1. Security Guide
  2. Secure Installation and Configuration for Oracle Private Cloud Appliance
  3. Installation Overview

Installation Overview

As an engineered system, installation of Oracle Private Cloud Appliance is not usually performed by the customer. Nevertheless, security concerns are the responsibility of everyone who uses the system. Security issues must be addressed before the system is installed because security cannot be added on to a system later.

Pre-Installation Security Details

Before Oracle Private Cloud Appliance installation, create a document to outline the services provided. Have it reviewed and updated to address any shortcomings.

  • For each application or service, have those responsible for security review the information.

  • Provide all URLs and links needed so that reviewers can easily find the source material employed to create the pre-installation plan.

  • Repeat the process until all reviewers are satisfied that all initial security goals have been satisfied.

Make a list of all the roles needed to deploy the Oracle Private Cloud Appliance in a secure environment. Identify the personnel needed to fill these roles.

Note:

Make sure that the roles and users identified do not overlap and that capabilities are appropriately isolated.

  • Identify the various administrators for all layers of the Oracle Private Cloud Appliance: infrastructure, Service Enclave, andCompute Enclave.

  • Identify the users of services at all relevant layers of the Oracle Private Cloud Appliance. List privileges needed and restrictions necessary.

Produce a draft implementation plan with the virtual machines and network connections needed for the Oracle Private Cloud Appliance. Have this reviewed and modified until it is as complete as feasible before installation.

  • Describe the role of each virtual machine as clearly as possible.

  • If there are departures from the typical front-end, back-end, and load balancer arrangement, describe it in full.

  • Describe the circumstances for starting virtual machines, both for initial use and for handling increased loads.

Describe the network connections needed, if any, between the virtual machines at each layer of the Oracle Private Cloud Appliance architecture.

  • List the secure network protocols to be used to operate and maintain the system.

  • Provide initial policy rules for virtual machines communications, at least at a prose level.

  • Determine which network connections can be switched: that is, can be handled by a simple VLAN and single IP address space.

  • Determine which network connections must be routed: that is, must be handled by more than one VLAN and multiple of subnetted IP address spaces.

System Site Preparation

For pre-installation site preparation, see the Oracle Private Cloud Appliance Installation Guide.