Learn About the Oracle European Union Sovereign Cloud
- Data sovereignty
All EU Sovereign Cloud operation facilities are located exclusively within the physical boundaries of the EU. There are no explicit or implicit connections between the realm and any other OCI realm and therefore, customer instances and datasets created within EU Sovereign Cloud remains in the EU.
- Operational sovereignty
Oracle EU Sovereign Cloud operators are EU residents, employed by an EU Sovereign Cloud legal entity and operating in an autonomous realm. EU Sovereign Cloud operations are conducted within the EU, taking into consideration the technical realities of the OCI control and data plane. While operators still take technical direction, including recommended patching and feature deployment instructions and timelines from the OCI global engineering and operations groups, the ultimate decision to implement is determined by the EU Sovereign Cloud region operations team.
- Isolated operations
OCI regions are grouped into realms. While each realm maintains a common set of operational practices and either all or a subset of the features contained within the core commercial OCI realm, the realm itself represents an operational and data boundary for any data within the realm. The combination of operational and data isolation allows for the complete separation of EU Sovereign Cloud from other OCI realms and only data essential for the financial aspects and health of the realm is sent back to the OCI global operations environment.
This Solution Playbook provides guidance on conceptual architectures and uses of EU Sovereign Cloud. While some details regarding both the overall capabilities and operational aspects of EU Sovereign Cloud will be covered to set the context of the architectures, this document is not an exhaustive list of the detailed operational processes and procedures.
About the Operational Model
The EU Sovereign Cloud service architecture is designed so that Oracle EU Sovereign Cloud legal entities can operate independently without the need to transfer customer data outside of the EU. EU Sovereign Cloud legal entities are registered in EU member state countries own the realm assets, and employ the Oracle personnel who have physical or logical access to the realm.
- EU residents with the right to work in an EU member state.
- Physically located in an EU member state when servicing the EU Sovereign Cloud environment.
- Employed by an Oracle EU Sovereign Cloud legal entity.
OCI ensures that our DevOps tools, service deployment configuration and permissions systems enable EU EU Sovereign Cloud personnel to operate regions in accordance with local data protection regulations and without interference from non-EU entities.
EU Sovereign Cloud offers a similar customer experience to OCI commercial public cloud regions, including available services, pricing, and SLAs. OCI features and patches are deployed in EU Sovereign Cloud in alignment with established OCI change management practices.
Oracle operators work from EU-based centers of excellence (CoE) that are linked to the actual region locations. Operations are separate from availability domain locations in the region and have isolated links in order to demonstrate auditable prevention of access from outside of the EU. Operators work on-site or from verifiable VPN access points that terminate in the CoE.
The specially formed European Union Governance Committee is responsible for monitoring and ensuring the integrity of EU Sovereign Cloud practices and commitments to protect customer data.
Compare Public and Dedicated Clouds
Public Cloud
Commercial Public Cloud |
Public Cloud
EU Sovereign Cloud |
Dedicated Cloud
Dedicated Region |
Dedicated Cloud
Isolated Region |
Dedicated Cloud
Alloy |
|
---|---|---|---|---|---|
Description | Publicly available across dozens of countries around the globe | Designed for, and operated and located in, the European Union | The complete cloud in your datacenter with the economics of public cloud | Designed to work in disconnected mode for mission critical workloadse | Enables partners to become cloud providers and expand their business |
Data Center Location | 36 cloud regions in 23 countries | Two cloud regions in the EU | Customer-defined | Customer-defined | Customer-defined |
Operations and Support | Oracle Global | Oracle EU | Oracle Global | Customer-defined | Customer-defined |
Cloud Isolation (Realm) | Global Realm | EU Realm | Dedicated Realm | Air-gapped, Dedicated Realm | Dedicated Realm |
Multi-tenancy | Yes | Yes | No | No | Yes |
For the current region information, visit Public Cloud Regions.
Terms and Resources
Terms and resources related to the implementation of EU Sovereign Cloud are defined below.
Resource and Identity Management
Term | Meaning/Purpose |
---|---|
EU Sovereign Cloud | Oracle's European Union Sovereign Cloud |
Realm | A collection of related OCI regions that are managed under a single umbrella. Realms are neither visible to customers nor customer managed and are strictly used by OCI for operational and management purposes. Realms are isolated from one another via technical and operational processes. A tenancy exists in a single realm and can access regions within that realm but cannot access regions that are outside of that realm. |
Region | A group of related availability domains within a small geographic area with , low network latency and operated as a single entity within OCI. A region is the highest-order resource construct available to customers. |
Tenancy | The individual customer boundary for resources. A tenancy is both a permissions and consumption boundary; a customer's tenancy contains all the resources that the customer has provisioned and is billed for across the regions within the realm in which the tenancy exists. Customers may have more than one tenancy within the same realm or multiple tenancies across different realms. |
Compartment | A logical grouping of resources within a tenancy. Compartments are used to control both access to deploying resources and certain types of access between provisioned resources both within and between compartments. All provisioned resources belong to a compartment. The root (top level) compartment is the tenancy itself. |
Term | Meaning/Purpose |
---|---|
Availability Domain (AD) | One or more data centers located within a region. Availability domains are composed of one or more individual physical locations located within a specified network latency boundary, with all resources within the boundary managed as a single entity. |
Fault Domain (FD) | A fault domain is a grouping of hardware or infrastructure within an availability domain. Fault domains provide the ability to have rack diversity for instances within an availability domain. |
Instance | A deployment of a resource for consumption, such as a compute resource, within an environment. |
The diagram below illustrates the Resource grouping terms within the lexicon:
Description of the illustration security_structure_overview.png
EU Data Sovereignty
- All hosted customer data is maintained within data regions in EU member states and isolated by Oracle’s realm architecture with no direct connection to other Oracle resources outside of the EU. Except as set forth in the EU Sovereign Cloud additional terms, hosted data is stored within the EU Sovereign Cloud regions and there is no external data storage location that maintains intermediate or cached data prior to landing within the region.
- Internal virtual network paths remain within the physical boundaries of each region and do not traverse any public or private path that might cause hosted data to leave the realm. Connections between physical locations (availability domains) and Points of Presence (PoP) are directly connected and encrypted.
- No automatic or readily established data path connects EU Sovereign Cloud regions. All data that flows between the EU Sovereign Cloud data regions is both fully encrypted and flows over a dedicated connection between the regions.
- Encryption keys for both data transmission and data storage are local to the realm. The keys used for the encryption of data maintained completely within the borders of the EU and are controlled exclusively by employees of an EU Sovereign Cloud legal entity.
EU Sovereign Cloud provides a platform on which to build applications, but customers and their users are responsible for ensuring that once data is fully installed within EU Sovereign Cloud, it remains inaccessible via application or network access at the tenancy layer. Refer to "Access Model" elsewhere in this playbook for strategies to help prevent data exfiltration at the application and tenant network layer.
Description of the illustration eu-sov-realm-comm-pub-realm.png