ORACLE CLOUD INFRASTRUCTURE(OCI) FOR ABSOLUTE BEGINNER'S

CLOUD CONCEPTS 

Today, we will discuss about the Oracle cloud Concepts . Like all the Cloud Technologies, Oracle cloud which is called as OCI offers variety of services with better SLA's and performance.OCI is considered as most robust cloud technology because of its high security and high availability.

Lets discuss few cloud basic terms before jumping in to OCI Architecture.

On Demand self service -- In cloud, the services are provisioned automatically without human interaction with service provider.

Broad network access   -- The cloud services are accessed by broad network which follow standard mechanisms.

Resource pooling           -- In cloud, all the services of provider are pooled at one place and this are allocated to multiple customers on their requirement.

Rapid Elasticity             -- In cloud , services are scaled up and down automatically and sometimes without any impact to the running environment.

Measured Service          -- In cloud, the service provider measure the customers usage of all the services and the amount is billed based on usage.

IAAS                              -- Here the provider provides just storage ,networking ,server and virtualization i.e he provides just infrastructure and all the other like operating  system,database and applications should be configured or taken care by customer itself.

PAAS                           -- Here the provider provides all the services provided in IAAS and also operating system,middleware .

SAAS                          -- Here the provider provides all the serivces i.e end to end.

High Availability       -- High availability in cloud is making all the services available by avoiding single point of failure and configuring backup machines/services for each component in the cloud.

Disaster Recovery     -- In cloud,the disaster recovery is set of tools to recover the important services/technology to avoid loss of data.

RPO(Recovery point objective) AND RTO(Recovery time objective).

Fault Tolerance        -- Fault tolerance is the no of backup serivce available for each componenet in case of its failure to avoid single point of failure.

Scalibility                 -- Horizontal scaling(scale in and scale out), here the adding/removing same set of resources to the system.

Vertical scaling       -- (scale in and scale out),Here the adding/removing high set of resources to the system. 

CAPEX                   -- Capital expenditure is the amount of money spent by customer on buying the infrastructure.

OPEX                     -- Operational expenditure is the amount of money spent by customer for ongoing business.

Regions                   -- Region is a geographical area which has/consists of one or more Availability domains.

Availability domain    -- Availability domain  is one or more fault tolerant machine/setup which are separated by each i.e dont share any command hardware , but this availability domains are connected by low latency and high speed network...

Latency                -- Low latency means capability of processing of high amount of data with less delay. 

Fault tolerant      -- The backup hardware/components configured in regions to avoid single point of failure.


OCI ARCHITECTURE

OCI Architecure mainly consists of Regions, where each region is combination of maximum 3 Availability Domains(AD's). Each Availability Domain consists of 3 fault domains,whenever we try to create an instance or database, we will be asked to subscribe the region . The Region which is subscribed initially is called Home Region, OCI also gives feasibility to place your resources in other regions than Home Region, but we need to subscribe to the specific region before creating resources/Infrastructure and this subscription is billable.Once you select your region, then you need to select fault domain from available 3 fault domains, if dont select OCI by default select and allocates an FD. Avoiding single point of failure with fault domains can be done by configuring service in each fault domain of the availability domain and also a backup or DR kind of setup in another Availability domain.

OCI Provides 3 levels of redundancy i.e Redundancy at Fault Domain, Redundancy at Availability Domain and Redundancy at Region level, each have copy of the original data at their level.

OCI Charges extra for providing Redundancy at AD and Region Level.

From above diagram , we can see that there are 3 Availability Domains, each are separated from other and nothing is shared among them. But they are connected with low latency and high throughput network. We have Bastian Server in the AD1 which acts as jump server, this provides extra security by not allowing external connections to connect your cloud resources directly. To connect to an instance in a private subnet, you can first connect to the bastion host through a secure SSH (Secure Shell) tunnel. Then, from the bastion host, you can use SSH or other tools to connect to the target instance within the private subnet. Using a bastion host improves security by limiting direct access to instances within private subnets, and allows for better control and monitoring of remote access to these instances.OCI provides a managed Bastion service that simplifies the setup and configuration of a bastion host, eliminating the need to provision and manage your own bastion host instance.OCI provides software created network called Virtual Cloud Network in the subnet of the cloud . All the cloud resources will be created in this cloud network only. OCI Address space allocated range of i.ps to the resources in your Tenancy , so that each resource can be allocated separate i.p which will help in better control and management of OCI Resources. All the resources like server, database, load balancer , Network switch, Router interact with each other through private i.p , where as external connections use public i.p to connect to OCI Resources.

