Creating an Instance

Use the steps in this topic to create a bare metal or virtual machine (VM) compute instance.

Tip

If this is your first time creating an instance, consider following the Getting Started tutorial for a guided workflow through the steps required to create an instance.

When you create an instance, the instance is automatically attached to a virtual network interface card (VNIC) in the cloud network's subnet and given a private IP address from the subnet's CIDR. You can let the IP address be automatically assigned, or you can specify a particular address of your choice. The private IP address lets instances within the cloud network communicate with each other. If you've set up the cloud network for DNS, instances can instead use fully qualified domain names (FQDNs).

If the subnet is public, you can optionally assign the instance a public IP address. A public IP address is required to communicate with the instance over the internet, and to establish a Secure Shell (SSH) or Remote Desktop Protocol (RDP) connection to the instance from outside the cloud network. You can also create SSH or RDP connections to instances without public IP addresses using a bastion.

Note

Partner images and pre-built Oracle enterprise images are not available in Government Cloud realms.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

Tip

When you create an instance, several other resources are involved, such as an image, a cloud network, and a subnet. Those other resources can be in the same compartment  with the instance or in other compartments. You must have the required level of access to each of the compartments involved in order to launch the instance. This is also true when you attach a volume to an instance; they don't have to be in the same compartment, but if they're not, you need the required level of access to each of the compartments.

For administrators: The simplest policy to enable users to create instances is listed in Let users launch compute instances. It gives the specified group general access to manage instances and images, along with the required level of access to attach existing block volumes to the instances. If the group needs to create block volumes, they'll need the ability to manage block volumes (see Let volume admins manage block volumes, backups, and volume groups). If the group needs access to community images specifically, they'll need the ability to read community images (see Publishing Community Applications).

To require that legacy instance metadata service endpoints are disabled on any new instances that are created, use the following policy:

Allow group InstanceLaunchers to manage instances in compartment ABC
 where request.instanceOptions.areLegacyEndpointsDisabled= 'true'

If you're new to policies, see Getting Started with Policies and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Partner Image Catalog

If the group needs to create instances based on partner images, they'll need the manage permission for app-catalog-listing to create subscriptions to images from the Partner Image catalog. See Let users list and subscribe to images from the Partner Image catalog.

Security Zones

Security Zones ensure that your cloud resources comply with Oracle security principles. If any operation on a resource in a security zone compartment violates a policy for that security zone, then the operation is denied.

The following security zone policies affect your ability to create instances:

  • The boot volume for a compute instance in a security zone must also be in a security zone.
  • A compute instance that isn't in a security zone can't use a boot volume that is in a security zone.
  • A compute instance in a security zone must use subnets that are also in a security zone.
  • All compute instances in a security zone must be created using platform images. You can't create a compute instance from a custom image in a security zone.

Recommended Networking Launch Types

When you launch a VM instance, by default, Oracle Cloud Infrastructure chooses a recommended networking type for the VNIC based on the instance shape and OS image. The networking interface handles functions such as disk input/output and network communication. The following options are available:

  • Paravirtualized networking: For general purpose workloads such as enterprise applications, microservices, and small databases. Paravirtualized networking also provides increased flexibility to use the same image across different hardware platforms. Linux images with paravirtualized networking support live migration during infrastructure maintenance.
  • Hardware-assisted (SR-IOV) networking: Single root input/output virtualization. For low-latency workloads such as video streaming, real-time applications, and large or clustered databases. Hardware-assisted (SR-IOV) networking uses the VFIO driver framework.
Important

To use a particular networking type, both the shape and the image must support that networking type.

Shapes: The following table lists the default and supported networking types for VM shapes.

Shape series Default Networking Type Supported Networking Types
VM.Standard1 SR-IOV Paravirtualized, SR-IOV
VM.Standard2 Paravirtualized Paravirtualized, SR-IOV
VM.Standard.E2 Paravirtualized Paravirtualized only
VM.Standard.E3

SR-IOV for regular instances

Paravirtualized for burstable instances

Paravirtualized, SR-IOV
VM.Standard.A1.Flex Paravirtualized Paravirtualized only
VM.Standard.E4 SR-IOV Paravirtualized, SR-IOV
VM.DenseIO1 SR-IOV Paravirtualized, SR-IOV
VM.DenseIO2 Paravirtualized Paravirtualized, SR-IOV
VM.GPU2 SR-IOV Paravirtualized, SR-IOV
VM.GPU3 SR-IOV Paravirtualized, SR-IOV
VM.Optimized3 SR-IOV Paravirtualized, SR-IOV

Images: Paravirtualized networking is supported on these platform images:

  • Oracle Linux 8, Oracle Linux Cloud Developer 8: All images.
  • Oracle Linux 7, Oracle Linux 6: Images published in March 2019 or later.
  • CentOS 8: All images.
  • CentOS 7: Images published in July 2019 or later.
  • Ubuntu 20.04: All images.
  • Ubuntu 18.04: Images published in March 2019 or later.
  • Windows Server 2019: All images.
  • Windows Server 2016: Images published in August 2019 or later.
  • Windows Server 2012 R2: Images published in August 2019 or later.

