Provision the Primary Infrastructure
About Provisioning the Primary Infrastructure
In this example configuration, the primary region for the PeopleSoft
deployment is Ashburn, seen within the Oracle Cloud
Infrastructure (OCI) Console as us-ashburn-1
with the abbreviation
IAD
. The complete PeopleSoft stack is deployed within a single availability
domain (AD), in our case AD-2, which contains the following:
- Oracle Exadata Database Service on Dedicated Infrastructure Quarter Rack
- Application mid-tier servers
- Oracle Cloud Infrastructure File Storage, which serves as a shared file system mounted by all application tier servers.
Provisioning all components within the same availability domain keeps network latency between components to a minimum.
This is a typical order of provisioning resources for the primary environment:
- Users and groups
- Compartments
- Policies
- Virtual Cloud Network (VCN)
- Within the VCN:
- Internet gateway
- NAT gateway
- Service gateway
- Route tables for each subnet
- Subnets for each zone or tier
- Security lists for each subnet
- Oracle Exadata Database Service on Dedicated Infrastructure
- Compute instances for application mid tiers
- OCI File Storage
- Load balancer
This solution playbook provides examples, but doesn't go into details for provisioning all of the resources. You don't need to provision all of the resources for every environment – for instance, a unit test environment might be much simpler. However, you must have groups and users, a compartment, the VCN, and at least one subnet.
Create Users, Groups, Compartments, and Policies
After you have designed the compartments that will hold the major components of your implementation, and what privileges different kinds of users should be granted to manage and secure those components, use the OCI Console to create your users, groups, compartments, and policies.
For example, we have two groups:
exa-admin-group
network-admin-group
Each of the groups can have the same or a different sets of users who manage specific
resources. The exa-admin-group
will manage Exadata and database
resources while the network-admin-group
will manage all networking
resources such as VCN, route tables, subnets, security lists, and so on.
exa-admin-group
, create a policy named
exa-compartment-policy
with the following policy statements:
- Allow group
ebs-exa-admin-group
to manageinstance-family
in compartmentpsft-exadb-d-compartment
- Allow group
exa-admin-group
to managedatabase-family
in compartmentpsft-exadb-d-compartment
- Allow group
exa-admin-group
to managevolume-family
in compartmentpsft-exadb-d-compartment
network-admin-group
, create a policy named
network-compartment-policy
with the following statements:
- Allow group
network-admin-group
to managevirtual-network-family
in compartmentpsft-network-compartment
- Allow group
psft-cloudadmin-group
to usevirtual-network-family
in compartmentpsft-network-compartment
- Allow group
exa-admin-group
to usevirtual-network-family
in compartmentpsft-network-compartment
- Create a group for each specific set of privileges that must be granted.
- Create a compartment for each resource to be provisioned and for the logical collection of resources to be managed the same way.
- Create policies detailing which actions members of each group can take against elements in each compartment.
- Define the users who are members of each group.
Provision OCI Network Components
Create the primary VCN, and then the other network components.
Create the Primary Network
Create a virtual cloud network (VCN) from the Oracle Cloud Infrastructure (OCI) Console and define the size of the network (the total number of IP addresses) based on the CIDR block that you specify for the VCN.
- Log into the OCI Console.
- Open the navigation menu, click Networking, then Virtual Cloud Networks.
- Click Create VCN, then complete the
following fields:
- Click Create VCN.
The VCN appears on the Virtual Cloud Networks list page in the compartment.
Create the Gateways
All implementations use private subnets and a NAT gateway. If your network will have traffic going to and from the public internet, then create an internet gateway. If you need to reach region-local services, such as OCI Object Storage for backups and the YUM repository, then create a service gateway.
- Create a NAT gateway.
- Create an internet gateway.
- Create an service gateway.
Create the Route Tables
While it is easier to design your route tables and route rules
after defining your subnets, it’s simpler to create the route tables and rules
before creating the subnets. This example creates the route table
db-private-RT
, including its local route rules, using the
OCI Console.
Create the Subnets
Create the
subnet used for the Oracle Exadata Database Service on Dedicated
Infrastructure client network. In this example, the subnet is
exadb-private-subnet-ad2
.
Note:
Consider the following:- All subnets reside in the
psft-network-compartment
compartment. - We appended
ad2
at the end of the subnet name in this example to designate which availability domain the subnet resides in. - Oracle Exadata Database Service on Dedicated
Infrastructure can have two separate subnets: one for the client network and one for the
backup to object storage. To create the subnet dedicated to database backups
to object storage, follow the steps, but choose a different CIDR block in
Step 4d. We used 10.0.108.0/24 for our case study. Use the same route table
(
db-private-RT
) since it has the route rule to the service gateway.
