Deploy
The Terraform stacks for this solution are available to deploy from Oracle Cloud Marketplace.
Deploy IAM Stack from Marketplace
The IAM stack is deployed.
Configure Identities Manually
A Tenancy Administrator must first create accounts for each user and add the IAM Administrators to their groups. IAM administrator can then add the rest of the users to their respective groups.
IAM Groups created by IAM Tenancy Stack IAM-Administrators |
Groups in IDCS standalone idcs-IAM-Administrators |
---|---|
<lz-prefix>-Network-Administrators |
idcs-<lz-prefix>-Network-Administrators |
<lz-prefix>-Network-Users |
idcs-<lz-prefix>-Network-Users |
<lz-prefix>-Security-Administrators |
idcs-<lz-prefix>-Security-Administrators |
<lz-prefix>-Security-Users |
idcs-<lz-prefix>-Security-Users |
<lz-prefix>-ebs-cm-Administrators |
idcs-<lz-prefix>-ebs-cm-Administrators |
One Administrator per each EBS category defined in the Tenancy IAM stack with this nomenclature: <lz-prefix>-ebs-<category name>-Administrators |
One Administrator per each EBS category defined in Tenancy IAM stack with this nomenclature: idcs-<lz-prefix>-ebs-<category name>-Administrators |
- In the OCI Console, open the navigation menu.
- On the Identity and Security tab, click Identity.
- If you're using Identity Domains, click Domains, select the root compartment from the drop-down list, and click the default domain. For IDCS tenancies, navigate to Identity and follow these steps:
- Click Users.
- Click Create Users. For IDCS tenancies, click IAM User.
- Enter the values for Name and Username/Email.
- In Identity Domains, optionally, assign users to groups during user creation.
- Map users to groups:
- With Identity Domains, navigate to Identity, then Domains.
- Select the root compartment, then the default domain, and then Groups.
- Without Identity Domains, navigate to Identity, and then select Groups.
- Click the group name to take you to the specific page, click Assign users to the following groups.
- Select the desired users, and click Add.
- Alternatively, navigate to Users, and click on a specific username.
- Click Assign users to groups, select the desired groups, and click Assign User.
- IAM Administrators
IAM-Administrators Credential-Administrators <lz-prefix>-Network-Users <lz-prefix>-Security-Users
- You must create users that will register the EBS Cloud Manager Web Application with the Identity Provider to provide authentication services. Follow these steps to define the users that will have the Application Administrator role:
- In IDCS, navigate to Identity, Federation, and then OracleIdentityCloudService.
- Click the Oracle Identity Cloud Service Console link.
- In the hamburger menu, click Security, then Administrators.
- Expand role for IDCS Application Administrator and click Add Users.
- Add any users you want to give the ability to create confidential applications for EBS Cloud Manager and environment categories.
- In Identity Domains, navigate to Identity, and then Domains and select the root compartment.
- Select the default domain, Security, and then Administrators.
- Expand Application Administrator and click Add Users.
Security Administrators
<lz-prefix>-Security-Administrators <lz-prefix>-Network-Users
Network Administrators
<lz-prefix>-Network-Administrators <lz-prefix>-Security-Users
EBS CM Administrators and EBS Application Administrators (per EBS category)
<lz-prefix>-<ebs-workload-prefix>-<ebs-workload-environment-category> <lz-prefix>-Network-Users <lz-prefix>-Security-Users
- Add any users you want the ability to create confidential applications for EBS Cloud Manager and environment categories.
Deploy Network Stack from Marketplace
<lz-prefix>-Network-Administrators
<lz-prefix>-Security-Users
For each environment category, follow these steps to deploy its own Network stack:
The Network Stack should be deployed in your environment.
Deploy EBS Cloud Manager Stack Manually
Deploy the EBS Cloud Manager Stack with manual as well as Oracle Cloud Marketplace tasks.
The EBS Cloud Manager application has an Oracle Cloud Marketplace stack. However, you will have to complete several tasks manually.
Create DNS Entry and Certificate
You must work with your Network and Security teams to accomplish these tasks according to your corporate IT processes. DNS entries and certificates are recommended but optional.
A signed certificate is required for the EBS Cloud Manager and must use Server host for EBS Cloud Manager Login URL as the subject common or DNS name. The certificate should be issued by an intermediate or root Certificate Authority whose cert chain
your company and your browser trusts. If you don't provide a certificate, one will be generated for you.
You should also create a DNS entry for EBS Cloud Manager and associate the Server host for EBS Cloud Manager Login URL with the IP address of the EBS Cloud Manager Load Balancer created by the Cloud Manager stack. The IP address of the EBS Cloud Manager Load Balancer must be created or updated after that stack is created.
Create a Confidential Application
You can use the OCI Console to register Confidential Applications in your identity provider, either IDCS or Identity Domains, for EBS Cloud Manager or any EBS environments. An application administrator/IDCS administrator or tenancy administrator must perform these steps.
You must now create a Confidential Application for EBS Cloud Manager. See these instructions to manually create a Confidential Application with or without Identity Domains.
Deploy EBS Cloud Manager Stack from Marketplace
<lz-prefix>-<ebs-workload-prefix>-cm-Administrators
<lz-prefix>-<ebs-workload-prefix>-<ebs-workload-environment-category>-Administrators
<lz-prefix>-Network-Users
<lz-prefix>-Security-Users
Follow these steps to deploy the Cloud Manager stack:
Manage the EBS Cloud Manager Virtual Machine
Learn how to perform various administration tasks on the Cloud Manager virtual machine.
Before deploying any environment, ensure that you have updated Cloud Manager to the latest version and have both SSH
terminal and UI access to the application.
Access Cloud Manager Web Portal Through Bastion
If you created a bastion service in the Network Stack, you can access the Cloud Manager web portal through an SSH
tunnel to the load balancer.
In the OCI Console, navigate to your Bastion instance in the network compartment and then follow these steps:
Access Cloud Manager SSH Terminal Through Bastion
If you created a bastion service in the Network Stack, you can access the Cloud Manager VM through SSH
tunnels.
Update EBS Cloud Manager to the Latest Version
Before deploying any environments through the Cloud Manager, you must update EBS Cloud Manager to the latest version.