Learn About Oracle Cloud Infrastructure Secure Desktops
Developers who work on applications that run close to OCI services such as Autonomous Database, WebLogic, or Kubernetes deployed on OCI can benefit from using OCI Secure Desktops. Once you set developers up with virtual desktops in OCI, they can securely host and test their code with simple procedures for achieving compliance including code security requirements without the code leaving the tenancy. For instance, data and code located in the same network and tools close to the database will perform better.
In this solution, you will learn to deploy the OCI Secure Desktops Oracle Cloud Infrastructure Resource Manager (ORM) stack to your OCI tenancy and create a desktop pool.
Architecture
This architecture diagram shows how you can deploy OCI Secure Desktops in your tenancy through desktop pools.
oci-tenancy-secure-desktops-arch-oracle.zip
This architecture supports the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
Your requirements might differ from the architecture described here and you can customize as needed.
Administrators can quickly deploy OCI Secure Desktops. Users are added to OCI Secure Desktops pools through OCI Identity and Access Management (OCI IAM) group policies that follow standard OCI practices for authentication.
About Required Services and Roles
This solution requires the following services and roles:
- Oracle Cloud Infrastructure (OCI)
- Oracle Cloud Infrastructure Identity and Access Management
- Oracle Cloud Infrastructure Networking
These are the roles needed for each service.
Service Name: Role | Required to... |
---|---|
OCI: Tenancy administrator | Performs the initial deployment of the ORM stack. Create policies for users and
groups.
Note: The Tenancy administrator has permissions to deploy all the stacks. Oracle recommends that you use dedicated roles to perform individual deployments based on your organizational needs. |
OCI: IAM (Identity Domain) Administrator | Manage users, groups, applications, system configuration, and security settings. |
OCI: Network Administrator | Manage the network components including VCNs, subnets, security rules, and Bastions. |
OCI: Security Administrator | Inspect access to resources such as compute, network, and complete access to observability and management services. |
See Oracle Products, Solutions, and Services to get what you need.