Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OCI > OCI Foundations > Flashcards

OCI Foundations Flashcards

1
Q

What is OCI IAM?

A

Identity and Access Management Service
* Fine-grained Access Control
* Role Based Access Control
* AuthN - Who are you?
* AuthZ - What permissions do you have?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OCI Identity Concepts

A
  • Identity Domains
  • Users
  • Groups
  • Policies
  • Federation
  • Networks Sources
  • Principals
  • Dynamic Groups
  • Compartments
  • Resource
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identity Domains

A

An identity domain represents a user population in OCI and associated configurations and security settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Identity Domain

A
  • Users
  • Groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
  • Identity Domain
    • Users
    • Groups
  • Policies - Role Based Access Control
  • Compartments
  • Resources - Cloud Object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to Identify an OCI Resources?

A

Oracle Cloud ID (OCID)
ex:
ocid1.<RESOURCE TYPE>.<REALM>.[REGION][.FUTURE USE].<UNIQUE ID>

  • ocid1: The literal string indicating the version of the OCID.
  • resource type: The type of resource (for example, instance, volume, vcn, subnet, user, group, and so on).
  • realm: The realm the resource is in. A realm is a set of regions that share entities. Possible values are oc1 for the commercial realm, oc2 for the Government Cloud realm, or oc3 for the Federal Government Cloud realm. The regions in the commercial realm (OC1) belong to the domain oraclecloud.com. The regions in the Government Cloud (OC2) belong to the domain oraclegovcloud.com.
  • region: The region the resource is in (for example, phx, iad, eu-frankfurt-1). With the introduction of the Frankfurt region, the format switched from a three-character code to a longer string. This part is present in the OCID only for regional resources or those specific to a single availability domain. If the region is not applicable to the resource, this part might be blank (see the example tenancy ID below).
  • future use: Reserved for future use. Currently blank.
  • unique ID: The unique portion of the ID. The format may vary depending on the type of resource or service.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Compartment

A
  • Get a Root Compartment when create a account (can hold all the cloud resources)
  • Collection of related resources
  • Isolated and control access

Best practice: Create dedicated compartements to isolate resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Compartment

A
  • Each resource belongs to a single compartment
  • Resources can be moved from one compartment to another
  • Groups + Policies = Access to Compartments
  • Resources can interact with other resources in different compartments
  • Resources from multiple regions can be in the same compartment.
  • Six levels of Nesting allowed (Nested Compartment)
  • Set Quotas and Budgets on Compartments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Principals

A

IAM entities that are allowed to interact with OCI resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AuthN

A
  • User name/Password
  • API Signing Key
  • Authentication Tokens
    • Oracle-generated token strings
    • Authenticate third party APIs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AuthZ

A

What permissions do you have?
AuthZ in OCI - IAM Policies
Policies - human readable statements to define granular permissions
policy can be attach to a compartment or tenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

policy statement basic syntax

A

Allow group <identity_domain_name>/<group_name> to <verb> <resource-type> in compartment <compartment_name>

Allow <group_name> to <verb> <resource-type> in <location> where <conditions>

Verb
* manage
* use
* read
* inspect

Aggregate resource-type
* all-resources
* database-family
* instance-family
* object-family
* virtual-network-family
* volume-family

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Tencnacy Setup Best Practices

A
  • Don’t use the tenancy administrator account for day-to-day operations
  • Create dedicated compartments to isoldate resources
  • Enforce the use of Multi-Factor Authentication (MFA)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virtual Cloud Network (VCN)

A
  • software define private network
  • for secure communication use
  • lives in a OCI region
  • VCN is:
    • Highly Available
    • Scalable
    • Secure
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VCN Address Space

A

ip address CIDR
Public Subnet
Private Subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Internet Gateway
  • NAT Gateway
  • Service Gateway
  • Dynamic Routing Gateway - connection to On-Premises
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Route Table

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Local Peering
Remote Peering - DRG

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Dynamic Routing Gateway v2

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

VCN Security

A
  • Security Lists
    Firewall rules
    stateful and stateless
    direction ingress and egress
  • Network Security Group (NSG)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Load Balancer

