1. Deploy multicloud distributed AI workloads by using Oracle Interconnect for Google Cloud
  2. Review the Recommendations and Considerations for Implementing this Architecture

Review the Recommendations and Considerations for Implementing this Architecture

The recommendations and considerations outlined below will assist you in ensuring a successful deployment of multicloud distributed AI workloads by using Oracle Interconnect for Google Cloud.

Recommendations

Use the following recommendations as a starting point when deploying multicloud distributed AI workloads by using Oracle Interconnect for Google Cloud.Your requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

    Use regional subnets

  • Security

    Use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure proactively. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.

    For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, Oracle Cloud Infrastructure validates the operations against the policies in the security-zone recipe and denies operations that violate any of the policies.

  • Cloud Guard

    Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public. Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations. You can also use the Managed List feature to apply certain configurations to detectors.

  • Security zones

    Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public.

    Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations.

    You can also use the Managed List feature to apply certain configurations to detectors.

  • Network security groups (NSGs)

    You can use NSGs to define a set of ingress and egress rules that apply to specific VNICs. We recommend using NSGs rather than security lists, because NSGs enable you to separate the VCN's subnet architecture from the security requirements of your application.

    You can use NSGs to define a set of ingress and egress rules that apply to specific VNICs. We recommend using NSGs rather than security lists, because NSGs enable you to separate the VCN's subnet architecture from the security requirements of your application.

  • Load balancer bandwidth

    While creating the load balancer, you can either select a predefined shape that provides a fixed bandwidth or specify a custom (flexible) shape where you set a bandwidth range and let the service scale the bandwidth automatically based on traffic patterns. With either approach, you can change the shape at any time after creating the load balancer.

Considerations

Consider the following points when deploying this architecture.

  • Data Transfer

    Optimize data transfer between GKE running on Google Cloud and OCI AI Cluster for performance and cost-efficiency. Consider using data transfer services or storage solutions with efficient transfer capabilities. OCI and Google Cloud do not charge ingress and egress fees for Oracle Interconnect for Google Cloud.

  • Network Latency

    Use Oracle Interconnect for Google Cloud to minimize network latency between the two platforms to avoid performance bottlenecks. Oracle Interconnect for Google Cloud provides less than 2 ms latency.

  • Security

    Implement robust security measures to protect sensitive data during transfer and processing. Oracle Interconnect for Google Cloud provides a private and high bandwidth network connection.

  • Cost Optimization

    Analyze the cost effectiveness of using OCI AI Cluster and optimize resource utilization.

  • Monitoring and Logging

    Establish comprehensive monitoring and logging for both GKE and OCI AI Cluster to track performance and troubleshoot issues.