Implement Policies and Processes

The integration requires that you implement certain policies and processes.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator.

This access is required whether you're using the console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.

If you're a member of the Administrators group, you already have the required access to execute this scenario. Otherwise, you need access to Monitoring, Notifications, and Functions. You must have FN_INVOCATION permission against the function to be able to add the function as a subscription to a topic. To access your ServiceNow credentials, the function must be authorized to read secrets.

Automation

To create the necessary virtual clusters on Oracle Exadata Database Service on Cloud@Customer, Deutsche Bank uses CA Automic Workload Automation (CA AWA) with REST API calls.

The workflow is similar to the following:

1. Obtain an authentication token for the Oracle Cloud Infrastructure (OCI) API by making a POST request to the appropriate endpoint with your credentials. The response will contain an access token that you can use to authenticate subsequent requests.

   POST https://identity.oraclecloud.com/v1/oauth2/token
   Content-Type: application/x-www-form-urlencoded
   
   grant_type=password&username=<your_username>&password=<your_password>&scope=openid
   
   Response:
   {
       "access_token": "eyJ4NXUiOiJ...",
       "token_type": "Bearer",
       "expires_in": 3600,
       "refresh_token": "AQIC5wM...",
       "scope": "openid"
   }
   

2. Use the OCI REST API to create a new virtual cloud network (VCN) and subnet for your virtual cluster. You can use the following request as an example:

   POST https://iaas.cloud.oracle.com/20160918/vcns
   Content-Type: application/json
   Authorization: Bearer <your_oauth_token>
   
   {
       "cidrBlock": "10.0.0.0/16",
       "displayName": "MyVCN",
       "compartmentId": "<your_compartment_id>",
       "dnsLabel": "mydnslabel"
   }

3. Use the OCI REST API to create a new Exadata Cloud at Customer virtual cluster. You can use the following request as an example:

   POST https://iaas.cloud.oracle.com/20160918/exaVcClusters
   Content-Type: application/json
   Authorization: Bearer <your_oauth_token>
   
   {
       "compartmentId": "<your_compartment_id>",
       "displayName": "MyCluster",
       "availabilityDomain": "<your_availability_domain>",
       "cpuCoreCount": 32,
       "memorySizeInGBs": 768,
       "storageSizeInTBs": 140,
       "subnetId": "<your_subnet_id>"
   }

4. Use the OCI REST API to create a new virtual machine (VM) within the virtual cluster. You can use the following request as an example:

   POST https://iaas.cloud.oracle.com/20160918/instances
   Content-Type: application/json
   Authorization: Bearer <your_oauth_token>
   
   {
       "compartmentId": "<your_compartment_id>",
       "availabilityDomain": "<your_availability_domain>",
       "displayName": "MyVM",
       "shape": "<your_vm_shape>",
       "sourceDetails": {
           "sourceType": "image",
           "imageId": "<your_image_id>"
       },
       "subnetId": "<your_subnet_id>",
       "placementConfigurations": [
           {
               "type": "vm-placement",
               "vmClusterId": "<your_cluster_id>"
           }
       ],
       "metadata": {
           "ssh_authorized_keys": "<your_ssh_public_key>"
       }
   }

5. Schedule the above REST API calls in CA AWA to automate the creation of the virtual cluster. You can create a new workflow in CA AWA, add the REST API calls as tasks, and define the appropriate dependencies between them.
6. Once the virtual cluster is created, you can use the OCI REST API to manage its lifecycle, such as scaling the cluster up or down, adding or removing VMs, and monitoring its performance.

Backup

To create backups for the Oracle Exadata Database Service on Cloud@Customer service, use Oracle ZFS Storage Appliance.

Deploy this highly scalable and efficient storage service by performing the following steps:

1. Configure the Oracle Cloud Backup module to connect to the Oracle ZFS Storage Appliance by specifying the IP address or host name of the appliance, the storage pool to be used for backups, and the backup destination.
2. Create backup jobs in the Exadata Cloud@Customer environment. These jobs can be scheduled or run manually, and configured to back up specific databases, tablespaces, or files.
3. Monitor the backup jobs to ensure they are completing successfully and troubleshoot any issues that arise.

The Oracle ZFS Storage Appliance for backups provides advanced features such as compression, deduplication, and encryption. This can help reduce backup storage requirements and improve backup performance while ensuring the data is securely stored.