- Select Networking, then Virtual Cloud Networks in the OCI Console.
- Click the VCN that you created earlier to display the VCN Detail page.
- Click Subnets, then click Create Subnet.
- Complete the following information:
Create Security Lists
Create your
security lists from the OCI Console. This example creates a security list named
db-private-seclist
with two stateful ingress rules and one stateful
egress rule.
- Log into the OCI Console. Click Networking, then Virtual Cloud Networks.
- Click the VCN that you created to display the VCN Detail page.
- Click Security Lists.
- Click Create Security List.
- Define the security list.
- Add an ingress rule.
- Add a second ingress rule for the application private subnet
(
app-private-subnet-ad2
). - Add an egress rule for CIDR.
- Click Create Security List.
- (Optional) You can add a second egress rule to allow ICMP (ping).
Provision the Target Infrastructure
Provisioning an Oracle Exadata Database Service on Dedicated Infrastructure is done in two steps:
- Provision your target infrastructure
Select the Oracle Exadata model and shape, and specify the availability domain. Complete and submit the provisioning request and wait until the infrastructure provisioning has completed. You can scale the compute and storage capacity up after provisioning, if needed.
- Provision the VM cluster
Once the Oracle Exadata infrastructure is provisioned, you will provision the VM cluster onto the infrastructure. Select the Grid Infrastructure version, starter database version, OCPU count for the cluster, and ASM disk group storage properties. If you plan to store your backups on the region-local object storage, then you should not select local storage for backups. When deselecting local backups, the Oracle Exadata Database Service on Dedicated Infrastructure dialog presents additional fields for specifying the backup subnet and the compartment that subnet resides in.
Provision Oracle Exadata Database Service on Dedicated Infrastructure
Use the Oracle Cloud Infrastructure (OCI) Console to provision your target environment.
This example architecture uses the following Oracle Exadata model and shape: Oracle Exadata Cloud X6-2 Quarter Rack with two compute nodes (domUs) and three storage cells. The availability domain is AD-2.
Provision the VM Cluster
After your Oracle Exadata Database Service on Dedicated Infrastructure is successfully provisioned, you can provision the VM cluster onto the infrastructure.
The Exadata VM Cluster is completely up, running, and accessible within a few hours. The following components are fully configured.
- Two domU compute VM nodes
- Oracle Clusterware and Oracle Grid Infrastructure
- SCAN name with three IP addresses on the client subnet
- SCAN and grid VIPs with their respective listeners
- High redundancy ASM disk groups
Disk Group Name | Redundancy | Total Size (MB) | Useable (MB) |
---|---|---|---|
DATAC1 | High | 161,206,272 | 48,055,638 |
RECOC1 | High | 53,747,712 | 16,376,564 |
Other small disk groups are created to support Oracle Advanced Cluster File System (Oracle ACFS).
Provision Compute Instances
The compute instances are your application and middle tier servers. They are used for PeopleSoft application and PeopleSoft Internet Architecture (PIA) web servers.
When provisioning compute instances, select the shape that
best supports your workload. OCI provides several shapes to choose
from as well as a choice between Intel or AMD based processors. Both
Oracle Linux and Microsoft Windows are supported. When provisioning
the application tier compute nodes, specify the compartment
(psft-app-compartment
) to hold the compute
instance resources and specify the subnet for the application tiers
(app-private-subnet-ad2
). The application
servers will host:
- Tuxedo application server domain
- Tuxedo batch process server domain
- MicroFocus COBOL compiler and run-time facility
You can provision and place the PIA web servers into the same compartment and use the same subnet as the application servers. They will host the following:
- WebLogic Web servers to host the PIA servers
- Coherence*Web cache servers (optional)
Create OCI Compute Instances
Provision the compute instances in Oracle Cloud Infrastructure (OCI).
The configuration of our middle tier servers was simple and standard, with only the sizes of the boot, root, and swap file systems needing adjustment. At the time we provisioned ours, the default size of the boot volume was 46.6GB. This default size contains the basic required Linux file systems, including:
- A
/boot
file system (200MB) - A root (
/
) file system (39GB) - A swap volume (8GB)
For both the application and web tier servers, we needed to increase the boot file system to 128GB, the root file system to 100GB, and the total swap size to 16GB.
Provision OCI File Storage
Oracle Cloud Infrastructure File Storage provides the shared file systems for all application and PIA servers. These servers will use NFS to mount the shared file systems. When you provision OCI File Storage from the OCI Console, ensure that the file storage is in the same availability domain as the application and PIA servers.
Find the Security Ingress and Egress Rules
Find the required security ingress and egress rules to add to the appropriate security lists and the commands you need to issue on each application and PeopleSoft Internet Architecture (PIA) server. After provisioning the file system, perform the following steps: