About Me
Oracle Cloud Infrastructure 2021 Certified Architect Professional
1 Oracle Cloud Infrastructure (OCI) Architecture
1-1 OCI Overview
1-1 1 OCI Core Services
1-1 2 OCI Regions and Availability Domains
1-1 3 OCI Tenancy Structure
1-1 4 OCI Identity and Access Management (IAM)
1-1 5 OCI Networking
1-1 6 OCI Compute Services
1-1 7 OCI Storage Services
1-1 8 OCI Database Services
1-1 9 OCI Security Services
1-1 10 OCI Monitoring and Management
1-2 OCI Architecture Best Practices
1-2 1 Designing for High Availability
1-2 2 Designing for Disaster Recovery
1-2 3 Designing for Scalability
1-2 4 Designing for Security
1-2 5 Designing for Cost Optimization
1-2 6 Designing for Compliance
1-3 OCI Architecture Patterns
1-3 1 Multi-Tier Application Architecture
1-3 2 Microservices Architecture
1-3 3 Serverless Architecture
1-3 4 Hybrid Cloud Architecture
1-3 5 Data Lake Architecture
1-3 6 Big Data Architecture
1-3 7 Machine Learning Architecture
2 OCI Identity and Access Management (IAM)
2-1 IAM Overview
2-1 1 IAM Components
2-1 2 IAM Policies
2-1 3 IAM Groups and Users
2-1 4 IAM Dynamic Groups
2-1 5 IAM Federation
2-1 6 IAM Authentication and Authorization
2-2 IAM Best Practices
2-2 1 Least Privilege Principle
2-2 2 Role-Based Access Control (RBAC)
2-2 3 Multi-Factor Authentication (MFA)
2-2 4 IAM Policy Management
2-2 5 IAM Monitoring and Auditing
3 OCI Networking
3-1 Networking Overview
3-1 1 Virtual Cloud Networks (VCNs)
3-1 2 Subnets
3-1 3 Route Tables
3-1 4 Security Lists
3-1 5 Network Security Groups (NSGs)
3-1 6 Internet Gateways
3-1 7 NAT Gateways
3-1 8 Service Gateways
3-1 9 Dynamic Routing Gateways (DRGs)
3-1 10 FastConnect
3-1 11 Load Balancers
3-2 Networking Best Practices
3-2 1 Designing for Network Segmentation
3-2 2 Designing for Network Security
3-2 3 Designing for Network Performance
3-2 4 Designing for Network Scalability
3-2 5 Designing for Network Resilience
4 OCI Compute Services
4-1 Compute Services Overview
4-1 1 Compute Instances
4-1 2 Instance Pools
4-1 3 Autoscaling
4-1 4 Dedicated Virtual Machines (VMs)
4-1 5 Bare Metal Instances
4-1 6 Oracle Container Engine for Kubernetes (OKE)
4-1 7 Oracle Functions
4-1 8 Oracle Cloud Shell
4-2 Compute Services Best Practices
4-2 1 Designing for Compute Scalability
4-2 2 Designing for Compute Security
4-2 3 Designing for Compute Cost Optimization
4-2 4 Designing for Compute Resilience
4-2 5 Designing for Compute Performance
5 OCI Storage Services
5-1 Storage Services Overview
5-1 1 Block Volume
5-1 2 Object Storage
5-1 3 File Storage
5-1 4 Archive Storage
5-1 5 Data Transfer
5-1 6 Storage Gateway
5-2 Storage Services Best Practices
5-2 1 Designing for Storage Scalability
5-2 2 Designing for Storage Security
5-2 3 Designing for Storage Cost Optimization
5-2 4 Designing for Storage Resilience
5-2 5 Designing for Storage Performance
6 OCI Database Services
6-1 Database Services Overview
6-1 1 Autonomous Database
6-1 2 Oracle Database Cloud Service
6-1 3 MySQL Database Service
6-1 4 NoSQL Database
6-1 5 Exadata Cloud Service
6-2 Database Services Best Practices
6-2 1 Designing for Database Scalability
6-2 2 Designing for Database Security
6-2 3 Designing for Database Cost Optimization
6-2 4 Designing for Database Resilience
6-2 5 Designing for Database Performance
7 OCI Security Services
7-1 Security Services Overview
7-1 1 Key Management Service (KMS)
7-1 2 Vault
7-1 3 Web Application Firewall (WAF)
7-1 4 Cloud Guard
7-1 5 Vulnerability Scanning
7-1 6 Bastion Service
7-2 Security Services Best Practices
7-2 1 Designing for Data Encryption
7-2 2 Designing for Network Security
7-2 3 Designing for Identity and Access Management
7-2 4 Designing for Security Monitoring and Response
7-2 5 Designing for Compliance and Governance
8 OCI Monitoring and Management
8-1 Monitoring and Management Overview
8-1 1 Monitoring
8-1 2 Logging
8-1 3 Notifications
8-1 4 Events
8-1 5 Resource Manager
8-1 6 Service Connector Hub
8-1 7 Application Performance Monitoring (APM)
8-2 Monitoring and Management Best Practices
8-2 1 Designing for Monitoring and Alerting
8-2 2 Designing for Logging and Analytics
8-2 3 Designing for Automation and Orchestration
8-2 4 Designing for Performance Tuning
8-2 5 Designing for Cost Management
9 OCI Integration and API Management
9-1 Integration and API Management Overview
9-1 1 Oracle Integration Cloud (OIC)
9-1 2 API Gateway
9-1 3 API Management
9-1 4 Streaming
9-1 5 Notifications
9-2 Integration and API Management Best Practices
9-2 1 Designing for Integration Scalability
9-2 2 Designing for API Security
9-2 3 Designing for API Performance
9-2 4 Designing for API Governance
9-2 5 Designing for Event-Driven Architecture
10 OCI DevOps and Continuous Delivery
10-1 DevOps and Continuous Delivery Overview
10-1 1 Oracle Cloud DevOps
10-1 2 Oracle Cloud Build
10-1 3 Oracle Cloud Deploy
10-1 4 Oracle Cloud Pipelines
10-1 5 Oracle Cloud Artifacts
10-1 6 Oracle Cloud Code Repository
10-2 DevOps and Continuous Delivery Best Practices
10-2 1 Designing for Continuous Integration
10-2 2 Designing for Continuous Delivery
10-2 3 Designing for Infrastructure as Code (IaC)
10-2 4 Designing for Automated Testing
10-2 5 Designing for Release Management
11 OCI Governance and Compliance
11-1 Governance and Compliance Overview
11-1 1 Oracle Cloud Governance
11-1 2 Oracle Cloud Compliance
11-1 3 Oracle Cloud Policies
11-1 4 Oracle Cloud Tagging
11-1 5 Oracle Cloud Cost Management
11-2 Governance and Compliance Best Practices
11-2 1 Designing for Policy Enforcement
11-2 2 Designing for Resource Tagging
11-2 3 Designing for Cost Tracking
11-2 4 Designing for Audit and Compliance
11-2 5 Designing for Governance Automation
12 OCI Advanced Topics
12-1 Advanced Topics Overview
12-1 1 Oracle Cloud Native Services
12-1 2 Oracle Cloud AI and Machine Learning
12-1 3 Oracle Cloud Blockchain
12-1 4 Oracle Cloud IoT
12-1 5 Oracle Cloud Analytics
12-2 Advanced Topics Best Practices
12-2 1 Designing for Cloud Native Applications
12-2 2 Designing for AI and Machine Learning
12-2 3 Designing for Blockchain
12-2 4 Designing for IoT
12-2 5 Designing for Analytics
7 OCI Security Services Explained

