Creating and Managing Subnets Administrative Tasks

 

Creating a Subnet

To create a subnet using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which you want to create the subnet.

4. Click Subnets.

5. Click Create Subnet.

6. Enter the required information, such as the subnet name, CIDR block, and route table.

7. Click Create Subnet.

To create a subnet using the OCI CLI:

1. Run the following command:

oci subnet create --name <subnet_name> --cidr-block <cidr_block> --vcn-id <vcn_id> --route-table-id <route_table_id>

Managing Subnets

Once you have created a subnet, you can manage it using the OCI Console or the OCI CLI.

Using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which the subnet is located.

4. Click Subnets.

5. Click the name of the subnet that you want to manage.

6. Click Edit.

7. Make the desired changes to the subnet, such as the subnet name, CIDR block, or route table.

8. Click Save Changes.

Using the OCI CLI:

To manage a subnet using the OCI CLI, you can use the following commands:

Get subnet information:

oci subnet get --id <subnet_id>

Update subnet information:

oci subnet update --id <subnet_id> --name <subnet_name> --cidr-block <cidr_block> --route-table-id <route_table_id>

Delete subnet:

oci subnet delete --id <subnet_id>

OCI CLI Examples

Here are some examples of using the OCI CLI to create and manage subnets:

# Create a subnet

oci subnet create --name my-subnet --cidr-block 10.0.0.0/24 --vcn-id ocid1.vcn.oc1.iad.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

# Get subnet information

oci subnet get --id ocid1.subnet.oc1.iad.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

# Update subnet information

oci subnet update --id ocid1.subnet.oc1.iad.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa --name new-subnet --cidr-block 10.0.1.0/24

# Delete subnet

oci subnet delete --id ocid1.subnet.oc1.iad.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Creating and managing subnets is an important part of administering a VCN in OCI. You can use the OCI Console or the OCI CLI to create and manage subnets.

VCN Administrative Tasks

 

Creating a VCN

To create a VCN using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click Create VCN.

4. Enter the required information and click Create VCN.

To create a VCN using the OCI CLI:

1. Run the following command:

oci vcn create --name <vcn_name> --cidr-block <cidr_block> --compartment-id <compartment_id>

Creating a Subnet

To create a subnet using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which you want to create the subnet.

4. Click Subnets.

5. Click Create Subnet.

6. Enter the required information and click Create Subnet.

To create a subnet using the OCI CLI:

1. Run the following command:

oci subnet create --name <subnet_name> --cidr-block <cidr_block> --vcn-id <vcn_id>

Creating a Route Table

To create a route table using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which you want to create the route table.

4. Click Route Tables.

5. Click Create Route Table.

6. Enter the required information and click Create Route Table.

To create a route table using the OCI CLI:

1. Run the following command:

oci route-table create --name <route_table_name> --vcn-id <vcn_id>

Creating a Security List

To create a security list using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which you want to create the security list.

4. Click Security Lists.

5. Click Create Security List.

6. Enter the required information and click Create Security List.

To create a security list using the OCI CLI:

1. Run the following command:

oci security-list create --name <security_list_name> --vcn-id <vcn_id>

Attaching a Subnet to a Route Table

To attach a subnet to a route table using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which the subnet is located.

4. Click Subnets.

5. Click the name of the subnet that you want to attach to the route table.

6. Click Edit.

7. Under Route Table, select the route table that you want to attach to the subnet.

8. Click Save Changes.

To attach a subnet to a route table using the OCI CLI:

1. Run the following command:

oci subnet update --id <subnet_id> --route-table-id <route_table_id>

Attaching a Security List to a Subnet

To attach a security list to a subnet using the OCI Console:

1. Go to the OCI Console.

2. Click Networking > Virtual Cloud Networks.

3. Click the name of the VCN in which the subnet is located.

4. Click Subnets.

5. Click the name of the subnet that you want to attach the security list to.

6. Click Edit.

7. Under Security List, select the security list that you want to attach to the subnet.

8. Click Save Changes.

To attach a security list to a subnet using the OCI CLI:

1. Run the following command

oci subnet update --id <subnet_id> --security-list-ids <security_list_id>

These are just a few examples of VCN administrative tasks that you can perform using the OCI Console and the OCI CLI. For more information, please refer to the OCI documentation.