SR-IOV networking is supported on all platform images, with the following exceptions:

  • Images for Arm-based shapes do not support SR-IOV networking.
  • On Windows Server 2019, when launched using a VM.Standard2 shape, SR-IOV networking is not supported.
  • On Windows Server 2012 R2, SR-IOV networking is supported on platform images released in April 2021 or later.
  • The Server Core installation option for Windows Server does not support SR-IOV networking.

You can create an instance that uses a specific networking type instead of the default. However, depending on compatibility between the shape and image that you choose, the instance might not launch properly. You can test whether it succeeded by connecting to the instance. If the connection fails, the networking type is not supported. Relaunch the instance using a supported networking type.

Creating a Linux Instance

Use the following steps to create a Linux instance.

Prerequisites

Before you start, you need these things:

  • (Optional) An existing virtual cloud network (VCN) to launch the instance in. Alternatively, you can create a new VCN while you create the instance. For information about setting up cloud networks, see Networking.
  • If you want to use your own Secure Shell (SSH) key to connect to the instance using SSH, you need the public key from the SSH key pair that you plan to use. The key must be in OpenSSH format. For more information, see Managing Key Pairs on Linux Instances.
  • (Optional) If you want to launch the instance using a host capacity type other than on-demand capacity, prepare the capacity:

    • To launch an instance and have it count against a capacity reservation, you must have a capacity reservation in the same availability domain as the instance.
    • To place an instance on a dedicated virtual machine host, you must have a dedicated virtual machine host in the same availability domain and fault domain as the instance.

    The capacity types are mutually exclusive.

To create a Linux instance

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click Create Instance.
  3. Enter a name for the instance. You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance. Avoid entering confidential information.
  4. Select the compartment to create the instance in.

    The other resources that you choose can come from different compartments.

  5. In the Placement section, make the following selections:

    1. Select the Availability domain that you want to create the instance in.

      Note

      If you're creating an instance from a boot volume, you must create the instance in the same availability domain as the boot volume.
    2. (Optional) If you want to choose a capacity type or specify a fault domain, click Show advanced options. The following options are available:

      • Capacity type: Select one of the following.

        • On-demand capacity: The instance is launched on a shared host using on-demand capacity. This is the default.
        • Preemptible capacity: This option lets you run the instance on a shared host using preemptible capacity. The capacity is reclaimed when it's needed elsewhere, and the instances are terminated. Choose whether to permanently delete the attached boot volume when the capacity is reclaimed and the instance is terminated.
        • Capacity reservation: This option lets you count the instance against a capacity reservation. Select a capacity reservation from the list.
        • Dedicated host: This option lets you run the instance in isolation, so that it is not running on shared infrastructure. Select a dedicated virtual machine host from the list. You can only place an instance on a dedicated virtual machine host at the time you create the instance.
      • Fault domain: The fault domain to use for the instance. If you do not specify the fault domain, the system selects one for you. You can edit the fault domain after you create the instance. For more information, see Fault Domains and Best Practices for Your Compute Instance.
  6. In the Image and shape section, choose the image  and shape  for the instance:

    1. By default, an Oracle Linux 7.x image is used to boot the instance. To select a different image or a boot volume, in the Image section, click Change Image. Then, select an Image source from the list. The following options are available:

      • Platform images: Pre-built images for Oracle Cloud Infrastructure. To select a different OS version or image build, select the check box next to an image, and then select a value from the lists in the row for the image. To see which shapes are compatible with an OS version and image build, click Advanced Options. For more information about platform images, see Platform Images.
      • Oracle images: Pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure.
      • Partner images: Trusted third-party images published by Oracle partners. To view more details about an image or to change the image build, click the image's down arrow. For more information, see Overview of Marketplace and Working with Listings.
      • Custom images: Custom images created or imported into your Oracle Cloud Infrastructure environment. For more information, see Managing Custom Images.
      • Community images: Custom images created and published by community members for use by other community members. To filter by operating system, click OS, and then choose from listed operating systems. To find a community image by name, click Search, and then type a full or partial application name. To view more details about an image, click the image's down arrow. For more information, see Publishing Community Applications.
      • Boot volumes: Boot volumes that are available for creating a new instance in your Oracle Cloud Infrastructure environment. For more information, see Boot Volumes.
      • Image OCID: Create an instance using a specific version of an image by providing the image OCID . To determine the image OCID for Oracle-provided images, see Image Release Notes.

      Choose an image or boot volume, and then click Select Image.

    2. To select a different shape, in the Shape section, click Change Shape. Then, do the following:

      1. In the Instance type section, select Virtual Machine or Bare Metal Machine.
      2. If you're creating a virtual machine, in the Shape series section, select a processor group, and then choose a shape. The following options are available:

        • AMD: The flexible shapes that use current generation AMD processors and have a customizable number of OCPUs and amount of memory.
          • For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. You can select from 1 to 64 OCPUs.
          • If you want this to be a burstable instance, select the Burstable check box. Then, in the Burstable baseline per OCPU list, select the baseline OCPU utilization for the instance. This value is the percentage of OCPUs that you want to use most of the time.
          • For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected. For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for this shape, see Flexible Shapes.
          The other resources scale proportionately.
        • Intel: Standard and optimized shapes that use current generation Intel processors. Optimized flexible shapes have a customizable number of OCPUs and amount of memory.
          • For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. You can select from 1 to 18 OCPUs.
          • For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected. For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for this shape, see Flexible Shapes.
          The other resources scale proportionately.
        • Ampere: The Ampere A1 Compute flexible shape, which uses current generation Arm-based processors and has a customizable number of OCPUs and amount of memory.
          • For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. You can select from 1 to 80 OCPUs.
          • For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected. For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for this shape, see Flexible Shapes.
          The other resources scale proportionately.
        • Specialty and Previous Generation: Standard shapes with previous generation Intel and AMD processors, the Always Free VM.Standard.E2.1.Micro shape, Dense I/O shapes, GPU shapes, and HPC shapes.

