Oracle Cloud Infrastructure

Operations Professional
Workshop

Student Guide
D1102591GC10

Learn more from Oracle University at education.oracle.com

Copyright © 2022, Oracle and/or its affiliates.

Disclaimer

This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle
training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy,
print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle.

The information contained in this document is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

Restricted Rights Notice

If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications
of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial
computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release,
display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded,
installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations
specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No
other rights are granted to the U.S. Government.

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC
International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

Third-Party Content, Products, and Services Disclaimer

This documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation
and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable
agreement between you and Oracle.

1006302022
 Table of Contents
Module 1: Introduction 21
Operations Professional Course Overview 22
Overview: Course Big Picture 23
Module 1: Interacting with OCI 24
Module 2: Resource & Configuration Management 25
Module 3: Common Operational Activities 26
Module 4: Troubleshooting 27
Module 5: Identity & Access Management 28
Module 6: Security Services 29
Module 7: Observability & Management 30
Module 8: Billing & Cost Management 31
Module 9: Governance & Administration 32
Interacting with OCI - The Console, CLI, SDK, and REST API 33
Interacting with OCI 34
REST API 35
Cloud Console 37
Command Line Interface (CLI) 39
Software Development Kit (SDK) 41
OCI CLI Authentication - API Keys, Security Tokens, Instance Principles, and more 43
Recall 44
Authentication 45
API Key 48
Security Token 49
Instance and Resource Principles 51
Cloud Shell 52
OCI CLI Syntax 54
Recall 55
 Syntax 57
Example 62
Option Types 67
Generating Examples 68
Advanced Examples 69
Module 2: Resource and Configuration Management 70
Resource and Configuration Management 71
Overview: Course Big Picture 72
Module 2: Resource & Configuration Management 73
Infrastructure as Code 74
Terraform 75
Configuration Management 76
Ansible 77
Terraform and Ansible 78
Ansible Versus Terraform 79
Configuration Management 84
Configuration Management: Overview 85
Harnessing the Power of DevOps 86
What is Configuration Management? 87
Why use Configuration Management? 88
CM: Life Cycle and Roadmap 89
Configuration Management and DevOps Pipelines 90
OCI Configuration Management Tools 91
Configuration Management: Benefits 92
Ansible with OCI 93
OCI Ansible Collection 94
Prerequisites for Using Ansible with OCI 95
OCI Ansible Modules 96
Using Ansible Playbooks: Example 97
Oracle Cloud Infrastructure Operations Professional Workshop 4
 Common Errors in Ansible 98
Ansible on OCI: Run a Simple Test 99
Ansible on OCI: Command Output 100
Creating Host Files and Working with Inventory 101
Demo of Ansible in OCI 102
Introduction to Terraform 103
Terraform: Overview 104
What is Terraform? 105
Terraform Workflow 108
Quick Demo 109
Advantages 110
Terraform CLI 111
> terraform apply 113
> terraform refresh 114
> terraform plan 115
> terraform destroy 116
Quick Demo 117
Providers 118
Recall… 119
Providers 122
Quick Demo 125
Terraform Language 126
Terraform Language: Overview 127
Example Configuration 128
Quick Demo 136
Modules 137
Registry 141
Quick Demo 142
For more on the Terraform language, see HashiCorp 143
Oracle Cloud Infrastructure Operations Professional Workshop 5
 OCI Resource Manager Basics 144
Local Terraform: Drawbacks 145
Configuration Version Control 148
Cloud-based Terraform 158
Resource Manager 160
Syncing Resource Manager and Infrastructure 173
Resource Manager: Recall 174
Resource Discovery 175
Drift Detection 177
Encapsulating Terraform 180
Terraform and Resource Manager: Recall 181
Recall 185
Templates 186
Schema Documents 187