A
  • Layer 7 HTTP/S
    • Scalable - Flexible/Dynamic shapes
    • Public/Private
    • Highly Available
    • Advanced features
    • Routing intelligence
  • Network Load Balancer
    • Layer 4 TCP & UDP
    • Public/Private
    • Highly Available
    • Scalable
    • Faster than HTTP/S LB; lower latency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  • Virtual Machines
    • Shared
    • Multi tenant
  • Bare Metal Servers
  • Dedicated Host
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Flexible Shapes

A
24
Q

Processor Options
AMD, Intel, Arm-based processor (AMpere Altra)

A
25
Q

Pay for What you use
Preemptible VMs
* Low Cost
* Short lived VMs
* Batch Jobs
* Fault tolerant workloads
* 50% cheaper

A
26
Q

Instance Basics

A

Compute instance dependecies:
VCN - VNIC
block volume - boot disk
Storage - dataa

27
Q

live migrate
between hosts
transparent
no downtime
seamless

A
28
Q 
mkdir .ssh
cd .ssh
ssh-keygen -b 2048 -t rsa -f <<sshkeyname>>
A

Note in the output that there are two files, a private key: <<sshkeyname>> and a public key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with anyone. The public key will be needed for various activities and can be uploaded to certain systems as well as copied and pasted to facilitate secure communications in the cloud.

29
Q

image

A
  • Oracle Linux
  • Ubuntu
  • Red Hat
  • CentOS
  • Windows
  • SUSE
  • AlmaLinux
  • Rocky Linux
  • Marketplace
  • My Images (custom images)
30
Q

shapes

A
  • Instance types
    • VM
    • Bare metal
  • CPH Options
    • AMD
    • Intel
    • Ampere (Arm-based processor)
  • Number of CPH
  • Memory
31
Q
A
32
Q

Scaling

A
  • Vertical Scaling
    • Downtime required
    • Stop instance before resizing
  • Autoscaling/Horizontal Scaling
    • Running Instance
    • template call “Config” in OCI
    • Instance Pool
      • Initial Size
      • Minimum Size
      • Maximum Size
    • Scaling rule
33
Q

VMs VS Containers

A
  • VM contain OS and run on Hypervisor
    • Higher Utilization of Resources Cpmapred to On-Permises
    • Multiple VMs and Multiple OS
    • Higher Disk Space
    • Longer Boot Time
  • Container do not contain OS and run on Container Runtime
    • Faster Boot Time
    • Lightweight
    • Portable
34
Q

Container Orchestration
Kubernetes, an open source platform:

A

How To:
* Deploy
* Manage
* Connect
* Scale Up-Down

35
Q

Kubernetes, an open source platform:

A

For Automating, Deploying, Scaling and Management of Containerized Applications

Advantages:
* Can run containerized applications of any scale without any down time
* Can self-heal containerized applications
* Can auto-scale containerized applications
* Greatly simplifies deployment operations

Docker is used to manage and build the containers
Docker as a container runtime is no loger supported after Kubernetes v1.20
(other runtimes like CRI-O are used instead)

36
Q

Container Engine for Kubernetes (OKE): Overview

A
  • Core : Fully managed, scalable, and highly available service
  • Engine : Uses the open-source system: Kubernetes
  • Developer :
    • One click cluster creation
    • CLI/API support
    • Support for Arm and GPU instances
  • DevOps :
    • Auoscaling support
    • Automatic Kubernetes upgrade
    • Self-healing cluster nodes
37
Q

Components of a Cluster

A

Customer managed
* Node is a machine on which Kubernetes is installed, also refer as Woker node.
* Node Pool is group of node
* Pod
* Group of One or More Containers with Shared Storage and Network Resources
* Specification File

38
Q

Control plane nodes
How to :
Manage the Cluster?
Schedule the Containers?
Manage High Availability?

A

Control plane nodes
Oracle managed
Manages Worker Nodes and Pods
Free of Charge

Components:
* Kube-controller manager
* Cloud-controller manager
* Kube-APIserver
* Kube-scheduler
* etcd
database like etcd, it’s a key value store used for Kubernetes to back all the cluster data, is stored there.

