1. Security Guide
  2. Security Features for Oracle Private Cloud Appliance
  3. Security Feature Overview

Security Feature Overview

Oracle Private Cloud Appliance is an engineered system that combines customer-premises-based hardware and preloaded software that allows you to build cloud services and applications inside your own data center. You can consume the core Oracle Cloud Infrastructure services from the safety of your own on-premises network, behind your own firewall.

As a rack-scale system, Oracle Private Cloud Appliance can be considered the smallest deployable unit of Oracle Cloud Infrastructure, aligned with the physical hierarchy of the public cloud design.

The self-contained aspect of the system makes some security features simpler to implement, while the cloud communication aspects require strict attention to other security features, such as virtual networking security.

From the security perspective, the Oracle Private Cloud Appliance system consists of three distinct layers, or enclaves. These layers are:

  • Infrastructure-The infrastructure services provide a foundation for building PaaS and SaaS solutions; the deployed workloads can be migrated between the public and the private cloud infrastructure with minimal or no modification required. For this purpose, Oracle Private Cloud Appliance is fully compatible with Oracle Cloud Infrastructure.

  • Service Enclave-The appliance infrastructure is controlled from the Service Enclave. It runs on a cluster of three management nodes and its functions includes hardware and capacity management, service delivery, monitoring, and tools for service and support. This is also where various tenancies are set up. A tenancy is a logical partition of a Compute Enclave controlled by the Service Enclave.

  • Compute Enclave-The Compute Enclave offers compatibility with Oracle Cloud Infrastructure. This is where workloads are created, configured and hosted. The principal building blocks are compute instances (based on various operating system images) and associated virtual cloud network and storage resources.

Each enclave or layer provides its own set of interfaces: a web UI, a CLI and an API. With the exception of certain administration accounts, all permissions are isolated within a particular enclave or tenancy.

The layers also have their own security concerns.