This post is the first in a multi-part byte-sized video series on Oracle Exadata Cloud Service for DBAs & APPS DBAs. Here, we’ll be covering high-level Overview of Exadata Cloud Service. This post has been specially designed for beginners in Oracle Exadata Cloud Service.
Oracle Exadata Cloud Service (ExaCS): Overview for Beginners - YouTube
Overview of Exadata Cloud Service
Oracle Exadata Cloud Service is a combination of the powerful Exadata and Oracle Cloud. It is versatile enough to process all database workloads including OLTP, Data Warehousing, OLAP, and Hybrid workloads on a single Exadata platform in the cloud.
Exadata on Cloud and Related Cloud Services
The Exadata on cloud and related Services are:
Exadata Cloud Service Instance
Cloud Control Plane
Oracle Cloud Operations Console & Team
Oracle Object Storage Cloud Service
1. Exadata Cloud Service Instance
Each Exadata Cloud Service Instance has a predefined number of Exadata Database Server Nodes and a predefined number of Exadata Storage Server Nodes. Exadata Cloud Service is available in 3 configurations:
Cloud Control Plane which provides a web-based self-service interface to manage Exadata Cloud service. In addition to that, you also get REST APIs which also provide programmatic access to the service administration functions
3. Oracle Cloud Operations console & team
All hardware, firmware, and the Exadata Storage Server software are managed by Oracle with the help of Oracle Cloud Operations which is integrated with the Exadata Cloud instance using a management network.
4. Oracle Object Storage Cloud Service
The Oracle Exadata instance consists of Oracle Object Storage Cloud Service which contains the Exadata backups. Additionally, Oracle Exadata Database Server can be backed up here.
Note: Apart from backup on Oracle Cloud Storage, a local backup can be created on the Exadata Storage Server.
5. Client Applications
In order to access the Exadata Cloud Service one first needs to establish a connection between the Client Applications like EBS, Java Applications, etc and Oracle Exadata instance by one of these 3 ways:
Public Internet. Using the public Internet and secure protocols, such as SSH on port 22 and Oracle Net on port 1521. A private IP is assigned to the client which connects to the Exadata instance.
IPSec VPN. Configuring an IPSec VPN to provide a secure connection between your network and Oracle Cloud over the Internet. Here, a private IP is assigned.
FastConnect. FastConnect provides higher-bandwidth options, more reliable and consistent networking experience compared to the Internet-based connections.
This blog post is about the new Oracle Exadata Database Machine X8 released on 20th April 2019including the documentation of the machine.
Exadata X8 Features
The most notable features that the Oracle Exadata Database X8 has to offer are:
X8 uses machine learning to tune Oracle Autonomous Database and automate indexing which relieves the burden on IT professionals and DBAs. It detects performance issues and root causes of a problem, and address problems without human intervention. It improves performance and eliminates manual tuning.
Exadata X8 has 60% better performance than the previous machines which means it can pull data from a 560 GB database in under one second and under 3 seconds from a 1.6 TB database.
With the latest 24-core Intel processors and NVMe flash, Exadata X8 delivers up to 4.8M 8K database read I/O operations, or 4.3M 8K Flash write I/O operations per second per full rack.
Improvised security for mitigating threats such as “Spectre” and “Meltdown”.
It is made more scalable by connecting multiple Exadata Database Machine X8-2 racks or Exadata Storage Expansion Racks. Up to 18 racks can be connected by simply adding InfiniBand cables and internal switches.
There is a 40% higher capacity 14TB Helium disk drives as compared to the X7 10TB drives. However, if the capacity of the current Exadata system is not enough, the disks can be swapped. Additionally, a new Storage Server X8-2 XT expansion unit extends drastically less expensive storage for less-accessed, archived, or regulatory data, but with the same benefits of as of Oracle Database storage such as Hybrid Columnar Compression and 6 identical operations.
