The image shows a DoDIN region, an OCI home region, and an OCI other region.
DoDIN
- IL4/IL5 workload user
- DISA primary router
- DISA secondary router
- Two Active Directory
OCI regions
Two tenancies spans both OCI regions (home and other). The first tenancy includes:
- IAM Domain (Default) - Identity and Access Management (IAM) uses
identity domains to provide identity and access management features such as
authentication, single sign-on (SSO), and identity lifecycle management for Oracle
Cloud as well as for Oracle and non-Oracle applications, whether SaaS, cloud hosted,
or on premises.
- Policies - A policy is a document that specifies who can access which
OCI resources that your company has
- Vulnerability Scanning - Oracle Cloud Infrastructure Vulnerability
Scanning Service helps improve your security posture by routinely checking hosts and
container images for potential vulnerabilities
- Cloud Guard - Cloud Guard is a cloud native service that helps
customers monitor, identify, achieve, and maintain a strong security posture on
Oracle Cloud
- Landing zone L1 - EBLZ Parent
L1 - EBLZ Parent
- L2 Workload 1 - This is the compartment for the initial workload
- L2 Workload 1 - This is the compartment for the initial workload
- L2 - VDSS - All core network resources are placed here
- L2 - VDMS - Security resources are placed here
- IAM Domain (New) - Identity and Access Management (IAM) uses identity
domains to provide identity and access management features such as authentication,
single sign-on (SSO), and identity lifecycle management for Oracle Cloud as well as
for Oracle and non-Oracle applications
- Policies - A policy is a document that specifies who can access which
OCI resources that your company has
- Cloud Guard Target - Defines scope of what Cloud Guard checks
- VSS Target - OCI Vulnerability Scanning Service helps improve your
security posture by routinely checking hosts and container images for potential
vulnerabilities
- Auditing - The Landing Zone copies all logs and auditing events to the
Logging analytics service for analysis and visualization
L2 Workload 1
L2 contains the following and is replicated.
- Object Storage - Object storage provides quick access to large amounts
of structured and unstructured data of any content type, including database backups,
analytic data, and rich content such as images and videos
- VCN - Spoke 1 with a Service Gateway, a DRG, a WAF, a subnet with VM, and a subnet
with ADB.
L2 - VDSS
- FC - FastConnect allows customers to connect directly to their OCI
virtual cloud network via dedicated, private, high-bandwidth connections
- VCN - Hub with a DRG, Firewall, and VCN Flow Logs
L2 VDMS
- Bastion Service - OCI Bastion provides restricted and time-limited
access to target resources that don't have public endpoints
- Events - The Events service helps you create automation based on the
state changes of resources throughout your tenancy
- Streaming - The Streaming service provides a fully managed, scalable,
and durable solution for ingesting and consuming high-volume data streams in real
time
- Logging Analytics - Oracle Cloud Logging Analytics is a cloud solution
in OCI that lets you index, enrich, aggregate, explore, search, analyze, correlate,
visualize and monitor all log data from your applications and system
infrastructure
- Two Vaults (Virtual Private) - OCI Vault is an encryption management
service that stores and manages encryption keys and secrets to securely access
resources
- VSS Recipes - Use OCI Vulnerability Scanning Service to create and
manage recipes that scan target compute instances (hosts) for potential security
vulnerabilities
- Logging - The Logging service provides a highly scalable and fully
managed single interface for all the logs in your tenancy
- Service Connector Hub - Connector Hub helps cloud engineers manage and
move data between OCI services and from OCI to third-party services
- L2 - Logging with two Object Storage (Immutable) instances
The second tenancy includes:
- IAM Domain (Default)
- Policies
- Auditing
- Cloud Guard
- Logging with Object Storage (Immutable), and Vault