Professional Documents
Culture Documents
Activity Guide
S1104309GC10
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
Architect Associate
to ya
us ho
e o.e
th s
is ) h
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual
property laws. The document may not be modified or altered in any way. Except where your use constitutes
"fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform,
reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the
express authorization of Oracle.
The information contained in this document is subject to change without notice and is not warranted to be
error-free. If you find any errors, please report them to us in writing.
le
Restricted Rights Notice
ab
r
If this documentation is delivered to the United States Government or anyone using the documentation on
fe
behalf of the United States Government, the following notice is applicable:
ns
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
tra
any programs embedded, installed or activated on delivered hardware, and modifications of such
n-
programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S.
Government end users are "commercial computer software" or "commercial computer software
. no
documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure,
ide a
modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any
Gu as
operating system, integrated software, any programs embedded, installed or activated on delivered
hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle
is ) h
data, is subject to the rights and limitations specified in the license contained in the applicable contract. The
th s
terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract
e o.e
for such services. No other rights are granted to the U.S. Government.
us ho
Trademark Notice
to ya
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
se @
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
lic k20
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
ac
olr
This documentation may provide access to or information about content, products, and services from third
uz
parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of
any kind with respect to third-party content, products, and services unless otherwise set forth in an
Cr
applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible
for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or
es
services, except as set forth in an applicable agreement between you and Oracle.
dr
An
1105162023
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Table of Contents
Identity and Access Management (IAM): Enable Multi-Factor Authentication (MFA) ............... 5
Get Started ...................................................................................................................................... 6
Enable Multi-Factor Authentication (With Identity Domains Enabled) ............................................ 7
le
Enable Multi-Factor Authentication (Without Identity Domains Enabled) ....................................... 10
ab
Identity and Access Management (IAM): Create IAM Components ............................................ 12
r
fe
Get Started ...................................................................................................................................... 13
ns
Create a Compartment (With Identity Domains Enabled) .............................................................. 15
tra
Create a User (With Identity Domains Enabled) ............................................................................. 16
n-
Create a Group, and Add a User to the Group (With Identity Domains Enabled) .......................... 17
. no
Create a Policy (With Identity Domains Enabled) ........................................................................... 18
ide a
Create a Dynamic Group (With Identity Domains Enabled) ........................................................... 19
Gu as
Create a Compartment (Without Identity Domains Enabled) ......................................................... 21
is ) h
Create a User (Without Identity Domains Enabled) ........................................................................ 22
th s
Create a Group, and Add a User to the Group (Without Identity Domains Enabled) ..................... 23
e o.e
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network .............. 27
se @
le
Purge Instructions ........................................................................................................................... 61
ab
Networking – DNS Management: Create a Private DNS Zone ..................................................... 64
r
fe
Get Started ...................................................................................................................................... 65
ns
Create a Virtual Cloud Network ...................................................................................................... 67
tra
Create Two Compute Instances ..................................................................................................... 68
n-
Create a Private DNS Zone ............................................................................................................ 71
. no
Access the Private DNS Zone from Your Windows Compute Instance ......................................... 72
ide a
Compute: Create a Web Server on a Compute Instance .............................................................. 74
Gu as
Get Started ...................................................................................................................................... 75
is ) h
Launch Cloud Shell ......................................................................................................................... 76
th s
e o.e
le
Get Started ...................................................................................................................................... 127
ab
Access Cloud Shell via the Console ............................................................................................... 129
r
fe
Create a Standard Default Storage Tier Bucket Using CLI (Cloud Shell) ...................................... 130
ns
Upload a File (Larger than 100 MiB) to Cloud Shell ....................................................................... 131
tra
Perform a Multipart Upload Using the CLI (Cloud Shell) ................................................................ 132
n-
Block Storage: Create, Attach, Detach, and Resize a Block Volume .......................................... 133
. no
Get Started ...................................................................................................................................... 134
ide a
Create a Virtual Cloud Network and Its Components ..................................................................... 136
Gu as
Create a VM Instance ..................................................................................................................... 138
is ) h
Create a Block Volume ................................................................................................................... 141
th s
Attach a Block Volume to a Compute Instance .............................................................................. 142
e o.e
Block Storage: Create a Volume Group and Enable Cross Region Replication ........................ 148
se @
le
Provision a Database System ......................................................................................................... 204
ab
Connect to the Database ................................................................................................................ 207
r
fe
Autonomous Database: Scaling Resources in an Autonomous
ns
Database ............................................................................................................................................ 210
tra
Get Started ...................................................................................................................................... 211
n-
Provision an Autonomous Database .............................................................................................. 213
. no
Manually Scale the Number of OCPUs .......................................................................................... 215
ide a
Enable Automatic Scaling for Storage ............................................................................................ 216
Gu as
Security: Enable Cloud Guard......................................................................................................... 217
is ) h
Get Started ...................................................................................................................................... 218
th s
Create a Virtual Cloud Network ...................................................................................................... 220
e o.e
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data ..... 227
lic k20
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
(MFA)
is ) h
Gu as
ide a
Lab 1-1 Practices
. no
n-
tra
ns
fe
r
Identity and Access
ab
le
Management (IAM): Enable
Multi-Factor Authentication
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Multi-Factor Authentication (MFA) is a method of authentication that requires the use of more
than one factor to verify a user’s identity.
With MFA enabled in the IAM service, a user signs in to the Oracle Cloud Infrastructure (OCI)
le
console and is prompted to enter two factors:
rab
Their username and password, which are things that they know
fe
•
ns
• A verification code from a registered MFA device, which is something that they have
tra
n-
The two factors work together, requiring an extra layer of security to verify the user’s identity
. no
and complete the sign-in process.
ide a
Gu as
In this lab, you'll enable Multi-Factor Authentication in OCI.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
Note: We have instructions for accounts with and without Identity Domains enabled.
dr
An
Prerequisites
• You must install a supported authenticator app (Oracle Mobile Authenticator or
Google Authenticator) on the mobile device you intend to register for MFA.
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
le
Tasks:
ab
r
fe
1. Sign in to the OCI Console.
ns
tra
2. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A list
n-
of domains in your tenancy appears.
. no
Note: Select the compartment that is allotted to you.
ide a
Gu as
3. Select the domain that is allotted to you. Otherwise, you can click the Default domain.
is ) h
th s
4. In the left navigation pane, navigate to: Identity domain > Security > MFA.
e o.e
us ho
5. Select the Mobile app passcode option on the Multi-factor authentication (MFA) settings
details page.
to ya
se @
8. Use the breadcrumb trail to go back to the Default Domain page and click Groups.
olr
(s
Note: Do not add any user as of now. We will create a new user in the next step.
12. Use the breadcrumb trail to go back to the Default Domain page and click Users.
d. Select Use the same email address as the username. Do not select the Assign
le
cloud account administrator role check box.
rab
fe
e. Select the group that was created in Step 10 (MFAGroup).
ns
15. Click Create.
tra
n-
16. Use the breadcrumb trail to go back to the Default Domain page and click Security.
. no
ide a
17. Under Security, click Sign-on Policies.
Gu as
18. Click Default Sign-On Policy. is ) h
th s
e o.e
b. Group Membership: Select the group that was created in Step 10 (MFAGroup).
lic k20
ac
22. Select the Sign-on Rule you created just now and click Edit Priority.
Save Changes.
24. Use the breadcrumb trail to go back to the Default Domain page and click Users.
25. Click the user created in Step 14 and click Reset Password.
26. Click Reset Password when prompted. You’ll receive an email on registered mail address.
le
27. Log in to the OCI console using credentials generated for MFA-enabled user created in
ab
Step 14.
r
fe
ns
28. The OCI Console will prompt to enable secure verification.
tra
29. Click Enable Secure Verification.
n-
. no
30. Follow the instructions in the dialog box:
ide a
a. Install Oracle Mobile Authenticator or a similar authenticator app on your mobile
Gu as
device. is ) h
th s
e o.e
b. Open the app and add a new account. Scan the QR code from the dialog box when
prompted.
us ho
to ya
c. If you already have another authenticator app installed, select Offline Mode or Use
se @
Important: The authenticator app generates a new, time-based, one-time passcode every 30
Cr
seconds. You must enter a code while the code is still valid. If you miss the time window for
es
one passcode, you can enter the next one that is generated.
dr
An
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
le
Tasks
rab
fe
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
ns
method.
tra
n-
Note: If the Customize your Console pop-up window appears, select the profiles that
. no
best describe your Oracle Cloud Infrastructure work or interests.
ide a
In the console ribbon at the top of the screen, click the Profile icon and click the
Gu as
2.
<username> with which you logged in to the OCI Console.
is ) h
th s
3. On the User Details page, click Enable Multi-Factor Authentication to open a dialog box.
e o.e
device.
en 14
Open the app and add a new account. Scan the QR code from the dialog box when
lic k20
b.
prompted.
ac
olr
5. After you’ve entered the code into the Verification Code box, click Verify. Multi-Factor
uz
6. Click the Profile icon at the top right of the screen and click Sign out.
dr
Sign in to your Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
An
7.
method:
supplied the first factor for authentication. The second factor appears on an
authentication page and prompts you to enter a one-time passcode.
8. Open the Oracle Mobile Authenticator app on your registered mobile device and then
open the account for your Oracle Cloud Infrastructure (OCI) tenancy.
9. Enter the passcode displayed by your authenticator app and then click Sign In. You are
le
now successfully signed in to the OCI Console.
ab
Important: The authenticator app generates a new time-based, one-time passcode every
r
fe
30 seconds. You must enter a code while the code is still valid. If you miss the time
ns
window for one passcode, you can enter the next one that is generated.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
Lab 2-1 Practices
. no
n-
tra
ns
IAM Components
fe
r
Identity and Access
ab
le
Management (IAM): Create
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.
In this lab, we will help you create a compartment, group, user, and policy. We will also provide
le
the steps to create a dynamic group.
ab
r
fe
Note: We have instructions for accounts with and without Identity Domains enabled.
ns
tra
In this lab, you’ll:
n-
Create a compartment
. no
a.
ide a
b. Create a user
Gu as
c. is ) h
Create a group, and add a user to the group
th s
e o.e
d. Create a policy
us ho
14
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Tasks
le
ab
1. Sign in to the OCI Console.
r
fe
Open the Main Menu and select Identity & Security. Under Identity,
ns
2.
click Compartments. A list of the compartments to which you have access appears.
tra
n-
3. Click Create Compartment.
. no
4. Do the following:
ide a
Gu as
a. Name: Enter a unique name for the compartment. The name must be unique across
all the compartments in your tenancy. is ) h
th s
e o.e
c.
se @
5. Click Create Compartment. The Child Compartment now appears in the list of
en 14
compartments.
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Tasks
le
ab
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
r
list of domains in your tenancy appears.
fe
ns
Select the Domain that is allotted to you. Otherwise, you can click on the Default domain.
tra
2.
n-
3. Under Identity domain, click Users. A list of the users in your domain appears.
. no
ide a
4. Click Create User.
Gu as
5. Enter the following: is ) h
th s
e o.e
d. Check the Use the same email address as the username. Do not select the
lic k20
In this practice, you’ll learn how to create a group, and add a user to a group.
le
Tasks
ab
r
fe
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
ns
list of domains in your tenancy appears.
tra
n-
2. Click on the Default domain.
. no
3. Under Identity domain, click Groups. A list of the groups in your domain appears.
ide a
Gu as
4. Select the Administrators group.
is ) h
th s
5. Click Assign User to Groups.
e o.e
6. Select the user created earlier from the Users drop-down list, and then click Add. The user
us ho
7. Use the breadcrumb trail to go back to the Groups page and click Create Group.
en 14
8.
ac
A policy is a document that specifies who can access which resources, and how.
Tasks
le
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
rab
2. Click Create Policy.
fe
ns
3. Enter the following:
tra
n-
a. Name: Enter a unique name for the policy.
. no
b. Description: Enter a policy-related description.
ide a
Gu as
c. Compartment: If you want to attach the policy to a compartment other than the one
is ) h
you’re viewing, select it from the drop-down list. Remember, where the policy is
th s
e o.e
4. In the Policy Builder section, click Show manual editor and enter the policy statement.
se @
en 14
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
group.
le
ab
In this practice, you’ll learn how to create a dynamic group.
r
fe
ns
Tasks
tra
n-
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
. no
list of domains in your tenancy appears.
ide a
Gu as
2. Click on the Default domain.
is ) h
3. Under Identity domain, click Dynamic Groups.
th s
e o.e
5.
se @
a. Name: Enter a unique name for the group. The name must be unique across all groups
en 14
6. Enter the Matching Rules. Resources that meet the rule criteria are members of the
olr
dynamic group.
(s
uz
https://docs.oracle.com/en-
es
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
dr
Note: You can manually enter the rule in the text box or launch the rule builder.
An
− For example, to include all instances that are in a specific compartment, add a rule
with the following syntax:
instance.compartment.id = '<compartment_ocid>'
7. Click Create. The dynamic group now appears in the list of dynamic groups.
20
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Enabled)
A compartment is a collection of related resources. Compartments are fundamental
components of OCI and are used for organizing and isolating your cloud resources.
le
Tasks
ab
r
fe
1. Sign in to the OCI Console.
ns
tra
2. Open the Main Menu and select Identity & Security. Under Identity,
n-
click Compartments. A list of the compartments to which you have access appears.
. no
3. Under Child Compartment, click Create Compartment.
ide a
Do the following:
Gu as
4.
a.
is ) h
Name: Enter a unique name for the compartment. The name must be unique across
th s
all the compartments in your tenancy.
e o.e
us ho
another compartment in which to create this compartment, select from the drop-
lic k20
down list.
Click Create Compartment. The Child Compartment now appears in the list of
ac
5.
compartments.
olr
(s
uz
Cr
es
dr
An
Tasks
le
ab
1. Open the Main Menu and select Identity & Security. Under Identity, click Users. A list of
r
users in your tenancy appears.
fe
ns
Click Create User.
tra
2.
n-
3. Enter the following:
. no
ide a
e. Name: Enter a unique name or email address for the user.
Gu as
f. Description: This value could be the user’s full name, a nickname, or any other
is ) h
descriptive information.
th s
e o.e
g. Email: Enter an email address for the user. This email address is used for
us ho
password recovery.
to ya
se @
In this practice, you’ll learn how to create a group, and add a user to a group.
le
Tasks
ab
r
fe
1. Open the Main Menu and select Identity & Security. Under Identity, click Groups. A list
ns
of the groups in your tenancy appears.
tra
n-
2. Click on the Administrators group.
. no
3. Click Add User to Group.
ide a
Gu as
4. Select the user created earlier from the Users drop-down list, and then click Add. The user
now appears in the group. is ) h
th s
e o.e
5. Use the breadcrumb trail to go back to the Groups page and click Create Group.
us ho
A policy is a document that specifies who can access which resources, and how.
Tasks
le
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
rab
2. Choose a compartment.
fe
ns
3. A list of the policies in the compartment you’re currently viewing appears.
tra
4. Click Create Policy.
n-
. no
5. Enter the following:
ide a
Gu as
d. Name: Enter a unique name for the policy.
is ) h
e. Description: Enter a policy-related description.
th s
e o.e
f. Compartment: If you want to attach the policy to a compartment other than the one
us ho
you’re viewing, select it from the drop-down list. Remember, where the policy is
to ya
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
group.
le
ab
In this practice, you’ll learn how to create a dynamic group.
r
fe
ns
Tasks
tra
n-
1. Open the Main Menu and select Identity & Security. Under Identity, click Dynamic
. no
Groups.
ide a
Click Create Dynamic Group.
Gu as
2.
c. Name: Enter a unique name for the group. The name must be unique across all groups
in your tenancy, including dynamic groups and user groups.
us ho
to ya
Enter the Matching Rules. Resources that meet the rule criteria are members of the
en 14
4.
dynamic group.
lic k20
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
olr
https://docs.oracle.com/en-
(s
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
uz
Note: You can manually enter the rule in the text box or launch the rule builder.
Cr
− For example, to include all instances that are in a specific compartment, add a rule
es
instance.compartment.id = '<compartment_ocid>'
An
5. Click Create. The dynamic group now appears in the list of dynamic groups.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Network
Gu as
ab
le
Configure a Virtual Cloud
Networking - Virtual Cloud
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
In this practice, you will configure and deploy a Virtual Cloud Network (VCN).
A VCN is a software-defined network specific to your OCI tenancy or a compartment in a
specified region.
Upon creation, a VCN automatically includes route tables, security lists (with default security
le
rules), and a set of DHCP options. The VCN also has access to a DNS resolver.
ab
A VCN that is launched with the OCI VCN Wizard tool automatically creates the following:
r
•
fe
Public and Private subnets
ns
• Internet Gateway (IG)
tra
• NAT Gateway (NAT)
n-
• Service Gateway (SG)
. no
• Two Route Tables (RT)
ide a
• Two Security Lists (SL)
Gu as
For more information about Virtual Cloud Networks, see the OCI Networking Documentation:
is ) h
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/landing.htm
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
28 Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network
Create a Virtual Cloud Network
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this lab, you will create a VCN and associated resources by using the VCN Wizard.
Steps
1. Log in to the Oracle Cloud Infrastructure (OCI) console.
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
le
3. Click the Main Menu, click Networking, and then click Virtual Cloud Networks.
ab
4. Click Start VCN Wizard.
r
fe
5. Select the Create VCN with Internet Connectivity option, and then click Start VCN
ns
Wizard.
tra
6. Enter the following values:
n-
Name: FRA-AA-LAB03-VCN-01
. no
Compartment: Select your <assigned compartment>.
ide a
7. Leave the default values for the remaining fields. Click Next.
Gu as
8. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
is ) h
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
th s
and private subnets. It will also set up security list rules and route table rules to enable
e o.e
9. Click Create.
to ya
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network 29
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Overview
In this practice, you will configure Local Peering Gateways (LPGs) to interconnect two Virtual
Cloud Networks (VCNs).
le
ab
resources can communicate using private IP addresses.
r
fe
Local Peering Gateway
ns
A Local Peering Gateway is a component on a VCN for routing traffic to a locally peered VCN.
tra
n-
Summary of Networking Components for Peering Using an LPG
. no
The Networking service components required for a local peering include:
ide a
• Two VCNs with non-overlapping CIDRs, in the same region
Gu as
• A local peering gateway (LPG) on each VCN in the peering relationship
is ) h
• A connection between those two LPGs
th s
e o.e
• Supporting security rules to control the types of traffic allowed to and from the
to ya
instances in the subnets that need to communicate with the other VCN
se @
en 14
32
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
In this section, you will create the first of two VCNs by using the Start VCN Wizard.
Tasks
1. Log in to the Oracle Cloud Infrastructure (OCI) console.
2. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
le
3. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
ab
4. In the left navigation pane, under List Scope select your <assigned compartment>.
r
fe
5. Click Start VCN Wizard.
ns
6. Select the Create VCN with Internet Connectivity option, and then click Start VCN
tra
Wizard.
n-
7. Enter the following values:
. no
• VCN Name: FRA-AA-LAB04-1-VCN-01
ide a
• Compartment: Select your <assigned compartment>.
Gu as
• VCN CIDR Block: 172.16.0.0/16
•
is ) h
Public Subnet CIDR Block: 172.16.0.0/24
th s
e o.e
8. Leave the default values for the remaining fields. Click Next.
to ya
9. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
se @
and private subnets. It will also set up security list rules and route table rules to enable
en 14
In this section, you will create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
le
3. In the left navigation pane, under List Scope select your <assigned compartment>.
ab
4. Click Start VCN Wizard.
r
fe
5. Select the Create VCN with Internet Connectivity option, and then click Start VCN
ns
Wizard.
tra
6. Enter the following values:
n-
• VCN Name: FRA-AA-LAB04-1-VCN-02
. no
• Compartment: Select your <assigned compartment>.
ide a
• VCN CIDR Block: 192.168.0.0/16
Gu as
• Public Subnet CIDR Block: 192.168.0.0/24
is ) h
• Private Subnet CIDR Block: 192.168.1.0/24
th s
e o.e
7. Leave the default values for the remaining fields. Click Next.
us ho
8. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
to ya
and private subnets. It will also set up security list rules and route table rules to enable
se @
9. Click Create.
lic k20
Tasks
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
2. In the left navigation pane, under List Scope select your <assigned compartment>.
3. Select FRA-AA-LAB04-1-VCN-01.
le
4. In the left navigation pane, under Resources, click Local Peering Gateways (0).
ab
5. Click Create Local Peering Gateway.
r
fe
6. In the Name field, enter: FRA-AA-LAB04-1-LPG-01.
ns
7.
tra
Click Create Local Peering Gateway.
8. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
n-
. no
9. Select FRA-AA-LAB04-1-VCN-02.
ide a
10. In the left menu, under Resources, click Local Peering Gateways (0).
Gu as
11. Click Create Local Peering Gateway.
is ) h
12. In the Name field, enter: FRA-AA-LAB04-1-LPG-02.
th s
e o.e
In this section, you will establish the peering connection between the two VCNs.
