1. Set up a new OCI tenancy and create a Secure Desktops pool
  2. Learn About Oracle Cloud Infrastructure Secure Desktops

Learn About Oracle Cloud Infrastructure Secure Desktops

Oracle Cloud Infrastructure (OCI) Secure Desktops is a cloud-native, managed service that ensures the security and reliability of your desktop environments. Use OCI Secure Desktops to allow your global workforce to access enterprise data with a secure, centrally controlled, customizable, and consistent experience, regardless of the device used to access the desktop. Since only a view of the virtual desktop is rendered and actual data is not transmitted, your enterprise can be confident that their data is secure in the event of a lost or stolen device.

Developers who work on applications that run close to OCI services such as Autonomous Database, WebLogic, or Kubernetes deployed on OCI can benefit from using OCI Secure Desktops. Once you set developers up with virtual desktops in OCI, they can securely host and test their code with simple procedures for achieving compliance including code security requirements without the code leaving the tenancy. For instance, data and code located in the same network and tools close to the database will perform better.

In this solution, you will learn to deploy the OCI Secure Desktops Oracle Cloud Infrastructure Resource Manager (ORM) stack to your OCI tenancy and create a desktop pool.

Architecture

The OCI Secure Desktops service is fully integrated with OCI Compute, Storage, and Networking services and provides the flexibility of creating secure desktops for your existing OCI tenancy and account. You can choose among various Compute shapes and an option to provide dedicated storage space for each desktop user.

This architecture diagram shows how you can deploy OCI Secure Desktops in your tenancy through desktop pools.


Description of oci-tenancy-secure-desktops-arch.png follows
Description of the illustration oci-tenancy-secure-desktops-arch.png

oci-tenancy-secure-desktops-arch-oracle.zip

This architecture supports the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Virtual cloud network (VCN) and subnet

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

Your requirements might differ from the architecture described here and you can customize as needed.

Administrators can quickly deploy OCI Secure Desktops. Users are added to OCI Secure Desktops pools through OCI Identity and Access Management (OCI IAM) group policies that follow standard OCI practices for authentication.

About Required Services and Roles

This solution requires the following services and roles:

  • Oracle Cloud Infrastructure (OCI)
  • Oracle Cloud Infrastructure Identity and Access Management
  • Oracle Cloud Infrastructure Networking

These are the roles needed for each service.

Service Name: Role Required to...
OCI: Tenancy administrator Performs the initial deployment of the ORM stack. Create policies for users and groups.

Note:

The Tenancy administrator has permissions to deploy all the stacks. Oracle recommends that you use dedicated roles to perform individual deployments based on your organizational needs.
OCI: IAM (Identity Domain) Administrator Manage users, groups, applications, system configuration, and security settings.
OCI: Network Administrator Manage the network components including VCNs, subnets, security rules, and Bastions.
OCI: Security Administrator Inspect access to resources such as compute, network, and complete access to observability and management services.

See Oracle Products, Solutions, and Services to get what you need.