Module 3: Common Operational Activities 190
OCI Compute Operations 191
Objectives 192
Why Custom Images? 193
Best Practice for Instance 194
Managing Custom Images 195
Custom Image With Userdata 196
DR Considerations 197
Importing/Exporting Images 198
Summary 199
Oracle Cloud Infrastructure Troubleshooting 200
Objectives 201
SSH Connection 202
Instance Console Connections 203
User Data Execution 204
Oracle Cloud Infrastructure Operations Professional Workshop 6
 Troubleshooting Performance 205
Summary 206
OS Management with Oracle Cloud Infrastructure 207
Objectives 208
Introducing OS Management Service 209
OS Management Service 210
Why OS Management Service? 211
OS Management for Oracle Linux 212
Enterprise-Class Oracle Linux Support 213
Getting Started - OS Management Service for Oracle Linux 214
OS Management Service – Instance Details 215
Instance – Available Package Updates 216
Instance – Software Sources 217
Create Managed Instance Group – Fleet Management 218
Common Vulnerabilities and Exposures 219
Scheduled Jobs 220
OS Management – Metrics and Alarms 221
OS Management for Windows 222
OS Management Service for Windows Server Instances 223
Available Windows Server Updates 224
Summary 225
Load Balancer 226
Objectives 227
Primer 228
OCI Load Balancing Service 229
Concepts – Load Balancer 230
Dynamic Load Balancing Shapes 231
Policies, Health Checks 232
Load Balancing Policies 233
Oracle Cloud Infrastructure Operations Professional Workshop 7
 Health Check 234
Load Balancing Request Routing 236
Load Balancing SSL Certificates 238
Configuring SSL Handling 239
Load Balancing Metrics 240
Summary 241
Oracle Cloud Infrastructure Traffic Management and Health Checks 242
Objectives 243
OCI Traffic Management 244
Traffic Management 245
When Should I Use DNS Traffic Management? 246
Traffic Management Steering Policies 247
OCI Health Checks 248
Health Checks 249
Health Checks Service Components 250
Summary 251
Oracle Cloud Infrastructure Storage Operations (Part 1) 252
Objectives 253
Block Volume Backup 254
Backup and Restoration 255
Cloning Operation 256
Volume Groups 257
Shared Multi-Attach 258
Block Volume Performance 259
Summary 262
Oracle Cloud Infrastructure Storage Operations (Part 2) 263
Objectives 264
Managing File Systems 265
Utilization 266
Oracle Cloud Infrastructure Operations Professional Workshop 8
 Export Options 267
File Storage Performance 269
Summary 271
Oracle Cloud Infrastructure Storage Operations (Part 3) 272
Objectives 273
Object Storage Operations 274
Managing Buckets and Objects 275
Object Lifecycle Management 276
Managing Multipart Uploads 277
Object Storage Replication 278
Object Storage Versioning 279
Object Storage Security 280
Summary 281
Module 4: Troubleshooting and Disaster Recovery 282
Troubleshooting OCI Networking Services 283
Objectives 284
IPSec connection testing 285
FastConnect Redundant Connections 286
Health Check 287
Load Balancer Health Status 288
Summary 289
Troubleshooting OCI Block Volume Service 290
Objectives 291
Block Storage Backup Copy – Common Errors 292
Block Storage Recovery steps 293
Block Storage Multi-Attach 294
Block Storage Volume Resize 295
NVMe Device Fail 296
Summary 297
Oracle Cloud Infrastructure Operations Professional Workshop 9
 Troubleshooting OCI File Storage Service 298
Objectives 299
OCI File Storage Troubleshooting 300
Unable to Mount a File System to Access Data 301
Cannot Attach Multiple File Systems to a Mount Target Due to a Path Conflict 302
Deleting Orphaned Mount Target 303
Summary 304
Module 5: Identity and Access Management 305
Introduction - Identity and Access Management 306
What is OCI IAM? 307
OCI Identity Concepts 308
Resources 310
How to identify an OCI resource? 311
Oracle Cloud ID (OCID) 312
ExampleOCIDs 313
AuthN 314
Principals 315
AuthN 316
AuthZ 319
AuthZ 320
Subjects Clause 321
Subjects Clause – Identity Domain 322
Actions Clause 323
Common Policies 325
Common Policies 326
Compartments 327
Compartment 328
Resource Compartments 329
Compartments Access 330
Oracle Cloud Infrastructure Operations Professional Workshop 10
 Interaction of Resources 331
Movement of Resources 332
Multiple Regions 333
Nested Compartments 334
Set Quotas and Budgets on Compartments 335
Policy Inheritance and Attachment 336
Policy Inheritance 337
