An overview of Oracle Cloud Infrastructure and its components.
In my journey of preparing and clearing the OCI Foundations Associate 2020 Certification, I learnt lot of interesting concepts about OCI and cloud terminologies in general. I thought of putting this together as a summary of the key concepts of Oracle Cloud Infrastructure. This will help people interested to take up this certification and give a general understanding of OCI. Source for this article is the detailed video tutorial given by Rohit Rahi from the OCI team.
Cloud computing is the usage of computing resources such as servers, data storage, and computing power over the internet. The computing resources are available based on demand and without human interaction.
Multi-tenant model is used where the resources are pooled to serve multiple users over a broad network. Resources can be accessed dynamically based on need, and users pay only for the resources consumed. These are the main highlights of cloud computing that has made it so popular and appealing to users.
The three cloud service models are Infrastructure as a Service (IAAS), Platform as a Service (PAAS), and Software as a Service (SaaS). This article focuses on discussing about Oracle IAAS, where the cloud provider in this case Oracle manages the core infrastructure such as data centers, network, and storage machines. The user manages applications, data, and operating system.
Core cloud concepts supported by OCI are:
- High availability — Cloud resources are always available and do not have single point of failure.
- Disaster Recovery — Enable quick recovery or continuation of service from any kind of downtime.
- Fault Tolerance — Ensure minimal downtime.
- Scalability — Support scaling of resources up or down (vertical scaling), in or out (horizontal scaling).
- Elasticity — Ability to quickly scale resources including VMs and storage.
- Pricing — Capital expenditure (CAPEX) spent for fixed assets such as physical infrastructure. Operational expenditure (OPEX) spent for operational cost such as utility and power.
The four main components that constitute the OCI architecture are:
- Region — These are geographical locations around the world where the cloud services are available.
- Availability Domain — These are isolated data centers located within a region.
- Fault Domain — These are logical data centers within an availability domain.
- Compartment — These are logical collection of related resources.
Though availability domains are isolated they are connected to each other by low latency, high bandwidth network. Each AD consists of three fault domains for high availability of resources. Resources placed in different fault domains do not share single point of failure. Compartments helps to isolate and control access to the resources in the cloud.
Some notable features of compartments are:
- Compartments can be nested up to six levels.
- Each resource can belong to only one compartment.
- Resources can be deleted or added to the compartment.
- Resources can interact with other resources in different compartments.
- Resources can be moved from one compartment to another.
- Resources from multiple regions can be in the same compartment.
- Budget is assigned for resources located in the compartment.
OCI services can be divided into five categories:
Compute Service -
OCI offers five types of compute services:
- Bare metal
- Virtual machine
- Dedicated virtual host
- Container engine
Bare metal offers just the physical server without any virtualization. Virtual machines offer the virtualization layer in addition to the server. In case of dedicated virtual host the user gets complete control of the VMs running on the host. In container engine user will be only managing the application as the OS also is managed by the cloud provider. Finally, in case of Oracle Function user is responsible for only the code and rest everything is taken care. The highlight of Oracle Functions is that user has to pay only for the resources consumed during the execution of the code.
Storage Service -
Oracle offers four types of storage services:
- Block storage — Data is stored as fixed size blocks. There is no metadata stored. It is a remote and network based storage. User can do periodic backup of the block volume. It can be manual or automated.
- Local NVMe — This is temporary storage that is attached to the compute instance. The data is not available once the instance dies, which is not the case in other types of storage.
- File storage — This is a hierarchical collection of documents organized into directories. It is a type of network storage that is highly durable. Backups can be taken as snapshots.
- Object storage — In this all kinds of data such as image, video, documents are stored as objects in a bucket. These are stored in single flat structure, without a folder hierarchy. Hence, data retrieval is very fast and even metadata is stored. It is highly scalable and commonly used to store Big Data, and unstructured data. In archive object storage rarely accessed data can be stored for long periods with less cost.
You can choose the required type of storage based on the type and volume of data, data durability, and performance.
