📊 OCI Overview & Architecture
Regions
40+
Services
100+
Availability Zones
75+
Data Centers
200+
OCI Architecture Layers
| Layer | Components | Services |
|---|---|---|
| Global | Regions, Availability Domains, Fault Domains | Global Load Balancer, CDN |
| Network | VCN, Subnet, Route Tables, Security Lists | Networking, DNS, Load Balancing |
| Compute | VM Instances, Bare Metal, Container Engine | OKE, Functions, Container Registry |
| Storage | Object Storage, Block Volumes, File Systems | Backup, Archive Storage |
| Database | Autonomous DB, DB Systems, NoSQL | Data Warehouse, Graph Database |
🖥️ OCI Console Navigation
Main Dashboard Components
Console Layout:
├── Top Navigation Bar
│ ├── Search (Services, Resources)
│ ├── Notifications
│ ├── Settings
│ └── User Profile
├── Left Sidebar Menu
│ ├── Favorites
│ ├── Infrastructure (Compute, Network, Storage)
│ ├── Platform Services
│ └── Administration
└── Main Content Area
├── Dashboard Widgets
├── Quick Links
└── Recent ResourcesKey Console Features
- Resource Groups: Organize resources by project or environment
- Compartments: Logical containers for resource isolation and access control
- Cost Analysis: Monitor spending and forecast costs
- Audit Logs: Track API calls and resource changes
- Budgets: Set spending alerts and limits
💡 Tip: Use Favorited resources for quick access to frequently used services
🌐 Virtual Cloud Network (VCN)
VCN Architecture
| Component | Purpose | Example |
|---|---|---|
| VCN | Private network in cloud | 10.0.0.0/16 |
| Subnet | Segment of VCN, AZ-specific | 10.0.1.0/24 (Public) |
| IGW | Internet Gateway for outbound traffic | Allow 0.0.0.0/0 |
| NAT Gateway | NAT for private subnets | Outbound only |
| Route Table | Define traffic routing rules | Destination → Target |
Security Lists (Network ACLs)
# Inbound Rules Example:
- CIDR: 0.0.0.0/0, Protocol: TCP, Port: 80 (HTTP)
- CIDR: 0.0.0.0/0, Protocol: TCP, Port: 443 (HTTPS)
- CIDR: 0.0.0.0/0, Protocol: TCP, Port: 22 (SSH)
- CIDR: 10.0.0.0/16, Protocol: TCP, Port: 3306 (MySQL)
# Outbound Rules Example:
- Destination: 0.0.0.0/0, Protocol: All⚙️ Compute Services
Compute Instance Types
| Type | Use Case | Specifications |
|---|---|---|
| Virtual Machine | Web apps, development | 1-64 vCPU, 6GB-1TB Memory |
| Bare Metal | High performance computing | 52-160 vCPU, Direct access |
| GPU Instances | Machine learning, graphics | NVIDIA GPU acceleration |
| ARM-based | Cost-efficient workloads | Ampere A1 processor |
Instance Configuration
# Key Attributes:
- Image: OS type (Ubuntu, CentOS, Windows, Custom)
- Shape: CPU/Memory profile
- Network: VCN, Subnet, VNIC details
- Storage: Root volume size, additional block volumes
- Metadata: SSH keys, user scripts
- Monitoring: Enable Compute Agent🔐 Security & IAM
IAM Components
- Users: Identity who can access OCI
- Groups: Collections of users
- Policies: Define permissions using statements
- Roles: Pre-built permission sets
- Compartments: Resource isolation and billing boundaries
Policy Syntax
Allow group admin-group to manage all-resources in compartment devenv
Allow group developers to use instances in compartment devenv
Allow group analysts to read buckets in compartment devenv
Allow service database to manage volumes in compartment prodenv
⚠️ Warning: Apply principle of least privilege. Grant only necessary permissions.
📈 Monitoring & Operations
Monitoring Metrics
| Service | Key Metrics | Retention |
|---|---|---|
| Compute | CPU%, Memory%, Disk I/O, Network | 1 hour - 15 days |
| Network | Bytes In/Out, Packets, Errors | 1 hour - 15 days |
| Storage | Capacity Used, Operations, Latency | 1 hour - 15 days |
Alarms & Notifications
Alarm Types:
- Metric Alarms: Trigger when threshold exceeded
- Event-based Alarms: Trigger on specific events
- Log-based Alarms: Trigger on log entries
Notification Channels:
- Email
- SMS
- PagerDuty
- Slack (via webhook)✅ Best Practices
Infrastructure Design
- Use Multiple Availability Domains (AD) for high availability
- Implement proper network segmentation with security lists
- Use Network Security Groups (NSGs) for fine-grained control
- Enable VCN Flow Logs for traffic analysis
- Configure backup and disaster recovery strategies
Security Best Practices
- Enable MFA for all user accounts
- Use API signing keys instead of user passwords
- Rotate credentials regularly
- Implement audit logging for compliance
- Use service accounts with limited permissions
✓ Learning Checklist
Understand OCI architecture and regions
Navigate OCI Console dashboard
Create and configure VCN
Launch compute instances
Configure security lists
Set up monitoring and alarms
Implement IAM policies
Configure backup strategies
Review cost optimization
Practice disaster recovery