Tasks
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
2. Select FRA-AA-LAB04-1-VCN-01.
3. In the left navigation pane, under Resources, click on Local Peering Gateways (1).
le
4. Click the three dots to the right of FRA-AA-LAB04-1-LPG-01 to open the Actions menu and
ab
select (Establish Peering Connection).
r
fe
5. Click Browse Below.
ns
6. Select FRA-AA-LAB04-1-VCN-02 in Virtual Cloud Network.
tra
7. Select FRA-AA-LAB04-1-LPG-02 from the Unpeered Peer Gateway list.
n-
8. Click Establish Peering Connection.
. no
9. Wait for the Peering Status field to change to Peered - Connected to a peer.
ide a
10. Verify that Peer Advertised CIDRs is 192.168.0.0/16.
Gu as
11. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
12. Select FRA-AA-LAB04-1-VCN-02.
is ) h
th s
e o.e
13. In the left menu, under Resources, click Local Peering Gateways (1).
14. Verify that Peering Status is Peered - Connected to a peer.
us ho
In this section, you will add route rules to the route table to allow traffic over the peered
connection.
Tasks
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
2. Select FRA-AA-LAB04-1-VCN-01.
le
3. In the left navigation pane, under Resources, click Route Tables (2)
ab
4. Click Default Route Table for FRA-AA-LAB04-1-VCN-01.
r
fe
5. Click Add Route Rules.
ns
6. Select Local Peering Gateway under Target Type.
tra
7. In the Destination CIDR Block field, enter 192.168.0.0/24.
n-
8. Select FRA-AA-LAB04-1-LPG-01 under Target Local Peering Gateway in <assigned
. no
compartment>
ide a
9. Click Add Route Rules.
Gu as
10. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
is ) h
11. Select FRA-AA-LAB04-1-VCN-02.
th s
e o.e
12. In the left navigation pane, under Resources, click Route Tables (2).
us ho
compartment>
olr
In this section, you will enable ICMP from the private IP addresses to the public subnet, allowing
ping communications.
Tasks
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
2. Select FRA-AA-LAB04-1-VCN-01.
le
3. In the left navigation pane, under Resources, click Security Lists (2).
ab
4. Click Default Security List for FRA-AA-LAB04-1-VCN-01.
r
fe
5. Click Add Ingress Rules.
ns
6. In the Source CIDR field, enter 192.168.0.0/24.
tra
7. Select ICMP under IP Protocol.
n-
8. In the Type field, enter 8.
. no
9. Click Add Ingress Rules.
ide a
10. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
Gu as
11. Select FRA-AA-LAB04-1-VCN-02
is ) h
12. In the left navigation pane, under Resources, click Security Lists (2).
th s
e o.e
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 4-2 Practices
VCN Peering
n-
tra
ns
fe
rab
le
Networking - Virtual Cloud
Network: Configure Remote
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
In this lab, you will use Dynamic Routing Gateways (DRGs) to inter-connect two Virtual Cloud
Networks (VCNs) in different OCI regions.
Note: This lab requires you to subscribe to two regions. Hence, you will not be able to perform
le
it in Free Tier account.
ab
r
Remote VCN Peering
fe
ns
Remote VCN peering is the process of connecting two VCNs, typically, but not required to be
tra
in different regions. Peering allows VCNs' resources to communicate using private IP
n-
addresses.
. no
ide a
Dynamic Routing Gateway
Gu as
is ) h
A Dynamic Routing Gateway is a powerful virtual router that enables VCN connectivity to
th s
on-premises resources and to remote and local VCNs in the current tenancy and in other
e o.e
tenancies.
us ho
• Supporting security rules to control the types of traffic allowed to and from the
uz
instances in the subnets that need to communicate with the other VCN.
Cr
f.
An
dr
es
Cr
uz
Add Security Rules.
(s
olr
ac
lic k20
en 14
se @
to ya
41
Create Virtual Cloud Network 01
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this section, you will first create the first of two VCNs by using the Start VCN Wizard.
Tasks
In the console ribbon at the top of the screen, open the Regions menu and select
le
2.
ab
Germany Central (Frankfurt).
r
fe
3. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
ns
tra
4. Click Start VCN Wizard.
n-
. no
5. Select the Create VCN with Internet Connectivity option, and then click Start VCN
Wizard.
ide a
Gu as
6. Enter the following values: is ) h
• VCN Name: FRA-AA-LAB04-2-VCN-01
th s
e o.e
7. Leave the default values for the remaining fields. Click Next.
ac
8. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
olr
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
(s
and private subnets. It will also set up security list rules and route table rules to enable
uz
Click Create.
es
9.
dr
In this section, you will first create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon, at the top of the screen, open the Regions menu and select US
West (Phoenix).
le
ab
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
r
fe
3. Click Start VCN Wizard.
ns
tra
4. Select the Create VCN with Internet Connectivity option and then click Start VCN
n-
Wizard.
. no
Enter the following values:
ide a
5.
Gu as
• VCN Name: PHX-AA-LAB04-2-VCN-01
•
is ) h
Compartment: Select your assigned <compartment name>.
th s
e o.e
Leave the default values for the remaining fields. Click Next.
en 14
6.
lic k20
7. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
ac
and private subnets. It will also set up security list rules and route table rules to enable
olr
8. Click Create.
Cr
9.
dr
An
In this section, you will create two DRGs, one in each OCI region, and attach them to the VCNs
you just created.
Tasks
1. In the console ribbon at the top of the screen, open the Regions menu and select
le
Germany Central (Frankfurt).
ab
r
From the Main Menu, select Networking, and under Customer Connectivity
fe
2.
ns
click Dynamic Routing Gateways.
tra
3. In the left navigation pane, under List Scope select your <assigned compartment>.
n-
. no
4. Click Create Dynamic Routing Gateway.
ide a
Gu as
5. In the Name field enter FRA-AA-LAB04-2-DRG-01.
is ) h
6. In the Compartment, select your assigned <compartment name>.
th s
e o.e
11. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
olr
(s
15. Set the Create in Compartment select your assigned <compartment name>.
20. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Tasks
1. In the console ribbon at the top of the screen, open the Regions menu and select US
le
West (Phoenix).
ab
r
fe
2. From the Main Menu, select Networking, and then under Customer Connectivity
ns
click Dynamic Routing Gateways.
tra
Click PHX-AA-LAB04-2-DRG-01.
n-
3.
. no
4. In the left navigation pane, under Resources, click Remote Peering Connections
ide a
Attachments (0).
Gu as
5. is ) h
Click the Create Remote Peering Connection button.
th s
e o.e
7.
se @
10. Click to Copy the RPC OCID and save the value to Notepad for later use.
olr
(s
11. Open the Regions menu and select Germany Central (Frankfurt).
uz
16. Set the Create in compartment field to your assigned <compartment name>.
20. In the console ribbon at the top of the screen, open the Regions menu and select US
West (Phoenix). (us-phoenix-1)
21. Paste the OCID you previously copied and saved to your Notepad into the Remote
Peering Connection OCID field.
le
ab
22. Click Establish Connection.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this section, you will add route rules to the route table to enable traffic over the peered
connection.
Tasks
In the console ribbon at the top of the screen, from the Regions menu, select Germany
le
1.
ab
Central (Frankfurt).
r
fe
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
ns
tra
3. Select FRA-AA-LAB04-2-VCN-01.
n-
. no
4. In the left navigation pane, under Resources, click Route Tables (2).
ide a
Click Default Route Table for FRA-AA-LAB04-2-VCN-01.
Gu as
5.
8.
se @
9. Notice that for Target Dynamic Routing Gateway, the DRG: FRA-AA-LAB04-2-DRG-01
en 14
Note: The route rules that will route traffic from Frankfurt to Phoenix via the DRG have
(s
11. In the console ribbon at the top of the screen, open the Regions menu and select US
West (Phoenix).
es
dr
13. In the left navigation pane, under Resources, click Route Tables (2).
18. Note that the value for Target Dynamic Routing Gateway is automatically set to PHX-
AA-LAB04-2-DRG-01 along with your assigned <compartment name>.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this section, you will enable ICMP from the private IP addresses to the public subnet,
allowing ping communications.
Tasks
le
1. In the console ribbon at the top of the screen, from the Regions menu, select US West
ab
(Phoenix).
r
fe
ns
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
tra
n-
3. Select PHX-AA-LAB04-2-VCN-01.
. no
4. In the left navigation pane, under Resources, click Security Lists (2).
ide a
Gu as
5. Click Default Security List for PHX-AA-LAB04-2-VCN-01.
is ) h
th s
6. Click Add Ingress Rules.
e o.e
us ho
11. In the console ribbon at the top of the screen, open the Regions menu and select
(s
13. In the left navigation pane, under Resources, click Security Lists (2).
dr
An
.
An
dr
es This completes the lab.
Cr
uz
19. Click Add Ingress Rules.
18. In the Type field, enter 8.
(s
olr
ac
lic k20
en 14
se @
to ya
51
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Balancer
ide a
Lab 5-1 Practice
. no
n-
tra
ns
fe
rab
le
Networking: OCI Load
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
In this practice, you will configure a Public Load Balancer, including a set of two back-end
compute instances.
Load Balancer
le
ab
The OCI Load Balancer provides automated traffic distribution from one entry point to
r
fe
multiple back-end servers in your VCN. It operates at the connection level and balances
ns
incoming client connections to healthy back-end servers. The service offers a load balancer
tra
with your choice of a regional public or private IP address and provisioned bandwidth.
n-
. no
Summary of Components for OCI Load Balancer Used in This Lab
ide a
• Listener: A logical entity that checks for incoming traffic on the load balancer's IP
Gu as
address
•
is ) h
Back-end server: An application server responsible for generating content in reply to
th s
the incoming traffic
e o.e
• Load balancing policy: A load-balancing policy tells the load balancer how to
to ya
54
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
In this practice, you will create a VCN and associated resources using the VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
le
ab
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
r
fe
Click Start VCN Wizard.
ns
3.
tra
4. Select the Create VCN with Internet Connectivity option, and then click Start VCN
n-
Wizard.
. no
ide a
5. Enter the following values:
Gu as
• Name: FRA-AA-LAB05-VCN-01
is ) h
• Compartment: Select your assigned <compartment name>.
th s
e o.e
6. Leave the default values for the remaining fields. Click Next.
lic k20
7. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
ac
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
olr
and private subnets. It will also set up security list rules and route table rules to enable
(s
8. Click Create.
Cr
es
10. In the left navigation pane, under Resources, click Security Lists.
In this lab, you will create two compute instances and configure them to provide web services.
They will serve as the back-end servers, and will reside in a private subnet.
Tasks
le
ab
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
r
fe
Ensure that you are in the correct region, Germany Central (Frankfurt).
ns
2. From the Main Menu, select Compute, and then click Instances.
tra
n-
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
. no
ide a
4. Click Create Instance and enter the following values:
Gu as
• Name: FRA-AA-LAB05-VM-01
is ) h
• Compartment: Your assigned <compartment name>.
th s
e o.e
• Placement: AD-1
us ho
• Networking:
(s
(regional)
dr
An
script in a notepad and ensure that the last 2 lines of the script are copied in a single
line as a single command):
#!/bin/bash -x
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
yum -y install httpd
systemctl enable httpd.service
systemctl start httpd.service
le
firewall-offline-cmd --add-service=http
ab
firewall-offline-cmd --add-service=https
r
fe
systemctl enable firewalld
ns
systemctl restart firewalld
tra
echo Hello World! My name is FRA-AA-LAB05-WS-01>
/var/www/html/index.html
n-
. no
Note: This script configures and enables the compute instance’s firewall and httpd
ide a
processes.
Gu as
5. Click Create. is ) h
th s
e o.e
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
ac
olr
2. From the Main Menu, select Compute, and then click Instances.
(s
uz
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
Cr
• Name: FRA-AA-LAB05-VM-02
dr
An
le
• Add SSH Key: No SSH Keys
ab
r
• Click Show advanced options
fe
ns
• On the Management tab, click Paste cloud-init script under Initialization script.
tra
• Copy and paste the following into the Cloud-init script field (Tip: Copy the below
n-
script in a notepad and ensure that the last 2 lines of the script are copied in a single
. no
line as a single command):
ide a
#!/bin/bash -x
Gu as
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
yum -y install httpd is ) h
th s
systemctl enable httpd.service
e o.e
firewall-offline-cmd --add-service=http
to ya
firewall-offline-cmd --add-service=https
systemctl enable firewalld
se @
/var/www/html/index.html
ac
Note: This script configures and enables the compute instance’s firewall and httpd
olr
processes.
(s
uz
5. Click Create.
Cr
In this lab, you will create a Load Balancer, and configure the listener, the health check, and
back-end set. You will then add a security rule to the security list of the private subnet.
Tasks
1. From the Main Menu, select Networking, and then click Load Balancers.
le
ab
2. In the left navigation pane, under List Scope, select your assigned <compartment name>.
r
fe
3. Click Create Load Balancer.
ns
tra
4. Select Load Balancer, click Create Load Balancer and enter the following values:
n-
• Load Balancer Name: FRA-AA-LAB05-LB-01
. no
• Choose visibility type: Public
ide a
Gu as
• Assign a public IP address: Ephemeral IP Address
• is ) h
In the Bandwidth section, under Shapes, select Flexible Shapes (Specify Minimum
th s
Bandwidth as 10 Mbps and Maximum Bandwidth as 20 Mbps).
e o.e
• Click Next.
en 14
• Leave all values at defaults in the Specify Health Check Policy section.
uz
Click Next.
Cr
•
• On the Configure Listener page, enter the following values:
es
dr
8. Paste the copied value into your browser’s address bar to visit the site.
le
ab
10. Reload the page to see the other back-end server has provided the message, Hello World!
r
fe
My name is FRA-AA-LAB05-WS-02.
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
2. From the navigation menu, select Networking, and then click Load Balancers.
le
ab
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
r
fe
4. Click FRA-AA-LAB05-LB-01.
ns
tra
5. Click Terminate.
n-
. no
6. Click Terminate when prompted.
ide a
Gu as
is ) h
Purge the First Oracle Linux Compute Instance
th s
e o.e
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
us ho
Ensure that you are in the correct region, Germany Central (Frankfurt).
to ya
se @
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
lic k20
Click FRA-AA-LAB05-VM-01.
ac
4.
olr
5. Click Terminate.
(s
uz
Note: The status for the compute instance will show Terminating.
An
8. Eventually you will see the status of the compute instance will show Terminated and all
buttons for administrative tasks for this Linux Machine will be disabled.
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
le
Click FRA-AA-LAB05-VM-02.
ab
4.
r
fe
5. Click Terminate.
ns
tra
6. Check Permanently delete the attached boot volume when prompted.
n-
Click Terminate instance.
. no
7.
ide a
Note: The status for the compute instance will show Terminating.
Gu as
8. is ) h
Eventually you will see the status of the compute instance will show Terminated and all
th s
buttons for administrative tasks for this Linux machine will be disabled.
e o.e
us ho
to ya
Purge VCN
se @
en 14
1. Click the navigation menu, click Networking, and then click Virtual Cloud Networks.
lic k20
2. In the left navigation pane, under List Scope, select your assigned compartment from the
ac
3. In the list of VCNs, click the three dots on the right of FRA-AA-LAB05-1-VCN-01 to open
uz
4. Make sure that the Search compartments for resources associated with this VCN check
es
box is selected.
dr
An
5. In the white box that starts with Select which compartments to search for associated
resources, select the Specific compartments option and select your assigned
compartment from the drop-down menu.
6. Click Scan.
us ho
e o.e
th s
is ) h
Gu as
63
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
Lab 6-1 Practices
. no
n-
tra
ns
fe
Private DNS Zone
r
Networking – DNS
ab
le
Management: Create a
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
In this practice, you will configure a private DNS zone and create a DNS A record that
corresponds to a private IP address. You will create two compute instances, one running
Oracle Linux that will be used as a web server, and another running Microsoft Windows, which
will be used as a client.
le
ab
Private DNS Zones
r
fe
ns
Private DNS zones contain DNS data that is accessible only from within a Virtual Cloud
tra
Network (VCN). A private DNS zone has capabilities similar to an Internet DNS zone but
n-
provides responses only for clients that can reach it through a private VCN. Each zone belongs
. no
to a single view.
ide a
In this lab, you will:
Gu as
is ) h
a. Create a Virtual Cloud Network
th s
e o.e
Access the private DNS zone from your Windows compute instance
en 14
d.
lic k20
ac
olr
(s
uz
Cr
es
dr
An
• You will use Remote Desktop Connection (RDC) to access a Windows compute
instance from your personal workstation. You can download RDC here.
Note: Oracle does not provide support for Remote Desktop Connection.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will create a VCN and associated resources by using the VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
le
ab
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
r
fe
Click Start VCN Wizard.
ns
3.
tra
4. Select the Create VCN with Internet Connectivity option, and then click Start VCN
n-
Wizard.
. no
ide a
5. Enter the following values:
Gu as
• Name: FRA-AA-LAB06-VCN-01
is ) h
• Compartment: Select your assigned <compartment name>.
th s
e o.e
6. Leave the default values for the remaining fields. Click Next.
lic k20
7. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
ac
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
olr
and private subnets. It will also set up security list rules and route table rules to enable
(s
8. Click Create.
Cr
es
In this practice, you will create two compute instances. One will run Oracle Linux and the
Apache web server and the other will run Microsoft Windows as its operating system.
Tasks
le
ab
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
r
fe
Ensure that you are in the correct region, Germany Central (Frankfurt).
ns
2. From the Main Menu, select Compute, and then click Instances.
tra
n-
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
. no
ide a
4. Click Create Instance and enter the following values:
Gu as
• Name: FRA-AA-LAB06-VM-01
is ) h
• Compartment: Your assigned <compartment name>
th s
e o.e
• Placement: AD-1
us ho
• Networking:
(s
(regional)
dr
An
#!/bin/bash -x
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
yum -y install httpd
systemctl enable httpd.service
systemctl start httpd.service
firewall-offline-cmd --add-service=http
le
firewall-offline-cmd --add-service=https
ab
systemctl enable firewalld
r
fe
systemctl restart firewalld
ns
echo Hello World! My name is FRA-AA-LAB06-WS-01>
tra
/var/www/html/index.html
n-
Note: This script configures and enables the compute instance’s firewall and httpd
. no
processes.
ide a
Gu as
5. Click Create and wait for the status to become Active.
is ) h
th s
Note: The process will take approximately three minutes.
e o.e
us ho
6. Locate the compute instance’s Private IP address under Primary VNIC. Copy the value to
Notepad for later use.
to ya
se @
9. Under Security Lists in <Your Compartment> Compartment, click Default Security List
olr
for FRA-AA-LAB06-VCN-01.
(s
uz
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
2. From the Main Menu, select Compute, and then click Instances.
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
le
4. Click Create Instance and enter the following values:
ab
• Name: FRA-AA-LAB06-VM-02
r
fe
ns
• Compartment: Your assigned <compartment name>
tra
• Placement: AD-2
n-
• Image and Shape: Click Change Image.
. no
o Select Windows (Windows Server 2022 Standard)
ide a
o Select I have reviewed and accept the following documents Oracle and
Gu as
Microsoft Windows Terms of Use.
is ) h
Note: It is your responsibility to read and understand the terms of use before
th s
e o.e
accepting.
us ho
• Networking:
(s
(regional)
dr
5. Click Create.
An
In this practice, we will create a private DNS zone and access it from the Windows compute
instance located on the same Virtual Cloud Network where the web server is.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
le
Ensure that you are in correct region, Germany Central (Frankfurt).
ab
r
2. From the Main Menu, select Networking, Under DNS Management, click Zones.
fe
ns
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
tra
n-
4. Click the Private Zones tab.
. no
ide a
5. Click Create Zone and enter the following values:
Gu as
• Zone Name: FRA-AA-LAB06-PrivateZone-01.com
is ) h
• Under DNS Private View, click Selecting existing DNS Private View.
th s
e o.e
6. Click Create.
se @
en 14
10. In the Address field, enter the web server’s private IP address that you previously pasted
uz
into Notepad.
Cr
es
Compute Instance
In this practice, you will connect to your Windows compute instance from your personal
workstation by using Remote Desktop Connection, launch Internet Explorer, and access the
private DNS zone URL, FRA-AA-LAB06-PrivateZone-01.com.
Tasks
le
ab
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
r
fe
Ensure that you are in the correct region, Germany Central (Frankfurt).
ns
tra
2. From the Main Menu, select Compute, and then click Instances.
n-
. no
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
ide a
4. Click FRA-AA-LAB06-VM-02.
Gu as
is ) h
5. Under Instance Access, click Copy to save your Initial password to your clipboard.
th s
e o.e
9. Paste the public IP address of your Windows compute instance into the Computer field,
and click Connect.
ac
olr
Note: If there is a warning message, click Yes. If you are connected to any VPN or working on
(s
a restricted network connection, you will not be able to connect to the Windows machine by
uz
10. Paste the Initial password value that you pasted to Notepad in the Password field.
es
dr
Note: You will be prompted to change your password upon your first connection. Do so
and proceed.
12. Once connected to your Windows compute instance with RDC, launch Internet Explorer
(IE).
Options.
