Oracle Cloud Infrastructure (OCI) Foundations: Understand OCI Foundations

Instance Principals

Lets instances (and applications) to make API calls against other Oracle Cloud Infrastructure (OCI) services removing the need to configure user credentials or a configuration file.

Service Gateway

Lets resources use Virtual Cloud Network (VCN) access public Oracle Cloud Infrastructure (OCI) but WITHOUT using an internet or NAT Gateway Any traffic from VCN that is destined for one of the supported OCI public services uses the instance's private IP Address for routing, never travels over OCI Network Fabric and never traverses the internet. Use Case: Back up DB Systems in VCN to object Storage.

Region(s)

Localized geographic area, comprised of one or more Availability Domains (AD)

How do you choose a region (?) - Choosing a region

Location - Choose a region closest to your users for lowest latency and highest performance Data Residency and Compliance - Many countries have strict data and residency requirements Service Availability - New cloud services are made available based on regional demand, regulatory compliance, resource availability and other factors

Higher Performance

Most IO-demanding workloads that require the best possible performance including large databases IOPS: 75 IOPS/GB Throughput: 600 KB/s/GB

NVMe

Non-Volatile Memory Express

Availability Domains (AD)

One or more fault-tolerant, isolated data centers located within a region, but connected to each other by a low latency, high bandwidth network.

Operational Expense (OPEX)

Ongoing cost for running a product, business or system.

Functions

Oracle Provides Bare Metal (Hardware) Dedicated Virtual Hosts Virtual Machines Operating Systems Language Runtime App Container You provide: Code (Functions)

Bare Metal

Oracle Provides: Bare Metal (Hardware) You provide: Code App Container (i.e. Docker) Language Runtime Operating System Virtualization

Container Engine

Oracle Provides: Bare Metal (Hardware) Dedicated Virtual Hosts Virtual Machines Operating Systems Language Runtime You provide: Code App Container

Container Engine

Oracle Provides: Bare Metal (Hardware) Virtualization (Dedicated Virtual Hosts)

Dedicated Virtual Hosts

Oracle Provides: Bare Metal (Hardware) Virtualization (Virtual Machines - Hosts) You provide: Code App container Language Runtime Operating System

Storage Requirements

Persistent v/s Non-Persistent What Type of Data? Database, videos, audio, photos, text Performance? Max capacity, IOPS, throughput Durability? # of copies of data Connectivity? Local v/s network, how does app access the data? Procotol Block v/s File v/s HTTPs

Region Pair

Protection from disaster with data residency and compliance. In case of emergency move your data within region(s).

Internet Gateway

Provides a path for network traffic between your Virtual Cloud Network (VCN) and the internet.

On-Demand Self-Service

Provision computing capabilities as needed automatically without requiring human interaction with service provider.

Users

Reference: IAM Users and Groups Individual people or applications

Scalability

Refers to scaling out (or in) or scaling up (or down).

Measured Service

Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Dedicated VM Host Model

Same thing as (Virtual Machine) VM Based Offering but the offering is single-tenant, meaning you get access to the whole box. Box is only owned by you, and you don't have a green and red VM, meaning VMs from different customers on the same box. Benefits: Security and you manage the whole thing yourself. Single-tenant VM model.

Horizontal Scaling

Scaling out (or in)

Vertical Scaling

Scaling up (or down)

Load Balancer

Sits between the clients and the backends performs tasks such as: - Service Discovery: What backends are available. How should Load Balancer (LB) talk to them? - Health Check: What backends are currently healthy to accept requests? - Algorithm: What algorithm should be used to balance individual requests across the healthy backends

Object Storage Tiers

Standard Storage Tier (Hot) * Fast immediate, and frequent access * Data retrieval is instantenous * Always serves the most recent copy of data when retrieved. * Standard buckets can't be downgraded to archive storage Archive Storage Tier (Cold) * Seldom or rarely accessed but data must be retained and preserved for long periods of time * 10x cheaper than Standard Tier ($0.0026 v/s $0.0255 Gb/month). * 90 days minimum retention requirement. * Objects need to be resotred before downlaod; Time To First Byte (TTFB) after restore request is made: 4 Hours * Archive Bucket can't be upgraded to Standard storage tier.

Elasticity

The ability to quickly increase or decrease resources

Broad Network Access

capabilities available over the network can be accessed by a wide variety of interface devices using standard mechanisms...

