1. Installation Guide
  2. Public Cloud Platforms
  3. Create and Deploy ISR on OCI
  4. Prerequisites to Deploying an OCI Instance

Prerequisites to Deploying an OCI Instance

The Oracle Cloud Infrastructure (OCI) deployment infrastructure provides a flexible management system that allows you to create objects required during the instance deployment procedure prior to or during that deployment. When created prior to deployment, these objects become selectable, typically from drop-down lists in the appropriate deployment dialogs. You may use these objects for a single deployment or for multiple deployments.

Deployment prerequisites tasks:
  • Identify and deploy to the correct OCI Region. This is typically a default component of your OCI Account.
  • Identify and deploy to the correct OCI Availability Domain
  • Identify and deploy to the correct OCI Fault Domain
  • Create an Oracle Virtual Cloud Network (VCN). Required VCN configuration includes:
    • Security list—These access control lists provide traffic control at the packet level.
    • Subnet configuration—The ISR has 4 types of interfaces: Admin, Local, VoIP, and Data. To maintain traffic separation, each of the vNICs should be connected to a separate subnet within the VCN.
    • Internet Gateway—Create a default internet gateway for the compartment and give it an appropriate name.
    • Route table (Use Default)—Create a route table to route appropriate Subnet(s) through the Internet Gateway.
  • Security Groups—Security lists specify the type of traffic allowed on a particular type of subnet. Rules set on security lists can be either stateful or stateless. Stateful rules employ connection tracking and have the benefit of not requiring exit rules. However, there is a limit to the number of connections allowed over stateful connections and there is a performance hit. Oracle, therefore, recommends stateless lists for media interfaces.
    The security list for management ports can be stateful. Ports you should consider opening for management interfaces include:
    • SSH—TCP port 22
    • NTP—UDP port 123
    The security list for media ports should be stateless. Ports you should consider opening for VoIP/media interfaces include:
    • SIP—UDP or TCP port 5060
    • SIP TLS—TCP port 5061

    You can add rules to allow inter-component traffic for VoIP, data, admin interfaces. For more information about specific ports to be allowed, see the ISR Security Guide.

  • Create Networks and Subnet—OCI interface types include those hidden from the internet and those that are not. Oracle recommends creating regional subnets, which means the subnet can span across availability domains within the region. Refer to OCI's Regional Subnets documentation for further information about using these objects.