        If a shape is disabled, it means that the shape is either incompatible with the image that you selected previously, or not available in the current availability domain. If you don't see a shape, it means that you don't have service limits for the shape. You can request a service limit increase.

        For more information about shapes, see Compute Shapes.

      3. Click Select Shape.
  7. In the Networking section, configure the network details for the instance:

    1. For Primary network and Subnet, specify the virtual cloud network (VCN) and subnet to create the instance in. Decide whether you want to use an existing VCN and subnet, create a new VCN or subnet, or enter an existing subnet's OCID:

      Select existing virtual cloud network

      Make the following selections:

      • Virtual cloud network in <compartment_name>: The cloud network to create the instance in.
      • Subnet: A subnet within the cloud network that the instance is attached to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. For more information, see Access to the Internet. Subnets can also be either AD-specific or regional (regional ones have "regional" after the name). We recommend using regional subnets. For more information, see About Regional Subnets.

        If choosing Select existing subnet, for Subnet in <compartment_name>, select the subnet.

        If choosing Create new public subnet, enter the following information:

        • New subnet name: A friendly name for the subnet. It doesn't have to be unique, and it cannot be changed later in the Console. You can change it with the API. Avoid entering confidential information.
        • Create in compartment: The compartment where you want to put the subnet.
        • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.
      Create new virtual cloud network

      Make the following selections:

      • New virtual cloud network name: A friendly name for the network. Avoid entering confidential information.
      • Create in compartment: The compartment where you want to put the new network.
      • Subnet: A subnet within the cloud network to attach the instance to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. For more information, see Access to the Internet. Subnets can also be either AD-specific or regional (regional ones have "regional" after the name). We recommend using regional subnets. For more information, see About Regional Subnets.

        Enter the following information:

        • New subnet name: A friendly name for the subnet. It doesn't have to be unique, and it cannot be changed later in the Console. You can change it with the API. Avoid entering confidential information.
        • Create in compartment: The compartment where you want to put the subnet.
        • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.
      Enter subnet OCID

      For Subnet OCID, enter the subnet OCID.

    2. If the subnet is public, you can optionally assign the instance a public IP address. A public IP address makes the instance accessible from the internet. Select the Assign a public IPv4 address option. For more information, see Access to the Internet.
    3. (Optional) If you want to configure advanced networking settings, click Show advanced options. The following options are available:

      • Use network security groups to control traffic: Select this option if you want to add the instance's primary VNIC to one or more network security groups (NSGs). Then, specify the NSGs. Available only when you use an existing VCN. For more information, see Network Security Groups.
      • Private IP address: An available private IP address of your choice from the subnet's CIDR. If you don't specify a value, the private IP address is automatically assigned.
      • DNS record: Whether to assign the VNIC a private DNS record. For more information, see DNS in Your Virtual Cloud Network.
      • Hostname: A hostname to be used for DNS within the cloud network. Available only if the VCN and subnet both have DNS labels, and the option to assign a private DNS record is selected.
      • Launch Options: The networking launch type. Available only for VMs. For more information, see Recommended Networking Launch Types.
  8. In the Add SSH keys section, generate an SSH key pair or upload your own public key. Select one of the following options:

    • Generate a key pair for me: Oracle Cloud Infrastructure generates an RSA key pair for the instance. Click Save Private Key, and then save the private key on your computer. Optionally, click Save Public Key and then save the public key.

      Caution

      Anyone who has access to the private key can connect to the instance. Store the private key in a secure location.
      Important

      To use a key pair that is generated by Oracle Cloud Infrastructure, you must access the instance from a system that has OpenSSH installed. UNIX-based systems (including Linux and OS X), Windows 10, and Windows Server 2019 should have OpenSSH. For more information, see Managing Key Pairs on Linux Instances.
    • Upload public key files (.pub): Upload the public key portion of your key pair. Either browse to the key file that you want to upload, or drag and drop the file into the box. To provide multiple keys, press and hold down the Command key (on Mac) or the Ctrl key (on Windows) while selecting files.
    • Paste public keys: Paste the public key portion of your key pair in the box.
    • No SSH keys: Select this option only if you do not want to connect to the instance using SSH. You cannot provide a public key or save the key pair that is generated by Oracle Cloud Infrastructure after the instance is created.
  9. In the Boot volume section, configure the size and encryption options for the instance's boot volume:

    • To specify a custom size for the boot volume, select the Specify a custom boot volume size check box. Then, enter a custom size from 50 GB to 32 TB. The specified size must be larger than the default boot volume size for the selected image. See Custom Boot Volume Sizes for more information.
    • For VM instances, you can optionally select the Use in-transit encryption check box. For bare metal instances that support in-transit encryption, it is enabled by default and is not configurable. See Block Volume Encryption for more information about in-transit encryption. If you are using your own Vault service encryption key for the boot volume, then this key is also used for in-transit encryption. Otherwise, the Oracle-provided encryption key is used.
    • Boot volumes are encrypted by default, but you can optionally use your own Vault service encryption key to encrypt the data in this volume. To use the Vault service for your encryption needs, select the Encrypt this volume with a key that you manage check box. Then, select the Vault compartment and Vault that contain the master encryption key you want to use. Also select the Master encryption key compartment and Master encryption key. For more information about encryption, see Overview of Vault. If you enable this option, this key is used for both data at rest encryption and in-transit encryption.
      Important

      The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.
    • Block Volume performance capabilities lets you change the volume performance for boot volumes. When you create an instance, its boot volume is configured with the default volume performance set to Balanced. After you launch the instance, you can modify the performance setting. For steps to modify the performance setting, see Changing the Performance of a Volume. For more information, see Block Volume Performance.

  10. (Optional) To configure advanced settings, click Show Advanced Options. The following options are available:

    • On the Management tab, you can configure the following:

      • Require an authorization header: Select this check box to require that all requests to the instance metadata service (IMDS) use the version 2 endpoint and include an authorization header. Requests to IMDSv1 are denied. The image must support IMDSv2. For more information, see Getting Instance Metadata.
      • Initialization Script: User data to be used by cloud-init to run custom scripts or provide custom cloud-init configuration. Browse to the file that you want to upload, or drag and drop the file into the box. The file or script does not need to be base64-encoded, because the Console performs this encoding when the information is submitted. For information about how to take advantage of user data, see the cloud-init documentation. The total maximum size for user data and other metadata that you provide is 32,000 bytes.
      • Tagging: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.
    • On the Availability Configuration tab, you can configure the following:

      • In the Live migration section, select an option:
        • Let Oracle Cloud Infrastructure choose the best migration option: Select this option to let Oracle Cloud Infrastructure choose the best option to migrate the instance to a healthy physical VM host if an underlying infrastructure component needs to undergo maintenance.
        • Opt-in: Select this option to have the instance live migrated to a healthy physical VM host without any notification or disruption. If live migration isn't successful, reboot migration is used. Some shapes do not support live migration.
        • Opt-out: Select this option to have a notification sent for the maintenance event. The instance is live migrated if you do not proactively reboot the instance before the due date.
      • Restore instance lifecycle state after infrastructure maintenance: By default, if a VM instance is running when a maintenance event affects the underlying infrastructure, the instance is rebooted after it is recovered. Clear this check box if you want the instance to be recovered in the stopped state.
    • On the Oracle Cloud Agent tab, choose which plugins you want to enable when the instance is launched. Plugins collect performance metrics, install OS updates, and perform other instance management tasks. For more information, see Managing Plugins with Oracle Cloud Agent.

      Important

      After you create the instance, you might need to perform additional configuration tasks before you can use each plugin.
  11. Click Create.

    To track the progress of the operation and troubleshoot errors that occur during instance creation, use the associated work request.

After the instance is provisioned, details about it appear in the instance list. To view more details, including IP addresses, click the instance name.

When the instance is fully provisioned and running, you can connect to it using SSH as described in Connecting to an Instance.

You also can attach a volume to the instance, provided the volume is in the same availability domain. For background information about volumes, see Overview of Block Volume.

For steps to let additional users connect to the instance, see Adding Users to an Instance.

Creating a Windows Instance

Use the following steps to create a Windows instance.

Prerequisites

Before you start, you need these things:

  • (Optional) An existing virtual cloud network (VCN) to launch the instance in. Alternatively, you can create a new VCN while you create the instance. For information about setting up VCNs, see Networking.
  • A VCN security rule that enables Remote Desktop Protocol (RDP) access so that you can connect to your instance. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source 0.0.0.0/0 and any source port. For more information, see Security Rules. You can implement this security rule in a network security group that you add this Windows instance to. Or, you can implement this security rule in a security list that is used by the instance's subnet.

    To enable RDP access
    1. Open the navigation menu, click Networking, and then click Virtual Cloud Networks.
    2. Choose a compartment you have permission to work in (on the left side of the page). The page updates to display only the resources in that compartment. If you're not sure which compartment to use, contact an administrator.

    3. Click the VCN that you're interested in.
    4. To add the rule to a network security group that the instance belongs to:

      1. Under Resources, click Network Security Groups.
      2. Click the network security group that you're interested in.
      3. Click Add Ingress Rules.
      4. Enter the following values for the rule:

        • Stateless: Leave the check box cleared.
        • Direction: Leave Ingress selected.
        • Source Type: CIDR
        • Source CIDR: 0.0.0.0/0
        • IP Protocol: RDP (TCP/3389)
        • Source Port Range: All
        • Destination Port Range: 3389
        • Description: An optional description of the rule.
      5. When done, click Add.
    5. To add the rule to a security list that is used by the instance's subnet:

      1. Under Resources, click Security Lists.
      2. Click the security list that you're interested in.
      3. Click Add Ingress Rules.
      4. Enter the following values for the rule:

        • Stateless: Leave the check box cleared.
        • Source Type: CIDR
        • Source CIDR: 0.0.0.0/0
        • IP Protocol: RDP (TCP/3389)
        • Source Port Range: All
        • Destination Port Range: 3389
        • Description: An optional description of the rule.
      5. When done, click Add Ingress Rules.
  • (Optional) If you want to launch the instance using a host capacity type other than on-demand capacity, prepare the capacity:

    • To launch an instance and have it count against a capacity reservation, you must have a capacity reservation in the same availability domain as the instance.
    • To place an instance on a dedicated virtual machine host, you must have a dedicated virtual machine host in the same availability domain and fault domain as the instance.