Note: You must restart Internet Explorer for the setting to take effect.
le
16. Restart Internet Explorer.
ab
r
fe
17. In the address field, enter FRA-AA-LAB06-PrivateZone-01.com.
ns
tra
18. You will see the custom message: Hello World! My name is FRA-AA-LAB06-WS-01.
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as Instance
ide a
. no
Lab 07-1 Practices
n-
tra
ns
fe
rab
Server on a Compute
le
Compute: Create a Web
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The Oracle Cloud Infrastructure (OCI) Compute lets you provision and manage compute hosts,
known as instances. You can launch instances as needed to meet your compute and
application requirements. In this lab, you will create a web server on a compute instance.
le
In this lab, you will:
ab
• Launch Cloud Shell
r
fe
• Generate SSH keys
ns
Create a Virtual Cloud Network and its components
tra
•
n-
• Create a compute instance
. no
• Install an Apache HTTP server on the instance
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
Prerequisites
es
Assumptions
• In this lab, Germany Central (Frankfurt) is considered as your region.
• You must be familiar with navigating the OCI Console.
The OCI Cloud Shell is a web browser–based terminal accessible from the OCI Console. It
provides access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
le
ab
1. Sign in to your Oracle Cloud Infrastructure Console.
r
fe
In the Console ribbon at the top of the screen, click the Region icon to expand the menu.
ns
2.
Ensure that you are in the correct region, Germany Central (Frankfurt).
tra
n-
3. Click the Cloud Shell icon next to the Region in the Console ribbon.
. no
ide a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu as
selected in the Console's region selection menu when the Cloud Shell is started.
is ) h
This displays the Cloud Shell in a "drawer" at the bottom of the console.
th s
e o.e
4. You can use the icons in the top-right corner of the Cloud Shell window to minimize,
us ho
In this practice, you will generate SSH keys using Cloud Shell.
Tasks
1. From the OCI Console, click the Cloud Shell icon next to the region in the Console ribbon.
le
2. After the Cloud Shell has started, run the following commands:
ab
r
$ mkdir .ssh
fe
ns
Important: In case you get an error that says, “cannot create director: File exists”, you can
tra
skip running the first command.
n-
. no
$ cd .ssh
ide a
$ ssh-keygen -b 2048 -t rsa –f <<sshkeyname>>
Gu as
is ) h
Replace <<sshkeyname>> with ociaalab7key. Select the key name you can
th s
remember. This will be the key name you will use to connect to the compute instance you
e o.e
create.
us ho
to ya
Note: If you receive an error message for the above command, enter the command
se @
manually.
en 14
Remember:
lic k20
After entering the third command, press Enter twice for no passphrase.
ac
▪
olr
▪ Do not include the angle brackets «» and $ symbol when pasting code into Cloud
(s
Shell.
uz
Cr
3. Examine the two files that you just created by running the following command:
es
$ ls
dr
An
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.
$ cat <<sshkeyname>>.pub
5. Copy the contents of the public key as you will require this in a subsequent step. Make
le
sure that you remove any hard returns that may have been added when copying.
ab
The .pub key should be one line.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway
and add route rules in the route table.
Tasks
1. From the Main Menu, under Networking, click Virtual Cloud Networks.
le
ab
2. Click Create VCN.
r
fe
In the Create a Virtual Cloud Network dialog box, populate the following information:
ns
3.
tra
a. Name: FRA-AA-LAB07-1-VCN-01
n-
. no
b. Create in Compartment: <your compartment>
ide a
IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
Gu as
c.
is ) h
4. Keep the other options default and click Create VCN.
th s
e o.e
6.
lic k20
a. Name: FRA-AA-LAB07-1-SNET-01
olr
(s
You can see that the subnet is created successfully, and the state is Available.
11. In the Create Internet Gateway dialog box, populate the following information:
a. Name: FRA-AA-LAB07-1-IG-01
le
ab
You can see that Internet Gateway is created successfully and the state is Available.
r
fe
13. Under Resources in the left navigation panel, click Route Tables.
ns
tra
14. Click Default Route Table for FRA-AA-LAB07-1-VCN-01.
n-
. no
15. Click Add Route Rules.
ide a
Gu as
16. In the Add Route Rules dialog box, populate the following information:
is ) h
a. Target Type: Internet Gateway
th s
e o.e
You can see that the route rule is successfully added in the default Route Table.
ac
18. Navigate back to the Virtual Cloud Networks page from the Main Menu.
olr
(s
20. Under Resources in the left navigation panel, click Security Lists.
es
22. Here, you need to open port 80. Click Add Ingress Rules.
c. IP Protocol: TCP
le
ab
Note: Do not select the Stateless check box. The Source Port Range field is set to All by
r
fe
default.
ns
24. Click Add Ingress Rule.
tra
n-
You can see that the rule is successfully added.
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will launch a compute instance and connect to it.
Tasks
1. From the OCI Console Main Menu, under Compute, click Instances.
le
2. Click Create instance.
rab
3. In the Create compute instance dialog box, populate the following information:
fe
ns
a. Name: FRA-AA-LAB07-1-VM-01
tra
n-
b. Create in compartment: <your compartment>
. no
Placement (Availability domain): AD 1
ide a
c.
Gu as
Click Show advanced options and select On-demand capacity under Capacity type.
is ) h
th s
Image: Oracle Linux 8
e o.e
d.
us ho
f.
en 14
l. SSH Keys: <public key> (Paste the public key which you copied in Step 5 of Generate
An
4. Click Create.
You will see that the Instance is created successfully, and the state is Running.
the Notepad.
6. Click the Cloud Shell icon next to the Region at the top of the screen.
le
a. The <private_key_file> is the full path and name of the file that contains the
ab
private key associated with the instance you want to access.
r
fe
ns
b. The <username> is the default user opc.
tra
The <public-ip-address> is the public IP address of the instance.
n-
c.
. no
Note: Enter yes in response to - Are you sure you want to continue connecting (yes/no)?
ide a
Gu as
You are now connected to the instance FRA-AA-LAB07-1-VM-01.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
The HTTP Server is an open-source web server developed by the Apache Software
Foundation. The Apache server hosts web content and responds to requests for this content
from web browsers such as Chrome or Firefox.
In this practice, you will install an Apache HTTP web server and connect to it over the public
Internet.
le
ab
Tasks
r
fe
ns
1. On the OCI Console, click the Cloud Shell icon at the top of the screen.
tra
While connected to your compute instance via SSH, run the following commands:
n-
2.
. no
a. Install Apache HTTP:
ide a
Gu as
$ sudo yum install httpd -y
is ) h
b. Start the Apache server and configure it to start after system:
th s
e o.e
d. Create firewall rules to allow access to the ports on which the HTTP server listens:
olr
(s
e.
An
You should see the index page of the web server we created in the second step (last point).
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as Instances
ide a
. no
Lab 08-1 Practices
n-
tra
ns
fe
rab
le
Reservation and Launch
Compute: Create a Capacity
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The capacity reservations allow you to reserve compute capacity in advance and use this
capacity when you create instances against the reservation. There is no minimum time or size
commitment. You can create, modify, and terminate your capacity reservation at any time.
le
In this lab, you will:
ab
• Create a Virtual Cloud Network and a subnet
r
fe
• Create a capacity reservation
ns
Add a capacity configuration
tra
•
n-
• Create instances in a capacity reservation.
. no
• Move an instance out of a capacity reservation.
ide a
• Add an instance to a capacity reservation
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
Prerequisites
uz
Cr
Assumptions
dr
An
In this practice, you will create a Virtual Cloud Network (VCN) and a subnet.
Tasks
le
2. From the Main Menu, under Networking, select Virtual Cloud Networks.
rab
3. Click Create VCN.
fe
ns
4. In the Create a Virtual Cloud Network dialog box, populate the following information:
tra
n-
a. Name: FRA-AA-LAB08-1-VCN-01.
. no
Create In Compartment: <your compartment>
ide a
b.
Gu as
c. IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
is ) h
th s
Keep all the other options default and click Create VCN.
e o.e
5.
us ho
Click FRA-AA-LAB08-1-VCN-01 VCN to view the details page and click Create Subnet.
se @
6.
en 14
a. Name: FRA-AA-LAB08-1-SNET-01
ac
olr
8. Keep all the other options default and click Create Subnet.
You can see that the subnet is created successfully, and the state is Available.
Tasks
le
2. Click Create capacity reservation.
ab
r
3. In the Create capacity reservation dialog box, populate the following information in the
fe
Add basic details section:
ns
tra
a. Name: FRA-AA-LAB08-1-RESV-01
n-
. no
b. Create in compartment: <your compartment>
ide a
Availability domain: <first availability domain>
Gu as
c.
is ) h
Note: Do not select the Make this reservation the default for this availability
th s
e o.e
4. Click Next.
to ya
se @
5. In the Add capacity configurations dialog box, populate the following information:
en 14
a.
ac
c. Count: 1
(s
uz
6. Click Next.
Cr
8. Click Create.
An
You can now see that the capacity reservation is created successfully.
In this practice, you will add a capacity configuration to an existing capacity reservation.
Tasks
le
2. Click the capacity reservation FRA-AA-LAB08-1-RESV-01.
rab
3. Click Add capacity configuration.
fe
ns
4. In the Add capacity configurations dialog box, populate the following information:
tra
n-
a. Fault Domain: First available
. no
Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
ide a
b.
Gu as
c. Count: 1 is ) h
th s
Click Add configuration.
e o.e
5.
us ho
You can now see two capacity configurations in the capacity reservation.
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Tasks
le
2. Click the capacity reservation FRA-AA-LAB08-1-RESV-01.
ab
r
3. Under Resources in the left navigation panel, click Created instances.
fe
ns
4. Click Create instance and populate the following information:
tra
n-
a. Name: FRA-AA-LAB08-1-VM-01
. no
Create in compartment: <your compartment>
ide a
b.
Gu as
c. Placement (Availability domain): AD 1 is ) h
th s
Capacity type: Capacity reservation
e o.e
d.
us ho
f.
en 14
Note: If the capacity reservation doesn’t have a configuration for a shape, you will see
(s
i. Networking: FRA-AA-LAB08-1-VCN-01
es
dr
In a couple of minutes, you can see that the instance is created successfully, and the state
is Running.
6. Navigate back to the Capacity Reservations page under Compute from the Main Menu.
le
Under Capacity configurations, you can see that the Used capacity for
ab
VM.Standard.A1.Flex Instance type is 1, and the Reserved capacity is 1.
r
fe
Repeat steps 1 through 5 to create another instance with the following changes:
ns
8.
tra
a. Name: FRA-AA-LAB08-1-VM-02
n-
. no
b. Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
ide a
For changing Shape, click Change Shape and click AMD under Shape series. Then
Gu as
select VM.Standard.E4.Flex is ) h
th s
e o.e
10. Navigate back to the Capacity Reservations page from the Main Menu.
to ya
se @
Under Capacity configurations, you can see that the Used capacity for
lic k20
Tasks
le
2. Click the instance FRA-AA-LAB08-1-VM-02.
ab
r
3. From the More Actions drop-down menu, select Edit.
fe
ns
4. Click Show advanced options, and then click the Placement tab.
tra
n-
5. Deselect the Apply a capacity reservation check box.
. no
Click Save changes.
ide a
6.
Gu as
7. Navigate back to the Main Menu and click Compute. Under Compute, click Capacity
is ) h
Reservations.
th s
e o.e
9. Under Capacity configurations, you can see that the Used capacity for
se @
Tasks
le
2. Click the instance FRA-AA-LAB08-1-VM-02.
rab
3. From the More Actions drop-down menu, select Edit.
fe
ns
4. Click Show advanced options, and then click the Placement tab.
tra
n-
5. Select the Apply a capacity reservation check box.
. no
Select FRA-AA-LAB08-1-RESV-01 under Capacity reservation.
ide a
6.
Gu as
7. Click Save changes. is ) h
th s
Navigate back to the Main Menu and select Compute. Under Compute, click Capacity
e o.e
8.
Reservations.
us ho
to ya
10. Under Capacity configurations, you can see that the Used capacity for
en 14
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 09-1 Practices
n-
tra
ns
fe
rab
Compute: Configure
le
Metric-Based Autoscaling
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Autoscaling lets you automatically adjust the number or the lifecycle state of compute
instances in an instance pool. This helps you provide consistent performance for your end
users during periods of high demand, and reduce your costs during periods of low demand.
le
In this lab, you will:
rab
a. Create a Virtual Cloud Network (VCN) and its components
fe
ns
b. Create a load balancer
tra
n-
c. Create a compute instance and a custom image
. no
ide a
d. Create an instance configuration
Gu as
e. Create an instance pool is ) h
th s
e o.e
g. Test autoscaling
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Assumptions
• You must be familiar with navigating the OCI Console.
• In this lab we are using Germany Central (Frankfurt) region.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway,
and add route rules in the route table.
Tasks
le
ab
2. From the navigation menu, under Networking, select Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
4. In the Create a Virtual Cloud Network dialog box, populate the following information:
n-
. no
• Name: FRA-AA-LAB09-1-VCN-01
ide a
Gu as
• Create In Compartment: <your compartment>
is ) h
• IPv4 CIDR Blocks: 10.0.0.0/16
th s
e o.e
5. Keep all the other options default and click Create VCN.
us ho
to ya
6.
lic k20
• Name: FRA-AA-LAB09-1-SNET-01
olr
(s
8. Keep all the other options default and click Create Subnet.
• Name: FRA-AA-LAB09-1-IG-01
You can see that the internet gateway is created successfully, and the state is Available.
le
ab
12. Under Resources in the left navigation panel, click Route Tables.
r
fe
ns
13. Click Default Route Table for FRA-AA-LAB09-1-VCN-01.
tra
14. Click Add Route Rules and populate the following information:
n-
. no
• Target Type: Internet Gateway
ide a
Gu as
• Destination CIDR Block: 0.0.0.0/0
is ) h
• Target Internet Gateway: FRA-AA-LAB09-1-IG-01
th s
e o.e
16. Using the breadcrumb list at the top of the screen, return to the VCN page by selecting
se @
FRA-AA-LAB09-1-VCN-01.
en 14
17. Under Resources in the left navigation panel, click Security Lists.
lic k20
ac
19. Click Add Ingress Rule and populate the following information:
(s
uz
• IP Protocol: TCP
An
The Oracle Cloud Infrastructure (OCI) Load Balancer provides automated traffic distribution
from one entry point to multiple servers reachable from your VCN. A load balancer improves
resource utilization, facilitates scaling, and helps ensure high availability.
le
Tasks
rab
From the navigation menu, under Networking, select Load Balancers.
fe
1.
ns
Click Create Load Balancer.
tra
2.
n-
3. Select Load Balancer Type as Load Balancer and click Create Load Balancer.
. no
ide a
4. In the Add Details section, populate the following information:
Gu as
• Load Balancer Name: FRA-AA-LAB09-1-LB-01
is ) h
th s
e o.e
Click Next.
es
5.
dr
6. In the Choose Backends section, select Weighted Round Robin in the Specify a Load
An
Note: Do not click Add Backends and keep the Specify Health Check Policy field default.
le
ab
10. Click Next.
r
fe
ns
11. In the Manage Logging section, disable Error Logs and Access Logs.
tra
12. Click Submit.
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will create SSH keys, launch a compute instance, install Apache HTTP
server, and create a custom image.
Tasks
1. Click the Cloud Shell icon in the console header next to the Region icon.
le
ab
2. After the Cloud Shell has started, run the following command:
r
fe
$ mkdir .ssh
ns
Important: In case you get an error that says, “cannot create director: File exists”, you can
tra
skip running the first command.
n-
. no
$ cd .ssh
$ ssh-keygen -b 2048 -t rsa –f <<sshkeyname>>
ide a
Gu as
Replace <sshkeyname> with ociaalab9key. Select the key name you can remember.
is ) h
This will be the key name you will use to connect to the compute instance you create.
th s
e o.e
Remember:
us ho
• After entering the third command, press Enter twice for no passphrase.
to ya
se @
• Do not include the angle brackets «» and $ symbol when pasting code into Cloud
en 14
Shell.
lic k20
3. Examine the two files that you just created by running the following command:
ac
$ ls
olr
(s
Note: In the output there are two files, a private key: <sshkeyname> and a public
uz
key: <sshkeyname>.pub. Keep the private key safe and don’t share its content with
Cr
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.
es
dr
To list the contents of the public key, run the following command:
An
4.
$ cat <<sshkeyname>>.pub
5. Copy the contents of the public key as you will need this in a subsequent step. Make sure
that you remove any hard returns that may have been added when copying. The .pub
key should be one line.
• Name: FRA-AA-LAB09-1-VM-01
• Availability Domain: AD 1
le
ab
Click Show advanced options and select On-demand capacity under Capacity type.
r
fe
ns
• Image: Oracle Linux 8
tra
• Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
n-
. no
• Primary Network: Select existing virtual cloud network.
ide a
Gu as
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
is ) h
• Subnet: Select existing subnet.
th s
e o.e
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
ac
8.
(s
Note: In a couple of minutes, you will see that the Instance is created successfully, and the
uz
state is Running.
Cr
Open Cloud Shell and log in to your instance by running the following command:
es
9.
dr
Remember:
• <private_key_file> is the full path and name of the file that contains the private
key associated with the instance you want to access.
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”.
10. While connected to your Compute instance via SSH, run the following commands:
le
• Start the Apache server and configure it to start after system:
ab
$ sudo apachectl start
r
fe
$ sudo systemctl enable httpd
ns
tra
• Run a quick check on Apache configurations:
n-
$ sudo apachectl configtest
. no
• Create firewall rules to allow access to the ports on which the HTTP server listens:
ide a
$ sudo firewall-cmd --permanent --zone=public --add-service=http
Gu as
$ sudo firewall-cmd --reload
is ) h
th s
• Create an index file for your web server:
e o.e
11. Now that you have a compute instance and Apache web server installed, you need to
to ya
14. From the More Actions drop-down list, select Create custom image.
(s
uz
15. In the Create custom image dialog box, populate the following information:
Cr
• Name: FRA-AA-LAB09-1-CIM-01
An
Note: Now, you need to create a new compute instance based on the custom image. Once
the custom image has been successfully created, you have to delete the instance FRA-
AA-LAB09-1-VM-01 as it is no longer required.
• Name: FRA-AA-LAB09-1-VM-02
• Availability Domain: AD 1
Click Show advanced options and select On-demand capacity under Capacity type.
le
ab
• Image: FRA-AA-LAB09-1-CIM-01
r
fe
ns
Note: To select the custom image, click Change image and select Custom images in
tra
the Image source field. Select <your compartment> in the Compartment field. Then,
select the custom image you just created from the list.
n-
. no
• Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
ide a
Gu as
• Primary Network: Select existing virtual cloud network.
is ) h
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
th s
e o.e
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
(s
The instance configurations let you define the settings to use when creating compute
instances.
In this practice, you will create an instance configuration and subsequently use it to create one
or more instances in an instance pool.
le
Tasks
rab
From the navigation menu, under Compute, select Instances.
fe
1.
ns
Click FRA-AA-LAB09-1-VM-02 (the instance of an image you want to use as a template
tra
2.
to create the instance configuration).
n-
. no
3. From the More Actions drop-down list, select Create instance configuration.
ide a
Gu as
4. In the Create instance configuration dialog box, populate the following information:
is ) h
• Create in compartment: <your compartment>
th s
e o.e
• Name: FRA-AA-LAB09-1-INST-CF-01
us ho
to ya
Note: You will see that the instance configuration is created successfully.
lic k20
ac
olr
(s
uz
Cr
es
dr
An
The instance pools let you create and manage multiple compute instances within the same
region as a group. Before you create an instance pool, you need an instance configuration and
optionally a load balancer and back-end set.
le
Tasks
ab
r
From the navigation menu, under Compute, select Instance Pools.
fe
1.
ns
Click Create instance pool.
tra
2.
n-
3. In the Add basic details section, populate the following information:
. no
ide a
• Name: FRA-AA-LAB09-1-INST-PL-01
Gu as
• is ) h
Create in compartment: <your compartment>
th s
e o.e
• Number of instances: 2
to ya
se @
4. Click Next.
en 14
In the Configure pool placement section, you will select the location where you want to
lic k20
5.
place the instances. Populate the following information:
ac
olr
• Availability domain: AD 1
(s
6. To create instances in more than one availability domain, click + Another availability
domain and populate the following information:
• Availability domain: AD 2
7. Select the Attach a load balancer check box and populate the following information:
le
ab
• Backend set: FRA-AA-LAB09-1-LB-BS-01
r
fe
ns
• Port: 80
tra
Note: This field is the server port on the instances to which the load balancer must
n-
direct traffic.
