1. Platform Preparation and Installation Guide
  2. Public Cloud Platforms
  3. Deploying the SBC on Cloud Infrastructures in HA Mode
  4. Cloud-Specific HA Deployment Considerations
  5. HA over OCI Overview

HA over OCI Overview

OCI uses Instance Principal Authorization to allow the instances to access services. The following steps summarize the process flow for setting up and using instances as principals. Upon completing these steps, the SBC instance can then obtain a temporary certificate to authenticate itself while invoking the API.

  1. Create a Dynamic Group. In the dynamic group definition, you provide the matching rules to specify the instances you want to allow to make API calls for services.
  2. Create a policy granting permissions to the dynamic group to access services.

As you deploy, follow these guidelines:

  • Create both SBC instances in the same Availability Domain
  • Oracle recommends that you create SBC instances in separate Fault Domains.

As you configure, follow these guidelines:

  • Do not configure and use more that 4 secondary private IP addresses per HA deployment. More than 4 IPs causes HA failover to take too long.
  • On the primary SBC instance, configure Secondary Private IPs (to be used as SBC virtual IPs) through the OCI console. Do not use the SBC ACLI to configure a sec-utility-addr.
  • When required, map your Secondary Private IPs to Reserved Public IPs.