Foundational Learning Core Concepts for Oracle Cloud Infrastructure — Part 1

This tutorial introduces some of Oracle Cloud Infrastructure’s core concepts. It will help you get an understanding of how to interact with and move around OCI.

Introduction

Some of the concepts which we will learn in this tutorial will be as follows:

• Tenancy, Region, Availability Domain
• Compartments
• Resources, OCID, Tags, Search
• OCI Command Line Interface tool
• OCI Browser Console
• OCI Cloud Shell
• Object Storage Service
• Users, Groups, Dynamic Groups, Policies
• Audit Trail

Oracle Cloud Infrastructure provides the foundation for Oracle Cloud Application — a platform for running enterprise applications with services such as database, security, API management, (serverless) compute, networking and end-to-end monitoring.

These services that Oracle leverages for Oracle Cloud Applications are also available to anyone else. From more than 20 regions (data centers) around the globe, OCI services can be consumed by any organization.

Oracle Cloud Infrastructure is sometimes referred to as Gen2 Cloud, because OCI is the second generation Oracle Cloud platform. The first generation Oracle Cloud — now called Cloud Classic — was the result of a somewhat rushed program to gain a foothold in the cloud, largely based on existing software that was not cloud native at all.

Many services in this first generation cloud platform were disappointing to users. Functionality was lacking, performance was poor, availability not good enough, pricing not according to a true pay as you go model. With OCI, Oracle rebuild its cloud from the ground up.

Benefitting from its own experiences and with many experienced engineers hired from AWS and Azure teams, the Gen2 Cloud overcomes pitfalls, shortcomings and holes that every first generation cloud will suffer from.

OCI has a consistent user experience throughout all services — in the Console, the Command Line Interface, the SDKs (Go, Ruby, Java, Python) and REST APIS. The way automation, security, monitoring, searching and billing is done is intuitive, straightforward and uniform.

OCI offers a free tier with a number of always free resources (including compute instances, storage and two database instances), a free 30-day trial and a pay-as-you-go model that for most services starts at really small fees for small consumption.

Access Cloud Services for Free

Core Concepts and Terminology

When you sign up for Oracle Cloud Infrastructure, a tenancy is created for you — or your company. This is a secure and isolated partition within Oracle Cloud Infrastructure where you can create, organize, and administer your cloud resources. Everything you do happens inside the tenancy.

The tenancy is organized in compartments, somewhat similar to folders on a file system.

A compartment is a collection of related resources (such as compute instances, virtual cloud networks, block volumes, functions, API Gateway) that can be accessed only by certain groups that have been given permission by an administrator.

A compartment should be thought of as a logical group and not a physical container. Compartments can be nested, to six levels deep. Compartments do not cost money — you can create many of them.

The tenancy itself is the root compartment that holds all your cloud resources. When you create a cloud resource such as a VM, database, or data catalog, you must specify to which compartment you want the resource to belong.

As an example: many tenancies contain a Sandbox compartment, used for experiments and early development work. Security policies in this compartment are fairly relaxed compared for example to the Production compartment.

Oracle Cloud Infrastructure is physically hosted in regions and availability domains. A region is a localized geographic area — such as Amsterdam, Ashburn, Sao Paolo, Melbourne and Tokyo, and an availability domain is one or more data centers located within a region.

A region is composed of one or more availability domains.

Availability domains are isolated from each other, fault tolerant, and very unlikely to fail simultaneously or be impacted by the failure of another availability domain.

When you configure your cloud services, use multiple availability domains to ensure high availability and to protect against resource failure. Availability Domains within a Region have very fast network connections; they should be thought of as very closely co-located.

A tenancy has a home region — and can also subscribe to other regions. A tenancy therefore can have OCI resources in multiple regions. IAM resources (compartments, users, groups, policies, tags, and federation providers) are global — they exist across regions and are available in every region. This is visualized in the next figure: a tenancy with a compartment that contains resources in two different regions.

In the OCI Console, you usually work in the context of a single region. The compartment explorer is the only tool that shows all your OCI resources across all regions .

Note: some regions currently only have one Availability Domain. Oracle states: “For any region with one availability domain, a second availability domain or region in the same country or geo-political area will be made available within a year to enable further options for disaster recovery”.

Because of Oracle Cloud Infrastructure’s low latency interconnect backbone, you can even use cloud services in other geographic regions with effective results (when those services are not available in your home region), as long as data residency requirements do not prevent you from doing so.

A fault domain is a grouping of physical hardware and infrastructure within an availability domain. Each availability domain contains three fault domains.

Fault domains provide anti-affinity: they let you distribute your VMs so that the instances are not on the same physical hardware within a single availability domain. A hardware failure or Compute hardware maintenance event that affects one fault domain does not affect instances in other fault domains.