VCN Administration

 

As a VCN administrator, you are responsible for managing and securing your VCN. This includes tasks such as:

1.  Creating and managing subnets
2.  Creating and managing route tables
3.  Creating and managing security lists
4.  Creating and managing DHCP options
5.  Monitoring and managing VCN traffic
6. Troubleshooting and resolving VCN issues

VCN Troubleshooting

Some of the most common VCN troubleshooting issues include:

Connectivity issues: This can be caused by a variety of factors, such as subnet misconfiguration, route table issues, or security list issues.

Performance issues: This can be caused by a variety of factors, such as overloaded subnets, inefficient routing, or security list rules that are too restrictive.

Security issues: This can be caused by a variety of factors, such as misconfigured security lists, vulnerabilities in applications, or malware infections.

To troubleshoot VCN issues, you can use a variety of tools and resources, such as the OCI Console, the OCI CLI, and the OCI SDK. You can also contact Oracle support for assistance.

Here are some additional tips for VCN administration and troubleshooting:

Use subnets to isolate your resources: Subnets allow you to isolate your resources into logical groups. This can make it easier to manage and troubleshoot your VCN.

Use route tables to control traffic flow: Route tables allow you to control how traffic flows within your VCN and between your VCN and other networks.

Use security lists to protect your resources: Security lists allow you to control incoming and outgoing traffic to your VCN resources.

Use DHCP options to configure your clients: DHCP options allow you to configure your clients with the necessary information to connect to the network, such as the IP address of the DHCP server and the default gateway.

Monitor your VCN traffic: Use the OCI Console, the OCI CLI, or the OCI SDK to monitor your VCN traffic for performance issues and security threats.

Have a plan for disaster recovery: Create a plan for how you will recover your VCN in the event of a disaster. This plan should include steps for backing up your data and restoring your resources.

By following these tips, you can help to ensure that your VCN is secure, performant, and reliable.

Here are some additional practical scenario-based examples of how VCN administration and troubleshooting can be used:

Scenario 1: You are a VCN administrator and you are troubleshooting a connectivity issue. One of your subnets is unable to connect to the internet. You use the OCI Console to check the subnet's route table and security list. You discover that there is a missing route to the internet gateway. You add the missing route and the subnet is now able to connect to the internet.

Scenario 2: You are a VCN administrator and you are troubleshooting a performance issue. One of your subnets is experiencing high latency. You use the OCI Console to monitor the subnet's traffic. You discover that the subnet is overloaded. You move some of the resources in the subnet to another subnet and the latency is reduced.

Scenario 3: You are a VCN administrator and you are troubleshooting a security issue. One of your subnets is being attacked by a denial-of-service attack. You use the OCI Console to check the subnet's security list. You create a new security rule to block the traffic from the attacker's IP address.

By following the tips and examples above, you can effectively administer and troubleshoot your VCNs.

Tenancy Administrative Tasks with OCI Console, and OCI CLI

Creating a Tenancy

To create a tenancy using the OCI Console:

1. Go to the OCI Console.

2. Click Identify > Tenancies.

3. Click Create Tenancy.

4. Enter the required information and click Create Tenancy.

To create a tenancy using the OCI CLI:

1. Install the OCI CLI.

2. Run the following command:

oci tenancy create --name <tenancy_name> --compartment-ocid <compartment_ocid>

Creating a User

To create a user using the OCI Console:

1. Go to the OCI Console.

2. Click Identify > Users.

3. Click Create User.

4. Enter the required information and click Create User.

To create a user using the OCI CLI:

1. Run the following command:

oci user create --name <user_name> --email <user_email> --password <user_password>

Assigning Permissions to a User

To assign permissions to a user using the OCI Console:

1. Go to the OCI Console.

2. Click Identify > Users.

3. Click the user's name.

4. Click Assign Permissions.

5. Select the permissions you want to assign to the user.

6. Click Assign.

To assign permissions to a user using the OCI CLI:

1. Run the following command:

oci user policy assign --user-ocid <user_ocid> --policy-name <policy_name>

Creating a Compartment

To create a compartment using the OCI Console:

1. Go to the OCI Console.

2. Click Govern > Compartments.

3. Click Create Compartment.

4. Enter the required information and click Create Compartment.

To create a compartment using the OCI CLI:

1. Run the following command:

oci compartment create --name <compartment_name> --description <compartment_description> --compartment-id-in-parent <parent_compartment_ocid>