Policy Attachment 339
Conditional Policies 341
Conditional Policies 342
Conditions 343
Examples 345
Tag Based Access Control 346
Tag-based Access Control 347
Example 350
Dynamic Groups 351
Terms 352
Resource Principals Patterns 353
Infrastructure Principals 354
Stacked Principals 355
Ephemeral Principals 356
Dynamic Groups 357
Dynamic Groups 358
Policies 359
Federation 360
General Concepts 361
Federation 362
User Groups Mapping: Example 363
User types 364
Oracle Cloud Infrastructure Operations Professional Workshop 11
 Federating with Identity Providers 366
Identity Domains 367
Identity Domains 368
Identity Domain Use Cases 369
Identity Domain Types 370
Module 6: Security Services 375
Security Design and Controls 376
Platform Security 377
Physical Security: Data Center Site 379
Physical Security Inside Data Center 380
Operational Security 381
Secure Connectivity 383
Data and Application Protection 386
Culture of Trust and Compliance 390
What is Cloud Security Posture Management? 391
Problem with Cloud Security 392
Cloud Security Posture Management (CSPM) capabilities 393
DevSecOps 394
Cloud Security Posture Management Outcomes 395
Cloud Security Posture Management Benefits 396
Enable Cloud Guard 397
Enabling Cloud Guard 398
Typical Security Roles with Cloud Guard 400
Cloud Guard Concepts 401
Cloud Guard: Overview 402
Cloud Guard Concepts: Targets and Detectors 403
Cloud Guard Concepts: Detector Rules and Recipes 404
Cloud Guard Concepts: Problems and Responders 405
Cloud Guard Concepts: Responder Rules and Recipes 406
Oracle Cloud Infrastructure Operations Professional Workshop 12
Cloud Guard Problems 407
Scenario: Public Bucket 408
Cloud Guard Concepts: Problems 409
Processing Reported Problems 410
Processing Reported Problems 411
Cloud Guard – Manage Detector Recipes 412
Detector Rules and Recipes 413
Configuration Detector Rules (Oracle-Managed) 414
Activity Detector Rules (Oracle-managed) 415
Compartment Inheritance 416
Cloud Guard Responder Recipes 417
Managing Responder Recipes 418
Managed Lists 420
Cloud Guard Notifications 422
Cloud Guard Notifications 423
Integration with Events and Notification Services 424
Security Zones and Security Advisor 425
Security Zones 426
Security Zone Concepts 428
Security Zone Policies 429
Security Advisor 430
Encryption Basics 431
Encryption Basics 432
Encryption at rest and in-transit 433
Symmetric Encryption 434
Asymmetric Encryption 435
Encryption Concepts 436
Hardware Security Module (HSM) 437
Vault Introduction 438
Oracle Cloud Infrastructure Operations Professional Workshop 13
 OCI Vault 439
Vaults 440
Keys 441
Master and Data Encryption Keys 442
Master Encryption Keys: Protection Modes 443
Wrapping Keys 444
Rotating Keys 445
Import and Export Keys 446
Cryptographic and Management Endpoints 447
Crypto Operations 449
Importing Keys or Key Versions 450
Exporting Keys or Key Versions 451
OCI Services Integration with Vault 452
OCI Services Integration with Vault 453
Encryption Using Oracle-Managed Keys 454
Encryption Using Customer-Managed Keys 455
OCI Object Storage Integration with Vault 456
Back up and Replicate Vaults and Keys 457
Backing Up Vaults and Keys 458
Restoring Vaults and Keys 460
Cross-Region Replication 461
Secrets 462
What’s a Secret? 463
Secrets 464
Secrets Rules 466
Bastion 467
Objectives 468
OCI Bastion 469
Key Features 470
Oracle Cloud Infrastructure Operations Professional Workshop 14
 Use Cases Supported by OCI Bastion 471
Bastion Works with Different Networking Architectures 472
Summary 473
Demo Bastion 474
Securing Applications in the Cloud 475
Objectives 476
Multiple Layers of Defense 477
Web Application Firewall 478
OCI Web Application Firewall 479
OCI WAF Architecture 480
WAF Point of Presences (PoPs) 481
OCI WAF Use Cases 482
OWASP Rules in OCI WAF 483
WAF Service Components 484
Origin Management 485
Protection Rules 486
Access Control 487
Bot Management 488
Caching Rules 489
Threat Intelligence 490
Shared Responsibility Model for WAF 491
Benefits of Oracle Cloud Infrastructure WAF 492
Required IAM Policies 493
Getting Started with WAF - Prerequisites 494
Getting Started with WAF - Workflow 495
Summary 496
Securing Applications in the Cloud: Demo - Creating a WAF Policy 497