    The capacity types are mutually exclusive.

To create a Windows instance

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click Create Instance.
  3. Enter a name for the instance. You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance. Avoid entering confidential information.

    Important

    Use only these ASCII characters in the instance name: uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9), and hyphens (-). See this known issue for more information.
  4. Select the compartment to create the instance in.

    The other resources that you choose can come from different compartments.

  5. In the Placement section, make the following selections:

    1. Select the Availability domain that you want to create the instance in.

      Note

      If you're creating an instance from a boot volume, you must create the instance in the same availability domain as the boot volume.
    2. (Optional) If you want to choose a capacity type or specify a fault domain, click Show advanced options. The following options are available:

      • Capacity type: Select one of the following.

        • On-demand capacity: The instance is launched on a shared host using on-demand capacity. This is the default.
        • Preemptible capacity: This option lets you run the instance on a shared host using preemptible capacity. The capacity is reclaimed when it's needed elsewhere, and the instances are terminated. Choose whether to permanently delete the attached boot volume when the capacity is reclaimed and the instance is terminated.
        • Capacity reservation: This option lets you count the instance against a capacity reservation. Select a capacity reservation from the list.
        • Dedicated host: This option lets you run the instance in isolation, so that it is not running on shared infrastructure. Select a dedicated virtual machine host from the list. You can only place an instance on a dedicated virtual machine host at the time you create the instance.
      • Fault domain: The fault domain to use for the instance. If you do not specify the fault domain, the system selects one for you. You can edit the fault domain after you create the instance. For more information, see Fault Domains and Best Practices for Your Compute Instance.
  6. In the Image and shape section, choose the image  and shape  for the instance:

    1. Choose the image that's used to boot the instance. Click Change Image. Then, select an Image source from the list. The following options are available:
      • Platform images: Pre-built images for Oracle Cloud Infrastructure. To select a different OS version or image build, select the check box next to an image, and then select a value from the lists in the row for the image. To see which shapes are compatible with an OS version and image build, click Advanced Options. For more information, see Platform Images.
      • Oracle images: Pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure.
      • Partner images: Trusted third-party images published by Oracle partners. To view more details about the image, or to change the image build, click the image's down arrow. For more information, see Overview of Marketplace and Working with Listings.
      • Custom images: Custom images created or imported into your Oracle Cloud Infrastructure environment. For more information, see Managing Custom Images.
      • Community images: Custom images created and published by community members for use by other community members. (Community images do not include any Windows custom images.) For more information, see Publishing Community Applications.
      • Boot volumes: Boot volumes that are available for creating a new instance in your Oracle Cloud Infrastructure environment. For more information, see Boot Volumes.
      • Image OCID: Create an instance using a specific version of an image by providing the image OCID . To determine the image OCID for a platform image, see Image Release Notes.

      Choose an image or boot volume, and then click Select Image.

    2. To select a different shape, in the Shape section, click Change Shape. Then, do the following:
      1. In the Instance type section, select Virtual Machine or Bare Metal Machine.
      2. If you're creating a virtual machine, in the Shape series section, select a processor group, and then choose a shape. The following options are available:

        • AMD: The flexible shapes that use current generation AMD processors and have a customizable number of OCPUs and amount of memory.
          • For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. You can select from 1 to 64 OCPUs.
          • If you want this to be a burstable instance, select the Burstable check box. Then, in the Burstable baseline per OCPU list, select the baseline OCPU utilization for the instance. This value is the percentage of OCPUs that you want to use most of the time.
          • For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected. For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for this shape, see Flexible Shapes.
          The other resources scale proportionately.
          Important

          For Windows Server instances using the VM.Standard.E3.Flex shape, allocate a maximum of 32 OCPUs to the instance. See this known issue for more information.
        • Intel: Standard and optimized shapes that use current generation Intel processors. Optimized flexible shapes have a customizable number of OCPUs and amount of memory.
          • For Number of OCPUs, choose the number of OCPUs that you want to allocate to this instance by dragging the slider. You can select from 1 to 18 OCPUs.
          • For Amount of memory (GB), choose the amount of memory that you want to allocate to this instance by dragging the slider. The amount of memory allowed is based on the number of OCPUs selected. For more information about the minimum memory, maximum memory, and ratio of memory to OCPUs for this shape, see Flexible Shapes.
          The other resources scale proportionately.
        • Ampere: The Arm-based Ampere A1 Compute shape is not supported for Windows images.
        • Specialty and Previous Generation: Standard shapes with previous generation Intel and AMD processors, the Always Free VM.Standard.E2.1.Micro shape, Dense I/O shapes, GPU shapes, and HPC shapes.