Compartment is the collection of resources so that isolation of resources can be done ,by granting access to the different users only they should have. Root compartment is the next level compartment which has all the cloud services,it is not recommended to follow root compartment when you want to isolate the services. compartment can be nested 6 times inside it.

Each resource belongs to only one compartment and we can delete/add resource to compartment .we can move resources from one compartment to other. Resources can interact with other resources in other compartments. Resources from multiple region can be in same compartment.


OCI COMPUTE SERVICES

Bare Metal Server        -- This is the complete hardware server assigned to the single customer without any virtualization , the customer should configure services like o.s,apps etc.

Dedicated Hosts           -- This is similar to bare metal server with virtual machine configured on it with just with added virtualization service .

Virtual Machine Hosts -- In this a number of virtual systems are created as guests on host environment and each vm can be assigned to each separate user with enough security and isolation.

Container Engine        -- In this, the many users are assigned their quota on the single system with predefined security policies. Container is a piece of software which executes only when  user started using it.

Functions                    -- In this, the user can write code in any language , the functions will compile and return you the result, this service is pay for the resources used during execution.

A Hypervisor is software that creates and runs virtual machines by separating a system's operating system and resources from the hardware to allocate to VMs.Bare metals are used in cases of performance is given priority, workloads that are not virtualized(i.e other front end apps designed opting out virtualization), workloads that required specific hypervisor and when you have your own license.

VMs can be useful when you want to control whole environment and also useful while migrating to cloud. But has the extra work of doing thinks manually like patching,scaling etc.

INSTANCE is a machine with cpu whose storage i.e boot volume and block volume which are placed far are connected. An virtual NIC is created in subnet of cloud for this instance and connections are taken through that virtual NIC. The advantage of using virtual NIC which is placed in cloud is ,as it provides private i.p,public i.p ,security with firewall.

Instances can be of GPU(Graphical processing unit) and HPC(High process compute) and instances are varied based on the ram,cpu and bandwidth.Autoscaling is the OCI feature which takes care of scaling up or scaling down the resources of the machine based on predefined conditions i.e adding instances to the already existing setup based on cpu usage,this will add point to high availability offering of cloud.


CONTAINERS vs VM's

1)The operating system on each VM along with operating system of host will become an buld load on the hardware sometimes leading to performance issues or hardware problems.

2)This has been overcome by using container where operating system is common for all users, but each user have their own applications and other setup which are strongly isolated from other  user.This is just like having mulitple users in your linux machine.

An orchestration tool is a software platform or framework that helps automate and manage the deployment, configuration, and coordination of complex distributed systems or  applications. Orchestration tools are commonly used in cloud computing environments, where applications and services are often composed of multiple components running on different machines or containers. In such environments, it can be challenging to manage the configuration, deployment, and scaling of these components manually. Orchestration tools help simplify these tasks by providing a centralized platform for managing these complex systems.

Some common orchestration tools include Kubernetes, Docker Swarm, Apache Mesos, and HashiCorp Nomad. These tools provide features such as automated scaling, load balancing, service discovery, and container management. They enable developers and operations teams to deploy and manage complex applications with ease, while improving scalability, reliability, and security. Oracle kubernate Engine is the open source orchestration tool which automates the configuration,management and operation of containers in oracle cloud. This oracle kubernate engine deals with pod which is the smallest component with which kubernate interacts. Each pod has multiple containers which share common storage ,o.s ,network and other setup.

We can automate the Orchestration activities using Terraform and Ansible programming languages.

