1. Establish a foundational Oracle Cloud Infrastructure Governance Model
  2. Design and Implement Your Governance Model

Design and Implement Your Governance Model

The governance model is an evolving, iterative process used to develop a mature and robust model aligned with the needs of your resources and workloads.

Description of cloud-technology-workload-governance.png follows
Description of the illustration cloud-technology-workload-governance.png

A company's organization structure should leverage a Technology Center of Excellence (COE) team to facilitate the process beginning with baseline governance followed by a phased approach for every workload.

Baseline Governance

Enables you to define governance processes for core and shared cloud resources. You begin with applying the governance model to your resources and set up your architecture to use the governance model. For example, you can define a Networking compartment during baseline governance implementation.

Workload Governance

Enables you to define governance processes for workload-specific cloud resources. Workload governance extends the scope and functionality of your initial baseline governance configuration to govern your workloads. For example, you can now extend the scope of the Networking compartment by creating child compartments to manage your workloads.

Use the Secure Landing Zone

Oracle recommends using the Secure Landing Zone to implement your governance for the tenancy.

The Secure Landing Zone automates the creation of a secure tenancy. The Secure Landing Zone provides the following:

  • A set of Terraform scripts that deploy a standardized environment in an OCI tenancy
  • Templates that use multiple compartments, groups, and OCI IAM policies to segregate access to resources based on job function

You can configure the resources within the template to meet the CIS OCI Foundations Benchmark settings related to:

  • OCI IAM groups and policies
  • Networking (VCN, Private Subnet, and Public Subnet)
  • Keys
  • Cloud Guard
  • Logging
  • Vulnerability Scanning
The landing zone implements and configures most of the OCI services required for governance.

Note:

The Secure Landing Zone doesn't create any artifacts for cost management and tags. It also doesn't implement advanced Identity Management (Identity Federation and Identity Provisioning or Deprovisioning) and networking (FastConnect setup).