About Me
Oracle Cloud Infrastructure 2021 Certified Architect Professional
1 Oracle Cloud Infrastructure (OCI) Architecture
1-1 OCI Overview
1-1 1 OCI Core Services
1-1 2 OCI Regions and Availability Domains
1-1 3 OCI Tenancy Structure
1-1 4 OCI Identity and Access Management (IAM)
1-1 5 OCI Networking
1-1 6 OCI Compute Services
1-1 7 OCI Storage Services
1-1 8 OCI Database Services
1-1 9 OCI Security Services
1-1 10 OCI Monitoring and Management
1-2 OCI Architecture Best Practices
1-2 1 Designing for High Availability
1-2 2 Designing for Disaster Recovery
1-2 3 Designing for Scalability
1-2 4 Designing for Security
1-2 5 Designing for Cost Optimization
1-2 6 Designing for Compliance
1-3 OCI Architecture Patterns
1-3 1 Multi-Tier Application Architecture
1-3 2 Microservices Architecture
1-3 3 Serverless Architecture
1-3 4 Hybrid Cloud Architecture
1-3 5 Data Lake Architecture
1-3 6 Big Data Architecture
1-3 7 Machine Learning Architecture
2 OCI Identity and Access Management (IAM)
2-1 IAM Overview
2-1 1 IAM Components
2-1 2 IAM Policies
2-1 3 IAM Groups and Users
2-1 4 IAM Dynamic Groups
2-1 5 IAM Federation
2-1 6 IAM Authentication and Authorization
2-2 IAM Best Practices
2-2 1 Least Privilege Principle
2-2 2 Role-Based Access Control (RBAC)
2-2 3 Multi-Factor Authentication (MFA)
2-2 4 IAM Policy Management
2-2 5 IAM Monitoring and Auditing
3 OCI Networking
3-1 Networking Overview
3-1 1 Virtual Cloud Networks (VCNs)
3-1 2 Subnets
3-1 3 Route Tables
3-1 4 Security Lists
3-1 5 Network Security Groups (NSGs)
3-1 6 Internet Gateways
3-1 7 NAT Gateways
3-1 8 Service Gateways
3-1 9 Dynamic Routing Gateways (DRGs)
3-1 10 FastConnect
3-1 11 Load Balancers
3-2 Networking Best Practices
3-2 1 Designing for Network Segmentation
3-2 2 Designing for Network Security
3-2 3 Designing for Network Performance
3-2 4 Designing for Network Scalability
3-2 5 Designing for Network Resilience
4 OCI Compute Services
4-1 Compute Services Overview
4-1 1 Compute Instances
4-1 2 Instance Pools
4-1 3 Autoscaling
4-1 4 Dedicated Virtual Machines (VMs)
4-1 5 Bare Metal Instances
4-1 6 Oracle Container Engine for Kubernetes (OKE)
4-1 7 Oracle Functions
4-1 8 Oracle Cloud Shell
4-2 Compute Services Best Practices
4-2 1 Designing for Compute Scalability
4-2 2 Designing for Compute Security
4-2 3 Designing for Compute Cost Optimization
4-2 4 Designing for Compute Resilience
4-2 5 Designing for Compute Performance
5 OCI Storage Services
5-1 Storage Services Overview
5-1 1 Block Volume
5-1 2 Object Storage
5-1 3 File Storage
5-1 4 Archive Storage
5-1 5 Data Transfer
5-1 6 Storage Gateway
5-2 Storage Services Best Practices
5-2 1 Designing for Storage Scalability
5-2 2 Designing for Storage Security
5-2 3 Designing for Storage Cost Optimization
5-2 4 Designing for Storage Resilience
5-2 5 Designing for Storage Performance
6 OCI Database Services
6-1 Database Services Overview
6-1 1 Autonomous Database
6-1 2 Oracle Database Cloud Service
6-1 3 MySQL Database Service
6-1 4 NoSQL Database
6-1 5 Exadata Cloud Service
6-2 Database Services Best Practices
6-2 1 Designing for Database Scalability
6-2 2 Designing for Database Security
6-2 3 Designing for Database Cost Optimization
6-2 4 Designing for Database Resilience
6-2 5 Designing for Database Performance
7 OCI Security Services
7-1 Security Services Overview
7-1 1 Key Management Service (KMS)
7-1 2 Vault
7-1 3 Web Application Firewall (WAF)
7-1 4 Cloud Guard
7-1 5 Vulnerability Scanning
7-1 6 Bastion Service
7-2 Security Services Best Practices
7-2 1 Designing for Data Encryption
7-2 2 Designing for Network Security
7-2 3 Designing for Identity and Access Management
7-2 4 Designing for Security Monitoring and Response
7-2 5 Designing for Compliance and Governance
8 OCI Monitoring and Management
8-1 Monitoring and Management Overview
8-1 1 Monitoring
8-1 2 Logging
8-1 3 Notifications
8-1 4 Events
8-1 5 Resource Manager
8-1 6 Service Connector Hub
8-1 7 Application Performance Monitoring (APM)
8-2 Monitoring and Management Best Practices
8-2 1 Designing for Monitoring and Alerting
8-2 2 Designing for Logging and Analytics
8-2 3 Designing for Automation and Orchestration
8-2 4 Designing for Performance Tuning
8-2 5 Designing for Cost Management
9 OCI Integration and API Management
9-1 Integration and API Management Overview
9-1 1 Oracle Integration Cloud (OIC)
9-1 2 API Gateway
9-1 3 API Management
9-1 4 Streaming
9-1 5 Notifications
9-2 Integration and API Management Best Practices
9-2 1 Designing for Integration Scalability
9-2 2 Designing for API Security
9-2 3 Designing for API Performance
9-2 4 Designing for API Governance
9-2 5 Designing for Event-Driven Architecture
10 OCI DevOps and Continuous Delivery
10-1 DevOps and Continuous Delivery Overview
10-1 1 Oracle Cloud DevOps
10-1 2 Oracle Cloud Build
10-1 3 Oracle Cloud Deploy
10-1 4 Oracle Cloud Pipelines
10-1 5 Oracle Cloud Artifacts
10-1 6 Oracle Cloud Code Repository
10-2 DevOps and Continuous Delivery Best Practices
10-2 1 Designing for Continuous Integration
10-2 2 Designing for Continuous Delivery
10-2 3 Designing for Infrastructure as Code (IaC)
10-2 4 Designing for Automated Testing
10-2 5 Designing for Release Management
11 OCI Governance and Compliance
11-1 Governance and Compliance Overview
11-1 1 Oracle Cloud Governance
11-1 2 Oracle Cloud Compliance
11-1 3 Oracle Cloud Policies
11-1 4 Oracle Cloud Tagging
11-1 5 Oracle Cloud Cost Management
11-2 Governance and Compliance Best Practices
11-2 1 Designing for Policy Enforcement
11-2 2 Designing for Resource Tagging
11-2 3 Designing for Cost Tracking
11-2 4 Designing for Audit and Compliance
11-2 5 Designing for Governance Automation
12 OCI Advanced Topics
12-1 Advanced Topics Overview
12-1 1 Oracle Cloud Native Services
12-1 2 Oracle Cloud AI and Machine Learning
12-1 3 Oracle Cloud Blockchain
12-1 4 Oracle Cloud IoT
12-1 5 Oracle Cloud Analytics
12-2 Advanced Topics Best Practices
12-2 1 Designing for Cloud Native Applications
12-2 2 Designing for AI and Machine Learning
12-2 3 Designing for Blockchain
12-2 4 Designing for IoT
12-2 5 Designing for Analytics
7-1-2 Vault Explained