39
Q

Types of OKE Clusters

A
  1. Enhanced Clusters
    support all available features, including features not supported by basic clusters
  2. Basic Clusters
    • support all the core functionality provided by Kubernetes and Container Engine for Kubernetes
    • come with a Service Level Objective (SLO) but not a financially-backed Service Level Agreement (SLA)
40
Q
A
  • Virtual Nodes
    • Virtual nodes provide a ‘serverless’ Kubernetes experience, enabling you to run containerized applications at scale
    • The Kubernetes software is upgraded, and security patches are applied while respecting application availability requirements.
    • You can only create virtual nodes and virtual node pools in ehhanced clusters
  • Managed Nodes
    • You are responsible for managing managed nodes (can configure them to meet your specific requirements).
    • You are responsible for upgrading Kubernetes on managed nodes, and for managing cluster capacity.
    • You can create managed nodes and node pools in both basic clusters and enhanced clusters.
41
Q

OCI Container Instances

A
  • elimiate operational complexities for user
  • take care of the underlying container runtime and compute resources
  • The compute infrastructure provides robust workload isolation for enhanced security
42
Q

Oracle Functions

A
  • Functions-as-a-Service
  • Event Driven Architecture
  • Oracle Cloud Integrated
  • Container Native
  • Open Source
43
Q

How Oracle Function Work

A
  • Uploaded code and configuration is package as a container image and stored in the OCI Registry
  • Set up trigger actions
    • Direct Invoke SDK/CLI/API
    • OCI Event
  • Oracle Functions executes the code when triggered
  • Oracle Functions code can Invoke OCI services or external systems
    • Monitoring
    • Identity
    • Registry
    • Logging
    • Network
    • OCI services
44
Q

Storage Requirement

A
  • Persistent vs non-persistent
  • What type of data?
  • Performance
    • Capacity
    • IOPS
    • Throughput
  • Durability
    • number of copies
  • Connectivity
    • Local Storage
    • Network Storage
    • How to access data
  • Protocol
    • Block
    • File
    • HTTP

Persistence vs Durability

45
Q

OCI Storage Services

A
  • Local NVMe
    • AD
    • Locally Attached Storage
    • NVMe SSDs
    • Performance Sensitive Applications
  • Block Volume
    • persistent, durable
    • Fixed size blocks
  • File Storage
    • Shared
    • Files and Directories
    • Mount File System
  • Object Storage
    • HTTP
    • unstructured data
46
Q

OCI Data Migration Services

A
  • Data Transfer Disk
  • Data Transfer Appliance
  • Storage Gateway
47
Q

OCI Object Storage

A
  • Internet-scale, high-performance storage platform
  • Data managed as objects
  • Ideal for unstructured data
  • Regional, Public service
  • Multiple storage tiers
  • Private access from OCI resources (e.g. compute)
  • Advanced capabilities
48
Q

OCI Object Storage Scenarios

A
  • Content Repository
  • Unstructured and semi-structured data
  • Big Data/Spark/Hadoop/Data Analytics
  • Archive/Backup
49
Q
  • Object (key value pair)
  • Bucket
    • stored in a bucket
    • unique name in a tenancy
    • Flat hierarchy
  • Namespace
    • Logical entity
    • top-level container for all buckets/objects
    • Global unique name
A
50
Q

Object Storage Tiers

A
  • Standard Storage Tier/Hot Tier
    • Fast, immediate, and frequent access
    • Most recent copy of the data
    • Instantaneous retrieval
    • Can’t be downgraded
  • Infrequent Access Storage Tier/ Cool Tier
    • Ideal for data that you access infrequently
    • Storage costs lower than the Standard Storage Tier
    • Minimum retention requirement for Infrequent Access: 31 days
    • Retrieval fees
  • Archive Storage Tier/ Cold Tier
    • Seldom or rarly accessed data
    • Minimum retention requirement for Archive Storage: 90 days
    • Objects need to be restored before download
    • Restore time: 1 Hour
    • Download time: 24 Hours
    • Archive Bucket can’t be upgraded
51
Q

Auto-Tiering

A
52
Q

Life Cycle Management

A
53
Q

Objects Automatically Versioned

A
54
Q

Data Encryption

cannot turn off

Data is encrypted by default and you can use your own encryption key

A
55
Q

Accessing Stored Data
Once you have stored data, access is easy with just a single API call for all storage classes

A
56
Q
A

OCI (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions