Labs

Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.
Activity Guide
S1104309GC10
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
Architect Associate
to ya
us ho
e o.e
th s
is ) h
Learn more from Oracle University at education.oracle.com

Gu as
ide a
. no
n-
tra
Oracle Cloud Infrastructure

ns
fe
rab
le
Copyright © 2023, Oracle and/or its affiliates.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual
property laws. The document may not be modified or altered in any way. Except where your use constitutes
"fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform,
reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the
express authorization of Oracle.
The information contained in this document is subject to change without notice and is not warranted to be
error-free. If you find any errors, please report them to us in writing.
le
Restricted Rights Notice
ab
r
If this documentation is delivered to the United States Government or anyone using the documentation on
fe
behalf of the United States Government, the following notice is applicable:
ns
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software,
tra
any programs embedded, installed or activated on delivered hardware, and modifications of such
n-
programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S.
Government end users are "commercial computer software" or "commercial computer software
. no
documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure,
ide a
modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any
Gu as
operating system, integrated software, any programs embedded, installed or activated on delivered
hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle
is ) h
data, is subject to the rights and limitations specified in the license contained in the applicable contract. The
th s
terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract
e o.e
for such services. No other rights are granted to the U.S. Government.
us ho
Trademark Notice
to ya
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks
se @
of their respective owners.

en 14
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
lic k20
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a
registered trademark of The Open Group.
ac
olr
Third-Party Content, Products, and Services Disclaimer

(s
This documentation may provide access to or information about content, products, and services from third
uz
parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of
any kind with respect to third-party content, products, and services unless otherwise set forth in an
Cr
applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible
for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or
es
services, except as set forth in an applicable agreement between you and Oracle.
dr
An
1105162023
Table of Contents
Identity and Access Management (IAM): Enable Multi-Factor Authentication (MFA) ............... 5
Get Started ...................................................................................................................................... 6
Enable Multi-Factor Authentication (With Identity Domains Enabled) ............................................ 7
le
Enable Multi-Factor Authentication (Without Identity Domains Enabled) ....................................... 10
ab
Identity and Access Management (IAM): Create IAM Components ............................................ 12
r
fe
Get Started ...................................................................................................................................... 13
ns
Create a Compartment (With Identity Domains Enabled) .............................................................. 15
tra
Create a User (With Identity Domains Enabled) ............................................................................. 16
n-
Create a Group, and Add a User to the Group (With Identity Domains Enabled) .......................... 17
. no
Create a Policy (With Identity Domains Enabled) ........................................................................... 18
ide a
Create a Dynamic Group (With Identity Domains Enabled) ........................................................... 19
Gu as
Create a Compartment (Without Identity Domains Enabled) ......................................................... 21
is ) h
Create a User (Without Identity Domains Enabled) ........................................................................ 22
th s
Create a Group, and Add a User to the Group (Without Identity Domains Enabled) ..................... 23
e o.e
Create a Policy (Without Identity Domains Enabled) ...................................................................... 24

us ho
Create a Dynamic Group (Without Identity Domains Enabled) ...................................................... 26

to ya
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network .............. 27
se @
Get Started ...................................................................................................................................... 28

en 14
Create a Virtual Cloud Network ...................................................................................................... 29

lic k20
Networking - Virtual Cloud Network: Configure Local VCN Peering .......................................... 30

ac
Get Started ...................................................................................................................................... 31

olr
Create Virtual Cloud Network 01 .................................................................................................... 33

(s

uz
Add a Local Peering Gateway (LPG) to each VCN .......................................................................... 35

Cr
Connect the VCNs........................................................................................................................... 36

es
Add Route Rules ............................................................................................................................. 37

dr
Add Security Rules .......................................................................................................................... 38

An
Networking - Virtual Cloud Network: Configure Remote VCN Peering....................................... 39

Get Started ...................................................................................................................................... 40
Create a Dynamic Routing Gateway in Each OCI Region ............................................................. 44
Create Remote Peering Connection Attachments and Establish the Connection Between the
Two DRGs....................................................................................................................................... 46
Oracle Cloud Infrastructure Architect Associate – Table of Contents iii

Add Route Rules ............................................................................................................................. 48

Add Security Rules ......................................................................................................................... 50
Networking: OCI Load Balancer...................................................................................................... 52
Get Started ...................................................................................................................................... 53
Create Two Compute Instances (Back-End Servers) ..................................................................... 56
Create a Load Balancer .................................................................................................................. 59
le
Purge Instructions ........................................................................................................................... 61
ab
Networking – DNS Management: Create a Private DNS Zone ..................................................... 64
r
fe
Get Started ...................................................................................................................................... 65
ns
tra
Create Two Compute Instances ..................................................................................................... 68
n-
Create a Private DNS Zone ............................................................................................................ 71
. no
Access the Private DNS Zone from Your Windows Compute Instance ......................................... 72
ide a
Compute: Create a Web Server on a Compute Instance .............................................................. 74
Gu as
Get Started ...................................................................................................................................... 75
is ) h
Launch Cloud Shell ......................................................................................................................... 76
th s
e o.e
Generate SSH Keys........................................................................................................................ 77

Create a Virtual Cloud Network and Its Components ..................................................................... 79
us ho
Create a Compute Instance ............................................................................................................ 82

to ya
Install an Apache HTTP Server on the Instance............................................................................. 84

se @
Compute: Create a Capacity Reservation and Launch Instances ............................................... 86

en 14
Get Started ...................................................................................................................................... 87

lic k20
Create a Virtual Cloud Network and a Subnet ................................................................................ 88

ac
Create a Capacity Reservation ....................................................................................................... 89

olr
Add a Capacity Configuration ......................................................................................................... 90

(s
Create Instances in a Capacity Reservation................................................................................... 91

uz
Move an Instance out of a Capacity Reservation ........................................................................... 93

Cr
Adding an Instance to a Capacity Reservation ............................................................................... 94

Compute: Configure Metric-Based Autoscaling .......................................................................... 95
es
Get Started ...................................................................................................................................... 96

dr

An
Create a Load Balancer .................................................................................................................. 100

Create a Compute Instance and a Custom Image ......................................................................... 102
Create an Instance Configuration ................................................................................................... 106
Create an Instance Pool ................................................................................................................. 107
Create a Metric-Based Autoscaling Configuration .......................................................................... 109
Test Autoscaling ............................................................................................................................. 111
Object Storage: Create and Manage OCI Object Storage ............................................................ 113
iv Oracle Cloud Infrastructure Architect Associate – Table of Contents

Get Started ...................................................................................................................................... 114

Create an Object Storage Bucket ................................................................................................... 117
Upload an Object to a Bucket ......................................................................................................... 119
Configure a Lifecycle Policy Rules for the Bucket .......................................................................... 120
Create a Replication Policy for the Bucket ..................................................................................... 122
Create a Retention Rule for the Bucket .......................................................................................... 124
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) ................................ 126
le
Get Started ...................................................................................................................................... 127
ab
Access Cloud Shell via the Console ............................................................................................... 129
r
fe
Create a Standard Default Storage Tier Bucket Using CLI (Cloud Shell) ...................................... 130
ns
Upload a File (Larger than 100 MiB) to Cloud Shell ....................................................................... 131
tra
Perform a Multipart Upload Using the CLI (Cloud Shell) ................................................................ 132
n-
Block Storage: Create, Attach, Detach, and Resize a Block Volume .......................................... 133
. no
Get Started ...................................................................................................................................... 134
ide a
Gu as
Create a VM Instance ..................................................................................................................... 138
is ) h
Create a Block Volume ................................................................................................................... 141
th s
Attach a Block Volume to a Compute Instance .............................................................................. 142
e o.e
Resize a Block Volume ................................................................................................................... 145

us ho
Detach a Block Volume................................................................................................................... 147

to ya
Block Storage: Create a Volume Group and Enable Cross Region Replication ........................ 148
se @
Get Started ...................................................................................................................................... 149

en 14
Create Two Block Volumes............................................................................................................. 150

lic k20
Create a Volume Group .................................................................................................................. 152

ac
Enable Cross-Region Replication for the Volume Group ............................................................... 154

olr
Activate the Volume Group Replica ................................................................................................ 156

Disable Replication for a Volume Group ......................................................................................... 157
(s
uz
File Storage: Create and Mount a File System .............................................................................. 158

Cr
Get Started ...................................................................................................................................... 159

es

dr
Create a File System ...................................................................................................................... 167

An
Configure VCN Security Rules for File Storage .............................................................................. 169

Mount the File System from an Instance ........................................................................................ 176
File Storage: Configure NFS Export Options ................................................................................ 178
Get Started ...................................................................................................................................... 179
Create a File System ...................................................................................................................... 187
Oracle Cloud Infrastructure Architect Associate – Table of Contents v

Configure VCN Security Rules for File Storage .............................................................................. 189

Set Export Options for the File System ........................................................................................... 196
Mount the File System from Both the Instances ............................................................................. 198
Perform Testing .............................................................................................................................. 199
Database System: Provisioning and Connecting to a Database System ................................... 201
Get Started ...................................................................................................................................... 202
le
Provision a Database System ......................................................................................................... 204
ab
Connect to the Database ................................................................................................................ 207
r
fe
Autonomous Database: Scaling Resources in an Autonomous
ns
Database ............................................................................................................................................ 210
tra
Get Started ...................................................................................................................................... 211
n-
Provision an Autonomous Database .............................................................................................. 213
. no
Manually Scale the Number of OCPUs .......................................................................................... 215
ide a
Enable Automatic Scaling for Storage ............................................................................................ 216
Gu as
Security: Enable Cloud Guard......................................................................................................... 217
is ) h
Get Started ...................................................................................................................................... 218
th s
e o.e
Explore Cloud Guard ...................................................................................................................... 221

us ho
Create a Cloud Guard Target ......................................................................................................... 223

to ya
Create a Scenario to Verify Cloud Guard Monitoring ..................................................................... 224

se @
Remediate the Problems Identified by Cloud Guard ...................................................................... 225

en 14
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data ..... 227
lic k20
Get Started ...................................................................................................................................... 228

ac
Create a Vault and a Master Encryption Key.................................................................................. 229

olr
Perform Encryption ......................................................................................................................... 230

Perform Decryption ......................................................................................................................... 232
(s
uz
Observability and Management: Configure Alarms with Notifications and Create

Monitoring Queries ........................................................................................................................... 234
Cr
Get Started ...................................................................................................................................... 235

es
Set Up the Environment .................................................................................................................. 236

dr
Create Alarms and View Service Metrics ....................................................................................... 242

An
Create CPU Stress and Fire Alarm ................................................................................................. 246

Create Queries ................................................................................................................................ 249
Observability and Management: Configure Service Connectors ................................................ 253
Get Started ...................................................................................................................................... 254
Set Up the Environment .................................................................................................................. 255
Enable Service Logs ....................................................................................................................... 257
Export Logs Using Service Connectors .......................................................................................... 260
vi Oracle Cloud Infrastructure Architect Associate – Table of Contents

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
(MFA)
is ) h
Gu as
ide a
Lab 1-1 Practices
. no
n-
tra
ns
fe
r
Identity and Access
ab
le
Management (IAM): Enable
Multi-Factor Authentication
Get Started
Overview
Multi-Factor Authentication (MFA) is a method of authentication that requires the use of more
than one factor to verify a user’s identity.
With MFA enabled in the IAM service, a user signs in to the Oracle Cloud Infrastructure (OCI)
le
console and is prompted to enter two factors:
rab
Their username and password, which are things that they know
fe
•
ns
• A verification code from a registered MFA device, which is something that they have
tra
n-
The two factors work together, requiring an extra layer of security to verify the user’s identity
. no
and complete the sign-in process.
ide a
Gu as
In this lab, you'll enable Multi-Factor Authentication in OCI.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
Note: We have instructions for accounts with and without Identity Domains enabled.
dr
An
Prerequisites
• You must install a supported authenticator app (Oracle Mobile Authenticator or
Google Authenticator) on the mobile device you intend to register for MFA.
6 Identity and Access Management: Enable Multi-Factor Authentication

Enable Multi-Factor Authentication (With Identity
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
le
Tasks:
ab
r
fe
1. Sign in to the OCI Console.
ns
tra
2. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A list
n-
of domains in your tenancy appears.
. no
Note: Select the compartment that is allotted to you.
ide a
Gu as
3. Select the domain that is allotted to you. Otherwise, you can click the Default domain.
is ) h
th s
4. In the left navigation pane, navigate to: Identity domain > Security > MFA.
e o.e
us ho
5. Select the Mobile app passcode option on the Multi-factor authentication (MFA) settings
details page.
to ya
se @
6. Click Save Changes.

en 14
lic k20
7. Click Save Changes on the Save MFA settings popup.

ac
8. Use the breadcrumb trail to go back to the Default Domain page and click Groups.
olr
(s
9. Click Create Group.

uz
10. Enter the following:

Cr
es
a. Name: Enter a unique name for the group (e.g.: MFAGroup)

dr
An
b. Description: Enter a group-related description.
11. Click Create.
Note: Do not add any user as of now. We will create a new user in the next step.
12. Use the breadcrumb trail to go back to the Default Domain page and click Users.
13. Click Create User.
Identity and Access Management: Enable Multi-Factor Authentication 7

a. First Name: Enter the first name of the user.
b. Last Name: Enter the last name of the user.
c. Username/Email: Enter an email address for the user.
d. Select Use the same email address as the username. Do not select the Assign
le
cloud account administrator role check box.
rab
fe
e. Select the group that was created in Step 10 (MFAGroup).
ns
15. Click Create.
tra
n-
16. Use the breadcrumb trail to go back to the Default Domain page and click Security.
. no
ide a
17. Under Security, click Sign-on Policies.
Gu as
18. Click Default Sign-On Policy. is ) h
th s
e o.e
19. Click Add Sign-on Rule.

us ho

to ya
se @
a. Rule Name: Enter a rule name.

en 14
b. Group Membership: Select the group that was created in Step 10 (MFAGroup).
lic k20
ac
c. Select Allow Access under Actions (selected by default).

olr
i. Select Prompt for an additional factor.

(s
uz
ii. Select Specified factors only.

Cr
iii. Select Mobile app passcode.

es
dr
iv. Select Every time under Frequency.

An
v. Select Required under Enrollment.
21. Click Add Sign-on Rule.
22. Select the Sign-on Rule you created just now and click Edit Priority.

23. Bring the Sign-on Rule on top of the priority list by clicking the up arrow button and click
Save Changes.
24. Use the breadcrumb trail to go back to the Default Domain page and click Users.
25. Click the user created in Step 14 and click Reset Password.
26. Click Reset Password when prompted. You’ll receive an email on registered mail address.
le
27. Log in to the OCI console using credentials generated for MFA-enabled user created in
ab
Step 14.
r
fe
ns
28. The OCI Console will prompt to enable secure verification.
tra
29. Click Enable Secure Verification.
n-
. no
30. Follow the instructions in the dialog box:
ide a
a. Install Oracle Mobile Authenticator or a similar authenticator app on your mobile
Gu as
device. is ) h
th s
e o.e
b. Open the app and add a new account. Scan the QR code from the dialog box when
prompted.
us ho
to ya
c. If you already have another authenticator app installed, select Offline Mode or Use
se @
Another Authenticator App.

en 14
lic k20
d. Enter the code displayed by the app.

ac
31. Click Verify.

olr
32. Click Done.

(s
uz
Important: The authenticator app generates a new, time-based, one-time passcode every 30
Cr
seconds. You must enter a code while the code is still valid. If you miss the time window for
es
one passcode, you can enter the next one that is generated.
dr
An
You have successfully enabled MFA in Identity Domain enabled tenancies.

Enable Multi-Factor Authentication (Without Identity
Domains Enabled)
You will learn how to enable Multi-Factor Authentication (MFA) for your Oracle Cloud
Infrastructure (OCI) account.
In this practice, you will also learn the sign-in process after enabling MFA.
le
Tasks
rab
fe
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
ns
method.
tra
n-
Note: If the Customize your Console pop-up window appears, select the profiles that
. no
best describe your Oracle Cloud Infrastructure work or interests.
ide a
In the console ribbon at the top of the screen, click the Profile icon and click the
Gu as
2.
<username> with which you logged in to the OCI Console.
is ) h
th s
3. On the User Details page, click Enable Multi-Factor Authentication to open a dialog box.
e o.e
4. Follow the instructions in the dialog box:

us ho
to ya
a. Install Oracle Mobile Authenticator or a similar authenticator app on your mobile

se @
device.
en 14
Open the app and add a new account. Scan the QR code from the dialog box when
lic k20
b.
prompted.
ac
olr
c. Enter the code displayed by the app.

(s
5. After you’ve entered the code into the Verification Code box, click Verify. Multi-Factor
uz
Authentication is now enabled.

Cr
es
6. Click the Profile icon at the top right of the screen and click Sign out.
dr
Sign in to your Oracle Cloud Infrastructure (OCI) Console by using the Direct Sign-In
An
7.
method:
a. Enter your <username> in the User Name field.
b. Enter your <password> in the Password field.
c. Click Sign In.

Note: After your username and password are authenticated, you have successfully
supplied the first factor for authentication. The second factor appears on an
authentication page and prompts you to enter a one-time passcode.
8. Open the Oracle Mobile Authenticator app on your registered mobile device and then
open the account for your Oracle Cloud Infrastructure (OCI) tenancy.
9. Enter the passcode displayed by your authenticator app and then click Sign In. You are
le
now successfully signed in to the OCI Console.
ab
Important: The authenticator app generates a new time-based, one-time passcode every
r
fe
30 seconds. You must enter a code while the code is still valid. If you miss the time
ns
window for one passcode, you can enter the next one that is generated.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
Lab 2-1 Practices
. no
n-
tra
ns
IAM Components
fe
r
Identity and Access
ab
le
Management (IAM): Create
Get Started
Overview
Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) lets you control who
has access to your cloud resources.
In this lab, we will help you create a compartment, group, user, and policy. We will also provide
le
the steps to create a dynamic group.
ab
r
fe
Note: We have instructions for accounts with and without Identity Domains enabled.
ns
tra
In this lab, you’ll:
n-
Create a compartment
. no
a.
ide a
b. Create a user
Gu as
c. is ) h
Create a group, and add a user to the group
th s
e o.e
d. Create a policy
us ho
e. Create a dynamic group

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Identity and Access Management: Create IAM Components 13

14
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
Identity and Access Management: Create IAM Components

Create a Compartment (With Identity Domains Enabled)
A compartment is a collection of related resources. Compartments are fundamental

components of OCI and are used for organizing and isolating your cloud resources.
In this practice, you will learn how to create a compartment.
Tasks
le
ab
r
fe
Open the Main Menu and select Identity & Security. Under Identity,
ns
2.
click Compartments. A list of the compartments to which you have access appears.
tra
n-
3. Click Create Compartment.
. no
4. Do the following:
ide a
Gu as
a. Name: Enter a unique name for the compartment. The name must be unique across
all the compartments in your tenancy. is ) h
th s
e o.e
b. Description: Enter a compartment-related description.

us ho
Parent Compartment: The compartment you are in appears by default.

to ya
c.
se @
5. Click Create Compartment. The Child Compartment now appears in the list of
en 14
compartments.
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a User (With Identity Domains Enabled)
A user is an individual employee or system that needs to manage or use your

company’s OCI resources.
In this practice, you’ll learn how to create a user.
Tasks
le
ab
1. Open the Main Menu and select Identity & Security. Under Identity, click Domains. A
r
list of domains in your tenancy appears.
fe
ns
Select the Domain that is allotted to you. Otherwise, you can click on the Default domain.
tra
2.
n-
3. Under Identity domain, click Users. A list of the users in your domain appears.
. no
ide a
4. Click Create User.
Gu as
5. Enter the following: is ) h
th s
e o.e
a. First Name: Enter first name of user.

us ho
b. Last Name: Enter last name of user.

to ya
se @
c. Username/Email: Enter an email address for the user.

en 14
d. Check the Use the same email address as the username. Do not select the
lic k20
Assign cloud account administrator role check box.

ac
olr
6. Click Create. The user now appears in the list of users.

(s
uz
Cr
es
dr
An
16 Identity and Access Management: Create IAM Components

Create a Group, and Add a User to the Group (With
Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.
In this practice, you’ll learn how to create a group, and add a user to a group.
le
Tasks
ab
r
fe
ns
tra
n-
2. Click on the Default domain.
. no
3. Under Identity domain, click Groups. A list of the groups in your domain appears.
ide a
Gu as
4. Select the Administrators group.
is ) h
th s
5. Click Assign User to Groups.
e o.e
6. Select the user created earlier from the Users drop-down list, and then click Add. The user
us ho
now appears in the group.

to ya
se @
7. Use the breadcrumb trail to go back to the Groups page and click Create Group.
en 14
Enter the following:

lic k20
8.
ac
a. Name: Enter a unique name for the group.

olr
b. Description: Enter a group-related description.

(s
uz
9. Click Create. The group now appears in the list of groups.

Cr
es
dr
An

Create a Policy (With Identity Domains Enabled)
A policy is a document that specifies who can access which resources, and how.
In this practice, you’ll learn how to create a policy.
Tasks
le
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
rab
2. Click Create Policy.
fe
ns
tra
n-
a. Name: Enter a unique name for the policy.
. no
b. Description: Enter a policy-related description.
ide a
Gu as
c. Compartment: If you want to attach the policy to a compartment other than the one
is ) h
you’re viewing, select it from the drop-down list. Remember, where the policy is
th s
e o.e
attached controls who can later modify or delete it.

us ho
to ya
4. In the Policy Builder section, click Show manual editor and enter the policy statement.
se @
en 14
Note: A sample statement would look like the following:

lic k20
allow group <group_name> to manage virtual-network-family in

compartment <compartment_name>
ac
olr
5. Click Create. The policy now appears in the list of policies.

(s
uz
Cr
es
dr
An

Create a Dynamic Group (With Identity Domains
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
group.
le
ab
In this practice, you’ll learn how to create a dynamic group.
r
fe
ns
Tasks
tra
n-
. no
ide a
Gu as
2. Click on the Default domain.
is ) h
3. Under Identity domain, click Dynamic Groups.
th s
e o.e
4. Click Create Dynamic Group.

us ho
Enter the following:

to ya
5.
se @
a. Name: Enter a unique name for the group. The name must be unique across all groups
en 14
in your tenancy, including dynamic groups and user groups.

lic k20
b. Description: Enter a friendly description.

ac
6. Enter the Matching Rules. Resources that meet the rule criteria are members of the
olr
dynamic group.
(s
uz
a. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
Cr
https://docs.oracle.com/en-
es
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
dr
Note: You can manually enter the rule in the text box or launch the rule builder.
An
− For example, to include all instances that are in a specific compartment, add a rule
with the following syntax:
instance.compartment.id = '<compartment_ocid>'
b. Enter additional rules as needed. To add a rule, click +Additional Rule.
7. Click Create. The dynamic group now appears in the list of dynamic groups.

20
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
Identity and Access Management: Create IAM Components

Create a Compartment (Without Identity Domains
Enabled)
A compartment is a collection of related resources. Compartments are fundamental
components of OCI and are used for organizing and isolating your cloud resources.
In this practice, you will learn how to create a compartment.
le
Tasks
ab
r
fe
ns
tra
2. Open the Main Menu and select Identity & Security. Under Identity,
n-
click Compartments. A list of the compartments to which you have access appears.
. no
3. Under Child Compartment, click Create Compartment.
ide a
Do the following:
Gu as
4.
a.
is ) h
Name: Enter a unique name for the compartment. The name must be unique across
th s
all the compartments in your tenancy.
e o.e
us ho
b. Description: Enter a compartment-related description.

to ya
se @
c. Parent Compartment: The compartment you are in appears by default. To choose

en 14
another compartment in which to create this compartment, select from the drop-
lic k20
down list.
Click Create Compartment. The Child Compartment now appears in the list of
ac
5.
compartments.
olr
(s
uz
Cr
es
dr
An

Create a User (Without Identity Domains Enabled)
A user is an individual employee or system that needs to manage or use your

company’s OCI resources.
In this practice, you’ll learn how to create a user.
Tasks
le
ab
1. Open the Main Menu and select Identity & Security. Under Identity, click Users. A list of
r
users in your tenancy appears.
fe
ns
Click Create User.
tra
2.
n-
. no
ide a
e. Name: Enter a unique name or email address for the user.
Gu as
f. Description: This value could be the user’s full name, a nickname, or any other
is ) h
descriptive information.
th s
e o.e
g. Email: Enter an email address for the user. This email address is used for
us ho
password recovery.
to ya
se @
4. Click Create. The user now appears in the list of users.

en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Group, and Add a User to the Group (Without
Identity Domains Enabled)

A group is a collection of users who need the same type of access to a particular compartment
or set of resources.
In this practice, you’ll learn how to create a group, and add a user to a group.
le
Tasks
ab
r
fe
1. Open the Main Menu and select Identity & Security. Under Identity, click Groups. A list
ns
of the groups in your tenancy appears.
tra
n-
2. Click on the Administrators group.
. no
3. Click Add User to Group.
ide a
Gu as
4. Select the user created earlier from the Users drop-down list, and then click Add. The user
now appears in the group. is ) h
th s
e o.e
5. Use the breadcrumb trail to go back to the Groups page and click Create Group.
us ho

to ya
se @
c. Name: Enter a unique name for the group.

en 14
d. Description: Enter a group-related description.

lic k20
7. Click Create. The group now appears in the list of groups.

ac
olr
(s
uz
Cr
es
dr
An

Create a Policy (Without Identity Domains Enabled)
A policy is a document that specifies who can access which resources, and how.
In this practice, you’ll learn how to create a policy.
Tasks
le
1. Open the Main Menu and select Identity & Security. Under Identity, click Policies.
rab
2. Choose a compartment.
fe
ns
3. A list of the policies in the compartment you’re currently viewing appears.
tra
n-
. no
ide a
Gu as
d. Name: Enter a unique name for the policy.
is ) h
e. Description: Enter a policy-related description.
th s
e o.e
f. Compartment: If you want to attach the policy to a compartment other than the one
us ho
you’re viewing, select it from the drop-down list. Remember, where the policy is
to ya
attached controls who can later modify or delete it.

se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

6. In the Policy Builder section, click Show manual editor and enter the policy statement.
Note: A sample statement would look like the following:

allow group <group_name> to manage virtual-network-family in
compartment <compartment_name>
7. Click Create. The policy now appears in the list of policies.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Dynamic Group (Without Identity Domains
Enabled)
A dynamic group is a special type of group that contains resources, such as compute
instances, which match rules that you define. This means that group membership can change
dynamically as matching resources are created or deleted. These instances serve as “principal”
actors and can make API calls to services according to policies that you write for the dynamic
group.
le
ab
In this practice, you’ll learn how to create a dynamic group.
r
fe
ns
Tasks
tra
n-
1. Open the Main Menu and select Identity & Security. Under Identity, click Dynamic
. no
Groups.
ide a
Click Create Dynamic Group.
Gu as
2.

is ) h
th s
e o.e
c. Name: Enter a unique name for the group. The name must be unique across all groups
in your tenancy, including dynamic groups and user groups.
us ho
to ya
d. Description: Enter a friendly description.

se @
Enter the Matching Rules. Resources that meet the rule criteria are members of the
en 14
4.
dynamic group.
lic k20
c. Rule 1: Enter a rule by following the guidelines in https://docs.oracle.com/en-

ac
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm#Writing
olr
(s
us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm.
uz
Note: You can manually enter the rule in the text box or launch the rule builder.
Cr
− For example, to include all instances that are in a specific compartment, add a rule
es
with the following syntax:

dr
instance.compartment.id = '<compartment_ocid>'
An
d. Enter additional rules as needed. To add a rule, click +Additional Rule.
5. Click Create. The dynamic group now appears in the list of dynamic groups.

