Deploying a Network Communication Control in Oracle Cloud Infrastructure
The Challenge: Deploying a Global Financing Portal
As a Cloud Specialist, I recently undertook an exciting project that involved setting up a network communication control within Oracle Cloud Infrastructure (OCI). The primary goal was to deploy a Global Financing Portal application in the Finance subnet, ensuring accessibility for other departments like Sales.
Initial Setup: Tools and Resources
To start the project, I downloaded two essential tools: Gitbash and VNC Viewer. These tools were pivotal in managing the networking resources and accessing the virtual machines remotely.
- Gitbash: [Download here](https://git-scm.com/downloads)
- VNC Viewer: [Download here](https://www.realvnc.com/en/connect/download/viewer/)
Building the Network Foundation
The core of the project was to create a robust network within OCI. Here’s how I went about it:
1. Virtual Cloud Network (VCN) Creation: I accessed the OCI console and navigated to the Virtual Cloud Networks section. I created a VCN named ‘vcn-mod3’ with a CIDR block of 10.0.0.0/16, ensuring I was in the correct compartment.
2. Setting Up Subnets for Finance and Sales Departments:
— For the Finance department, I created a subnet ‘finance-subnet’ with a CIDR block of 10.0.1.0/24.
— Similarly, I established ‘sales-subnet’ for the Sales department with a 10.0.2.0/24 CIDR block.
Implementing Security Lists
Security was a paramount aspect of this project. I set up two security lists, ‘sl-sales’ and ‘sl-finance’, with specific rules:
- sl-sales: Configured with ingress and egress rules, allowing SSH access from a specific IP and all outbound traffic.
- sl-finance: Besides the SSH access, I included an additional ingress rule to allow traffic from the Sales subnet over port 80, facilitating inter-departmental communication.
Deploying the Finance and Sales Instances
After setting up the network infrastructure, the next step was to create instances for both departments:
1. Finance Instance:
— Configured on Oracle Linux 7, I set up the instance ‘finance-vm’ within the finance-subnet.
— I installed and started the Apache HTTP server, configuring the firewall to allow HTTP service.
— Downloaded and prepared the website files for the Global Financing Portal.
2. Sales Instance:
— Similarly, ‘sales-vm’ was created for the Sales department.
— I installed a GUI and the TigerVNC server, configuring the VNC for remote access.
— Tested the setup by accessing the Finance Portal through the Sales instance.
Final Steps: Testing and Validation
The final phase involved rigorous testing:
- Accessing the Finance Portal via the Sales instance using VNC Viewer.
- Ensuring SSH access to the Finance instance’s private IP was restricted as per our security setup.
Conclusion and Reflections
This project was a testament to the flexibility and robustness of OCI. Not only did it enhance my understanding of cloud networking, but it also demonstrated the importance of meticulous planning and execution in cloud infrastructure projects.
For more technical details and references, I found the Oracle documentation on networking and web services incredibly useful: [Oracle Linux Networking Guide](https://docs.oracle.com/en/operating-systems/oracle-linux/7/network/ol7-websvc.html#ol7-about-websvc).
Stay tuned for more cloud adventures, and feel free to reach out if you have any questions or need insights on similar projects!