Ops BLOG

This BLOG focuses on "hands on approach" around AWS, OCI Oracle Cloud Infrastructure, Dev/Ops, MicroServices, OKTA, Oracle Fusion Middleware, Oracle Service Bus, Oracle AIA, Oracle SOA Suite, Oracle SOA Cloud/Developer Cloud, Oracle Identity Management including OID, OAM, OIM, OSSO, Oracle Big Data, WLST Scripts and Oracle Edifecs B2B Engine for HIPAA/HL7/X12/EDIFACT EDI., Kafka, Spark, Spring Boot, DevOps, AWS, GCP and Oracle Cloud

Thursday, March 14, 2024

OCI Knowledge Series: OCI Infrastructure components

Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of applications in a highly available, secure, and scalable environment. Below are the various components of OCI infrastructure:

These are some of the key components of the Oracle Cloud Infrastructure (OCI) that enable you to build and manage your cloud infrastructure and application

1. Regions: A region is a localized geographic area composed of one or more availability domains. Regions are isolated from each other, and they are independent of each other in terms of fault tolerance and availability. Each region contains multiple data centers called availability domains. 2. Availability Domains (AD): An availability domain is a standalone, independent data center within a region. Availability domains are isolated from each other, with their own power, cooling, and networking infrastructure. This isolation enhances fault tolerance and availability. OCI services deployed within a region are designed to be resilient to failures within an availability domain. 3. Virtual Cloud Network (VCN): A VCN is a customizable, private network within OCI where you can launch your compute instances, block storage, and other resources. It is logically isolated from other virtual networks in the OCI environment, providing you with control over your network settings, such as IP addressing, route tables, and gateways. 4. Subnets: Subnets are subdivisions of a VCN and represent segmented portions of your network. You can divide a VCN into one or more subnets to host different types of resources. Subnets can be public or private, depending on whether they have internet connectivity. 5. Compute Instances: Compute instances, also known as virtual machines (VMs), are virtualized computing environments where you can run your applications. OCI offers various types of compute instances, including generalpurpose, highperformance, and GPU instances, suited for different workload requirements. 6. Block Storage: OCI provides block storage services for storing persistent data. Block volumes can be attached to compute instances as additional disks to provide scalable and highperformance storage. 7. Object Storage: OCI Object Storage is a highly scalable and durable storage service for storing unstructured data, such as documents, images, and videos. It provides a costeffective solution for storing and retrieving large amounts of data. 8. Networking Services: OCI offers a variety of networking services, including load balancers, DNS, VPN, and FastConnect, to enable secure and efficient communication between resources within your VCN and with external networks. 9. Database Services: OCI provides fully managed database services, including Oracle Autonomous Database, MySQL, and NoSQL Database, to support different types of database workloads. 10. Identity and Access Management (IAM): IAM is a centralized service for managing user access and permissions in OCI. It enables you to define and enforce security policies, roles, and permissions to control who can access which resources and perform specific actions. 11. Security Services: OCI offers a range of security services, such as Web Application Firewall (WAF), Key Management, and Security Zones, to protect your applications and data from security threats. 12. Monitoring and Management Tools: OCI provides monitoring, logging, and management tools, including OCI Monitoring, Logging, and Resource Manager, to help you monitor, troubleshoot, and manage your resources effectively. These are some of the key components of the Oracle Cloud Infrastructure (OCI) that enable you to build and manage your cloud infrastructure and application

OCI (Oracle Cloud Infrastructure) SDK to provision VCN, Subnet and establish VPN connectivity

Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) is the networking layer of the Oracle Cloud Infrastructure, equivalent to the Virtual Private Cloud (VPC) in other cloud providers. A VCN allows you to set up a customizable and private network in Oracle’s cloud. You can control the VCN’s IP address range, create subnets, and configure route tables and gateways to manage traffic within or outside the VCN.

Private and Isolated Network: A VCN provides an isolated network within the Oracle Cloud Infrastructure.
Customizable: You can set the IP CIDR block, create subnets, and use Network Security Groups or Security Lists to control inbound and outbound traffic.
Route Tables: Define how the traffic is routed within your VCN or to the internet.
Internet Gateway: Allows traffic to flow between your VCN and the internet.
NAT Gateway: Allows instances in a private subnet to initiate outbound connections to the internet without exposing their IP addresses.
VPN Gateway: For secure, encrypted communication between your on-premise network and your VCN.
Load Balancer: Distributes incoming traffic across multiple targets to ensure high availability.
Service Gateway: Provides a path for private traffic between your VCN and supported Oracle services.

This code snippet creates a VCN, subnet, security list, and VPN using the OCI Java SDK, utilizing the Identity service client and the respective create methods. Make sure to handle exceptions appropriately in your production code.

