painting of black cloud during sunset
Posted on by Fernando

Oracle Cloud Infrastructure OCI Foundations

Mastering Oracle Cloud Infrastructure (OCI): Key Concepts Every Beginner Should Know

Oracle Cloud Infrastructure (OCI) has become a powerful platform for organizations seeking scalable, secure, and cost-effective cloud solutions.

Whether you’re preparing for the OCI Foundations Associate certification or simply exploring how OCI works, understanding its core concepts is essential.

In this post, we’ll break down the most important OCI topics—from availability domains and fault tolerance to storage tiers, networking, security, pricing models, and hybrid cloud options.

You’ll also learn how OCI ensures high availability, data encryption, and cost optimization, all explained in a simple and practical way.

By the end of this guide, you’ll have a solid overview of the key OCI building blocks, making it easier to navigate the platform and even prepare for OCI certification exams.

Let’s dive in! 🚀

1. High Availability & Networking

  • Availability Domains (ADs) within a region are connected by low-latency, high-bandwidth networks to support high availability and replication.
  • An Availability Domain is one or more data centers within a region.
  • Fault Domains provide redundancy within an AD to reduce single points of failure.
  • Flexible Shapes let you customize the number of OCPUs and memory for certain VM shapes.
  • Preemptible VMs are low-cost, short-lived compute instances that OCI can reclaim at any time.
  • Containers start faster and use resources more efficiently than full virtual machines.
  • Route Tables define how traffic is routed from subnets to destinations outside the VCN.
  • Network Load Balancer operates at Layer 4 (TCP/UDP) with lower latency than the Standard Load Balancer.

2. Storage

  • Local NVMe storage gives very high IOPS but is not persistent.
  • Auto-Tiering in Object Storage automatically moves objects between Standard and Infrequent Access tiers to save cost.
  • Standard Object Storage is for frequently accessed data.
  • Archive Storage is for rarely accessed data and retrieval takes hours.
  • OCI Object Storage keeps multiple redundant copies of data across the entire region.

3. Compute & Pricing

  • OCI Compute offers Bare Metal, VM, and Dedicated VM Hosts (but NOT “Nano instances”).
  • OCI Universal Credits let you use prepaid credits for any eligible cloud service with flexibility.
  • VM cost depends on size, OS, region, and number of VMs (but the OS itself doesn’t change cost if license is included).

4. Security

  • Oracle Cloud Shared Security Model:
    • Oracle secures the physical infrastructure & cloud platform.
    • Customers manage their data, IAM policies, and user access.
  • Default IAM behavior: access is denied unless explicitly granted by policies.
  • Vault securely manages encryption keys and secrets.
  • HSM (Hardware Security Module) performs cryptographic operations for Vault Master Keys.
  • Web Application Firewall (WAF) protects against DDoS attacks.
  • OCI encrypts all data by default at rest and in transit.

5. Identity & Access

  • Identity Domain = a logical container for managing users and groups.
  • Compartments are regional, can be nested, and used to organize & control access to resources.

6. Hybrid & Multicloud

  • Dedicated Region lets you run OCI services in your own data center for compliance.
  • Interconnect for Azure supports multi-cloud integrations.
  • Roving Edge Infrastructure allows OCI services in remote or disconnected locations.
  • MySQL HeatWave Database Service is not multi-cloud focused, it’s a single-service DB engine.

7. Data Transfer & Load Balancing

  • Data Transfer Service = offline bulk data transfer to OCI using appliances.
  • OCI Load Balancer supports Weighted Round Robin for traffic distribution.

8. Cost Optimization & Cloud Advisor

  • Oracle Cloud Advisor suggests improvements for cost management, performance, and high availability.

9. Best Practices

  • Always enable MFA (Multi-Factor Authentication) for tenancy admins.
  • Avoid using the tenancy admin account for daily operations; create separate roles.
  • Don’t let all users manage policies—use IAM policies with least privilege.

I hope this post was helpful!

No related posts.

Leave a Reply

Your email address will not be published. Required fields are marked *