Oracle Cloud Infrastructure Documentation

Plan Your Environment

This topic lists things to think about before you create an instance.

Plan your environment, including the compartment hierarchy for organizing your resources and the definitions of the user groups that will need access to the resources. See Learn Best Practices for Setting Up Your Tenancy.

Consideration Description
Do you need additional identity domains?

Every tenancy comes with a default identity domain. An identity domain is a container for users, groups, and other access-related information. You can work exclusively in the default identity domain or create additional identity domains in IAM, as needed, to hold different user populations.

You typically create additional identity domains for compliance reasons, when you want to maintain isolation among users, policies, and roles. For example, you might create multiple identity domains to maintain the following types of isolation:
  • Between geographies, such as one domain for users in India and another domain for users in the United States.
  • Between services, such as one domain for Oracle Integration and another domain for another service.
  • Between instances of a service, such as one domain for each Oracle Integration instance.

For more information about IAM identity domains, see Managing Identity Domains in the Oracle Cloud Infrastructure documentation.

Manage multiple instances from a single domain

When you create an Oracle Integration instance, it's associated with an identity domain. By default, it's associated with the domain you're signed into during creation, and you must sign into that domain to manage the instance. If you have multiple instances associated with different identity domains, you have to sign into each domain separately to manage the instances. To simplify management, choose one domain from which to create and manage your instances. Then, during instance creation, associate each instance with a secondary domain that will be used for user population purposes.

Create separate compartments for each identity domain

The default identity domain is in your tenancy's root (default) compartment. Although you can create additional domains in that compartment or in another compartment, you might want to create each identity domain in a separate compartment. For example:
  • In the root (default) compartment, use the default domain for administrators only.
  • In another compartment (for example, named Dev), create a domain for users and groups in a development environment.
  • In another compartment (for example, named Prod), create a domain for users and groups in a production environment.

For more about compartments, see the next row.
Do you need additional compartments?

When your tenancy is provisioned, a root compartment is created for you. Your root compartment holds all of your cloud resources. Under that root compartment, you create additional compartments to organize and isolate your resources to make it easier to manage and secure access to them.

You secure resources with policies, and the policies specify the compartment, so you'll want to consider security requirements when you develop your compartment hierarchy. For example, as mentioned in the previous row, you might want to create a compartment for each identity domain.

See Understanding Compartments and Sample Approaches to Setting Up Compartments in the Oracle Cloud Infrastructure documentation.

You might also want to set quotas on the number of instances that can be created in a compartment. See Set Instance Quotas on Compartments.

What groups do you need to set up?

Your tenancy comes with a group called Administrators, and the default administrator automatically belongs in this group. You can't delete this group, and there must always be at least one user in it.

Create groups in IAM to make it easier to assign and manage access to Oracle Integration. You can assign roles and policies to an entire group rather than to each individual user. This means that you need to create groups for controlling Oracle Cloud Console access to Oracle Integration and access to Oracle Integration itself. See What Do Users Need to Access?

Here are some ideas for categories of groups you might want to create:
  • Organization roles
  • Departments
  • Security levels
What identity system will you use to manage users?
  • If you are using Oracle Cloud Infrastructure Identity and Access Management (IAM) as your identity system, see Managing Users in the Oracle Cloud Infrastructure documentation.
  • If you are federating with other identity providers, see Federating with Identity Providers in the Oracle Cloud Infrastructure documentation.
How will you implement Oracle Integration and what features do you need?

There are several factors that affect the way that Oracle Integration works and what features are available:

You might also want to enable additional features:
  • Announcements—System announcements provide timely and important information to Oracle Integration users.
  • Compartment quotas—Set quotas on the number of Oracle Integration 3 instances that can be created in a compartment.
  • Data backup—Export your Oracle Integration instance data and store it for backup purposes.
  • Decisions—Use a decision to turn unstructured policy content into rule-based decisions.
  • Disaster recovery—See next row.
  • Extended data retention—If you have an Enterprise edition instance, you can retain data longer than the default of 32 days.
  • File Server—Access a built-in SFTP file server that acts as an inbox and outbox for the files you process.
  • Human in the loop—Use human in the loop to engage a person for oversight, approval, or exception handling.
  • Instance event notifications—Get notified for events, such as when instances are created, updated, or deleted, and compartments changed.
  • Process Automation—Rapidly design, automate, and manage business processes.
  • Visual Builder—Create web applications without any coding.
How will you handle disaster recovery? Establishing a disaster recovery solution ensures business continuity in the event of unexpected disruptions such as natural or human disasters. There are several approaches to implementing disaster recovery:
  • Customer-managed disaster recovery
  • Oracle-managed disaster recovery
  • Full stack disaster recovery

For information on disaster recovery options, see Enable Disaster Recovery.

How many message packs do you need?

By correctly sizing your instance based on peak loads, you ensure smooth, scalable, and resilient day-to-day operations for both your real-time transactions and your scheduled batch processing.

See Estimate Message Pack Usage for a Metered Tenancy.

What networks need access to your Oracle Integration instance and File Server?

You can limit inbound access to Oracle Integration and File Server with an allowlist.

See Restrict Access to an Instance Using an Allowlist.

Do you need a custom endpoint for your Oracle Integration instance?

If you need to access your Oracle Integration instance with your own hostname (for example, mycustom.example.org), instead of the original instance URL generated in the Oracle Cloud Console, set up a custom endpoint.

See Configure a Custom Endpoint for an Instance.

Do you want to manage Oracle Integration endpoints using API Gateway?

The API Gateway service enables you to publish APIs (such as integrations) with private endpoints that are accessible from within your network, and which you can expose with public IP addresses if you want them to accept internet traffic. The endpoints support API validation, request and response transformation, CORS, authentication and authorization, and request limiting.

Using a single API gateway as a front end for your Oracle Integration instance enables you to present a single cohesive API to API consumers and API clients, even though it actually consists of multiple integrations. You can use a single API gateway to link multiple back-end services (such as load balancers, compute instances, and OCI Functions) into a single consolidated API endpoint.

See Manage Integration Endpoints Using API Gateway.

Do you need to connect to private resources that are in your virtual cloud network (VCN)?

Outbound traffic, also called egress traffic, originates in your Oracle Integration instance and goes to your organization's network or a private cloud. All outbound traffic is routed through an adapter. When you use a private endpoint, the outbound traffic is routed on a private channel that is set up within Oracle Cloud Infrastructure. The traffic never goes through the public internet.

See Configure a Private Endpoint for Your Instance.

Does Oracle Integration need to connect with external services or endpoints that need a certificate?

If you make an SSL connection in which the root certificate does not exist in Oracle Integration, an exception error is thrown. In that case, you must upload the appropriate certificate. A certificate enables Oracle Integration to connect with external services. If the external endpoint requires a specific certificate, request the certificate and then upload it into Oracle Integration.

See Upload a Certificate to Connect with External Services.