Creating a Resource

To create a resource using the OCI Console:

1. Go to the OCI Console.

2. Click the type of resource you want to create.

3. Enter the required information and click Create.

To create a resource using the OCI CLI:

1. Run the appropriate command for the type of resource you want to create. For example, to create a compute instance, you would run the following command:

oci compute instance create --name <instance_name> --shape <shape_name> --image-id <image_id> --compartment-id <compartment_ocid>

Monitoring Your Tenancy

To monitor your tenancy using the OCI Console:

1. Go to the OCI Console.

2. Click Monitoring.

3. Select the metrics you want to monitor.

To monitor your tenancy using the OCI CLI:

1. Run the following command to get a list of all the metrics that are available:

oci monitoring metric list

2. Once you have a list of metrics, you can run the following command to get the value of a specific metric:

oci monitoring metric get --metric-name <metric_name> --resource-id <resource_ocid>

Troubleshooting Tenancy Issues

To troubleshoot tenancy issues using the OCI Console:

1. Go to the OCI Console.

2. Click Troubleshooting.

3. Select the area of the tenancy that you are having problems with.

4. Follow the instructions to troubleshoot the problem.

To troubleshoot tenancy issues using the OCI CLI:

1. Run the following command to get a list of all the troubleshooting logs that are available:

oci troubleshooting log list

2. Once you have a list of logs, you can run the following command to get the content of a specific log:

oci troubleshooting log get --log-name <log_name>

By following these steps, you can perform a variety of tenancy administrative tasks using the OCI Console and the OCI CLI. You can also use these tools to troubleshoot tenancy issues. 

Tenancy Administration

As a tenancy administrator, you are responsible for managing and securing your tenancy. This includes tasks such as:

1. Creating and managing users and groups
2. Assigning permissions to users and groups
3. Creating and managing compartments
4. Creating and managing resources
5. Monitoring and managing costs
6. Troubleshooting and resolving issue

Tenancy Troubleshooting

Some of the most common tenancy troubleshooting issues include:

Connectivity issues: This can be caused by a variety of factors, such as network misconfiguration, firewall issues, or routing problems.

Performance issues: This can be caused by a variety of factors, such as overloaded resources, inefficient applications, or network congestion.

Security issues: This can be caused by a variety of factors, such as misconfigured permissions, vulnerabilities in applications, or malware infections.

To troubleshoot tenancy issues, you can use a variety of tools and resources, such as the OCI Console, the OCI CLI, and the OCI SDK. You can also contact Oracle support for assistance.

Here are some additional tips for tenancy administration and troubleshooting:

Use compartments to organize your resources: Compartments allow you to organize your resources into logical groups. This can make it easier to manage and troubleshoot your environment.

Implement least privilege access: Only grant users the permissions they need to perform their job duties. This can help to reduce the risk of unauthorised access to your resources.

Monitor your tenancy: Use the OCI Console, the OCI CLI, or the OCI SDK to monitor your tenancy for performance issues and security threats.

Have a plan for disaster recovery: Create a plan for how you will recover your tenancy in the event of a disaster. This plan should include steps for backing up your data and restoring your resources.

By following these tips, you can help to ensure that your tenancy is secure, performant, and reliable.

Oracle Cloud Infrastructure (OCI) - Tenancy

 

A Tenancy is a unique customer account in Oracle Cloud Infrastructure (OCI). A tenancy is a logical container for all of your OCI resources, such as compute instances, storage, and networking. You can create multiple tenancies in OCI, but each tenancy is isolated from other tenancies. This means that you can control who has access to your resources and how they are used.

Here are some multiple scenario based examples of how tenancies can be used:

Scenario 1:  You are a company with multiple departments, such as sales, marketing, and engineering. Each department has its own set of requirements, so you create a separate tenancy for each department. This allows you to isolate the resources for each department and to control who has access to them.

Scenario 2: You are a developer who is working on a new application. You want to create a separate tenancy for the application so that you can test it and deploy it to production without affecting your other applications.

Scenario 3: You are a consultant who is working with multiple clients. You want to create a separate tenancy for each client so that you can isolate their resources and to control who has access to them.

Scenario 4: You are a company that is expanding into new markets. You want to create a separate tenancy for each market so that you can comply with local regulations and to improve performance.

Tenancies can also be used to create complex multi-tenancy environments. 