Networking Service — A Virtual Cloud Network (VCN) provides networking capabilities in OCI. VCN is a software defined private network that is set up in OCI. It enables your cloud resources to securely communicate through the internet with other instances running in OCI or your on-premises data centers. Data is routed on the internet through public or private means depending on the type of network connection.
- Internet gateway provides connection between the VCN and the internet and its public connection.
- NAT gateway provides private connection to the internet as it blocks inbound connection from the internet.
- Dynamic Routing Gateway (DRG) provides secure connection between the on-premises environment and the VCN.
- Service gateway connects public OCI services such as object storage with the VCN in a secure way.
- Peering is a terminology used for the communication between VCNs.
Identity and Access Management — Identity refers to user who is requesting for access, and Access refers to type of permissions granted to the user or principal. Here principal can be an user or an instance. The first user in OCI is always the administrator who will provide access and permission to other users. Here a user has to belong to a group and each group needs to be associated with a policy. Policy will have details of the resources for which permission is given to the user. Policy can be attached to a compartment as it is a collection of resources. Authentication of the user is done in 3 ways. First is through the straightforward method of using username and password, second is through API signing keys, and the third is by using authorization tokens.
Database Service — The main objective of database backup is high availability and disaster recovery. OCI offers five different types of database services namely, Virtual Machine DB system, Bare Metal DB system, Oracle RAC, Exadata DB system, and Autonomous DB.
- VM DB system uses block storage that can be quickly provisioned.
- Bare Metal DB system leverages local storage that provides high performance.
- Oracle RAC enables user to cluster databases where same database is shared by different instances.
- Exadata DB system is a managed storage service suitable for transaction data.
- Autonomous DB is a self-driving, self-securing, and self-repairing service that supports CPU and storage scaling without any downtime. Two kinds of workloads are supported by Autonomous DB. One is Autonomous Transaction Processing (ATP). Another is Autonomous Data Warehouse (ADW).
Oracle data guard replicates databases to survive data corruptions or disasters.
OCI provides Shared Security model. Users are responsible for securing their data and Oracle secures the underlying infrastructure. Users are responsible for patching applications and operating system. Data safe is used to protect sensitive and regulated data residing in the Oracle cloud databases. Key Management or Oracle Vault encrypts storage and database services. Keys are stored on highly available and durable Hardware Security Modules (HSM). OCI also supports centralized key management where users can use their on-premises environment keys. The Identity and Access Management service supports Multi-Factor Authentication (MFA). Federation support is provided where an identity provider manages user’s authentication. Web application firewall can be used to authenticate HTTP traffic. OCI also offers compliance certifications such as HIPAA.
OCI Pricing and Billing
OCI functions on pay as you go model. The user is charged only for the consumed resources. Consumption based pricing is the highlight of cloud services.
OCI offers three different pricing models:
- Pay as you go — Charge is based only for the resources consumed.
- Monthly flex or Universal credit model — Charge is based on a minimum threshold of $1000 and 12 months.
- Bring your own license — User can apply their existing on-premises Oracle license.
Pricing is based on resource size, type of resources, and data transfer. Oracle does not charge for ingress or incoming data. Outgoing data or egress is charged only for data transfer over public network and across regions. OCI pricing is uniform across all regions. Data transfer from cloud to on-premise is not charged. In OCI cost is tracked using cost tracking tags that can be added to resources. User can set a monthly threshold for expenditure so that it is easy to keep track of overshooting the budget. Daily usage reports are generated about user’s OCI consumption. OCI also offers several free services such as two compute instances, load balancer, and object storage that anyone can utilize.
OCI SLA and Support
Service Level Agreement (SLA) is a financially backed commitment to provide minimum level of service to customers. OCI offers SLAs for availability, manageability, and performance of resources. Availability also called as Data Plane is usage of resources. Manageability or Control Plane is administration of resources. Oracle Support is not available for free services. Paid users have to sign up for an Oracle Support account also referred to as My Oracle Support (MOS). They can raise support requests for queries related to user authentication issues and service limits.
This covers all the key OCI topics. There is much more to these concepts that can be learnt from https://learn.oracle.com/ols/learning-path/understand-oci-foundations/35644/75258.