Infrastructure Security Features

The Infrastructure administrative services, which have no equivalent in Oracle Cloud Infrastructure, are either internal or restricted to administrators of the appliance. These services enable the cloud services and provide support for the Service Enclave Administration operations, such as system initialization, compute node provisioning, capacity expansion, tenancy management, upgrading, and so on,

This section describes the security features of the Infrastructure Services layer.

Infrastructure Network Security

The network security consideration should be discussed before connecting the Oracle Private Cloud Appliance to the network.

Considering intrusion prevention systems to monitoring the traffic into or out of the Oracle Private Cloud Appliance.
Considering network layer firewall to protect the information into or out of the Oracle Private Cloud Appliance.
Do not connect any unnecessary device to the Oracle Private Cloud Appliance.
Do not use the Oracle Private Cloud Appliance infrastructure for any non-Oracle Private Cloud Appliance supported usage.

Management Switch Outbound Connectivity

Make sure that you:

Keep the unused port disabled.
Connect the device to port 1 (or port 2) for running the day 0 configuration only.
Disconnect the device from port 1 (or port 2) after day 0 configuration.
Keep the management switch separated from the data center network. Don’t connect any external device to the management switch.
Enable DHCP snooping trust on Port 1 and Port 2.
Don’t modify the management switch configuration.
Change the switch password from the default to a strong password.
Use Grafana dashboard to monitor the switch traffic.

Data Switch Outbound Connectivity

Make sure that you:

Keep the unused port disabled.
Don’t modify the spine switch configuration. The spine switch is controlled by the Oracle Private Cloud Appliance switch manager service.
Understand the uplink port usage. Ports 7, 8, 9, and 10 are for Oracle Exadata connectivity only.
Change the switch password from the default to a strong password.
Use Grafana dashboard to monitor the switch traffic.

Data Security

It is important to protect data stored outside of the Oracle Private Cloud Appliance, on backups or removed hard drives.

Data located outside of the Oracle Private Cloud Appliance can be secured by backing up important data. The data should then be stored in an off-site, secure location. Retain the backups according to organizational policies and requirements.

When disposing of an old hard drive, physically destroy the drive or completely erase all the data on the drive. Deleting the files or reformatting the drive removes only the address tables on the drive. The information can still be recovered from a drive after deleting files or reformatting the drive. The Oracle Private Cloud Appliance disk retention support option allows the retention of all replaced hard drives and flash drives, instead of returning them to Oracle.

Security Patches and Firmware Upgrades

Effective and proactive software management is a critical part of system security.

Security enhancements are introduced through new releases and software updates. Oracle recommends installing the latest release of the software, and all necessary security updates on the equipment. The application of Oracle-recommended security updates is a best practice for the establishment of baseline security.

Operating system and kernel updates for the Oracle Private Cloud Appliance database servers and storage servers are delivered with the Oracle Private Cloud Appliance software updates. Power distribution unit (PDU) firmware updates are handled separately from the software and other firmware updates. Ensure that the PDU is running the latest approved firmware for the Oracle Private Cloud Appliance. As PDU firmware updates are not issued frequently, it is usually sufficient to check the PDU firmware release when upgrading the Oracle Private Cloud Appliance software..