7 OCI Security Services Explained

Key Concepts

1. Identity and Access Management (IAM)

Identity and Access Management (IAM) in OCI ensures that only authorized users and systems can access resources. IAM includes features like user authentication, role-based access control (RBAC), and policy management. It helps in managing identities, permissions, and access across the cloud environment.

Example: Think of IAM as a security guard at a high-security facility. The guard verifies the identity of each person (authentication) and checks their access permissions (RBAC) before allowing them to enter specific areas.

2. Virtual Cloud Network (VCN)

Virtual Cloud Network (VCN) is a customizable network that you can create in OCI. It includes features like subnets, route tables, security lists, and network security groups. VCN allows you to control network traffic, segment your network, and apply security rules to protect your resources.

Example: Consider VCN as a smart home network. Just as you can control which devices connect to your Wi-Fi and set up different networks for guests and family members, VCN allows you to segment and secure your cloud network.

3. Key Management Service (KMS)

Key Management Service (KMS) in OCI provides a secure and scalable way to manage encryption keys. It allows you to create, import, rotate, and destroy encryption keys. KMS ensures that your data is encrypted at rest and in transit, protecting it from unauthorized access.

Example: Think of KMS as a high-security vault for your encryption keys. Just as you would store valuable items in a vault, KMS securely stores and manages your encryption keys, ensuring your data remains protected.

4. Web Application Firewall (WAF)

Web Application Firewall (WAF) in OCI protects your web applications from common web exploits and bots. It provides real-time monitoring and filtering of HTTP requests, blocking malicious traffic before it reaches your application. WAF helps in securing your web applications against threats like SQL injection and cross-site scripting (XSS).

Example: Consider WAF as a bouncer at a nightclub. Just as the bouncer filters out unwanted guests and ensures a safe environment, WAF filters out malicious traffic and protects your web applications.

5. Security Zones

Security Zones in OCI are predefined configurations that enforce security policies and best practices. They provide a secure environment for deploying and managing resources. Security Zones help in automating security controls and ensuring compliance with regulatory requirements.

Example: Think of Security Zones as a pre-configured safe room. Just as a safe room is designed with specific security measures, Security Zones provide a pre-configured, secure environment for your resources.

6. Cloud Guard

Cloud Guard in OCI is a security monitoring and management service that detects, assesses, and remediates security risks. It uses machine learning and threat intelligence to identify potential security issues and provides actionable insights to mitigate them. Cloud Guard helps in maintaining a secure cloud environment.

Example: Consider Cloud Guard as a security surveillance system. Just as a surveillance system monitors and alerts you to potential threats, Cloud Guard continuously monitors your cloud environment and alerts you to security risks.

7. Data Safe

Data Safe in OCI is a unified control center for securing sensitive data in Oracle databases. It provides features like data discovery, masking, and monitoring. Data Safe helps in identifying sensitive data, applying masking rules to protect it, and monitoring database activities for unauthorized access.

Example: Think of Data Safe as a data protection officer. Just as a data protection officer ensures the security and privacy of sensitive information, Data Safe helps in securing sensitive data in your Oracle databases.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.