Planning an Environment
This topic describes the features of environments that you should consider before you create an environment. You create environments in an environment family.
Environments in an environment family share certain characteristics. Before you plan your environment, see Planning an Environment Family.
About Environment Types
In the environment family, you can create both production and non-production environments (test and development). Each Fusion Applications subscription allows one production environment and one test environment. In addition, you can order non-production development environments.
The production environment supports your day-to-day real-time business operations by authorized users. An environment family is allotted one production environment to provision.
- Test environment
The test environment is typically used for staging before application deployment to production and for validation of maintenance updates before the same maintenance is applied to the production environment. An environment family is allotted one test environment to provision.
- Development (also referred to as Additional Test Environment or ATE)
Development environments are typically used as individual or collaborative development sandboxes for developing extensions (such as reporting, pages, and interfaces) or integrations with other applications. You must order the number of development environments needed by your organization.
The following table summarizes characteristics of the three environment types:
|Typical usage||Production workloads for business users||
|Typical user||Business user||Development user||Development user|
|Purchase requirement||Included with the Fusion Applications purchase||1 (and only 1) test environment is included with every Fusion Applications production environment||
|Limit||One per environment family||One per environment family||Limit based on the number purchased|
|Provisioning behavior and dependencies||
|Default maintenance cadence||Production cadence
See Types of Maintenance and Schedules for definitions of the production and non-production cadences.
|Non-production cadence||Non-production cadence|
|Concurrent upgrade behavior||1st or 3rd weekend based on custom selection||1st or 3rd weekend based on custom selection||1st or 3rd weekend based on custom selection|
|Environment refresh||Self-service refresh not supported||Self-service refresh supported from any source environment within the environment family (see Refreshing an Environment)||Self-service refresh supported from any source environment within the environment family (see Refreshing an Environment)|
|Integrated services||Provisioned||Some services provisioned||Some services provisioned|
|Termination||Self-service termination not allowed after the environment is live. To terminate, file a service request.||Self-service termination not allowed after production is live. To terminate, file a service request.||Self-service termination allowed|
Choosing a Compartment
A compartment is a logical grouping of resources for controlling access to those resources. Placing resources in compartments allows you to restrict access to as granular a level as you require.
For example, if your tenancy has multiple environments, you can restrict access to each family to different groups of users by placing them in different compartments. You then write policy to allow access based on the group and compartment. If you don't specifically choose a compartment (or if your organization has not set up multiple compartments) the environment family will be created directly in the tenancy (also called the root compartment). If your organization chooses to set up compartments later, you can move the environment family to a different compartment.
Also, if you plan to have different administrators for your environment families and your environments, you can place each of them in different compartments to create different access policies for each. For more information about planning compartments, see Learn Best Practices for Setting Up Your Tenancy.
You have two options for when you create the compartment:
- Create the compartment before you create the environment.
If you create the compartment first, then you can create the Fusion Applications environment in the compartment. The benefit of this approach is that the supporting resources that are created with the environment, such as the Oracle Digital Assistant instance, are also created in the compartment.
To create the environment in the compartment, choose it during environment creation.
- Create the compartment after you create the environment.
If you have already created the environment, it is easy to move it to another compartment. See To move an environment to a different compartment. You will also need to move the instances of the integrated applications and other related resources to the same compartment.
Here is the basic procedure for creating a compartment. For full details on working with compartments, see Managing Compartments.
- Open the navigation menu and click Identity & Security. Under Identity, click Compartments. The list of the compartments is displayed.
Navigate to the compartment in which you want to create the new compartment:
- To create the compartment in the tenancy (root compartment) click Create Compartment.
- Otherwise, click through the hierarchy of compartments until you reach the detail page of the compartment in which you want to create the compartment. On the Compartment Details page, click Create Compartment.
- Enter the following:
- Name: A unique name for the compartment (maximum 100 characters, including letters, numbers, periods, hyphens, and underscores). The name must be unique across all the compartments in your tenancy. Avoid entering confidential information.
- Description: A friendly description. You can change this later if you want to.
- Parent Compartment: The compartment you are in is displayed. To choose another compartment to create this compartment in, select it from the list.
- Tags: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
- Click Create Compartment.
Understanding Language Packs
When you create an environment, English is installed by default. If you want to add more languages, you can select up to two languages when you provision the environment, or you can add them later. Adding a language pack does not impact the availability of the environment. Each language pack installed in an environment can slightly increase update duration. After you add a language pack, it can't be removed.
Understanding Environment Network Access Control Rules
You can set up network access control rules to limit the network traffic that is allowed to reach an environment. The rules can be created to:
- Allow only traffic from specified CIDR block ranges.
- Allow only traffic from specified Oracle Cloud Infrastructure virtual cloud networks (VCNs).
- Allow only traffic from specified CIDR block ranges within specified OCI VCNs.
After you set up the rules, traffic originating outside a specified allowed source is blocked. If you don't set up any rules for the environment, then all network traffic is allowed to reach the environment. The network access control rules only support defining allowed traffic. You can't set up a block list. You can set up the network access control list when you create the environment, or you can edit it after environment creation.
You can also set up location-based access in your Fusion Applications. For more information, see Location-Based Access.
Securing Network Access to a Fusion Applications Environment
Users can access Fusion Applications from the internet as long as they have valid user credentials. To further control access to your environment, Fusion Application supports the following options. These use cases are not mutually exclusive and can be supported with each other:
- Access Control List (ACL): Allow access to your environment only from selected public IPs (CIDRs) or virtual cloud networks (VCNs) using an Access Control List (ACL). You can set up the network access control rules at the time you create the environment or you can edit them later.
- Access privately from on-premises networks: Allow access to your environment from your on-premises network without going through the internet. This option requires setting up a secure VPN connection between your on-premises network and a VCN in your tenancy. For more information, see Securely Accessing Fusion Applications.
- Location Based Access Control (LBAC): Allow uses access to tasks and data based on their roles and compute IP addressed. This option is configured on your running application. For details, see Overview of Location-Based Access.