1. Enterprise Deployment Guide for Oracle Identity and Access Management in a Kubernetes Cluster
  2. Preparing for an Enterprise Deployment
  3. Procuring Resources for an Oracle Cloud Infrastructure Deployment

7 Procuring Resources for an Oracle Cloud Infrastructure Deployment

Before you deploy Oracle Identity and Access Management on Oracle Cloud Infrastructure (OCI), you need to ensure that you have sufficient OCI resources at your disposal.

For information about the resources, see Preparing the Oracle Cloud Infrastructure for an Enterprise Deployment.

This chapter includes the following topics:

  • Procuring Resources for OCI
    It is important to understand the resource requirements for an Oracle Cloud Infrastructure deployment. These resources include load balancer, compute instances, network, gateways, OKE, and databases.
  • Sizing
    The sizing guidelines provide the performance recommendations and sizing requirements for Oracle Identity and Access Management, Release 12.2.1.4.0.

Parent topic: Preparing for an Enterprise Deployment

Procuring Resources for OCI

It is important to understand the resource requirements for an Oracle Cloud Infrastructure deployment. These resources include load balancer, compute instances, network, gateways, OKE, and databases.

For an illustration of the OCI layout depicting the use of these resources, see Figure 10-1.

  • Load Balancer Requirements
    You will require two load balancers. One for internal traffic and the other for external traffic. The Shape of the load balancer should be sufficient for your expected traffic volume.
  • Compute Instances
    You will require a minimum of three compute instances. A bastion node and two Web Tiers.
  • Network
    You will require one Virtual Cloud Network (VCN). This network is sub-divided into several subnets to increase security. Each subnet has security lists and route tables.
  • Gateway
    You require one public gateway and one service gateway.
  • Container Engine for Kubernetes (OKE)
    OKE comprises a Kubernetes control plane which is managed by Oracle and many Kubernetes worker nodes that are used to host the Kubernetes pods.
  • Database
    The number of databases you require depends on the disaster recovery strategy you plan to use. If you have a traditional Active/Passive solution, then you can use a single container database (CDB) with two pluggable databases (PDB).

Parent topic: Procuring Resources for an Oracle Cloud Infrastructure Deployment

Load Balancer Requirements

You will require two load balancers. One for internal traffic and the other for external traffic. The Shape of the load balancer should be sufficient for your expected traffic volume.

Parent topic: Procuring Resources for OCI

Compute Instances

You will require a minimum of three compute instances. A bastion node and two Web Tiers.

  • Bastion Node: The bastion node is used to set up the environment and to provide you access to the internal resources in the Kubernetes cluster; you cannot access them directly. The bastion node may be the smallest shape available as it does not perform any day-to-day work. The bastion node can also be used as the administrative node for Oracle Identity Role Intelligence.
  • Web Tier Nodes: You will require a minimum of two web tier compute instances. These instances require sufficient resources to handle the expected traffic flow. You can size them the same way as their on-premise equivalents.

Parent topic: Procuring Resources for OCI

Network

You will require one Virtual Cloud Network (VCN). This network is sub-divided into several subnets to increase security. Each subnet has security lists and route tables.

Oracle virtual cloud networks (VCNs) provide customizable and private cloud networks in Oracle Cloud Infrastructure (OCI). Just like a traditional data center network, the VCN provides you complete control over your cloud networking environment. You can assign private IP address spaces, create subnets and route tables, and configure stateful firewalls.

Parent topic: Procuring Resources for OCI

Gateway

You require one public gateway and one service gateway.

Public Gateway: A public gateway is an optional virtual router you can add to your VCN to enable direct connectivity to the internet. The gateway supports connections initiated from within the VCN (Egress) and connections initiated from the internet (Ingress).

Service Gateway: A service gateway enables cloud resources without public IP addresses to privately access Oracle services.

Parent topic: Procuring Resources for OCI

Container Engine for Kubernetes (OKE)

OKE comprises a Kubernetes control plane which is managed by Oracle and many Kubernetes worker nodes that are used to host the Kubernetes pods.

Each deployment creates a number of pods. You will require sufficient worker nodes of a large enough shape to host your deployment.

OKE Cluster

You require only one OKE cluster for an enterprise deployment.

OKE Worker Nodes

You require sufficient OKE nodes to host the Identity and Access Management deployment. The shape of these nodes depend on the capacity requirements and the number of worker nodes you want to use. As a reference, you can expect to run the following Kubernetes pods in a complete enterprise deployment:

Table 7-1 Required Kubernetes Pods in an Enterprise Deployment

Pod Quantity

OUD Server

2

WebLogic Operator

1

OAM Helper

1

OAM Admin Server

1

OAM Servers

2

OAM Policy Servers

2

OIG Helper

1

OIG Admin Server

1

OIG Servers

2

OIRI Servers

2

OIRI UI Servers

2

Spark Servers

2

OAA Cache

6

OAA Servers

2

OAA Administration Servers

2

OAA Policy Servers

2

OAA SPUI Servers

2

OAA Authentication Factors

2 per factor

OAA RISK Analysis

2

OAA Risk Console

2

Note:

This table shows the recommended minimum values for Oracle components that are deployed in the topology.

Parent topic: Procuring Resources for OCI

Database

The number of databases you require depends on the disaster recovery strategy you plan to use. If you have a traditional Active/Passive solution, then you can use a single container database (CDB) with two pluggable databases (PDB).

If you are using OIRI, you will need a separate database to hold the analytical information. This should be a separate database because the processing workload is different to the core Identity Management components.

If the disaster recovery strategy is to use Oracle Access Manager Active/Active and Oracle Identity Governance Active/Passive, then you will require two separate databases.

The databases you create should be highly available real application cluster databases. For more information about the database requirements, see Preparing an Existing Database for an Enterprise Deployment.

Parent topic: Procuring Resources for OCI

Sizing

The sizing guidelines provide the performance recommendations and sizing requirements for Oracle Identity and Access Management, Release 12.2.1.4.0.

For sizing guidelines, see Deep Dive into Oracle Access Management 12.2.1.4.0 Performance.

Parent topic: Procuring Resources for an Oracle Cloud Infrastructure Deployment