Oracle Cloud Infrastructure (OCI) is a cloud computing service with 16 active regions (11 commercial, 5 government) and 20 new regions (17 commercial, 3 government)
OCI has interconnections with Azure in Ashburn and London, with plans for other regions
OCI regions consist of multiple fault-decorrelated data centers called Availability Domains (ADs), with hardware and infrastructure within ADs called Fault Domains (FDs)
OCI plans to add at least one new region or AD in the next 12 months
OCI uses off-box network virtualization and custom silicon cards for all virtualization, including storage and network I/O
OCI offers a range of services including Identity and Access Management (IAM), networking, compute, storage, databases, serverless computing, analytics, security, and data movement
OCI differentiates itself with off-box network virtualization, bare metal and Local NVMe storage options, no over-subscription of network, memory, or CPU, and a range of database options including Exadata and RAC
OCI has competitive pricing and offers SLAs on performance, management, and availability, as well as bring-your-own-license (BYOL) options and universal cloud credits
IAM in OCI enables control over access to resources for different groups of users, using concepts like principals (users and groups), authentication, and authorization
IAM policies in OCI use a specific syntax to grant permissions for specific actions on resources, and can be attached to compartments (containers for resources) for organization and control
Compartments in OCI can have quotas set by administrators using policies, and can inherit policies from parent compartments
IAM tags in OCI allow for organization and control of resources using free-form or defined tags, which can be contained in tag namespaces with defined schemas and secured with policies
Virtual Cloud Network (VCN) is a private network in Oracle Cloud Infrastructure (OCI) with a firewall and communication gateway
VCN uses Classless Inter Domain Routing (CIDR) to specify a range of IP addresses for the network, and can use private IP addresses from the recommended ranges of RFC1918 (10.0.0.0/8, 172.16/12, 192.168/16)
VCN can have a range of sizes from /16 to /30 and reserves the first 2 and last 1 IP addresses in each subnet’s CIDR
VCN consists of regional subnets that span across Availability Domains (ADs) in multi-AD regions, and can be private or public
Virtual Network Interface Card (VNIC) allows compute instances to connect to the VCN, and instances can have one primary and multiple secondary private IP addresses
Public IP addresses are reachable from the internet and can be assigned to a private IP, with options for ephemeral or reserved IPs and a maximum of 32 reserved IPs per VNIC
Routing tables (RTs) in VCN contain rules for how IP packets can be sent to different destinations outside the VCN, and are updated when a gateway is added to the VCN
Internet Gateway (IGW) provides a path for network traffic between the VCN and the internet, and requires a rule in the VCN RT with destination 0.0.0.0/0
Network Address Translation (NAT) Gateway allows the private network access to the internet without assigning each host a public IP, and is useful for updates and patches
Service Gateway allows resources in the VCN to access OCI public services such as Object Storage without using IGW or NAT Gateway, and traffic is routed over the OCI network fabric
Dynamic Routing Gateway (DRG) provides a path for private traffic between the VCN and destinations other than the internet, and can be connected to the VCN using IPsec VPN or FastConnect
SSH proxy can be used to connect to instances in private subnets from a bastion host using the ProxyCommand flag in the ssh command.
VPN Connect is a managed service that securely connects on-premise networks to Oracle Cloud Infrastructure (OCI) Virtual Cloud Networks (VCN) using the industry-standard IPSec protocol
FastConnect is a private, dedicated connection with higher bandwidth options that provides a more reliable and consistent networking experience compared to internet-based connections
FastConnect can be used to extend a remote data center into OCI or to connect to public resources, and uses the BGP protocol
Load balancers sit between clients and backend servers and can perform tasks such as service discovery, health checks, and load balancing algorithms to provide high availability, scalability, and naming abstraction
Oracle Cloud Infrastructure’s Load Balancing Service provides options for public and private load balancers and supports protocols such as TCP, HTTP/1.0, HTTP/1.1, HTTP/2, and WebSocket, as well as features such as SSL termination, end-to-end SSL, and SSL tunneling
Load balancers can be used in conjunction with subnets to provide access to resources in different VCN regions or to isolate traffic to specific resources
Load balancers can also be used with Oracle Cloud Infrastructure’s Content Delivery Network (CDN) service to cache and deliver content from a globally distributed network of cache servers to reduce the load on origin servers and improve performance for users.
Virtual Cloud Network (VCN) is a private network in Oracle Cloud Infrastructure (OCI) data center that includes a firewall and communication gateway. It covers a single IPv4 Classless Inter Domain Routing (CIDR) and resides in a single region.
VCN allows Private IP addresses and Public IP addresses to be assigned to instances. Private IP addresses are assigned to VNICs and are not reachable from the internet. Public IP addresses are reachable from the internet and can be assigned to a private IP or to a resource directly. There are two types of Public IP addresses: Ephemeral and Reserved.
VCN routing and gateways include Internet Gateway (IGW), NAT Gateway, Service Gateway, and DRG (Dynamic Routing Gateway). IGW provides a path for network traffic between VCN and the internet, NAT Gateway allows the private network access to the internet without assigning each host a public IP, Service Gateway allows VCN resources to access public OCI services without using IGW or NAT Gateway, and DRG provides a path for private traffic between VCN and a destination other than the internet.
Connectivity options for on-premise networks include VPN Connect and FastConnect. VPN Connect uses IPSec to secure a connection between on-premise and OCI VCN, while FastConnect provides a dedicated, private connection with higher bandwidth options and a more reliable and consistent networking experience.
Load Balancer (LB) is a service that distributes incoming traffic across multiple instances or resources to improve the availability and performance of applications. OCI offers both Public and Private LB options, with support for various protocols and advanced features such as SSL termination, end-to-end SSL, SSL tunneling, and session persistence.
File Storage Service (FSS) is a regional service that provides high performance, scalable file storage with full POSIX semantics and data protection through snapshots. It supports NFS v3 and can be accessed from OCI instances or on-premise through FastConnect or VPN.
Object Storage is a high performance, internet scale storage platform for storing unlimited unstructured data. It has two storage tiers: Standard (HOT) for fast, immediate, frequent access and Archive (COLD) for rarely accessed data. Object Storage supports advanced features such as cross-region copy, pre-authenticated requests, lifecycle management, and multipart upload.