HOUG Oracle Cloud workshop-sorozat

Oracle Cloud Infrastructure (OCI) alapozó

Kovács Norbert, Farkas Miklós

2023. szeptember 14.
Safe harbor statement

The following is intended to outline our general product direction.

It is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver
any material, code, or functionality, and should not be relied
upon in making purchasing decisions. The development, release,
timing, and pricing of any features or functionality described for
Oracle’s products may change and remains at the sole discretion
of Oracle Corporation.

2 Copyright © 2023, Oracle and/or its affiliates

Program

8:30 – 9:00 Regisztráció és reggeli

9:00 – 9:10 Köszöntő, workshop sorozat ismertetése
9:10 – 9:40 Oracle publikus felhő szolgáltatásainak áttekintése
9:40 –10:30 Alap fogadókörnyezet elemeinek áttekintése
10:30 –10:50 Kávészünet
10:50 –12:00 Fogadókörnyezet kialakítása és alkalmazás elhelyezése
12:00 –13:00 Ebéd

3 Copyright © 2023, Oracle and/or its affiliates

HOUG Oracle Cloud workshop-sorozat

4 Copyright © 2023, Oracle and/or its affiliates

Distributed Cloud stratégia
Multicloud
Our products work with
your other providers
Public cloud
Access cloud services in 45
global locations including
Commercial, Governmental,
and European Sovereign
(2023)
5 Copyright © 2023, Oracle and/or its affiliates
Hybrid cloud
We bring cloud services to you
Dedicated cloud
We build a cloud just for you,
with all 100+ OCI services
running in customer data
centers
Oracle Cloud Infrastructure (OCI) alapozó

Public cloud
Access cloud services in 45
global locations including
Commercial, Governmental,
and European Sovereign
(2023)

6 Copyright © 2023, Oracle and/or its affiliates

Oracle privát/hibrid felhő

Hybrid cloud
Oracle Exadata Cloud@Customer – Cloud
autonomous databases running in customer data
centers
Oracle Compute Cloud@Customer – Fully-managed
rack-scale, OCI regional resource bringing cloud
services on-premises
Oracle Cloud Vmware Solution – Complete control
using familiar VMware tools

Dedicated cloud
We build a cloud just for you,
with all 100+ OCI services
running in customer data
centers

7 Copyright © 2023, Oracle and/or its affiliates

Oracle Multi-cloud ajánlatai

Multicloud
OCI Interconnect with Azure –
2 millisecond latency private connection
and identity federation
OCI Database Service for Azure – OCI
databases provisioned and managed
through Azure (AWS, GCP on roadmap)
Inbound Multicloud (Cloud Hub) –
GCP, AWS,Azure services available in
OCI (on roadmap)
MySQL HeatWave on AWS – Database
runs on AWS and managed through OCI
console

8 Copyright © 2023, Oracle and/or its affiliates

Alkalmazás modernizáció

Public cloud
Access cloud services in 45
global locations including
Commercial, Governmental,
and European Sovereign
(2023)

9 Copyright © 2023, Oracle and/or its affiliates

Oracle felhő áttekintése

10 Copyright © 2023, Oracle and/or its affiliates

 100%

Teljes körű regionális lefedettség

renewable
energy used for
Oracle Cloud
August 2023: 45 Regions, 7 planned; 12 Azure Interconnect Regions data centers in
Europe (today);
All regions (by
2025)

LONDON STOCKHOLM
AMSTERDAM
NEWPORT
FRANKFURT
GERMANY ZURICH
MONTREAL PARIS MILAN
TORONTO MADRID MARSEILLE
SAN JOSE CHICAGO JOVANOVAC CHUNCHEON
SPAIN TOKYO
ASHBURN SEOUL
PHOENIX ISRAEL 2 OSAKA
JERUSALEM
SAUDI 2 DUBAI
QUERETARO JEDDAH
SAUDI 3 ABU DHABI
MEXICO 2 MUMBAI
HYDERABAD
• Same Architecture COLOMBIA
SINGAPORE 2
• Same Services SINGAPORE
• Same Prices