. no
ide a
• VNIC: Primary VNIC
Gu as
8. Click Next. is ) h
th s
e o.e
Note: You will see that the instance pool creation is successful.
to ya
se @
10. Under Resources in the left navigation panel, click Attached instances. You should see
en 14
In metric-based autoscaling, you select a performance metric to monitor, and set thresholds
that the performance metric must reach to trigger an autoscaling event. When system usage
meets a threshold, autoscaling dynamically resizes the instance pool in near-real time. As load
increases, the pool scales out. As load decreases, the pool scales in.
le
ab
Tasks
r
fe
ns
1. From the navigation menu, under Compute, click Autoscaling Configurations.
tra
2. Click Create autoscaling configuration.
n-
. no
3. In the Add basic details section, populate the following information:
ide a
Gu as
• Name: FRA-AA-LAB09-1-AS-CF-01
is ) h
• Create in compartment: <your compartment>
th s
e o.e
4. Click Next.
se @
en 14
• Threshold percentage: 70
• Threshold percentage: 20
le
ab
• Minimum number of instances: 1
r
fe
ns
• Maximum number of instances: 3
tra
• Initial number of instances: 2
n-
. no
9. Click Next.
ide a
Gu as
10. Review the autoscaling configuration and click Create.
is ) h
Note: You will see that the autoscaling configuration is created successfully and the state
th s
e o.e
is Enabled.
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In the metric-based autoscaling, you choose a performance metric to monitor, and set
thresholds that the performance metric must reach to trigger an autoscaling event. When
system usage meets a threshold, autoscaling dynamically resizes the instance pool in
near-real time. As load increases, the pool scales out. As load decreases, the pool scales in.
le
ab
Tasks
r
fe
ns
1. From the navigation menu, under Compute, select Instance Pools.
tra
Click FRA-AA-LAB09-1-INST-PL-01.
n-
2.
. no
3. Under Resources in the left navigation panel, click Attached instances.
ide a
Gu as
Note: After a few minutes, you will notice that one of the instances is terminated due to
is ) h
the scale-in rule you defined. Please note that initially two instances were in Running
th s
state.
e o.e
us ho
Note: You might have to wait for a couple of minutes before the scale in occurs.
to ya
4. Click the instance. (You will see only one instance here.)
se @
en 14
5. Open Cloud Shell and use SSH to log in to your instance by running the following
lic k20
command:
ac
Remember:
(s
uz
• <private_key_file> is the full path and name of the file that contains the private
Cr
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”
$ stress-ng --cpu 2 -t 5m
9. Click FRA-AA-LAB09-1-INST-PL-01.
10. Under Resources in the left navigation panel, click Attached instances.
le
Note: After a few minutes, you will notice that one of the instances will be added to the
ab
instance pool due to the scale-out rule you defined.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 10-1 Practices
n-
tra
ns
fe
rab
le
Object Storage: Create and
Manage OCI Object Storage
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage provides unlimited capacity with high
durability and scalability. It is highly reliable and cost efficient. The object storage resources
include namespace, bucket, and object.
le
The Object Storage is characterized with strong consistency and security with encryption. By
ab
creating unlimited buckets, you can add as many objects as required with a maximum of 10TiB
r
fe
per object. In this lab, you will work on buckets, object versioning, object lifecycle
ns
management, replication policy, and retention rule.
tra
n-
In this lab, you will:
. no
• Create an object storage bucket
ide a
• Upload an object to a bucket
Gu as
• Configure a lifecycle policy rule for the bucket
is ) h
• Create a replication policy for the bucket
th s
e o.e
An
dr
es
Cr
uz
(s
olr
ac
lic k20
115
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
116
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Select the region available in the tenancy allotted to you. In this lab, we will use Germany
Central (Frankfurt) as our region.
If you are not in the Germany Central (Frankfurt) region, specify the correct region key
le
corresponding to your region in place of FRA. Visit Regions and Availability Domains
ab
(oracle.com) for information about the region key.
r
fe
Tasks
ns
tra
Sign in to your Oracle Cloud Infrastructure (OCI) account.
n-
1.
. no
2. From the Main Menu, select Storage.
ide a
Gu as
3. Under Object Storage and Archive Storage, click Buckets.
is ) h
From the left navigation panel, select the compartment in which you have permission to
th s
4.
e o.e
work. Then the page updates to display only the resources in that compartment.
us ho
6. In the Create Bucket dialog box, specify the following attributes of the bucket:
en 14
lic k20
▪ Default Storage Tier: Select the default tier in which you want to store the data. After
(s
it is set, you cannot change the default storage tier of a bucket. When you upload
uz
objects, this tier will be selected by default. You can, however, select a different tier. In
Cr
this case, select Standard, which is the primary and default storage tier used for the
Object Storage.
es
dr
Standard and Infrequent Access tiers based on their access patterns. Do not enable this
field now.
▪ Encryption: Buckets are encrypted with keys managed by Oracle by default, but you
can optionally encrypt the data in this bucket using your own vault encryption key.
Select the Encrypt using Oracle managed keys option.
▪ Tags: If you have permissions to create a resource, then you also have permissions to
le
apply free-form tags to that resource. Skip this option. You can always apply tags later.
ab
Click Create.
r
7.
fe
ns
The bucket is created immediately, and you can add objects to it.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will upload an object to your bucket. Object Storage supports uploading
individual files up to 10 TiB.
Before you upload an object to a bucket, you must have a bucket. In this case, you will use the
bucket that is created from the previous practice.
le
Tasks
ab
r
In the Main Menu, navigate to Storage, and then select Buckets.
fe
1.
ns
Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
tra
2.
n-
3. Under Objects, click Upload.
. no
ide a
4. In the Object Name Prefix field, enter the file name prefix oci/ for the files you plan to
Gu as
upload. This step is optional.
is ) h
The Storage Tier field is populated as Standard. You can optionally change the storage
th s
5.
e o.e
tier (to Infrequent Access or Archive) to upload objects. In this case, keep it as Standard.
us ho
6. Select the objects to upload (browse any object from your local machine) by using one of
to ya
▪ Drag files from your computer into the Drop files here... section.
lic k20
▪ Click the Select Files link to display a file selection dialog box.
ac
olr
As you select files to upload, they are displayed in a scrolling list. If you decide that you
(s
do not want to upload a file that you have selected, click X to the right of the file name.
uz
If selected files to upload and files already stored in the bucket have the same name,
Cr
7. Click Upload.
An
The selected objects are uploaded. Click Close to return to the bucket.
In this practice, you will use Object Lifecycle Management to manage the object storage data.
You will define a rule that automatically moves standard tier objects to the archive tier 90 days
after creation or last update.
Before you configure a lifecycle policy rule for the bucket, you must have a bucket.
le
Tasks
rab
In the Main Menu, navigate to Storage, then Buckets.
fe
1.
ns
Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
tra
2.
n-
3. Under Resources in the left navigation panel, click Lifecycle Policy Rules to access the
. no
lifecycle policy rule list.
ide a
Gu as
4. Click Create Rule.
is ) h
The Console checks the IAM policies that are in place to ensure policy rule creation
th s
e o.e
success.
us ho
▪ Name: The system generates a default rule name that reflects the current year, month,
en 14
▪ Target: Select the target to which the lifecycle rule applies. In this case, select Objects.
ac
olr
▪ Lifecycle Action: If the rule target is Objects, you will get three options: Move to
(s
Archive, Move to Infrequent Access, and Delete. In this case, select Move to Archive.
uz
▪ Number of Days: This field implies the number of days until the specified action is
Cr
You can choose objects using prefixes and pattern matching. If no name filter is specified,
the rule applies to all objects in the bucket.
le
▪ Select the Filter Type - Include by prefix.
ab
r
fe
▪ Enter the Filter Value - oci/.
ns
tra
7. Select whether the rule is enabled or disabled upon creation using the State selector. In
this case, ensure that the State is Enabled.
n-
. no
8. Click Create.
ide a
Gu as
The lifecycle policy rule is successfully configured for this bucket.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will create a replication policy to replicate objects in one bucket to another
in a different region.
Before you configure a replication policy for the bucket, you must have two buckets in two
different regions.
le
Please note that in our case Germany Central (Frankfurt) is the source region and we have
ab
selected US West (Phoenix) as the target region.
r
fe
Note: This lab requires you to subscribe to two regions. Hence, you will not be able to perform
ns
it in Free Tier account.
tra
n-
Tasks
. no
ide a
1. As a first step, you will create a destination bucket in the destination region. To do this:
Gu as
is ) h
▪ In the console ribbon at the top of the screen, click the Region icon to expand the menu
th s
and select destination region US West (Phoenix) - PHX.
e o.e
us ho
practice instructions.
se @
en 14
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
lic k20
3.
(s
4. On the Buckets screen, click the bucket name FRA-AA-LAB10-1-BKT-01-xxx to view its
uz
details.
Cr
Under Resources in the left navigation panel, click Replication Policy to access the
es
5.
replication policy list.
dr
An
The Console checks the IAM policies that are in place to ensure replication policy creation
success.
▪ Name: The system generates a default policy name that reflects the current year,
month, day, and time. Enter FRA-AA-LAB10-1-RP-01 as the name.
▪ Destination Region: This refers to the OCI region containing the destination bucket
that you want to replicate to. Your tenancy must be subscribed to a region for you to
replicate to that region. In this case, select US West (Phoenix).
le
ab
▪ Destination Bucket: This refers to the name of the destination bucket for replication.
Select the PHX-AA-LAB10-1-BKT-02-xxx bucket that is created in the destination
r
fe
region. Please note that the replication cannot automatically create the bucket.
ns
tra
Note: Entry in the Name and Destination Region fields are required.
n-
. no
8. Click Create.
ide a
After the policy is created, Replication: Source is added to the Bucket Information tab.
Gu as
The objects uploaded to the source bucket after policy creation are asynchronously
is ) h
replicated to the destination bucket.
th s
e o.e
9. Navigate back to the Buckets screen and click the bucket FRA-AA-LAB10-1-BKT-01-xxx.
us ho
10. Navigate to the destination region using the region menu. In this case, it’s Phoenix and
en 14
11. Validate that the uploaded object to the source bucket FRA-AA-LAB10-1-BKT-01-xxx is
ac
In this practice, you will create a time-bound retention rule to protect your data from
accidental or malicious update, overwrite, or deletion.
Before you configure a retention rule for the bucket, you must have a bucket.
Tasks
le
ab
1. In the Main Menu, navigate to Storage, then Buckets.
r
fe
In the Console ribbon at the top of the screen, ensure you are in the correct region,
ns
2.
Germany Central (Frankfurt).
tra
n-
3. Click the bucket name FRA-AA-LAB10-1-BKT-01-xxx created earlier to view its details.
. no
ide a
4. Under Resources in the left navigation panel, click Retention Rules to access the
Gu as
retention rule list.
is ) h
Click Create Rule.
th s
5.
e o.e
6. In the Create Retention Rule dialog box, enter FRA-AA-LAB10-1-RR-01 as the name.
us ho
to ya
prevented for the duration specified. The duration is applied to each object
individually and is based on the object's Last Modified timestamp.
ac
olr
The retention duration that you specify is applied to each object individually and is based
on the object's Last Modified timestamp.
retention duration is allowed and the rule can be deleted only by deleting the bucket. A
bucket must be empty to be deleted.
12. Next, try deleting one of the objects uploaded in the earlier steps. To do this, click the
le
ab
ellipsis icon corresponding to an object and click Delete.
r
fe
13. Click Delete.
ns
tra
You will notice that the delete was unsuccessful. This is because if you have active
n-
retention rules, the actions that you can perform on a bucket are limited. You cannot
. no
update, overwrite, or delete objects or object metadata, or delete the bucket until the
retention duration expires or the retention rule is deleted.
ide a
Gu as
14. Click Cancel. is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 11-1 Practices
n-
tra
ns
fe
r
(Using Cloud Shell)
ab
le
Object Storage: Perform
Multipart Upload Using CLI
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage supports multipart uploads for more
efficient and resilient uploads, especially for large objects. With multipart uploads, the
individual parts of an object can be uploaded in parallel to reduce the amount of time you
spend uploading. In this lab, you will perform a multipart upload on the Command Line
le
Interface (CLI) using Cloud Shell.
ab
r
fe
In this lab, you will:
ns
tra
• Access Cloud Shell via the Console
n-
• Create a standard default storage tier bucket using CLI (Cloud Shell)
. no
ide a
• Upload a file (larger than 100 MiB) to Cloud Shell
Gu as
• is ) h
Perform a multipart upload using the CLI (Cloud Shell)
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) 127
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
128
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Access Cloud Shell via the Console
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
The OCI Cloud Shell is a web browser–based terminal accessible from the Console. It provides
access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
le
ab
1. Sign in to your Oracle Cloud Infrastructure (OCI) Console.
r
fe
In the console ribbon at the top of the screen, click the Region icon to expand the menu.
ns
2.
Select Germany Central (Frankfurt) as the region.
tra
n-
3. Click the Cloud Shell icon next to the Region selection menu in the console header.
. no
ide a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu as
selected when the Cloud Shell starts.
is ) h
Now, the Cloud Shell is displayed in a "drawer" at the bottom of the Console.
th s
4.
e o.e
5. You can use the icons in the upper-right corner of the Cloud Shell window to minimize,
us ho
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) 129
Create a Standard Default Storage Tier Bucket Using CLI
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
(Cloud Shell)
In the OCI Object Storage, a bucket is a container for storing objects in a compartment within
an object storage namespace.
In this practice, you will create a standard default storage tier bucket using the CLI.
le
Tasks
rab
fe
1. Ensure that the Cloud Shell session is running.
ns
tra
2. Run the following command to get your object storage namespace:
n-
$ oci os ns get
. no
ide a
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
Gu as
is ) h
Your object storage namespace is returned. Please make a note of it as you will be using it
in the subsequent task.
th s
e o.e
Run the following command to get the OCID of the compartment. Replace <compartment-
us ho
3.
name> with the compartment name assigned to you.
to ya
se @
Make note of the value corresponding to the “id” (without the ditto/quotation mark). You
will use this in the subsequent task. The following is an example of how it looks:
ac
olr
"id": "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(s
130 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Upload a File (Larger than 100 MiB) to Cloud Shell
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will transfer a file larger than 100 MiB (~105 MB) from your local machine
to the Cloud Shell.
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
le
ab
2. In the Cloud Shell window, click the Cloud Shell Menu icon at the top-right corner and
r
select Upload. The File Upload to your Home Directory dialog box appears.
fe
ns
Drag and drop a file or click Select from your computer.
tra
3.
n-
Note: The File Transfer dialog box supports selecting only one file at a time to transfer.
. no
Select any file larger than 100 MiB.
ide a
Gu as
Tip: You can optionally download a sample file which is around 247 MB from the
following link. is ) h
th s
e o.e
https://yum.oracle.com/ISOS/OracleLinux/OL6/u8/x86_64/x86_64-boot-uek.iso
us ho
4. Click Upload.
to ya
se @
5. Wait for the file transfer to finish. The file transfers that are in-process are shown with a
en 14
progress bar and the completed file transfers are shown with a green check mark.
lic k20
6. After the file transfer is complete, you can hide the File Transfer dialog box by
ac
clicking Hide.
olr
(s
uz
Cr
es
dr
An
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) 131
Perform a Multipart Upload Using the CLI (Cloud Shell)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will perform a multipart upload by using the CLI (Cloud Shell).
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
le
2. To perform a multipart upload of an object, run the following command in Cloud Shell:
ab
$ oci os object put --namespace <object_storage_namespace> --
r
bucket-name <bucket_name> --file <file_location> --name
fe
<object_name> --part-size <upload_part_size_in_MB> --parallel-
ns
upload-count <maximum_number_parallel_uploads>
tra
▪ Replace <object_storage_namespace> with the name returned in Step 2 of Create
n-
. no
a Standard default storage tier bucket using CLI (Cloud Shell).
ide a
▪ Replace <bucket_name> with FRA-AA-LAB11-1-BKT-01-xxx that was created earlier.
Gu as
▪ Replace <file_location> with the path to the downloaded file that you uploaded to
is ) h
the Cloud Shell.
th s
e o.e
▪ The --part-size value represents the size of each part in mebibytes (MiBs). It must
to ya
▪ Optionally, you can use the --parallel-upload-count flag to set the maximum
lic k20
number of parallel uploads allowed. By default, the CLI limits the number of parts that
can be uploaded in parallel to three. In this case, replace
ac
<maximum_number_parallel_uploads> with 5.
olr
(s
3. You specify the part size of your choice, and the object storage splits the object into parts
uz
and performs the upload of all parts automatically. You will see that the uploading object
Cr
operation is 100% complete. When using the CLI, you do not have to perform a commit
es
4. From the Main Menu, select Storage. Under Object Storage & Archive Storage, click
An
Buckets.
5. From the Buckets screen, click the bucket name FRA-AA-LAB11-1-BKT-01-xxx to view its
details.
132 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
tra
ns
fe
rab
le
Block Storage: Create,
Attach, Detach, and Resize a
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes. You can create, attach, connect, and move volumes, as well as
change volume performance, as needed, to meet your storage, performance, and application
requirements.
le
ab
In this lab, you’ll:
r
fe
ns
a. Create a Virtual Cloud Network and its components
tra
Create a VM instance
n-
b.
. no
c. Create a block volume
ide a
Gu as
d. Attach a block volume to a compute instance
is ) h
Resize a block volume
th s
e.
e o.e
134 Block Storage: Create, Attach, Detach, and Resize a Block Volume
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
Assumptions
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
rab
le
135
Create a Virtual Cloud Network and Its Components
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, and
Internet Gateway, and add route rules in the Route Table.
Tasks
le
ab
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
4. Enter the following:
n-
Name: Enter FRA-AA-LAB12-1-VCN-01.
. no
a.
ide a
b. Create in Compartment: Select the <compartment name> assigned to you.
Gu as
c. is ) h
IPv4 CIDR Blocks: Type 10.0.0.0/16 and press Enter on your keyboard to add.
th s
e o.e
7.
a.
olr
8. Click Create Subnet. The subnet is now created successfully, and the state is Available.
136 Block Storage: Create, Attach, Detach, and Resize a Block Volume
11. Enter the following:
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
12. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
state is Available.
le
13. In the left navigation pane, under Resources, click Route Tables.
ab
r
14. Click Default Route Table for FRA-AA-LAB12-1-VCN-01.
fe
ns
15. Click Add Route Rules and enter the following:
tra
n-
a. Target Type: Select Internet Gateway from the drop-down list.
. no
ide a
b. Destination CIDR Block: Enter 0.0.0.0/0.
Gu as
c. Target Internet Gateway: Select FRA-AA-LAB12-1-IG-01 from the drop-down list.
is ) h
th s
e o.e
16. Click Add Route Rules. The route rule is now successfully added to the default Route
Table.
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create, Attach, Detach, and Resize a Block Volume 137
Create a VM Instance
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will learn how to create SSH keys using Cloud Shell and how to launch an
instance.
Tasks
le
ab
2. In the console ribbon at the top of the screen, click the Cloud Shell icon next to the
r
Region selection menu.
fe
ns
Once the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error “Cannot create directory: File exists,” you can skip
ide a
Gu as
running this first command.
is ) h
$ cd .ssh
th s
e o.e
▪ Remember: After entering this third command, press Enter twice for no passphrase.
se @
Note: Replace <<sshkeyname>> with cloudshellkey. Choose the key name you can
en 14
remember. This will be the key name you will use to connect to the compute instance you
lic k20
create.
ac
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
uz
Cr
4. Examine the two files that you just created by running the following command:
es
$ ls
dr
An
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems, as well as copied and pasted to facilitate secure communications in the cloud.
138 Block Storage: Create, Attach, Detach, and Resize a Block Volume
5. To list the contents of the public key, use the following command:
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
$ cat <<sshkeyname>>.pub
6. Copy the contents of the public key as you will need this in a subsequent step. Make sure
le
that you remove any hard returns that may have been added when copying. The .pub
ab
key should be one line.
r
fe
ns
7. From the Main Menu, select Compute. Under Compute, click Instances.
tra
Click Create instance and enter the following:
n-
8.
. no
a. Name: Enter FRA-AA-LAB12-1-VM-01.
ide a
Gu as
b. Create in compartment: Select the <compartment name> assigned to you.
is ) h
Placement: Select Availability Domain AD1. Click Show advanced options and select
th s
c.
e o.e
d. Image and shape: Choose the image Oracle Linux 8 and shape
to ya
f. Add SSH keys: Select Paste public keys and paste the contents of the public key,
(s
9. Click Create.
dr
An
Note: After a couple of minutes, you see that the Instance is successfully created and the
state is Running.
Block Storage: Create, Attach, Detach, and Resize a Block Volume 139
11. Click the Cloud Shell icon to open Cloud Shell, and use SSH to connect to your instance
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”
Reminders:
le
▪ <private_key_file> is the full path and name of the file that contains the private
ab
key associated with the instance you want to access.
r
fe
ns
▪ <username> is the default user opc.
tra
▪ <public-ip-address> is the Public IP address of the instance.
n-
. no
ide a
Gu as
12. You are now connected to the Instance FRA-AA-LAB12-1-VM-01. Run the following
is ) h
command to display information about the block devices:
th s
e o.e
$ lsblk
us ho
140 Block Storage: Create, Attach, Detach, and Resize a Block Volume
Create a Block Volume
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes.