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Network
Gu as
Lab 3-1 Practices

ide a
. no
n-
tra
ns
fe
r
Network: Create and
ab
le
Configure a Virtual Cloud
Networking - Virtual Cloud
Get Started
Overview
In this practice, you will configure and deploy a Virtual Cloud Network (VCN).
A VCN is a software-defined network specific to your OCI tenancy or a compartment in a
specified region.
Upon creation, a VCN automatically includes route tables, security lists (with default security
le
rules), and a set of DHCP options. The VCN also has access to a DNS resolver.
ab
A VCN that is launched with the OCI VCN Wizard tool automatically creates the following:
r
•
fe
Public and Private subnets
ns
• Internet Gateway (IG)
tra
• NAT Gateway (NAT)
n-
• Service Gateway (SG)
. no
• Two Route Tables (RT)
ide a
• Two Security Lists (SL)
Gu as
For more information about Virtual Cloud Networks, see the OCI Networking Documentation:
is ) h
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/landing.htm
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
28 Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network
Create a Virtual Cloud Network
In this lab, you will create a VCN and associated resources by using the VCN Wizard.
Steps
1. Log in to the Oracle Cloud Infrastructure (OCI) console.
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu.
Ensure that you are in the correct region, Germany Central (Frankfurt).
le
3. Click the Main Menu, click Networking, and then click Virtual Cloud Networks.
ab
4. Click Start VCN Wizard.
r
fe
5. Select the Create VCN with Internet Connectivity option, and then click Start VCN
ns
Wizard.
tra
6. Enter the following values:
n-
Name: FRA-AA-LAB03-VCN-01
. no
Compartment: Select your <assigned compartment>.
ide a
7. Leave the default values for the remaining fields. Click Next.
Gu as
8. Review and understand the list of resources that the OCI VCN Wizard will create. Notice
is ) h
that the wizard will configure CIDR block ranges for VCN IP addresses, and for the public
th s
and private subnets. It will also set up security list rules and route table rules to enable
e o.e
basic access to the VCN.

us ho
9. Click Create.
to ya
10. When complete, click View Virtual Cloud Network.

se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Networking - Virtual Cloud Network: Create and Configure a Virtual Cloud Network 29
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Lab 4-1 Practices

ide a VCN Peering
. no
n-
tra
ns
fe
rab
le
Network: Configure Local
Get Started
Overview
In this practice, you will configure Local Peering Gateways (LPGs) to interconnect two Virtual
Cloud Networks (VCNs).
Local VCN Peering

Local VCN peering is the process of connecting two VCNs in the same region so that their
le
ab
resources can communicate using private IP addresses.
r
fe
Local Peering Gateway
ns
A Local Peering Gateway is a component on a VCN for routing traffic to a locally peered VCN.
tra
n-
Summary of Networking Components for Peering Using an LPG
. no
The Networking service components required for a local peering include:
ide a
• Two VCNs with non-overlapping CIDRs, in the same region
Gu as
• A local peering gateway (LPG) on each VCN in the peering relationship
is ) h
• A connection between those two LPGs
th s
e o.e
• Supporting route rules to enable traffic to flow over the connection

us ho
• Supporting security rules to control the types of traffic allowed to and from the
to ya
instances in the subnets that need to communicate with the other VCN
se @
en 14
In this lab, you will:

lic k20
1. Create Virtual Cloud Network 01.

2. Create Virtual Cloud Network 02.
ac
3. Add a Local Peering Gateway (LPG) to each VCN.

olr
4. Connect the VCNs.

(s
5. Add Route Rules.

uz
6. Add Security Rules.

Cr
es
dr
An
Networking - Virtual Cloud Network: Configure Local VCN Peering 31

32
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
Networking - Virtual Cloud Network: Configure Local VCN Peering

Create Virtual Cloud Network 01
In this section, you will create the first of two VCNs by using the Start VCN Wizard.
Tasks
2. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
le
3. From the Main Menu, select Networking, and then click Virtual Cloud Networks.
ab
4. In the left navigation pane, under List Scope select your <assigned compartment>.
r
fe
ns
tra
Wizard.
n-
. no
• VCN Name: FRA-AA-LAB04-1-VCN-01
ide a
• Compartment: Select your <assigned compartment>.
Gu as
• VCN CIDR Block: 172.16.0.0/16
•
is ) h
Public Subnet CIDR Block: 172.16.0.0/24
th s
e o.e
• Private Subnet CIDR Block: 172.16.1.0/24

us ho
to ya
se @
en 14

lic k20
10. Click Create.

ac

olr
(s
uz
Cr
es
dr
An

In this section, you will create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Region and select Germany Central
(Frankfurt).
le
ab
r
fe
ns
Wizard.
tra
n-
. no
• Compartment: Select your <assigned compartment>.
ide a
• VCN CIDR Block: 192.168.0.0/16
Gu as
• Public Subnet CIDR Block: 192.168.0.0/24
is ) h
th s
e o.e
us ho
to ya
se @

en 14
9. Click Create.
lic k20
10. Once complete, click View Virtual Cloud Network.

ac
olr
(s
uz
Cr
es
dr
An
34 Networking - Virtual Cloud Network: Configure Local VCN Peering

Add a Local Peering Gateway (LPG) to each VCN
In this section, you will add LPGs to the VCNs.
Tasks
3. Select FRA-AA-LAB04-1-VCN-01.
le
4. In the left navigation pane, under Resources, click Local Peering Gateways (0).
ab
5. Click Create Local Peering Gateway.
r
fe
6. In the Name field, enter: FRA-AA-LAB04-1-LPG-01.
ns
7.
tra
Click Create Local Peering Gateway.
n-
. no
ide a
10. In the left menu, under Resources, click Local Peering Gateways (0).
Gu as
is ) h
12. In the Name field, enter: FRA-AA-LAB04-1-LPG-02.
th s
e o.e

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Connect the VCNs
In this section, you will establish the peering connection between the two VCNs.
Tasks
3. In the left navigation pane, under Resources, click on Local Peering Gateways (1).
le
4. Click the three dots to the right of FRA-AA-LAB04-1-LPG-01 to open the Actions menu and
ab
select (Establish Peering Connection).
r
fe
5. Click Browse Below.
ns
6. Select FRA-AA-LAB04-1-VCN-02 in Virtual Cloud Network.
tra
7. Select FRA-AA-LAB04-1-LPG-02 from the Unpeered Peer Gateway list.
n-
8. Click Establish Peering Connection.
. no
9. Wait for the Peering Status field to change to Peered - Connected to a peer.
ide a
10. Verify that Peer Advertised CIDRs is 192.168.0.0/16.
Gu as
is ) h
th s
e o.e
13. In the left menu, under Resources, click Local Peering Gateways (1).
14. Verify that Peering Status is Peered - Connected to a peer.
us ho
15. Verify that Peer Advertised CIDRs is 172.16.0.0/16.

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Add Route Rules
In this section, you will add route rules to the route table to allow traffic over the peered
connection.
Tasks
le
3. In the left navigation pane, under Resources, click Route Tables (2)
ab
4. Click Default Route Table for FRA-AA-LAB04-1-VCN-01.
r
fe
5. Click Add Route Rules.
ns
6. Select Local Peering Gateway under Target Type.
tra
7. In the Destination CIDR Block field, enter 192.168.0.0/24.
n-
8. Select FRA-AA-LAB04-1-LPG-01 under Target Local Peering Gateway in <assigned
. no
compartment>
ide a
Gu as
is ) h
th s
e o.e
12. In the left navigation pane, under Resources, click Route Tables (2).
us ho
13. Click Default Route Table for FRA-AA-LAB04-1-VCN-02 .

to ya

se @
15. Select Local Peering Gateway under Target Type.

en 14
16. In the Destination CIDR Block field, enter 172.16.0.0/24.

lic k20
17. Select FRA-AA-LAB04-1-LPG-02 under Target Local Peering Gateway in <assigned

ac
compartment>
olr

(s
uz
Cr
es
dr
An

Add Security Rules
In this section, you will enable ICMP from the private IP addresses to the public subnet, allowing
ping communications.
Tasks
le
3. In the left navigation pane, under Resources, click Security Lists (2).
ab
4. Click Default Security List for FRA-AA-LAB04-1-VCN-01.
r
fe
5. Click Add Ingress Rules.
ns
6. In the Source CIDR field, enter 192.168.0.0/24.
tra
7. Select ICMP under IP Protocol.
n-
8. In the Type field, enter 8.
. no
ide a
Gu as
11. Select FRA-AA-LAB04-1-VCN-02
is ) h
th s
e o.e

us ho
15. Enter 172.16.0.0/24 in the Source CIDR field.

to ya
16. In the IP Protocol field, select ICMP.

se @

en 14
lic k20

ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 4-2 Practices
VCN Peering
n-
tra
ns
fe
rab
le
Network: Configure Remote
Get Started
Overview
In this lab, you will use Dynamic Routing Gateways (DRGs) to inter-connect two Virtual Cloud
Networks (VCNs) in different OCI regions.
Note: This lab requires you to subscribe to two regions. Hence, you will not be able to perform
le
it in Free Tier account.
ab
r
Remote VCN Peering
fe
ns
Remote VCN peering is the process of connecting two VCNs, typically, but not required to be
tra
in different regions. Peering allows VCNs' resources to communicate using private IP
n-
addresses.
. no
ide a
Dynamic Routing Gateway
Gu as
is ) h
A Dynamic Routing Gateway is a powerful virtual router that enables VCN connectivity to
th s
on-premises resources and to remote and local VCNs in the current tenancy and in other
e o.e
tenancies.
us ho
Summary of Networking Components for Remote Peering

to ya
se @
The Networking service components required for a remote peering include:

en 14
• DRG attachment to each VCN in the peering relationship.

lic k20
• A remote peering connection (RPC) on each DRG in the peering relationship.

ac
• A connection between those two RPCs.

olr
• Supporting route rules to enable traffic to flow over the connection.

(s
• Supporting security rules to control the types of traffic allowed to and from the
uz
instances in the subnets that need to communicate with the other VCN.
Cr

es
dr
a. Create Virtual Cloud Network 01.

An
b. Create Virtual Cloud Network 02.
c. Create a Dynamic Routing Gateway in each OCI region.
d. Create Remote Peering Connection attachments and establish the connection

between the two DRGs.
e. Add Route Rules.
40 Networking - Virtual Cloud Network: Configure Remote VCN Peering

f.
An
dr
es
Cr
uz
Add Security Rules.
(s
olr
ac
lic k20
en 14
se @
to ya
Networking - Virtual Cloud Network: Configure Remote VCN Peering

us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
41
In this section, you will first create the first of two VCNs by using the Start VCN Wizard.
Tasks
In the console ribbon at the top of the screen, open the Regions menu and select
le
2.
ab
Germany Central (Frankfurt).
r
fe
ns
tra
n-
. no
Wizard.
ide a
Gu as
6. Enter the following values: is ) h
th s
e o.e
• Compartment: Select your assigned <compartment name>

us ho
• VCN CIDR Block: 172.17.0.0/16

to ya

se @

en 14
lic k20
ac
olr
(s
uz

Cr
Click Create.
es
9.
dr

An

In this section, you will first create the second of two VCNs by using the Start VCN Wizard.
Tasks
1. In the console ribbon, at the top of the screen, open the Regions menu and select US
West (Phoenix).
le
ab
r
fe
ns
tra
4. Select the Create VCN with Internet Connectivity option and then click Start VCN
n-
Wizard.
. no
Enter the following values:
ide a
5.
Gu as
• VCN Name: PHX-AA-LAB04-2-VCN-01
•
is ) h
Compartment: Select your assigned <compartment name>.
th s
e o.e
• VCN CIDR Block: 10.0.0.0/16

us ho
to ya

se @
Leave the default values for the remaining fields. Click Next.
en 14
6.
lic k20
ac
olr

(s
uz
8. Click Create.
Cr
When complete, click View Virtual Cloud Network.

es
9.
dr
An
Networking - Virtual Cloud Network: Configure Remote VCN Peering 43

Create a Dynamic Routing Gateway in Each OCI Region
In this section, you will create two DRGs, one in each OCI region, and attach them to the VCNs
you just created.
Tasks
1. In the console ribbon at the top of the screen, open the Regions menu and select
le
ab
r
From the Main Menu, select Networking, and under Customer Connectivity
fe
2.
ns
click Dynamic Routing Gateways.
tra
n-
. no
4. Click Create Dynamic Routing Gateway.
ide a
Gu as
5. In the Name field enter FRA-AA-LAB04-2-DRG-01.
is ) h
6. In the Compartment, select your assigned <compartment name>.
th s
e o.e

us ho
to ya
8. Click Create Virtual Cloud Network Attachment.

se @
en 14
9. Leave the Attachment name field blank.

lic k20
10. Select FRA-AA-LAB04-2-VCN-01 from the Virtual Cloud Network in…

ac
11. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
olr
(s
12. Open the Regions menu and select US West (Phoenix).

uz
Cr
13. Click Create Dynamic Routing Gateway

es
14. In the Name field, enter PHX-AA-LAB04-2-DRG-01.

dr
An
15. Set the Create in Compartment select your assigned <compartment name>.
17. Click Create Virtual Cloud Network Attachment.
18. Leave the Attachment name field blank.

19. Select PHX-AA-LAB04-2-VCN-01 from the Virtual Cloud Network in…
20. Click Create Virtual Cloud Network Attachment to attach your VCN to the DRG.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create Remote Peering Connection Attachments and
Establish the Connection Between the Two DRGs

In this section, you will establish the remote peering connection between the two DRGs.
Tasks
1. In the console ribbon at the top of the screen, open the Regions menu and select US
le
West (Phoenix).
ab
r
fe
2. From the Main Menu, select Networking, and then under Customer Connectivity
ns
click Dynamic Routing Gateways.
tra
Click PHX-AA-LAB04-2-DRG-01.
n-
3.
. no
4. In the left navigation pane, under Resources, click Remote Peering Connections
ide a
Attachments (0).
Gu as
5. is ) h
Click the Create Remote Peering Connection button.
th s
e o.e
6. Enter PHX-AA-LAB04-2-RPC-01 in the Name field.

us ho
Set the Create in compartment field to your assigned <compartment name>.

to ya
7.
se @
8. Click Create Remote Peering Connection.

en 14
lic k20
9. Select PHX-AA-LAB04-2-RPC-01 in the Remote Peering Connection list.

ac
10. Click to Copy the RPC OCID and save the value to Notepad for later use.
olr
(s
11. Open the Regions menu and select Germany Central (Frankfurt).
uz
12. Click FRA-AA-LAB04-2-DRG-01.

Cr
es
13. Under Resources, click Remote Peering Connections Attachments (0).

dr
An
15. Enter FRA-AA-LAB04-2-RPC-01 in the Name field.
16. Set the Create in compartment field to your assigned <compartment name>.

18. Select FRA-AA-LAB04-2-RPC-01 in the Remote Peering Connection list.
19. Click Establish Connection.
West (Phoenix). (us-phoenix-1)
21. Paste the OCID you previously copied and saved to your Notepad into the Remote
Peering Connection OCID field.
le
ab
22. Click Establish Connection.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Add Route Rules
In this section, you will add route rules to the route table to enable traffic over the peered
connection.
Tasks
In the console ribbon at the top of the screen, from the Regions menu, select Germany
le
1.
ab
Central (Frankfurt).
r
fe
ns
tra
n-
. no
ide a
Click Default Route Table for FRA-AA-LAB04-2-VCN-01.
Gu as
5.

is ) h
th s
e o.e
7. Select Dynamic Routing Gateway under Target Type.

us ho
Set the Destination CIDR Block field to 10.0.0.0/24.

to ya
8.
se @
9. Notice that for Target Dynamic Routing Gateway, the DRG: FRA-AA-LAB04-2-DRG-01
en 14
is automatically selected, as well as your assigned Compartment.

lic k20
10. Click the Add Route Rules button.

ac
olr
Note: The route rules that will route traffic from Frankfurt to Phoenix via the DRG have
(s
been successfully added. Now we will configure the return direction.

uz
Cr
West (Phoenix).
es
dr
12. Select PHX-AA-LAB04-2-VCN-01.

An
14. Click Default Route Table for PHX-AA-LAB04-2-VCN-01.
16. Select Dynamic Routing Gateway under Target Type.

17. Set the Destination CIDR Block field to 172.17.0.0/24.
18. Note that the value for Target Dynamic Routing Gateway is automatically set to PHX-
AA-LAB04-2-DRG-01 along with your assigned <compartment name>.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Add Security Rules
In this section, you will enable ICMP from the private IP addresses to the public subnet,
allowing ping communications.
Tasks
le
1. In the console ribbon at the top of the screen, from the Regions menu, select US West
ab
(Phoenix).
r
fe
ns
tra
n-
3. Select PHX-AA-LAB04-2-VCN-01.
. no
ide a
Gu as
5. Click Default Security List for PHX-AA-LAB04-2-VCN-01.
is ) h
th s
e o.e
us ho

to ya
8. Select ICMP from the IP Protocol field.

se @
en 14
9. In the Type field enter 8.

lic k20

ac
olr
11. In the console ribbon at the top of the screen, open the Regions menu and select
(s

uz
12. Select FRA-AA-LAB04-2-VCN-01

Cr
es
dr
An
17. Select ICMP in the IP Protocol field.

.
An
dr
es This completes the lab.
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
Networking - Virtual Cloud Network: Configure Remote VCN Peering

us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
51
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
Balancer
ide a
Lab 5-1 Practice
. no
n-
tra
ns
fe
rab
le
Networking: OCI Load
Get Started
Overview
In this practice, you will configure a Public Load Balancer, including a set of two back-end
compute instances.
Load Balancer
le
ab
The OCI Load Balancer provides automated traffic distribution from one entry point to
r
fe
multiple back-end servers in your VCN. It operates at the connection level and balances
ns
incoming client connections to healthy back-end servers. The service offers a load balancer
tra
with your choice of a regional public or private IP address and provisioned bandwidth.
n-
. no
Summary of Components for OCI Load Balancer Used in This Lab
ide a
• Listener: A logical entity that checks for incoming traffic on the load balancer's IP
Gu as
address
•
is ) h
Back-end server: An application server responsible for generating content in reply to
th s
the incoming traffic
e o.e
• Back-end set: A logical entity defined by a list of backend servers

us ho
• Load balancing policy: A load-balancing policy tells the load balancer how to
to ya
distribute incoming traffic to the back-end servers

se @
en 14
• Health check: A test to confirm the availability of back-end servers

lic k20
• Shape: The Bandwidth capacity of the load balancer

ac

olr
(s
a. Create a Virtual Cloud Network

uz
b. Create two compute instances

Cr
es
c. Create a load balancer

dr
An
OCI Load Balancer 53

54
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
OCI Load Balancer

In this practice, you will create a VCN and associated resources using the VCN Wizard.
Tasks
1. In the console ribbon at the top of the screen, click the Regions icon to expand the menu.
le
ab
r
fe
Click Start VCN Wizard.
ns
3.
tra
n-
Wizard.
. no
ide a
Gu as
• Name: FRA-AA-LAB05-VCN-01
is ) h
• Compartment: Select your assigned <compartment name>.
th s
e o.e
• VCN CIDR Block: 172.17.0.0/16

us ho

to ya

se @
en 14
lic k20
ac
olr
(s

uz
8. Click Create.
Cr
es

dr
An
10. In the left navigation pane, under Resources, click Security Lists.
11. Select Default Security List for FRA-AA-LAB05-VCN-01.

12. Click Add Ingress Rule.
a. For Source CIDR, enter 0.0.0.0/0.
b. For Destination Port Range, enter 80.
c. Click Add Ingress Rules.

Create Two Compute Instances (Back-End Servers)
In this lab, you will create two compute instances and configure them to provide web services.
They will serve as the back-end servers, and will reside in a private subnet.
Tasks
Build the First Compute Instance
le
ab
r
fe
ns
2. From the Main Menu, select Compute, and then click Instances.
tra
n-
3. In the left navigation pane, under List Scope, select your assigned <compartment name>.
. no
ide a
4. Click Create Instance and enter the following values:
Gu as
• Name: FRA-AA-LAB05-VM-01
is ) h
• Compartment: Your assigned <compartment name>.
th s
e o.e
• Placement: AD-1
us ho
• Image: Oracle Linux

to ya
• Shape: Click Change Shape

se @
• Instance Type: Virtual Machine

en 14
• Shape Series: Ampere

lic k20
• Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

ac
• Click Select Shape.

olr
• Networking:
(s
• Primary network: Select existing virtual cloud network.

uz
• Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB05-VCN-01

Cr
• Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB05-VCN-01

es
(regional)
dr
An
• Add SSH Key: No SSH Keys

• Click Show advanced options
• On the Management tab, click Paste cloud-init script under Initialization script.
56 OCI Load Balancer

• Copy and paste the following into the Cloud-init script field (Tip: Copy the below
script in a notepad and ensure that the last 2 lines of the script are copied in a single
line as a single command):
#!/bin/bash -x
iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
yum -y install httpd
systemctl enable httpd.service
systemctl start httpd.service
le
firewall-offline-cmd --add-service=http
ab
firewall-offline-cmd --add-service=https
r
fe
systemctl enable firewalld
ns
systemctl restart firewalld
tra
echo Hello World! My name is FRA-AA-LAB05-WS-01>
/var/www/html/index.html
n-
. no
Note: This script configures and enables the compute instance’s firewall and httpd
ide a
processes.
Gu as
5. Click Create. is ) h
th s
e o.e
Note: The process will take approximately two minutes.

us ho
to ya
se @
Build the Second Compute Instance

en 14
lic k20
ac
olr
(s
uz
Cr

es
dr
An
• Compartment: Your assigned <compartment name>

• Placement: AD-2
• Instance Type: Virtual Machine
• Shape Series: Ampere

• Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)
• Click Select Shape

• Networking:
• Primary network: Select existing virtual cloud network.
• Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB05-VCN-01
• Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB05-VCN-01
(regional)
le
ab
r
• Click Show advanced options
fe
ns
tra
• Copy and paste the following into the Cloud-init script field (Tip: Copy the below
n-
script in a notepad and ensure that the last 2 lines of the script are copied in a single
. no
line as a single command):
ide a
#!/bin/bash -x
Gu as
yum -y install httpd is ) h
th s
e o.e

us ho
to ya
se @

en 14

lic k20
ac
olr
processes.
(s
uz
5. Click Create.
Cr
Note: The process will take approximately two minutes.

es
dr
An

Create a Load Balancer
In this lab, you will create a Load Balancer, and configure the listener, the health check, and
back-end set. You will then add a security rule to the security list of the private subnet.
Tasks
1. From the Main Menu, select Networking, and then click Load Balancers.
le
ab
r
fe
3. Click Create Load Balancer.
ns
tra
4. Select Load Balancer, click Create Load Balancer and enter the following values:
n-
• Load Balancer Name: FRA-AA-LAB05-LB-01
. no
• Choose visibility type: Public
ide a
Gu as
• Assign a public IP address: Ephemeral IP Address
• is ) h
In the Bandwidth section, under Shapes, select Flexible Shapes (Specify Minimum
th s
Bandwidth as 10 Mbps and Maximum Bandwidth as 20 Mbps).
e o.e
• Under Choose Networking, for the Virtual Cloud Network in <compartment

us ho
name>, select FRA-AA-LAB05-VCN-01 and for the Subnet in <compartment name>,

to ya
select Public Subnet-FRA-AA-LAB05_VCN-01.

se @
• Click Next.
en 14
• Under Choose Backends select Weighted Round Robin.

lic k20
• Click Add Backends.

ac
• Select both FRA-AA-LAB05-VM-01 and FRA-AA-LAB05-VM-02.

olr
• Click Add Selected Backends.

(s
• Leave all values at defaults in the Specify Health Check Policy section.
uz
Click Next.
Cr
•
• On the Configure Listener page, enter the following values:
es
dr
• Listener Name: FRA-AA-LAB05-Listener-01

An
• Specify the type of traffic you listener handles: HTTP

Note: The Specify the port your listener monitors for ingress traffic value will
become 80.
• Click Next.
• On the Manage Logging page, set Error Logs to Not Enabled.
5. Click Submit and wait for the status to become Active.

Note: The process will take approximately three minutes.
6. Verify that the Backend Set Health status is OK.
7. Locate and copy the Load Balancer’s IP Address.
8. Paste the copied value into your browser’s address bar to visit the site.
9. A webpage stating Hello World! My name is FRA-AA-LAB05-WS-01 will appear.
le
ab
10. Reload the page to see the other back-end server has provided the message, Hello World!
r
fe
My name is FRA-AA-LAB05-WS-02.
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Purge Instructions
Purge Load Balancer
2. From the navigation menu, select Networking, and then click Load Balancers.
le
ab
r
fe
4. Click FRA-AA-LAB05-LB-01.
ns
tra
5. Click Terminate.
n-
. no
6. Click Terminate when prompted.
ide a
Gu as
is ) h
Purge the First Oracle Linux Compute Instance
th s
e o.e
us ho
to ya
se @
2. From the navigation menu, select Compute, and click Instances.

en 14
lic k20
Click FRA-AA-LAB05-VM-01.
ac
4.
olr
5. Click Terminate.
(s
uz
6. Check Permanently delete the attached boot volume when prompted.

Cr
7. Click Terminate instance.

es
dr
Note: The status for the compute instance will show Terminating.
An
8. Eventually you will see the status of the compute instance will show Terminated and all
buttons for administrative tasks for this Linux Machine will be disabled.

Purge the Second Oracle Linux Compute Instance
2. From the navigation menu, select Compute, and click Instances.
le
Click FRA-AA-LAB05-VM-02.
ab
4.
r
fe
5. Click Terminate.
ns
tra
6. Check Permanently delete the attached boot volume when prompted.
n-
Click Terminate instance.
. no
7.
ide a
Note: The status for the compute instance will show Terminating.
Gu as
8. is ) h
Eventually you will see the status of the compute instance will show Terminated and all
th s
buttons for administrative tasks for this Linux machine will be disabled.
e o.e
us ho
to ya
Purge VCN
se @
en 14
1. Click the navigation menu, click Networking, and then click Virtual Cloud Networks.
lic k20
2. In the left navigation pane, under List Scope, select your assigned compartment from the
ac
Compartment drop-down menu.

olr
(s
3. In the list of VCNs, click the three dots on the right of FRA-AA-LAB05-1-VCN-01 to open
uz
the Actions menu. Select Delete.

Cr
4. Make sure that the Search compartments for resources associated with this VCN check
es
box is selected.
dr
An
5. In the white box that starts with Select which compartments to search for associated
resources, select the Specific compartments option and select your assigned
compartment from the drop-down menu.
6. Click Scan.

OCI Load Balancer

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
7. After the scan is completed, click Delete All.
Note: This process can take up to 2 minutes.
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
63
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
Lab 6-1 Practices
. no
n-
tra
ns
fe
Private DNS Zone
r
Networking – DNS
ab
le
Management: Create a
Get Started
Overview
In this practice, you will configure a private DNS zone and create a DNS A record that
corresponds to a private IP address. You will create two compute instances, one running
Oracle Linux that will be used as a web server, and another running Microsoft Windows, which
will be used as a client.
le
ab
Private DNS Zones
r
fe
ns
Private DNS zones contain DNS data that is accessible only from within a Virtual Cloud
tra
Network (VCN). A private DNS zone has capabilities similar to an Internet DNS zone but
n-
provides responses only for clients that can reach it through a private VCN. Each zone belongs
. no
to a single view.
ide a
Gu as
is ) h
th s
e o.e
b. Create two compute instances

us ho
to ya
c. Create a private DNS zone

se @
Access the private DNS zone from your Windows compute instance
en 14
d.
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Networking – DNS Management: Create a Private DNS Zone 65

Prerequisites
• You will use Remote Desktop Connection (RDC) to access a Windows compute
instance from your personal workstation. You can download RDC here.
Note: Oracle does not provide support for Remote Desktop Connection.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
66 Networking – DNS Management: Create a Private DNS Zone

In this practice, you will create a VCN and associated resources by using the VCN Wizard.
Tasks
le
ab
r
fe
ns
3.
tra
n-
Wizard.
. no
ide a
Gu as
• Name: FRA-AA-LAB06-VCN-01
is ) h
th s
e o.e
• VCN CIDR Block: 172.17.0.0/16

us ho

to ya

se @
en 14
lic k20
ac
olr
(s

uz
8. Click Create.
Cr
es
9. Once complete, click View Virtual Cloud Network.

dr
An
10. Under Resources, select Security Lists
11. Select Security List for Private Subnet-FRA-AA-LAB06-VCN-01.

12. Click Add Ingress Rules and enter the following:
• Source CIDR: 172.16.0.0/12
• Destination Port Range: 80

Create Two Compute Instances
In this practice, you will create two compute instances. One will run Oracle Linux and the
Apache web server and the other will run Microsoft Windows as its operating system.
Tasks
Build the First Compute Instance
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
• Placement: AD-1
us ho

to ya

se @
o Instance Type: Virtual Machine

en 14
o Shape Series: Ampere

lic k20
o Shape Name: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

ac
• Click Select Shape.

olr
• Networking:
(s
o Primary network: Select an existing virtual cloud network.

uz
o Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB06-VCN-01

Cr
o Subnet in <assigned compartment>: Private Subnet-FRA-AA-LAB06-VCN-01

es
(regional)
dr
An

• Click Show advanced options.