VINHEDO
35 Commercial SAO PAULO
7 Commercial Planned JOHANNESBURG
2 Sovereign SANTIAGO
8 Government SYDNEY
CHILE 2
CANBERRA
12 Microsoft Azure Interconnect MELBOURNE

11 Copyright © 2023, Oracle and/or its affiliates

Telepítési opciók a szuverenitási elvárások szempontjából

Commercial Government EU Sovereign Dedicated Isolated Region Oracle Alloy*

Regions Regions Cloud Region
Global operations US, UK & Australia EU operations Cloud deployed in Designed to work in Enables partners to
operations your datacenter disconnected mode become cloud providers

Data Center
Global US/UK/Australia EU Customer-defined Customer-defined Partner-defined
Location

Operations US or UK or
Oracle Global Oracle EU Oracle Global Customer-defined Partner-defined
and Support Australia personnel

Network US or UK or
Isolation Australia Air-gapped,
Global realm EU realm Dedicated realm Dedicated realm
dedicated realm
(Realm) government realms

Customer’s
Multi-tenancy Yes Yes Yes Customer-defined Partner’s customers
organization

Same OCI architecture, services, experience, and value

*coming soon

12 Copyright © 2023, Oracle and/or its affiliates

Az alapoktól építettük fel a felhőszolgáltatásunkat
Az első generáció indulása utána 11 évvel tiszta lappal indítottunk

Nonblocking Maximum
Off-box Flex Simple, predictable
networks, computing density
virtualization infrastructure pricing
minimal charges per MW

The way we manage OCI is
entirely separate from
your resources,
maximizing isolation,
performance, and security
We optimized our We pack over 230,000 You can choose exactly the Our pricing is simple to
networks, so you get cores into each megawatt number of cores, memory, understand, 50-90% lower
guaranteed bandwidth and can deliver an entire and storage performance than other hyperscalers,
between your resources, cloud region in only 12 you need, and pay for and consistent worldwide,
with 90% lower costs to racks exactly that, minimizing so you get predictable
access data and 80% lower waste savings with no surprises
costs to serve data

The unique design of OCI enable Oracle to offer to most competitive and extensive SLAs in the
market covering availability, performance and scalability

13 Copyright © 2023, Oracle and/or its affiliates

Széles szolgáltatás portfólió, 100+ szolgáltatás

Oracle Applications Custom Applications ISV Applications

Developer Containers and Integration Analytics and BI Machine Learning Big Data
Services Functions Services and AI and Data Lake

Compute Storage Networking Oracle Open Source Native VMWare

Databases Databases

Security | Observability and Management | Compliance | Messaging |Cost Management & Governance

Global Cloud Datacenter Infrastructure

Commercial and Government Public Cloud Regions | Hybrid Cloud: Cloud@Customer, Dedicated Regions, Roving Edge

14 Copyright © 2023, Oracle and/or its affiliates

Nyílt és rugalmas választás

Managed services based on Run the technologies Native integrations with the
upstream open source you already use dev tools you’re used to
Reduce operational burdens and use the skills Extend technology investments you’ve already Simplifies building, deploying, and managing
you already on your team. made applications with skills you already have

Redhat,
Ubuntu,
CentOS,
Debian,
SUSE, Oracle

Communities we contribute to

15 Copyright © 2023, Oracle and/or its affiliates

Benchmark
AWS vs Azure vs Google vs IBM vs Oracle - VMs Q2 2023

https://projector.cloud-mercato.com/projects/aws-vs-azure-vs-google-vs-ibm-vs-oracle-vms-q2-2023

16 Copyright © 2023, Oracle and/or its affiliates

Fogadókörnyezet/Landing Zone

17 Copyright © 2023, Oracle and/or its affiliates

Landing Zone koncepció (standard, tailored)

Standard Landing Zones Tailored Landing Zones

Prescribed Design Your Design

1 2 3

Sec Net Ops Run

Config Deploy Extend

Where to Start Where to Start

CIS L Z v2 OELZ v2 OCI Open L Z Blueprint

https://github.com/oracle-devrel/technology-engineering/blob/main/landing-zones/README.md
18 Copyright © 2023, Oracle and/or its affiliates
OCI Standard Landing Zones

