OCI Flashcards
1
Q
Tenancy
A
- When you sign up or subscribe to Oracle Cloud services, Oracle creates a tenancy for you.
- You can think of the tenancy as your account,
- but it is also a secure and isolated partition within Oracle Cloud Infrastructure where you can create, organize, and administer your cloud resources.
- When you sign up, your tenancy is created in your home region, but you can subscribe your tenancy to as many regions as you need.
- Large organizations can have multiple tenancies. See Tenancy Management.
2
Q
Compartment
A
- Compartments allow you to organize and control access to your cloud resources.
- A compartment is a collection of related resources (such as instances, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator.
- A compartment should be thought of as a logical group and not a physical container.
- When you begin working with resources in the Console, the compartment acts as a filter for what you are viewing.
- When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources.
- You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment.
- When you create a cloud resource such as an instance, block volume, or cloud network, you must specify to which compartment you want the resource to belong.
- Ultimately, the goal is to ensure that each person has access to only the resources they need.
3
Q
Identity Domains and Policies
A
- An identity domain is a container for managing
- users and roles,
- federating and provisioning of users,
- secure application integration through Oracle Single Sign-On (SSO) configuration,
- and OAuth administration.
- It represents a user population in Oracle Cloud Infrastructure and its associated configurations and security settings (such as MFA). See Overview of IAM.
- A policy is a document that specifies who can access which resources, and how.
- You can write policies to control access to all of the services within Oracle Cloud Infrastructure.
- Access is granted at the group and compartment level,
- which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself.
- If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy.
- For more information, see Example Scenario and How Policies Work.
4
Q
Oracle Cloud Identifier (OCID)
A
- Every Oracle Cloud Infrastructure resource has an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID).
- This ID is included as part of the resource’s information in both the Console and API.
For details about the syntax of an OCID, see Resource Identifiers.
5
Q
Security Zone
A
- Security Zones let you be confident that your Compute, Networking, Object Storage, Database, and other resources comply with Oracle security principles and best practices.
- A security zone is associated with one or more compartments and a security zone recipe.
- When you create and update resources in a security zone, Oracle Cloud Infrastructure validates these operations against security zone policies in the zone’s recipe.
- If any security zone policy is violated, then the operation is denied. For more information, see Overview of Security Zones.
6
Q
VCN
A
- A virtual cloud network is a virtual version of a traditional network—including subnets, route tables, and gateways—on which your instances run.
- A cloud network resides within a single region but includes all the region’s availability domains.
- Each subnet you define in the cloud network can either be in a single availability domain or span all the availability domains in the region (recommended).
- You need to set up at least one cloud network before you can launch instances.
- You can configure the cloud network with an optional internet gateway to handle public traffic, and an optional IPSec connection or FastConnect to securely extend your on-premises network.
- For details on creating, managing, and deleting VCNs, see Networking.
7
Q
Instance
A
An instance is a compute host running in the cloud. An Oracle Cloud Infrastructure compute instance allows you to utilize hosted physical hardware, as opposed to the traditional software-based virtual machines, ensuring a high level of security and performance.
image
shape
8
Q
A
The image is a template of a virtual hard drive that defines the operating system and other software for an instance, for example, Oracle Linux. When you launch an instance, you can define its characteristics by choosing its image. Oracle provides a set of platform images you can use. You can also save an image from an instance that you have already configured to use as a template to launch more instances with the same software and customizations.
9
Q
A
In Compute, the shape specifies the number of CPUs and amount of memory allocated to the instance. Oracle Cloud Infrastructure offers shapes to fit various computing requirements. See the list of compute shapes.
10
Q
Block volume
A
A block volume is a virtual disk that provides persistent block storage space for Oracle Cloud Infrastructure instances. Use a block volume just as you would a physical hard drive on your computer, for example, to store data and applications. You can detach a volume from one instance and attach it to another instance without loss of data.
11
Q
Networking Components
A
-
Virtual Cloud Network (VCN)
A virtual, private network that you set up in Oracle data centers. -
SUBNETS
Subdivisions you define in a VCN (for example, 10.0.0.0/24, 10.0.1.0/24, or 2001:DB8::/64) - VNIC
A virtual network interface card (VNIC), which attaches to an instance and resides in a subnet to enable a connection to the subnet’s VCN. - PRIVATE IP
A private IPv4 address and related information for addressing an instance (for example, a hostname for DNS). - PUBLIC IP
A public IPv4 address and related information. - IPV6
An IPv6 address and related information. - Dynamic Routing Gateway (DRG)
virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and on-premises network.
You can use it with other Networking components and a router in your on-premises network to establish a connection by way of Site-to-Site VPN or Oracle Cloud Infrastructure FastConnect. - INTERNET GATEWAY
virtual router that you can add to your VCN for direct internet access - NETWORK ADDRESS TRANSLATION (NAT) GATEWAY
virtual router that you can add to your VCN. It gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections. - SERVICE GATEWAY
virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network - LOCAL PEERING GATEWAY (LPG)
optional virtual router that you can add to your VCN. It lets you peer one VCN with another VCN in the same region.
Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network. - REMOTE PEERING CONNECTION (RPC)
A component that you can add to a DRG. It lets you peer one VCN with another VCN in a different region. - ROUTE TABLES
Virtual route tables for your VCN. They have rules to route traffic from subnets to destinations outside the VCN by way of gateways or specially configured instances. - SECURITY RULES
Virtual firewall rules for your VCN. They are ingress and egress rules that specify the types of traffic (protocol and port) allowed in and out of the instances. - DHCP OPTIONS
Configuration information that is automatically provided to the instances when they boot up.