File Storage

* Hierarchical collection of documents organized into named directories which are themselves structured files *Distributed file systems make distributed look exactly like local file systems *Distributed file standards -NFS and SMB - Supported by Unix and Windows - Allow creation, deletion, reading, writing, sharing and locking - Supported by all major OSes and hypervisors - (typically) no extra client software needed - Provide access over networks

Object Storage

- All data, regardless of content type, is managed as objects. - Each object is stored in a bucket. A bucket is a logical container for storing objects. - Each object is composed of object itself and metadata of the object. This makes it easier to index and access data. - _______________ _______________ is quite common in cloud-based storage scenarios with very high scalability and reliability. - While files and blocks are generally available to an operating system (by mount operation), object storage relies on standard HTTP verbs

Object Storage Service

- An internet-scale, high-performance storage platform - Ideal for storing unlimited amount of unstructured data (images, media files, logs, backups) - Regional service, not tied to any specific compute instance - offers two distinct storage classes "hot" storage (Standard) , "cold" storage (Archive) - Use cases * Content repository for data, images, logs and video etc. * Archive/Backup for longer periods of time * Storing log data for analysis and debugs/troubleshooting * Storing large data sets (genome data, IoT) * Big Data/Hadoop storage

Availability Domains

- Are isolated from each other, fault tolerant, and very unlikely to fail simultaneously. Because (they) do not share physical infrastructure, such as power or cooling, or the internal availability domain network, a failure that impacts one AD is unlikely to impact the availability of the others.

Oracle Offerings

- Bare Metal - Dedicated Virtual Hosts - Virtual Machines - Container Engine - Functions

Fault Domains

- Each Availability Domain has 3 - Act as a logical data center within an AD. Usage of multiple FDs reduces correlation of failures within an AD - Resources placed in different FDs will not share single points of hardware failure (same physical server, physical rack, top of rack switch or power distribution unit) - In any region, resources in at most one FD are being actively changed at any point in time. This means that availability problems caused by change procedures are isolated at the fault domain level. - You can control the placement of your compute or database instances to fault domains at instance 'launch' time.

Compartment

- Each resource belongs to a single compartment -Resources can interact with other resources in different compartments -Resources and compartments can be added and deleted anytime -Resources can be moved from one compartment to another - Resources from multiple regions can be in the same compartment - Compartments can be nested (six levels deep) - You can give group of users access to compartments by writing Policies. - Analyze cost and assign budget for resources in compartments

Principal(s)

- Is an Identity Access Management (IAM) that is allowed to interact with Oracle Cloud Infrastructure (OCI) resources - IAM Users and Instance Principals

File Storage Service (FSS)

- Shared file system storage for compute instances - Supports NFS v.3 distributed file system - Data protection: Snapshots (10,000 snapshots per file system) - Security: data-at-rest and in-transit encryption for all file systems and metadata - Use cases: * Oracle Application (e.g. EBS) * HPC * Big Data and Analytics * General Purpose File Sysetms

Virtual Cloud Network (VCN)

- Software defined private network that you set up in Oracle Cloud Infrastructure (OCI) - Enables OCI resources such as compute instances to securely communicate with Internet, other instances or on-premises data centers - Lives in OCI Region - Highly Available, Scalable and Secure

Block Volume Service

- Storage for compute instances - 2 types: Boot Volume (OS Disk), Block Volume (data disks) - Service lets you store data independently and beyond the lifespan of compute instances Use Cases: - Databases -Exchange (Support Block Level Storage Only) - VMware (common to deploy VMware servers that use shared VMFS volumes on block level storage) -Server boot (in public clouds, instances are configured to boot from block level storage)

Local NVMe

- Temporary NVMe based storage locally attached to the compute instances -Designed for applications that require high-performance local storage -Use cases: * NoSQL databases (e.g. Cassandra, MongoDB, Redis) * in-memory databases * Scale-out transactional databases * Data warehousing - Storage is non-persistent (does not survive reboot; not durable)

Virtual Machine (VM) Use Cases

- Use Virtual Machines (VMs) when you want to control all aspects of an environment - Use VMs when you want to deploy a legacy app running on Windows or Linux - You can use VMs to move applications from on-premises to Oracle Cloud Infrastructure (OCI) - Require Work - Operating System (OS) Patch Management, Security Configuration, Monitoring, Application Configuration and Scaling to Handle Variable Traffic

Bare Metal Use Cases

- Workloads that are performance-intensive - Workloads that are not virtualized - Workloads that require a specific hypervisor (Bring Your Own Hypervisor - BYOH) - Workloads that require Bring-Your-Own (BYO) Licensing.

OCI Storage Services

-Block Volume -Local NVMe -File Storage -Object Storage -Archive Storage

Block Storage

-Hard Drive in a server except the hard drive happens to be installed in a remote chassis -Data is typically stored on device in fixed sized blocks (e.g. 512 bytes) -Accessed by operating system as mounted drive volume. - Applications/file systems decide how blocks are combined and accessed -Data is stored without any high-level metadata e.g. for data format, type or ownership. - You can place any kind of file system on block level storage e.g. Windows uses New Technology File System (NTFS), VMWare uses Virtual Machine File System (VMFS) - Commonly deployed in Storage Area Network (SAN) storage

security principle of least privilege

1.) Users -> Groups (Users need to Belong to Groups) 2.) Group -> at least one policy with permission to tenancy or compartment. If users don't belong to group, then = no access.

