1. Using Oracle CASB Cloud Service
  2. Setting Up Cloud Applications for Monitoring
  3. Setting Up Oracle Cloud Infrastructure (OCI)
  4. Adding an OCI Instance

Adding an OCI Instance

After completing the necessary configurations in Oracle Cloud Infrastructure, add or register the OCI instance in Oracle CASB Cloud Service.

Prerequisites: Complete the steps in Preparing a Public/Private Key Pair and Preparing OCI.

Note:

  • Only OCI administrator users should register an OCI instance with Oracle CASB Cloud Service.

  • You should not add, or register, the same application instance more than once. An additional registration seriously impacts performance and doesn’t provide any additional information.

  • You can only register Oracle Cloud Infrastructure in monitor-only mode.

You have several options when you add an OCI instance in Oracle CASB Cloud Service, based on the type of OCI compartment that is monitored - in each instance, a single compartment is monitored:

  • OCI Tenancy - the root compartment that contains all of your organization's compartments and other Oracle Cloud Infrastructure cloud resources.

    See Adding an OCI Tenancy.

  • Compartment under a registered Tenancy - a specified compartment under a registered OCI tenancy. Only the collection of related resources within the specified compartment, which are accessible only by certain groups that have been given permission by an administrator in your organization, are monitored.

    Note:

    If bulk registration of OCI compartments is enabled on your Oracle CASB Cloud Service tenant, this option of registering one component at a time is no longer available. Instead, after you register the OCI tenancy (Adding an OCI Tenancy), you register multiple compartments that you want Oracle CASB Cloud Service to monitor in that tenancy (Updating Registered Compartments for an OCI Instance).

    To enable bulk registration of OCI compartments, contact Oracle Support (http://support.oracle.com).  If you have not registered yet, you will need your Customer Support Identifier (CSI) in order to register to submit service request tickets.  As an alternative, you can also contact your Oracle CASB Customer Success Manager.

    When you register a compartment inside a tenancy that is already registered in Oracle CASB Cloud Service, the compartment inherits access credentials from the parent tenancy, so you only have to specify the compartment name.

    See Adding an OCI Compartment under a Registered Tenancy.

    Note:

    If the OCI instance for the parent tenancy is ever deleted from Oracle CASB Cloud Service, the Compartment under a registered Tenancy automatically becomes a Standalone Compartment that retains the credentials from the parent tenancy.

  • A Standalone Compartment – an OCI compartment that is accessed directly, without first registering the OCI tenancy in Oracle CASB Cloud Service. As with a compartment under a registered tenancy, only the collection of related resources within the specified compartment, which are accessible only by certain groups that have been given permission by an administrator in your organization, are monitored.

    When you register a standalone compartment, you have to specify all the credentials required to access the parent tenancy.

    See Adding an OCI Standalone Compartment.

Adding an OCI Tenancy

Add an OCI instance with tenancy as the type of OCI compartment that Oracle CASB Cloud Service monitors.

  1. Select Applications from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. Click Add/Modify App.
  3. In the Select an app type page, click the Oracle Cloud Infrastructure icon, and then click Next.
  4. On the Select an instance page:

    1. Enter a name for the instance in the Type a unique name... box.

      Any existing names appear below the name field.

    2. If users of this instance use an identity provider to log in, select The users of this app instance log in using single sign-on... and select the IDP instance from the Select an Identity Provider (IDP) instance list.

      Note:

      The identity provider instance must already be defined. See Setting Up an Identity Provider Instance.

    3. Click Next.

  5. In the Enter credentials page, under Select the type of OCI Compartment that Oracle CASB Cloud will monitor, select Tenancy.

    If bulk registration of compartments is enabled, the label for this option is Tenancy (modify OCI Tenancy Instance to register Compartments).

  6. To see the list of regions that will be monitored for this OCI instance, click the number to the right of Regions monitored.
  7. In a separate browser window, log in to your OCI account.
  8. In the OCI console, drop down the menu from the User icon in the top right corner and select Tenancy: <tenancy_name>.
  9. On the tenancy details page, on the Tenancy Information tab, click the Copy link for the OCID value.
  10. Switch back to the Oracle CASB Cloud Service console, Enter credentials page.
  11. Paste the tenancy OCID value from the OCI console into the Tenancy OCID box.
  12. Switch back to the OCI console.
  13. Drop down the menu from the User icon in the top right corner and select the user login name.
  14. On the User Details page, on the User Information tab, click the Copy link for the user OCID value.
  15. Switch back to the Oracle CASB Cloud Service console, Enter credentials page.
  16. Paste the user OCID value from the OCI console into the User OCID box.
  17. Click Test Credentials.
  18. When you see the “Successfully initiated direct connection” message, click Submit.

Initial data typically begins to appear in 30 minutes to 2 hours, but can take longer in some cases. For status, check the Dashboard. If no data appears within 24 hours, contact Oracle Support.

Next Steps

If you want to customize the security control baseline settings for this OCI instance, perform the steps in Updating the Security Control Baseline for an OCI Instance.