Tasks
le
ab
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console.
r
fe
2. Open the Main Menu and click Storage. Under Block Storage, click Block Volumes.
ns
tra
3. Click Create Block Volume.
n-
4. Fill in the required volume information:
. no
a. Name: Enter FRA-AA-LAB12-1-BV-01.
ide a
Gu as
b. Create in Compartment: Select the <compartment name> assigned to you.
is ) h
th s
e o.e
d. Volume Size and Performance: Select Custom and specify the following:
to ya
se @
Target Volume Performance: Drag the VPUs/GB slider to the left to make the
lic k20
2)
performance Lower Cost.
ac
olr
5. Click Create Block Volume. You now see that the Block Volume state becomes Available.
dr
An
Block Storage: Create, Attach, Detach, and Resize a Block Volume 141
Attach a Block Volume to a Compute Instance
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
You can create, attach, connect, and move volumes. You can also change volume
performance, as needed, to meet your storage, performance, and application requirements.
After you attach and connect a volume to an instance, you can use the volume like a regular
hard drive.
In this practice, you’ll learn how to attach a block volume to a compute instance and perform
le
various configuration tasks on the attached volume.
rab
Tasks
fe
ns
tra
1. Open the Main Menu and click Compute. Under Compute, click Instances.
n-
In the Instances list, click the instance FRA-AA-LAB12-1-VM-01.
. no
2.
ide a
3. In the left navigation pane, under Resources, click Attached block volumes.
Gu as
4. Click Attach block volume. is ) h
th s
e o.e
5. Specify the volume you want to attach to. For example, to use the volume name,
us ho
choose Select volume, and then select the volume FRA-AA-LAB12-1-BV-01 from
the Volume drop-down list.
to ya
se @
6. If the instance supports consistent device paths, and the volume you are attaching is not a
en 14
boot volume, select the path /dev/oracleoci/oraclevdb from the Device path
lic k20
drop-down list. This enables you to specify a device path for the volume attachment that
ac
Note: After you attach a volume using the Paravirtualized attachment type, it is ready to
Cr
8.
An
Note: This is the default option for volume attachments and, with this option, an instance
can read and write data to the volume.
9. Click Attach. You now see the state as Attached and, since the attachment type
is Paravirtualized, you can use the volume without running any additional commands.
142 Block Storage: Create, Attach, Detach, and Resize a Block Volume
10. Ensure that you are connected to the Instance FRA-AA-LAB12-1-VM-01.
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Note: For help with this, refer to Step 11 in the Create a VM Instance practice.
11. Run the following command to display information about the block devices:
$ lsblk
Note: You now see that the system recognizes a new disk device, and the size is 512 GB.
le
ab
12. To verify that the volume is attached to the instance, run the following command:
r
fe
$ ll /dev/oracleoci/oraclevd*
ns
tra
13. To partition the disk using fdisk, run the following command:
n-
. no
$ sudo fdisk /dev/oracleoci/oraclevdb
ide a
Note: Enter the following responses as seen in the Cloud Shell:
Gu as
a.
is ) h
Command (m for help): Enter n to create a new partition.
th s
e o.e
c.
se @
Block Storage: Create, Attach, Detach, and Resize a Block Volume 143
16. To display information about the block devices, run the following command:
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
$ lsblk
Note: You now see the partition and the mountpoint /mnt/volume1.
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
144 Block Storage: Create, Attach, Detach, and Resize a Block Volume
Resize a Block Volume
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
With online resizing, you can expand the volume size without detaching the volume from an
instance.
Tasks
le
ab
1. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
r
fe
2. In the Block Volumes list, select the block volume FRA-AA-LAB12-1-BV-01.
ns
Click Edit.
tra
3.
n-
4. Under Volume Size and Performance, enter the new size 1024 in the Volume Size (in
. no
GB) field.
ide a
Gu as
Note: You must specify a larger value than the block volume's current size.
is ) h
5. Click Save Changes.
th s
e o.e
Note: A window appears with a list of commands. The commands are required to rescan
us ho
the disk after the volume is provisioned. You need to run these commands so that the
to ya
operating system identifies the expanded volume size. Click the Copy link to copy the
commands, and then click Close to close the window.
se @
en 14
Note: For help with this, refer to Step 11 in the Create a VM Instance practice.
ac
olr
7. Paste and run the rescan commands you copied in the previous step into your instance
(s
session window:
uz
Cr
Note: After you've run the volume rescan commands, you need to extend the partition
and grow the file system; however, this is beyond the scope of this lab activity. For more
details on this topic, see Extending the Partition for a Block Volume (oracle.com) at:
Block Storage: Create, Attach, Detach, and Resize a Block Volume 145
https://docs.oracle.com/en-
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
us/iaas/Content/Block/Tasks/extendingblockpartition.htm#Extending_the_Partition_
for_a_Block_Volume
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
146 Block Storage: Create, Attach, Detach, and Resize a Block Volume
Detach a Block Volume
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
When an instance no longer needs access to a volume, you can detach the volume from the
instance without affecting the volume's data.
le
ab
Tasks
r
fe
1. From the Main Menu, select Compute. Under Compute, click Instances.
ns
In the Instance list, click the instance FRA-AA-LAB12-1-VM-01 to display the instance
tra
2.
details.
n-
. no
3. In the left navigation pane, under Resources, click Attached block volumes.
ide a
4. From the Attached block volumes list, click the three dots on the right to open the
Gu as
Actions menu, then click Detach.
5.
is ) h
Click OK to confirm detachment. You now see that there are no block volumes attached to
th s
the instance FRA-AA-LAB12-1-VM-01.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create, Attach, Detach, and Resize a Block Volume 147
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 13-1 Practices
n-
tra
ns
fe
rab
le
Block Storage: Create a
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group. A volume group can include both types
of volumes, boot volumes, which are the system disks for your compute instances, and block
volumes, which are for data storage.
le
ab
In this lab, you'll work with volume groups. You will:
r
fe
ns
a. Create two block volumes
tra
Create a volume group
n-
b.
. no
c. Enable Cross-Region Replication for the volume group
ide a
Gu as
d. Activate the Volume Group replica
is ) h
Disable replication for a volume group
th s
e.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
Prerequisites
es
destination region. See Replicating a Volume (oracle.com) for the list of region
An
Block Storage: Create a Volume Group and Enable Cross Region Replication 149
Create Two Block Volumes
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and
manage block storage volumes.
In this practice, you will learn how to create two block volumes, which will subsequently be part
of a volume group.
le
Tasks
ab
r
Use the console to sign in to your Oracle Cloud Infrastructure (OCI) account.
fe
1.
ns
Select the region available in the tenancy allotted to you. In this lab, consider Germany
tra
2.
Central (Frankfurt) as your region.
n-
. no
3. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
ide a
Click Create Block Volume.
Gu as
4.
5. is ) h
Fill in the required volume information:
th s
e o.e
d. Volume Size and Performance: Select the Custom option and enter 512 in the
Volume Size field.
ac
olr
e. Target Volume Performance: Drag the VPUs/GB slider to the left to make it Lower
(s
Cost.
uz
f.
es
150 Block Storage: Create a Volume Group and Enable Cross Region Replication
7. Repeat steps 3-6 to create a second block volume. Name this volume FRA-AA-LAB13-1-
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
BV-02.
Note: You now have two block volumes where the state is Available.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create a Volume Group and Enable Cross Region Replication 151
Create a Volume Group
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group.
Tasks
le
ab
1. From the Main Menu, select Storage. Under Block Storage, click Volume Groups.
r
fe
2. Click Create Volume Group.
ns
tra
3. Fill in the required fields on the Basic Information page:
n-
Name: Enter FRA-AA-LAB13-1-VG-01.
. no
a.
ide a
b. Compartment: Select the compartment assigned to you.
Gu as
c. is ) h
Availability Domain: Select the first availability domain. (This must be the same
th s
Availability Domain, which you selected while creating the two block volumes in the
e o.e
previous exercise.)
us ho
to ya
On the Add Volumes page, for each volume you want to add:
en 14
5.
lic k20
a. Select the compartment containing the volume from the Compartment drop-down
list.
ac
olr
drop-down list.
dr
An
6. After you've added all the volumes you want to include when creating the volume group,
click Next.
152 Block Storage: Create a Volume Group and Enable Cross Region Replication
7. On the Cross Region Replication page, you can optionally enable asynchronous cross
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
region volume replication for the volume group. You will be enabling this option in the
subsequent steps. For now, leave the OFF option selected and click Next.
8. On the Backup Policies page, you can optionally configure scheduled backups for the
volume group by selecting a backup policy to use for scheduled backups. You will not
configure any Backup Policies at this time. Click Next.
le
9. On the Summary page, review the information. To edit any information, click Edit in the
ab
right corner.
r
fe
10. Once everything looks correct, click Create to create the volume group. You can see that
ns
the Volume Group is created successfully, and it includes two block volumes.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create a Volume Group and Enable Cross Region Replication 153
Enable Cross-Region Replication for the Volume Group
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
The Block Volume service provides you with the capability to perform ongoing automatic
asynchronous replication of volume groups to other regions.
In this practice, you’ll learn how to enable replication for a volume group.
Note: This lab requires you to subscribe to two regions. Hence, you will not be able to perform
le
it in Free Tier account.
ab
r
Tasks
fe
ns
Open the Main Menu and click Storage. Under Block Storage, click Volume Groups.
tra
1.
Click the volume group FRA-AA-LAB13-1-VG-01.
n-
2.
. no
3. Click Edit.
ide a
Gu as
4. Click Cross Region Replication on the left of the screen and select the ON option.
is ) h
th s
5. Enter the following information into the data fields:
e o.e
Target Region: Select the UK South (London) region to replicate the volume group.
us ho
a.
to ya
Note: See Replicating a Volume (oracle.com) for the list of region mappings for
se @
cross-region replication.
en 14
lic k20
b. Availability Domain: Select the first availability domain to place the volume group
replica in.
ac
olr
Note: In this lab, we used Germany Central (Frankfurt) as the source region and UK South
(London) as the target region. This might change depending on the region available in the
es
6. Select the Confirm check box to acknowledge the cost warning and click Next.
7. Click Summary on the left of the screen.
8. Click Save Changes.
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
becomes Available.
154 Block Storage: Create a Volume Group and Enable Cross Region Replication
9. Under Resources in the left navigation pane, click Volume Group Replicas. The replica
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
10. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
Select the target region, UK South (London).
11. Under Block Storage in the left navigation menu, click Volume Group Replicas.
Note: You can now see the replica LHR-AA-LAB13-1-VGR-01 and its details such as
le
OCID, Source Region, Last Sync, and Created.
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create a Volume Group and Enable Cross Region Replication 155
Activate the Volume Group Replica
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
To create a new volume group from a volume group replica, you need to activate the replica.
The activation process creates a new volume group by cloning the replica.
Tasks
le
ab
1. Make sure that you are in the correct destination region that contains the volume group
r
replica you want to activate.
fe
ns
Open the Main Menu and click Storage. Under Block Storage, click Volume Group
tra
2.
Replicas.
n-
. no
3. Click the replica LHR-AA-LAB13-1-VGR-01.
ide a
4. Click Activate.
Gu as
5. is ) h
Click Confirm to acknowledge that there may be a delay in the initial replication sync of
the volume group.
th s
e o.e
6. In the Activate Volume Group Replica window, select the compartment assigned to you
us ho
and specify the name for the new volume group as LHR-AA-LAB13-1-VG-02.
to ya
se @
7. Click Activate.
en 14
lic k20
Notes
ac
• Activating a volume group from the replica creates a clone of the source volume
olr
group.
(s
• In the left navigation pane, under Resources, you can see and access the
uz
8. From the Main Menu, select Storage. Under Block Storage, click Volume Groups.
dr
An
Note: You can now see the volume group LHR-AA-LAB13-1-VG-02 in the volume groups
list along with details such as Number of Volumes and Total Size of the volume groups.
9. In the left navigation pane, under Block Storage, click Block Volumes to see both
activated Block Volumes.
156 Block Storage: Create a Volume Group and Enable Cross Region Replication
Disable Replication for a Volume Group
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
When you turn off replication for a volume group, by default, all volumes continue to replicate.
However, as separate Volume Replicas, they are no longer part of a Volume Group Replica. At
this point, you can turn off individual volume replication for all volumes.
In this practice, you’ll learn how to disable replication for a volume group.
le
Tasks
ab
r
1. Select the source region where you created your volume group, Germany Central
fe
ns
(Frankfurt).
tra
2. From the Main Menu, select Storage. Under Block Storage, click Volume Groups.
n-
. no
3. Select the volume group FRA-AA-LAB13-1-VG-01.
ide a
Gu as
4. Click Edit.
is ) h
5. Click Cross Region Replication on the left of the screen and select the OFF option.
th s
e o.e
6. Select the Check here to confirm check box to acknowledge that the volume group replica
us ho
will be deleted.
to ya
7. Select the Volume replication off check box to turn off replication for individual volumes.
se @
en 14
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
olr
becomes Available.
(s
uz
10. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
Cr
Ensure that you are in the correct destination region, UK South (London).
es
11. Open the Main Menu and click Storage. Under Block Storage, click Volume Group
dr
Replicas.
An
Block Storage: Create a Volume Group and Enable Cross Region Replication 157
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 14-1 Practices
n-
tra
ns
fe
rab
Mount a File System
le
File Storage: Create and
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
The Oracle Cloud Infrastructure (OCI) File Storage service provides robust and shareable file
systems. Network access to your file system is provided through a mount target, which is an
NFS endpoint that lives in a subnet and connects NFS clients to file systems.
le
In this lab, you'll learn how to create a file system within the OCI console.
ab
r
In this lab, you’ll:
fe
ns
Create a Virtual Cloud Network (VCN) and its components
tra
a.
n-
b. Create a VM instance
. no
ide a
c. Create a file system
Gu as
d. Configure VCN Security Rules for file storage
is ) h
th s
e o.e
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
Prerequisites
us ho
•
se @
en 14
Assumptions
lic k20
In this practice, you will learn how to create a Virtual Cloud Network, Subnet, Internet Gateway,
and Security List, and add route rules in the Route Table.
Tasks
le
ab
2. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
4. Enter the following:
n-
Name: Enter FRA-AA-LAB14-1-VCN-01.
. no
a.
ide a
b. Create in Compartment: Select the <compartment name> assigned to you.
Gu as
c. is ) h
IPv4 CIDR Blocks: Enter 10.0.0.0/16. Press Enter to add.
th s
e o.e
5. Click Create VCN. You now see that the VCN is created successfully and in the Available
to ya
state.
se @
6.
lic k20
a.
(s
8. Click Create Subnet. You now see that the subnet is created successfully and in the
Available state.
following:
le
d. IPv4 CIDR Block: Enter 10.0.2.0/24.
rab
fe
e. Subnet Access: Select Public Subnet.
ns
tra
f. DNS Label: Enter FRAAALAB141SNE2.
n-
Note: Leave all the other options in their default setting.
. no
ide a
10. Click Create Subnet.
Gu as
is ) h
11. In the left navigation pane, under Resources, click Internet Gateways.
th s
e o.e
a.
en 14
14. Click Create Internet Gateway. You now see that the Internet Gateway is created
ac
15. In the left navigation pane, under Resources, click Route Tables.
uz
Cr
18. Click Add Route Rules. You now see that the route rule is successfully added in the
default Route Table.
20. In the left navigation pane, under Resources, click Security Lists.
le
ab
b. Create in Compartment: Select the <compartment name> assigned to you.
r
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. You now see that the security list is created and displayed on
n-
the Security Lists page.
. no
ide a
Note: As of now, both Subnets FRA-AA-LAB14-1-SNET-01 and FRA-AA-LAB14-1-SNET-02
Gu as
are using the Default Security List.
is ) h
24. Leave Subnet FRA-AA-LAB14-1-SNET-01 as is with the Default Security List. Change the
th s
e o.e
Click Subnets.
to ya
a.
se @
d. To add a security list, click Add Security List, and select FRA-AA-LAB14-1-SL-01.
olr
(s
f. To remove the default security list, Default Security List for FRA-AA-LAB14-1-VCN-
Cr
01, click the three dots on the right to open the Actions menu, then click Remove.
es
dr
In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
Instance.
Tasks
le
ab
2. In the console ribbon at the top of the screen, click the Cloud Shell icon next to the
r
Region selection menu.
fe
ns
Once the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error message that says “Cannot create director: File
ide a
Gu as
exists,” you can skip running this first command.
is ) h
$ cd .ssh
th s
e o.e
▪ Remember: After entering this third command, press Enter twice for no passphrase.
se @
Note: Replace <<sshkeyname>> with ociaalabkey. Choose the key name you can
en 14
remember. This will be the key name you will use to connect to the compute instance you
lic k20
create.
ac
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
uz
Cr
4. Examine the two files that you just created by running the following command:
es
$ ls
dr
An
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.
$ cat <<sshkeyname>>.pub
6. Copy the contents of the public key as you will need this in a subsequent step. Make sure
le
that you remove any hard returns that may have been added when copying. The .pub
ab
key should be one line.
r
fe
ns
7. From the Main Menu, select Compute. Under Compute, click Instances.
tra
Click Create instance and enter the following:
n-
8.
. no
a. Name: Enter FRA-AA-LAB14-1-VM-01.
ide a
Gu as
b. Create in compartment: Select the <compartment name> assigned to you.
is ) h
Placement: Select Availability Domain AD1. Click Show advanced options and select
th s
c.
e o.e
d. Image and shape: Choose the image Oracle Linux 8 and shape
to ya
f. Add SSH keys: Select Paste public keys and paste the contents of the public key,
(s
9. Click Create.
dr
An
Note: After a couple of minutes, you can see that the Instance is successfully created and
the state is Running.
Note: Enter yes in response to “Are you sure you want to continue connecting
(yes/no)?”
le
rab
fe
Reminders:
ns
tra
▪ <private_key_file> is the full path and name of the file that contains the private
n-
key associated with the instance you want to access.
. no
ide a
▪ <username> is the default user opc.
Gu as
is ) h
▪ <public-ip-address> is the Public IP address of the instance.
th s
e o.e
us ho
You can create a shared file system in the cloud by using the File Storage service. Network
access to your file system is provided through a mount target. Exports control how NFS clients
access file systems when they connect to a mount target. When you use the OCI console to
create your file system, the workflow also creates a mount target and export for it.
le
ab
Tasks
r
fe
ns
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console.
tra
2. From the Main Menu, select Storage. Under File Storage, click File Systems.
n-
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
<compartment name> assigned to you.
ide a
Gu as
4. Click Create File System.
is ) h
5. In the File System Information section, click Edit Details and enter the following:
th s
e o.e
6. In the Export Information section, click Edit Details and enter the following:
olr
7. In the Mount Target Information section, click Edit Details and specify the following:
es
dr
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
few seconds.
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
le
• Network File System (NFS) protocol
ab
r
• Network File System (MOUNT) protocol
fe
ns
• Network Lock Manager (NLM) protocol
tra
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide a
Gu as
Note
is ) h
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th s
e o.e
AA-LAB14-1-SNET-02) than the instance you want to mount the file system to (FRA-AA-
LAB14-1-SNET-01).
us ho
to ya
You need to set up the following security rules in FRA-AA-LAB14-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en 14
the source for ingress rules and the destination for egress rules:
lic k20
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ac
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
uz
2048
Cr
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
es
• Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block
LAB14-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
le
ab
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
2048, 2049, and 2050
r
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide a
Tasks
Gu as
is ) h
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
th s
e o.e
4.
en 14
e. Source Port Range: By default, it will be All, even if you leave the field blank.
le
ab
e. Source Port Range: By default, it will be All, even if you leave the field blank.
r
fe
ns
f. Destination Port Range: Enter 2048-2050.
tra
9. Click Add Ingress Rules.
n-
. no
10. Click Add Ingress Rule and enter the following:
ide a
Gu as
a. Do not select the Stateless check box.
is ) h
b. Source Type: Select CIDR.
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
lic k20
e. Source Port Range: By default, it will be All, even if you leave the field blank.
14. In the left navigation pane, under Resources, click Egress Rules.
le
ab
c. Destination CIDR: Enter 10.0.1.0/24.
r
fe
d. IP Protocol: Select TCP.
ns
tra
e. Source Port Range: Enter 111.
n-
. no
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
ide a
16. Click Add Egress Rules.
Gu as
is ) h
17. Click Add Egress Rules and enter the following:
th s
e o.e
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
(s
uz
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
le
23. Click to open Default Security List for FRA-AA-LAB14-1-VCN-01.
ab
r
24. In the left navigation pane, under Resources, click Ingress Rules.
fe
ns
25. Click Add Ingress Rules and enter the following:
tra
n-
a. Do not select the Stateless check box.
. no
Source Type: Select CIDR.
ide a
b.
Gu as
c. Source CIDR: Enter 10.0.2.0/24. is ) h
th s
IP Protocol: Select TCP.
e o.e
d.
us ho
Destination Port Range: By default, it will be All, even if you leave the field blank.
se @
f.
en 14
d.
An
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
le
ab
e. Source Port Range: Enter 111.
r
fe
ns
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
tra
30. Click Add Ingress Rules.
n-
31. In the left navigation pane, under Resources, click Egress Rules.
. no
ide a
32. Click Add Egress Rules and enter the following:
Gu as
is ) h
a. Do not select the Stateless check box.
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
lic k20
e. Source Port Range: By default, it will be All, even if you leave the field blank.
le
ab
d. IP Protocol: Select UDP.
r
fe
e. Source Port Range: By default, it will be All, even if you leave the field blank.
ns
tra
f. Destination Port Range: Enter 111.
n-
. no
37. Click Add Egress Rules.
ide a
38. Click Add Egress Rules and enter the following:
Gu as
a. Do not select the Stateless check box. is ) h
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
ac
In this practice, you will learn how to mount a file system from an instance.