        If a shape is disabled, it means that the shape is either incompatible with the image that you selected previously, or not available in the current availability domain. If you don't see a shape, it means that you don't have service limits for the shape. You can request a service limit increase.

        For more information about shapes, see Compute Shapes.

      3. Click Select Shape.
  7. In the Networking section, configure the network details for the instance:

    1. For Primary network and Subnet, specify the virtual cloud network (VCN) and subnet to create the instance in. Decide whether you want to use an existing VCN and subnet, create a new VCN or subnet, or enter an existing subnet's OCID:

      Select existing virtual cloud network

      Make the following selections:

      • Virtual cloud network in <compartment_name>: The cloud network to create the instance in.
      • Subnet: A subnet within the cloud network that the instance is attached to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. For more information, see Access to the Internet. Subnets can also be either AD-specific or regional (regional ones have "regional" after the name). We recommend using regional subnets. For more information, see About Regional Subnets.

        If choosing Select existing subnet, for Subnet in <compartment_name>, select the subnet.

        If choosing Create new public subnet, enter the following information:

        • New subnet name: A friendly name for the subnet. It doesn't have to be unique, and it cannot be changed later in the Console. You can change it with the API. Avoid entering confidential information.
        • Create in compartment: The compartment where you want to put the subnet.
        • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.
      Create new virtual cloud network

      Make the following selections:

      • New virtual cloud network name: A friendly name for the network. Avoid entering confidential information.
      • Create in compartment: The compartment where you want to put the new network.
      • Subnet: A subnet within the cloud network to attach the instance to. The subnets are either public or private. Private means the instances in that subnet can't have public IP addresses. For more information, see Access to the Internet. Subnets can also be either AD-specific or regional (regional ones have "regional" after the name). We recommend using regional subnets. For more information, see About Regional Subnets.

        Enter the following information:

        • New subnet name: A friendly name for the subnet. It doesn't have to be unique, and it cannot be changed later in the Console. You can change it with the API. Avoid entering confidential information.
        • Create in compartment: The compartment where you want to put the subnet.
        • CIDR block: A single, contiguous CIDR block for the subnet (for example, 172.16.0.0/24). Make sure it's within the cloud network's CIDR block and doesn't overlap with any other subnets. You cannot change this value later. See Allowed VCN Size and Address Ranges. For reference, here's a CIDR calculator.
      Enter subnet OCID

      For Subnet OCID, enter the subnet OCID.

    2. If the subnet is public, you can optionally assign the instance a public IP address. A public IP address makes the instance accessible from the internet. Select the Assign a public IPv4 address option. For more information, see Access to the Internet.
    3. (Optional) If you want to configure advanced networking settings, click Show advanced options. The following options are available:

      • Use network security groups to control traffic: Select this option if you want to add the instance's primary VNIC to one or more network security groups (NSGs). Then, specify the NSGs. Available only when you use an existing VCN. For more information, see Network Security Groups.
      • Private IP address: An available private IP address of your choice from the subnet's CIDR. If you don't specify a value, the private IP address is automatically assigned.
      • DNS record: Whether to assign the VNIC a private DNS record. For more information, see DNS in Your Virtual Cloud Network.
      • Hostname: A hostname to be used for DNS within the cloud network. Available only if the VCN and subnet both have DNS labels, and the option to assign a private DNS record is selected.
      • Launch Options: The networking launch type. Available only for VMs. For more information, see Recommended Networking Launch Types.
  8. In the Boot volume section, configure the size and encryption options for the instance's boot volume:

    • To specify a custom size for the boot volume, select the Specify a custom boot volume size check box. Then, enter a custom size from 50 GB to 32 TB. The specified size must be larger than the selected image's default boot volume size. See Custom Boot Volume Sizes for more information.

      Note

      For Windows Server 2012 R2 Datacenter images and Windows platform images published before October 2021, the custom boot volume size must be larger than the image's default boot volume size or 256 GB, whichever is higher.
    • For VM instances, you can optionally select the Use in-transit encryption check box. For bare metal instances that support in-transit encryption, it is enabled by default and is not configurable. See Block Volume Encryption for more information about in-transit encryption. If you are using your own Vault service encryption key for the boot volume, then this key is also used for in-transit encryption. Otherwise, the Oracle-provided encryption key is used.
    • Boot volumes are encrypted by default, but you can optionally use your own Vault service encryption key to encrypt the data in this volume. To use the Vault service for your encryption needs, select the Encrypt this volume with a key that you manage check box. Then, select the Vault compartment and Vault that contain the master encryption key you want to use. Also select the Master encryption key compartment and Master encryption key. For more information about encryption, see Overview of Vault.
      Important

      The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.
    • Block Volume performance capabilities lets you change the volume performance for boot volumes. When you create an instance, its boot volume is configured with the default volume performance set to Balanced. After you launch the instance, you can modify the performance setting. For steps to modify the performance setting, see Changing the Performance of a Volume. For more information, see Block Volume Performance.