CIS Landing Zone Oracle Enterprise Landing Zone

19 Copyright © 2023, Oracle and/or its affiliates

Tailored Landing Zone

1. Onboarding and reflecting your organization structure & business units.

2. Fine grained segregation of duties and responsibilities across resources.

3. Highly tuned network design and security posture.

Tailored Landing Zones

4. Mirror existing landing zones on other CSP. Yo u r T ailo r ed Desig n

5. Heterogeneuous/Large workloads landscape. Net Ops Run

Sec

6. Adopting a highly scalable operating model.

W h e r e t o St a r t

OCI O p e n L Z Blueprint

20 Copyright © 2023, Oracle and/or its affiliates

 Operating Entity (OE) = LoB, Business Unit, Operating Company

OCI Open L Z

OCI Operating Entities Landing Zone

A blueprint to simplify the Onboarding of Organizations,

Business Units, and Subsidiaries into OCI.

input

Design (PDF) + Diagrams (Draw.io) + IaC Configs (JSON) + Use CIS LZ v3 Code (Git)

https://github.com/oracle-quickstart/terraform-oci-open-lz

21 Copyright © 2023, Oracle and/or its affiliates

Fogadókörnyezet elemeinek áttekintése

22 Copyright © 2023, Oracle and/or its affiliates

CIS Landing Zone

23 Copyright © 2023, Oracle and/or its affiliates

Organization Management
Tenancy, Compartment, Availability Domain, Fault Domain

24 Copyright © 2023, Oracle and/or its affiliates

Tenant kezelés

25 Copyright © 2023, Oracle and/or its affiliates

Compartment koncepció

1) Compartments can be nested and can be six levels deep (Six levels of nesting).
2) Allows you to write policies for the root compartment or even more granular on the sub-compartments.
3) You could set quotas on the shapes of the VM’s that the compartment is allowed to consume.
4) You can also set a Spending budget on each compartment.
5) Resources from multiple regions can be in the same compartment, you can restrict access to users based
on region.
26 Copyright © 2023, Oracle and/or its affiliates
Landing Zone architektúra - compartment

27 Copyright © 2023, Oracle and/or its affiliates

Identity and Access Management
Authentication, Authorization, Identity, Policies

28 Copyright © 2023, Oracle and/or its affiliates

 OCI Identity & Access Management (OCI IAM)
Enterprise Identity & Access Management

OCI IaaS and PaaS

IAM Policies

***

External
Id Providers Federated
Social SaaS Apps
Logon SSO

Oracle Sign-In

External Federated VPN Clients

MFA Providers Logon RADIUS Oracle Databases
Proxy
OCI IAM
Outbound Authentication
MFA Inbound Authentication and SSO
External and SSO Linux PAM Linux Hosts
Risk Providers ! Module
? ✓
Adaptive
Security Identity Store and
Lifecycle Management Enterprise Apps
Microsoft
App
Active Directory Gateway
Active Directory Provisioning User & Access App
Bridge Bridge Management Catalog
29 Copyright © 2023, Oracle and/or its affiliates
OCI Identity & Access Management (OCI IAM)
IAM Domains for Application Developers

OCI IDENTITY & ACCESS MANAGEMENT (IAM)

Social Logon Adaptive Security Self-Registration Terms of Use

and MFA Self-Service Consent

OATH OAuth FIDO2 REST APIs SAML OIDC SCIM

Authentication Policies Authentication and User Management

and Configuration Fully Customizable User Interfaces

SDKs and
Sample Code Custom App

30 Copyright © 2023, Oracle and/or its affiliates

AuthN options

Using OCI API + CLI / SDK

Social / Username & Password

Oracle generated token strings

31 Copyright © 2023, Oracle and/or its affiliates

AuthZ – Security Policy

32 Copyright © 2023, Oracle and/or its affiliates

AuthZ – Tag-Based Access Control

33 Copyright © 2023, Oracle and/or its affiliates

Azure AD federációs példa

34 Copyright © 2023, Oracle and/or its affiliates

Landing Zone architektúra - IAM

35 Copyright © 2023, Oracle and/or its affiliates