Here’s the quick sneak-peak of how to start learning Oracle Autonomous Database Cloud & clear the [1Z0-931] Certification Exam by doing Hands-on:
Activity Guide I: Register for an Oracle Free Trial Account
The first thing you must do is to get a Trial Account for Oracle Cloud (You get 300 USD FREE Credit from Oracle to practice). In this Activity Guide, we would learn how to register for an Oracle FREE Trial Account.
Note: Get this first Step-by-Step Activity Guide absolutely FREE fromHere.
Once you register for an Oracle Cloud Trial, you will receive an Email like the one in the Image below:
Activity Guide II: Provisioning Autonomous Data Warehouse (ADW)
Next step is to Provision (create) Your first Autonomous Database in Cloud. This is one of the most important topics from the Exam point of view.
So, in this Activity guide, we cover Step-by-Step Instructions to Create an Oracle Autonomous Data Warehouse (ADW) instance on Oracle Cloud.
Activity Guide III: Connecting SQL Developer To ADW and Creating Tables
Once you successfully provision the Autonomous Data Warehouse, then the next task will be connecting to that Autonomous Data Warehouseinstance and perform the required actions.
So, in this Activity Guide, we discuss the Steps to Download, Install SQL Developer and then connect to ADW instance using SQL Developer. Also, Creating Tables in Autonomous Data Warehouse.
Activity Guide IV: Loading Data Into Autonomous Data Warehouse
Once you are done with provisioning ADW instance and connecting to the instance, then you should know How to Create Users and Groups and How to load data into your Autonomous Data Warehouse Instance.
In this Activity Guide, you will create the IAM User, group and required policy and then load the required data into your Autonomous Data Warehouse Instance using DBMS_CLOUD Utility after connecting via SQL Developer.
Activity Guide V: Running Query On Sample Data
Next task, you should know How to Query the Data in an Autonomous Data Warehouse. In this Activity Guide, we will share the steps to run queries on Sample Data in Autonomous Data Warehouse.
Activity Guide VI: Administer Autonomous Database
Now comes the most important task you should know as a DBA, is How to Administer the Autonomous Data Warehouse like Start and Stop, etc.
So, in this Activity Guide, we will cover the Administration Steps like How to Start/Stop the Autonomous Database, How to Take Backup and then How to Recover, etc.
Activity Guide VII: Performance Tuning and Monitoring
Next, as a DBA, you should be aware of how to Monitor the Autonomous Database for Performance and when required, how to do the Performance Tuning.
In this Activity Guide, we will be covering the steps to use Service Console to Monitor the Performance of Autonomous Database and looking into various aspects such as CPU Utilisation, Running SQL Statements & Average SQL Statement Response Time.
Activity Guide VIII: Running SQL Statements in Oracle Machine Learning
Next, You should know How to run SQL statements in Oracle Machine Learning (an important feature in Oracle Autonomous Database).
So, in this activity Guide, We will show you How to run SQL Statements in Oracle Machine learning in Autonomous Database.
The above Guides make your learning & understanding the concepts of Oracle Autonomous Database Cloud much easier and help you in qualifying Oracle Autonomous Database Cloud Certified Specialist (1Z0-931 ) Certification in one go. You can get all these guides when you register for our Oracle Autonomous Database Cloud Specialist: 1Z0-931 Training Program.
Here’s What You Get:
Live Instructor-led Online Interactive Sessions
FREE Unlimited Retakes for the next 1 Year
FREE On-Job Support for the next 1 Year
Latest Updated Training Material (Presentation + Videos) with Hands-on Lab Exercises mentioned
Recording of Live Interactive Session for Lifetime Access
100% Money Back Guarantee (If you attend sessions, practice and don’t get results, We’ll REFUND you, check our Refund Policy)
Note: Networking from the exam point of view is an important topic as it contains 30% of the total exam weighage. The Networking Module contains important topics such as VCN, Subnet, Gateways which control the access of OCI resources in the Cloud.
In this session, We covered Module 3: Networking which includes the following lessons:
The course which is available on the Membership Portal looks like the Image below. We encourage trainees to go through the well-done recorded videos before coming to the Live session so that they can come prepared with their doubts & clear them during the Live Session to make it more interactive.