  9. (Optional) To configure advanced settings, click Show Advanced Options. The following options are available:

    • On the Management tab, you can configure the following:

      • Require an authorization header: Select this check box to require that all requests to the instance metadata service (IMDS) use the version 2 endpoint and include an authorization header. Requests to IMDSv1 are denied. The image must support IMDSv2. For more information, see Getting Instance Metadata.
      • Initialization Script: User data to be used by cloudbase-init to run custom scripts or provide custom cloudbase-init configuration. Browse to the file that you want to upload, or drag and drop the file into the box. The file or script does not need to be base64-encoded, because the Console performs this encoding when the information is submitted. For information about how to take advantage of user data, see the cloudbase-init documentation. The total maximum size for user data and other metadata that you provide is 32,000 bytes.

        Caution

        Do not include anything in the script that could trigger a reboot, because this could impact the instance launch and cause it to fail. Any actions requiring a reboot should only be performed once the instance state is Running.
      • Tagging: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.
    • On the Availability Configuration tab, you can configure the following:

      • In the Live migration section, select an option:
        • Let Oracle Cloud Infrastructure choose the best migration option: Select this option to let Oracle Cloud Infrastructure choose the best option to migrate the instance to a healthy physical VM host if an underlying infrastructure component needs to undergo maintenance.
        • Opt-in: Select this option to have the instance live migrated to a healthy physical VM host without any notification or disruption. If live migration isn't successful, reboot migration is used. Some shapes do not support live migration.
        • Opt-out: Select this option to have a notification sent for the maintenance event. The instance is live migrated if you do not proactively reboot the instance before the due date.
      • Restore instance lifecycle state after infrastructure maintenance: By default, if a VM instance is running when a maintenance event affects the underlying infrastructure, the instance is rebooted after it is recovered. Clear this check box if you want the instance to be recovered in the stopped state.
    • On the Oracle Cloud Agent tab, choose which plugins you want to enable when the instance is launched. Plugins collect performance metrics, install OS updates, and perform other instance management tasks. For more information, see Managing Plugins with Oracle Cloud Agent.

      Important

      After you create the instance, you might need to perform additional configuration tasks before you can use each plugin.
  10. Click Create.

    To track the progress of the operation and troubleshoot errors that occur during instance creation, use the associated work request.

After the instance is provisioned, details about it appear in the instance list. To view more details, including IP addresses and the initial Windows password, click the instance name.

When the instance is fully provisioned and running, you can connect to it using Remote Desktop as described in Connecting to an Instance.

You also can attach a volume to the instance, provided the volume is in the same availability domain. For background information about volumes, see Overview of Block Volume.

For steps to let additional users connect to the instance, see Adding Users to an Instance.

Creating an Instance from an Instance Configuration

Use the following steps to create an instance using an instance configuration as a template.

Many of the settings that are defined in the instance configuration cannot be changed when you create an instance from the instance configuration. For example, the availability domain, compartment, image, shape, and subnet cannot be changed.

Prerequisites

  • You have an instance configuration to use as a template for the instance.
  • For Linux instances:

    • If the instance configuration does not include a public key, and you want to use your own Secure Shell (SSH) key to connect to the instance using SSH, you need the public key from the SSH key pair that you plan to use. The key must be in OpenSSH format. For more information, see Managing Key Pairs on Linux Instances.
    • If the instance configuration does include an SSH key, that SSH key must be used to connect to all instances created from the instance configuration.
  • For Windows instances, you need a VCN security rule that enables Remote Desktop Protocol (RDP) access so that you can connect to your instance. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source 0.0.0.0/0 and any source port. For more information, see Security Rules. You can implement this security rule in a network security group that you add this Windows instance to. Or, you can implement this security rule in a security list that is used by the instance's subnet.

    To enable RDP access
    1. Open the navigation menu, click Networking, and then click Virtual Cloud Networks.
    2. Choose a compartment you have permission to work in (on the left side of the page). The page updates to display only the resources in that compartment. If you're not sure which compartment to use, contact an administrator.

    3. Click the VCN that you're interested in.
    4. To add the rule to a network security group that the instance belongs to:

      1. Under Resources, click Network Security Groups.
      2. Click the network security group that you're interested in.
      3. Click Add Ingress Rules.
      4. Enter the following values for the rule:

        • Stateless: Leave the check box cleared.
        • Direction: Leave Ingress selected.
        • Source Type: CIDR
        • Source CIDR: 0.0.0.0/0
        • IP Protocol: RDP (TCP/3389)
        • Source Port Range: All
        • Destination Port Range: 3389
        • Description: An optional description of the rule.
      5. When done, click Add.
    5. To add the rule to a security list that is used by the instance's subnet:

      1. Under Resources, click Security Lists.
      2. Click the security list that you're interested in.
      3. Click Add Ingress Rules.
      4. Enter the following values for the rule:

        • Stateless: Leave the check box cleared.
        • Source Type: CIDR
        • Source CIDR: 0.0.0.0/0
        • IP Protocol: RDP (TCP/3389)
        • Source Port Range: All
        • Destination Port Range: 3389
        • Description: An optional description of the rule.
      5. When done, click Add Ingress Rules.

