3 Preparing the OCI Compute Classic Environment

Oracle Cloud Infrastructure Storage Software Appliance– Cloud Distribution provides Oracle Cloud Infrastructure Compute Classic instances shared access to file-based storage in the cloud over NFSv4. Before setting up the appliance, complete the following preparatory tasks in Oracle Cloud Infrastructure Compute Classic.

  1. Generate the necessary SSH key pairs.
    To access the Oracle Cloud Infrastructure Compute Classic instance (on which Oracle Cloud Infrastructure Storage Software Appliance is deployed) securely using SSH, you must generate SSH key pairs and upload the public keys to Oracle Cloud Infrastructure Compute Classic.
    See Generating an SSH Key Pair in Using Oracle Cloud Infrastructure Compute Classic and the following example:
    Screenshot showing the ssh-keygen command and its output
  2. Add the public keys to Oracle Cloud Infrastructure Compute Classic.
    See Adding an SSH Public Key in Using Oracle Cloud Infrastructure Compute Classic and the following example:
    Screenshot of the Add SSH Public Key dialog box
  3. Identify (or create) a security list in Oracle Cloud Infrastructure Compute Classic for the appliance instance.
    A security list is a firewall for one or more Oracle Cloud Infrastructure Compute Classic instances. Once set up, you can open specific ports to instances in the security list by using security rules. You must identify (or create) a security list for the Oracle Cloud Infrastructure Compute Classic instance that will host Oracle Cloud Infrastructure Storage Software Appliance.

    Tip:

    Your Oracle Cloud Infrastructure Compute Classic site has a predefined security list named /Compute-identity_domain/default/default. There may also be other security lists created by you or other users in the account. You can add the appliance instance to any of these security lists. But for better security and to ensure that you don’t inadvertently interfere with the security settings of other users, create and use a new security list.
    See Creating a Security List in Using Oracle Cloud Infrastructure Compute Classic and the following example:
    Screenshot of the Create Security List dialog box
  4. To enable NFS access to the appliance instance, create a security application in Oracle Cloud Infrastructure Compute Classic with protocol=TCP and port=2049.
    See Creating a Security Application in Using Oracle Cloud Infrastructure Compute Classic and the following example:
    Screenshot of the Create Security Application dialog box
  5. Create the following security rules in Oracle Cloud Infrastructure Compute Classic to open the required ports on the appliance instance, as described in Creating a Security Rule in Using Oracle Cloud Infrastructure Compute Classic.
    • To permit HTTPS traffic to the management console of Oracle Cloud Infrastructure Storage Software Appliance, create a security rule with the following settings:
      • Security application: /oracle/public/https

      • Source: To permit access from any host external to your Oracle Cloud Infrastructure Compute Classic site, specify the predefined security IP list, /oracle/public/public-internet, as the source. To permit access for only selected hosts, create a security IP list containing those hosts and specify that security IP list as the source. See Creating a Security IP List in Using Oracle Cloud Infrastructure Compute Classic.

      • Destination: The security list that you identified (or created) in step 3.

      Example:


      Screenshot of the Create Security Rule dialog box, showing how to create a security rule to allow HTTPS traffic.
    • To permit NFS access from your client Oracle Cloud Infrastructure Compute Classic instances to the appliance instance, create a security rule with the following settings:
      • Security application: The security application that you created in step 4 for port 2049.

      • Source: The security list containing the client instances for which you want to provide shared storage.

      • Destination: The security list that you identified (or created) in step 3.

      Example:


      Screenshot of the Create Security Rule dialog box, showing how to create a security rule to allow NFS traffic.
    • To permit SSH connections to the appliance instance, create a security rule with the following settings:
      • Security application: The predefined security application, /oracle/public/ssh

      • Source: To permit access from any host external to your Oracle Cloud Infrastructure Compute Classic site, specify the predefined security IP list, /oracle/public/public-internet, as the source. To permit access for only selected hosts, create a security IP list containing those hosts and specify that security IP list as the source. See Creating a Security IP List in Using Oracle Cloud Infrastructure Compute Classic.

      • Destination: The security list that you identified (or created) in step 3.

      Example:


      Screenshot of the Create Security Rule dialog box, showing how to create a security rule to allow SSH traffic.