Security List

A common set of firewall rules associated with a subnet and applied to all instances launched inside the subnet. - Consists of rules that specify the types of traffic allowed in and out of the subnet - Security list apply to a given instance whether it's talking with another instance in the Virtual Cloud Network (VCN) or a host outside the VCN. - Stateful or Stateless

Virtual Machine Host Model

A hypervisor to virtualize the underlying bare metal server into smaller VMs (Multi-Tenant VM)

Hypervisor

Also called the virtual machine monitor (VMM) Creates a virutal platform on the host computer, on top of which multiple guest operating systesm are executed and monitored.

Balanced

Balanced choice for most workloads including those that perform random I/O such as boot disks IOPS: 60 IOPS/GB Throuhgput 480 KB/s/GB

Bare Metal Host Model - Off-Box Offering

Bare-Metal - Off-Box Offering Off-load network and storage to a separate hardware card in the server. Also called custom silicon. Storage and network operations done by this card.

Rapid elasticity

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward with demand. ADD-ON )To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.)

Cloud Computing

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. National Institute of Standards and Technology (NIST) Definition in accordance with Special Publication (SPM 800-145)

Compartment

Collection of related resources. It helps you isolate and control access to your resources (logical not physical)

High availability systems

Computing environments configured to provide nearly full-time availability Such systems typically have redundant hardware and software that makes the system available despite failures Well-designed high availability systems avoid having single points-of-failure

Gold Image

Configuration (for your Instance) Includes: Operating System Image Your MetaData Storage Disks, Shape Virtual Network Interface Cards (vNICs) Subnets

Network Security Group

Consists of set of rules that apply only to a set of VNICs of your choice.

App Container

Container runtime which executes containers and manages container images on a node. Most widely known app container is Docker.

Load Balancer Benefits

Fault Tolerance and High Availability (HA): Using health check + Load Balancer (LB) algorithms, a Load Balancer (LB) can effectively route around a bad or overloeaded backend Scale: Load Balancer (LB) maximizes throughput, minimizes response time and avoids overload of any single resource. Naming Abstraction: name resolution can be delegated to the Load Balancer (LB); backends don't need public IP addresses.

Fault Domains (FD)

Grouping of hardware and infrastructure within an Availability Domain to provide anti-affinity (logical data center)

Fault Tolerance

How a cloud vendor will ensure minimal downtime for services provided

Recovery Point Objective (RPO)

How much data loss or transaction loss can your business tolerate Example: You have processes in place to recover within 8 hours (your RTO is set for 24 hours). Your RPO must be below your RTO.

Recovery Time Objective (RTO)

How much downtime your business can tolerate. Example: Your RTO is set for 24 hours, you are okay for having the downtime up to 24 hours.

IOPS

Input Output (IO) Operations Per Second

Basic

Workloads that are throughput intensive with large sequential I/O, such as big data and streaming , log processing and data warehouses. IOPS: 2 IOPS/GB Throughput: 240KB/s/GB

Traditional IT

You manage: - Applications - Data - Runtime - Middleware - Operating System - Virtualization - Servers - Storage - Networking

First Identity Access Management (IAM) User

Default administrator; admin sets up other IAM users and groups Users enforce security principle of least privilege

Software-as-a-Service (SaaS)

Delivered-as-a-service: - Applications - Data - Runtime - Middleware - Operating System - Virtualization - Servers - Storage - Networking

Platform-as-a-service (PaaS)

Delivered-as-a-service: - Runtime - Middleware - Operating System - Virtualization - Servers - Storage - Networking You manage: Applications Data

Infrastructure-as-a-service (IaaS)

Delivered-as-a-service: - Virtualization - Servers - Storage - Networking You manage: - Applications - Data - Runtime - Middleware - Operating System

Bare Metal Host Model

Direct Hardware Access - Customers get the full bare metal server (single-tenant server)

Network Address Translation (NAT) Gateway

Enables outbound connections to the internet but blocks inbound connections initiated form the internet. Use case: updates, patches.

Autoscaling

Explained Diagram

Capital Expenditure or Capital Expense (CAPEX)

The money an organization or corporate entity spends to buy, maintain, or improve its fixed assets, such as buildings, vehicles, equipment or land.

Disaster Recovery

The policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems. Should indicate key metrics of recovery point objective (RPO) and recovery time objective (RTO)

Virtual Cloud Network (VCN) Peering

The process of connecting multiple Virtual Cloud Networks (VCN)

Remote Virtual Cloud Network (VCN) Peering

The process of connecting two Virtual Cloud Networks (VCNs) in different regions so that their resources can communicate using private IP addresses.

Local VCN Peering

The process of connecting two Virtual Cloud Networks (VCNs) in the same region so that their resources can communicate using private IP Addresses.

Resource Pooling

The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different resources dynamically assigned and reassigned according to consumer demand.

Dynamic Routing Gateway (DRG)

Virtual router that provides a path for private traffic between your Virtual Cloud Network (VCN) and destinations other than the internet You can use it to establish a connection with your on-premise netwrok via - IPsec VPN - FastConnect (private, dedicated connectivity)