Reactive Products, IoT, Microservices, API, Data Science, Data Engineering and DevOps. Oracle Cloud Infrastructure (OCI) provides compute, storage and networking capabilities in a highly available hosted environment. OCI's Free Tier offers $300 in cloud credits valid for 30 days to spend on eligible services. OCI accounts have Always Free resources like VMs and databases that can be used for small applications without charges. OCI provides regions, availability domains and fault domains for high availability and scalability across isolated data centers.
Introduction to Oracle Cloud Infrastructure Services
- 1. Presented By: Rahul Miglani OCI Introduction
- 2. Knoldus is a team of passionate technologists with a product mindset who work along with businesses to deliver solutions at the speed of competitive advantage. Our main capabilities are around Reactive Products, IoT, Microservices & API, Data Science, Data Engineering and DevOps. We also have our strategic partnerships with Databricks, Lightbend, Confluent, Snowflake and many more, to deliver more value to clients.
- 3. Our Agenda Oracle Cloud Infrastructure Logging 01 OCI Overview 02 How Free Tier works 03 OCI benefits 04 OCI Services 05 OCI Console Demo
- 4. Overview Oracle Cloud Infrastructure is a set of complementary cloud services that enable you to build and run a wide range of applications and services in a highly available hosted environment. Oracle Cloud Infrastructure (OCI) offers high-performance compute capabilities (as physical hardware instances) and storage capacity in a flexible overlay virtual network that is securely accessible from your on-premises network. The Free Trial provides you with $300 of cloud credits that are valid for up to 30 days. You may spend these credits on any eligible Oracle Cloud Infrastructure service.
- 5. Always Free Resources All Oracle Cloud Infrastructure accounts (whether free or paid) have a set of resources that are free of charge for the life of the account. These resources display the Always Free label in the Console (for Ampere A1 Compute shapes, see Compute). Using the Always Free resources, you can provision a virtual machine (VM) instance, an Oracle Autonomous Database, and the networking, load balancing, and storage resources needed to support the applications that you want to build. With these resources, you can do things like run small-scale applications or perform proof-of-concept testing.
- 6. OCI Basics OCI Regions A collection of availability domains located in a single geographic location. Availability Domains One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains one or more availability domains. Fault Domains A logical grouping of hardware and infrastructure within an availability domain. Fault domains isolate resources during hardware failure or unexpected software changes. Compartments A collection of related resources that can be accessed only by groups that have been given permission by an administrator in your organization. DevOps is a continuous integration/continuous delivery (CI/CD) service that automates the delivery and deployment of software to Oracle Cloud Infrastructure (OCI) compute platforms.
- 7. OCI Architecture REGION AD FD Within the region we have this concept of Availability Domain, these are also referred to as ADs. ADs are completely isolated data centers located within a region, but connected to each other by low latency, high bandwidth network. Within an AD, we have the Fault Domains, also known as FDs. FDs act as a logical data center within an Availability Domain. Image Courtesy : ORACLE
- 8. OCI Architecture REGION AD FD Application running on multiple Fault Domains are protected against hardware failures. Applications running across multiple Availability Domains are protected against physical data center outages, and applications running across regions are protected against regional failures. Running applications in multiple Fault Domains, Availability Domains, and regions can also provide load balancing capabilities for better performance and scalability on top of high availability. Image Courtesy : ORACLE
- 9. Multi AD Architecture Image Courtesy : ORACLE Availability Domains don't share any physical infrastructure, such as power and cooling, and they don't share an internal network.If anyone becomes unavailable for any reason, let's say because of a natural disaster or power failure, your Availability Domain 2 and Availability Domain 3 are still operational, and applications on Availability Domain 2 and Availability Domain 3 are still up and running and serving our end users. So multiple Availability Domains inside the regions are providing high availability for applications, and protecting them against what we call site failures. If one site goes down, the other sites are still up and running. Image Courtesy : ORACLE
