Professional Documents
Culture Documents
932 Exam
Study notes prepared by Watsh Rajneesh
Based on -
https://learn.oracle.com/education/downloads/OracleCloudInfrastructurestudyguide.pdf
Table of Contents
SYLLABUS ............................................................................................................................................................... 1
IAM ........................................................................................................................................................................ 2
NETWORK .............................................................................................................................................................. 3
CONNECTIVITY ....................................................................................................................................................... 4
COMPUTE .............................................................................................................................................................. 7
BLOCK VOLUME ..................................................................................................................................................... 9
FILE STORAGE SERVICE ......................................................................................................................................... 10
OBJECT STORAGE ................................................................................................................................................. 11
LOAD BALANCER .................................................................................................................................................. 11
DATABASE............................................................................................................................................................ 13
AUTONOMOUS DATABASE .................................................................................................................................. 17
EDGE SERVICES .................................................................................................................................................... 18
Syllabus
1. https://cloud.oracle.com/iaas/training - Foundation and Advanced
2. OCI Level 100 videos - https://youtu.be/UboBygcEcsc
3. Practice Exam - http://oukc.oracle.com/static12/opn/login/?t=checkusercookies|r=-
1|c=2164389233
4. OCI Level 200 videos (optional) - https://youtu.be/f6921B2hXw0
5. Whitepapers -
https://docs.cloud.oracle.com/iaas/Content/General/Reference/aqswhitepapers.htm
6. Security Best Practice -
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/configuration_security.
htm
IAM
Identity and Access Management (IAM)
• Apply core Identity and Access Management (IAM) component
• Describe resource location
• Design federation with various identity providers
• Apply IAM, governance, and security best practices
8. Policy verbs:
a. Inspect – read w/o user-specified metadata
b. Read – read w/ user specified metadata
c. Use – use the resource but no create/delete
d. Manage – all privilege
9. Resource families:
a. All-resources
b. Database-family
c. Instance-family
d. Object-family
e. Virtual-network-family
f. Volume-family
10. Each resource family also has individual resource identifiers (like objects, buckets in
object-family) so granular specific policies can be defined for each resource as needed.
Network
Network
7. Apply design concepts related to VCN components
8. Describe Public and Private IP addresses and virtual NICs
9. Apply VCN connectivity options
10. Understand remote network connectivity
11. Apply OCI Load Balancer concepts
12. Understand OCI Edge services
13. Apply OCI networking best practices
11. Max VCN CIDR range supported in OCI is /16 and min is /30.
12. Route tables determine what traffic can be routed out of VCN.
13. Private subnets are recommended to have individual route tables
14. All hosts in a VCN can route to other hosts within that VCN (no route table is required)
15. North-south traffic – traffic in/out of VCN
16. East-west traffic – traffic within VCN across subnets
17. By default instances within same subnet also cannot communicate with each other –
user must whitelist traffic even between instances within same subnet. This is
“Whitelist model” of security that OCI has.
18. Gateways -
a. Internet gateway – to allow traffic to/from internet to public subnet.
b. NAT Gateway – if we want to allow instances in private subnet to download
patches from public internet
c. Service Gateway – for allowing backups in private subnet to OCI object storage
service without going through public internet. More efficient to use than NAT
Gateway for such usecase.
d. DRG – Dynamic Routing Gateway - for allowing traffic between on-prem and
private subnet in cloud.
e. LPG – Local peering gateway between VCNs within same region.
f. RPG – Remote peering gateway between VCNs across regions.
19. DNS:
a. Internet and VCN resolver (default) – 169.254.169.254
b. Custom resolver
c. Instance FQDN - <hostname>.<subnet dns label>.<vcn dns label>.oraclevcn.com
=> resolves to instance private ip.
d. Private Pool – domain names + zones
e. Types of records supported in OCI:
i. A (Address Record)
Connectivity
23. Public Internet:
a. Internet Gateway/NAT Gateway
b. Reserved or ephemeral IPs
c. Internet Data out pricing (first 10 TB is free)
24. VPN:
a. IPSec auth and encryption
b. 2 options: OCI managed VPN service (free) or software VPN running on OCI
compute instance.
c. No SLA
d. Bandwidth is typically < 250Mbps
e. Steps to setup VPN based connectivity from on-prem to OCI:
i. Create VCN and DRG
ii. Update routing in your VCN to use the DRG for the non-overlapping IP
address range or CIDR for on-prem network
iii. Create CPE object and provide on-prem router’s public IP to it
iv. From DRG create IPsec connection to CPE object and configure static
route in DRG.
v. VPN IPsec service provides a connection between a customer’s on
premises network and Oracle Cloud Infrastructure Virtual Cloud
Network (VCN). It consists of multiple redundant IPsec tunnels that use
static routes to route traffic. IPsec tunnels connect Dynamic Routing
Gateway (DRG) and Customer Premises Equipment (CPE) that are
created and attached to the VCN. By default, three IPsec tunnels, one
per Availability Domain are created on Oracle Cloud Infrastructure. This
provides redundancy if there are tunnel failures. Oracle recommends
configuring the on premises router to support all of the IPsec tunnels in
case one of the tunnels fail. Each tunnel has configuration information
(that is, Oracle Cloud Infrastructure DRG-external IP address and pre-
shared key for authentication) that are configured on the on premises
router.
Compute
Compute
• Understand compute and sizing
• Troubleshoot options using console connections and boot volume
• Architect High Availability and Disaster Recovery solutions
• Describe image options
Load Balancer
18. Load Balancing types:
a. Round robin (default)
b. Least connections –assigning weights to each server in backend set so traffic can
be routed more to server with more weight than other servers.
c. IP Hash – client/source ip in the packet is hashed to route the traffic to same
backend server (stickiness).
19. Can create virtual hostname for each listener.
a. One IP multiple virtual hostnames (one for each application for example)
configured in DNS server
b. One LB can serve multiple applications
20. Can create path routes to route traffic to the correct backend set without using multiple
listeners or load balancers.
Database
Database
• Describe OCI Database options
• Explain OCI Database Operations
• Architect HA and DR solutions
• Managing Autonomous Database