[Q/A] VCN & Subnet
We started this Module with Virtual Cloud Network (VCN) & Subnet CIDR Ranges. Here is the high-level overview of what we have covered & related Q/A:
Virtual Cloud Network (VCN): Software-defined version of the traditional physical network including subnet, route tables, security list, and gateways. VCN covers a single, contiguous IPv4 CIDR Block of your choice. It resides within a single Region but can cross multiple Availability Domain (AD).
Subnet: Each VCN network is subdivided into Subnets. Each subnet has a contiguous range of IPs, described in CIDR notation. Subnet IP ranges within VCN can’t overlap. Subnets can be Regional or AD Specific and can be designated as either Public or Private.
Here are some of the questions related to VCN & Subnet:
Q1. Can we have multiple VCN?
Ans: Yes, you can have multiple VCNs.
Q2. Can Subnet span across ADs?
Ans: Yes, now Subnet can span across AD when you select regional Subnet. To know more on Regional Subnets, please check Here.
Q3. How can one use private Subnets as “public”? As per RFC-1918, these Subnets are designated private Subnets, right?
Ans:In Oracle Cloud, you designate Subnet as public or private. So, when you create subnet as public. you get both public IP and private IP. However, for the private Subnet, you get only private IP. Once you have created a Subnet of a specific type, then you can’t change it and Subnet can be either public or private but not both at the same time.
Q4. Why does Oracle recommend Subnet to be over a region?
Ans: Regional Subnet reduces the number of Subnets you need to create as now you are not creating specifically to AD.
To know more on Regional Subnets, please check Here.
Q5. Can a private VCN have a public Subnet?
Ans: VCN is a network (you don’t define VCN as public or private), and only Subnets are defined as public and private. VCN can have both public and private Subnets.
Q6. Is that possible to explain the Regional Subnet with an example or diagram?
Ans: Yes, here is an explanation with a diagram, but we’ll discuss this again in Compute by giving a demo.
Q7. In which case we will use regional Subnet?
Ans: Going forward always use regional Subnet. AD-specific Subnet is how it started and since Regional Subnet it’s better to select Regional Subnet.
Q8. Can you please give an example of why Regional Subnet is useful?
Ans: Regional Subnet reduces the number of Subnet as you are not creating Subnet for each but just 1 Regional Subnet can cover all 3 AD (so now you are creating 1 Subnet for Regional instead of 3 AD Subnet).
To know more on Regional Subnets please, checkHere.
[Q/A] Route Table
Next, we discussed was Route Table, here is a high-level overview & some related Q/A:
VCN uses route tables to send traffic outside VCN (Internet, On-Premise, other Peered VCN).
Each Route rule specifies:
Destination CIDR block
Route Target for the traffic that matches that CIDR
Each Subnet uses a single route table specified at the time of Subnet creation and can be edited later. The route table is used only if the destination IP Address is not within VCN’s CIDR block.
When you add any gateway (IGW, DRG, NAT, SGW), you must update the Route Table of the Subnet that uses these gateways. Multiple Route Tables can be created from VCN Page but only 1 can be used by a specific Subnet with Multiple Rules inside.
We covered Route Table on Day 3, so here are some of the questions related to Route Table:
Q9. Is there any Default or Main Route Table concept?
Ans: There will be a default Route Table for VCN.
Q10. Is the Routing Table at the VCN or the Subnet?
Ans: VCN will have multiple Route Tables but Subnet will have only 1 Route Table at any given point of time.
Q11. Is there a way we can delete the default Route Table in OCI?
Ans: Yes, you can delete as long as the Route Table is not in use by any Subnet.
Q12. How many maximum Route Table we can create in one VCN, is there any restriction?
Ans: There is a limit which can be seen in the Image below:
Then, we look at different Networking Gateways & here is an overview of the critical ones:
Internet Gateway (IGW) provides a path for network traffic between VCN(public Subnet) & the Internet.
NAT Gateway (NGW) gives private network, outgoing access to VCN(private subnet) & the Internet without assigning Public IP to host.