Tasks
1. From the Main Menu, Storage. Under File Storage, click File Systems.
le
2.
ab
3. In the left navigation pane, under Resources, click Exports.
r
fe
4. Locate /FRA-AA-LAB14-1-EP-01 and click the three dots to the right to open the Actions
ns
menu. Then select Mount Commands.
tra
5. In Image, choose Oracle Linux from the drop-down list.
n-
. no
6. Click the Copy links to copy the three commands listed.
ide a
7. Connect to your instance FRA-AA-LAB14-1-VM-01.
Gu as
is ) h
Note: For help with this, refer to Step 11 in the Create a VM Instance practice.
th s
e o.e
8. Paste and run the commands that you copied in the previous step into your instance
us ho
session window.
to ya
Important: Please run the commands that you copied and not the following commands
se @
EP-01
uz
Cr
$ df –h
dr
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ sudo touch /mnt/FRA-AA-LAB14-1-EP-01/helloworld
$ cd /mnt/yourmountpoint
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ cd /mnt/FRA-AA-LAB14-1-EP-01
$ ls
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 15-1 Practices
n-
tra
Export Options
ns
fe
rab
le
File Storage: Configure NFS
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
NFS export options enable you to create more granular access control to limit VCN access. You
can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting
to file systems through exports in a mount target. Doing this provides better security controls
in multi-tenant environments.
le
ab
Additionally, by using NFS export option access controls, you can limit the clients' ability to
r
fe
connect to the file system and view or write data.
ns
In this lab, you'll learn how to allow read-only access to the file system from one instance and
tra
read/write access from the other instance.
n-
. no
In this lab, you’ll:
ide a
Gu as
a. Create a Virtual Cloud Network and its components
is ) h
th s
b. Create two VM instances
e o.e
us ho
g. Perform testing
(s
uz
Cr
es
dr
An
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
Prerequisites
se @
en 14
Assumptions
ac
olr
In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, Internet
Gateway, and Security List, and add route rules in the Route Table.
Tasks
le
ab
2. Open the Main Menu, click Networking, and then click Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
4. Enter the following:
n-
Name: Enter FRA-AA-LAB15-1-VCN-01.
. no
a.
ide a
b. Create in Compartment: Select the <compartment name> assigned to you.
Gu as
c. is ) h
IPv4 CIDR Block: Enter 10.0.0.0/16. Press Enter to add.
th s
e o.e
7.
a.
olr
8. Click Create Subnet. The subnet is now created successfully and the state is Available.
following:
le
d. IPv4 CIDR Blocks: Enter 10.0.2.0/24.
rab
fe
e. Subnet Access: Select Public Subnet.
ns
tra
f. DNS Label: Enter FRAAALAB151SNE2.
n-
g. Note: Leave all the other options in their default setting.
. no
10. Click Create Subnet.
ide a
Gu as
11. In the left navigation pane, under Resources, click Internet Gateways.
is ) h
th s
e o.e
14. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
ac
state is Available.
olr
(s
15. In the left navigation pane, under Resources, click Route Tables.
uz
18. Click Add Route Rules. The route rule is successfully added in the default Route Table.
20. In the left navigation pane, under Resources, click Security Lists.
le
ab
b. Create in Compartment: Select the <compartment name> assigned to you.
r
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. The security list is created and displayed on the Security
n-
Lists page.
. no
ide a
Note: As of now, both the Subnets FRA-AA-LAB15-1-SNET-01 and FRA-AA-LAB15-1-
Gu as
SNET-02 are using the Default Security List.
is ) h
24. Leave Subnet FRA-AA-LAB15-1-SNET-01 as is with the Default Security List. Change the
th s
e o.e
Click Subnets.
to ya
a.
se @
d. To add a security list, click Add Security List, and select FRA-AA-LAB15-1-SL-01.
olr
(s
e. To remove the default security list Default Security List for FRA-AA-LAB15-1-VCN-
01, click the three dots on the right to open the Actions menu, and then
uz
select Remove.
Cr
es
In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
instance.
Tasks
le
ab
2. In the console ribbon at the top of the screen, click the Cloud Shell icon next to the
r
Region selection menu.
fe
ns
After the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error message that says “Cannot create director: File
ide a
Gu as
exists,” you can skip running this first command.
is ) h
$ cd .ssh
th s
e o.e
▪ Remember: After entering this third command, press Enter twice for no passphrase.
se @
Note: Replace <<sshkeyname>> with ociaalab15key. Choose the key name you can
en 14
remember. This will be the key name you will use to connect to the compute instance you
lic k20
create.
ac
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
uz
Cr
4. Examine the two files that you just created by running the following command:
es
$ ls
dr
An
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.
$ cat <<sshkeyname>>.pub
6. Copy the contents of the public key as you will need this in a subsequent step. Make sure
le
that you remove any hard returns that may have been added when copying. The .pub
ab
key should be one line.
r
fe
ns
7. Open the Main Menu and click Compute. Under Compute, click Instances.
tra
Click Create instance and enter the following:
n-
8.
. no
a. Name: Enter FRA-AA-LAB15-1-VM-01.
ide a
Gu as
b. Create in compartment: Select the <compartment name> assigned to you.
is ) h
Placement: Select Availability Domain AD1. Click Show advanced options and select
th s
c.
e o.e
d. Image and shape: Choose the image Oracle Linux 8 and shape
to ya
f. Add SSH keys: Select Paste public keys and paste the contents of the public key,
(s
9. Click Create.
dr
An
10. To create a second Instance, repeat steps 7–9. Keep all settings the same except enter the
Name as FRA-AA-LAB15-1-VM-02.
Note: Once finished, you see that the both the instances are created successfully and in
the Running state.
11. To connect to the instances, on the Instance information tab and under Instance access,
copy the Public IP address.
commands:
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”
le
Reminders:
rab
▪ <private_key_file> is the full path and name of the file that contains the private
fe
ns
key associated with the instance you want to access.
tra
▪ <username> is the default user opc.
n-
. no
▪ <public-ip-address> is the Public IP address of the instance.
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
You can create a shared file system in the cloud using the File Storage service. Network access
to your file system is provided through a mount target. Exports control how NFS clients access
file systems when they connect to a mount target. When you use the console to create your
file system, the workflow also creates a mount target and an export for it.
le
ab
Tasks
r
fe
ns
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console.
tra
2. Open the Main Menu and click Storage. Under File Storage, click File Systems.
n-
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
<compartment name> assigned to you.
ide a
Gu as
4. Click Create File System.
is ) h
5. In File System Information, click Edit Details and enter the following:
th s
e o.e
6. In the Export Information click Edit Details and enter the following:
olr
7. In the Mount Target Information, click Edit Details and specify the following:
es
dr
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
le
few seconds.
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
le
• Network File System (NFS) protocol
ab
r
• Network File System (MOUNT) protocol
fe
ns
• Network Lock Manager (NLM) protocol
tra
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide a
Note
Gu as
is ) h
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th s
e o.e
AA-LAB15-1-SNET-02) than the instance on which you want to mount the file system (FRA-
AA-LAB15-1-SNET-01).
us ho
to ya
You need to set up the following security rules in FRA-AA-LAB15-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en 14
the source for ingress rules and the destination for egress rules:
lic k20
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ac
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
uz
2048
Cr
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
es
• Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block
LAB15-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
le
ab
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
2048, 2049, and 2050.
r
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide a
Tasks
Gu as
is ) h
1. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
th s
e o.e
Click FRA-AA-LAB15-1-SL-01.
se @
4.
en 14
e. Source Port Range: By default, it will be All, even if you leave the field blank.
le
ab
e. Source Port Range: By default, it will be All, even if you leave the field blank.
r
fe
ns
f. Destination Port Range: Enter 2048-2050.
tra
9. Click Add Ingress Rules.
n-
. no
10. Click Add Ingress Rules and enter the following:
ide a
Gu as
a. Do not select the Stateless check box.
is ) h
b. Source Type: Select CIDR.
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
lic k20
e. Source Port Range: By default, it will be All, even if you leave the field blank.
14. In the left navigation pane, under Resources, click Egress Rules.
le
ab
c. Destination CIDR: Enter 10.0.1.0/24.
r
fe
d. IP Protocol: Select TCP.
ns
tra
e. Source Port Range: Enter 111.
n-
. no
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
ide a
16. Click Add Egress Rules.
Gu as
is ) h
17. Click Add Egress Rules and enter the following:
th s
e o.e
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
(s
uz
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
22. In the left navigation pane, under Resources, click Security Lists.
23. Click Default Security List for FRA-AA-LAB15-1-VCN-01.
le
ab
24. In the left navigation pane, under Resources, click Ingress Rules.
r
fe
25. Click Add Ingress Rules and enter the following:
ns
tra
a. Do not select the Stateless check box.
n-
. no
b. Source Type: Select CIDR.
ide a
Source CIDR: Enter 10.0.2.0/24.
Gu as
c.
f. Destination Port Range: By default, it will be All, even if you leave the field blank).
se @
b.
uz
e.
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
le
ab
e. Source Port Range: Enter 111.
r
fe
ns
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
tra
30. Click Add Ingress Rules.
n-
31. In the left navigation pane, under Resources, click Egress Rules.
. no
ide a
32. Click Add Egress Rules and enter the following:
Gu as
is ) h
a. Do not select the Stateless check box.
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
lic k20
e. Source Port Range: By default, it will be All, even if you leave the field blank.
le
ab
d. IP Protocol: Select UDP.
r
fe
e. Source Port Range: By default, it will be All, even if you leave the field blank.
ns
tra
f. Destination Port Range: Enter 111.
n-
. no
37. Click Add Egress Rules.
ide a
38. Click Add Egress Rules and enter the following:
Gu as
a. Do not select the Stateless check box. is ) h
th s
e o.e
e. Source Port Range: By default, it will be All, even if you leave the field blank.
ac
In this practice, you'll learn how to allow read-only access to the file system FRA-AA-LAB15-1-
FS-01 from the Instance FRA-AA-LAB15-1-VM-01 and read/write access from the Instance
FRA-AA-LAB15-1-VM-02.
Tasks
le
ab
1. From the Main Menu, select Compute. Under Compute, click Instances.
r
fe
2. Make a note of the Private IP addresses of both the instances FRA-AA-LAB15-1-VM-01
ns
and FRA-AA-LAB15-1-VM-02.
tra
n-
Note: In this lab, the Private IP addresses are as follows:
. no
▪ 10.0.1.15 for instance FRA-AA-LAB15-1-VM-01
ide a
Gu as
▪ 10.0.1.161 for instance FRA-AA-LAB15-1-VM-02
is ) h
Reminder: In your case, the Private IP address can be different.
th s
e o.e
3. From the Main Menu, click Storage. Under File Storage, click File Systems.
us ho
4.
se @
le
c. Access: Select Read/Write.
ab
r
fe
d. Squash: Select None.
ns
10. When you're finished with your entries, click Update.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will learn how to mount a file system from two instances.
Tasks
1. From the Main Menu, select Storage. Under File Storage, click File Systems.
le
2.
ab
3. In the left navigation pane, under Resources, click Exports.
r
fe
4. Locate /FRA-AA-LAB15-1-EP-01 and click the three dots on the right to open the Actions
ns
menu, and then select Mount Commands.
tra
5. In Image, choose Oracle Linux from the drop-down menu.
n-
. no
6. Click the Copy links to copy the three commands listed.
ide a
7. Connect to your instance FRA-AA-LAB15-1-VM-01.
Gu as
is ) h
Note: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
th s
e o.e
8. Paste and run the commands that you copied in the previous step into your instance
us ho
session window.
to ya
Important: Please run the commands that you copied and not the following commands
se @
EP-01
uz
Cr
$ df –h
dr
10. To mount the file system from the second instance FRA-AA-LAB15-1-VM-02, perform the
An
following steps:
Note: The file system is now mounted from both instances, FRA-AA-LAB15-1-VM-01 and
FRA-AA-LAB15-1-VM-02.
In this practice, you will validate that you have read-only access to the file system FRA-AA-
LAB15-1-FS-01 from the Instance FRA-AA-LAB15-1-VM-01, and read/write access from the
Instance FRA-AA-LAB15-1-VM-02.
Tasks
le
ab
1. Connect to your instance FRA-AA-LAB15-1-VM-01.
r
fe
Note: For help with this, refer to Steps 11-12 in the Create a VM Instance practice.
ns
tra
2. Try to write a file to the file system by entering the following:
n-
. no
$ sudo touch /mnt/yourmountpoint/helloworld
ide a
Note: Replace yourmountpoint with the path to the local mount point.
Gu as
For example:
is ) h
th s
e o.e
Important: You will receive an error that validates that the instance FRA-AA-LAB15-1-VM-
to ya
Reminder: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
ac
olr
Note: Replace yourmountpoint with the path to the local mount point.
es
For example:
dr
An
5. Once the file is successfully written, verify that you can view the file by entering the
following.
$ cd /mnt/yourmountpoint
Note: Replace yourmountpoint with the path to the local mount point.
$ cd /mnt/FRA-AA-LAB15-1-EP-01
$ ls
6. Verify that you can view the file by enter the Step 5 commands from the instance FRA-
AA-LAB15-1-VM-01.
le
Note: You now see that the instance FRA-AA-LAB15-1-VM-01 has read-only access to the
ab
file system.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 16-1 Practices
n-
tra
ns
fe
Database System:
rab
le
to a Database System
Provisioning and Connecting
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
With Oracle Database on OCI, you can create and manage a full featured Oracle, scalable, and
secure database instance in the Oracle Cloud.
You can connect to the database using SSH. This will allow you to connect to the database
le
without using the network listener. This method of connection should be used by you to
ab
connect to the database for administration purposes only.
r
fe
ns
When connecting to a multi-node database system, you will connect to each individual node in
tra
the cluster via SSH.
n-
In this lab, you will:
. no
ide a
a. Create a Virtual Cloud Network
Gu as
b. Provision a database system. is ) h
th s
e o.e
Prerequisites
• See Connecting to Database Using SSH for more information about connecting to the
database using SSH.
In this lab, you will create a VCN and associated resources using the VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in correct region, Germany Central (Frankfurt).
le
ab
2. Click the navigation menu, click Networking, and then click Virtual Cloud Networks.
r
fe
Click Start VCN Wizard.
ns
3.
tra
4. Select the Create VCN with Internet Connectivity option, and then click Start VCN
n-
Wizard.
. no
ide a
5. Enter the following values:
Gu as
• Name: FRA-AA-LAB16-VCN-01 is ) h
th s
e o.e
6. Leave the default values for the remaining fields. Click Next.
to ya
se @
7. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
en 14
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
lic k20
and private subnets. It will also set up security list rules and route table rules to enable
basic access to the VCN.
ac
olr
8. Click Create.
(s
9.
Cr
es
dr
An
Oracle Database on OCI lets you dynamically provision and manage database systems. In this
practice, you will provision a single node virtual machine database system.
Tasks
1. In the console ribbon at the top of the screen, from the Regions menu, select Germany
le
Central (Frankfurt).
ab
r
From the navigation menu, select Oracle Database, and select Oracle Base Database
fe
2.
ns
(VM, BM).
tra
In the left navigation pane, under List Scope, select your assigned <compartment name>.
n-
3.
. no
4. Click Create DB system.
ide a
5. Fill in the required information in the Create DB system dialog box:
Gu as
• is ) h
Select a compartment: Select your assigned <compartment name>.
th s
e o.e
• Select an availability domain: You may choose from AD-1, AD-2, or AD-3.
to ya
se @
2) From the list of Configure OCPU options, select the shape VM.Standard.E4.Flex
(1 OCPU, 16 GB Memory)
uz
Cr
• Configure storage: Use Logical Volume Manager. Click Change Storage. In the
Change Storage dialog box, configure the following:
• Configure the DB system – For this lab, you will create a one-node database system:
le
ab
r
• Add SSH keys: Generate a public-private key pair to authenticate and connect to the
fe
database:
ns
tra
1) Select the Generate SSH key pair option.
n-
. no
2) Click Save private key to download the private key to your local system. Later in
ide a
this lab, you will use that private key to connect to the database.
Gu as
3) is ) h
Click License Included in the Choose a license type field.
th s
e o.e
us ho
• Specify the network information: You will provide information of the virtual cloud
network you created before provisioning this database system:
to ya
se @
LAB16-VCN-01.
lic k20
2)
AA-LAB16-VCN-01 (regional).
olr
(s
6. Click Next.
Reminder: A database system is the software system that enables you to create, manage,
and monitor the database. The database is the collection of data.
• Database unique name suffix: Do not configure.
le
• Database image: You will create an Oracle Database 21c.
ab
Click Change database image.
r
1)
fe
ns
2) Image Type: Select Oracle Database Software Images.
tra
Oracle Database version: Check 21c
n-
. no
3) Click Select.
ide a
Gu as
• PBD name: Do not configure.
• Create administrator credentials: is ) h
th s
e o.e
2)
se @
8.
uz
Note: The creation will vary from 5 minutes to 45 minutes. The status of the database
Cr
SSH is used to administer Oracle Databases in OCI. SSH or Secure Shell is a network
communication protocol that enables two computers/servers to securely communicate and
share data over unsecured network.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and select Oracle Base Database
fe
1.
ns
(VM, BM).
tra
In the left navigation pane, under List Scope, select your assigned <compartment name>.
n-
2.
. no
3. Select FRA-AA-LAB16-DBCS-01 from the list of available databases.
ide a
Gu as
4. In the left navigation pane, under Resources, click Nodes.
is ) h
Locate and note the Oracle Database Public IP address for use later in this section.
th s
5.
e o.e
If you selected Generate SSH key pair to generate the public-private key pair when
se @
provisioning your database system, and you use Putty to connect to the database system,
en 14
The key is generated in .pem format, but Putty needs the key to be in .ppk format.
olr
You will use PuttyGen to convert the .pem file to .ppk file.
(s
uz
Note: This instruction set assumes PuTTYGen has been installed on your local system. If
Cr
b. Set the file type to All Files *.* so the OCI PEM file (the private key you downloaded
during the provisioning) is visible.
d. Click Save Private Key and PuTTYGen will convert the PEM to a PPK file.
Give a new name to this private key and note its location, because this is the private
key file that you will use to connect to the database.
7. Connect to the Database. You will need to use a tool to establish communication between
your local system and the database system. Depending on your local system’s Operating
System, you will use one of two methods: for Windows, you will use the third-party tool
le
PuTTY and for macOS or Linux, you will use SSH.
ab
r
Connect from Windows Using PuTTY
fe
ns
Note: This instruction set assumes PuTTY has been installed on your local system. If not,
tra
download and install PuTTY before proceeding.
n-
. no
a. Open putty.exe.
ide a
Gu as
b. To the left, in the Category pane, configure the following:
is ) h
Select Session and enter the following fields:
th s
1)
e o.e
a)
address>
to ya
se @
c) Port: 22
ac
2) To the left, in the Category pane, click the disclosure triangle to reveal
olr
Connection options.
(s
Click the disclosure triangle to reveal SSH option, and then click Auth.
uz
a)
Cr
b) Browse to and select your private key. This is the private key file you had
es
Note: You will connect to the OCI DB System VM as the user opc without
needing to enter password, because you are authenticating with the key file.
le
a.
ab
b. Issue the following SSH command to access the DB system:
r
fe
$ ssh –i <private_key> opc@<Oracle Database Public IP address>
ns
tra
Where:
n-
. no
private_key is the name and location of the private key on your local system
ide a
DB_system_IP_address is the Public IP address of your Oracle Database
Gu as
is ) h
Note: After you are connected to the database system, you can execute commands
th s
as you would when connected to the database on a server.
e o.e
us ho
Examples:
to ya
• You could switch user accounts. As the opc user, use sudo to become the oracle
se @
user:
en 14
$ sudo – oracle
lic k20
• You could issue the oraenv command to interactively change your Oracle_SID:
$ . oraenv
ac
• You could issue the srvctl command to see information about your database:
olr
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 17-1 Practices
n-
tra
ns
fe
rab
le
Autonomous Database
Autonomous Database:
Scaling Resources in an
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Scaling resources is the easiest and the most effective way to improve performance of your
database without changing the configuration of the database or the application code.
With an Oracle Autonomous Database, you can configure the database to automatically scale
to meet the changing workload, or you can manually scale it by increasing or decreasing OCPU
le
and/or storage resources to meet the needs of your workload.
ab
r
fe
In this lab, you will:
ns
tra
a. Provision an Autonomous Database
n-
Manually scale the number of OCPUs
. no
b.
ide a
c. Enable automatic scaling for storage
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
le
ab
2. From the navigation menu, select Oracle Database, and select Autonomous Database.
r
fe
In the left navigation pane, under List Scope, select your assigned <compartment name>.
ns
3.
tra
4. Click Create Autonomous Database.
n-
. no
5. Provide the following configuration parameters:
ide a
• Compartment: Select your assigned <compartment name>.