Securing Applications in the Cloud: Demo - Enabling protection rules and protect from XSS Attack 498
Securing Applications in the Cloud: Demo - Creating a WAF Bot Management 499
Oracle Cloud Infrastructure Operations Professional Workshop 15
 Securing Applications in the Cloud: Demo - Creating a WAF Access Control 500
Vulnerability Scanning: Oracle Cloud Infrastructure Security 501
Vulnerability Scanning 502
Vulnerability Sources 503
Setting up Vulnerability Scanning service 504
Introducing Observability and Management Services 505
Observability and Management: Key Benefits 506
OCI: Key Services 507
Use Case: Observability and Management in DevOps 508
Module 7: Observability and Management 509
Monitoring Service ~ Getting Started 510
OCI Monitoring Service: Overview 511
Monitoring Capabilities 512
Monitoring Service Workflow 513
Summary 514
Key Concepts 515
Metrics 516
Intervals and Resolutions 517
Statistics 518
Alarms 519
Metric Query Components 520
Summary 521
Notifications Service 522
Notifications Service Overview 523
Notifications Service: Creating a Topic 524
Rule Action Type: Notifications 525
Access and Limits 526
Ways to Access Monitoring 527
IAM Policies for Access 528
Oracle Cloud Infrastructure Operations Professional Workshop 16
 IAM Policies with Restricted Access 529
Limits of Monitoring Service 530
Summary 531
Service Metrics 532
Service Metrics: Compute 533
Service Metrics: Storage 534
Service Metrics: Networks 535
Summary 536
Metric Queries 537
Building Metric Queries 538
Sample Queries 539
Nested Queries 540
Summary 541
Managing Alarms 542
Alarms Workflow 543
Best Practices 544
Summary 545
Logging Service: Overview 546
OCI Logging Service 547
Types of Logs 548
Service Flow 549
Fundamental Concepts 550
Log Groups 551
Logging Concepts 552
Access, Search, and Explore Logs 553
IAM Policies 554
Searching Logs 555
Viewing Log Events 556
Searching Logs with Queries 557
Oracle Cloud Infrastructure Operations Professional Workshop 17
 Log Search 558
Logging Query Specification 559
Log Streams 560
Fields 561
Data Types 562
Tabular Operators 563
Scalar Operators 564
Module 8: Billing and Cost Management 565
Manage Cost with Budgets and Budget Alerts 566
Overview: Course Big Picture 567
Module 8: Billing & Cost Management 568
Budgets 569
Understand Cost with Cost Analysis 573
Module 8: Billing & Cost Management 574
Cost Analysis 575
Calculate and Optimize Cost: Compute 591
Compute Pricing 592
Scaling 608
Autoscaling 609
Calculate and Optimize Cost: Block Storage 618
Block Storage Cost 619
Volume Performance Units (VPUs) 624
Auto-tuning 627
Calculate and Optimize Cost: File Storage 629
File Storage Cost 630
Calculate and Optimize Cost: Object Storage 646
Object Storage Tiers 647
Object Storage Costs 648
Optimize Cost: Object Storage 658
Oracle Cloud Infrastructure Operations Professional Workshop 18
 Life Cycle Management 659
Auto-Tiering 664
Calculate and Optimize Cost: Networking 667
Ingress & Egress Cost 668
VPN Connect vs FastConnect Pricing 670
FastConnect Pricing 671
Software Licensing on OCI 672
Licensing Models 673
Licensing Mobility through Software Assurance 680
Module 9: Governance and Administration 682
Governance & Administration 683
View and Manage Service Limits 684
Service Limit 685
View Service Limits and Usage 686
When You Reach a Service Limit 687
Demo 688
Request a Service Limit Increase 689
Governance & Administration 690
Set Resource Caps with Quotas 691
Compartment Quotas 692
Types of Quota Policy Statements 693
Demo 694
Create a Quota Policy 695
Cloud Advisor 696
In this Lesson… 697
What Is Cloud Advisor? 698
How Cloud Advisor Works 699
Benefits of Using Cloud Advisor 700
Recommendation Categories & Statuses 701
Oracle Cloud Infrastructure Operations Professional Workshop 19
 Cloud Advisor Calculations 702
High Availability Recommendation Calculations 703
Performance Recommendation Calculations 704
Cost Management Recommendations 705
Recommendation Profiles 706
Recommendation Profile: Load Balancers 707
Recommendation Profile: Compute Instances 708
Organization Management 709
Organization Management: Overview 710
Why choose multitenancy approach? 711
Manage Multitenancy 712
Cost Reporting Integration 713

Oracle Cloud Infrastructure Operations Professional Workshop 20