4 Procuring Resources for an Oracle Cloud Infrastructure Deployment
Before you deploy Oracle Identity and Access Management on Oracle Cloud Infrastructure (OCI), you need to ensure that you have sufficient OCI resources at your disposal.
For information about the resources, see Preparing the Oracle Cloud Infrastructure for an Enterprise Deployment.
This chapter includes the following topics:
- Procuring Resources for OCI
It is important to understand the resource requirements for an Oracle Cloud Infrastructure deployment. These resources include load balancer, compute instances, network, gateways, and databases. - Sizing
The sizing guidelines provide the performance recommendations and sizing requirements for Oracle Identity and Access Management, Release 14.1.2.1.0.
Parent topic: Preparing for an Enterprise Deployment
Procuring Resources for OCI
It is important to understand the resource requirements for an Oracle Cloud Infrastructure deployment. These resources include load balancer, compute instances, network, gateways, and databases.
For an illustration of the OCI layout depicting the use of these resources, see preparing-oracle-cloud-infrastructure-enterprise-deployment.html#GUID-2707F13E-0A8B-44AF-9A2B-792C0BACDC46__FIG_AHX_WTD_XPB.
- Load Balancer Requirements
You will require two load balancers. One for internal traffic and the other for external traffic. The Shape of the load balancer should be sufficient for your expected traffic volume. - Network
You will require one Virtual Cloud Network (VCN). This network is sub-divided into several subnets to increase security. Each subnet has security lists and route tables. - Compute Instances
You will require a minimum of nine compute instances. - Gateway
You require one public gateway and one service gateway. - Database
The number of databases you require depends on the disaster recovery strategy you plan to use. If you have a traditional Active/Passive solution, then you can use a single container database (CDB) with two pluggable databases (PDB).
Load Balancer Requirements
You will require two load balancers. One for internal traffic and the other for external traffic. The Shape of the load balancer should be sufficient for your expected traffic volume.
Parent topic: Procuring Resources for OCI
Network
You will require one Virtual Cloud Network (VCN). This network is sub-divided into several subnets to increase security. Each subnet has security lists and route tables.
Oracle virtual cloud networks (VCNs) provide customizable and private cloud networks in Oracle Cloud Infrastructure (OCI). Just like a traditional data center network, the VCN provides you complete control over your cloud networking environment. You can assign private IP address spaces, create subnets and route tables, and configure stateful firewalls.
Parent topic: Procuring Resources for OCI
Compute Instances
You will require a minimum of nine compute instances.
- Bastion Node: The bastion node is used to set up the environment and to provide you access to the internal resources in the Kubernetes cluster; you cannot access them directly. The bastion node may be the smallest shape available as it does not perform any day-to-day work. The bastion node can also be used as the administrative node for Oracle Identity Role Intelligence.
- Web Tier Nodes: You will require a minimum of two web tier compute instances. These instances require sufficient resources to handle the expected traffic flow. You can size them the same way as their on-premise equivalents.
- Directory Nodes: You will require a minimum of two directory compute instances. These will reside in the Database Tier.
- Application Nodes: You will require a minimum of two compute instances for Oracle Access Manager and a minimum of two compute instances for Oracle Identity Governance. These will reside in the application tier.
Parent topic: Procuring Resources for OCI
Gateway
You require one public gateway and one service gateway.
Public Gateway: A public gateway is a virtual router you can add to your VCN to enable direct connectivity to the internet. The gateway supports connections initiated from within the VCN (Egress) and connections initiated from the internet (Ingress).
Service Gateway: A service gateway enables cloud resources without public IP addresses to privately access Oracle services.
Parent topic: Procuring Resources for OCI
Database
The number of databases you require depends on the disaster recovery strategy you plan to use. If you have a traditional Active/Passive solution, then you can use a single container database (CDB) with two pluggable databases (PDB).
If the disaster recovery strategy is to use Oracle Access Manager Active/Active and Oracle Identity Governance Active/Passive, then you will require two separate databases.
The databases you create should be highly available real application cluster databases. For more information about the database requirements, see Preparing the Database for an Enterprise Deployment.
Parent topic: Procuring Resources for OCI
Sizing
The sizing guidelines provide the performance recommendations and sizing requirements for Oracle Identity and Access Management, Release 14.1.2.1.0.
For sizing guidelines, see Deep Dive into Oracle Access Management 12.2.1.4.0 Performance.