Gu as
• Display Name: FRA-AA-LAB17-ATP-01
is ) h
• Database Name: AALAB17DBATP
th s
e o.e
o OCPU count: 1
ac
o Storage (TB): 1
olr
•
Username Read-only: Leave at the default, ADMIN.
es
o
dr
Note: You will not have access to the database as the sys user. Instead, you will
An
have access to the database as the ADMIN user. With this account, you can access
Database Actions to perform administrative tasks, such as to create a user
account.
o Create administrator credentials: Provide password for the ADMIN user. You will
need to enter the password twice. Enter OU_Cl0ud#12345.
• Choose network access: Select Secure access from everywhere.
Note: When provisioning completes, the status of the Autonomous Database will change
from Provisioning to Available.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. You can manually change the
OCPU and/or the storge that will be available to your database.
In this practice, you will manually increase the OCPU for your database.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and then select Autonomous
fe
1.
ns
Database.
tra
Select FRA-AA-LAB17-ATP-01 from the list of databases.
n-
2.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide a
tab, note the following values:
Gu as
• OCPU count: 1 is ) h
• OCPU auto scaling: Enabled
th s
e o.e
• Storage: 1 TB
us ho
4.
en 14
Click Apply.
ac
6.
olr
(s
Note: The status of the Autonomous Database will show, Scaling in Progress. Your users
uz
will still be able to access the database during the scaling process.
Cr
When the status of the database shows Available, the scaling process is completed.
es
dr
• OCPU count: 2
• OCPU auto scaling: Enabled
• Storage: 1 TB
• Storage auto scaling: Disabled
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. By default, OCPU auto scaling is
enabled and Storage auto scaling is disabled.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and then select Autonomous
fe
1.
ns
Database.
tra
Select FRA-AA-LAB17-ATP-01 from the list of databases.
n-
2.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide a
tab, note the following values:
Gu as
• OCPU count: 2 is ) h
• OCPU auto scaling: Enabled
th s
e o.e
• Storage: 1 TB
us ho
4.
en 14
5. In the Manage Scaling dialogue box, select the Storage auto scaling check box.
lic k20
Click Apply.
ac
6.
olr
Note: The status of the Autonomous database will show, Scaling in Progress.
(s
uz
When the status of the database shows, Available, the scaling process is completed.
Cr
• OCPU count: 2
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s Guard
is ) h
Gu as
ide a
. no
Lab 18-1 Practices
n-
tra
ns
fe
rab
le
Security: Enable Cloud
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Cloud Guard examines your Oracle Cloud Infrastructure resources for security weakness
related to configuration, and your operators and users for risky activities. Upon
detection, Cloud Guard can suggest, assist, or take corrective actions, based on your
configuration.
le
ab
In this lab, you will:
r
fe
ns
a. Create a Virtual Cloud Network
tra
Explore Cloud Guard
n-
b.
. no
c. Create a Cloud Guard target
ide a
Gu as
d. Create a scenario to verify Cloud Guard monitoring
is ) h
Remediate problems identified by Cloud Guard
th s
e.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
Prerequisites
dr
e o.e
th s
is ) h
Gu as
219
Create a Virtual Cloud Network
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this section, you will create a VCN by using the Start VCN Wizard tool.
Tasks
1. In the console ribbon at the top of the screen, click the Regions menu and select UK
South (London).
le
ab
2. Click the navigation menu, click Networking, and then click Virtual Cloud Networks.
r
fe
3. Click Start VCN Wizard.
ns
tra
4. Select the Create VCN with Internet Connectivity option, and then click Start VCN
n-
Wizard.
. no
Enter the following values:
ide a
5.
Gu as
• VCN Name: LHR-AA-LAB18-1-VCN-01
•
is ) h
Compartment: Select your assigned <compartment name>.
th s
e o.e
6. Leave the default values for the remaining fields. Click Next.
us ho
Review and understand the list of resources that the OCI VCN Wizard will create. Notice
to ya
7.
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
se @
and private subnets. It will also set up security list rules and route table rules to enable
en 14
8. Click Create.
olr
In this practice, you will explore Cloud Guard to obtain a unified view of your tenancy's cloud
security posture. You will also explore detector recipes for monitoring targets and responder
recipes for responding with any problems that occur.
Tasks
le
1. In the console ribbon at the top of the screen, from the Regions menu, select US East
ab
(Ashburn).
r
fe
ns
2. From the navigation menu, select Identity & Security, and then click Cloud Guard.
tra
Note: A dashboard with the current Cloud Guard observations is displayed. If the Guided
n-
Tour is displayed, go through the same to explore the various features. You can also click
. no
Stop tour if you are not interested in the tour. Once you are done with the tour, the
ide a
dashboard with various options under Cloud Guard on the left side in the browser window
Gu as
is displayed. is ) h
th s
In the left navigation pane, under Cloud Guard, click Detector Recipes.
e o.e
3.
us ho
4. In the left navigation pane, under Scope, select <Tenancy Name> (root).
to ya
Click OCI Configuration Detector Recipe (Oracle managed) and view the detector rules
se @
5.
that are included in this recipe.
en 14
lic k20
6. To view the details of a particular rule, click the disclosure triangle, a downward arrow
ac
8. Click Detector Recipes from the breadcrumb list at the top left.
Cr
Click OCI Activity Detector Recipe (Oracle managed) and explore the rules that are
es
9.
within activity detector recipe. You also see that for the built-in, Oracle-Managed detector
dr
recipes, you can clone the recipe. You may clone an existing recipe and customize it to
An
your needs.
10. Click Detector recipes from the breadcrumb list at the top left.
11. In the left navigation pane, under Cloud Guard, click Responder Recipes.
13. To view the details of a particular rule, click the disclosure trx1iangle, a downward arrow
located next to the three dots to the right of the rule.
14. Click Responder recipes from the breadcrumb at the top left.
le
15. In the left navigation pane, under Cloud Guard, click Managed lists.
ab
r
fe
16. Click the Oracle Cloud Guard CIDR Managed List.
ns
Note: A managed list is a reusable list of parameters that makes it easier to set the scope
tra
for detector and responder rules. A managed list is a tool that can be used to apply certain
n-
. no
configurations to detectors.
ide a
Under Entries, observe the predefined list of trusted IP address ranges used by Oracle
Gu as
Cloud Infrastructure (OCI). Cloud Guard also lets you define your own managed lists as
needed.
is ) h
th s
e o.e
For example, you can define lists of states or provinces, ZIP codes, OCIDs, or whatever
us ho
else you may define. Click the Managed Lists breadcrumbs and you will see an option to
to ya
17. In the left navigation pane, under Cloud Guard, click Settings.
lic k20
Note: Observe the reporting region listed. If you are in the home region of your tenancy,
ac
you will also see the option to Disable Cloud Guard (if it is already enabled). If you are in
olr
In this practice, you will learn to add target to set scope of resources that Cloud Guard
monitors.
Tasks
le
ab
1. In the console ribbon at the top of the screen, click the Regions menu and select UK
r
South (London).
fe
ns
Click the navigation menu, click Identity & Security, and then click Cloud Guard.
tra
2.
n-
3. In the left navigation pane, under Cloud Guard, click Targets.
. no
ide a
4. In the left navigation pane, under List Scope, and select your assigned <compartment
Gu as
name>.
is ) h
Note: If you already have a specific target set for your compartment, delete it.
th s
e o.e
•
Cr
7. Click Create.
dr
An
Note: The detail page for the new target will be displayed.
8. In the left navigation pane, under Resources, click Detector recipes and view the detector
recipes associated with the created target.
To identify a problem in the set target, you will create a bucket and make its visibility public.
1. In the console ribbon at the top of the screen, click the Regions menu and select UK
South (London).
2. Click the navigation menu and click Storage. Under Object Storage, click Buckets.
le
ab
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
r
fe
4. Click Create Bucket.
ns
tra
5. In the Create Bucket dialog box, specify the attributes of the bucket:
n-
• Bucket Name: LHR-AA-LAB18-1-BKT-01-<user-id>
. no
Please specify your user ID in place of <user-id> to make it unique.
ide a
• Default Storage Tier: Select Standard.
Gu as
is ) h
Note: Leave all the other options in their default settings.
th s
e o.e
6. Click Create.
us ho
to ya
7. Click the three dots on the right to open the Actions menu and select Edit Visibility. Select
se @
Note: You have now created a bucket with public visibility in the assigned compartment.
lic k20
To assure cloud security posture, the detector recipe includes a configuration rule for
ac
As a result, you must wait for Cloud Guard to evaluate your allocated detector
(s
configuration and list its observations on the set target. Wait 30-60 minutes before
uz
checking the Cloud Guard Dashboard to see if the problem has been identified and
Cr
resolving it.
es
dr
An
1. From the navigation menu, select Identity & Security. Click Cloud Guard.
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
View the list of problems Cloud Guard has identified with the resources in your assigned
le
4.
ab
compartment based on your previous practices. The Problems page displays information
r
about each problem, including:
fe
ns
• Problem Name
tra
• Risk Level
n-
• Detector Type
. no
• Resource affected
ide a
• Target
Gu as
• Region is ) h
• Labels
th s
e o.e
• First Detected
us ho
• Last Detected
to ya
se @
Check problem details and problem history, before the actions are taken.
Cr
4.
es
Note: As per the problem details, you have the option to remediate (if there are any
dr
The problem specifies that Bucket has a public visibility, it is recommended to carefully
assess whether public visibility is required for the mentioned resource and to act if it does
not.
5. Click Remediate and confirm that you want to execute the responder to remediate the
problem.
6. To verify, click Buckets under Object storage. Click the bucket LHR-AA-LAB18-1-BKT-
01-<User_Id>. You will now see that the visibility is now Private.
Similarly, Cloud Guard can remediate or resolve identified problems in your OCI tenancy,
ensuring security posture.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
Data
e o.e
th s
is ) h
Gu as
ide a
Overview
OCI Vault is a cloud native service that allows customers to securely store and manage their
master encryption keys and configuration information. The OCI Vault service supports several
key encryption algorithms such as the Advanced Encryption Standard (AES), Rivest-Shamir-
Adleman (RSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA).
This lab enables you to encrypt or decrypt sensitive information (such as credit card details,
le
salary information, and so on) by using the master encryption key stored in OCI Vault.
ab
In this lab, you’ll:
r
fe
a. Create a Vault and a master encryption key
ns
b. Perform basic encryption and decryption by using the master encryption key
tra
n-
Prerequisites
. no
• URL of a precreated encryption script located at a predetermined location git
ide a
• URL of a precreated decryption script located at a predetermined location git
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
228 Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data
Create a Vault and a Master Encryption Key
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
You’ll create a Vault and a master encryption key required to perform cryptographic operations.
Tasks
1. Log in to the Oracle Cloud Infrastructure (OCI) console.
2. From the Main Menu, select Identity & Security, and then click Vault.
3. Click Create Vault.
le
4. In the Create Vault dialog box, provide the following details:
ab
a. Create in Compartment: Select your <compartment_name>
r
fe
b. Name: ARCHITECT-ASS-VAULT
ns
c. Do not check the “Make it a virtual private vault” option.
tra
n-
5. Click Create Vault.
. no
It will take about a minute to create the vault. The vault will go through the Creating state to
ide a
the Active state.
Gu as
6. Select ARCHITECT-ASS-VAULT from the list of vaults in the root compartment.
is ) h
th s
7. Locate the Cryptographic Endpoint URL on the Vault Information tab. Copy the URL to
e o.e
your clipboard and save it somewhere to use later during encryption process.
us ho
a. Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to ya
8. From the left navigation pane under Resources, click Master Encryption Keys, and then
se @
en 14
9. In the Create Key dialog box, enter the following values for your key:
a. Create in Compartment: <Select your compartment>
ac
c. Name: FRA-AA-LAB19-VK-01
(s
uz
d. Leave everything else to default values and click Create Key. It will take about a
Cr
minute to create the master encryption key. The keys will go through the Creating
es
10. Select your compartment from the Compartment drop-down list in the left column under List
An
Scope. To the right, you will see the key that you created. Click your Master Encrypted Key.
11. On the Key Details page, locate the OCID value on the Key Information tab. Click the Copy
link located to the right of the OCID value. Save the OCID value somewhere to use later
during the encryption process.
Sample: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data 229
Perform Encryption
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and plain text to encrypt. The
provided shell script invokes oci kms crypto encrypt to perform data encryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
le
a. Go to your home directory.
ab
$ cd ~
r
fe
b. Get the shell script to encrypt the plain text.
ns
$ wget https://raw.githubusercontent.com/ou-developers/oci-
tra
vaultoperations/main/ocivault-encrypt.sh
n-
c. Make the downloaded shell script executable.
. no
$ chmod +x ocivault-encrypt.sh
ide a
d. Run the shell script.
Gu as
$ ./ocivault-encrypt.sh
is ) h
Note: This command will execute the downloaded interactive script, which will prompt you
th s
for the following values. When prompted, locate, and enter the values that you saved in
e o.e
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
lic k20
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(s
uz
Cr
es
dr
An
230 Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data
c. Please enter the text you wish to encrypt
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
le
ab
Please enter your Master Encryption Key OCID
r
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
fe
ns
Please enter the text you wish to encrypt
tra
HelloWorld
n-
{
. no
"data": {
"ciphertext":
ide a
"QRu3Y6UBExxxxxaSCNyAKuhqRsxxxxxuk/shqzs4iimhWgyyAA==",
Gu as
"encryption-algorithm": "AES_256_GCM",
is ) h
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
th s
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
e o.e
}
us ho
}
to ya
QYcEncB2aSYnAC7QkpXd589LxN8XdddFWJzHyFg2gTKCaCcht97rAAAA==
en 14
lic k20
4. Copy and save the Encrypted Text somewhere to use later during the decryption process.
ac
olr
(s
uz
Cr
es
dr
An
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data 231
Perform Decryption
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and the encrypted text to decrypt.
The provided shell script invokes oci kms crypto decrypt to perform data decryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
a. Go to your home directory.
le
ab
$ cd ~
r
b. Get the shell script to decrypt the encrypted text.
fe
$ wget https://raw.githubusercontent.com/ou-developers/oci-
ns
vaultoperations/main/ocivault-decrypt.sh
tra
c. Make the downloaded shell script executable.
n-
$ chmod +x ocivault-decrypt.sh
. no
d. Run the shell script.
ide a
$ ./ocivault-decrypt.sh
Gu as
2. Provide the required parameters as input.
is ) h
a. Please enter the OCI Vault Cryptographic Endpoint URL
th s
e o.e
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to ya
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
lic k20
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
c. Please enter the Encrypted Text (Generated Above)
ac
<Encrypted_Text_from_above_step>
olr
Example:
(s
QYcEncB2aSYnAC7QkpXd589LxN8XdddFWJzHyFg2gTKCaCcht97rAAAA==
uz
3. The Shell script will invoke oci kms crypto decrypt and perform a cryptographic
Cr
https://xxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
Please enter your Master Encryption Key OCID
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
Please enter the Encrypted Text (Generated Above)
QYcEncB2aSYnAC7QkpXd589LxN8XdddFWJzHyFg2gTKCaCcht97rAAAA==
{
"data": {
232 Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data
....
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
"plaintext": "ampqanNzc3NzCg==",
"plaintext-checksum": "2060560141"
}
}
---------- Plain Text ----------
le
HelloWorld
ab
--------------------------------
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data 233
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Queries
Gu as
ide a
. no
Lab 20-1 Practices
n-
tra
ns
fe
Observability and
rab
le
and Create Monitoring
Management: Configure
Alarms with Notifications
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
Oracle Cloud Infrastructure (OCI) Observability and Management provides visibility and
actionable insights derived using Machine Learning Algorithms. This platform is open and
extensible, and provides cloud-based monitoring and analytics.
le
Some of the Observability and Management services include Monitoring, Logging, Event
ab
Services, Logging Analytics, and Application Performance Monitoring. In this lab, you will
r
fe
create alarms and queries, and trigger alarms.
ns
tra
In this lab, you will:
n-
a. Create a Virtual Cloud Network (VCN)
. no
b. Launch three Compute Virtual Machine instances
ide a
Gu as
c. Create alarms and view service metrics
is ) h
d. Create CPU stress and fire alarms
th s
e o.e
e. Create queries
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Assumptions
• You must be familiar with navigating the OCI Console.
• In this lab, Germany Central (Frankfurt) is considered as your region.
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 235
Set Up the Environment
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will configure the cloud environment, create a virtual network, and
compute instances. The resources created in this practice will help you complete the rest of
the lab.
le
A Virtual Cloud Network (VCN) defines a private network in the cloud environment where you
ab
can specify networking parameters such as CIDR block and route tables, along with security
r
fe
controls like access control lists and virtual firewalls. You can also allow connectivity to the
ns
public Internet. In this task, you will create a VCN.
tra
n-
Note: For a production VCN environment, it is recommended to further restrict network
. no
access controls to meet your security requirements.
ide a
Sign in to your Oracle Cloud Infrastructure (OCI) account.
Gu as
1.
2.
is ) h
In the console ribbon at the top of the screen, click the Region icon to expand the menu
th s
and select Germany Central (Frankfurt).
e o.e
us ho
3. From the navigation menu, under Networking, select Virtual Cloud Networks.
to ya
From the left navigation panel, ensure you are in the compartment allotted to you. Click
se @
4.
Create VCN.
en 14
lic k20
5. In the Create a Virtual Cloud Network dialog box, populate the following information:
ac
• Name: FRA-AA-LAB20-1-VCN-01
olr
(s
7. After the VCN is created, click FRA-AA-LAB20-1-VCN-01 VCN to view the details page.
Under Resources in the left navigation panel, click Internet Gateways.
236 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
9. In the Create Internet Gateway dialog box, populate the following information:
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
• Name: FRA-AA-LAB20-1-IG-01
11. Next, make a quick update to the VCN route table to make use of the Internet Gateway
le
created in the previous step. Under Resources in the left navigation panel, click Route
ab
Tables.
r
fe
12. Click Default Route Table for FRA-AA-LAB20-1-VCN-01 and then, click Add Route
ns
Rules.
tra
n-
13. In the Add Route Rules dialog box, populate the following information:
. no
• Target Type: Internet Gateway
ide a
Gu as
• Destination CIDR Block: 0.0.0.0/0
is ) h
th s
• Target Internet Gateway: FRA-AA-LAB20-1-IG-01
e o.e
15. Finally, create a subnet in the VCN to identify IP space and deploy a VM. Return to the
se @
VCN details page by clicking FRA-AA-LAB20-1-VCN-01 in the breadcrumb list at the top
en 14
of the page.
lic k20
16. Under Resources in the left navigation panel, click Subnets. Then, click Create Subnet.
ac
olr
17. In the Create Subnet dialog box, populate the following information:
(s
• Name: FRA-AA-LAB20-1-SNET-01
uz
Cr
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 237
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Before launching a Virtual Machine instance, you will create SSH keys to authenticate the
Instance using Oracle Cloud Shell.
1. In the OCI Console ribbon at the top of the screen, ensure that the correct Region is
le
selected. In this case, the region is Germany Central (Frankfurt).
ab
Click Cloud Shell icon next to the region.
r
2.
fe
ns
3. In the Cloud Shell, ensure that you are in the home directory of your account. To check,
tra
run the following command:
n-
. no
$ pwd
ide a
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
Gu as
is ) h
If you are in your home directory, the value will be /home/<user_name>.
th s
e o.e
$ cd .ssh/
se @
5. If the previous step shows an error as “No such file or directory,” then run the following
en 14
command:
lic k20
$ mkdir .ssh/
ac
olr
$ cd .ssh/
uz
Cr
Note: There are two files saved into the .ssh directory: sshkeys.pub (public key) and
sshkeys (private key). sshkeys.pub will be used while creating compute instances, and
sshkeys will be used to authenticate.
9. Run the following command to view the contents of the sshkeys.pub public key.
238 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
$ cat /home/<user_name>/.ssh/sshkeys.pub
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
10. Copy and paste the content of sshkeys.pub public key into a Notepad file. You will use
this content while creating compute instance.
11. Close the Cloud Shell by clicking X at the top-right corner. Then, click Exit.
le
ab
r
Task 3: Launch Compute Virtual Machine Instance
fe
ns
tra
Now, you will launch a Virtual Machine in your newly created VCN. For this lab, you will create
n-
three instances.
. no
1. In the OCI Console ribbon at the top of the screen, ensure that you have selected the same
ide a
region where you created the VCN.
Gu as
2.
is ) h
From the navigation menu, under Compute, click Instances.
th s
e o.e
3. From the left navigation panel, ensure that you are in the compartment allotted to you. To
us ho
In the Create compute instance dialog box, enter FRA-AA-LAB20-1-VM-01 in the Name
se @
4.
field.
en 14
lic k20
6. The Availability Domain will be pre-populated to match the subnet you created earlier.
olr
(s
7. Ensure that the Image is selected as Oracle Linux 8. If not, click Change Image and select
uz
Oracle Linux 8.
Cr
In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
es
8.
Memory) [Shape series: Ampere].
dr
An
Note: Your options and naming conventions may not match exactly as given here, so
select an appropriate shape if it is shown different for your region.
9. In the Primary network field, select Select Existing Virtual Cloud Network and ensure
FRA-AA-LAB20-1-VCN-01 is specified in the Virtual cloud network field.
