Security Zone Integration
This topic describes the Database service's support of security zones. Security zones are compartments in your tenancy created with a set of security policies called a security recipe. This topic concentrates on the Oracle-managed Maximum Security Recipe, which provides the highest level of protection for your Database resources. The policies of a particular security recipe are applied to any resource that is provisioned or moved into a security zone compartment that uses the recipe. Thus, the only way to apply security zone policies is to control the compartment assignments of your Oracle Cloud Infrastructure resources.
For a complete overview of security zones, see the Security Zone section of the Oracle Cloud Infrastructure user guide.
Restrictions on Database Service Resources Located in Maximum Security Recipe Compartments
The Maximum Security Recipe includes all available security zone policies. For example, restrictions placed on a databases in a Maximum Security Recipe compartments include:
- The database cannot allow public network access
- The database must have automatic backups enabled
- The database cannot have Data Guard associations that aren't located in security zone compartments
Supported Database Service Resources
The following Database service resources can be provisioned and managed in security zones that use the Maximum Security Recipe:
- Autonomous Database: Databases using dedicated Exadata infrastructure and using shared Exadata infrastructure with private endpoint access
- Bare metal and virtual machine DB systems
- Exadata Cloud DB systems
Always Free Autonomous Databases, Autonomous Database configured with public endpoints, and the Exadata Cloud@Customer service are not compatible with Maximum Security Recipe compartments.