For example, 

    You can use tenancies to create a separate tenancy for each customer or partner. This allows you to isolate their resources and to provide them with a customised experience.

Here are some additional benefits of using tenancies:

Security: Tenancies can help to protect your resources from unauthorised access.

Compliance: Tenancies can help you to comply with local regulations.

Performance: Tenancies can improve performance by isolating your resources from other tenancies.

Scalability: Tenancies are scalable and can grow with your business.

Cost Optimisation: Tenancies can help you to optimise your costs by isolating your resources and by using different pricing models for different tenancies.

If you are planning to deploy applications to OCI, you should consider using tenancies. Tenancies can help you to create a secure, compliant, performant, scalable, and cost-effective environment for your applications.

Virtual Cloud Network (VCN) - OCI

 

A virtual cloud network (VCN) is a private network that you create in Oracle Cloud Infrastructure (OCI). You can use VCNs to launch compute instances, store data, and deploy applications. VCNs are logically isolated from each other, and you can control who has access to your resources.

Here is a scenario-based explanation of how VCNs can be used:

Scenario:

        You are a web developer and you want to deploy a new web application to OCI. You create a VCN and launch a compute instance in the VCN. You then deploy your web application to the compute instance.

To make your web application accessible to users on the internet, you create a public subnet in your VCN and attach the compute instance to the public subnet. You then create a security rule in the VCN's security list to allow incoming traffic to the compute instance on port 80.

Now, users on the internet can access your web application by visiting the compute instance's public IP address.

VCNs can be used to create complex network architectures for demanding applications. For example, you can use VCNs to create multiple subnets for different types of traffic, such as web traffic, database traffic, and management traffic. You can also use VCNs to create private networks that are not accessible from the internet.

Here are some additional benefits of using VCNs:

Security: You can use VCNs to isolate your resources from the public internet and from other VCNs. This can help to protect your resources from unauthorized access.

Performance:VCNs are highly performant and can support demanding applications.

Scalability: VCNs are scalable and can grow with your business.

Flexibility: VCNs are flexible and can be used to create a variety of network architectures.

If you are planning to deploy applications to OCI, you should consider using VCNs. VCNs can help you to create a secure, performant, and scalable network for your applications.

Oracle Cloud Administration Scenarios

 

Troubleshoot a VCN issue:

Scenario:

     You are troubleshooting a VCN issue where compute instances in a subnet are unable to access the internet.

Steps:

    1. Check the subnet's route table to make sure that there is a route to the internet gateway.

    2. Check the subnet's security list to make sure that outgoing traffic to the internet is allowed.

    3. Check the compute instances to make sure that they are configured to use the correct subnet and route table.

    4. If you are still having problems, try restarting the compute instances and the router.

Configure a firewall for a complex application:

Scenario:  You are configuring a firewall for a complex application that has multiple components running on different subnets.

Steps:

    1. Identify the different components of the application and the traffic that needs to be allowed between them.

    2. Create security lists for each subnet and configure them to allow the necessary traffic.

    3. If you need to allow traffic between subnets, you can create network security groups (NSGs) and attach them to the resources that need to communicate with each other.

    4. Test the firewall configuration to make sure that the application is working as expected.

Back up a critical database:

Scenario: You need to back up a critical database that is running in OCI.

Steps:

    1. Create a database backup plan that specifies how often you need to back up the database and how long you need to keep the backups.

    2. Use the OCI Console, the OCI CLI, or the OCI SDK to create a database backup.

    3. Store the database backup in a secure location, such as OCI Object Storage.

    4. Test the database backup to make sure that it is restorable.

Implement a disaster recovery plan for a cloud-based application:

Scenario: You need to implement a disaster recovery plan for a cloud-based application that is running in OCI.

Steps:

    1. Identify the critical components of the application and the resources that they need.

    2. Decide how you want to recover the application in the event of a disaster. You may choose to use a combination of the following strategies:

        Replication: Replicate the critical components of the application to another region.

        Failover: Configure the application to fail over to another region in the event of a disaster.

        Backup and restore: Back up the critical components of the application and restore them to another region in the event of a disaster.

    3. Test the disaster recovery plan to make sure that it works as expected.

Oracle Cloud Basic Questions

 

What is the difference between a tenancy and a compartment?