If bulk registration of compartments is enabled, you can specify the exact combination of compartments you want Oracle CASB Cloud Service to Monitor for this OCI instance. Perform the steps in Updating Registered Compartments for an OCI Instance.

Adding an OCI Compartment under a Registered Tenancy

Add an OCI instance with compartment as the type of OCI compartment that Oracle CASB Cloud Service monitors.

Note:

If bulk registration of OCI compartments is enabled on your Oracle CASB Cloud Service tenant, this option of registering one component at a time is no longer available. Instead, after you register the OCI tenancy (Adding an OCI Tenancy), you register multiple compartments that you want Oracle CASB Cloud Service to monitor in that tenancy (Updating Registered Compartments for an OCI Instance).

  1. Select Applications from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. Click Add/Modify App.
  3. In the Select an app type page, click the Oracle Cloud Infrastructure icon, and then click Next.
  4. On the Select an instance page:

    1. Enter a name for the instance in the Type a unique name... box.

      Any existing names appear below the name field.

    2. If users of this instance use an identity provider to log in, select The users of this app instance log in using single sign-on... and select the IDP instance from the Select an Identity Provider (IDP) instance list.

      Note:

      The identity provider instance must already be defined. See Setting Up an Identity Provider Instance.

    3. Click Next.

  5. In the Enter credentials page, under Select the type of OCI Compartment that Oracle CASB Cloud will monitor, select Compartment under a registered Tenancy.
  6. Drop down the OCI Application instance list and select the parent tenancy.

    The Tenancy and Tenancy OCID values from the parent tenancy are automatically populated.

  7. Click Test Credentials.

    When the “Successfully initiated direct connection” message appears, two new fields, Compartment and Compartment OCID are displayed.

  8. Drop down the Compartment list and select the compartment that you want Oracle CASB Cloud Service to monitor.

    The Compartment OCID is automatically populated.

    Note:

    • You can register a compartment under a tenancy only once.

    • However, you can register a multiple tenancy instances with the same Tenancy OCID.

  9. Click Test Credentials.
  10. When you see the “Successfully initiated direct connection” message, click Submit.

Initial data typically begins to appear in 30 minutes to 2 hours, but can take longer in some cases. For status, check the Dashboard. If no data appears within 24 hours, contact Oracle Support.

Next Steps

If you want to customize the security control baseline settings for this OCI instance, perform the steps in Updating the Security Control Baseline for an OCI Instance.

Adding an OCI Standalone Compartment

Add an OCI instance with standalone compartment as the type of OCI compartment that Oracle CASB Cloud Service monitors.

  1. Select Applications from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon Image of the Navigation Menu icon. to display it.
  2. Click Add/Modify App.
  3. In the Select an app type page, click the Oracle Cloud Infrastructure icon, and then click Next.
  4. On the Select an instance page:

    1. Enter a name for the instance in the Type a unique name... box.

      Any existing names appear below the name field.

    2. If users of this instance use an identity provider to log in, select The users of this app instance log in using single sign-on... and select the IDP instance from the Select an Identity Provider (IDP) instance list.

      Note:

      The identity provider instance must already be defined. See Setting Up an Identity Provider Instance.

    3. Click Next.

  5. In the Enter credentials page, under Select the type of OCI Compartment that Oracle CASB Cloud will monitor, select Standalone Compartment (Advanced).
  6. To see the list of regions that will be monitored for this OCI instance, click the number to the right of Regions monitored.
  7. In a separate browser window, log in to your OCI account with credentials for the dedicated Oracle CASB Cloud Service user account.
  8. In the OCI console, drop down the menu from the User icon in the top left corner and select Tenancy: <tenancy_name>.
  9. On the tenancy details page, on the Tenancy Information tab, click the Copy link for the OCID value.
  10. Switch back to the Oracle CASB Cloud Service console, Enter credentials page.
  11. Paste the Tenancy OCID value from the OCI console into the Tenancy OCID box.
  12. Switch back to the OCI console.
  13. Select the Compartment OCID value and click the Copy link.
  14. Switch back to the Oracle CASB Cloud Service console, Enter credentials page.
  15. Paste the Compartment OCID value from the OCI console into the Compartment OCID box.
  16. Switch back to the OCI console.
  17. On the User Information tab, click the Copy link for the user OCID value.
  18. Switch back to the Oracle CASB Cloud Service console, Enter credentials page.
  19. Paste the user OCID value from the OCI console into the User OCID box.
  20. Click Test Credentials.
  21. When you see the “Successfully initiated direct connection” message, click Submit.

Initial data typically begins to appear in 30 minutes to 2 hours, but can take longer in some cases. For status, check the Dashboard. If no data appears within 24 hours, contact Oracle Support.

Next Steps

If you want to customize the security control baseline settings for this OCI instance, perform the steps in Updating the Security Control Baseline for an OCI Instance.

If bulk registration of compartments is enabled, you can specify the exact combination of compartments you want Oracle CASB Cloud Service to Monitor for this OCI instance. Perform the steps in Updating Registered Compartments for an OCI Instance.