- 10. Multi AD-Multi FD Architecture Image Courtesy : ORACLE In this example, we have a region with three Availability Domains, and within each Availability Domain, there are three Fault Domains, Fault Domain 1, Fault Domain 2, and Fault Domain 3. If one Fault Domain is not available for any reason, the other Fault Domains are still up and running. In a nutshell, Fault Domains are protecting our applications against software and hardware failure. As a best practice, always design your architecture to deploy instances that perform the same tasks in different Fault Domains in one AD, and different Availability Domains in a region. Image Courtesy : ORACLE
- 11. Compartments Resources and compartments can be added and deleted any time by following a proper procedure. Resources can be moved from one compartment to another, so it is a very flexible design. You may decide that resources need to be moved, because your company made an acquisition, or maybe there's a re-org. Compartments are logical, so resources from multiple regions can be in the same compartment. We can have subcompartments within compartments, and this nesting can be six levels deep. Now here is the most important key point, when the administrator writes a policy for identity and access management, the policy is always written for a group, and it is always attached to a compartment or a subcompartment. Image Courtesy : ORACLE
- 12. OCI Compute Services ● CODE ● APP CONTAINER ● LANGUAGE RUNTIME ● OS ● VIRTUALIZATION ● CODE ● APP CONTAINER ● LANGUAGE RUNTIME ● OS ● CODE ● APP CONTAINER ● LANGUAGE RUNTIME ● OS ● CODE ● APP CONTAINER ● CODE Image Courtesy : ORACLE
- 13. OCI Storage Services Block volumes are used when we have to deploy storage area network or SAN modee. Local NVMe can be used for OLTP, NoSQL, and data warehousing type workloads. Block volumes can be used for database, VM system, boot, and data storage requirements. File storage can be used for general purpose file system for EBS and HPC workloads. Object Storage can be used for unstructured data, including logs, images, and videos. Archive Object Storage can be used for backups and long term archival needs for compliance requirements. Image Courtesy : ORACLE
- 14. OCI Networking VCN Oracle VCN is a software defined private network in OCI. It enables OCI resources, such as compute instances, to securely communicate with internet and other instances inside OCI or your on-premise data centers. Just like a traditional data center network, the VCN provides you with complete control over your network environment. VCN is highly available, scalable, and secure. Customers define VCNs according to specific workload IP address requirements. You can divide a VCN into smaller ranges using private or public subnets. Each VCN can provide different type of connectivity using gateways. Let's look at various gateways options. Image Courtesy : ORACLE
- 15. OCI Networking Gateways ● Internet Gateway ● NAT Gateway ● DRG - Dynamic Routing Gateway -IPSec VPN , FastConnect ● Service Gateway ● Local VCN peering ● Remote VCN peering Image Courtesy : ORACLE
- 16. OCI Load Balancer OCI load balancing service provides an automatic traffic distribution from one entry point into multiple backend servers in your VCN. This helps to load balance large amount of traffic, which could overwhelm a single server. It gives a mechanism to scale out application tier by adding more servers, and also provides the application high availability, so even if one availability domain has an issue, you can still be up and running with other availability domains.
- 17. OCI IAM We have root compartment. Then we have organized our resources into network compartment and storage compartment. We have also created network admin group, and for network admins, we can write policies to network resources in network compartment. For storage admins, we can write policy for storage resources in storage compartment. This way, users in each group can only work and administer resources that they are authorized for. Image Courtesy : ORACLE
- 18. OCI Authentication Let's look at various options for authentication. Oracle Access Management seamlessly integrates your identities and systems to secure access from anywhere at any time and by any method by delivering risk aware end to end user authentication and single sign on. OCI provides users and applications many ways to authenticate themselves. Username and password is pretty common. OCI also support API signing keys in conjunction SDK and CLI. Or tokens are Oracle generated tokens strings to authenticate with third party APIs that do not support OCI signature based authentication. One example would be autonomous data warehousing database.
- 19. OCI Policy There are four verbs starting with Inspect; then Read, which is superset of Inspect; then Use, which is superset of Read; and finally, Manage, which is all permissions. Resource types or all resources, database family, instance family, object family, VCN, volume, cluster, file, and DNS Image Courtesy : ORACLE
- 21. Thank You ! Get in touch with us: Lorem Studio, Lord Building D4456, LA, USA