In addition, the physical hardware in a fault domain has independent and redundant power supplies, which prevents a failure in the power supply hardware within one fault domain from affecting other fault domains. To control the placement of your compute instances, bare metal DB system instances, or virtual machine DB system instances, you can optionally specify the fault domain for a new instance or instance pool at launch time.

For managed services on OCI — such as API Gateway, Functions and Autonomous Database, Oracle manages availability domains and fault domains for us.

A virtual cloud network is a virtual version of a traditional network — including subnets, route tables, and gateways. A cloud network resides within a single region but includes all the region’s availability domains.

Each subnet you define in the cloud network can either be in a single availability domain or span all the availability domains in the region (recommended). You can configure the cloud network with an optional internet gateway to handle public traffic, and an optional IPSec VPN connection or FastConnect to securely extend to your on-premises network.

Through remote VCN peering, two VCNs in different regions (but part of the same tenancy) can be connected. This peering allows the VCNs’ resources to communicate using private IP addresses without routing the traffic over the public internet or through your on-premises network.

The next figure combines some of the concepts discussed here. It shows a Linux VM and a Storage Volume that live in a subnet within a VCN with an Internet Gateway. These resources are created in Availability Domain 1 in an unnamed Region. We could add a second VM in a different Fault Domain in the same Availability Domain or in a different Availability Domain or even in a different Region, depending on our requirements for high availability, data residency and local network latency.

OCI Console — the browser based user interface for Oracle Cloud Infrastructure

The OCI Console is the browser based user interface for Oracle Cloud Infrastructure. Through the console you can inspect and manage resources in a GUI. Over time you are likely to primarily make of the command line interface, the SDKs and the REST APIs when you start automating — infrastructure as code — the management of cloud resources.

Open the OCI Console — for tenancies subscribed to the Ashburn region, the URL is:

https://console.us-ashburn-1.oraclecloud.com/

The URL for the console for tenancys with a different home region is composed of: https://console..oracle.cloud.

Login using the console credentials you defined when provisioning the tenancy.

In the upper right hand corner of the console, you will find the region that we are currently in the context of, as well as our help-lines to Live Chat and the Help menu that has links to create a My Oracle Support ticket and submit a request for increasing limits on cloud resources. The Person icon links to our account settings. Through the globe icon, you can change the language of the console.

In the upper left hand corner is the so called hamburger menu. Click it to bring up a menu that contains all OCI services, from Core Infrastructure through Database and Data and AI all the way down to Solutions and Platforms and finally Governance and Administration.

In this last section we can manage identity and access and inspect our cloud usage and bill. We will be navigating this menu quite a bit in the steps and scenarios still to come.

Let’s look at compartments.

Compartments

Virtually all OCI resources live in a compartment. The tenancy is organized in compartments, somewhat similar to folders on a file system. A compartment is a logical collection of related resources (such as compute instances, virtual cloud networks, block volumes, functions, API Gateway) that can be accessed only by certain groups that have been given permission by an administrator. Any resource can be part of only one compartment. There is not something akin to a symbolic link or shortcut.

A compartment should be thought of as a logical group and not a physical container. Compartments can be nested, to six levels deep. Compartments do not cost money — you can create many of them if that helps you to better organize your tenancy. The tenancy itself is the root compartment that holds all your cloud resources.

In the console, navigate to the menu option Governance and Administration | Identity | Compartments.

https://console.us-ashburn-1.oraclecloud.com/identity/compartments

You will see a flattened list of all compartments in the tenancy that you have access to. You should at least see the tenancy’s root compartment (that has at least two subcompartments) as well as the lab-compartment that was prepared for this scenario. Inspect the lab-compartment by clicking on it.

Click on Create Compartment. Type lab-01. Type compartment for personal lab resources as description. Create the new compartment by clicking on Create Compartment.

You have now created a new compartment, nested under lab-compartment that itself is nested under the root-compartment.

For any other cloud resource you will create — such as a VM, database, or data catalog — you must specify to which compartment you want the resource to belong. That could be your newly created compartment, or one that does not yet exist. As an example: many tenancies contain a Sandbox compartment, used for experiments and early development work. Security policies in this compartment are fairly relaxed compared for example to the Production compartment.

Click on the new compartment. It will obviously be empty at this stage and not have any Child Compartments. The parent compartment is lab-compartment.

In the next tutorial, we will continue to work with the Object Storage Service. You will create a bucket — a container for objects. Then you will upload a file into this bucket.

Resources

Access Cloud Services for Free

OCI Documentation — Key Concepts and Terminology

OCI Documentation — Remote VCN Peering