OCI STORAGE SERVICES

There are different type of storage options in OCI based on persistivity,capacity,type of data,durability,connectivity and protocol. Block storage is something where data is stored in blocks and here storage is mounted as file system in the server. Commonly used block storage are SAN.

BLOCK STORAGE technology in OCI (Oracle Cloud Infrastructure) is a type of storage that provides persistent, high-performance, and low-latency block-level access to storage volumes. Block storage is ideal for applications that require fast, reliable access to data, such as databases, enterprise applications, and high-performance computing workloads. It offers a flexible and scalable solution for storing and accessing large amounts of data in the cloud.In OCI, block storage is provided as a service called "Block Volume". Block volumes can be attached to compute instances in the same availability domain (AD), allowing for high-speed block-level access. Block volumes support both standard and high-performance options, with different levels of IOPS and throughput to meet different workload requirements.Block volumes in OCI also support features such as point-in-time snapshots, encryption, replication, and automated backups, providing data protection and disaster recovery capabilities. They can be resized and moved between compute instances without any downtime, making it easy to scale and manage storage resources as needed.

Overall, block storage technology in OCI provides a reliable, scalable, and high-performance solution for storing and accessing data in the cloud.

3 tiers

basic--2 IOPS,24kbs/gb

balanced--60 IOPS,48kbps/gb

high--75 IOPS,60kbps/gb

You can setup 32 volumes each of size up 32tb of block volume service per instance.

Local NVME(Non volatile memory acess) is same as like block volume but here the storage is attached local to the instance. As a result, loss of node will result in loss of storage. Local nvme's are used for high performance.

File Storage Service in OCI (Oracle Cloud Infrastructure) is a managed cloud storage service that provides a fully managed Network File System (NFS) for storing and accessing files in the cloud.File Storage Service allows customers to create file systems that can be accessed by multiple compute instances across multiple availability domains (ADs) within a region, making it ideal for enterprise applications that require shared access to files. It provides POSIX-compliant file system access, allowing applications to read and write files as if they were stored on a local file system.

Some key features of File Storage Service in OCI include:

Elastic scalability: File systems can be scaled up or down as needed without any downtime.

High availability: File systems are replicated across multiple storage servers within an AD, providing high availability and durability.

Data protection: File systems can be backed up and restored, and support encryption at rest.

Security: File systems can be accessed over private networks or public internet with support for secure access using VCNs and security lists.

File Storage Service in OCI can be accessed using standard NFS protocols and is compatible with many popular applications and tools that require file system access. It also provides a REST API for programmatic access to file systems, making it easy to integrate with cloud-native applications and services.

OBJECT STORAGE in OCI (Oracle Cloud Infrastructure) is a highly scalable, fully managed cloud storage service that allows customers to store and manage unstructured data such as images, videos, documents, and logs. Object Storage is designed to provide a secure, durable, and highly available storage solution for large volumes of data. It supports a range of data access methods, including REST APIs, CLI, and SDKs for different programming languages.

Some key features of Object Storage in OCI include:

Scalability: Object Storage can store and manage unlimited amounts of data, allowing customers to scale up or down as needed.

Durability: Data stored in Object Storage is replicated across multiple availability domains (ADs) within a region, providing high durability and availability.

Security: Object Storage supports encryption at rest and in transit, and provides features such as access controls, WORM (Write Once Read Many), and IAM integration for secure access to data.

Cost-Effectiveness: Object Storage provides flexible pricing options based on usage, and includes features such as data lifecycle management and object versioning to help customers optimize costs.

Integration: Object Storage is compatible with a wide range of cloud-native and third-party applications and services, including data analytics, backup and recovery, and content management.

It is of 2 types i.e Hot tier and Cold tier

Hot tier which is also known as standard tier where data access is fast, instantaneous . Cold tier is also known as archive storage where the data access is not fast and frequent. This is used for long time storage of data. This is cheaper than standard and can be updgraded to standard object storage.