Dynamic Routing Gateway(DRG) provides private network traffic between VCN and destinations other than the Internet like On-Premise and VCN in another Region.
Service Gateway(SGW) lets resources in VCN access public OCI Service (Ex Object Storage) but without using the Internet (IGW or NAT GW).
Local Peering Gateway(LPG) provides a connection between two VCNs in the same region, so their resources can communicate using private IP addresses without routing the traffic over the Internet or through your On-Premises Network.
On Day 3, we also covered Gateways (Internet Gateway, NAT Gateway, Dynamic Routing Gateway), so here are some of the questions related to Gateways:
Q13. In DRG, the destination IP will always be the same?
Ans: No, it will be the CIDR of a network that DRG is connecting to.
Here, we have our VCN whose CIDR block is 172.16.0.0/16 and the destination CIDR block is 10.0.0.0/16, the route target will be the DRG. The DRG is attached to this VCN which then allows the connection to route to the destination CIDR block.
Let us assume this is the On-Premise CIDR block, so the route target in DRG will be CIDR 10.0.0.0/16
Q14. Can we create both NGW and IGW in the same architecture?
Ans: Yes, for Public Subnet you’ll use IGW, and for Private Subnets, you’ll use NGW
Q15. In Public Subnet Access through Internet Gateway and In Private Subnet connectivity through DRG, is it? Means DRG use in only Private Subnet?
Ans: No, IGW is used to connect to the Internet while DRG is to connect VCN to another VCN or another Network like On-Premise using private IP. If you want to connect to the Internet, then it’s via IGW.
Q16. Do we have any limits to the number of Gateways within a VCN?
Q17. Do we have to install any software on our on-premise machines to access VCN through DRG?
Ans: Yes, you’ll need a VPN software in On-Premise.
[Q/A] Security List: Ingress & Egress
You should know about the Security Lists, & the most confusing one is Stateless vs Stateful. Here is an overview & some questions related to the Security List:
Security List: Common set of firewall rules associated with a Subnet. Security List is of 2 types:
Ingress: Incoming Traffic
Egress: Outgoing Traffic
Firewall rules in OCI are defined at Subnet level and not at the Compute Instance level.
Q18. What is the value of stateful and stateless rules? Can you explain more for the stateless rule?
Ans: When you define a Stateful Security Rule, you just need to write Ingress rule, and you don’t need any specific egress rule for a response to go back to the client.
Whereas if you define a Stateless Rule, you need to write an Ingress Rule and with that, you also need to write an Egress Rule for the response to go back to the client. You write a stateless rule for service that gets a lot of requests like for very busy website traffic.
Note: If in such a scenario, you use Stateful Rule (whereas Stateless is recommended), Security List will need to maintain connection tracking and this will impact performance.
[Q/A] VPNConnect & FastConnect
There are 3 ways to connect your On-Premise to the VCN on Cloud.
Public Internet: Here, a public IP is assigned which connects to the VCN.
VPN: One way to connect your on-premises network and your virtual cloud network (VCN) is to use VPN Connect, which is an IPSec VPN. Here, a private IP is assigned.
FastConnect: FastConnect provides higher-bandwidth options, more reliable and consistent networking experience compared to the Internet-based connections.
One way to connect your Pn-Premises Network and your Virtual Cloud Network (VCN) is to use VPN Connect, which is an IPSec VPN. IPSec stands for Internet Protocol Security or IP Security. IPSec is a protocol suite that encrypts the entire IP traffic before the packets are transferred from the source to the destination.
FastConnect connects an existing network to VCN over a private physical network instead of the Internet. There are two ways to connect with FastConnect: ➢ Colocation: By Co-locating with Oracle in a FastConnect Locations. ➢ Provider: By Connecting to a FastConnect Provider.
Note: We will cover IPSec and FastConnect in the advanced Module of Networking i.e. Module 9.
Here is a high-level overview & some related Q/A:
Q19. What is the difference between IPSec VPN and Fast Connect?
