Learn About the Oracle European Union Sovereign Cloud

Oracle European Union (EU) Sovereign Cloud is a purpose-built Oracle Cloud Infrastructure (OCI) collection of data regions designed to meet the needs of EU government agencies, non-governmental agencies, and commercial entities subject to the data privacy and protection laws of the EU. The EU Sovereign Cloud data regions are grouped into a single realm which allows for both data and operations to be isolated from other realms. This realm construct, alongside the customer’s proper management and administration, allows for the following capabilities:

• Data sovereignty

  All EU Sovereign Cloud operation facilities are located exclusively within the physical boundaries of the EU. There are no explicit or implicit connections between the realm and any other OCI realm and therefore, customer instances and datasets created within EU Sovereign Cloud remains in the EU.

• Operational sovereignty

  Oracle EU Sovereign Cloud operators are EU residents, employed by an EU Sovereign Cloud legal entity and operating in an autonomous realm. EU Sovereign Cloud operations are conducted within the EU, taking into consideration the technical realities of the OCI control and data plane. While operators still take technical direction, including recommended patching and feature deployment instructions and timelines from the OCI global engineering and operations groups, the ultimate decision to implement is determined by the EU Sovereign Cloud region operations team.

• Isolated operations

  OCI regions are grouped into realms. While each realm maintains a common set of operational practices and either all or a subset of the features contained within the core commercial OCI realm, the realm itself represents an operational and data boundary for any data within the realm. The combination of operational and data isolation allows for the complete separation of EU Sovereign Cloud from other OCI realms and only data essential for the financial aspects and health of the realm is sent back to the OCI global operations environment.

Implementation of these key features does not change the fundamental nature of OCI. EU Sovereign Cloud maintains features found within the commercial public cloud offering and retains the same API and interface capabilities. This means that development and operational practices implemented for OCI commercial public cloud regions directly translate to EU Sovereign Cloud.

This Solution Playbook provides guidance on conceptual architectures and uses of EU Sovereign Cloud. While some details regarding both the overall capabilities and operational aspects of EU Sovereign Cloud will be covered to set the context of the architectures, this document is not an exhaustive list of the detailed operational processes and procedures.

About the Operational Model

The EU Sovereign Cloud service architecture is designed so that Oracle EU Sovereign Cloud legal entities can operate independently without the need to transfer customer data outside of the EU. EU Sovereign Cloud legal entities are registered in EU member state countries own the realm assets, and employ the Oracle personnel who have physical or logical access to the realm.

Oracle employees who have access to the EU Sovereign Cloud data center regions must be:

• EU residents with the right to work in an EU member state.
• Physically located in an EU member state when servicing the EU Sovereign Cloud environment.
• Employed by an Oracle EU Sovereign Cloud legal entity.

OCI ensures that our DevOps tools, service deployment configuration and permissions systems enable EU EU Sovereign Cloud personnel to operate regions in accordance with local data protection regulations and without interference from non-EU entities.

EU Sovereign Cloud offers a similar customer experience to OCI commercial public cloud regions, including available services, pricing, and SLAs. OCI features and patches are deployed in EU Sovereign Cloud in alignment with established OCI change management practices.

Oracle operators work from EU-based centers of excellence (CoE) that are linked to the actual region locations. Operations are separate from availability domain locations in the region and have isolated links in order to demonstrate auditable prevention of access from outside of the EU. Operators work on-site or from verifiable VPN access points that terminate in the CoE.

The specially formed European Union Governance Committee is responsible for monitoring and ensuring the integrity of EU Sovereign Cloud practices and commitments to protect customer data.

Compare Public and Dedicated Clouds

While EU Sovereign Cloud provides a high level of protection and assurance regarding sovereignty, data protection and privacy laws, the offering itself remains a multi-tenant cloud environment. For customers that need their data to remain in a specific country/jurisdiction, have specific operations and support personnel requirements, operate as a single entity or restrict an offering to a limited number of entities, or require disconnected operations, OCI Distributed Cloud provides flexible cloud deployment models.

	Public Cloud Commercial Public Cloud	Public Cloud EU Sovereign Cloud	Dedicated Cloud Dedicated Region	Dedicated Cloud Isolated Region	Dedicated Cloud Alloy
Description	Publicly available across dozens of countries around the globe	Designed for, and operated and located in, the European Union	The complete cloud in your datacenter with the economics of public cloud	Designed to work in disconnected mode for mission critical workloadse	Enables partners to become cloud providers and expand their business
Data Center Location	36 cloud regions in 23 countries	Two cloud regions in the EU	Customer-defined	Customer-defined	Customer-defined
Operations and Support	Oracle Global	Oracle EU	Oracle Global	Customer-defined	Customer-defined
Cloud Isolation (Realm)	Global Realm	EU Realm	Dedicated Realm	Air-gapped, Dedicated Realm	Dedicated Realm
Multi-tenancy	Yes	Yes	No	No	Yes

For the current region information, visit Public Cloud Regions.