7-1-2 Vault Explained

Key Concepts

1. Secrets Management

Secrets Management in Oracle Cloud Infrastructure (OCI) Vault involves securely storing and managing sensitive information such as API keys, database credentials, and encryption keys. OCI Vault provides a centralized and secure repository for these secrets, ensuring they are protected from unauthorized access.

Example: Think of secrets management as a secure vault in a bank. Just as a vault protects valuable items, OCI Vault safeguards sensitive information, ensuring it is only accessible to authorized personnel.

2. Key Management

Key Management refers to the secure generation, storage, and rotation of cryptographic keys used for data encryption and decryption. OCI Vault offers robust key management services, including the ability to create, import, and manage encryption keys. This ensures that keys are securely stored and can be easily rotated to maintain security.

Example: Consider key management as managing a set of master keys to unlock various locks in a building. Just as you need different keys for different locks, OCI Vault manages various cryptographic keys for different encryption needs, ensuring they are securely stored and rotated as needed.

3. Data Encryption

Data Encryption is the process of converting data into a secure format that cannot be easily understood by unauthorized users. OCI Vault integrates with other OCI services to provide encryption at rest and in transit. This ensures that data is protected from unauthorized access and meets compliance requirements.

Example: Think of data encryption as writing a secret message in code. Just as the message is unreadable without the decryption key, encrypted data is secure and can only be accessed with the correct cryptographic key.

4. Access Control

Access Control in OCI Vault involves defining who can access specific secrets and keys. OCI provides fine-grained access control mechanisms through Identity and Access Management (IAM) policies. These policies ensure that only authorized users and services can interact with sensitive information.

Example: Consider access control as a gated community. Only residents with the right keys can enter and access the community's facilities. Similarly, OCI Vault ensures that only authorized users and services can access sensitive information.

5. Audit and Monitoring

Audit and Monitoring involve tracking and recording activities related to secrets and keys to detect and respond to security incidents. OCI Vault provides comprehensive auditing tools that log user actions, system events, and policy violations. Continuous monitoring helps in identifying suspicious activities and taking corrective actions promptly.

Example: Think of audit and monitoring as surveillance cameras in a store. Just as cameras record every movement, OCI Vault records every activity related to secrets and keys, providing a trail that can be reviewed in case of any security breach.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.