• Copy and paste the following into the Cloud-init script field:
#!/bin/bash -x
yum -y install httpd
le
ab
r
fe
ns
tra
n-
. no
processes.
ide a
Gu as
5. Click Create and wait for the status to become Active.
is ) h
th s
Note: The process will take approximately three minutes.
e o.e
us ho
6. Locate the compute instance’s Private IP address under Primary VNIC. Copy the value to
Notepad for later use.
to ya
se @
7. Under Instance details, click Virtual cloud network: FRA-AA-Lab06-VCN-01.

en 14
lic k20
8. Under Resources, click Security List (2).

ac
9. Under Security Lists in <Your Compartment> Compartment, click Default Security List
olr
for FRA-AA-LAB06-VCN-01.
(s
uz

Cr
• Source CIDR: 172.16.0.0/12

es

dr
• Click + Another Ingress Rule

An
• Under Ingress Rule 2, in the Source CIDR field enter 0.0.0.0/0


Build the Second Compute Instance
le
ab
r
fe
ns
tra
• Placement: AD-2
n-
• Image and Shape: Click Change Image.
. no
o Select Windows (Windows Server 2022 Standard)
ide a
o Select I have reviewed and accept the following documents Oracle and
Gu as
Microsoft Windows Terms of Use.
is ) h
Note: It is your responsibility to read and understand the terms of use before
th s
e o.e
accepting.
us ho
o Click Select image.

to ya
• Click Change shape.

se @
o Instance Type: Virtual Machine

en 14
o Shape Series: AMD

lic k20
o Shape Name: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)

ac
• Click Select shape.

olr
• Networking:
(s
o Primary network: Select Existing virtual cloud network.

uz
o Virtual Cloud Network in <assigned compartment>: FRA-AA-LAB06-VCN-01

Cr
o Subnet in <assigned compartment>: Public Subnet-FRA-AA-LAB06-VCN-01

es
(regional)
dr
5. Click Create.
An

Create a Private DNS Zone
In this practice, we will create a private DNS zone and access it from the Windows compute
instance located on the same Virtual Cloud Network where the web server is.
Tasks
le
Ensure that you are in correct region, Germany Central (Frankfurt).
ab
r
2. From the Main Menu, select Networking, Under DNS Management, click Zones.
fe
ns
tra
n-
4. Click the Private Zones tab.
. no
ide a
5. Click Create Zone and enter the following values:
Gu as
• Zone Name: FRA-AA-LAB06-PrivateZone-01.com
is ) h
• Under DNS Private View, click Selecting existing DNS Private View.
th s
e o.e
• Under DNS Private View in <assigned compartment>, select FRA-AA-LAB06-VCN-

01.
us ho
to ya
6. Click Create.
se @
en 14
7. Click Add Record.

lic k20
8. Under Record Type, select A-IPv4 Address.

ac
olr
9. Under TTL, click the lock and set TTL to 30 seconds.

(s
10. In the Address field, enter the web server’s private IP address that you previously pasted
uz
into Notepad.
Cr
es
11. Click Submit.

dr
An
12. Click Publish Changes.
13. Click Publish Changes to confirm.

Access the Private DNS Zone from Your Windows
Compute Instance
In this practice, you will connect to your Windows compute instance from your personal
workstation by using Remote Desktop Connection, launch Internet Explorer, and access the
private DNS zone URL, FRA-AA-LAB06-PrivateZone-01.com.
Tasks
le
ab
r
fe
ns
tra
n-
. no
ide a
4. Click FRA-AA-LAB06-VM-02.
Gu as
is ) h
5. Under Instance Access, click Copy to save your Initial password to your clipboard.
th s
e o.e
6. Save the copied value to your Notepad.

us ho
7. Copy the Public IP Address.

to ya
se @
8. On your personal workstation, open Remote Desktop Connection.

en 14
lic k20
9. Paste the public IP address of your Windows compute instance into the Computer field,
and click Connect.
ac
olr
Note: If there is a warning message, click Yes. If you are connected to any VPN or working on
(s
a restricted network connection, you will not be able to connect to the Windows machine by
uz
using RDP (Remote Desktop Protocol).

Cr
10. Paste the Initial password value that you pasted to Notepad in the Password field.
es
dr
11. Click Connect.

An
Note: You will be prompted to change your password upon your first connection. Do so
and proceed.
12. Once connected to your Windows compute instance with RDC, launch Internet Explorer
(IE).

13. In the top right of the browser window, click the configuration icon and select Internet
Options.
14. Click the Security tab.
15. Deselect Enable Protected Mode and click OK.
Note: You must restart Internet Explorer for the setting to take effect.
le
16. Restart Internet Explorer.
ab
r
fe
17. In the address field, enter FRA-AA-LAB06-PrivateZone-01.com.
ns
tra
18. You will see the custom message: Hello World! My name is FRA-AA-LAB06-WS-01.
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as Instance
ide a
. no
Lab 07-1 Practices
n-
tra
ns
fe
rab
Server on a Compute
le
Compute: Create a Web
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Compute lets you provision and manage compute hosts,
known as instances. You can launch instances as needed to meet your compute and
application requirements. In this lab, you will create a web server on a compute instance.
le
ab
• Launch Cloud Shell
r
fe
• Generate SSH keys
ns
Create a Virtual Cloud Network and its components
tra
•
n-
• Create a compute instance
. no
• Install an Apache HTTP server on the instance
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
Prerequisites
es
• You must have access to the OCI Console.

dr
An
Assumptions
• In this lab, Germany Central (Frankfurt) is considered as your region.
• You must be familiar with navigating the OCI Console.
Compute: Create a Web Server on a Compute Instance 75

Launch Cloud Shell
The OCI Cloud Shell is a web browser–based terminal accessible from the OCI Console. It
provides access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
le
ab
1. Sign in to your Oracle Cloud Infrastructure Console.
r
fe
In the Console ribbon at the top of the screen, click the Region icon to expand the menu.
ns
2.
tra
n-
3. Click the Cloud Shell icon next to the Region in the Console ribbon.
. no
ide a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu as
selected in the Console's region selection menu when the Cloud Shell is started.
is ) h
This displays the Cloud Shell in a "drawer" at the bottom of the console.
th s
e o.e
4. You can use the icons in the top-right corner of the Cloud Shell window to minimize,
us ho
maximize, and close your Cloud Shell session.

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
76 Compute: Create a Web Server on a Compute Instance

Generate SSH Keys
In this practice, you will generate SSH keys using Cloud Shell.
Tasks
1. From the OCI Console, click the Cloud Shell icon next to the region in the Console ribbon.
le
2. After the Cloud Shell has started, run the following commands:
ab
r
$ mkdir .ssh
fe
ns
Important: In case you get an error that says, “cannot create director: File exists”, you can
tra
skip running the first command.
n-
. no
$ cd .ssh
ide a
$ ssh-keygen -b 2048 -t rsa –f <<sshkeyname>>
Gu as
is ) h
Replace <<sshkeyname>> with ociaalab7key. Select the key name you can
th s
remember. This will be the key name you will use to connect to the compute instance you
e o.e
create.
us ho
to ya
Note: If you receive an error message for the above command, enter the command
se @
manually.
en 14
Remember:
lic k20
After entering the third command, press Enter twice for no passphrase.
ac
▪
olr
▪ Do not include the angle brackets «» and $ symbol when pasting code into Cloud
(s
Shell.
uz
Cr
3. Examine the two files that you just created by running the following command:
es
$ ls
dr
An
Note: In the output, there are two files, a private key: <<sshkeyname>> and a public
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
anyone. The public key will be needed for various activities and can be uploaded to certain
systems as well as copied and pasted to facilitate secure communications in the cloud.

4. To list the contents of the public key, run the following command:
$ cat <<sshkeyname>>.pub
Replace <<sshkeyname>> with ociaalab7key.
Note: The angle brackets «» should not appear in your code.
5. Copy the contents of the public key as you will require this in a subsequent step. Make
le
sure that you remove any hard returns that may have been added when copying.
ab
The .pub key should be one line.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Virtual Cloud Network and Its Components
In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway
and add route rules in the route table.
Tasks
1. From the Main Menu, under Networking, click Virtual Cloud Networks.
le
ab
2. Click Create VCN.
r
fe
In the Create a Virtual Cloud Network dialog box, populate the following information:
ns
3.
tra
a. Name: FRA-AA-LAB07-1-VCN-01
n-
. no
b. Create in Compartment: <your compartment>
ide a
IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
Gu as
c.
is ) h
4. Keep the other options default and click Create VCN.
th s
e o.e
You can see that the VCN is created successfully.

us ho
to ya
5. Click FRA-AA-LAB07-1-VCN-01 VCN to view the details page.

se @
Click Create Subnet.

en 14
6.
lic k20
7. In the Create Subnet dialog box, populate the following information:

ac
a. Name: FRA-AA-LAB07-1-SNET-01
olr
(s
b. Create in Compartment: <your compartment>

uz
Cr
c. Subnet Type: Regional

es
d. IPv4 CIDR Blocks: 10.0.1.0/24

dr
An
e. Subnet Access: Public Subnet
8. Keep the other options default and click Create Subnet.
You can see that the subnet is created successfully, and the state is Available.
9. Under Resources in the left navigation panel, click Internet Gateways.

10. Click Create Internet Gateway.
11. In the Create Internet Gateway dialog box, populate the following information:
a. Name: FRA-AA-LAB07-1-IG-01
b. Create In Compartment: <your compartment>
le
ab
You can see that Internet Gateway is created successfully and the state is Available.
r
fe
13. Under Resources in the left navigation panel, click Route Tables.
ns
tra
n-
. no
ide a
Gu as
16. In the Add Route Rules dialog box, populate the following information:
is ) h
a. Target Type: Internet Gateway
th s
e o.e
b. Destination CIDR Block: 0.0.0.0/0

us ho
to ya
c. Target Internet Gateway: FRA-AA-LAB07-1-IG-01

se @

en 14
lic k20
You can see that the route rule is successfully added in the default Route Table.
ac
18. Navigate back to the Virtual Cloud Networks page from the Main Menu.
olr
(s
19. Click FRA-AA-LAB07-1-VCN-01 VCN to view the details page.

uz
Cr
20. Under Resources in the left navigation panel, click Security Lists.
es

dr
An
22. Here, you need to open port 80. Click Add Ingress Rules.

23. In the Add Ingress Rules dialog box, populate the following information:
a. Source Type: CIDR
b. Source CIDR: 0.0.0.0/0
c. IP Protocol: TCP
d. Destination Port Range: 80
le
ab
Note: Do not select the Stateless check box. The Source Port Range field is set to All by
r
fe
default.
ns
24. Click Add Ingress Rule.
tra
n-
You can see that the rule is successfully added.
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Compute Instance
In this practice, you will launch a compute instance and connect to it.
Tasks
1. From the OCI Console Main Menu, under Compute, click Instances.
le
2. Click Create instance.
rab
3. In the Create compute instance dialog box, populate the following information:
fe
ns
a. Name: FRA-AA-LAB07-1-VM-01
tra
n-
b. Create in compartment: <your compartment>
. no
Placement (Availability domain): AD 1
ide a
c.
Gu as
Click Show advanced options and select On-demand capacity under Capacity type.
is ) h
th s
Image: Oracle Linux 8
e o.e
d.
us ho
e. Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]

to ya
Primary network: Select an existing virtual cloud network.

se @
f.
en 14
g. Virtual cloud network in <your compartment>: FRA-AA-LAB07-1-VCN-01

lic k20
h. Subnet: Select an existing subnet.

ac
olr
i. Subnet in <your compartment>: FRA-AA-LAB07-1-SNET-01 (regional)

(s
uz
j. Public IP address: Assign a public IPv4 address.

Cr
k. Add SSH keys: Paste public keys.

es
dr
l. SSH Keys: <public key> (Paste the public key which you copied in Step 5 of Generate
An
SSH Keys practice.)
Note: Keep the default option for Boot volume.
4. Click Create.
You will see that the Instance is created successfully, and the state is Running.

5. Copy the Public IP corresponding to the FRA-AA-LAB07-1-VM-01 instance and paste it in
the Notepad.
6. Click the Cloud Shell icon next to the Region at the top of the screen.
7. Run the following command using SSH to connect to your instance:
$ ssh -i <private_key_file> <username>@<public-ip-address>
le
a. The <private_key_file> is the full path and name of the file that contains the
ab
private key associated with the instance you want to access.
r
fe
ns
b. The <username> is the default user opc.
tra
The <public-ip-address> is the public IP address of the instance.
n-
c.
. no
Note: Enter yes in response to - Are you sure you want to continue connecting (yes/no)?
ide a
Gu as
You are now connected to the instance FRA-AA-LAB07-1-VM-01.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Install an Apache HTTP Server on the Instance
The HTTP Server is an open-source web server developed by the Apache Software
Foundation. The Apache server hosts web content and responds to requests for this content
from web browsers such as Chrome or Firefox.
In this practice, you will install an Apache HTTP web server and connect to it over the public
Internet.
le
ab
Tasks
r
fe
ns
1. On the OCI Console, click the Cloud Shell icon at the top of the screen.
tra
While connected to your compute instance via SSH, run the following commands:
n-
2.
. no
a. Install Apache HTTP:
ide a
Gu as
$ sudo yum install httpd -y
is ) h
b. Start the Apache server and configure it to start after system:
th s
e o.e
$ sudo apachectl start

us ho
to ya
$ sudo systemctl enable httpd

se @
c. Run a quick check on Apache configurations:

en 14
lic k20
$ sudo apachectl configtest

ac
d. Create firewall rules to allow access to the ports on which the HTTP server listens:
olr
(s
$ sudo firewall-cmd --permanent --zone=public --add-

service=http
uz
Cr
$ sudo firewall-cmd --reload

es
Create an index file for your web server.

dr
e.
An
$ sudo bash -c 'echo This is my Web-Server running on Oracle

Cloud Infrastructure >> /var/www/html/index.html'

3. Open your browser and enter http://Public-IPAddress in the address bar (the IP
Address of the Compute Instance).
You should see the index page of the web server we created in the second step (last point).
This is my Web-Server running on Oracle Cloud Infrastructure.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as Instances
ide a
. no
Lab 08-1 Practices
n-
tra
ns
fe
rab
le
Reservation and Launch
Compute: Create a Capacity
Get Started
Overview
The capacity reservations allow you to reserve compute capacity in advance and use this
capacity when you create instances against the reservation. There is no minimum time or size
commitment. You can create, modify, and terminate your capacity reservation at any time.
le
ab
• Create a Virtual Cloud Network and a subnet
r
fe
• Create a capacity reservation
ns
Add a capacity configuration
tra
•
n-
• Create instances in a capacity reservation.
. no
• Move an instance out of a capacity reservation.
ide a
• Add an instance to a capacity reservation
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
Prerequisites
uz
Cr

es
Assumptions
dr
An

Compute: Create a Capacity Reservation and Launch Instances 87

Create a Virtual Cloud Network and a Subnet
In this practice, you will create a Virtual Cloud Network (VCN) and a subnet.
Tasks
1. Sign in to your Oracle Cloud Infrastructure (OCI) Console.
le
2. From the Main Menu, under Networking, select Virtual Cloud Networks.
rab
3. Click Create VCN.
fe
ns
4. In the Create a Virtual Cloud Network dialog box, populate the following information:
tra
n-
a. Name: FRA-AA-LAB08-1-VCN-01.
. no
Create In Compartment: <your compartment>
ide a
b.
Gu as
c. IPv4 CIDR Blocks: 10.0.0.0/16 (Press Enter to add.)
is ) h
th s
Keep all the other options default and click Create VCN.
e o.e
5.
us ho
You can see that the VCN is created successfully.

to ya
Click FRA-AA-LAB08-1-VCN-01 VCN to view the details page and click Create Subnet.
se @
6.
en 14

lic k20
a. Name: FRA-AA-LAB08-1-SNET-01
ac
olr
b. Create In Compartment: <your compartment>

(s
uz
c. Subnet Type: Regional (Recommended)

Cr
d. IPv4 CIDR Blocks: 10.0.1.0/24.

es
dr
e. Subnet Access: Public Subnet

An
8. Keep all the other options default and click Create Subnet.
You can see that the subnet is created successfully, and the state is Available.
88 Compute: Create a Capacity Reservation and Launch Instances

Create a Capacity Reservation
In this practice, you will create a capacity reservation.
Tasks
1. From the Main Menu, under Compute, click Capacity Reservations.
le
2. Click Create capacity reservation.
ab
r
3. In the Create capacity reservation dialog box, populate the following information in the
fe
Add basic details section:
ns
tra
a. Name: FRA-AA-LAB08-1-RESV-01
n-
. no
b. Create in compartment: <your compartment>
ide a
Availability domain: <first availability domain>
Gu as
c.
is ) h
Note: Do not select the Make this reservation the default for this availability
th s
e o.e
domain check box.

us ho
4. Click Next.
to ya
se @
5. In the Add capacity configurations dialog box, populate the following information:
en 14
Fault Domain: First available

lic k20
a.
ac
b. Shape: VM.Standard.A1.Flex (1 OCPU, 6 GB Memory)

olr
c. Count: 1
(s
uz
6. Click Next.
Cr
7. Review the capacity reservation and capacity configuration information.

es
dr
8. Click Create.
An
You can now see that the capacity reservation is created successfully.

Add a Capacity Configuration
In this practice, you will add a capacity configuration to an existing capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Capacity Reservations.
le
2. Click the capacity reservation FRA-AA-LAB08-1-RESV-01.
rab
3. Click Add capacity configuration.
fe
ns
4. In the Add capacity configurations dialog box, populate the following information:
tra
n-
a. Fault Domain: First available
. no
Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
ide a
b.
Gu as
c. Count: 1 is ) h
th s
Click Add configuration.
e o.e
5.
us ho
You can now see two capacity configurations in the capacity reservation.
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create Instances in a Capacity Reservation
In this practice, you will create instances in a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Capacity Reservations.
le
ab
r
3. Under Resources in the left navigation panel, click Created instances.
fe
ns
4. Click Create instance and populate the following information:
tra
n-
. no
Create in compartment: <your compartment>
ide a
b.
Gu as
c. Placement (Availability domain): AD 1 is ) h
th s
Capacity type: Capacity reservation
e o.e
d.
us ho
e. Capacity reservation: FRA-AA-LAB08-1-RESV-01

to ya
Fault Domain: Let Oracle choose the best fault domain.

se @
f.
en 14
g. Image: Oracle Linux 8

lic k20
h. Shape: VM.Standard.A1.Flex (1 OCPU, 6GB Memory)

ac
olr
Note: If the capacity reservation doesn’t have a configuration for a shape, you will see
(s
this icon in front of the Shape name.

uz
Cr
i. Networking: FRA-AA-LAB08-1-VCN-01
es
dr
j. Subnet: FRA-AA-LAB08-1-SNET-01 (regional)

An
k. Public IP address: Do not assign a public IPv4 address.
l. Add SSH keys: No SSH keys
Note: Keep the default option for Boot volume.

5. Click Create.
In a couple of minutes, you can see that the instance is created successfully, and the state
is Running.
6. Navigate back to the Capacity Reservations page under Compute from the Main Menu.
le
Under Capacity configurations, you can see that the Used capacity for
ab
VM.Standard.A1.Flex Instance type is 1, and the Reserved capacity is 1.
r
fe
Repeat steps 1 through 5 to create another instance with the following changes:
ns
8.
tra
n-
. no
b. Shape: VM.Standard.E4.Flex (1 OCPU, 8 GB Memory)
ide a
For changing Shape, click Change Shape and click AMD under Shape series. Then
Gu as
select VM.Standard.E4.Flex is ) h
th s
e o.e
9. Populate all other fields as per Step 4 and click Create.

us ho
10. Navigate back to the Capacity Reservations page from the Main Menu.
to ya
se @

en 14
Under Capacity configurations, you can see that the Used capacity for
lic k20
VM.Standard.E4.Flex Instance type is 1. The Reserved capacity is 1.

ac
olr
(s
uz
Cr
es
dr
An

Move an Instance out of a Capacity Reservation
In this practice, you will move an instance out of a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Instances.
le
2. Click the instance FRA-AA-LAB08-1-VM-02.
ab
r
3. From the More Actions drop-down menu, select Edit.
fe
ns
4. Click Show advanced options, and then click the Placement tab.
tra
n-
5. Deselect the Apply a capacity reservation check box.
. no
Click Save changes.
ide a
6.
Gu as
7. Navigate back to the Main Menu and click Compute. Under Compute, click Capacity
is ) h
Reservations.
th s
e o.e

us ho
to ya
9. Under Capacity configurations, you can see that the Used capacity for
se @
VM.Standard.E4.Flex Instance type is 0.

en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Adding an Instance to a Capacity Reservation
In this practice, you will add an instance to a capacity reservation.
Tasks
1. From the Main Menu, under Compute, select Instances.
le
rab
3. From the More Actions drop-down menu, select Edit.
fe
ns
4. Click Show advanced options, and then click the Placement tab.
tra
n-
5. Select the Apply a capacity reservation check box.
. no
Select FRA-AA-LAB08-1-RESV-01 under Capacity reservation.
ide a
6.
Gu as
7. Click Save changes. is ) h
th s
Navigate back to the Main Menu and select Compute. Under Compute, click Capacity
e o.e
8.
Reservations.
us ho
to ya

se @
10. Under Capacity configurations, you can see that the Used capacity for
en 14
VM.Standard.E4.Flex Instance type is 1.

lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 09-1 Practices
n-
tra
ns
fe
rab
Compute: Configure
le
Metric-Based Autoscaling
Get Started
Overview
Autoscaling lets you automatically adjust the number or the lifecycle state of compute
instances in an instance pool. This helps you provide consistent performance for your end
users during periods of high demand, and reduce your costs during periods of low demand.
le
rab
a. Create a Virtual Cloud Network (VCN) and its components
fe
ns
b. Create a load balancer
tra
n-
c. Create a compute instance and a custom image
. no
ide a
d. Create an instance configuration
Gu as
e. Create an instance pool is ) h
th s
e o.e
f. Create a metric-based autoscaling configuration

us ho
g. Test autoscaling
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
96 Compute: Configure Metric-Based Autoscaling

Prerequisites
Assumptions
• In this lab we are using Germany Central (Frankfurt) region.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Compute: Configure Metric-Based Autoscaling 97

In this practice, you will create a Virtual Cloud Network (VCN), subnet, and Internet gateway,
and add route rules in the route table.
Tasks
le
ab
2. From the navigation menu, under Networking, select Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
n-
. no
• Name: FRA-AA-LAB09-1-VCN-01
ide a
Gu as
• Create In Compartment: <your compartment>
is ) h
• IPv4 CIDR Blocks: 10.0.0.0/16
th s
e o.e
5. Keep all the other options default and click Create VCN.
us ho
to ya
Note: You can see that the VCN is created successfully.

se @
Click FRA-AA-LAB09-1-VCN-01 to view the details and click Create Subnet.

en 14
6.
lic k20

ac
• Name: FRA-AA-LAB09-1-SNET-01
olr
(s

uz
Cr
• Subnet Type: Regional

es
• IPv4 CIDR Blocks: 10.0.1.0/24

dr
An
• Subnet Access: Public Subnet
8. Keep all the other options default and click Create Subnet.
9. Under Resources in the left navigation panel, click Internet Gateways.

10. Click Create Internet Gateway and populate the following information:
• Name: FRA-AA-LAB09-1-IG-01
You can see that the internet gateway is created successfully, and the state is Available.
le
ab
12. Under Resources in the left navigation panel, click Route Tables.
r
fe
ns
tra
14. Click Add Route Rules and populate the following information:
n-
. no
• Target Type: Internet Gateway
ide a
Gu as
• Destination CIDR Block: 0.0.0.0/0
is ) h
• Target Internet Gateway: FRA-AA-LAB09-1-IG-01
th s
e o.e

us ho
to ya
16. Using the breadcrumb list at the top of the screen, return to the VCN page by selecting
se @
FRA-AA-LAB09-1-VCN-01.
en 14
17. Under Resources in the left navigation panel, click Security Lists.
lic k20
ac

olr
19. Click Add Ingress Rule and populate the following information:
(s
uz
• Source Type: CIDR

Cr
• Source CIDR: 0.0.0.0/0

es
dr
• IP Protocol: TCP
An
• Source Port Range: All
Note: Do not select Stateless.

Create a Load Balancer
The Oracle Cloud Infrastructure (OCI) Load Balancer provides automated traffic distribution
from one entry point to multiple servers reachable from your VCN. A load balancer improves
resource utilization, facilitates scaling, and helps ensure high availability.
In this practice, you will create a public load balancer.
le
Tasks
rab
From the navigation menu, under Networking, select Load Balancers.
fe
1.
ns
Click Create Load Balancer.
tra
2.
n-
3. Select Load Balancer Type as Load Balancer and click Create Load Balancer.
. no
ide a
4. In the Add Details section, populate the following information:
Gu as
• Load Balancer Name: FRA-AA-LAB09-1-LB-01
is ) h
th s
e o.e
• Choose visibility type: Public

us ho
• Assign a public IP address: Ephemeral IP Address

to ya
se @
• Shapes: Flexible Shapes

en 14
• Choose the minimum bandwidth: 10

lic k20
ac
• Choose the maximum bandwidth: 20

olr
• Virtual Cloud Network in <your compartment>: FRA-AA-LAB09-1-VCN-01

(s
uz
• Subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01 (regional)

Cr
Click Next.
es
5.
dr
6. In the Choose Backends section, select Weighted Round Robin in the Specify a Load
An
Balancing Policy field.
Note: Do not click Add Backends and keep the Specify Health Check Policy field default.
7. Click Show Advanced Options and enter FRA-AA-LAB09-1-LB-BS-01 in the Backend

Set Name field.

8. Click Next.
9. In the Configure Listener section, populate the following information:
• Listener Name: FRA-AA-LAB09-1-LB-LS-01
• Specify the type of traffic your listener handles: HTTP
• Specify the port your listener monitors for ingress traffic: 80
le
ab
10. Click Next.
r
fe
ns
11. In the Manage Logging section, disable Error Logs and Access Logs.
tra
12. Click Submit.
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Compute Instance and a Custom Image
In this practice, you will create SSH keys, launch a compute instance, install Apache HTTP
server, and create a custom image.
Tasks
1. Click the Cloud Shell icon in the console header next to the Region icon.
le
ab
2. After the Cloud Shell has started, run the following command:
r
fe
$ mkdir .ssh
ns
Important: In case you get an error that says, “cannot create director: File exists”, you can
tra
skip running the first command.
n-
. no
$ cd .ssh
ide a
Gu as
Replace <sshkeyname> with ociaalab9key. Select the key name you can remember.
is ) h
This will be the key name you will use to connect to the compute instance you create.
th s
e o.e
Remember:
us ho
• After entering the third command, press Enter twice for no passphrase.
to ya
se @
• Do not include the angle brackets «» and $ symbol when pasting code into Cloud
en 14
Shell.
lic k20
ac
$ ls
olr
(s
Note: In the output there are two files, a private key: <sshkeyname> and a public
uz
key: <sshkeyname>.pub. Keep the private key safe and don’t share its content with
Cr
es
dr
To list the contents of the public key, run the following command:
An
4.
Replace <<sshkeyname>> with ociaalab9key.
5. Copy the contents of the public key as you will need this in a subsequent step. Make sure
that you remove any hard returns that may have been added when copying. The .pub
key should be one line.

6. From the navigation menu, under Compute, click Instances.
• Name: FRA-AA-LAB09-1-VM-01
• Create in compartment: <your compartment>
• Availability Domain: AD 1
le
ab
r
fe
ns
• Image: Oracle Linux 8
tra
• Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
n-
. no
• Primary Network: Select existing virtual cloud network.
ide a
Gu as
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
is ) h
• Subnet: Select existing subnet.
th s
e o.e

us ho
to ya
• Public IP address: Assign a public IPv4 address.

se @
en 14
• Add SSH keys: Paste public keys.

lic k20
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
ac
Keep the Boot Volume default and click Create.

olr
8.
(s
Note: In a couple of minutes, you will see that the Instance is created successfully, and the
uz
state is Running.
Cr
Open Cloud Shell and log in to your instance by running the following command:
es
9.
dr

An
Remember:
• <private_key_file> is the full path and name of the file that contains the private
key associated with the instance you want to access.
• <username> is the default user opc.