Ans: Both are ways to connect On-Premise to the Cloud. An IPSec VPN establishes an encrypted network connection over the Internet between your network or data center and your Oracle Cloud Infrastructure Virtual Cloud Network (VCN). It’s a suitable solution if you have low or modest bandwidth requirements and can tolerate the inherent variability in the Internet-based connections. FastConnect bypasses the Internet. Instead, it uses dedicated, private network connections between your network or data center and your VCN.
We covered & discussed many Exam Dumps during the Live session. Check below one of the Sample Quiz Question based on the above Slide:
Note: If you know the answer to the above question, then leave a comment in the comment box below. Make sure you post the answer with an explanation of why you think it is the correct answer while others aren’t.
This post gives you an overview of Connectivity Agents in Oracle Integration Cloud (OIC) Service.
If you are new to Oracle Integration Cloud (OIC), then check out our blogs below as these contain all the key points that a beginner should know about Oracle Integration Cloud (OIC), creating Oracle Integration Instance and Consoles walkthrough.
Connectivity agents are the agents that help you create integrations between on-premises applications and Oracle Integration Cloud (OIC) Service.
Connectivity Agents are required for Oracle Integration Cloud to communicate or exchange messages with on-premise applications like Database, E-Business Suite, etc.
Comparison of Agents in ICS and OIC
Agents in OIC have the same functional capabilities as what you have seen with the one in ICS. Customers on ICS can choose to be agents on ICS or migrate to OIC. Agents in OIC can take advantage of new features and services built into OIC.
Note: OIC has superseded ICS.
In ICS, we needed Weblogic alongside and it also needed Port to be opened resulting in exposed SOAP-based web services.
While in OIC, we only need Java and it does not require any extra inbound port to open and the Connectivity agent use SSL to connect to Integration Cloud.
1) The on-premises connectivity agent enables you to create integrations between on-premises applications and Oracle Integration Cloud Service (ICS).
2) Connectivity Agent acts as a Gateway from On-premise to ICS.
3) Connectivity Agents consists of the following components:
SaaS Agent: This agent is installed and runs in Oracle Integration and supports communication with on-premises applications.
On-premises agent: This agent is installed and runs on an on-premises environment on the same network as internal systems such as Oracle E-Business Suite, Oracle Siebel, Oracle Database, and others.
Note: You download the on-premises agent installer from the Agents page in Oracle Integration to your on-premises environment for installation. (More on Installing On-Premise Agent on Windows & Linux in my future blog posts)
4) All connections are initiated by the Agent to the Integration Cloud and not vice versa.
5) ICS doesn’t initiate any outbound connection to the Agent.
6) The agent posts a regular heartbeat to OIC to signal that it is alive and this reflects as a “green” agent health status in the ICS monitoring console.
7) In addition, the agent continuously polls OIC for:
a) Design-time work (‘Test Connection’, ‘Activation’, ‘Deactivation’)
b) Runtime work
‘processing invoke messages’ that needs to be sent to on-premise systems like database, E-Business Suite, or private SOAP or REST endpoints.
‘processing trigger messages’ that originates from on-premise systems and needs to be sent to OIC.
High-Level Steps for Using Connectivity Agents in OIC
a) Create Connectivity Agent Group in OIC.
b) Download and run the on-premises connectivity agent installer from OIC to Source/Target System that OIC is connecting. c) During Connectivity Agent Installation, an associate Agent Group is created in OIC with On-Premise connectivity Agent. d) Create an Adapter connection in OIC and associate the connectivity with the connectivity Agent Group. e) Design the integration that uses this Adapter connection. f) Activate the integration.