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 239
10. In the Subnet field, select Select Existing Subnet. Ensure the Subnet is specified as FRA-
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
AA-LAB20-1-SNET-01.
If not, double-check the compartment is set to <your compartment>. You may have to
switch to a different Availability Domain (see above – the Availability Domain of your
subnet and compute instance must match) to allow the selection of your existing subnet,
if not already selected.
le
11. In the Public IP address field, select Assign a public IPv4 address.
ab
12. In the Add SSH keys field, select Paste public keys. Then copy the sshkeys.pub public
r
fe
key from the Notepad (copied earlier in previous task) and paste it in the SSH keys field.
ns
tra
13. Keep the other options default and click Create. The first compute instance is successfully
n-
created.
. no
14. Navigate back to the Instances page from the navigation menu. Ensure that the State of
ide a
Gu as
the instance you just created is Running.
is ) h
15. Copy the Public IP corresponding to the FRA-AA-LAB20-1-VM-01 instance and paste it in
th s
e o.e
the Notepad.
us ho
16. Now, click the Cloud Shell icon next to the Region at the top of the screen.
to ya
se @
17. Run the following command with pasting the sshkeys - private key and Public IP:
en 14
lic k20
Note: The SSH Key is the private key created in the previous task. It is used to
Cr
authenticate.
es
18. Enter Yes when prompted to connect and ensure you are connected to the instance.
dr
An
20. To create a second instance, repeat steps 2 through 7. Keep all settings the same except
the Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-
VM-02.
240 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
21. In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
22. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
SSH keys field, select No SSH keys.
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
and SSH keys for this instance can be skipped.
le
ab
23. Keep the other options default and click Create. The second compute instance is
successfully created.
r
fe
ns
24. Navigate back to the Instances page from the navigation menu. Ensure that the State of
tra
the second instance created is Running.
n-
. no
25. To create a third instance, repeat steps 2 through 7. Keep all settings the same except the
Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-VM-
ide a
Gu as
03.
is ) h
26. In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
th s
e o.e
27. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
to ya
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
lic k20
29. Navigate back to the Instances page from the navigation menu. Ensure that the State of
uz
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 241
Create Alarms and View Service Metrics
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will view the service metrics for your instances, confirm that the required
monitoring plug-in is enabled, and set up alarm notifications.
To view the service metrics available in the OCI Console, the compute instance monitoring
le
plug-in must be enabled. This plug-in emits metrics about the instance's health, capacity, and
ab
performance—such as CPU and memory utilization.
r
fe
ns
Note: The plug-in will be enabled by default, but it should be confirmed.
tra
From the OCI Console navigation menu, under Compute, select Instances.
n-
1.
. no
2. Click the instance FRA-AA-LAB20-1-VM-01.
ide a
Gu as
3. Click Oracle Cloud Agent tab.
is ) h
Scroll down to find the Compute Instance Monitoring plug-in and ensure that it is
th s
4.
e o.e
5. Navigate back to the Instances page and repeat steps 1-4 for the instance FRA-AA-
to ya
LAB20-1-VM-02.
se @
en 14
Now that you have confirmed that Monitoring is enabled, you will create an alarm that is
Cr
triggered when the service metrics reach a designated threshold. You will see this alarm gets
triggered later in the practice when you perform a CPU stress test.
es
dr
To create an alarm, you must first create a notification so that the alarm has a way to notify
An
the relevant parties. For example, an alarm can email an administrator when a CPU usage
threshold has been breached.
1. From the OCI Console navigation menu, select Developer Services. Under Application
Integration, select Notifications.
2. From the left navigation panel, ensure you are in the compartment assigned to you.
242 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
3. Click Create Topic.
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
4. In the Create Topic dialog box, enter FRA-AA-LAB20-1-TOP-01 in the Name field and
enter Description if required as its optional.
5. Click Create.
6. Once the topic state changes to Active, click the topic to view the details.
le
7. Under Resources, click Create Subscription.
ab
r
fe
8. In the Create Subscription dialog box, select Email in the Protocol field.
ns
In the Email field, enter your email address.
tra
9.
n-
10. Click Create.
. no
ide a
11. Click the subscription that you just created.
Gu as
is ) h
12. The Subscription Information will be displayed with the status as Pending Confirmation.
th s
e o.e
13. Check the email account you specified and click the “Confirm subscription” verification
link in it. A pop-up browser window will tell you that the subscription has been confirmed.
us ho
to ya
14. Navigate back to the Subscriptions page and verify that the subscription status has
se @
changed to Active.
en 14
lic k20
Note: You may need to refresh your browser if the status is not updated.
ac
Now that you’ve created the topic and subscription for a notification, you will create your
dr
alarm. This alarm will be activated when the CPU utilization reaches a threshold that you
An
designate.
1. From the OCI Console navigation menu, select Observability & Management. Under
Monitoring, click Alarm Definitions.
2. From the left navigation panel, ensure that you are in the compartment assigned to you.
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 243
4. In the Create Alarm dialog box, populate the following information in the Create alarm
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
section:
le
5. The Tags section is optional. Therefore, keep the default selections.
ab
r
fe
6. Populate the following information in the Metric description section:
ns
Compartment: <your compartment>
tra
•
n-
• Metric namespace: oci_computeagent
. no
ide a
• Metric name: CpuUtilization
Gu as
• Interval: 1m is ) h
th s
e o.e
• Statistic: Max
us ho
Note: The Resource Group field is optional. Therefore, you can skip it for now.
to ya
se @
• Value: 70
es
dr
• Topic: FRA-AA-LAB20-1-TOP-01
244 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
You have created the topic earlier and recall that the topic is the communication channel, such
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
as email. When the alarm is triggered, a notification is sent to the subscribed email addresses.
10. Select the option Split notifications per metric stream in the Message grouping
section.
With this setting, you are configuring the Alarm to send a message for the specific
instance when it reaches the CPU threshold. The UI shows a message which is just a
le
reference- Consider limits when the alarm contains a high number of metric streams.
ab
11. You can select the message format, which is generally the first option, Send formatted
r
fe
messages.
ns
tra
12. You can also choose to have a notification repeated at certain frequencies if an alarm
n-
continues. Keep the Repeat notification option deselected.
. no
13. You have the option to suppress the notification. Keep the Suppress notifications option
ide a
Gu as
deselected.
is ) h
14. Select Enable this alarm and click Save Alarm.
th s
e o.e
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 245
Create CPU Stress and Fire Alarm
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will create a CPU Stress on the first instance (FRA-AA-LAB20-1-VM-01),
monitor the effect of CPU stress on the instance, and see an event triggered when the CPU
utilization is greater than the threshold, which causes the alarm to fire.
le
Now that you have created an alarm, Observability and Management monitors the working of
ab
instances and sends a notification when the alarm is triggered. For this purpose, the CPU is
r
fe
subjected to stress and forced to run to its maximum capacity. When the CPU Utilization
ns
metric is greater than the threshold value, the alarm gets triggered.
tra
n-
This is simulated by means of a CPUStress generator. The following steps are with respect to a
. no
Linux OS.
ide a
From the OCI Console navigation menu, under Compute, click Instances.
Gu as
1.
2.
is ) h
Click the instance FRA-AA-LAB20-1-VM-01. Copy the Public IP address.
th s
e o.e
3. Click the Cloud Shell icon from the Console ribbon at the top of the page.
us ho
4.
se @
Run the following command to install the EPEL (Extra Packages for Enterprise Linux)
Cr
6.
repository on Linux distributions to install additional standard open-source software
es
packages by using YUM and DNF package manager. If you are asked if it is OK, enter Y.
dr
An
246 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
8. Install the stress package. Stress is a generator tool, devised to subject your system to
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
configurable measure of CPU, memory, I/O, disk stress. To install, run the following
command:
le
ab
r
fe
ns
Task 2: Include Stress to the Compute Instance
tra
n-
Now, you need to induce stress to the instance. The stress on the compute instances
. no
increases on repeated use of the stress command. Run the following command:
ide a
$ uptime
Gu as
$ stress --cpu 8 --timeout 300
is ) h
th s
Task 3: Trigger the Alarm
e o.e
us ho
1. From the OCI Console navigation menu, select Observability & Management. Under
to ya
3. The icon in FRA-AA-LAB20-1-ALA-01 would have changed to Firing mode due to the
ac
stress induced. This happens when the load on the CPU Utilization crosses the threshold
olr
limits. Please wait for a minute if the status is not changed to Firing, and then refresh the
(s
page.
uz
Cr
4. Scroll down to the Alarm history graph, which signifies that the CPU stress has surpassed
the set threshold.
es
dr
6. The email provides details about Alarm OCID, Number of Metrics breaching threshold,
and Dimensions.
7. Navigate back to the Alarm Definitions page and select the check box against the FRA-
AA-LAB20-1-ALA-01 alarm.
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 247
8. Click Actions and select Add suppressions from the drop-down list.
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
9. In the Suppress Alarms Wizard, select the default Start time and End time and click
Apply suppressions to confirm.
10. Click Close and verify that the column Suppressed shows the alarm is suppressed for the
period.
11. Click the Cloud Shell icon to open Cloud Shell where the stress was initiated on the
le
ab
Instance. Press Ctrl + C to stop the stress.
r
fe
12. Navigate back to the Alarm Definitions page and click the FRA-AA-LAB20-1-ALA-01
ns
alarm.
tra
n-
13. The CPU-usage-alarm icon would have changed to OK mode as the stress is now stopped.
. no
14. Verify an email notification is not received by the configured subscription email for the
ide a
status being changed from Firing to OK. This notification is not sent due to Alarm being
Gu as
suppressed for the period. is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
248 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
Create Queries
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
In this practice, you will create different types of queries and see how they are all represented
graphically.
In this task, you will learn about query expressions and components, and you will execute
le
sample queries that can be used with the Monitoring service. The Metrics Explorer creates
ab
queries that are used to search and aggregate metric data points collected from resources.
r
fe
ns
A standard query includes a metric namespace (the source or application being measured),
tra
metric (what is being measured), interval (over what period), and statistic (how it’s being
n-
measured, e.g., a sum, rate, or max value).
. no
1. From the OCI Console navigation menu, select Observability & Management. Under
ide a
Monitoring, click Metrics Explorer.
Gu as
2.
is ) h
To create a standard query, populate the following information in the Query section:
th s
e o.e
•
se @
• Interval: 5m
ac
• Statistic: Max
olr
(s
The chart generated is the output of the query. It represents the CPU utilization
Cr
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 249
Task 2: Create Standard Queries with a Filter
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
A filter condition is used along with a standard query to display the graphs that satisfy specific
conditions. The filter condition is entered in the Metric Dimensions area and includes a name
and (optional) a value.
1. From the navigation menu, select Observability & Management. Under Monitoring,
click Metrics Explorer.
le
ab
2. Populate the following information to create a grouping function using Basic mode in the
r
Query section:
fe
ns
• Compartment: <your compartment>
tra
n-
• Metric namespace: oci-computeagent
. no
• Metric name: CpuUtilization
ide a
Gu as
• Interval: 5m is ) h
th s
e o.e
• Statistic: Max
us ho
4.
olr
The chart displays the CPU utilization of the compute instances in an interval of five minute
(s
Simple aggregation (grouping) function queries return the combined value of all metric
streams for the selected statistic. They can be written manually in the Query Code Editor pane
by checking the Advanced mode option, or you can use the Standard Query mode used above.
1. From the navigation menu, select Observability & Management. Under Monitoring,
click Metrics Explorer.
250 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
2. Populate the following information to create a grouping function using Basic mode in the
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Query section:
le
• Interval: 5m
ab
r
fe
• Statistic: Max
ns
In the Metric dimensions section, populate the following information:
tra
3.
n-
• Dimension name: availabilityDomain
. no
ide a
• Select the Aggregate metric streams check box.
Gu as
is ) h
Note: You can leave the Dimension value field blank for now.
th s
e o.e
The graph displays the aggregation of CPU utilization of all availability domains, with an
to ya
The selection of Aggregate metric streams check box is referred to as grouping function
lic k20
while using Advanced mode. This query can be viewed with selecting Advanced mode check
box.
ac
olr
(s
The nested queries are written as part of the Advanced mode in the Query code editor.
es
dr
1. From the navigation menu, select Observability & Management. Under Monitoring,
An
2. Select the Advanced mode check box at the top right of the Query 1 section.
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 251
3. Populate the following information to create a grouping function using Basic mode in the
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Query section:
le
(CpuUtilization[1m].max() > 5).grouping().max()
ab
r
Click Update Chart.
fe
5.
ns
The displayed output groups the compute instances and displays the ones whose
tra
CpuUtilization is more than 5 percent in the past minute.
n-
. no
GroupBy is a grouping function, which can be written using Advanced mode. It is another way
ide a
to aggregate metric streams. For example, you can group by shape used by the Instance.
Gu as
1. is ) h
To group by shape, enter the following code into the Query code editor.
th s
e o.e
CpuUtilization[5m].groupBy(shape).max()
us ho
The displayed output groups compute instances by shape and displays the CpuUtilization
se @
with an interval of 5 mins and showing the maximum reported value in the graph.
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
252 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 21-1 Practices
n-
tra
ns
fe
Observability and
r
Service Connectors
ab
le
Management: Configure
Get Started
Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Overview
le
In this lab, you will:
rab
a. Enable service logs
fe
ns
b. Export logs using service connectors
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
Assumptions
ac
olr
In this practice, you will create an automated job to export your log data into the Object
Storage bucket for long-term storage and archive. The Oracle Cloud Infrastructure (OCI)
makes this easy via service connectors, which provide a framework for creating jobs to filter,
process, and move log data from Logging to Object Storage.
le
ab
An Object Storage bucket is a logical container for storing objects. A bucket is associated with
r
fe
a single compartment that has policies to determine what actions a user can perform on a
ns
bucket and on all the objects in the bucket. The objects can store any type of data regardless
tra
of the content type. In this task, you will create two buckets: one for enabling logging and
n-
another for archiving logs.
. no
Sign in to your Oracle Cloud Infrastructure (OCI) account.
ide a
1.
Gu as
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu
is ) h
and select Germany Central (Frankfurt).
th s
e o.e
3. From the navigation menu, select Storage. Under Object Storage & Archive Storage,
us ho
click Buckets.
to ya
se @
5.
field.
ac
olr
8.
An
You will now create a second bucket, which will be used as the archive bucket to move
logs generated for read events occurred for the first bucket.
field.
Note: The Default Storage Tier can also be selected as Archive; however, in this lab, you
will select Standard to immediately download the transitioned log. An object in Archive
le
ab
Storage Tier needs to be restored first before it can be downloaded.
r
fe
13. Keep the rest of the options as default and click Create.
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will enable automatic log collection for Object Storage activity (read, write)
for the bucket created earlier.
1. From the navigation menu, select Observability & Management. Under Logging, click
le
Log Groups.
ab
r
From the left navigation panel, ensure that you are in the compartment assigned to you.
fe
2.
ns
Click Create Log Group.
tra
3.
n-
4. In the Create Log Group dialog box, ensure that the Compartment field is populated with
. no
<your compartment>.
ide a
Gu as
5. In the Name field, enter FRA-AA-LAB21-1-LGP-01.
is ) h
In the Description field, enter a brief description.
th s
6.
e o.e
Click Create.
us ho
7.
to ya
se @
en 14
In this task, you will enable logging on the Object Storage bucket created earlier.
ac
olr
1. From the navigation menu, select Observability & Management. Under Logging, click
(s
Log Groups.
uz
From the left navigation panel, ensure that you are in the compartment assigned to you.
Cr
2.
es
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
le
ab
• Log Name: FRA-AA-LAB21-1-SLOG-01
r
fe
ns
7. Click Enable Log.
tra
8. Review the log details page. It may take a couple minutes for the service to complete
n-
configurations. The Status under Log Information should be Active.
. no
ide a
9. Navigate back to the Logs page and click Enable service log.
Gu as
is ) h
10. In the Enable Resource Log dialog box, populate the following information:
th s
e o.e
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
en 14
lic k20
12. Review the log details page. It may take a couple minutes for the service to complete
Cr
13. From the navigation menu, select Storage. Under Object Storage & Archive Storage,
dr
An
click Buckets.
16. Verify that the status of Read Access Events is Active and Enabled with Log Group FRA-
AA-LAB21-1-LGP-01 and Log Name FRA-AA-LAB21-1-SLOG-01.
Note: Leave the bucket empty for now. In a later task, you will upload a few objects into
the bucket that generates write events and those logs (applied with a filter) will be
le
ab
transitioned into the second Object Storage bucket.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
In this practice, you will explore the contents of your logs using the built-in search capabilities
provided by the Logging service. This will validate that the logging is working for FRA-AA-
LAB21-1-BKT-01.
In a later task, you will configure a service connector to export logs into second Bucket FRA-
AA-LAB21-1-BKT-02.
le
ab
Task 1: Validate Logs with Log Search
r
fe
ns
1. From the navigation menu, select Observability & Management. Under Logging, click
tra
Search. You will now create search criteria and look for logs pertaining to your bucket,
n-
FRA-AA-LAB21-1-BKT-01-xxx.
. no
2. Click Select logs to search text field.
ide a
Gu as
3. In the Select logs to search field, click x to remove <your compartment> if selected by
default.
is ) h
th s
e o.e
4. Expand the (root) compartment under the Compartment column and select <your
us ho
Note: Do not click the plus (+) sign. Click the compartment name only.
se @
en 14
This step will bring up the log groups in that compartment without including the
lic k20
compartment itself as part of the search criteria. You don’t want the compartment itself
ac
included, because you don’t want all the logs for that compartment in the search results.
olr
5. In the Log Groups column, select the FRA-AA-LAB21-1-LGP-01 log group, but again, click
(s
the name only without clicking the plus sign. This will bring up the logs for that log group.
uz
Cr
This time, click the plus (+) sign to add it as the only search criteria. The Select logs to
dr
7.
search field at the top of the dialog box will be updated.
An
9. Verify that the graph shows the corresponding log records. If the graph is not displayed,
change the Filter by time field to Past hour.
then select from the list to further refine your search. Select one of the log records listed
that contains the specific message.
The graph and log section will be updated based on the selected data.message.
le
ab
r
1. From the navigation menu, select Observability & Management. Under Logging, click
fe
Service Connectors.
ns
tra
2. Click Create Service Connectors.
n-
. no
3. In the Create service connectors dialog box, populate the following information:
ide a
• Connector name: FRA-AA-LAB21-1-SC-01
Gu as
is ) h
• Description: <description>
th s
e o.e
• Source: Logging
se @
4. In the Configure source section, ensure that the following information is populated:
ac
• Logs: FRA-AA-LAB21-1-SLOG-02
es
5. Wait a few seconds for Log filter task section to load. Then in the Property field, enter
dr
data.requestAction.
An
7. In the Value field, enter PUT and press the Enter key.
following information:
• Bucket: FRA-AA-LAB21-1-BKT-02-xxx
Note: Do not click Create in the “Create default policy allowing this service connector to
write to Object Storage in compartment <your compartment>” message box. The policies
le
ab
are already added to your compartment.
r
fe
9. Click Create.
ns
tra
10. Navigate to the Service Connectors page using the breadcrumb list.
n-
. no
11. Verify that the Status column shows Active for FRA-AA-LAB21-1-SC-01, the Source
column shows as Logging, and the Target column as Object Storage.
ide a
Gu as
Note: The service connector is created to move log data that contains the
is ) h
data.requestAction=PUT into the Object Storage bucket- FRA-AA-LAB21-1-BKT-02-xxx.
th s
e o.e
The log message is generated when an object is uploaded in the bucket. To generate a
specific log with PUT action, you will upload objects into the bucket using OCI CLI.
us ho
to ya
se @
en 14
1. In the OCI Console header, click the Cloud Shell icon next to the Region icon.
ac
olr
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
dr
An
3. Run the following command to verify if the files are created successfully:
$ 1s
le
<User_Id>" --name labobject2.txt --file ./labobject2.txt
ab
r
fe
6. Run the following command to upload the labobject3.txt file:
ns
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-xxx" --
tra
name labobject3.txt --file ./labobject3.txt
n-
7. Once done, close the Cloud Shell window.
. no
ide a
Gu as
is ) h
Task 4: Verify the Logs Archived by Using Service Connector
th s
e o.e
The log content archived to Object Storage is aggregated via batches (default every seven
us ho
minutes) and stored in .gz format. The timestamps allows easy retrieval by time ranges. In
to ya
this task, you will locate the archived content and optionally download/extract/view to
se @
Note: This task needs to be run after 7 minutes, which is the rollover time for uploading files
lic k20
From the navigation menu, select Storage. Under Object Storage & Archive Storage,
olr
1.
click Buckets.
(s
uz
3.
labobject3.txt, are uploaded and displayed.
dr
An
4. Navigate back to the Object Storage page by using the breadcrumb list and click the
FRA-AA-LAB21-1-BKT-02-xxx bucket.
Note: It may take a few minutes after creating the connector for initial content to land in
the bucket.
6. Select the content check box and click the three dots on the right to download, extract,
and view the file.
le
ab
7. User your preferred log or text viewer to verify the content.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An