• <public-ip-address> is the public IP address of the instance.
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”.
10. While connected to your Compute instance via SSH, run the following commands:
• Install Apache http:

$ sudo yum install httpd -y
le
• Start the Apache server and configure it to start after system:
ab
$ sudo apachectl start
r
fe
$ sudo systemctl enable httpd
ns
tra
• Run a quick check on Apache configurations:
n-
$ sudo apachectl configtest
. no
• Create firewall rules to allow access to the ports on which the HTTP server listens:
ide a
$ sudo firewall-cmd --permanent --zone=public --add-service=http
Gu as
$ sudo firewall-cmd --reload
is ) h
th s
• Create an index file for your web server:
e o.e
$ sudo bash -c 'echo $(hostname) >> /var/www/html/index.html'

us ho
11. Now that you have a compute instance and Apache web server installed, you need to
to ya
create a custom image from it.

se @
en 14
12. From the navigation menu, under Compute, select Instances.

lic k20
13. Click the FRA-AA-LAB09-1-VM-01 instance.

ac
olr
14. From the More Actions drop-down list, select Create custom image.
(s
uz
15. In the Create custom image dialog box, populate the following information:
Cr

es
dr
• Name: FRA-AA-LAB09-1-CIM-01
An
16. Click Create custom image.
Note: Now, you need to create a new compute instance based on the custom image. Once
the custom image has been successfully created, you have to delete the instance FRA-
AA-LAB09-1-VM-01 as it is no longer required.
17. From the navigation menu, under Compute, select Instances.

• Name: FRA-AA-LAB09-1-VM-02
• Availability Domain: AD 1
le
ab
• Image: FRA-AA-LAB09-1-CIM-01
r
fe
ns
Note: To select the custom image, click Change image and select Custom images in
tra
the Image source field. Select <your compartment> in the Compartment field. Then,
select the custom image you just created from the list.
n-
. no
• Shape: Select VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere]
ide a
Gu as
• Primary Network: Select existing virtual cloud network.
is ) h
• Virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01
th s
e o.e
• Subnet: Select an existing subnet.

us ho
to ya

se @
en 14
• Public IP address: Assign a public IPv4 address.

lic k20
• Add SSH keys: Paste public keys.

ac
olr
• SSH Keys: <contents of the public key> (which is copied in Step 5 of this practice)
(s
19. Keep the Boot Volume default and click Create.

uz
Cr
es
dr
An

Create an Instance Configuration
The instance configurations let you define the settings to use when creating compute
instances.
In this practice, you will create an instance configuration and subsequently use it to create one
or more instances in an instance pool.
le
Tasks
rab
From the navigation menu, under Compute, select Instances.
fe
1.
ns
Click FRA-AA-LAB09-1-VM-02 (the instance of an image you want to use as a template
tra
2.
to create the instance configuration).
n-
. no
3. From the More Actions drop-down list, select Create instance configuration.
ide a
Gu as
4. In the Create instance configuration dialog box, populate the following information:
is ) h
th s
e o.e
• Name: FRA-AA-LAB09-1-INST-CF-01
us ho
to ya
5. Click Create instance configuration.

se @
en 14
Note: You will see that the instance configuration is created successfully.
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create an Instance Pool
The instance pools let you create and manage multiple compute instances within the same
region as a group. Before you create an instance pool, you need an instance configuration and
optionally a load balancer and back-end set.
In this practice, you will create an instance pool.
le
Tasks
ab
r
From the navigation menu, under Compute, select Instance Pools.
fe
1.
ns
Click Create instance pool.
tra
2.
n-
3. In the Add basic details section, populate the following information:
. no
ide a
• Name: FRA-AA-LAB09-1-INST-PL-01
Gu as
• is ) h
Create in compartment: <your compartment>
th s
e o.e
• Instance configuration in <your compartment>: FRA-AA-LAB09-1-INST-CF-01

us ho
• Number of instances: 2
to ya
se @
4. Click Next.
en 14
In the Configure pool placement section, you will select the location where you want to
lic k20
5.
place the instances. Populate the following information:
ac
olr
• Availability domain: AD 1
(s
• Select a virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01

uz
Cr
• Select a subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01

es
Note: You can leave the Fault domains field blank.

dr
An
6. To create instances in more than one availability domain, click + Another availability
domain and populate the following information:
• Availability domain: AD 2
• Select a virtual cloud network in <your compartment>: FRA-AA-LAB09-1-VCN-01

• Select a subnet in <your compartment>: FRA-AA-LAB09-1-SNET-01
Note: You can leave the Fault domains field blank.
7. Select the Attach a load balancer check box and populate the following information:
• Load balancer type: Load Balancer
• Load balancer in <your compartment>: FRA-AA-LAB09-1-LB-01
le
ab
• Backend set: FRA-AA-LAB09-1-LB-BS-01
r
fe
ns
• Port: 80
tra
Note: This field is the server port on the instances to which the load balancer must
n-
direct traffic.
. no
ide a
• VNIC: Primary VNIC
Gu as
8. Click Next. is ) h
th s
e o.e
9. Review the instance pool details and click Create.

us ho
Note: You will see that the instance pool creation is successful.
to ya
se @
10. Under Resources in the left navigation panel, click Attached instances. You should see
en 14
two instances in the Running state.

lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Metric-Based Autoscaling Configuration
In metric-based autoscaling, you select a performance metric to monitor, and set thresholds
that the performance metric must reach to trigger an autoscaling event. When system usage
meets a threshold, autoscaling dynamically resizes the instance pool in near-real time. As load
increases, the pool scales out. As load decreases, the pool scales in.
In this practice, you will create a metric-based autoscaling configuration.
le
ab
Tasks
r
fe
ns
1. From the navigation menu, under Compute, click Autoscaling Configurations.
tra
2. Click Create autoscaling configuration.
n-
. no
3. In the Add basic details section, populate the following information:
ide a
Gu as
• Name: FRA-AA-LAB09-1-AS-CF-01
is ) h
th s
e o.e
• Instance Pool: FRA-AA-LAB09-1-INST-PL-01

us ho
to ya
4. Click Next.
se @
en 14
5. In the Configure autoscaling policy section, select Metric-based autoscaling. Then

lic k20
populate the following information:

ac
• Autoscaling policy name: FRA-AA-LAB09-1-AS-POL-01

olr
(s
• Cooldown in seconds: 300

uz
• Performance metric: CPU utilization

Cr
es
6. In the Scale-out rule subsection, populate the following information:

dr
Scale-out operator: Greater than (>)

An
• Threshold percentage: 70
• Number of instances to add: 1

7. In the Scale-in rule subsection, populate the following information:
• Scale-in operator: Less than (<)
• Threshold percentage: 20
• Number of instances to remove: 1
8. In the Scaling limits subsection, populate the following information:
le
ab
• Minimum number of instances: 1
r
fe
ns
• Maximum number of instances: 3
tra
• Initial number of instances: 2
n-
. no
9. Click Next.
ide a
Gu as
10. Review the autoscaling configuration and click Create.
is ) h
Note: You will see that the autoscaling configuration is created successfully and the state
th s
e o.e
is Enabled.
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Test Autoscaling
In the metric-based autoscaling, you choose a performance metric to monitor, and set
thresholds that the performance metric must reach to trigger an autoscaling event. When
system usage meets a threshold, autoscaling dynamically resizes the instance pool in
near-real time. As load increases, the pool scales out. As load decreases, the pool scales in.
In this practice, you will test a metric-based autoscaling configuration.
le
ab
Tasks
r
fe
ns
1. From the navigation menu, under Compute, select Instance Pools.
tra
Click FRA-AA-LAB09-1-INST-PL-01.
n-
2.
. no
3. Under Resources in the left navigation panel, click Attached instances.
ide a
Gu as
Note: After a few minutes, you will notice that one of the instances is terminated due to
is ) h
the scale-in rule you defined. Please note that initially two instances were in Running
th s
state.
e o.e
us ho
Note: You might have to wait for a couple of minutes before the scale in occurs.
to ya
4. Click the instance. (You will see only one instance here.)
se @
en 14
5. Open Cloud Shell and use SSH to log in to your instance by running the following
lic k20
command:
ac

olr
Remember:
(s
uz
• <private_key_file> is the full path and name of the file that contains the private
Cr

es
• <username> is the default user opc.

dr
An
• <public-ip-address> is the public IP address of the instance.
Note: Enter yes in response to “Are you sure you want to continue connecting (yes/no)?”
6. To install the stress package, run the following command:

$ sudo dnf makecache
$ sudo dnf install stress-ng-0.14.00-1.el8.aarch64

7. To generate stress, run the following command:
$ stress-ng --cpu 2 -t 5m
8. From the navigation menu, under Compute, select Instance Pools.
9. Click FRA-AA-LAB09-1-INST-PL-01.
10. Under Resources in the left navigation panel, click Attached instances.
le
Note: After a few minutes, you will notice that one of the instances will be added to the
ab
instance pool due to the scale-out rule you defined.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 10-1 Practices
n-
tra
ns
fe
rab
le
Object Storage: Create and
Manage OCI Object Storage
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage provides unlimited capacity with high
durability and scalability. It is highly reliable and cost efficient. The object storage resources
include namespace, bucket, and object.
le
The Object Storage is characterized with strong consistency and security with encryption. By
ab
creating unlimited buckets, you can add as many objects as required with a maximum of 10TiB
r
fe
per object. In this lab, you will work on buckets, object versioning, object lifecycle
ns
management, replication policy, and retention rule.
tra
n-
. no
• Create an object storage bucket
ide a
• Upload an object to a bucket
Gu as
• Configure a lifecycle policy rule for the bucket
is ) h
• Create a replication policy for the bucket
th s
e o.e
• Create a retention rule for the bucket

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
114 Object Storage: Create and Manage OCI Object Storage

An
dr
es
Cr
uz
(s
olr
ac
lic k20
Object Storage: Create and Manage OCI Object Storage

en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
115
116
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
Object Storage: Create and Manage OCI Object Storage

Create an Object Storage Bucket
In this practice, you will create an Object Storage bucket.
Select the region available in the tenancy allotted to you. In this lab, we will use Germany
Central (Frankfurt) as our region.
If you are not in the Germany Central (Frankfurt) region, specify the correct region key
le
corresponding to your region in place of FRA. Visit Regions and Availability Domains
ab
(oracle.com) for information about the region key.
r
fe
Tasks
ns
tra
Sign in to your Oracle Cloud Infrastructure (OCI) account.
n-
1.
. no
2. From the Main Menu, select Storage.
ide a
Gu as
3. Under Object Storage and Archive Storage, click Buckets.
is ) h
From the left navigation panel, select the compartment in which you have permission to
th s
4.
e o.e
work. Then the page updates to display only the resources in that compartment.
us ho
5. Click Create Bucket.

to ya
se @
6. In the Create Bucket dialog box, specify the following attributes of the bucket:
en 14
lic k20
▪ Bucket Name: Enter FRA-AA-LAB10-1-BKT-01-xxx as the name for the bucket.

Specify a random number in place of xxx to make it unique.
ac
olr
▪ Default Storage Tier: Select the default tier in which you want to store the data. After
(s
it is set, you cannot change the default storage tier of a bucket. When you upload
uz
objects, this tier will be selected by default. You can, however, select a different tier. In
Cr
this case, select Standard, which is the primary and default storage tier used for the
Object Storage.
es
dr
▪ Enable Auto-Tiering: Auto-Tiering helps you automatically move objects between

An
Standard and Infrequent Access tiers based on their access patterns. Do not enable this
field now.
▪ Enable Object Versioning: Versioning directs object storage to automatically create an

object version each time a new object is uploaded, an existing object is overwritten, or
when an object is deleted. You can enable it while creating a bucket or later. Do not
enable this field now.
Object Storage: Create and Manage OCI Object Storage 117

▪ Emit Object Events: Emit Object Events lets the bucket to emit events for object state
changes. Do not select this field now.
▪ Encryption: Buckets are encrypted with keys managed by Oracle by default, but you
can optionally encrypt the data in this bucket using your own vault encryption key.
Select the Encrypt using Oracle managed keys option.
▪ Tags: If you have permissions to create a resource, then you also have permissions to
le
apply free-form tags to that resource. Skip this option. You can always apply tags later.
ab
Click Create.
r
7.
fe
ns
The bucket is created immediately, and you can add objects to it.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Upload an Object to a Bucket
In this practice, you will upload an object to your bucket. Object Storage supports uploading
individual files up to 10 TiB.
Before you upload an object to a bucket, you must have a bucket. In this case, you will use the
bucket that is created from the previous practice.
le
Tasks
ab
r
In the Main Menu, navigate to Storage, and then select Buckets.
fe
1.
ns
Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
tra
2.
n-
3. Under Objects, click Upload.
. no
ide a
4. In the Object Name Prefix field, enter the file name prefix oci/ for the files you plan to
Gu as
upload. This step is optional.
is ) h
The Storage Tier field is populated as Standard. You can optionally change the storage
th s
5.
e o.e
tier (to Infrequent Access or Archive) to upload objects. In this case, keep it as Standard.
us ho
6. Select the objects to upload (browse any object from your local machine) by using one of
to ya
the following options:

se @
en 14
▪ Drag files from your computer into the Drop files here... section.
lic k20
▪ Click the Select Files link to display a file selection dialog box.
ac
olr
As you select files to upload, they are displayed in a scrolling list. If you decide that you
(s
do not want to upload a file that you have selected, click X to the right of the file name.
uz
If selected files to upload and files already stored in the bucket have the same name,
Cr
warning messages to overwrite are displayed.

es
dr
7. Click Upload.
An
The selected objects are uploaded. Click Close to return to the bucket.

Configure a Lifecycle Policy Rules for the Bucket
In this practice, you will use Object Lifecycle Management to manage the object storage data.
You will define a rule that automatically moves standard tier objects to the archive tier 90 days
after creation or last update.
Before you configure a lifecycle policy rule for the bucket, you must have a bucket.
le
Tasks
rab
In the Main Menu, navigate to Storage, then Buckets.
fe
1.
ns
Click the bucket FRA-AA-LAB10-1-BKT-01-xxx to view its details.
tra
2.
n-
3. Under Resources in the left navigation panel, click Lifecycle Policy Rules to access the
. no
lifecycle policy rule list.
ide a
Gu as
4. Click Create Rule.
is ) h
The Console checks the IAM policies that are in place to ensure policy rule creation
th s
e o.e
success.
us ho
5. Provide the following information:

to ya
se @
▪ Name: The system generates a default rule name that reflects the current year, month,
en 14
day, and time. In this case, enter FRA-AA-LAB10-1-LPR-01 as the name.

lic k20
▪ Target: Select the target to which the lifecycle rule applies. In this case, select Objects.
ac
olr
▪ Lifecycle Action: If the rule target is Objects, you will get three options: Move to
(s
Archive, Move to Infrequent Access, and Delete. In this case, select Move to Archive.
uz
▪ Number of Days: This field implies the number of days until the specified action is
Cr
taken. In this case, enter 90 days.

es
dr
Note: Values in the Name and Target fields are required.

An

6. Use Object Name Filters to specify the object where the lifecycle rule applies.
You can choose objects using prefixes and pattern matching. If no name filter is specified,
the rule applies to all objects in the bucket.
To create an object name filter:
▪ Click Add Filter.
le
▪ Select the Filter Type - Include by prefix.
ab
r
fe
▪ Enter the Filter Value - oci/.
ns
tra
7. Select whether the rule is enabled or disabled upon creation using the State selector. In
this case, ensure that the State is Enabled.
n-
. no
8. Click Create.
ide a
Gu as
The lifecycle policy rule is successfully configured for this bucket.
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a Replication Policy for the Bucket
In this practice, you will create a replication policy to replicate objects in one bucket to another
in a different region.
Before you configure a replication policy for the bucket, you must have two buckets in two
different regions.
le
Please note that in our case Germany Central (Frankfurt) is the source region and we have
ab
selected US West (Phoenix) as the target region.
r
fe
ns
tra
n-
Tasks
. no
ide a
1. As a first step, you will create a destination bucket in the destination region. To do this:
Gu as
is ) h
▪ In the console ribbon at the top of the screen, click the Region icon to expand the menu
th s
and select destination region US West (Phoenix) - PHX.
e o.e
us ho
▪ Create a destination bucket named PHX-AA-LAB10-1-BKT-02-xxx (specify a random

number in place of xxx to make it unique) using the Create an Object Storage bucket
to ya
practice instructions.
se @
en 14
lic k20
Select Germany Central (Frankfurt).

ac
In the Main Menu, navigate to Storage, then Buckets.

olr
3.
(s
4. On the Buckets screen, click the bucket name FRA-AA-LAB10-1-BKT-01-xxx to view its
uz
details.
Cr
Under Resources in the left navigation panel, click Replication Policy to access the
es
5.
replication policy list.
dr
An
The Console checks the IAM policies that are in place to ensure replication policy creation
success.

7. In the Create Replication Policy dialog box, enter the following:
▪ Name: The system generates a default policy name that reflects the current year,
month, day, and time. Enter FRA-AA-LAB10-1-RP-01 as the name.
▪ Destination Region: This refers to the OCI region containing the destination bucket
that you want to replicate to. Your tenancy must be subscribed to a region for you to
replicate to that region. In this case, select US West (Phoenix).
le
ab
▪ Destination Bucket: This refers to the name of the destination bucket for replication.
Select the PHX-AA-LAB10-1-BKT-02-xxx bucket that is created in the destination
r
fe
region. Please note that the replication cannot automatically create the bucket.
ns
tra
Note: Entry in the Name and Destination Region fields are required.
n-
. no
8. Click Create.
ide a
After the policy is created, Replication: Source is added to the Bucket Information tab.
Gu as
The objects uploaded to the source bucket after policy creation are asynchronously
is ) h
replicated to the destination bucket.
th s
e o.e
9. Navigate back to the Buckets screen and click the bucket FRA-AA-LAB10-1-BKT-01-xxx.
us ho
Upload another object using Upload Objects to a Bucket practice instruction.

to ya
se @
10. Navigate to the destination region using the region menu. In this case, it’s Phoenix and
en 14
click the bucket name PHX-AA-LAB10-1-BKT-02-xxx.

lic k20
11. Validate that the uploaded object to the source bucket FRA-AA-LAB10-1-BKT-01-xxx is
ac
asynchronously replicated to the destination bucket PHX-AA-LAB10-1-BKT-02-xxx.

olr
(s
uz
Cr
es
dr
An

Create a Retention Rule for the Bucket
In this practice, you will create a time-bound retention rule to protect your data from
accidental or malicious update, overwrite, or deletion.
Before you configure a retention rule for the bucket, you must have a bucket.
Tasks
le
ab
1. In the Main Menu, navigate to Storage, then Buckets.
r
fe
In the Console ribbon at the top of the screen, ensure you are in the correct region,
ns
2.
tra
n-
3. Click the bucket name FRA-AA-LAB10-1-BKT-01-xxx created earlier to view its details.
. no
ide a
4. Under Resources in the left navigation panel, click Retention Rules to access the
Gu as
retention rule list.
is ) h
Click Create Rule.
th s
5.
e o.e
6. In the Create Retention Rule dialog box, enter FRA-AA-LAB10-1-RR-01 as the name.
us ho
to ya
7. Select Retention Rule Type that you want to create:

se @
en 14
▪ Time-Bound: These rules have a user-defined duration. The object modification is

lic k20
prevented for the duration specified. The duration is applied to each object
individually and is based on the object's Last Modified timestamp.
ac
olr
▪ Indefinite: These rules have no duration or expiration. The object modification is

(s
prevented until an indefinite rule is deleted.

uz
In this case, select Time-Bound retention rule type.

Cr
es
8. Enter the following retention rule duration attributes:

dr
▪ Retention Time Amount: 1

An
▪ Retention Time Unit: Years
The retention duration that you specify is applied to each object individually and is based
on the object's Last Modified timestamp.

9. Do not select Enable Retention Rule Lock. When a rule is locked, only an increase in the
retention duration is allowed and the rule can be deleted only by deleting the bucket. A
bucket must be empty to be deleted.
10. Click Create.
11. Under Resources in the left navigation panel, click Objects.
12. Next, try deleting one of the objects uploaded in the earlier steps. To do this, click the
le
ab
ellipsis icon corresponding to an object and click Delete.
r
fe
13. Click Delete.
ns
tra
You will notice that the delete was unsuccessful. This is because if you have active
n-
retention rules, the actions that you can perform on a bucket are limited. You cannot
. no
update, overwrite, or delete objects or object metadata, or delete the bucket until the
retention duration expires or the retention rule is deleted.
ide a
Gu as
14. Click Cancel. is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 11-1 Practices
n-
tra
ns
fe
r
(Using Cloud Shell)
ab
le
Object Storage: Perform
Multipart Upload Using CLI
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Object Storage supports multipart uploads for more
efficient and resilient uploads, especially for large objects. With multipart uploads, the
individual parts of an object can be uploaded in parallel to reduce the amount of time you
spend uploading. In this lab, you will perform a multipart upload on the Command Line
le
Interface (CLI) using Cloud Shell.
ab
r
fe
ns
tra
• Access Cloud Shell via the Console
n-
• Create a standard default storage tier bucket using CLI (Cloud Shell)
. no
ide a
• Upload a file (larger than 100 MiB) to Cloud Shell
Gu as
• is ) h
Perform a multipart upload using the CLI (Cloud Shell)
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell) 127
128
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Access Cloud Shell via the Console
The OCI Cloud Shell is a web browser–based terminal accessible from the Console. It provides
access to a Linux shell, with a pre-authenticated OCI CLI.
In this practice, you will access Cloud Shell via the OCI Console.
Tasks
le
ab
r
fe
In the console ribbon at the top of the screen, click the Region icon to expand the menu.
ns
2.
Select Germany Central (Frankfurt) as the region.
tra
n-
3. Click the Cloud Shell icon next to the Region selection menu in the console header.
. no
ide a
Note: The OCI CLI running in the Cloud Shell will execute commands against the region
Gu as
selected when the Cloud Shell starts.
is ) h
Now, the Cloud Shell is displayed in a "drawer" at the bottom of the Console.
th s
4.
e o.e
5. You can use the icons in the upper-right corner of the Cloud Shell window to minimize,
us ho
maximize, and close your Cloud Shell session.

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Create a Standard Default Storage Tier Bucket Using CLI
(Cloud Shell)
In the OCI Object Storage, a bucket is a container for storing objects in a compartment within
an object storage namespace.
In this practice, you will create a standard default storage tier bucket using the CLI.
le
Tasks
rab
fe
1. Ensure that the Cloud Shell session is running.
ns
tra
2. Run the following command to get your object storage namespace:
n-
$ oci os ns get
. no
ide a
Reminder: Do not include the $ symbol when pasting code into Cloud Shell.
Gu as
is ) h
Your object storage namespace is returned. Please make a note of it as you will be using it
in the subsequent task.
th s
e o.e
Run the following command to get the OCID of the compartment. Replace <compartment-
us ho
3.
name> with the compartment name assigned to you.
to ya
se @
$ oci iam compartment list --name <compartment-name>

en 14
lic k20
Make note of the value corresponding to the “id” (without the ditto/quotation mark). You
will use this in the subsequent task. The following is an example of how it looks:
ac
olr
"id": "ocid1.compartment.oc1..xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(s
4. Create a bucket by using the following command.

uz
Cr
$ oci os bucket create --namespace <object_storage_namespace> --

es
name <bucket_name> --compartment-id <target_compartment_id>

dr
▪ Replace <object_storage_namespace> with the name returned in Step 2.

An
▪ Replace <bucket_name> with FRA-AA-LAB11-1-BKT-01-xxx. Specify a random

number in place of xxx to make it unique.
▪ Replace <target_compartment_id> with the compartment ID returned in Step 3.
A standard tier bucket is created immediately.
130 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
Upload a File (Larger than 100 MiB) to Cloud Shell
In this practice, you will transfer a file larger than 100 MiB (~105 MB) from your local machine
to the Cloud Shell.
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
le
ab
2. In the Cloud Shell window, click the Cloud Shell Menu icon at the top-right corner and
r
select Upload. The File Upload to your Home Directory dialog box appears.
fe
ns
Drag and drop a file or click Select from your computer.
tra
3.
n-
Note: The File Transfer dialog box supports selecting only one file at a time to transfer.
. no
Select any file larger than 100 MiB.
ide a
Gu as
Tip: You can optionally download a sample file which is around 247 MB from the
following link. is ) h
th s
e o.e
https://yum.oracle.com/ISOS/OracleLinux/OL6/u8/x86_64/x86_64-boot-uek.iso
us ho
4. Click Upload.
to ya
se @
5. Wait for the file transfer to finish. The file transfers that are in-process are shown with a
en 14
progress bar and the completed file transfers are shown with a green check mark.
lic k20
6. After the file transfer is complete, you can hide the File Transfer dialog box by
ac
clicking Hide.
olr
(s
uz
Cr
es
dr
An
Perform a Multipart Upload Using the CLI (Cloud Shell)
In this practice, you will perform a multipart upload by using the CLI (Cloud Shell).
Tasks
1. Click the Cloud Shell icon next to the Region selection menu in the Console header.
le
2. To perform a multipart upload of an object, run the following command in Cloud Shell:
ab
$ oci os object put --namespace <object_storage_namespace> --
r
bucket-name <bucket_name> --file <file_location> --name
fe
<object_name> --part-size <upload_part_size_in_MB> --parallel-
ns
upload-count <maximum_number_parallel_uploads>
tra
▪ Replace <object_storage_namespace> with the name returned in Step 2 of Create
n-
. no
a Standard default storage tier bucket using CLI (Cloud Shell).
ide a
▪ Replace <bucket_name> with FRA-AA-LAB11-1-BKT-01-xxx that was created earlier.
Gu as
▪ Replace <file_location> with the path to the downloaded file that you uploaded to
is ) h
the Cloud Shell.
th s
e o.e
▪ Replace <object_name> with FRA-AA-LAB11-1-OBJ-01.

us ho
▪ The --part-size value represents the size of each part in mebibytes (MiBs). It must
to ya
be an integer. Replace <upload part size in MB> with 20.

se @
en 14
▪ Optionally, you can use the --parallel-upload-count flag to set the maximum
lic k20
number of parallel uploads allowed. By default, the CLI limits the number of parts that
can be uploaded in parallel to three. In this case, replace
ac
<maximum_number_parallel_uploads> with 5.
olr
(s
3. You specify the part size of your choice, and the object storage splits the object into parts
uz
and performs the upload of all parts automatically. You will see that the uploading object
Cr
operation is 100% complete. When using the CLI, you do not have to perform a commit
es
when the upload is complete.

dr
4. From the Main Menu, select Storage. Under Object Storage & Archive Storage, click
An
Buckets.
5. From the Buckets screen, click the bucket name FRA-AA-LAB11-1-BKT-01-xxx to view its
details.
6. Under Objects, validate that the object FRA-AA-LAB11-1-OBJ-01 is present.
132 Object Storage: Perform Multipart Upload Using CLI (Using Cloud Shell)
An
dr
es
Cr
uz
(s
Create, Attach, Detach, and Resize a Block Volume

olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 12-1 Practices
n-
Block Volume
tra
ns
fe
rab
le
Block Storage: Create,
Attach, Detach, and Resize a
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes. You can create, attach, connect, and move volumes, as well as
change volume performance, as needed, to meet your storage, performance, and application
requirements.
le
ab
r
fe
ns
a. Create a Virtual Cloud Network and its components
tra
Create a VM instance
n-
b.
. no
c. Create a block volume
ide a
Gu as
d. Attach a block volume to a compute instance
is ) h
Resize a block volume
th s
e.
e o.e
f. Detach a block volume

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
134 Block Storage: Create, Attach, Detach, and Resize a Block Volume
An
Assumptions
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
Block Storage: Create, Attach, Detach, and Resize a Block Volume

us ho
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
In this lab, we consider Germany Central (Frankfurt) as your region.
rab
le
135
In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, and
Internet Gateway, and add route rules in the Route Table.
Tasks
1. Sign in to the Oracle Cloud Infrastructure (OCI) Console.
le
ab
r
fe
Click Create VCN.
ns
3.
tra
n-
Name: Enter FRA-AA-LAB12-1-VCN-01.
. no
a.
ide a
b. Create in Compartment: Select the <compartment name> assigned to you.
Gu as
c. is ) h
IPv4 CIDR Blocks: Type 10.0.0.0/16 and press Enter on your keyboard to add.
th s
e o.e
Note: You can leave all the other options as default.

us ho
5. Click Create VCN. The VCN is now created successfully.

to ya
se @
6. Click Create Subnet.

en 14
In the Create Subnet dialog box, enter the following:

lic k20
7.
Name: Enter FRA-AA-LAB12-1-SNET-01.

ac
a.
olr

(s
uz
c. Subnet Type: Select Regional.

Cr
d. IPv4 CIDR Blocks: Enter 10.0.1.0/24.

es
dr
e. Subnet Access: Select Public Subnet.

