In this blog we will explore some of the core cloud concepts & foundations knowledge of Oracle Cloud Infrastructure (OCI).
Core Cloud Concept
Here we will see some of the important cloud terminologies.
IaaS, PaaS & SaaS: Cloud Computing Service Models
Cloud Deployment Model:
- Fully Cloud – When every single resource is present on cloud.
- Hybrid – (Cloud + On-Premise) – Some apps on cloud & some on-prem. For example database is on-prem.
- Cross Cloud – Using multiple Cloud Service Providers. Like Azure + OCI
Scalability: Let say you have web-application and visitors are increasing and performing various operations, so it requires the more memory/computing power. Here comes the definition: Ability to increase of the capacity based on the demand.
- Case 1: You can add more memory, hard disk to existing machine i.e. Vertical Scaling. Scaling up/down.
- Case 2: You can add more machines/server. Horizontal scaling. Like distributed system . Scaling In/Out
Elasticity: Ability to automatically increase/decrease capacity based on demands in terms of Horizontal Scaling.
- Scaling Out – Adding more servers.
- Scaling In – Removing servers.
Auto-scaling configuration rules for the instances can Out/In depending upon the traffic or computing power.
Cloud Agility: Ability of rapid provisioning of cloud resources. How fast you can launch, develop & test the service in cloud.
Fault Tolerance: Ability of system to continue operations without interruption when its component fail. Like if one of the database for down you can switch to standby database to avoid interruptions.
High Availability: Operating continuous without interruptions. Full time availability for systems & applications. i.e. No single point of failure.
High Durability: Ability to recover from disaster i.e. (DR) Disaster Recovery.
- Recovery Point Objective – Tolerable data loss
- Recovery Time Objective – Tolerable down time after disaster
Capex vs Opex: If you are operating the business on-prem, then your capital expenditure (capex) is more, as you have to pay for infrastructure, environments, maintenance etc.
If you go for cloud then you have pay-as-you–go model so the operational expenditure (opex) is very less than capex. i.e. reduced TCO (total cost ownership).
Pay-as-you-go: Consumption based pricing. Pay only how much you consume.
Region: Distinct geographical location. Region can have one or more Availability Domains (AD). Fault tolerant Data centers isolated to each other, but connected to each other by a low latency, high bandwidth network. Types of region:
- Commercial Region
- Government Region
- Microsoft Azure Connect
Availability Domains (AD): Nothing but a physical data center in region.
Fault Domains (FD): Grouping of the hardware within AD to avoid single point of failure. Its like logical data center. Each AD has 3 FDs.
To avoid single point of failure, better to to replicate the application in different FD or AD.
Compartment: Collection of related resources in account. Helps to isolate and control access for OCI resources.
- Tenancy or root compartment – main compartment for an account
- Resources belong to single compartment, can interact with others.
- User can add/delete resources/compartment from account.
- User can move resources from one compartment to another.
- Compartments can be nested up-to 6 levels.
- User can group resources from different region in same compartment.
When you sign up for the Oracle Cloud you have to select home region, it is not changeable after tenancy is provisioned. User can subscribe for other region.
Core OCI Services
- Bare Metal: Server without any hypervisor. User have access to the h/w like processor/ memory resources of server. Best suited for:
- When virtualization is not required
- Or when user want their own hypervisor installed.
- BYOL – Kind of work. If user has own licenses.
- Dedicated Virtual Host: Bare Metal + Hypervisor. Single tenant server. User can run multiple VMs Instance. Greater security & performance. User have no control over Hypervisor.
- Virtual Machines (VM): Multi tenant server running a hypervisor later. Guest on Host server. Choose your OS virtual image & launch instance. Here you are sharing the cost with others.
- Containers Engine: User can run containers using Docker. Oracle K8S Engine.
- Functions: Server-less Compute. User just want to run a code. Consumption based billing.
- Data is highly durable & persistent here
- Remote storage for compute instances
- Two types:
- Boot Volume – Instance boot using this volume. Directly accessed by the OS.
- Block Volume – For Data.
- As it is separated from the instance. So data resides independently.
- Data replicated in multiple FDs, hence highly durable.
- Use Cases: Instance Storage, Boot Storage, Database
Block Volume Backup – in an automated way user can backup the block volume as object in object storage & later restore it.
- Basic Tier – (Streaming, Log Processing, Data warehouse) User have to read a lot of data.
- Balanced – Suited for Transaction Systems
- Higher Performance – Critical databases.
Volumes can be 50 GB to 32 TB. 32 volumes/instance.
Local NVMe: Non-Volatile Memory Express
- Millions of IOPS.
- Block based storage service, locally attached to compute instance.
- Non-persistent memory, but it can survives reboot.
- Use Case: In Memory Db, NoSQL, Data Warehousing
- No Backup capability provided for NVMe.
File Storage: Distributed File System. File standard – NFS (Network File System) & SMB (Server Message Block)
- Highly durable & persistent
- Supported by many OS like Windows & Unix
- Access over the network
- Snapshot of files – like backup. You can restore file.
- Data replicated in multiple FDs, hence highly durable.
- Data stored as object regardless of content.
- Best suited for unstructured data.
- Not tied to any compute service.
- Data stored in bucket without any folder hierarchy like NFS.
- Object is composed of object & its metadata
- High Scalability & Durable. Stores replica in multi AD.
- Access data using HTTP.
- Standard – Frequent Data access. Can’t be downgraded to archive.
- Archive – Non-Frequent Data. Cheaper. 90 days min retention. Can’t be downgraded to standard.
Virtual Cloud Network (VNC): Logically isolated section within the OCI where you can launch resources.
Subnets: Logical partition of network into multiple smaller network. Resources launched in subnets. Each resources will get its own IP address . So that they can isolate & secured. There are Private & Public Subnets.
- CIDR Range: 10.0.0.0.0 /24= 256 IP Addresses (For Subnets)
- Refer What is CIDR? blog for more information
- Internet Gateway: Provide a path for network traffic between your VCN & internet. Bi-directional traffic. Public subnets resources can access the internet through this gateway.
- Network Address Translation (NAT) Gateway: Resources in private subnet reach out to internet using NAT gateway. Secured way access internet. Only outbound traffic.
- Dynamic Routing Gateway (DRG): Virtual Router. Path for private traffic b/w VCN & Outside network (other than internet).
- Fast Connect: Dedicated, private secure connection to your on-prem to OCI.
- IPSec VPN: Secure connection to your on-prem to OCI. Through internet.
- Service Gateway: Secure tunnel that keeps within OCI Network. If some internal resource need to connect. Like bucket.
VCN Peering: Network connection b/w VNCs.
- Local VCN Peering – Same region
- Remote VCN Peering – Different region
- Firewall rules associated with the subnet & applied to all resources inside the subnet.
- Security List – Associated with subnets
- Network Security Group – Apply at VNIC
- VM DB System Managed database, block storage, fast provisioning
- Bare Metal DB – Systems – Local Storage. Fast Performance
- RAC – application Cluster. Managed HA
- Exadata DB System. Suited for high performance loads.
- Autonomous DB – Self driving, CPU Storage Scaling. Refer Oracle Autonomous Database blog for more details.
Identity & Access Management:
Users belongs to Groups. Groups at least one policy with permissions to tenancy or compartment. So that user can access resources.
User enforces security principle of least privilege. Everything denied by default.
- Instance Principle – Resources make API calls other OCI service.
- Authentication: User Name Password, API Signing Key & Auth Token.
- Authorization : Policies can be attached to compartment/tenancy.
Happy Learning! Your feedback would be appreciated!Follow @shobhitsinghIN