Agents in HA:
We can have Multiple Connectivity Agent Support In the Same Machine, Refer to (Doc ID 2425685.1)
In OIC, we have Supported for Controlled Availability Features”Connectivity Agent HA” And “Litmus Support” on an AOIC Agent, To learn more on how to Enable Enable Controlled Availability Features, refer to (Doc ID 2437887.1),
If you are unable to install a second agent into the Agent Group after enabling the “oic.adapter.connectivity-agent.ha” feature flag, then refer to doc (Doc ID 2452084.1)
This is all in nutshell about Connectivity Agents in Oracle Integration. We cover installation of On-Premise Connectivity Agent for Oracle Integration Cloud (OIC) in one of the modules of our Oracle Integration Cloud ServicesTraining Program (To register for FREE Masterclass, clickHere) where we also cover about Configuring Adaptors and connections, Configuring integrations, Data Mapping, Lookups, SaaS, On-premises integration agents, Security, Schedules, Versioning, Activating, Monitoring integrations and much more.
Click on the Image below to Download our FREE Guide on “25 Exam Questions for Oracle Integration Cloud Service” as it will help you clear your doubts and concepts about OIC before you start your journey.
For you to become an Oracle Integration Cloud expert, we engaged Phil in an interesting conversation. He talked about a lot of things that will guide and help you in choosing the right direction which will make your journey to Cloud much easier.
Question: Your brief introduction and how you started on Oracle and Integration?
Phil: For a long time, I worked with an open source tech. About 8 years ago, the company I worked for decided to move to use Oracle across the enterprise from EBS to Exadata including SOA Suite.
As an Enterprise Integration Architect, I needed to get to grips with the Oracle technology quickly. So I invested in the training, taking advantage of the opportunities with the UKOUG and as I worked, a large number of customers participated on the customer advisory board. As Oracle started to develop ICS and SOA CS and my employer was struggling with the Cloud/On-Premises considerations along with getting SOA Suite deployments built efficiently, I lead the company through some early PaaS adoption and the pilot solutions.
Question: Who do you think should learn Cloud Integration?
Phil: In the world of open source solutions, microservices, SaaS, etc I would recommend everyone should build some understanding in Integration whether that is Cloud or On-Premises although it is Cloud which allows you to focus on the Integration activities.
We have reached an age where we can solve solutions, not by building from scratch but by orchestrating or choreographing the existing or prebuild capabilities. Even if you’re not actually doing the Integration understanding which makes it easy to integrate, and understand what good integrations are like and crucially the consequences of different approaches.
Question: What are the few things you would suggest to get one started? Phil: Get familiar with the patterns, key factors such as choreography and orchestration are central to the way things are moving. Understand why a pattern is appropriate, and when to deviate – don’t just slavishly follow patterns like VETORO which can be complete overkill for some Integration requirements.
Understand APIs – in the purest sense, not just SOAP and REST. ALWAYS remember to look at what should happen when things go wrong. Keep up with the thought leaders who talk about why things should be done (or not). Translating this to your tech is the easier step. This should cover design principles, security, deployment,
Question: How do you keep yourself updated on the latest changes?
Phil: I keep a track of blogs, particularly those written by the product managers, the Oracle A-Team and ACE members along with some blog aggregators like the PaaS Community. Feedly is a great tool for that. Attend events when I can – such as user group events, developer meetups, webinars, conferences – you’ll learn to watch out for knowledge and interesting speakers in different areas.
Read release notes – Oracle don’t provide nice RSS feeds for their release note pages, but tools like visual ping can overcome that. This means I know at least what features are available. Podcasts and YouTube videos can help as well but these approaches are my least favorite.
Question: Any top 3 blogs that you recommend for the beginners to read?
Question: If someone is already working, what suggestions would you give to them to become an expert? Phil: Read, experiment and understand WHY people recommend things. Take your reading outside of just your specialism, often ideas will be relevant from other sources .e.g whilst Bounded Context as a concept often associated with microservices – it has potential applications for more traditional integration.
Question: What’s your Success Mantra?
Phil: They say it takes 10,000 hours to become good at something, that’s 10k of different things. Watch for the trap of doing variations of the same thing. I find the act of trying to explain ideas helpful in unraveling the questions that should be asked myself.
That was all from Phil Wilkins’ end who believes everyone should have an understanding of Integration and understand why a pattern is appropriate, and when to deviate. Also, he suggests everyone read, experiment and understand why people recommend things.
Well, Phil took the first step and is currently helping his customers in integrating various applications to Cloud.