An
8. Click Create Subnet. The subnet is now created successfully, and the state is Available.
9. In the left navigation pane, under Resources, click Internet Gateways.
a. Name: Enter FRA-AA-LAB12-1-IG-01.
12. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
state is Available.
le
13. In the left navigation pane, under Resources, click Route Tables.
ab
r
fe
ns
15. Click Add Route Rules and enter the following:
tra
n-
a. Target Type: Select Internet Gateway from the drop-down list.
. no
ide a
b. Destination CIDR Block: Enter 0.0.0.0/0.
Gu as
c. Target Internet Gateway: Select FRA-AA-LAB12-1-IG-01 from the drop-down list.
is ) h
th s
e o.e
16. Click Add Route Rules. The route rule is now successfully added to the default Route
Table.
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Block Storage: Create, Attach, Detach, and Resize a Block Volume 137
Create a VM Instance
In this practice, you will learn how to create SSH keys using Cloud Shell and how to launch an
instance.
Tasks
le
ab
2. In the console ribbon at the top of the screen, click the Cloud Shell icon next to the
r
Region selection menu.
fe
ns
Once the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error “Cannot create directory: File exists,” you can skip
ide a
Gu as
running this first command.
is ) h
$ cd .ssh
th s
e o.e

us ho
to ya
▪ Remember: After entering this third command, press Enter twice for no passphrase.
se @
Note: Replace <<sshkeyname>> with cloudshellkey. Choose the key name you can
en 14
lic k20
create.
ac
Reminder: The angle brackets «» should not appear in your code.

olr
(s
uz
Cr
es
$ ls
dr
An
key: <<sshkeyname>>.pub. Keep the private key safe and don’t share its content with
systems, as well as copied and pasted to facilitate secure communications in the cloud.
5. To list the contents of the public key, use the following command:
Note: Replace <<sshkeyname>> with cloudshellkey.
le
ab
r
fe
ns
7. From the Main Menu, select Compute. Under Compute, click Instances.
tra
Click Create instance and enter the following:
n-
8.
. no
a. Name: Enter FRA-AA-LAB12-1-VM-01.
ide a
Gu as
b. Create in compartment: Select the <compartment name> assigned to you.
is ) h
Placement: Select Availability Domain AD1. Click Show advanced options and select
th s
c.
e o.e
On-demand capacity from the Capacity type menu.

us ho
d. Image and shape: Choose the image Oracle Linux 8 and shape
to ya
VM.Standard.A1.Flex (1 OCPU, 6GB Memory) [Shape series: Ampere].

se @
en 14
e. Networking: Select the existing virtual cloud network FRA-AA-LAB12-1-VCN-01 and

lic k20
existing subnet FRA-AA-LAB12-1-SNET-01 (regional). Under Public IP address,

select Assign a public IPv4 address.
ac
olr
f. Add SSH keys: Select Paste public keys and paste the contents of the public key,
(s
which you copied in Step 6, in the box.

uz
Cr
g. Boot volume: Keep the default selection.

es
9. Click Create.
dr
An
Note: After a couple of minutes, you see that the Instance is successfully created and the
state is Running.
10. Under Instance access, copy the Public IP address.
11. Click the Cloud Shell icon to open Cloud Shell, and use SSH to connect to your instance
by using the following command:
Reminders:
le
▪ <private_key_file> is the full path and name of the file that contains the private
ab
r
fe
ns
▪ <username> is the default user opc.
tra
▪ <public-ip-address> is the Public IP address of the instance.
n-
. no
ide a
Gu as
12. You are now connected to the Instance FRA-AA-LAB12-1-VM-01. Run the following
is ) h
command to display information about the block devices:
th s
e o.e
$ lsblk
us ho
Note: You will only see the boot disk sda.

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Create a Block Volume
The Oracle Cloud Infrastructure (OCI) Block Volume service lets you dynamically provision and
manage block storage volumes.
In this practice, you will learn how to create a block volume.
Tasks
le
ab
r
fe
2. Open the Main Menu and click Storage. Under Block Storage, click Block Volumes.
ns
tra
3. Click Create Block Volume.
n-
4. Fill in the required volume information:
. no
a. Name: Enter FRA-AA-LAB12-1-BV-01.
ide a
Gu as
is ) h
th s
e o.e
c. Availability Domain: Select the first availability domain.

us ho
d. Volume Size and Performance: Select Custom and specify the following:
to ya
se @
1) Volume Size (in GB): Enter 512.

en 14
Target Volume Performance: Drag the VPUs/GB slider to the left to make the
lic k20
2)
performance Lower Cost.
ac
olr
e. Backup Policies: Do not specify any policy.

(s
f. Cross Region Replication: Keep the OFF default selection.

uz
Cr
g. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

es
5. Click Create Block Volume. You now see that the Block Volume state becomes Available.
dr
An
Attach a Block Volume to a Compute Instance
You can create, attach, connect, and move volumes. You can also change volume
performance, as needed, to meet your storage, performance, and application requirements.
After you attach and connect a volume to an instance, you can use the volume like a regular
hard drive.
In this practice, you’ll learn how to attach a block volume to a compute instance and perform
le
various configuration tasks on the attached volume.
rab
Tasks
fe
ns
tra
1. Open the Main Menu and click Compute. Under Compute, click Instances.
n-
In the Instances list, click the instance FRA-AA-LAB12-1-VM-01.
. no
2.
ide a
3. In the left navigation pane, under Resources, click Attached block volumes.
Gu as
4. Click Attach block volume. is ) h
th s
e o.e
5. Specify the volume you want to attach to. For example, to use the volume name,
us ho
choose Select volume, and then select the volume FRA-AA-LAB12-1-BV-01 from
the Volume drop-down list.
to ya
se @
6. If the instance supports consistent device paths, and the volume you are attaching is not a
en 14
boot volume, select the path /dev/oracleoci/oraclevdb from the Device path
lic k20
drop-down list. This enables you to specify a device path for the volume attachment that
ac
remains consistent between instance reboots.

olr
7. In the Attachment type section, select Paravirtualized.

(s
uz
Note: After you attach a volume using the Paravirtualized attachment type, it is ready to
Cr
use, and you do not need to run any additional commands.

es
In the Access section, select Read/Write.

dr
8.
An
Note: This is the default option for volume attachments and, with this option, an instance
can read and write data to the volume.
9. Click Attach. You now see the state as Attached and, since the attachment type
is Paravirtualized, you can use the volume without running any additional commands.
10. Ensure that you are connected to the Instance FRA-AA-LAB12-1-VM-01.
Note: For help with this, refer to Step 11 in the Create a VM Instance practice.
11. Run the following command to display information about the block devices:
$ lsblk
Note: You now see that the system recognizes a new disk device, and the size is 512 GB.
le
ab
12. To verify that the volume is attached to the instance, run the following command:
r
fe
$ ll /dev/oracleoci/oraclevd*
ns
tra
13. To partition the disk using fdisk, run the following command:
n-
. no
$ sudo fdisk /dev/oracleoci/oraclevdb
ide a
Note: Enter the following responses as seen in the Cloud Shell:
Gu as
a.
is ) h
Command (m for help): Enter n to create a new partition.
th s
e o.e
b. Select (default p): Enter p.

us ho
Partition number (1,4, default 1): Press Enter.

to ya
c.
se @
d. First sector: Press Enter.

en 14
lic k20
e. Last sector: Press Enter.

ac
f. Command (m for help): Enter w to write the new partition.

olr
(s
14. To format the partition, run the following command:

uz
$ sudo mkfs -t ext4 /dev/oracleoci/oraclevdb1

Cr
es
15. To mount the partition, run the following commands:

dr
An
$ sudo mkdir -p /mnt/volume1
$ sudo mount /dev/oracleoci/oraclevdb1 /mnt/volume1
Note: On Linux instances, if you want to automatically mount volumes on an instance

boot, you need to set some specific options in the /etc/fstab file.
16. To display information about the block devices, run the following command:
$ lsblk
Note: You now see the partition and the mountpoint /mnt/volume1.
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Resize a Block Volume
With online resizing, you can expand the volume size without detaching the volume from an
instance.
In this practice, you will resize a block volume.
Tasks
le
ab
1. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
r
fe
2. In the Block Volumes list, select the block volume FRA-AA-LAB12-1-BV-01.
ns
Click Edit.
tra
3.
n-
4. Under Volume Size and Performance, enter the new size 1024 in the Volume Size (in
. no
GB) field.
ide a
Gu as
Note: You must specify a larger value than the block volume's current size.
is ) h
th s
e o.e
Note: A window appears with a list of commands. The commands are required to rescan
us ho
the disk after the volume is provisioned. You need to run these commands so that the
to ya
operating system identifies the expanded volume size. Click the Copy link to copy the
commands, and then click Close to close the window.
se @
en 14
6. Connect to your instance FRA-AA-LAB12-1-VM-01.

lic k20
ac
olr
7. Paste and run the rescan commands you copied in the previous step into your instance
(s
session window:
uz
Cr
$ sudo dd iflag=direct if=/dev/oracleoci/oraclevdb of=/dev/null

count=1
es
dr
$ echo "1" | sudo tee /sys/class/block/`readlink

An
/dev/oracleoci/oraclevdb | cut -d'/' -f 2`/device/rescan
Note: After you've run the volume rescan commands, you need to extend the partition
and grow the file system; however, this is beyond the scope of this lab activity. For more
details on this topic, see Extending the Partition for a Block Volume (oracle.com) at:
us/iaas/Content/Block/Tasks/extendingblockpartition.htm#Extending_the_Partition_
for_a_Block_Volume
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Detach a Block Volume
When an instance no longer needs access to a volume, you can detach the volume from the
instance without affecting the volume's data.
In this practice, you will detach a block volume.
le
ab
Tasks
r
fe
ns
In the Instance list, click the instance FRA-AA-LAB12-1-VM-01 to display the instance
tra
2.
details.
n-
. no
3. In the left navigation pane, under Resources, click Attached block volumes.
ide a
4. From the Attached block volumes list, click the three dots on the right to open the
Gu as
Actions menu, then click Detach.
5.
is ) h
Click OK to confirm detachment. You now see that there are no block volumes attached to
th s
the instance FRA-AA-LAB12-1-VM-01.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 13-1 Practices
n-
tra
ns
fe
rab
le
Block Storage: Create a
Cross Region Replication

Volume Group and Enable
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group. A volume group can include both types
of volumes, boot volumes, which are the system disks for your compute instances, and block
volumes, which are for data storage.
le
ab
In this lab, you'll work with volume groups. You will:
r
fe
ns
a. Create two block volumes
tra
Create a volume group
n-
b.
. no
c. Enable Cross-Region Replication for the volume group
ide a
Gu as
d. Activate the Volume Group replica
is ) h
Disable replication for a volume group
th s
e.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
Prerequisites
es
• Enabling Cross-Region Replication for the Volume Group requires access to a

dr
destination region. See Replicating a Volume (oracle.com) for the list of region
An
mappings for cross-region replication.
Block Storage: Create a Volume Group and Enable Cross Region Replication 149
Create Two Block Volumes
The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and
manage block storage volumes.
In this practice, you will learn how to create two block volumes, which will subsequently be part
of a volume group.
le
Tasks
ab
r
Use the console to sign in to your Oracle Cloud Infrastructure (OCI) account.
fe
1.
ns
Select the region available in the tenancy allotted to you. In this lab, consider Germany
tra
2.
Central (Frankfurt) as your region.
n-
. no
3. From the Main Menu, select Storage. Under Block Storage, click Block Volumes.
ide a
Click Create Block Volume.
Gu as
4.
5. is ) h
Fill in the required volume information:
th s
e o.e
a. Name: Enter FRA-AA-LAB13-1-BV-01.

us ho
b. Create In Compartment: Select the compartment assigned to you.

to ya
se @
c. Availability Domain: Select the first availability domain.

en 14
lic k20
d. Volume Size and Performance: Select the Custom option and enter 512 in the
Volume Size field.
ac
olr
e. Target Volume Performance: Drag the VPUs/GB slider to the left to make it Lower
(s
Cost.
uz
Backup Policies: Do not specify any policy.

Cr
f.
es
g. Cross Region Replication: Select the OFF radio button.

dr
An
h. Encryption: Select the Encrypt using Oracle-managed keys radio button.
6. Click Create Block Volume.
Note: The Block Volume state is now Available.
150 Block Storage: Create a Volume Group and Enable Cross Region Replication
7. Repeat steps 3-6 to create a second block volume. Name this volume FRA-AA-LAB13-1-
BV-02.
Note: You now have two block volumes where the state is Available.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Create a Volume Group
The Oracle Cloud Infrastructure (OCI) Block Volume service provides you with the capability to
group together multiple volumes in a volume group.
In this practice, you’ll learn how to create a volume group.
Tasks
le
ab
1. From the Main Menu, select Storage. Under Block Storage, click Volume Groups.
r
fe
2. Click Create Volume Group.
ns
tra
3. Fill in the required fields on the Basic Information page:
n-
Name: Enter FRA-AA-LAB13-1-VG-01.
. no
a.
ide a
b. Compartment: Select the compartment assigned to you.
Gu as
c. is ) h
Availability Domain: Select the first availability domain. (This must be the same
th s
Availability Domain, which you selected while creating the two block volumes in the
e o.e
previous exercise.)
us ho
to ya
4. Click Next to go to the next page.

se @
On the Add Volumes page, for each volume you want to add:
en 14
5.
lic k20
a. Select the compartment containing the volume from the Compartment drop-down
list.
ac
olr
b. Select the volume FRA-AA-LAB13-1-BV-01 from the Volume drop-down list.

(s
uz
c. Click + Additional Volume to add more volumes.

Cr
1) Select the compartment containing the volume from the Compartment

es
drop-down list.
dr
An
2) Select the volume FRA-AA-LAB13-1-BV-02 from the Volume drop-down list.
6. After you've added all the volumes you want to include when creating the volume group,
click Next.
7. On the Cross Region Replication page, you can optionally enable asynchronous cross
region volume replication for the volume group. You will be enabling this option in the
subsequent steps. For now, leave the OFF option selected and click Next.
8. On the Backup Policies page, you can optionally configure scheduled backups for the
volume group by selecting a backup policy to use for scheduled backups. You will not
configure any Backup Policies at this time. Click Next.
le
9. On the Summary page, review the information. To edit any information, click Edit in the
ab
right corner.
r
fe
10. Once everything looks correct, click Create to create the volume group. You can see that
ns
the Volume Group is created successfully, and it includes two block volumes.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Enable Cross-Region Replication for the Volume Group
The Block Volume service provides you with the capability to perform ongoing automatic
asynchronous replication of volume groups to other regions.
In this practice, you’ll learn how to enable replication for a volume group.
le
ab
r
Tasks
fe
ns
Open the Main Menu and click Storage. Under Block Storage, click Volume Groups.
tra
1.
Click the volume group FRA-AA-LAB13-1-VG-01.
n-
2.
. no
3. Click Edit.
ide a
Gu as
4. Click Cross Region Replication on the left of the screen and select the ON option.
is ) h
th s
5. Enter the following information into the data fields:
e o.e
Target Region: Select the UK South (London) region to replicate the volume group.
us ho
a.
to ya
Note: See Replicating a Volume (oracle.com) for the list of region mappings for
se @
cross-region replication.
en 14
lic k20
b. Availability Domain: Select the first availability domain to place the volume group
replica in.
ac
olr
c. Volume Group Replica Name: Enter LHR-AA-LAB13-1-VGR-01 for the volume

(s
group replica name.

uz
Cr
Note: In this lab, we used Germany Central (Frankfurt) as the source region and UK South
(London) as the target region. This might change depending on the region available in the
es
tenancy allotted to you.

dr
An
6. Select the Confirm check box to acknowledge the cost warning and click Next.
7. Click Summary on the left of the screen.
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
becomes Available.
9. Under Resources in the left navigation pane, click Volume Group Replicas. The replica
LHR-AA-LAB13-1-VGR-01 is now created in the target region, UK South (London).
Select the target region, UK South (London).
11. Under Block Storage in the left navigation menu, click Volume Group Replicas.
Note: You can now see the replica LHR-AA-LAB13-1-VGR-01 and its details such as
le
OCID, Source Region, Last Sync, and Created.
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Activate the Volume Group Replica
To create a new volume group from a volume group replica, you need to activate the replica.
The activation process creates a new volume group by cloning the replica.
In this practice, you’ll learn how to activate a volume group replica.
Tasks
le
ab
1. Make sure that you are in the correct destination region that contains the volume group
r
replica you want to activate.
fe
ns
Open the Main Menu and click Storage. Under Block Storage, click Volume Group
tra
2.
Replicas.
n-
. no
3. Click the replica LHR-AA-LAB13-1-VGR-01.
ide a
4. Click Activate.
Gu as
5. is ) h
Click Confirm to acknowledge that there may be a delay in the initial replication sync of
the volume group.
th s
e o.e
6. In the Activate Volume Group Replica window, select the compartment assigned to you
us ho
and specify the name for the new volume group as LHR-AA-LAB13-1-VG-02.
to ya
se @
7. Click Activate.
en 14
lic k20
Notes
ac
• Activating a volume group from the replica creates a clone of the source volume
olr
group.
(s
• In the left navigation pane, under Resources, you can see and access the
uz
Activated Volume Groups and Block Volume Replicas.

Cr
es
dr
An
Note: You can now see the volume group LHR-AA-LAB13-1-VG-02 in the volume groups
list along with details such as Number of Volumes and Total Size of the volume groups.
9. In the left navigation pane, under Block Storage, click Block Volumes to see both
activated Block Volumes.
Disable Replication for a Volume Group
When you turn off replication for a volume group, by default, all volumes continue to replicate.
However, as separate Volume Replicas, they are no longer part of a Volume Group Replica. At
this point, you can turn off individual volume replication for all volumes.
In this practice, you’ll learn how to disable replication for a volume group.
le
Tasks
ab
r
1. Select the source region where you created your volume group, Germany Central
fe
ns
(Frankfurt).
tra
n-
. no
3. Select the volume group FRA-AA-LAB13-1-VG-01.
ide a
Gu as
4. Click Edit.
is ) h
5. Click Cross Region Replication on the left of the screen and select the OFF option.
th s
e o.e
6. Select the Check here to confirm check box to acknowledge that the volume group replica
us ho
will be deleted.
to ya
7. Select the Volume replication off check box to turn off replication for individual volumes.
se @
en 14
8. Click Summary on the left of the screen.

lic k20

ac
Note: The Volume Group state changes to Updating. After a couple of seconds, the state
olr
becomes Available.
(s
uz
Cr
Ensure that you are in the correct destination region, UK South (London).
es
11. Open the Main Menu and click Storage. Under Block Storage, click Volume Group
dr
Replicas.
An
Note: The LHR-AA-LAB13-1-VGR-01 Volume Group Replica will be in a Terminating state.

After a couple of minutes, it will be terminated.
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 14-1 Practices
n-
tra
ns
fe
rab
Mount a File System
le
File Storage: Create and
Get Started
Overview
The Oracle Cloud Infrastructure (OCI) File Storage service provides robust and shareable file
systems. Network access to your file system is provided through a mount target, which is an
NFS endpoint that lives in a subnet and connects NFS clients to file systems.
le
In this lab, you'll learn how to create a file system within the OCI console.
ab
r
fe
ns
Create a Virtual Cloud Network (VCN) and its components
tra
a.
n-
b. Create a VM instance
. no
ide a
c. Create a file system
Gu as
d. Configure VCN Security Rules for file storage
is ) h
th s
e o.e
e. Mount the file system from an instance

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
File Storage: Create and Mount a File System 159

le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
Prerequisites
us ho
You must have access to the OCI Console.

to ya
•
se @
en 14
Assumptions
lic k20

ac
olr
• In this lab, we are considering Germany Central (Frankfurt) as your region.

(s
uz
Cr
es
dr
An
160 File Storage: Create and Mount a File System

In this practice, you will learn how to create a Virtual Cloud Network, Subnet, Internet Gateway,
and Security List, and add route rules in the Route Table.
Tasks
le
ab
r
fe
Click Create VCN.
ns
3.
tra
n-
. no
a.
ide a
Gu as
c. is ) h
IPv4 CIDR Blocks: Enter 10.0.0.0/16. Press Enter to add.
th s
e o.e
Note: Leave all the other options in their default setting.

us ho
5. Click Create VCN. You now see that the VCN is created successfully and in the Available
to ya
state.
se @
Click Create Subnet.

en 14
6.
lic k20
7. In the Create Subnet dialog box, enter the following:

ac

olr
a.
(s

uz
Cr

es
d. IPv4 CIDR Block: Enter 10.0.1.0/24.

dr
An
8. Click Create Subnet. You now see that the subnet is created successfully and in the
Available state.

9. Click Create Subnet to create another Subnet. In the Create Subnet dialog box, enter the
following:
a. Name: Enter FRA-AA-LAB14-1-SNET-02.
le
rab
fe
ns
tra
f. DNS Label: Enter FRAAALAB141SNE2.
n-
. no
ide a
Gu as
is ) h
th s
e o.e

us ho

to ya
Name: Enter FRA-AA-LAB14-1-IG-01.

se @
a.
en 14

lic k20
14. Click Create Internet Gateway. You now see that the Internet Gateway is created
ac
successfully and in the Available state.

olr
(s
uz
Cr
16. Click to open Default Route Table for FRA-AA-LAB14-1-VCN-01.

es

dr
An
a. Target Type: Select Internet Gateway.
c. Target Internet Gateway: Select FRA-AA-LAB14-1-IG-01.
18. Click Add Route Rules. You now see that the route rule is successfully added in the
default Route Table.

19. Using the breadcrumb trail at the top of the screen, return to your VCN page.
21. Click Create Security List.
a. Name: Enter FRA-AA-LAB14-1-SL-01.
le
ab
r
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. You now see that the security list is created and displayed on
n-
the Security Lists page.
. no
ide a
Note: As of now, both Subnets FRA-AA-LAB14-1-SNET-01 and FRA-AA-LAB14-1-SNET-02
Gu as
are using the Default Security List.
is ) h
24. Leave Subnet FRA-AA-LAB14-1-SNET-01 as is with the Default Security List. Change the
th s
e o.e
Security List for Subnet FRA-AA-LAB14-1-SNET-02 by doing the following:

us ho
Click Subnets.
to ya
a.
se @
b. Click the subnet FRA-AA-LAB14-1-SNET-02.

en 14
lic k20
c. In the left navigation pane, under Resources, click Security Lists.

ac
d. To add a security list, click Add Security List, and select FRA-AA-LAB14-1-SL-01.
olr
(s
e. Click Add Security List.

uz
f. To remove the default security list, Default Security List for FRA-AA-LAB14-1-VCN-
Cr
01, click the three dots on the right to open the Actions menu, then click Remove.
es
dr
g. Click Remove when prompted to confirm removal.

An
Note: The changes take effect within a few seconds.

In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
Instance.
Tasks
le
ab
r
fe
ns
Once the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error message that says “Cannot create director: File
ide a
Gu as
exists,” you can skip running this first command.
is ) h
$ cd .ssh
th s
e o.e

us ho
to ya
se @
Note: Replace <<sshkeyname>> with ociaalabkey. Choose the key name you can
en 14
lic k20
create.
ac

olr
(s
uz
Cr
es
$ ls
dr
An
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with

Note: Replace <<sshkeyname>> with ociaalabkey.
le
ab
r
fe
ns
tra
n-
8.
. no
ide a
Gu as
is ) h
th s
c.
e o.e
On-demand capacity from the Capacity type menu.

us ho
to ya

se @
en 14
e. Networking: Select the existing virtual cloud network FRA-AA-LAB14-1-VCN-01

lic k20
and existing subnet FRA-AA-LAB14-1-SNET-01 (regional). Under Public IP

address, select Assign a public IPv4 address.
ac
olr
(s

uz
Cr
g. Boot volume: Keep the default selections.

es
9. Click Create.
dr
An
Note: After a couple of minutes, you can see that the Instance is successfully created and
the state is Running.
10. Under Instance access, copy the Public IP address.

11. Click the Cloud Shell icon to open Cloud Shell, and use SSH to connect to your instance
by using the following command:
Note: Enter yes in response to “Are you sure you want to continue connecting
(yes/no)?”
le
rab
fe
Reminders:
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
Note: You are now connected to the Instance FRA-AA-LAB14-1-VM-01.

to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a File System
You can create a shared file system in the cloud by using the File Storage service. Network
access to your file system is provided through a mount target. Exports control how NFS clients
access file systems when they connect to a mount target. When you use the OCI console to
create your file system, the workflow also creates a mount target and export for it.
In this practice, you will learn how to create a file system.
le
ab
Tasks
r
fe
ns
tra
2. From the Main Menu, select Storage. Under File Storage, click File Systems.
n-
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
<compartment name> assigned to you.
ide a
Gu as
4. Click Create File System.
is ) h
5. In the File System Information section, click Edit Details and enter the following:
th s
e o.e
a. Name: Enter FRA-AA-LAB14-1-FS-01.

us ho
to ya
b. Availability Domain: Select the first availability domain.

se @
c. Create in Compartment: Select the <compartment name> assigned to you.

en 14
lic k20
d. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

ac
6. In the Export Information section, click Edit Details and enter the following:
olr
a. Export Path: Enter /FRA-AA-LAB14-1-EP-01.

(s
uz
b. Do not select the Use Secure Export Options check box.

Cr
7. In the Mount Target Information section, click Edit Details and specify the following:
es
dr
a. Select the Create New Mount Target option.