Terms and Resources

Terms and resources related to the implementation of EU Sovereign Cloud are defined below.

Resource and Identity Management

Term	Meaning/Purpose
EU Sovereign Cloud	Oracle's European Union Sovereign Cloud
Realm	A collection of related OCI regions that are managed under a single umbrella. Realms are neither visible to customers nor customer managed and are strictly used by OCI for operational and management purposes. Realms are isolated from one another via technical and operational processes. A tenancy exists in a single realm and can access regions within that realm but cannot access regions that are outside of that realm.
Region	A group of related availability domains within a small geographic area with , low network latency and operated as a single entity within OCI. A region is the highest-order resource construct available to customers.
Tenancy	The individual customer boundary for resources. A tenancy is both a permissions and consumption boundary; a customer's tenancy contains all the resources that the customer has provisioned and is billed for across the regions within the realm in which the tenancy exists. Customers may have more than one tenancy within the same realm or multiple tenancies across different realms.
Compartment	A logical grouping of resources within a tenancy. Compartments are used to control both access to deploying resources and certain types of access between provisioned resources both within and between compartments. All provisioned resources belong to a compartment. The root (top level) compartment is the tenancy itself.

Resource Grouping

Term	Meaning/Purpose
Availability Domain (AD)	One or more data centers located within a region. Availability domains are composed of one or more individual physical locations located within a specified network latency boundary, with all resources within the boundary managed as a single entity.
Fault Domain (FD)	A fault domain is a grouping of hardware or infrastructure within an availability domain. Fault domains provide the ability to have rack diversity for instances within an availability domain.
Instance	A deployment of a resource for consumption, such as a compute resource, within an environment.

The diagram below illustrates the Resource grouping terms within the lexicon:

Description of the illustration security_structure_overview.png

security_structure_overview-oracle.zip

EU Data Sovereignty

Maintaining data sovereignty can prohibit the use of the public cloud. Specifically when it comes to access or transfer of data due to extraterritorial demands, interception of data streams that pass beyond EU physical borders, and ensuring and enforcing compliance with EU data privacy laws such as GDPR, EU Directive 2016/680. Organizations that want to use the public cloud for their computing and storage needs need to address these risks.

EU Sovereign Cloud allows you to fully audit your environment to ensure that it adheres to EU data protection requirements. The operational aspects of EU Sovereign Cloud provide a number of physical protections against data leaving the realm:

• All hosted customer data is maintained within data regions in EU member states and isolated by Oracle’s realm architecture with no direct connection to other Oracle resources outside of the EU. Except as set forth in the EU Sovereign Cloud additional terms, hosted data is stored within the EU Sovereign Cloud regions and there is no external data storage location that maintains intermediate or cached data prior to landing within the region.
• Internal virtual network paths remain within the physical boundaries of each region and do not traverse any public or private path that might cause hosted data to leave the realm. Connections between physical locations (availability domains) and Points of Presence (PoP) are directly connected and encrypted.
• No automatic or readily established data path connects EU Sovereign Cloud regions. All data that flows between the EU Sovereign Cloud data regions is both fully encrypted and flows over a dedicated connection between the regions.
• Encryption keys for both data transmission and data storage are local to the realm. The keys used for the encryption of data maintained completely within the borders of the EU and are controlled exclusively by employees of an EU Sovereign Cloud legal entity.

While the default features of the realm provide an auditable solution designed to help address data sovereignty, please note that each tenant also needs to be vigilant and ensure that unintentional data leakage does not occur. EU Sovereign Cloud retains the native OCI ability to establish network relationships between tenancies—operating either within the same realm or your on-premises environment in the EU. Cross-tenancy connections within EU Sovereign Cloud retain the data protection and sovereignty capabilities that are inherent to the EU Sovereign Cloud. However, any connections established between realms (such as between EU Sovereign Cloud and the OCI public cloud regions located within the EU) do not offer the same level of protection. Data that traverses between realms, in particular to non-EU Sovereign Cloud realms, may exit the boundaries of the EU in the normal course of operations.

EU Sovereign Cloud provides a platform on which to build applications, but customers and their users are responsible for ensuring that once data is fully installed within EU Sovereign Cloud, it remains inaccessible via application or network access at the tenancy layer. Refer to "Access Model" elsewhere in this playbook for strategies to help prevent data exfiltration at the application and tenant network layer.

Description of the illustration eu-sov-realm-comm-pub-realm.png

eu-sov-realm-comm-pub-realm-oracle.zip