OCI NETWORKING SERVICES

VCN(virtual cloud network) is a software defined private network which is setup in OCI. The compute instances are configured inside the VCN only as it provides security and standard protocols for internode communication. VCN  is high scalable,available and secure. VCN address space is the range of i.p's assigned to the VCN , this i.p's are private which can be assigned to the network components inside the VCN . So the network components inside the VCN use private i.p address to interact .

The private i.p addresses assigned to the components inside the VCN are subnet of servers i.e their first 3 parts of private i.p matches with i.p of nodes/servers . By assigning the subnets to individual components in the environment , we can isolate the components from each other.

A Gateway is a piece of network controlled hardware which is single stop for all the connections between the client and machine .


Internet gateway is used to take connections between internet and web server. Here the bidirectional connectivity is done i.e internet connects to webserver to request data and webserver connects to internet to provide required through gateway.

NAT gateway is used for unidirectional connectivity,where only the server connects to the internet but the internet connection to the server is not allowed, this case is used when a server wants to download patches directly from internet but the server should not be pinged from internet to avoid bad reqeusts.

DRG(dynamic router gateway) which is used for connections between cloud and on premises database, DRG uses IPSEC VPN(connection used internet with encrption added on it) and fast connect(private,dedicated and secured).

Service gateway is used to connection between private subnet and public i.p(i.e object storage in OCI) ,here the node instead of using public i.p uses private i.p to connect to object storage without using internet , but travels through OCI private fabric. This gateway used for database backups which are placed in object storage.

Virtual cloud network is secured by applying a set of firewall rules at VCN level or at subnet level, this firewall rules are the conditions on which connections should be accepted from the internet and this rules also consists regarding conditions for inter host communication.

This set of rules combinely are called as NETWORK SECURITY GROUP.

Peering is the voluntary connection between two networks for information exchange.In OCI , there are 2 types of peering 1)Local peering and 2)Remote peering

Local peering is used to connect two VCN's residing in the same region 

Remote peering is used to connect two VCN's ,each of different region.

Load Balancer is used between client and machine to route the requests between the nodes of the server. It has high importance to maintaince high availability and also it has many responsibilites such as doing health check of the nodes,algorithm used to route the requests to the nodes and it gives advantages such as high availbility ,scalability and avoids complexity of i.p addresses of different nodes to the end user.

Public load balancer is a kind of load balancer which accepts the requests from end users and route it to nodes of the environment.

































































Location: Hyderabad, Telangana, India

Comments

Post a Comment

Popular posts from this blog

Oracle GoldenGate Microservices Architecture - 1

Image
Data Replication techniques has gained importance in the market with the need of maintaing production data in other databases like Postgre, Mysql etc.. to avoid heavy license fee charged by top rdbms providers like Oracle, Sql Server .Goldengate is one of the most famous and popular software which can be used for data replication between homogenous and hetrogenous databases.  GoldenGate supports two types of architectures : Classic Architecture Microservice Architecture CLASSIC ARCHITECTURE It is first architecture supported by the Goldengate when it was introduced 20 years ago. Goldengate Classic architecture drawn many advantages in the market when customers are facing problems when replicating data between heterogenous databases. Classic Architecture has below components: Manager - Is the master process running in the Goldengate which takes care of all other slave                 process like Extract, Datapump, Replicat and Collector....
Read more

All About Oracle Database Block

Image
  INITTrans  Whenever a DML transaction wants to modify a block , it should inform the block by sending 'interested to modify' message to the block .Technically speaking, a dml transaction will always send message to the block , that it is interested to modify the block . This message is stored in ITL slots ,which is preallocated in the block header. Transactions whose entry is there in this ITL slots can only modify the block.This ITL slots are controlled by INITRANS and MAXTRANS values, the inittrans controls the minimum number of slots that will be allocated in the block header. Honestly speaking, the number of ITL slots is equal to number of DML transactions that can happen parallely at one time. Each ITL slot occupies 24 bytes of space in the block. Inittrans values is 1 for table and 2 for index by default. MAXTrans Maxtrans is the maximum number of ITL slots that can be allocated in the block . When the block runs out of this ITL slots and there is enough free space in ...
Read more