An
b. Enter FRA-AA-LAB14-1-MNT-01 in the New Mount Target Name field.
c. Select FRA-AA-LAB14-1-VCN-01 from the Virtual Cloud Network drop-down list.

d. Select FRA-AA-LAB14-1-SNET-02 from the Subnet drop-down list.
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
few seconds.
le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Configure VCN Security Rules for File Storage
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
le
• Network File System (NFS) protocol
ab
r
• Network File System (MOUNT) protocol
fe
ns
• Network Lock Manager (NLM) protocol
tra
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide a
Gu as
Note
is ) h
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th s
e o.e
AA-LAB14-1-SNET-02) than the instance you want to mount the file system to (FRA-AA-
LAB14-1-SNET-01).
us ho
to ya
You need to set up the following security rules in FRA-AA-LAB14-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en 14
the source for ingress rules and the destination for egress rules:
lic k20
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ac
2048, 2049, and 2050

olr
(s
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
uz
2048
Cr
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
es
the destination instance CIDR block

dr
An
• Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block

Next, you need to set up the following security rules in Default Security List for FRA-AA-
LAB14-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
le
ab
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
2048, 2049, and 2050
r
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide a
Tasks
Gu as
is ) h
th s
e o.e
2. Select FRA-AA-LAB14-1-VCN-01 from the list of VCNs.

us ho

to ya
Select FRA-AA-LAB14-1-SL-01 from the list of security lists.

se @
4.
en 14
5. In the left navigation pane, under Resources, click Ingress Rules.

lic k20

ac
a. Do not select the Stateless check box.

olr
(s
b. Source Type: Select CIDR.

uz
Cr
c. Source CIDR: Enter 10.0.1.0/24.

es
d. IP Protocol: Select TCP.

dr
An
e. Source Port Range: By default, it will be All, even if you leave the field blank.
f. Destination Port Range: Enter 111.

le
ab
r
fe
ns
f. Destination Port Range: Enter 2048-2050.
tra
n-
. no
10. Click Add Ingress Rule and enter the following:
ide a
Gu as
is ) h
th s
e o.e

us ho
to ya
d. IP Protocol: Select UDP.

se @
en 14
lic k20

ac

olr
(s

uz
Cr

es

dr
An

14. In the left navigation pane, under Resources, click Egress Rules.
15. Click Add Egress Rules and enter the following:
b. Destination Type: Select CIDR.
le
ab
c. Destination CIDR: Enter 10.0.1.0/24.
r
fe
ns
tra
e. Source Port Range: Enter 111.
n-
. no
f. Destination Port Range: By default, it will be All, even if you leave the field blank.
ide a
16. Click Add Egress Rules.
Gu as
is ) h
th s
e o.e

us ho

to ya
se @

en 14

lic k20
ac
e. Source Port Range: Enter 2048-2050.

olr
(s
uz

Cr

es
dr

An


21. Using the breadcrumb trail at the top of the screen, click back to go to the VCN FRA-AA-
LAB14-1-VCN-01.
le
23. Click to open Default Security List for FRA-AA-LAB14-1-VCN-01.
ab
r
fe
ns
tra
n-
. no
Source Type: Select CIDR.
ide a
b.
Gu as
c. Source CIDR: Enter 10.0.2.0/24. is ) h
th s
IP Protocol: Select TCP.
e o.e
d.
us ho

to ya
Destination Port Range: By default, it will be All, even if you leave the field blank.
se @
f.
en 14

lic k20

ac
olr

(s

uz
Cr

es
IP Protocol: Select TCP.

dr
d.
An

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e

us ho

to ya
se @

en 14
lic k20

ac
olr

(s
uz

Cr

es
dr

An

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
a. Do not select the Stateless check box. is ) h
th s
e o.e

us ho

to ya
se @

en 14
lic k20
ac

olr

(s
uz
Cr
es
dr
An

Mount the File System from an Instance
In this practice, you will learn how to mount a file system from an instance.
Tasks
1. From the Main Menu, Storage. Under File Storage, click File Systems.
In the File Systems list, click the FRA-AA-LAB14-1-FS-01 file system.
le
2.
ab
3. In the left navigation pane, under Resources, click Exports.
r
fe
4. Locate /FRA-AA-LAB14-1-EP-01 and click the three dots to the right to open the Actions
ns
menu. Then select Mount Commands.
tra
5. In Image, choose Oracle Linux from the drop-down list.
n-
. no
6. Click the Copy links to copy the three commands listed.
ide a
Gu as
is ) h
th s
e o.e
8. Paste and run the commands that you copied in the previous step into your instance
us ho
session window.
to ya
Important: Please run the commands that you copied and not the following commands
se @
which are just for reference:

en 14
lic k20
$ sudo yum install nfs-utils

ac
$ sudo mkdir -p /mnt/FRA-AA-LAB14-1-EP-01

olr
$ sudo mount 10.0.2.159:/FRA-AA-LAB14-1-EP-01 /mnt/FRA-AA-LAB14-1-

(s
EP-01
uz
Cr
9. View the file system by entering the following:

es
$ df –h
dr
10. Write a file to the file system by entering the following:

An
$ sudo touch /mnt/yourmountpoint/helloworld
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ sudo touch /mnt/FRA-AA-LAB14-1-EP-01/helloworld

11. Verify that you can view the file by entering the following:
$ cd /mnt/yourmountpoint
Note: Replace yourmountpoint with the path to the local mount point. For example:
$ cd /mnt/FRA-AA-LAB14-1-EP-01
$ ls
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 15-1 Practices
n-
tra
Export Options
ns
fe
rab
le
File Storage: Configure NFS
Get Started
Overview
NFS export options enable you to create more granular access control to limit VCN access. You
can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting
to file systems through exports in a mount target. Doing this provides better security controls
in multi-tenant environments.
le
ab
Additionally, by using NFS export option access controls, you can limit the clients' ability to
r
fe
connect to the file system and view or write data.
ns
In this lab, you'll learn how to allow read-only access to the file system from one instance and
tra
read/write access from the other instance.
n-
. no
ide a
Gu as
a. Create a Virtual Cloud Network and its components
is ) h
th s
b. Create two VM instances
e o.e
us ho
c. Create a file system

to ya
d. Configure VCN Security Rules for file storage

se @
en 14
e. Set Export Options for the file system

lic k20
f. Mount the file system from both the Instances

ac
olr
g. Perform testing
(s
uz
Cr
es
dr
An
File Storage: Configure NFS Export Options 179

le
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
Prerequisites
se @
en 14

lic k20
Assumptions
ac
olr

(s
• In this lab, we are considering Germany Central (Frankfurt) as your region.

uz
Cr
es
dr
An
180 File Storage: Configure NFS Export Options

In this practice, you will learn how to create a Virtual Cloud Network (VCN), Subnet, Internet
Gateway, and Security List, and add route rules in the Route Table.
Tasks
le
ab
2. Open the Main Menu, click Networking, and then click Virtual Cloud Networks.
r
fe
Click Create VCN.
ns
3.
tra
n-
. no
a.
ide a
Gu as
c. is ) h
IPv4 CIDR Block: Enter 10.0.0.0/16. Press Enter to add.
th s
e o.e

us ho
5. Click Create VCN. The VCN is now created successfully.

to ya
se @

en 14
In the Create Subnet dialog box, enter the following:

lic k20
7.

ac
a.
olr

(s
uz

Cr

es
dr

An
8. Click Create Subnet. The subnet is now created successfully and the state is Available.

9. Click Create Subnet to create another subnet. In the Create Subnet dialog box, enter the
following:
a. Name: Enter FRA-AA-LAB15-1-SNET-02.
le
d. IPv4 CIDR Blocks: Enter 10.0.2.0/24.
rab
fe
ns
tra
f. DNS Label: Enter FRAAALAB151SNE2.
n-
g. Note: Leave all the other options in their default setting.
. no
ide a
Gu as
is ) h
th s
e o.e

us ho

to ya
a. Name: Enter FRA-AA-LAB15-1-IG-01.

se @
en 14

lic k20
14. Click Create Internet Gateway. The Internet Gateway is now created successfully, and the
ac
state is Available.
olr
(s
uz

Cr
es

dr
An
a. Target Type: Select Internet Gateway.
c. Target Internet Gateway: Select FRA-AA-LAB15-1-IG-01.
18. Click Add Route Rules. The route rule is successfully added in the default Route Table.

19. Using the breadcrumb trail at the top of the screen, return to your VCN page.
21. Click Create Security List.
a. Name: Enter FRA-AA-LAB15-1-SL-01.
le
ab
r
fe
ns
c. Do not add any Ingress or Egress rules.
tra
23. Click Create Security List. The security list is created and displayed on the Security
n-
Lists page.
. no
ide a
Note: As of now, both the Subnets FRA-AA-LAB15-1-SNET-01 and FRA-AA-LAB15-1-
Gu as
SNET-02 are using the Default Security List.
is ) h
24. Leave Subnet FRA-AA-LAB15-1-SNET-01 as is with the Default Security List. Change the
th s
e o.e
Security List for Subnet FRA-AA-LAB15-1-SNET-02 by doing the following:

us ho
Click Subnets.
to ya
a.
se @
b. Click the subnet FRA-AA-LAB15-1-SNET-02.

en 14
lic k20
c. In the left navigation pane, under Resources, click Security Lists.

ac
d. To add a security list, click Add Security List, and select FRA-AA-LAB15-1-SL-01.
olr
(s
e. To remove the default security list Default Security List for FRA-AA-LAB15-1-VCN-
01, click the three dots on the right to open the Actions menu, and then
uz
select Remove.
Cr
es
f. Click Remove when prompted to confirm removal.

dr
An
Note: The changes take effect within a few seconds.

In this practice, you will learn how to create SSH keys using Cloud Shell and launch an
instance.
Tasks
le
ab
r
fe
ns
After the Cloud Shell is ready, enter the following commands:
tra
3.
n-
$ mkdir .ssh
. no
▪ Important: In case you get an error message that says “Cannot create director: File
ide a
Gu as
exists,” you can skip running this first command.
is ) h
$ cd .ssh
th s
e o.e

us ho
to ya
se @
Note: Replace <<sshkeyname>> with ociaalab15key. Choose the key name you can
en 14
lic k20
create.
ac

olr
(s
uz
Cr
es
$ ls
dr
An
key: <<sshkeyname>>.pub, keep the private key safe and don’t share its content with

Note: Replace <<sshkeyname>> with ociaalabkey.
le
ab
r
fe
ns
7. Open the Main Menu and click Compute. Under Compute, click Instances.
tra
n-
8.
. no
ide a
Gu as
is ) h
th s
c.
e o.e
On-demand capacity under the Capacity type menu.

us ho
to ya

se @
en 14
e. Networking: Select the existing virtual cloud network FRA-AA-LAB15-1-VCN-01 and

lic k20
existing subnet FRA-AA-LAB15-1-SNET-01 (regional). Under Public IP address

select Assign a public IPv4 address.
ac
olr
(s

uz
Cr
g. Boot volume: Keep the default selections.

es
9. Click Create.
dr
An
10. To create a second Instance, repeat steps 7–9. Keep all settings the same except enter the
Name as FRA-AA-LAB15-1-VM-02.
Note: Once finished, you see that the both the instances are created successfully and in
the Running state.
11. To connect to the instances, on the Instance information tab and under Instance access,
copy the Public IP address.

12. Open Cloud Shell and use SSH to connect to your instance by using the following
commands:
le
Reminders:
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Create a File System
You can create a shared file system in the cloud using the File Storage service. Network access
to your file system is provided through a mount target. Exports control how NFS clients access
file systems when they connect to a mount target. When you use the console to create your
file system, the workflow also creates a mount target and an export for it.
In this practice, you will learn how to create a file system.
le
ab
Tasks
r
fe
ns
tra
2. Open the Main Menu and click Storage. Under File Storage, click File Systems.
n-
. no
3. In the left navigation pane, in the List Scope section, under Compartment, select the
<compartment name> assigned to you.
ide a
Gu as
4. Click Create File System.
is ) h
5. In File System Information, click Edit Details and enter the following:
th s
e o.e
a. Name: Enter FRA-AA-LAB15-1-FS-01.

us ho
to ya
b. Availability Domain: Select the first availability domain.

se @
c. Create in Compartment: Select the <compartment name> assigned to you.

en 14
lic k20
d. Encryption: Keep the default Encrypt using Oracle-managed keys selection.

ac
6. In the Export Information click Edit Details and enter the following:
olr
a. Export Path: Enter /FRA-AA-LAB15-1-EP-01.

(s
uz
b. Do not select Use Secure Export Options.

Cr
7. In the Mount Target Information, click Edit Details and specify the following:
es
dr
a. Select the Create New Mount Target option.

An
b. Enter FRA-AA-LAB15-1-MNT-01 in the New Mount Target Name field.
c. Select FRA-AA-LAB15-1-VCN-01 from the Virtual Cloud Network drop-down list.

d. Select FRA-AA-LAB15-1-SNET-02 (regional) from the Subnet drop-down list.
e. Do not select the Use network security groups to control traffic check box.
8. Click Create.
Note: The File Storage service typically creates the file system and mount target within a
le
few seconds.
rab
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Configure VCN Security Rules for File Storage
Before you can mount a file system, you must configure security rules to allow traffic to the
mount target's VNIC using specific protocols and ports. Security rules enable traffic for the
following:
• Open Network Computing Remote Procedure Call (ONC RPC) rpcbind utility protocol
le
• Network File System (NFS) protocol
ab
r
• Network File System (MOUNT) protocol
fe
ns
• Network Lock Manager (NLM) protocol
tra
n-
In this practice, you’ll learn how to configure security rules for both the mount target and the
. no
instance in a security list.
ide a
Note
Gu as
is ) h
In this lab scenario, the mount target that exports the file system is in a different subnet (FRA-
th s
e o.e
AA-LAB15-1-SNET-02) than the instance on which you want to mount the file system (FRA-
AA-LAB15-1-SNET-01).
us ho
to ya
You need to set up the following security rules in FRA-AA-LAB15-1-SL-01 for the mount
se @
target. You also need to specify the instance IP address or CIDR block 10.0.1.0/24 as
en 14
the source for ingress rules and the destination for egress rules:
lic k20
• Stateful ingress from ALL ports in the source instance CIDR block to TCP ports 111,
ac
2048, 2049, and 2050

olr
(s
• Stateful ingress from ALL ports in the source instance CIDR block to UDP ports 111 and
uz
2048
Cr
• Stateful egress from TCP ports 111, 2048, 2049, and 2050 to ALL ports in
es
the destination instance CIDR block

dr
An
• Stateful egress from UDP port 111 to ALL ports in the destination instance CIDR block

Next, you need to set up the following security rules in Default Security List for FRA-AA-
LAB15-1-VCN-01 for the instance. You also need to specify the mount target IP address or
CIDR block 10.0.2.0/24 as the source for ingress rules and the destination for egress rules:
• Stateful ingress from source mount target CIDR block TCP ports 111, 2048, 2049, and
2050 to ALL ports
• Stateful ingress from source mount target CIDR block UDP port 111 to ALL ports
le
ab
• Stateful egress from ALL ports to destination mount target CIDR block TCP ports 111,
2048, 2049, and 2050.
r
fe
ns
• Stateful egress from ALL ports to destination mount target CIDR block UDP ports 111
tra
and 2048.
n-
. no
ide a
Tasks
Gu as
is ) h
th s
e o.e
2. Click FRA-AA-LAB15-1-VCN-01 from the list of VCNs.

us ho

to ya
Click FRA-AA-LAB15-1-SL-01.
se @
4.
en 14

lic k20
6. Click Add Ingress Rule and enter the following:

ac

olr
(s

uz
Cr

es

dr
An

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e

us ho
to ya

se @
en 14
lic k20

ac

olr
(s

uz
Cr

es

dr
An

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e

us ho

to ya
se @

en 14

lic k20
ac

olr
(s
uz

Cr

es
dr

An


21. Click the VCN FRA-AA-LAB15-1-VCN-01.
le
ab
r
fe
ns
tra
n-
. no
ide a
Source CIDR: Enter 10.0.2.0/24.
Gu as
c.

is ) h
th s
e o.e

us ho
to ya
f. Destination Port Range: By default, it will be All, even if you leave the field blank).
se @

en 14
lic k20

ac

olr
Source Type: Select CIDR.

(s
b.
uz

Cr
es

dr
Source Port Range: Enter 111.

An
e.

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e

us ho

to ya
se @

en 14
lic k20

ac
olr

(s
uz

Cr

es
dr

An

le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
a. Do not select the Stateless check box. is ) h
th s
e o.e

us ho

to ya
se @

en 14
lic k20
ac

olr

(s
uz
Cr
es
dr
An

Set Export Options for the File System
In this practice, you'll learn how to allow read-only access to the file system FRA-AA-LAB15-1-
FS-01 from the Instance FRA-AA-LAB15-1-VM-01 and read/write access from the Instance
FRA-AA-LAB15-1-VM-02.
Tasks
le
ab
r
fe
2. Make a note of the Private IP addresses of both the instances FRA-AA-LAB15-1-VM-01
ns
and FRA-AA-LAB15-1-VM-02.
tra
n-
Note: In this lab, the Private IP addresses are as follows:
. no
▪ 10.0.1.15 for instance FRA-AA-LAB15-1-VM-01
ide a
Gu as
▪ 10.0.1.161 for instance FRA-AA-LAB15-1-VM-02
is ) h
Reminder: In your case, the Private IP address can be different.
th s
e o.e
3. From the Main Menu, click Storage. Under File Storage, click File Systems.
us ho
Click the file system FRA-AA-LAB15-1-FS-01.

to ya
4.
se @
5. From the Exports list, select the Export Path /FRA-AA-LAB15-1-EP-01.

en 14
6. Click Edit NFS Export Options.

lic k20
7. In the existing Export Options window, make the following changes:

ac
olr
a. Source: Enter 10.0.1.15/32.

(s
Reminder: The Private IP address of FRA-AA-LAB15-1-VM-01 is 10.0.1.15. However,

uz
when you perform the lab, it might be a different IP address.

Cr
es
b. Ports: Select Any.

dr
c. Access: Select Read Only.

An
d. Squash: Select None.
8. Click + Another Option to create a new export option entry.

9. In the new entry boxes, specify the following information:
a. Source: Enter 10.0.1.161/32.
Reminder: The Private IP address of FRA-AA-LAB15-1-VM-02 is 10.0.1.161.

However, when you perform the lab, it might be a different IP address.
b. Ports: Select Any.
le
c. Access: Select Read/Write.
ab
r
fe
d. Squash: Select None.
ns
10. When you're finished with your entries, click Update.
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Mount the File System from Both the Instances
In this practice, you will learn how to mount a file system from two instances.
Tasks
1. From the Main Menu, select Storage. Under File Storage, click File Systems.
In the File Systems list, click the file system FRA-AA-LAB15-1-FS-01.
le
2.
ab
3. In the left navigation pane, under Resources, click Exports.
r
fe
4. Locate /FRA-AA-LAB15-1-EP-01 and click the three dots on the right to open the Actions
ns
menu, and then select Mount Commands.
tra
5. In Image, choose Oracle Linux from the drop-down menu.
n-
. no
6. Click the Copy links to copy the three commands listed.
ide a
Gu as
is ) h
Note: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
th s
e o.e
8. Paste and run the commands that you copied in the previous step into your instance
us ho
session window.
to ya
Important: Please run the commands that you copied and not the following commands
se @
which are just for reference:

en 14
lic k20
$ sudo yum install nfs-utils

ac
$ sudo mkdir -p /mnt/FRA-AA-LAB15-1-EP-01

olr
$ sudo mount 10.0.2.227:/FRA-AA-LAB15-1-EP-01 /mnt/FRA-AA-LAB15-1-

(s
EP-01
uz
Cr
9. View the file system by entering the following:

es
$ df –h
dr
10. To mount the file system from the second instance FRA-AA-LAB15-1-VM-02, perform the
An
following steps:
a. Open a new duplicate tab in your browser.
b. Repeat steps 7–8 of this practice.
Note: The file system is now mounted from both instances, FRA-AA-LAB15-1-VM-01 and
FRA-AA-LAB15-1-VM-02.

Perform Testing
In this practice, you will validate that you have read-only access to the file system FRA-AA-
LAB15-1-FS-01 from the Instance FRA-AA-LAB15-1-VM-01, and read/write access from the
Instance FRA-AA-LAB15-1-VM-02.
Tasks
le
ab
r
fe
Note: For help with this, refer to Steps 11-12 in the Create a VM Instance practice.
ns
tra
2. Try to write a file to the file system by entering the following:
n-
. no
ide a
Note: Replace yourmountpoint with the path to the local mount point.
Gu as
For example:
is ) h
th s
e o.e

us ho
Important: You will receive an error that validates that the instance FRA-AA-LAB15-1-VM-
to ya
01 does not have write access to the file system.

se @
en 14

lic k20
Reminder: For help with this, refer to Steps 11–12 in the Create a VM Instance practice.
ac
olr
4. Try to write a file to the file system by entering the following:

(s

uz
Cr
es
For example:
dr
An
5. Once the file is successfully written, verify that you can view the file by entering the
following.
$ cd /mnt/yourmountpoint

For example:
$ cd /mnt/FRA-AA-LAB15-1-EP-01
$ ls
6. Verify that you can view the file by enter the Step 5 commands from the instance FRA-
AA-LAB15-1-VM-01.
le
Note: You now see that the instance FRA-AA-LAB15-1-VM-01 has read-only access to the
ab
file system.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 16-1 Practices
n-
tra
ns
fe
Database System:
rab
le
to a Database System
Provisioning and Connecting
Get Started
Overview
With Oracle Database on OCI, you can create and manage a full featured Oracle, scalable, and
secure database instance in the Oracle Cloud.
You can connect to the database using SSH. This will allow you to connect to the database
le
without using the network listener. This method of connection should be used by you to
ab
connect to the database for administration purposes only.
r
fe
ns
When connecting to a multi-node database system, you will connect to each individual node in
tra
the cluster via SSH.
n-
. no
ide a
Gu as
b. Provision a database system. is ) h
th s
e o.e
c. Connect to the database system with SSH

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Prerequisites
• See Connecting to Database Using SSH for more information about connecting to the
database using SSH.
202 Database System: Provisioning and Connecting to a Database System

In this lab, you will create a VCN and associated resources using the VCN Wizard.
Tasks
Ensure that you are in correct region, Germany Central (Frankfurt).
le
ab
r
fe
ns
3.
tra
n-
Wizard.
. no
ide a
Gu as
• Name: FRA-AA-LAB16-VCN-01 is ) h
th s
e o.e

us ho
to ya
se @
en 14
lic k20
ac
olr
8. Click Create.
(s
When complete, click View Virtual Cloud Network.

uz
9.
Cr
es
dr
An
Database System: Provisioning and Connecting to a Database System 203

Provision a Database System
Oracle Database on OCI lets you dynamically provision and manage database systems. In this
practice, you will provision a single node virtual machine database system.
Tasks
1. In the console ribbon at the top of the screen, from the Regions menu, select Germany
le
Central (Frankfurt).
ab
r
From the navigation menu, select Oracle Database, and select Oracle Base Database
fe
2.
ns
(VM, BM).
tra
In the left navigation pane, under List Scope, select your assigned <compartment name>.
n-
3.
. no
4. Click Create DB system.
ide a
5. Fill in the required information in the Create DB system dialog box:
Gu as
• is ) h
Select a compartment: Select your assigned <compartment name>.
th s
e o.e
• Name your DB system: FRA-AA-LAB16-DBCS-01

us ho
• Select an availability domain: You may choose from AD-1, AD-2, or AD-3.
to ya
se @
• Select a shape type: Virtual Machine

en 14
lic k20
• Configure shape: Create the database with Intel OCPUs:

ac
1) Click Change Shape and click AMD.

olr
(s
2) From the list of Configure OCPU options, select the shape VM.Standard.E4.Flex
(1 OCPU, 16 GB Memory)
uz
Cr
3) Click Select a shape.

es
dr
An
• Configure storage: Use Logical Volume Manager. Click Change Storage. In the
Change Storage dialog box, configure the following:
1) Choose storage management software: Logical Volume Manger
2) Configure storage performance: Balanced
3) Available data storage (GB): 256

4) Click Save changes.
• Configure the DB system – For this lab, you will create a one-node database system:
1) Total node count: Leave value at 1.
2) Oracle Database software edition: Select Enterprise Edition High Performance.
3) Total storage (GB): Leave value at 712.
le
ab
r
• Add SSH keys: Generate a public-private key pair to authenticate and connect to the
fe
database:
ns
tra
1) Select the Generate SSH key pair option.
n-
. no
2) Click Save private key to download the private key to your local system. Later in
ide a
this lab, you will use that private key to connect to the database.
Gu as
3) is ) h
Click License Included in the Choose a license type field.
th s
e o.e
us ho
• Specify the network information: You will provide information of the virtual cloud
network you created before provisioning this database system:
to ya
se @
1) Virtual cloud network in assigned <compartment name>: Select FRA-AA-

en 14
LAB16-VCN-01.
lic k20
Client subnet in assigned <compartment name>: Select Public Subnet- FRA-

ac
2)
AA-LAB16-VCN-01 (regional).
olr
(s
3) Use network security groups to control traffic: Deselected

uz
Cr
4) Hostname prefix – LAB16-DBHST-01

es
5) Host Doman Name: Do not configure.

dr
An
6) Host Domain URL: Do not configure.
7) Private IP address: Do not configure.
• Diagnostics collection: Leave at default settings.
6. Click Next.

7. Enter the required information in the Create DB system dialog box and accept the defaults
for any fields not specified.
• Database name: FRAAADB1
Reminder: A database system is the software system that enables you to create, manage,
and monitor the database. The database is the collection of data.
• Database unique name suffix: Do not configure.
le
• Database image: You will create an Oracle Database 21c.
ab
Click Change database image.
r
1)
fe
ns
2) Image Type: Select Oracle Database Software Images.
tra
Oracle Database version: Check 21c
n-
. no
3) Click Select.
ide a
Gu as
• PBD name: Do not configure.
• Create administrator credentials: is ) h
th s
e o.e
1) Username: User sys (read-only field)

us ho
Password: Provide the password for User sys. Enter OU_Cl0ud#12345.

to ya
2)
se @
Note: You will need to enter the password twice.

en 14
lic k20
3) Use the administrator password for the TDE wallet: Selected

ac
4) Configure database backups: Deselected

olr
Click Create DB System.

(s
8.
uz
Note: The creation will vary from 5 minutes to 45 minutes. The status of the database
Cr
system will go from Provisioning to Available.

es
dr
An

Connect to the Database
SSH is used to administer Oracle Databases in OCI. SSH or Secure Shell is a network
communication protocol that enables two computers/servers to securely communicate and
share data over unsecured network.
In this practice, you’ll connect to your database system using SSH.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and select Oracle Base Database
fe
1.
ns
(VM, BM).
tra
n-
2.
. no
3. Select FRA-AA-LAB16-DBCS-01 from the list of available databases.
ide a
Gu as
4. In the left navigation pane, under Resources, click Nodes.
is ) h
Locate and note the Oracle Database Public IP address for use later in this section.
th s
5.
e o.e
6. Convert the .pem file to .ppk file.

us ho
to ya
If you selected Generate SSH key pair to generate the public-private key pair when
se @
provisioning your database system, and you use Putty to connect to the database system,
en 14
then you will need to convert the key file.

lic k20
ac
The key is generated in .pem format, but Putty needs the key to be in .ppk format.
olr
You will use PuttyGen to convert the .pem file to .ppk file.
(s
uz
Note: This instruction set assumes PuTTYGen has been installed on your local system. If
Cr
not, download and install PuTTYGen before proceeding.

es
a. Open PuTTYGen and click the Load button.

dr
An
b. Set the file type to All Files *.* so the OCI PEM file (the private key you downloaded
during the provisioning) is visible.
c. Select your OCI PEM file and PuTTYGen will import it

d. Click Save Private Key and PuTTYGen will convert the PEM to a PPK file.
Give a new name to this private key and note its location, because this is the private
key file that you will use to connect to the database.
7. Connect to the Database. You will need to use a tool to establish communication between
your local system and the database system. Depending on your local system’s Operating
System, you will use one of two methods: for Windows, you will use the third-party tool
le
PuTTY and for macOS or Linux, you will use SSH.
ab
r
Connect from Windows Using PuTTY
fe
ns
Note: This instruction set assumes PuTTY has been installed on your local system. If not,
tra
download and install PuTTY before proceeding.
n-
. no
a. Open putty.exe.
ide a
Gu as
b. To the left, in the Category pane, configure the following:
is ) h
Select Session and enter the following fields:
th s
1)
e o.e
Host Name (or IP address): opc@<Oracle Database Public IP

us ho
a)
address>
to ya
se @
b) Connection type: SSH

en 14
lic k20
c) Port: 22
ac
2) To the left, in the Category pane, click the disclosure triangle to reveal
olr
Connection options.
(s
Click the disclosure triangle to reveal SSH option, and then click Auth.
uz
a)
Cr
b) Browse to and select your private key. This is the private key file you had
es
converted with PuttyGen and saved on your local system.

dr
An
3) Click Open to begin your session.
Note: You will connect to the OCI DB System VM as the user opc without
needing to enter password, because you are authenticating with the key file.

4) Click Yes in the dialog box that appears on your first log in.
Note: If you are connected to any VPN or working on a restricted network

connection, you will encounter errors when trying to connect to your database
system.
Connect from a MacOS or Linux System:
Open console or terminal.
le
a.
ab
b. Issue the following SSH command to access the DB system:
r
fe
$ ssh –i <private_key> opc@<Oracle Database Public IP address>
ns
tra
Where:
n-
. no
private_key is the name and location of the private key on your local system
ide a
DB_system_IP_address is the Public IP address of your Oracle Database
Gu as
is ) h
Note: After you are connected to the database system, you can execute commands
th s
as you would when connected to the database on a server.
e o.e
us ho
Examples:
to ya
• You could switch user accounts. As the opc user, use sudo to become the oracle
se @
user:
en 14
$ sudo – oracle
lic k20
• You could issue the oraenv command to interactively change your Oracle_SID:
$ . oraenv
ac
• You could issue the srvctl command to see information about your database:
olr
$ srvctl config database -d <Database Name>

(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 17-1 Practices
n-
tra
ns
fe
rab
le
Autonomous Database
Autonomous Database:
Scaling Resources in an
Get Started
Overview
Scaling resources is the easiest and the most effective way to improve performance of your
database without changing the configuration of the database or the application code.
With an Oracle Autonomous Database, you can configure the database to automatically scale
to meet the changing workload, or you can manually scale it by increasing or decreasing OCPU
le
and/or storage resources to meet the needs of your workload.
ab
r
fe
ns
tra
a. Provision an Autonomous Database
n-
Manually scale the number of OCPUs
. no
b.
ide a
c. Enable automatic scaling for storage
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Autonomous Database: Scaling Resources in an Autonomous Database 211

Prerequisites
• To learn more about scaling an Autonomous Database, see Scaling in Autonomous

Database.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
212 Autonomous Database: Scaling Resources in an Autonomous Database

Provision an Autonomous Database
In this practice, you provision an Autonomous Database.
Tasks
le
ab
2. From the navigation menu, select Oracle Database, and select Autonomous Database.
r
fe
ns
3.
tra
4. Click Create Autonomous Database.
n-
. no
5. Provide the following configuration parameters:
ide a
Gu as
• Display Name: FRA-AA-LAB17-ATP-01
is ) h
• Database Name: AALAB17DBATP
th s
e o.e
• Choose a workload type: Transaction processing

us ho
• Choose a deployment type: Shared infrastructure

to ya
• Configure the database:

se @
o Always Free: Disabled

en 14
o Choose database version: Leave at the default, 19c.

lic k20
o OCPU count: 1
ac
o Storage (TB): 1
olr
• OCPU auto scaling: Selected

(s
• Storage auto scaling: Deselected

uz
Create administrator credentials:

Cr
•
Username Read-only: Leave at the default, ADMIN.
es
o
dr
Note: You will not have access to the database as the sys user. Instead, you will
An
have access to the database as the ADMIN user. With this account, you can access
Database Actions to perform administrative tasks, such as to create a user
account.
o Create administrator credentials: Provide password for the ADMIN user. You will
need to enter the password twice. Enter OU_Cl0ud#12345.
• Choose network access: Select Secure access from everywhere.