    A tenancy is a unique customer account in Oracle Cloud Infrastructure. A compartment is a logical group of resources within a tenancy. Tenancies are isolated from each other, but compartments within a tenancy can share resources.

How do you design a VCN for a production environment?

To design a VCN for a production environment, you should consider the following factors:

Security: You should implement security best practices, such as using security lists and route tables to control traffic to and from resources in your VCN.

Performance:You should design your VCN to meet the performance requirements of your applications. This may involve using multiple availability domains and subnets.

Scalability: You should design your VCN to be scalable so that it can accommodate future growth.

What are the different network layers in OCI?

OCI supports the following network layers:

Default: The default network layer is the default network layer for VCNs.

Regional: The regional network layer provides a private network that spans all availability domains in a region.

Global: The global network layer provides a private network that spans all regions.

How do you configure a firewall in OCI?

To configure a firewall in OCI, you can use a security list or a network security group (NSG). Security lists are attached to subnets and NSGs are attached to resources.

To configure a security list, you create rules that specify which traffic is allowed to and from the subnet. To configure an NSG, you create rules that specify which traffic is allowed to and from the resource.

What are the different types of subnets in OCI?

OCI supports the following types of subnets:

Public: Public subnets are accessible from the public internet.

Private: Private subnets are not accessible from the public internet.

Regional: Regional subnets are available in all availability domains in a region.

Availability domain-specific: Availability domain-specific subnets are only available in a single availability domain.

What are the different storage options in OCI?

OCI offers the following storage options:

File Storage Service (FSS): FSS is a managed NFS file service that provides high-performance, scalable, and reliable file storage for applications.

Block Volume: Block Volume is a managed block storage service that provides persistent storage for compute instances.

Object Storage: Object Storage is a highly scalable and durable object storage service that can be used to store any type of data.

How do you choose the right storage option for a given workload?

To choose the right storage option for a given workload, you should consider the following factors:

Performance: 

        FSS is the best option for workloads that require high performance, such as database servers and application servers. 

        Block Volume is a good option for workloads that require persistent storage, such as compute instances and file servers. Object Storage is a good option for workloads that require highly scalable and durable storage, such as backups and archives.

Cost: 

        FSS is the most expensive storage option, followed by Block Volume and Object Storage.

Features:

        FSS offers a variety of features, such as snapshots, clones, and backups. 

        Block Volume offers snapshots and backups.

        Object Storage offers lifecycle management and versioning.

What is FSS and how do you use it?

        FSS is a managed NFS file service that provides high-performance, scalable, and reliable file storage for applications. To use FSS, you create a file system and then mount it on your compute instances.

What is Block Volume and how do you use it?

        Block Volume is a managed block storage service that provides persistent storage for compute instances. To use Block Volume, you create a volume and then attach it to your compute instance.

 What is Object Storage and how do you use it?

    Object Storage is a highly scalable and durable object storage service that can be used to store any type of data. To use Object Storage, you create a bucket and then upload objects to the bucket.

What are some best practices for OCI administration?

Here are some best practices for OCI administration:

Implement security best practices: 

        You should implement security best practices, such as using security lists and route tables to control traffic to and from resources in your VCN. You should also use strong passwords and enable two-factor authentication for all users.

Monitor your resources: 

        You should monitor your resources to ensure that they are performing

Oracle Cloud Infrastructure Basics

 

OCI Tenancy: A tenancy is a unique customer account in Oracle Cloud Infrastructure.

VCN: A virtual cloud network (VCN) is a private network that can be used to launch compute instances, store data, and deploy applications.

Compartments: Compartments are logical groups of resources within a tenancy. They can be used to organize resources by project, environment, or application.

Network Layers: Network layers are used to isolate and protect resources in a VCN. They can also be used to implement routing and security policies.

Firewalls: Firewalls are used to control inbound and outbound traffic to resources in a VCN.

Subnet: A subnet is a range of IP addresses within a VCN. It is used to isolate resources within a VCN and to implement routing and security policies.

Storage options: OCI offers a variety of storage options, including File Storage Service (FSS), Block Volume, and Object Storage.

FSS: FSS is a managed NFS file service that provides high-performance, scalable, and reliable file storage for applications.

Block Volume: Block Volume is a managed block storage service that provides persistent storage for compute instances.

Object Storage: Object Storage is a highly scalable and durable object storage service that can be used to store any type of data.