oracle,

Oracle Cloud Infrastructure Foundations

Follow · 4 mins read
Share this

Exam : Oracle Cloud Infrastructure Foundations 2020 Associate (1Z0-1085-20) 105 Minuts/60 Questions/ 68% to pass

Start OCI

Cloud Concepts

  • 21 Regions
  • AD - Availability Domains, isolated each other
  • within region 3 AD (some 2 or 1)
  • FD - Fault Domain (Logical Domain)

OCI Architecture

  • Compartment - logical collection of resources

Core OCI Services

OCI Computer Services

  • baremetal
  • Dedicated VM
  • VM
  • COntainer Enginer
  • Functions

OCI Storage Services

  • block volume
    • Highly Durable - 3 replicas
    • Tiers - can be upto 32 GB (and maximum 32 volumes/disks)
      • Basic
      • Balanced
      • High Performance
  • local NVMe - temp storage, non-persistent
    • high performance
  • File Storage - files
    • NFS and SMB
    • Highly durable
    • can take snapshot
  • Object Storage
    • all in root folder, no folder
    • unstrctured
    • hot
      • standard storage tier
    • cold
      • archive, backup
      • 10x cheaper than standard
      • 90 days retention minimum
      • 4 hr recovery/retrieve

OCI Network Services

  • VCN - Virtual Cloud Network
  • Internet Gateway - 2 way
  • NAT Gateway - only inwards
  • Public Subnet /DMZ
  • DRG - Virtual Router to connect On-Prem or Other destination
    • IPSec
    • Fast Connect
  • Service Gateway - to connect internal objects like Storage; connection via VCN
  • Firewall rules to restrict traffic (port/subnet)
    • Ingress
    • Egress
  • Network Security Group - NSG apply to VCN

VCN to VCN Comms

  • VCN Peering
    • Local VCN Peering - same regions
    • Remoet VCN Peering - different regions
    • Peering is not transit; need dedicated peering

Load Balancer

  • Service Discovery
  • Health Check
  • Algorithm

OCI IAM

Principals

IAM entity that allowed to interact with OCI resources.

  • IAM Users and Groups
  • Instance Principal - for instances, API, etc

Compartment

  • Collection of resources

Authentication

  • Who
  • OCI IAM service authenticate a Principal by
    • username, password
    • API Signing Key
    • Auth Tokens

Authorization

  • Specifies various actions an authenticated principal can do
  • OCI Authorization = policies
  • Written in Human-readable format
    • Allow group GROUP_NAME to VERB RESOURCE_TYPE in tenancy
      • verb - read, inspect, use, manage
      • resource type - all,database, instance,virtual network etc
  • Policy attachment - attach to compartment or tenancy

OCI Database Services

OCI DB Options

  • VM DB systems - DB running on VM
  • Bare Metal - on physical server
  • Oracle RAC - Cluster, HA
  • Exadata DB
  • Autonomous - share
  • Autonomous - dedicated
    • Self driving, Self securing, Self repairing

Operations

  • Start, stop, reboot
  • Scale - CPU, Storage
  • Patch - 2 steps process, DB first, then system.
    • Exadata and RAC - rolling patching

Backup/Restore

  • Manual or Auto
  • Retention period

DR Systems

  • Oracle Data Guard
  • Active Data Guard - extends data guard by providing advanced features for data protection and availability
  • Switchover - Planned migratons, no data losss
  • Failover - unplanned, minimal data loss

DB Systems HA and DR

  • primary and standby can be single instance or RAC

Autonomous DB

  • Autonomous Transation Process (ATP)
  • Autonomous Data Warehouse (ADW)

OCI Security

Shared Security Model

  • OCI manage infra
  • Customer manage VMs and Apps

Federation

Data Protection

  • Data encrypted at-rest
  • Data encrypted in-transit
  • Bring your own keys

on

  • block volume
  • file storage
  • object storage - pre-auth requests
  • database - transparent data encryption, data safe, data vault

Key Management

  • BYOK - Bring your own keys
  • HSM (hardware security modules)

  • data safe

OS Management Service

  • execute and automate common and complex management tasks
  • package management, config management
  • security and compliance

Network Protection

  • Tiered subnet strategy
    • DMZ
    • Public
    • Private
  • Gateways
    • NAT
    • Service
    • Dynamic Routing
  • Security List, NSG

OCI Web Application Firewall

Compliance Certifications

OCI Pricing and Billing

Pricing Models

  • Pay as you go (PAYG)
  • Monthly Flex
  • Bring your own lincense
oci

Latest Stories

How To Get Hands-On Experience in AWS

Every Time you have the same situation, you know the technology and maybe you are already a certified professional in that technology, but you are not getting enough hands-on on that ...

In AWS, Jan 04, 2021
Getting Started with Ansible Collections

Ansible Collection is a great way of getting content contributions from various Ansible Developers. Earlier there was a tagline for Ansible – “Batteries included”, but now the battery...

In redhat, ansible, Dec 22, 2020
Configure Your Windows Host to be Managed by Ansible

I was talking to my friend about Ansible automation and how we are implementing automated solutions for cloud and on-premise infrastructure. Then he told me that, his team is looking ...

In redhat, ansible, Dec 01, 2020
Remove nodes from Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. You can manage full-lifecycle of Kubernetes clusters...

In containers, kubernetes, Nov 30, 2020
Adding new nodes to Kubespray Managed Kubernetes Cluster

Kubespray is a combination of Ansible and Kubernetes and you can use Kubespray for deploying production ready Kubernetes clusters. Learn how to add new nodes in a Kubernetes cluster u...

In containers, kubernetes, Nov 27, 2020

Featured