To create a Linux instance

  1. Open the navigation menu and click Compute. Under Compute, click Instance Configurations.
  2. Click the instance configuration that you want to use as a template to create the instance.
  3. Click Launch instance.
  4. Enter a name for the instance. You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance. Avoid entering confidential information.
  5. For Placement, Image and shape, and Networking, you can change some advanced options, including the capacity type, fault domain, shielding options, and launch options. For more information about the settings in these sections, see Creating a Linux Instance.
  6. If the instance configuration does not include an SSH public key for the instance, you can provide one now. If the instance configuration does include an SSH public key for the instance, that SSH key must be used to connect to all instances created from the instance configuration.

    In the Add SSH keys section, generate an SSH key pair or upload your own public key. Select one of the following options:

    • Generate a key pair for me: Oracle Cloud Infrastructure generates an RSA key pair for the instance. Click Save Private Key, and then save the private key on your computer. Optionally, click Save Public Key and then save the public key.

      Caution

      Anyone who has access to the private key can connect to the instance. Store the private key in a secure location.
      Important

      To use a key pair that is generated by Oracle Cloud Infrastructure, you must access the instance from a system that has OpenSSH installed. UNIX-based systems (including Linux and OS X), Windows 10, and Windows Server 2019 should have OpenSSH. For more information, see Managing Key Pairs on Linux Instances.
    • Upload public key files (.pub): Upload the public key portion of your key pair. Either browse to the key file that you want to upload, or drag and drop the file into the box. To provide multiple keys, press and hold down the Command key (on Mac) or the Ctrl key (on Windows) while selecting files.
    • Paste public keys: Paste the public key portion of your key pair in the box.
    • No SSH keys: Select this option only if you do not want to connect to the instance using SSH. You cannot provide a public key or save the key pair that is generated by Oracle Cloud Infrastructure after the instance is created.
  7. Specify the Boot volume details for the instance. For more information about the settings in this section, see Creating a Linux Instance.
  8. To configure live migration, click Show advanced options, and on the Availability Configuration tab, make your selections. For more information about the settings in this section, see Creating a Linux Instance.
  9. Click Create.

    To track the progress of the operation and troubleshoot errors that occur during instance creation, use the associated work request.

After the instance is provisioned, details about it appear in the instance list. To view more details, including IP addresses, click the instance name.

When the instance is fully provisioned and running, you can connect to it using SSH as described in Connecting to an Instance.

You also can attach a volume to the instance, provided the volume is in the same availability domain. For background information about volumes, see Overview of Block Volume.

For steps to let additional users connect to the instance, see Adding Users to an Instance.

To create a Windows instance

  1. Open the navigation menu and click Compute. Under Compute, click Instance Configurations.
  2. Click the instance configuration that you want to use as a template to create the instance.
  3. Click Launch instance.
  4. Enter a name for the instance. You can add or change the name later. The name doesn't need to be unique, because an Oracle Cloud Identifier (OCID) uniquely identifies the instance. Avoid entering confidential information.
  5. For Placement, Image and shape, and Networking, you can change some advanced options, including the capacity type, fault domain, and launch options. For more information about the settings in these sections, see Creating a Windows Instance.
  6. Specify the Boot volume details for the instance. For more information about the settings in this section, see Creating a Windows Instance.
  7. To configure live migration, click Show advanced options, and on the Availability Configuration tab, make your selections. For more information about the settings in this section, see Creating a Windows Instance.
  8. Click Create.

    To track the progress of the operation and troubleshoot errors that occur during instance creation, use the associated work request.

After the instance is provisioned, details about it appear in the instance list. To view more details, including IP addresses, click the instance name.

When the instance is fully provisioned and running, you can connect to it using Remote Desktop as described in Connecting to an Instance.

You also can attach a volume to the instance, provided the volume is in the same availability domain. For background information about volumes, see Overview of Block Volume.

For steps to let additional users connect to the instance, see Adding Users to an Instance.

Monitoring Work Requests

If the create instance operation fails, or if the instance state moves directly from provisioning to terminating, use work requests to determine where in the workflow the error occurred. Errors can occur because of problems with the configuration or problems with the user data. Synchronous errors occur during the initial call to the Compute API to create the instance. Asynchronous errors occur during the create instance workflow that occurs after the initial API call. Work requests capture asynchronous validation failures. A successful create instance API call that returns an HTTP 200 response might be followed by an asynchronous error during the subsequent create instance workflow.

The response to the REST API call contains the OCID of the work request in the opc-work-request-id header. You can monitor the status of the work request at any time by calling GetWorkRequest in the Work Requests API and passing in the work request ID found in the opc-work-request-id header. If an error occurs during the workflow, you can call ListWorkRequestErrors in the Work Requests API and pass in the work request ID to retrieve a list of errors.

For information about using work requests to troubleshoot errors, see Getting Started with Work Requests. For detailed information about asynchronous work requests, including how to filter the request response and a sample request and response, see Asynchronous Work Requests.

Managing Tags for an Instance

You can add tags to your resources to help you organize them according to your business needs. You can add tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

To manage tags for an instance
  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click the instance that you're interested in.

  3. Click the Tags tab to view or edit the existing tags. Or click More Actions, and then click Add tags to add new ones.

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these API operations to create instances:

You can also launch instances from images that are published by Oracle partners in the Partner Image catalog. Use these APIs to work with the Partner Image catalog listings: