Introduction to OCI Networking
Successful OCI implementations have a well-considered network design at their foundation.
A successful design will take into account various considerations, including;
- how the organization is structured
- how the organization manages its resources
- who should have access to administer OCI resources
- what access should be granted to external connectivity, such as the internet
- how to protect against unauthorized access and activity
- how to deliver the best possible performance
- how the organization is likely to develop and grow over time
The principal aim is for the OCI network to mirror the existing organizational and network structure on-premises. However, cloud offers several unique capabilities that may mean it is beneficial to re-consider how those capabilities can be leveraged to offer even greater benefits.
For instance, the flexibility of the cloud enables organizations to potentially federate responsibility at a much more granular level than is typical for on-premises deployments. This means that smaller, discrete teams may take greater responsibility for delivering business capabilities at an organizational, geographical or functional level. This can lead to greater agility and autonomy within the organization, and the design of the OCI network is fundamental in making that vision a reality.
To create such a design requires knowledge of the tools and approaches available within OCI.
This section of the Cloud Foundation provides information to help optimize each OCI network design for your organization.
Capabilities
It is essential to understand the tools, techniques, and services that are the principal building blocks of the OCI network. The pages on Core Capabilities, Edge Capabilities, Extended Capabilities and Hybrid Capabilities act as an overview of the principle components used in creating the network. They are not intended as detailed guides, as this information can be found elsewhere within the Oracle documentation. Links are provided so that deeper knowledge and understanding can be gained about each component.
Network Topology
There are several different network topologies to consider when migrating multiple workloads to OCI. These include; Point to Point, Daisy Chain, Bus, Ring, Mesh and others. Customer experience has shown that the most flexible topology deployed within OCI is a hub and spoke design. The Network Topology pages will explain why that is, the benefits, and how to achieve it.
Hub & Spoke Example
In this topic we build on the Network Topology and discuss an example Hub & Spoke architecture for deployment to OCI.
Segregation & Segmentation
A critical aspect of the network design is to ensure that only those resources that need to communicate can actually do so. This could mean that only certain parts of an organization should communicate with each other. It also often means that some components that store sensitive, mission-critical information, such as databases, can only be accessed by specific methods and routes. The Segregation & Segmentation topic will help you understand how this can be achieved successfully in OCI.
Securing the Network
This section focuses on the mechanisms, tools and guidance to ensure that only permitted traffic is allowed in and out of your VCN’s and subnets within the OCI network.
Connecting to Autonomous Databases
Connecting to an Autonomous Database from inside or outside your OCI tenancy is straightforward. However, there are some decisions to be made along the way. This topic provides guidance to help make the best choices for your deployments.