• Choose License and Oracle Database Edition: Select License Included.
• Provide contacts for operational notifications and announcements: Do not

configure.
6. Click Create Autonomous Database.
Note: When provisioning completes, the status of the Autonomous Database will change
from Provisioning to Available.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Manually Scale the Number of OCPUs
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. You can manually change the
OCPU and/or the storge that will be available to your database.
In this practice, you will manually increase the OCPU for your database.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and then select Autonomous
fe
1.
ns
Database.
tra
Select FRA-AA-LAB17-ATP-01 from the list of databases.
n-
2.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide a
tab, note the following values:
Gu as
• OCPU count: 1 is ) h
• OCPU auto scaling: Enabled
th s
e o.e
• Storage: 1 TB
us ho
• Storage auto scaling: Disabled

to ya
Click Manage Scaling.

se @
4.
en 14
5. In the Manage Scaling dialogue box, set the OCPU count to 2.

lic k20
Click Apply.
ac
6.
olr
(s
Note: The status of the Autonomous Database will show, Scaling in Progress. Your users
uz
will still be able to access the database during the scaling process.
Cr
When the status of the database shows Available, the scaling process is completed.
es
dr
7. On the Autonomous Database Information tab, note the following values:

An
• OCPU count: 2
• Storage: 1 TB

Enable Automatic Scaling for Storage
The Oracle Cloud Infrastructure (OCI) Autonomous Database service provides you the ability
to increase or decrease cloud resources for your database. By default, OCPU auto scaling is
enabled and Storage auto scaling is disabled.
In this practice, you will enable Storage auto scaling.
le
Tasks
ab
r
From the navigation menu, select Oracle Database, and then select Autonomous
fe
1.
ns
Database.
tra
Select FRA-AA-LAB17-ATP-01 from the list of databases.
n-
2.
. no
3. On the Autonomous Database Details page, in the Autonomous Database Information
ide a
tab, note the following values:
Gu as
• OCPU count: 2 is ) h
th s
e o.e
• Storage: 1 TB
us ho

to ya
Click Manage Scaling.

se @
4.
en 14
5. In the Manage Scaling dialogue box, select the Storage auto scaling check box.
lic k20
Click Apply.
ac
6.
olr
Note: The status of the Autonomous database will show, Scaling in Progress.
(s
uz
When the status of the database shows, Available, the scaling process is completed.
Cr
7. On the Autonomous Database Information tab, note the following values:

es
• OCPU count: 2
dr
An

• Storage: 1 TB
• Storage auto scaling: Enabled

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s Guard
is ) h
Gu as
ide a
. no
Lab 18-1 Practices
n-
tra
ns
fe
rab
le
Security: Enable Cloud
Get Started
Overview
Cloud Guard examines your Oracle Cloud Infrastructure resources for security weakness
related to configuration, and your operators and users for risky activities. Upon
detection, Cloud Guard can suggest, assist, or take corrective actions, based on your
configuration.
le
ab
r
fe
ns
tra
Explore Cloud Guard
n-
b.
. no
c. Create a Cloud Guard target
ide a
Gu as
d. Create a scenario to verify Cloud Guard monitoring
is ) h
Remediate problems identified by Cloud Guard
th s
e.
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
218 Security: Enable Cloud Guard

An
Prerequisites
dr
Security: Enable Cloud Guard

es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
You must have access to the OCI Console.
e o.e
th s
is ) h
Gu as

ide a
. no
n-
tra
ns
fe
rab
le
219
In this section, you will create a VCN by using the Start VCN Wizard tool.
Tasks
1. In the console ribbon at the top of the screen, click the Regions menu and select UK
South (London).
le
ab
r
fe
ns
tra
n-
Wizard.
. no
Enter the following values:
ide a
5.
Gu as
• VCN Name: LHR-AA-LAB18-1-VCN-01
•
is ) h
Compartment: Select your assigned <compartment name>.
th s
e o.e
us ho
Review and understand the list of resources that the OCI VCN Wizard will create. Notice
to ya
7.
se @
en 14

lic k20
ac
8. Click Create.
olr

(s
uz
Cr
es
dr
An

Explore Cloud Guard
In this practice, you will explore Cloud Guard to obtain a unified view of your tenancy's cloud
security posture. You will also explore detector recipes for monitoring targets and responder
recipes for responding with any problems that occur.
Tasks
le
1. In the console ribbon at the top of the screen, from the Regions menu, select US East
ab
(Ashburn).
r
fe
ns
2. From the navigation menu, select Identity & Security, and then click Cloud Guard.
tra
Note: A dashboard with the current Cloud Guard observations is displayed. If the Guided
n-
Tour is displayed, go through the same to explore the various features. You can also click
. no
Stop tour if you are not interested in the tour. Once you are done with the tour, the
ide a
dashboard with various options under Cloud Guard on the left side in the browser window
Gu as
is displayed. is ) h
th s
In the left navigation pane, under Cloud Guard, click Detector Recipes.
e o.e
3.
us ho
4. In the left navigation pane, under Scope, select <Tenancy Name> (root).
to ya
Click OCI Configuration Detector Recipe (Oracle managed) and view the detector rules
se @
5.
that are included in this recipe.
en 14
lic k20
6. To view the details of a particular rule, click the disclosure triangle, a downward arrow
ac
located next to the three dots the right of the rule.

olr
7. Click Risk level to organize rules by their risk level.

(s
uz
8. Click Detector Recipes from the breadcrumb list at the top left.
Cr
Click OCI Activity Detector Recipe (Oracle managed) and explore the rules that are
es
9.
within activity detector recipe. You also see that for the built-in, Oracle-Managed detector
dr
recipes, you can clone the recipe. You may clone an existing recipe and customize it to
An
your needs.
10. Click Detector recipes from the breadcrumb list at the top left.
11. In the left navigation pane, under Cloud Guard, click Responder Recipes.
Security: Enable Cloud Guard 221

12. Click OCI Responder Recipe (Oracle Managed).
View the responder rules that are included in this recipe.
13. To view the details of a particular rule, click the disclosure trx1iangle, a downward arrow
located next to the three dots to the right of the rule.
14. Click Responder recipes from the breadcrumb at the top left.
le
15. In the left navigation pane, under Cloud Guard, click Managed lists.
ab
r
fe
16. Click the Oracle Cloud Guard CIDR Managed List.
ns
Note: A managed list is a reusable list of parameters that makes it easier to set the scope
tra
for detector and responder rules. A managed list is a tool that can be used to apply certain
n-
. no
configurations to detectors.
ide a
Under Entries, observe the predefined list of trusted IP address ranges used by Oracle
Gu as
Cloud Infrastructure (OCI). Cloud Guard also lets you define your own managed lists as
needed.
is ) h
th s
e o.e
For example, you can define lists of states or provinces, ZIP codes, OCIDs, or whatever
us ho
else you may define. Click the Managed Lists breadcrumbs and you will see an option to
to ya
create your own managed list.

se @
en 14
17. In the left navigation pane, under Cloud Guard, click Settings.
lic k20
Note: Observe the reporting region listed. If you are in the home region of your tenancy,
ac
you will also see the option to Disable Cloud Guard (if it is already enabled). If you are in
olr
any other region, this button will be disabled.

(s
uz
Cr
es
dr
An

Create a Cloud Guard Target
In this practice, you will learn to add target to set scope of resources that Cloud Guard
monitors.
Note: Cloud Guard is enabled in your practice tenancy.
Tasks
le
ab
r
South (London).
fe
ns
Click the navigation menu, click Identity & Security, and then click Cloud Guard.
tra
2.
n-
3. In the left navigation pane, under Cloud Guard, click Targets.
. no
ide a
4. In the left navigation pane, under List Scope, and select your assigned <compartment
Gu as
name>.
is ) h
Note: If you already have a specific target set for your compartment, delete it.
th s
e o.e
5. Click Create New Target.

us ho
to ya

se @
• Target Name: LHR-AA-LAB18-1-CG-01

en 14
• Description: Enter a description.

lic k20
• Compartment: Select your assigned <compartment name>

ac
• Configuration detector recipe: OCI Configuration Detector Recipe (Oracle managed)

olr
• Threat detector recipe: OCI Threat Detector Recipe (Oracle managed)

(s
Activity Detector Recipe: Oracle Activity Detector Recipe (Oracle managed)

uz
•
Cr
• Responder recipe: OCI Responder Recipe (Oracle managed)

es
7. Click Create.
dr
An
Note: The detail page for the new target will be displayed.
8. In the left navigation pane, under Resources, click Detector recipes and view the detector
recipes associated with the created target.

Create a Scenario to Verify Cloud Guard Monitoring
To identify a problem in the set target, you will create a bucket and make its visibility public.
South (London).
2. Click the navigation menu and click Storage. Under Object Storage, click Buckets.
le
ab
r
fe
ns
tra
5. In the Create Bucket dialog box, specify the attributes of the bucket:
n-
• Bucket Name: LHR-AA-LAB18-1-BKT-01-<user-id>
. no
Please specify your user ID in place of <user-id> to make it unique.
ide a
• Default Storage Tier: Select Standard.
Gu as
is ) h
Note: Leave all the other options in their default settings.
th s
e o.e
6. Click Create.
us ho
to ya
7. Click the three dots on the right to open the Actions menu and select Edit Visibility. Select
se @
Public and click Save Changes.

en 14
Note: You have now created a bucket with public visibility in the assigned compartment.
lic k20
To assure cloud security posture, the detector recipe includes a configuration rule for
ac
Bucket with a public visibility.

olr
As a result, you must wait for Cloud Guard to evaluate your allocated detector
(s
configuration and list its observations on the set target. Wait 30-60 minutes before
uz
checking the Cloud Guard Dashboard to see if the problem has been identified and
Cr
resolving it.
es
dr
An

Remediate the Problems Identified by Cloud Guard
1. From the navigation menu, select Identity & Security. Click Cloud Guard.
2. In the left navigation pane, under Cloud Guard, click Problems.
View the list of problems Cloud Guard has identified with the resources in your assigned
le
4.
ab
compartment based on your previous practices. The Problems page displays information
r
about each problem, including:
fe
ns
• Problem Name
tra
• Risk Level
n-
• Detector Type
. no
• Resource affected
ide a
• Target
Gu as
• Region is ) h
• Labels
th s
e o.e
• First Detected
us ho
• Last Detected
to ya
se @
Follow this process to remediate the problem Bucket is Public.

en 14
lic k20
1. In the breadcrumbs at the top left, click Problems.

ac
2. In the left navigation pane, under Resource type, select Bucket.

olr
(s
3. Select “Bucket is Public” from the problem list.

uz
Check problem details and problem history, before the actions are taken.
Cr
4.
es
Note: As per the problem details, you have the option to remediate (if there are any
dr
responder suggestions) or mark it as resolved or dismiss the problem.

An
The problem specifies that Bucket has a public visibility, it is recommended to carefully
assess whether public visibility is required for the mentioned resource and to act if it does
not.
5. Click Remediate and confirm that you want to execute the responder to remediate the
problem.

Note: After a couple of minutes, you will see that the problem is successfully resolved,
and the problem icon turns green.
6. To verify, click Buckets under Object storage. Click the bucket LHR-AA-LAB18-1-BKT-
01-<User_Id>. You will now see that the visibility is now Private.
Similarly, Cloud Guard can remediate or resolve identified problems in your OCI tenancy,
ensuring security posture.
le
ab
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
Data
e o.e
th s
is ) h
Gu as
ide a
Lab 19-1 Practices

. no
n-
tra
ns
fe
rab
le
Encryption/Decryption of
Security: Create a Vault and
Encryption Key and Perform
Get Started
Overview
OCI Vault is a cloud native service that allows customers to securely store and manage their
master encryption keys and configuration information. The OCI Vault service supports several
key encryption algorithms such as the Advanced Encryption Standard (AES), Rivest-Shamir-
Adleman (RSA), and the Elliptic Curve Digital Signature Algorithm (ECDSA).
This lab enables you to encrypt or decrypt sensitive information (such as credit card details,
le
salary information, and so on) by using the master encryption key stored in OCI Vault.
ab
r
fe
a. Create a Vault and a master encryption key
ns
b. Perform basic encryption and decryption by using the master encryption key
tra
n-
Prerequisites
. no
• URL of a precreated encryption script located at a predetermined location git
ide a
• URL of a precreated decryption script located at a predetermined location git
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
228 Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data
Create a Vault and a Master Encryption Key
You’ll create a Vault and a master encryption key required to perform cryptographic operations.
Tasks
2. From the Main Menu, select Identity & Security, and then click Vault.
3. Click Create Vault.
le
4. In the Create Vault dialog box, provide the following details:
ab
a. Create in Compartment: Select your <compartment_name>
r
fe
b. Name: ARCHITECT-ASS-VAULT
ns
c. Do not check the “Make it a virtual private vault” option.
tra
n-
5. Click Create Vault.
. no
It will take about a minute to create the vault. The vault will go through the Creating state to
ide a
the Active state.
Gu as
6. Select ARCHITECT-ASS-VAULT from the list of vaults in the root compartment.
is ) h
th s
7. Locate the Cryptographic Endpoint URL on the Vault Information tab. Copy the URL to
e o.e
your clipboard and save it somewhere to use later during encryption process.
us ho
a. Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to ya
8. From the left navigation pane under Resources, click Master Encryption Keys, and then
se @
en 14
click Create Key.

lic k20
9. In the Create Key dialog box, enter the following values for your key:
a. Create in Compartment: <Select your compartment>
ac
b. Protection Mode: HSM

olr
c. Name: FRA-AA-LAB19-VK-01
(s
uz
d. Leave everything else to default values and click Create Key. It will take about a
Cr
minute to create the master encryption key. The keys will go through the Creating
es
state to the Enabled state.

dr
10. Select your compartment from the Compartment drop-down list in the left column under List
An
Scope. To the right, you will see the key that you created. Click your Master Encrypted Key.
11. On the Key Details page, locate the OCID value on the Key Information tab. Click the Copy
link located to the right of the OCID value. Save the OCID value somewhere to use later
during the encryption process.
Sample: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Security: Create a Vault and Encryption Key and Perform Encryption/Decryption of Data 229
Perform Encryption
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and plain text to encrypt. The
provided shell script invokes oci kms crypto encrypt to perform data encryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
le
a. Go to your home directory.
ab
$ cd ~
r
fe
b. Get the shell script to encrypt the plain text.
ns
$ wget https://raw.githubusercontent.com/ou-developers/oci-
tra
vaultoperations/main/ocivault-encrypt.sh
n-
c. Make the downloaded shell script executable.
. no
$ chmod +x ocivault-encrypt.sh
ide a
d. Run the shell script.
Gu as
$ ./ocivault-encrypt.sh
is ) h
Note: This command will execute the downloaded interactive script, which will prompt you
th s
for the following values. When prompted, locate, and enter the values that you saved in
e o.e
the previous section.

us ho
2. Provide the required parameters as input.

to ya
a. Please enter the OCI Vault Cryptographic Endpoint URL

se @
< OCI Vault Cryptographic Endpoint URL>

en 14
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
lic k20
b. Please enter your Master Encryption Key OCID

ac
< Master Encryption Key OCID>

olr
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
(s
uz
Cr
es
dr
An
c. Please enter the text you wish to encrypt
<Plain text to be encrypted>

Example: HelloWorld
3. The Shell script will invoke oci kms crypto encrypt and perform a cryptographic
operation. The following is a sample output of the script:
Please enter the OCI Vault Cryptographic Endpoint URL

https://xxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
le
ab
Please enter your Master Encryption Key OCID
r
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
fe
ns
Please enter the text you wish to encrypt
tra
HelloWorld
n-
{
. no
"data": {
"ciphertext":
ide a
"QRu3Y6UBExxxxxaSCNyAKuhqRsxxxxxuk/shqzs4iimhWgyyAA==",
Gu as
"encryption-algorithm": "AES_256_GCM",
is ) h
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
th s
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
e o.e
}
us ho
}
to ya
---------- Encrypted Text ----------

se @
QYcEncB2aSYnAC7QkpXd589LxN8XdddFWJzHyFg2gTKCaCcht97rAAAA==
en 14
lic k20
4. Copy and save the Encrypted Text somewhere to use later during the decryption process.
ac
olr
(s
uz
Cr
es
dr
An
Perform Decryption
You will now run the provided shell script, which will take as input the OCI Vault cryptographic
endpoint, the OCID of the master encryption key you created, and the encrypted text to decrypt.
The provided shell script invokes oci kms crypto decrypt to perform data decryption.
Tasks
1. Click the Cloud Shell icon in the Console header to launch your Cloud Shell.
a. Go to your home directory.
le
ab
$ cd ~
r
b. Get the shell script to decrypt the encrypted text.
fe
$ wget https://raw.githubusercontent.com/ou-developers/oci-
ns
vaultoperations/main/ocivault-decrypt.sh
tra
c. Make the downloaded shell script executable.
n-
$ chmod +x ocivault-decrypt.sh
. no
d. Run the shell script.
ide a
$ ./ocivault-decrypt.sh
Gu as
2. Provide the required parameters as input.
is ) h
a. Please enter the OCI Vault Cryptographic Endpoint URL
th s
e o.e
< OCI Vault Cryptographic Endpoint URL>

us ho
Example: https://xxxxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
to ya
b. Please enter your Master Encryption Key OCID

se @
< Master Encryption Key OCID>

en 14
Example: ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
lic k20
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
c. Please enter the Encrypted Text (Generated Above)
ac
<Encrypted_Text_from_above_step>
olr
Example:
(s
uz
3. The Shell script will invoke oci kms crypto decrypt and perform a cryptographic
Cr
operation. The following is a sample output of the script:

es
dr
Please enter the OCI Vault Cryptographic Endpoint URL

An
https://xxxx-crypto.kms.eu-frankfurt-1.oraclecloud.com
Please enter your Master Encryption Key OCID
ocid1.key.oc1.xxx.xxxxxxxxxxxxxxxxxxxxxxxxx
Please enter the Encrypted Text (Generated Above)
{
"data": {
....
"key-id": "ocid1.key.oc1.xxx.xxxxxxxxxxbbbbbbbbbxxxx",
"key-version-id": "ocid1.keyversion.oc1.xxx.aaaabbbbb"
"plaintext": "ampqanNzc3NzCg==",
"plaintext-checksum": "2060560141"
}
}
---------- Plain Text ----------
le
HelloWorld
ab
--------------------------------
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Queries
Gu as
ide a
. no
Lab 20-1 Practices
n-
tra
ns
fe
Observability and
rab
le
and Create Monitoring
Management: Configure
Alarms with Notifications
Get Started
Overview
Oracle Cloud Infrastructure (OCI) Observability and Management provides visibility and
actionable insights derived using Machine Learning Algorithms. This platform is open and
extensible, and provides cloud-based monitoring and analytics.
le
Some of the Observability and Management services include Monitoring, Logging, Event
ab
Services, Logging Analytics, and Application Performance Monitoring. In this lab, you will
r
fe
create alarms and queries, and trigger alarms.
ns
tra
n-
a. Create a Virtual Cloud Network (VCN)
. no
b. Launch three Compute Virtual Machine instances
ide a
Gu as
c. Create alarms and view service metrics
is ) h
d. Create CPU stress and fire alarms
th s
e o.e
e. Create queries
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Assumptions
Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries 235
Set Up the Environment
In this practice, you will configure the cloud environment, create a virtual network, and
compute instances. The resources created in this practice will help you complete the rest of
the lab.
Task 1: Create a VCN
le
A Virtual Cloud Network (VCN) defines a private network in the cloud environment where you
ab
can specify networking parameters such as CIDR block and route tables, along with security
r
fe
controls like access control lists and virtual firewalls. You can also allow connectivity to the
ns
public Internet. In this task, you will create a VCN.
tra
n-
Note: For a production VCN environment, it is recommended to further restrict network
. no
access controls to meet your security requirements.
ide a
Gu as
1.
2.
is ) h
In the console ribbon at the top of the screen, click the Region icon to expand the menu
th s
and select Germany Central (Frankfurt).
e o.e
us ho
3. From the navigation menu, under Networking, select Virtual Cloud Networks.
to ya
From the left navigation panel, ensure you are in the compartment allotted to you. Click
se @
4.
Create VCN.
en 14
lic k20
ac
• Name: FRA-AA-LAB20-1-VCN-01
olr
(s
• Create In Compartment: <your compartment>.

uz
Cr
• IPv4 CIDR Block: 10.0.0.0/16 (Press Enter to add the IP block.)

es
6. Leave other fields as default. Click Create VCN.

dr
An
7. After the VCN is created, click FRA-AA-LAB20-1-VCN-01 VCN to view the details page.
Under Resources in the left navigation panel, click Internet Gateways.
236 Observability and Management: Configure Alarms with Notifications and Create Monitoring Queries
9. In the Create Internet Gateway dialog box, populate the following information:
• Name: FRA-AA-LAB20-1-IG-01
11. Next, make a quick update to the VCN route table to make use of the Internet Gateway
le
created in the previous step. Under Resources in the left navigation panel, click Route
ab
Tables.
r
fe
12. Click Default Route Table for FRA-AA-LAB20-1-VCN-01 and then, click Add Route
ns
Rules.
tra
n-
13. In the Add Route Rules dialog box, populate the following information:
. no
• Target Type: Internet Gateway
ide a
Gu as
• Destination CIDR Block: 0.0.0.0/0
is ) h
th s
• Target Internet Gateway: FRA-AA-LAB20-1-IG-01
e o.e
14. Click Add Route Rules to complete the process.

us ho
to ya
15. Finally, create a subnet in the VCN to identify IP space and deploy a VM. Return to the
se @
VCN details page by clicking FRA-AA-LAB20-1-VCN-01 in the breadcrumb list at the top
en 14
of the page.
lic k20
16. Under Resources in the left navigation panel, click Subnets. Then, click Create Subnet.
ac
olr
(s
• Name: FRA-AA-LAB20-1-SNET-01
uz
Cr
• Create In Compartment: <your compartment>.

es
• Subnet Type: Regional (Recommended)

dr
An
• IPv6 CIDR Block: 10.0.0.0/24
• Route Table Compartment in <your compartment>: Default Route Table
• Subnet Access: Public Subnet
18. Leave other fields as default. Click Create Subnet.
Task 2: Set Up SSH Keys for Virtual Machine Instance
Before launching a Virtual Machine instance, you will create SSH keys to authenticate the
Instance using Oracle Cloud Shell.
1. In the OCI Console ribbon at the top of the screen, ensure that the correct Region is
le
selected. In this case, the region is Germany Central (Frankfurt).
ab
Click Cloud Shell icon next to the region.
r
2.
fe
ns
3. In the Cloud Shell, ensure that you are in the home directory of your account. To check,
tra
run the following command:
n-
. no
$ pwd
ide a
Gu as
is ) h
If you are in your home directory, the value will be /home/<user_name>.
th s
e o.e
4. To change the directory to .ssh directory, run the following command:

us ho
to ya
$ cd .ssh/
se @
5. If the previous step shows an error as “No such file or directory,” then run the following
en 14
command:
lic k20
$ mkdir .ssh/
ac
olr
6. Now, change directory to .ssh/ by running the following command:

(s
$ cd .ssh/
uz
Cr
7. To create ssh keys, run the following command:

es
$ ssh-keygen -b 2048 -t rsa -f sshkeys

dr
An
8. Do not enter a password when prompted, press Enter.
Note: There are two files saved into the .ssh directory: sshkeys.pub (public key) and
sshkeys (private key). sshkeys.pub will be used while creating compute instances, and
sshkeys will be used to authenticate.
9. Run the following command to view the contents of the sshkeys.pub public key.
$ cat /home/<user_name>/.ssh/sshkeys.pub
Note: Replace <user_name> with your username as noted in step 3.
10. Copy and paste the content of sshkeys.pub public key into a Notepad file. You will use
this content while creating compute instance.
11. Close the Cloud Shell by clicking X at the top-right corner. Then, click Exit.
le
ab
r
Task 3: Launch Compute Virtual Machine Instance
fe
ns
tra
Now, you will launch a Virtual Machine in your newly created VCN. For this lab, you will create
n-
three instances.
. no
1. In the OCI Console ribbon at the top of the screen, ensure that you have selected the same
ide a
region where you created the VCN.
Gu as
2.
is ) h
From the navigation menu, under Compute, click Instances.
th s
e o.e
3. From the left navigation panel, ensure that you are in the compartment allotted to you. To
us ho
create the first instance, click Create instance.

to ya
In the Create compute instance dialog box, enter FRA-AA-LAB20-1-VM-01 in the Name
se @
4.
field.
en 14
lic k20
5. In the Create in compartment field, select <your compartment>.

ac
6. The Availability Domain will be pre-populated to match the subnet you created earlier.
olr
(s
7. Ensure that the Image is selected as Oracle Linux 8. If not, click Change Image and select
uz
Oracle Linux 8.
Cr
In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
es
8.
Memory) [Shape series: Ampere].
dr
An
Note: Your options and naming conventions may not match exactly as given here, so
select an appropriate shape if it is shown different for your region.
9. In the Primary network field, select Select Existing Virtual Cloud Network and ensure
FRA-AA-LAB20-1-VCN-01 is specified in the Virtual cloud network field.
10. In the Subnet field, select Select Existing Subnet. Ensure the Subnet is specified as FRA-
AA-LAB20-1-SNET-01.
If not, double-check the compartment is set to <your compartment>. You may have to
switch to a different Availability Domain (see above – the Availability Domain of your
subnet and compute instance must match) to allow the selection of your existing subnet,
if not already selected.
le
11. In the Public IP address field, select Assign a public IPv4 address.
ab
12. In the Add SSH keys field, select Paste public keys. Then copy the sshkeys.pub public
r
fe
key from the Notepad (copied earlier in previous task) and paste it in the SSH keys field.
ns
tra
13. Keep the other options default and click Create. The first compute instance is successfully
n-
created.
. no
14. Navigate back to the Instances page from the navigation menu. Ensure that the State of
ide a
Gu as
the instance you just created is Running.
is ) h
15. Copy the Public IP corresponding to the FRA-AA-LAB20-1-VM-01 instance and paste it in
th s
e o.e
the Notepad.
us ho
16. Now, click the Cloud Shell icon next to the Region at the top of the screen.
to ya
se @
17. Run the following command with pasting the sshkeys - private key and Public IP:
en 14
lic k20
$ ssh -i /home/<user_name>/.ssh/sshkeys opc@X.X.X.X

ac
▪ Replace <user_name> with your username.

olr
▪ Replace X.X.X.X with the public IP address copied in step 15.

(s
uz
Note: The SSH Key is the private key created in the previous task. It is used to
Cr
authenticate.
es
18. Enter Yes when prompted to connect and ensure you are connected to the instance.
dr
An
19. Enter exit to close the connection.
20. To create a second instance, repeat steps 2 through 7. Keep all settings the same except
the Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-
VM-02.
21. In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
22. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
SSH keys field, select No SSH keys.
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
and SSH keys for this instance can be skipped.
le
ab
23. Keep the other options default and click Create. The second compute instance is
successfully created.
r
fe
ns
tra
the second instance created is Running.
n-
. no
25. To create a third instance, repeat steps 2 through 7. Keep all settings the same except the
Name of the instance. Enter the Name of the second instance as FRA-AA-LAB20-1-VM-
ide a
Gu as
03.
is ) h
26. In the Shape field, click Change Shape. Then select VM.Standard.A1.Flex (1 OCPU, 6GB
th s
e o.e

us ho
27. In the Public IP address field, select Do not assign a public IPv4 address. In the Add
to ya
SSH keys field, select No SSH keys.

se @
en 14
Note: The instance is not required to be accessed; therefore, assigning a Public IP address
lic k20
and SSH keys for this instance can be skipped.

ac
28. Click Create. The third compute instance is successfully created.

olr
(s
uz
the third instance created is Running.

