Oracle Cloud Infrastructure Foundations

Exam : Oracle Cloud Infrastructure Foundations 2020 Associate (1Z0-1085-20) 105 Minuts/60 Questions/ 68% to pass

Start OCI

Cloud Concepts

  • 21 Regions
  • AD - Availability Domains, isolated each other
  • within region 3 AD (some 2 or 1)
  • FD - Fault Domain (Logical Domain)

OCI Architecture

  • Compartment - logical collection of resources

Core OCI Services

OCI Computer Services

  • baremetal
  • Dedicated VM
  • VM
  • COntainer Enginer
  • Functions

OCI Storage Services

  • block volume
    • Highly Durable - 3 replicas
    • Tiers - can be upto 32 GB (and maximum 32 volumes/disks)
      • Basic
      • Balanced
      • High Performance
  • local NVMe - temp storage, non-persistent
    • high performance
  • File Storage - files
    • NFS and SMB
    • Highly durable
    • can take snapshot
  • Object Storage
    • all in root folder, no folder
    • unstrctured
    • hot
      • standard storage tier
    • cold
      • archive, backup
      • 10x cheaper than standard
      • 90 days retention minimum
      • 4 hr recovery/retrieve

OCI Network Services

  • VCN - Virtual Cloud Network
  • Internet Gateway - 2 way
  • NAT Gateway - only inwards
  • Public Subnet /DMZ
  • DRG - Virtual Router to connect On-Prem or Other destination
    • IPSec
    • Fast Connect
  • Service Gateway - to connect internal objects like Storage; connection via VCN
  • Firewall rules to restrict traffic (port/subnet)
    • Ingress
    • Egress
  • Network Security Group - NSG apply to VCN

VCN to VCN Comms

  • VCN Peering
    • Local VCN Peering - same regions
    • Remoet VCN Peering - different regions
    • Peering is not transit; need dedicated peering

Load Balancer

  • Service Discovery
  • Health Check
  • Algorithm

OCI IAM

Principals

IAM entity that allowed to interact with OCI resources.

  • IAM Users and Groups
  • Instance Principal - for instances, API, etc

Compartment

  • Collection of resources

Authentication

  • Who
  • OCI IAM service authenticate a Principal by
    • username, password
    • API Signing Key
    • Auth Tokens

Authorization

  • Specifies various actions an authenticated principal can do
  • OCI Authorization = policies
  • Written in Human-readable format
    • Allow group GROUP_NAME to VERB RESOURCE_TYPE in tenancy
      • verb - read, inspect, use, manage
      • resource type - all,database, instance,virtual network etc
  • Policy attachment - attach to compartment or tenancy

OCI Database Services

OCI DB Options

  • VM DB systems - DB running on VM
  • Bare Metal - on physical server
  • Oracle RAC - Cluster, HA
  • Exadata DB
  • Autonomous - share
  • Autonomous - dedicated
    • Self driving, Self securing, Self repairing

Operations

  • Start, stop, reboot
  • Scale - CPU, Storage
  • Patch - 2 steps process, DB first, then system.
    • Exadata and RAC - rolling patching

Backup/Restore

  • Manual or Auto
  • Retention period

DR Systems

  • Oracle Data Guard
  • Active Data Guard - extends data guard by providing advanced features for data protection and availability
  • Switchover - Planned migratons, no data losss
  • Failover - unplanned, minimal data loss

DB Systems HA and DR

  • primary and standby can be single instance or RAC

Autonomous DB

  • Autonomous Transation Process (ATP)
  • Autonomous Data Warehouse (ADW)

OCI Security

Shared Security Model

  • OCI manage infra
  • Customer manage VMs and Apps

Federation

Data Protection

  • Data encrypted at-rest
  • Data encrypted in-transit
  • Bring your own keys

on

  • block volume
  • file storage
  • object storage - pre-auth requests
  • database - transparent data encryption, data safe, data vault

Key Management

  • BYOK - Bring your own keys
  • HSM (hardware security modules)

  • data safe

OS Management Service

  • execute and automate common and complex management tasks
  • package management, config management
  • security and compliance

Network Protection

  • Tiered subnet strategy
    • DMZ
    • Public
    • Private
  • Gateways
    • NAT
    • Service
    • Dynamic Routing
  • Security List, NSG

OCI Web Application Firewall

Compliance Certifications

OCI Pricing and Billing

Pricing Models

  • Pay as you go (PAYG)
  • Monthly Flex
  • Bring your own lincense

comments powered by Disqus