Make sure to replace "your_compartment_id", "YourVCN", "YourSubnet", "YourSecurityList", and "YourVPN" with appropriate values for your Oracle Cloud tenancy, Virtual Cloud Network (VCN), subnet, security list, and VPN display names respectively.

Ensure that your OCI configuration file (typically found at ~/.oci/config) is properly configured with your user credentials and the correct region.

import com.oracle.bmc.identity.IdentityClient;

import com.oracle.bmc.identity.model.CreateVpnDetails;

import com.oracle.bmc.identity.model.CreateSubnetDetails;

import com.oracle.bmc.identity.model.CreateSecurityListDetails;

import com.oracle.bmc.identity.model.CreateSecurityRuleDetails;

import com.oracle.bmc.identity.requests.CreateVpnRequest;

import com.oracle.bmc.identity.requests.CreateSubnetRequest;

import com.oracle.bmc.identity.requests.CreateSecurityListRequest;

import com.oracle.bmc.identity.responses.CreateVpnResponse;

import com.oracle.bmc.identity.responses.CreateSubnetResponse;

import com.oracle.bmc.identity.responses.CreateSecurityListResponse;

import com.oracle.bmc.Region;

import com.oracle.bmc.auth.AuthenticationDetailsProvider;

import com.oracle.bmc.auth.ConfigFileAuthenticationDetailsProvider;

import com.oracle.bmc.model.BmcException;

import java.util.Collections;

public class InfrastructureProvisioning {

public static void main(String[] args) {

String compartmentId = "your_compartment_id";

String vcnDisplayName = "YourVCN";

String subnetDisplayName = "YourSubnet";

String securityListDisplayName = "YourSecurityList";

String vpnDisplayName = "YourVPN";

// Path to your OCI configuration file

String configurationFilePath = "~/.oci/config";

// Get the authentication details from the OCI configuration file

AuthenticationDetailsProvider provider =

new ConfigFileAuthenticationDetailsProvider(configurationFilePath, "DEFAULT");

IdentityClient identityClient = new IdentityClient(provider);

identityClient.setRegion(Region.US_PHOENIX_1); // Change to appropriate region

try {

// Create VCN

CreateVcnDetails createVcnDetails = CreateVcnDetails.builder()

.cidrBlock("10.0.0.0/16")

.compartmentId(compartmentId)

.displayName(vcnDisplayName)

.build();

CreateVcnRequest createVcnRequest = CreateVcnRequest.builder()

.createVcnDetails(createVcnDetails)

.build();

Vcn vcn = identityClient.createVcn(createVcnRequest).getVcn();

// Create Subnet

CreateSubnetDetails createSubnetDetails = CreateSubnetDetails.builder()

.cidrBlock("10.0.0.0/24")

.compartmentId(compartmentId)

.displayName(subnetDisplayName)

.vcnId(vcn.getId())

.build();

CreateSubnetRequest createSubnetRequest = CreateSubnetRequest.builder()

.createSubnetDetails(createSubnetDetails)

.build();

Subnet subnet = identityClient.createSubnet(createSubnetRequest).getSubnet();

// Create Security List

CreateSecurityRuleDetails createSecurityRuleDetails = CreateSecurityRuleDetails.builder()

.direction(CreateSecurityRuleDetails.Direction.Egress)

.destination("0.0.0.0/0")

.protocol("all")

.build();

CreateSecurityListDetails createSecurityListDetails = CreateSecurityListDetails.builder()

.compartmentId(compartmentId)

.displayName(securityListDisplayName)

.egressSecurityRules(Collections.singletonList(createSecurityRuleDetails))

.ingressSecurityRules(Collections.singletonList(createSecurityRuleDetails))

.vcnId(vcn.getId())

.build();

CreateSecurityListRequest createSecurityListRequest = CreateSecurityListRequest.builder()

.createSecurityListDetails(createSecurityListDetails)

.build();

SecurityList securityList = identityClient.createSecurityList(createSecurityListRequest).getSecurityList();

// Create VPN

CreateVpnDetails createVpnDetails = CreateVpnDetails.builder()

.compartmentId(compartmentId)

.displayName(vpnDisplayName)

.vcnId(vcn.getId())

.build();

CreateVpnRequest createVpnRequest = CreateVpnRequest.builder()

.createVpnDetails(createVpnDetails)

.build();

Vpn vpn = identityClient.createVpn(createVpnRequest).getVpn();

System.out.println("VPN Created: " + vpn.getId());

System.out.println("Subnet Created: " + subnet.getId());

System.out.println("Security List Created: " + securityList.getId());

} catch (BmcException e) {

System.out.println("Error: " + e.getMessage());

} finally {

identityClient.close();

}