Cr
es
dr
An
Create Alarms and View Service Metrics
In this practice, you will view the service metrics for your instances, confirm that the required
monitoring plug-in is enabled, and set up alarm notifications.
Task 1: Confirm that Compute Instance Monitoring Plug-In Is Enabled
To view the service metrics available in the OCI Console, the compute instance monitoring
le
plug-in must be enabled. This plug-in emits metrics about the instance's health, capacity, and
ab
performance—such as CPU and memory utilization.
r
fe
ns
Note: The plug-in will be enabled by default, but it should be confirmed.
tra
From the OCI Console navigation menu, under Compute, select Instances.
n-
1.
. no
ide a
Gu as
3. Click Oracle Cloud Agent tab.
is ) h
Scroll down to find the Compute Instance Monitoring plug-in and ensure that it is
th s
4.
e o.e
running and enabled.

us ho
5. Navigate back to the Instances page and repeat steps 1-4 for the instance FRA-AA-
to ya
LAB20-1-VM-02.
se @
en 14
6. Repeat steps 1-4 for the instance FRA-AA-LAB20-1-VM-03.

lic k20
ac
olr
Task 2: Create a Topic and a Subscription Inside a Topic

(s
uz
Now that you have confirmed that Monitoring is enabled, you will create an alarm that is
Cr
triggered when the service metrics reach a designated threshold. You will see this alarm gets
triggered later in the practice when you perform a CPU stress test.
es
dr
To create an alarm, you must first create a notification so that the alarm has a way to notify
An
the relevant parties. For example, an alarm can email an administrator when a CPU usage
threshold has been breached.
1. From the OCI Console navigation menu, select Developer Services. Under Application
Integration, select Notifications.
2. From the left navigation panel, ensure you are in the compartment assigned to you.
3. Click Create Topic.
4. In the Create Topic dialog box, enter FRA-AA-LAB20-1-TOP-01 in the Name field and
enter Description if required as its optional.
5. Click Create.
6. Once the topic state changes to Active, click the topic to view the details.
le
7. Under Resources, click Create Subscription.
ab
r
fe
8. In the Create Subscription dialog box, select Email in the Protocol field.
ns
In the Email field, enter your email address.
tra
9.
n-
10. Click Create.
. no
ide a
11. Click the subscription that you just created.
Gu as
is ) h
12. The Subscription Information will be displayed with the status as Pending Confirmation.
th s
e o.e
13. Check the email account you specified and click the “Confirm subscription” verification
link in it. A pop-up browser window will tell you that the subscription has been confirmed.
us ho
to ya
14. Navigate back to the Subscriptions page and verify that the subscription status has
se @
changed to Active.
en 14
lic k20
Note: You may need to refresh your browser if the status is not updated.
ac
A topic and a subscription inside a topic are successfully created.

olr
(s
uz
Task 3: Create an Alarm for CPU Utilization

Cr
es
Now that you’ve created the topic and subscription for a notification, you will create your
dr
alarm. This alarm will be activated when the CPU utilization reaches a threshold that you
An
designate.
1. From the OCI Console navigation menu, select Observability & Management. Under
Monitoring, click Alarm Definitions.
2. From the left navigation panel, ensure that you are in the compartment assigned to you.
3. Click Create Alarm.
4. In the Create Alarm dialog box, populate the following information in the Create alarm
section:
• Alarm name: FRA-AA-LAB20-1-ALA-01
• Alarm severity: Critical
• Alarm body: High Usage of CPU
le
5. The Tags section is optional. Therefore, keep the default selections.
ab
r
fe
6. Populate the following information in the Metric description section:
ns
Compartment: <your compartment>
tra
•
n-
• Metric namespace: oci_computeagent
. no
ide a
• Metric name: CpuUtilization
Gu as
• Interval: 1m is ) h
th s
e o.e
• Statistic: Max
us ho
Note: The Resource Group field is optional. Therefore, you can skip it for now.
to ya
se @
7. Populate the following information in the Metric dimensions section:

en 14
• Dimension name: resourceDisplayName

lic k20
ac
• Dimension value: FRA-AA-LAB20-1-VM-01

olr
8. Populate the following information in the Trigger rule section:

(s
uz
• operator: greater than

Cr
• Value: 70
es
dr
• Trigger delay minutes: 1

An
9. Populate the following information in the Define alarm notifications section:
• Destination service: Notifications
• Compartment: <your compartment>
• Topic: FRA-AA-LAB20-1-TOP-01
You have created the topic earlier and recall that the topic is the communication channel, such
as email. When the alarm is triggered, a notification is sent to the subscribed email addresses.
10. Select the option Split notifications per metric stream in the Message grouping
section.
With this setting, you are configuring the Alarm to send a message for the specific
instance when it reaches the CPU threshold. The UI shows a message which is just a
le
reference- Consider limits when the alarm contains a high number of metric streams.
ab
11. You can select the message format, which is generally the first option, Send formatted
r
fe
messages.
ns
tra
12. You can also choose to have a notification repeated at certain frequencies if an alarm
n-
continues. Keep the Repeat notification option deselected.
. no
13. You have the option to suppress the notification. Keep the Suppress notifications option
ide a
Gu as
deselected.
is ) h
14. Select Enable this alarm and click Save Alarm.
th s
e o.e
You should now be able to see the alarm’s details.

us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Create CPU Stress and Fire Alarm
In this practice, you will create a CPU Stress on the first instance (FRA-AA-LAB20-1-VM-01),
monitor the effect of CPU stress on the instance, and see an event triggered when the CPU
utilization is greater than the threshold, which causes the alarm to fire.
Task 1: Create CPU Stress for an Instance
le
Now that you have created an alarm, Observability and Management monitors the working of
ab
instances and sends a notification when the alarm is triggered. For this purpose, the CPU is
r
fe
subjected to stress and forced to run to its maximum capacity. When the CPU Utilization
ns
metric is greater than the threshold value, the alarm gets triggered.
tra
n-
This is simulated by means of a CPUStress generator. The following steps are with respect to a
. no
Linux OS.
ide a
From the OCI Console navigation menu, under Compute, click Instances.
Gu as
1.
2.
is ) h
Click the instance FRA-AA-LAB20-1-VM-01. Copy the Public IP address.
th s
e o.e
3. Click the Cloud Shell icon from the Console ribbon at the top of the page.
us ho
Connect to the instance by running the following command:

to ya
4.
se @
$ ssh -i /home/<user_name>/.ssh/sshkeys opc@<X.X.X.X>

en 14
lic k20
▪ Replace <user_name> with your username.

ac
▪ Replace X.X.X.X with the public IP address.

olr
(s
5. You should get a message that the FIPS mode is initialized.

uz
Run the following command to install the EPEL (Extra Packages for Enterprise Linux)
Cr
6.
repository on Linux distributions to install additional standard open-source software
es
packages by using YUM and DNF package manager. If you are asked if it is OK, enter Y.
dr
An
$ sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-

release-latest-8.noarch.rpm
7. Enter Y. You will see Complete! when it is complete.
8. Install the stress package. Stress is a generator tool, devised to subject your system to
configurable measure of CPU, memory, I/O, disk stress. To install, run the following
command:
$ sudo yum install stress
Note: If you are asked if it is OK, enter Y again.
You will get a message when the installation is successful.
le
ab
r
fe
ns
Task 2: Include Stress to the Compute Instance
tra
n-
Now, you need to induce stress to the instance. The stress on the compute instances
. no
increases on repeated use of the stress command. Run the following command:
ide a
$ uptime
Gu as
$ stress --cpu 8 --timeout 300
is ) h
th s
Task 3: Trigger the Alarm
e o.e
us ho
to ya
Monitoring, click Alarm Definitions.

se @
en 14
2. Click FRA-AA-LAB20-1-ALA-01 alarm that you created earlier.

lic k20
3. The icon in FRA-AA-LAB20-1-ALA-01 would have changed to Firing mode due to the
ac
stress induced. This happens when the load on the CPU Utilization crosses the threshold
olr
limits. Please wait for a minute if the status is not changed to Firing, and then refresh the
(s
page.
uz
Cr
4. Scroll down to the Alarm history graph, which signifies that the CPU stress has surpassed
the set threshold.
es
dr
5. An email notification is sent to the configured subscription email of the Notifications

An
Topic as Alarm status changes from OK to Firing.
6. The email provides details about Alarm OCID, Number of Metrics breaching threshold,
and Dimensions.
7. Navigate back to the Alarm Definitions page and select the check box against the FRA-
AA-LAB20-1-ALA-01 alarm.
8. Click Actions and select Add suppressions from the drop-down list.
9. In the Suppress Alarms Wizard, select the default Start time and End time and click
Apply suppressions to confirm.
10. Click Close and verify that the column Suppressed shows the alarm is suppressed for the
period.
11. Click the Cloud Shell icon to open Cloud Shell where the stress was initiated on the
le
ab
Instance. Press Ctrl + C to stop the stress.
r
fe
12. Navigate back to the Alarm Definitions page and click the FRA-AA-LAB20-1-ALA-01
ns
alarm.
tra
n-
13. The CPU-usage-alarm icon would have changed to OK mode as the stress is now stopped.
. no
14. Verify an email notification is not received by the configured subscription email for the
ide a
status being changed from Firing to OK. This notification is not sent due to Alarm being
Gu as
suppressed for the period. is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
Create Queries
In this practice, you will create different types of queries and see how they are all represented
graphically.
Task 1: Create Standard Queries
In this task, you will learn about query expressions and components, and you will execute
le
sample queries that can be used with the Monitoring service. The Metrics Explorer creates
ab
queries that are used to search and aggregate metric data points collected from resources.
r
fe
ns
A standard query includes a metric namespace (the source or application being measured),
tra
metric (what is being measured), interval (over what period), and statistic (how it’s being
n-
measured, e.g., a sum, rate, or max value).
. no
ide a
Monitoring, click Metrics Explorer.
Gu as
2.
is ) h
To create a standard query, populate the following information in the Query section:
th s
e o.e

us ho
Metric namespace: oci-computeagent

to ya
•
se @

en 14
lic k20
• Interval: 5m
ac
• Statistic: Max
olr
(s
3. Click Update Chart.

uz
The chart generated is the output of the query. It represents the CPU utilization
Cr
(CpuUtilization) of all instances (oci_computeagent) in the past five minutes. The

es
corresponding Monitoring Query Language (MQL) is displayed under Query 1.

dr
An
Task 2: Create Standard Queries with a Filter
A filter condition is used along with a standard query to display the graphs that satisfy specific
conditions. The filter condition is entered in the Metric Dimensions area and includes a name
and (optional) a value.
1. From the navigation menu, select Observability & Management. Under Monitoring,
click Metrics Explorer.
le
ab
2. Populate the following information to create a grouping function using Basic mode in the
r
Query section:
fe
ns
tra
n-
• Metric namespace: oci-computeagent
. no
ide a
Gu as
• Interval: 5m is ) h
th s
e o.e
• Statistic: Max
us ho
3. In the Metric dimensions section, populate the following information:

to ya
se @
• Dimension name: availabilityDomain

en 14
• Dimension value: Select an availability domain.

lic k20
Click Update Chart.

ac
4.
olr
The chart displays the CPU utilization of the compute instances in an interval of five minute
(s
for the inputted availability domain.

uz
Cr
es
Task 3: Create Aggregation Using Basic Queries

dr
An
Simple aggregation (grouping) function queries return the combined value of all metric
streams for the selected statistic. They can be written manually in the Query Code Editor pane
by checking the Advanced mode option, or you can use the Standard Query mode used above.
Query section:
• Metric namespace: oci-computeagent
le
• Interval: 5m
ab
r
fe
• Statistic: Max
ns
In the Metric dimensions section, populate the following information:
tra
3.
n-
• Dimension name: availabilityDomain
. no
ide a
• Select the Aggregate metric streams check box.
Gu as
is ) h
Note: You can leave the Dimension value field blank for now.
th s
e o.e

us ho
The graph displays the aggregation of CPU utilization of all availability domains, with an
to ya
interval of five minutes, and a statistic option of the Max function.

se @
en 14
The selection of Aggregate metric streams check box is referred to as grouping function
lic k20
while using Advanced mode. This query can be viewed with selecting Advanced mode check
box.
ac
olr
(s
Task 4: Create Advanced Queries

uz
Cr
The nested queries are written as part of the Advanced mode in the Query code editor.
es
dr
An
2. Select the Advanced mode check box at the top right of the Query 1 section.
Query section:
▪ Compartment: <your compartment>
▪ Metric namespace: oci-computeagent
4. Enter the following code in the Query code editor field.
le
(CpuUtilization[1m].max() > 5).grouping().max()
ab
r
Click Update Chart.
fe
5.
ns
The displayed output groups the compute instances and displays the ones whose
tra
CpuUtilization is more than 5 percent in the past minute.
n-
. no
GroupBy is a grouping function, which can be written using Advanced mode. It is another way
ide a
to aggregate metric streams. For example, you can group by shape used by the Instance.
Gu as
1. is ) h
To group by shape, enter the following code into the Query code editor.
th s
e o.e
CpuUtilization[5m].groupBy(shape).max()
us ho

to ya
The displayed output groups compute instances by shape and displays the CpuUtilization
se @
with an interval of 5 mins and showing the maximum reported value in the graph.
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An
An
dr
es
Cr
uz
(s
olr
ac
lic k20
en 14
se @
to ya
us ho
e o.e
th s
is ) h
Gu as
ide a
. no
Lab 21-1 Practices
n-
tra
ns
fe
Observability and
r
Service Connectors
ab
le
Management: Configure
Get Started
Overview
A service connector specifies the source logs, optional filtering/processing, execution

frequency, and the destination Object Storage bucket. In this lab, we will enable service logs
for Object Storage events and export them into another Object Storage bucket.
le
rab
a. Enable service logs
fe
ns
b. Export logs using service connectors
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
Assumptions
ac
olr

(s

uz
Cr
es
dr
An
254 Observability and Management: Configure Service Connectors

Set Up the Environment
In this practice, you will create an automated job to export your log data into the Object
Storage bucket for long-term storage and archive. The Oracle Cloud Infrastructure (OCI)
makes this easy via service connectors, which provide a framework for creating jobs to filter,
process, and move log data from Logging to Object Storage.
Task 1: Create Object Storage Buckets
le
ab
An Object Storage bucket is a logical container for storing objects. A bucket is associated with
r
fe
a single compartment that has policies to determine what actions a user can perform on a
ns
bucket and on all the objects in the bucket. The objects can store any type of data regardless
tra
of the content type. In this task, you will create two buckets: one for enabling logging and
n-
another for archiving logs.
. no
ide a
1.
Gu as
2. In the console ribbon at the top of the screen, click the Region icon to expand the menu
is ) h
and select Germany Central (Frankfurt).
th s
e o.e
3. From the navigation menu, select Storage. Under Object Storage & Archive Storage,
us ho
click Buckets.
to ya
se @

en 14
In the Create Bucket dialog box, enter FRA-AA-LAB21-1-BKT-01-xxx in the Name

lic k20
5.
field.
ac
olr
Please specify a random number in place of xxx to make it unique.

(s
6. In the Default Storage Tier field, select Standard.

uz
Cr
7. In the Encryption field, select Encrypt using Oracle managed keys.

es
Keep the rest of the options as default and click Create.

dr
8.
An
You will now create a second bucket, which will be used as the archive bucket to move
logs generated for read events occurred for the first bucket.
9. Navigate back to the Buckets page from the navigation menu.
Observability and Management: Configure Service Connectors 255

11. In the Create Bucket dialog box, enter FRA-AA-LAB21-1-BKT-02-xxx in the Name
field.
Please specify a random number in place of xxx to make it unique.
12. In the Default Storage Tier field, select Standard.
Note: The Default Storage Tier can also be selected as Archive; however, in this lab, you
will select Standard to immediately download the transitioned log. An object in Archive
le
ab
Storage Tier needs to be restored first before it can be downloaded.
r
fe
13. Keep the rest of the options as default and click Create.
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Enable Service Logs
In this practice, you will enable automatic log collection for Object Storage activity (read, write)
for the bucket created earlier.
Task 1: Create a Log Group
1. From the navigation menu, select Observability & Management. Under Logging, click
le
Log Groups.
ab
r
From the left navigation panel, ensure that you are in the compartment assigned to you.
fe
2.
ns
Click Create Log Group.
tra
3.
n-
4. In the Create Log Group dialog box, ensure that the Compartment field is populated with
. no
<your compartment>.
ide a
Gu as
5. In the Name field, enter FRA-AA-LAB21-1-LGP-01.
is ) h
In the Description field, enter a brief description.
th s
6.
e o.e
Click Create.
us ho
7.
to ya
se @
en 14
Task 2: Enable Object Storage Log

lic k20
In this task, you will enable logging on the Object Storage bucket created earlier.
ac
olr
(s
Log Groups.
uz
From the left navigation panel, ensure that you are in the compartment assigned to you.
Cr
2.
es
3. Click the FRA-AA-LAB21-1-LGP-01 log group.

dr
An
4. From the left navigation panel, select Logs.
5. Click Enable service log.

6. In the Enable Resource Log dialog box, populate the following information:
• Resource Compartment: <your compartment>
• Service: Object Storage
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
• Log Category: Read Access Events
le
ab
• Log Name: FRA-AA-LAB21-1-SLOG-01
r
fe
ns
7. Click Enable Log.
tra
8. Review the log details page. It may take a couple minutes for the service to complete
n-
configurations. The Status under Log Information should be Active.
. no
ide a
9. Navigate back to the Logs page and click Enable service log.
Gu as
is ) h
10. In the Enable Resource Log dialog box, populate the following information:
th s
e o.e
• Resource Compartment: <your compartment>

us ho
• Service: Object Storage

to ya
se @
• Resource: FRA-AA-LAB21-1-BKT-01-xxx
en 14
lic k20
• Log Category: Write Access Events

ac
• Log Name: FRA-AA-LAB21-1-SLOG-02

olr
11. Click Enable Log.

(s
uz
12. Review the log details page. It may take a couple minutes for the service to complete
Cr
configurations. The Status under Log Information should be Active.

es
13. From the navigation menu, select Storage. Under Object Storage & Archive Storage,
dr
An
click Buckets.
14. Click the FRA-AA-LAB21-1-BKT-01-xxx bucket.
15. Under Resources in the left navigation panel, click Logs.
16. Verify that the status of Read Access Events is Active and Enabled with Log Group FRA-
AA-LAB21-1-LGP-01 and Log Name FRA-AA-LAB21-1-SLOG-01.

17. Verify that the status of Write Access Events is Active and Enabled with Log Group FRA-
AA-LAB21-1-LGP-01 and Log Name FRA-AA-LAB21-1-SLOG-02.
18. Under Resources in the left navigation panel, click Objects.
19. Verify that the bucket is empty.
Note: Leave the bucket empty for now. In a later task, you will upload a few objects into
the bucket that generates write events and those logs (applied with a filter) will be
le
ab
transitioned into the second Object Storage bucket.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Export Logs Using Service Connectors
In this practice, you will explore the contents of your logs using the built-in search capabilities
provided by the Logging service. This will validate that the logging is working for FRA-AA-
LAB21-1-BKT-01.
In a later task, you will configure a service connector to export logs into second Bucket FRA-
AA-LAB21-1-BKT-02.
le
ab
Task 1: Validate Logs with Log Search
r
fe
ns
tra
Search. You will now create search criteria and look for logs pertaining to your bucket,
n-
FRA-AA-LAB21-1-BKT-01-xxx.
. no
2. Click Select logs to search text field.
ide a
Gu as
3. In the Select logs to search field, click x to remove <your compartment> if selected by
default.
is ) h
th s
e o.e
4. Expand the (root) compartment under the Compartment column and select <your
us ho
compartment> from the Compartment list.

to ya
Note: Do not click the plus (+) sign. Click the compartment name only.
se @
en 14
This step will bring up the log groups in that compartment without including the
lic k20
compartment itself as part of the search criteria. You don’t want the compartment itself
ac
included, because you don’t want all the logs for that compartment in the search results.
olr
5. In the Log Groups column, select the FRA-AA-LAB21-1-LGP-01 log group, but again, click
(s
the name only without clicking the plus sign. This will bring up the logs for that log group.
uz
Cr
6. In the Logs column, select FRA-AA-LAB21-1-SLOG-01.

es
This time, click the plus (+) sign to add it as the only search criteria. The Select logs to
dr
7.
search field at the top of the dialog box will be updated.
An
8. Click Continue to execute the search.
9. Verify that the graph shows the corresponding log records. If the graph is not displayed,
change the Filter by time field to Past hour.

10. In the Custom filters field at the top of the Search area, enter data.message =. You can
then select from the list to further refine your search. Select one of the log records listed
that contains the specific message.
The graph and log section will be updated based on the selected data.message.
Task 2: Create a Service Connector
le
ab
r
fe
Service Connectors.
ns
tra
2. Click Create Service Connectors.
n-
. no
3. In the Create service connectors dialog box, populate the following information:
ide a
• Connector name: FRA-AA-LAB21-1-SC-01
Gu as
is ) h
• Description: <description>
th s
e o.e
• Resource compartment: <your compartment>

us ho
to ya
• Source: Logging
se @
• Target: Object Storage

en 14
lic k20
4. In the Configure source section, ensure that the following information is populated:
ac

olr
(s
• Log Group: FRA-AA-LAB21-1-LGP-01

uz
Cr
• Logs: FRA-AA-LAB21-1-SLOG-02
es
5. Wait a few seconds for Log filter task section to load. Then in the Property field, enter
dr
data.requestAction.
An
6. In the Operator field, select =.
7. In the Value field, enter PUT and press the Enter key.

8. Keep the Configure task section as default. In the Configure target section, populate the
following information:
• Bucket: FRA-AA-LAB21-1-BKT-02-xxx
Note: Do not click Create in the “Create default policy allowing this service connector to
write to Object Storage in compartment <your compartment>” message box. The policies
le
ab
are already added to your compartment.
r
fe
9. Click Create.
ns
tra
10. Navigate to the Service Connectors page using the breadcrumb list.
n-
. no
11. Verify that the Status column shows Active for FRA-AA-LAB21-1-SC-01, the Source
column shows as Logging, and the Target column as Object Storage.
ide a
Gu as
Note: The service connector is created to move log data that contains the
is ) h
data.requestAction=PUT into the Object Storage bucket- FRA-AA-LAB21-1-BKT-02-xxx.
th s
e o.e
The log message is generated when an object is uploaded in the bucket. To generate a
specific log with PUT action, you will upload objects into the bucket using OCI CLI.
us ho
to ya
se @
en 14
Task 3: Upload Objects into Object Storage Bucket

lic k20
1. In the OCI Console header, click the Cloud Shell icon next to the Region icon.
ac
olr
2. Once the Cloud Shell launches, run the following commands:

(s
$ echo "Object Storage Bucket Write Event 1" >> labobject1.txt

uz

Cr

es
dr
An
3. Run the following command to verify if the files are created successfully:
$ 1s
The three files, labobject1.txt, labobject2.txt, and labobject3.txt, should be

listed.

4. Run the following command to upload the labobject1.txt file into the bucket:
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-xxx" --

name labobject1.txt --file ./labobject1.txt
An output in JSON format should be returned with etag, last-modified, opc-content-md5

along with each of their values.
5. Run the following command to upload the labobject2.txt file:

$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-
le
<User_Id>" --name labobject2.txt --file ./labobject2.txt
ab
r
fe
6. Run the following command to upload the labobject3.txt file:
ns
$ oci os object put --bucket-name="FRA-AA-LAB21-1-BKT-01-xxx" --
tra
name labobject3.txt --file ./labobject3.txt
n-
7. Once done, close the Cloud Shell window.
. no
ide a
Gu as
is ) h
Task 4: Verify the Logs Archived by Using Service Connector
th s
e o.e
The log content archived to Object Storage is aggregated via batches (default every seven
us ho
minutes) and stored in .gz format. The timestamps allows easy retrieval by time ranges. In
to ya
this task, you will locate the archived content and optionally download/extract/view to
se @
validate the storage integrity.

en 14
Note: This task needs to be run after 7 minutes, which is the rollover time for uploading files
lic k20
into the Object Storage bucket.

ac
From the navigation menu, select Storage. Under Object Storage & Archive Storage,
olr
1.
click Buckets.
(s
uz
2. Click the FRA-AA-LAB21-1-BKT-01-xxx bucket.

Cr
Verify that the new objects, labobject1.txt, labobject2.txt, and

es
3.
labobject3.txt, are uploaded and displayed.
dr
An
4. Navigate back to the Object Storage page by using the breadcrumb list and click the
FRA-AA-LAB21-1-BKT-02-xxx bucket.

5. Verify that there is a folder created for the service connector, and expand the bucket
contents to view archive content in timestamped log.gz format.
Note: It may take a few minutes after creating the connector for initial content to land in
the bucket.
6. Select the content check box and click the three dots on the right to download, extract,
and view the file.
le
ab
7. User your preferred log or text viewer to verify the content.
r
fe
ns
tra
n-
. no
ide a
Gu as
is ) h
th s
e o.e
us ho
to ya
se @
en 14
lic k20
ac
olr
(s
uz
Cr
es
dr
An

Labs

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Labs

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibited. Copyright© 2023, Oracle University and/or its affiliates.

Learn more from Oracle University at education.oracle.com

Oracle Cloud Infrastructure

of their respective owners.

Third-Party Content, Products, and Services Disclaimer

Create a Policy (Without Identity Domains Enabled) ...................................................................... 24

Create a Dynamic Group (Without Identity Domains Enabled) ...................................................... 26

Get Started ...................................................................................................................................... 28

Create a Virtual Cloud Network ...................................................................................................... 29

Networking - Virtual Cloud Network: Configure Local VCN Peering .......................................... 30

Get Started ...................................................................................................................................... 31

Create Virtual Cloud Network 01 .................................................................................................... 33

Create Virtual Cloud Network 02 .................................................................................................... 34

Add a Local Peering Gateway (LPG) to each VCN .......................................................................... 35

Connect the VCNs........................................................................................................................... 36

Add Route Rules ............................................................................................................................. 37

Add Security Rules .......................................................................................................................... 38

Networking - Virtual Cloud Network: Configure Remote VCN Peering....................................... 39

Copyright © 2023, Oracle and/or its affiliates.

Oracle Cloud Infrastructure Architect Associate – Table of Contents iii

Add Route Rules ............................................................................................................................. 48

Generate SSH Keys........................................................................................................................ 77

Create a Compute Instance ............................................................................................................ 82

Install an Apache HTTP Server on the Instance............................................................................. 84

Compute: Create a Capacity Reservation and Launch Instances ............................................... 86

Get Started ...................................................................................................................................... 87

Create a Virtual Cloud Network and a Subnet ................................................................................ 88

Create a Capacity Reservation ....................................................................................................... 89

Add a Capacity Configuration ......................................................................................................... 90

Create Instances in a Capacity Reservation................................................................................... 91

Move an Instance out of a Capacity Reservation ........................................................................... 93

Adding an Instance to a Capacity Reservation ............................................................................... 94

Get Started ...................................................................................................................................... 96

Create a Virtual Cloud Network and Its Components ..................................................................... 98

Create a Load Balancer .................................................................................................................. 100

iv Oracle Cloud Infrastructure Architect Associate – Table of Contents

Get Started ...................................................................................................................................... 114

Resize a Block Volume ................................................................................................................... 145

Detach a Block Volume................................................................................................................... 147

Get Started ...................................................................................................................................... 149

Create Two Block Volumes............................................................................................................. 150

Create a Volume Group .................................................................................................................. 152

Enable Cross-Region Replication for the Volume Group ............................................................... 154

Activate the Volume Group Replica ................................................................................................ 156

File Storage: Create and Mount a File System .............................................................................. 158

Get Started ...................................................................................................................................... 159

Create a VM Instance ..................................................................................................................... 164

Create a File System ...................................................................................................................... 167

Configure VCN Security Rules for File Storage .............................................................................. 169

Oracle Cloud Infrastructure Architect Associate – Table of Contents v

Configure VCN Security Rules for File Storage .............................................................................. 189

Explore Cloud Guard ...................................................................................................................... 221

Create a Cloud Guard Target ......................................................................................................... 223

Create a Scenario to Verify Cloud Guard Monitoring ..................................................................... 224

Remediate the Problems Identified by Cloud Guard ...................................................................... 225

Get Started ...................................................................................................................................... 228

Create a Vault and a Master Encryption Key.................................................................................. 229

Perform Encryption ......................................................................................................................... 230

Observability and Management: Configure Alarms with Notifications and Create

Get Started ...................................................................................................................................... 235

Set Up the Environment .................................................................................................................. 236

Create Alarms and View Service Metrics ....................................................................................... 242

Create CPU Stress and Fire Alarm ................................................................................................. 246