Click on the Image below to Download our FREE Guide on “25 Exam Questions for Oracle Integration Cloud Service” as it will help you clear your doubts and concepts about OIC before you start your journey.
Oracle has announced a cloud interoperability partnership between Microsoft and Oracle.
Oracle and Microsoft have built a dedicated private network connection between Azure and Oracle Cloud Infrastructure data centers in the Ashburn, Virginia region that provides a data channel between the two clouds.
This cross-cloud interlink enables customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud Infrastructure (OCI).
Customers can now seamlessly connect Azure services, like (Analytics and AI), to Oracle Cloud services, like (Autonomous Database). For the highly optimized, best of both clouds experience, Customers can run one part of a workload within Azure and another part of the same workload within Oracle Cloud.
Connecting Azure and Oracle Cloud through network and identity interoperability makes lift-and-improve migrations seamless.
Note: The connection is currently available only between the Oracle Cloud Infrastructure location in the us-ashburn-1 region and the Azure Washington DC location.
Network Connectivity Between Oracle and Microsoft Azure
Enables new and innovative scenarios like running Oracle E-Business Suite or Oracle JD Edwards EnterpriseOne on Azure against an Oracle Autonomous Database running on Exadata infrastructure in the Oracle Cloud.
Customers can access the connection by using either Oracle FastConnect or Microsoft ExpressRoute.
FastConnect and ExpressRoute together create a path for workloads on both clouds to communicate directly and efficiently, which gives customers flexibility on how to develop and deploy services and solutions across Oracle Cloud Infrastructure and Microsoft Azure.
Both Microsoft and Oracle have invested in dedicated private networks to connect enterprise data centers with their respective cloud platforms.
Customers experience the following benefits when they interconnect the Oracle and Microsoft clouds:
A Secure private connection between the two clouds.
No exposure to the internet.
High availability and reliability.
High performance, low latency, predictable performance compared to the internet or routing through an on-premises network.
Straightforward, one-time setup.
No intermediate service provider required to enable the connection.
Easy Migration on Cloud
With simplified licensing models, customers can deploy enterprise Oracle applications on Azure with the same processor mapping as their existing on-premises deployments.
Enterprise apps such as Oracle E-Business Suite, JD Edwards, Peoplesoft Enterprise, Hyperion and Oracle RetailApplications can be migrated to Azure through simplified licensing schemes.
The same model is applied to Microsoft workloads, including SQL Server running on OCI.
Traffic Flow Between Oracle Cloud Infrastructure, Azure, and Non-Cloud Networks
The customer’s on-premises network is directly connected to Oracle Cloud Infrastructure through FastConnect and to Azure through ExpressRoute, and there’s a direct interconnection between the two clouds.
In this scenario, users located in the on-premises network can access applications (web tier and app tier) directly within Azure through ExpressRoute. The applications then access the database tier located in Oracle Cloud Infrastructure.
Workloads can access either cloud through the interconnection.
This cross-cloud connection doesn’t enable traffic between your on-premises network through the Azure virtual network (VNet) to the Oracle Cloud Infrastructure virtual cloud network (VCN), or from your on-premises network through the VCN to the VNet.
For example, customers can’t reach Oracle Cloud Infrastructure through Azure. If you need to reach Oracle Cloud Infrastructure, you need to deploy FastConnect directly from your on-premises network.
Connecting the Cloud Networks
Below Diagram describes the connectivity between an Oracle Cloud Infrastructure VCN to an Azure VNet & the components which will be used for the connection.
Components of this Connection
Oracle Cloud Infrastructure
Virtual network (VNet)
Virtual cloud network (VCN)
Virtual Network Gateway
Dynamic Routing Gateway (DRG)
FastConnect private virtual circuit
network security groups (NSGs)
Future Roadmap Plan
Apart from basic connectivity and interoperability, Microsoft and Oracle are committed to a tighter integration of Azure and OCI.
Some of the interesting possibilities include:
Integration of Oracle Analytics Cloud and Azure Data Services
Power BI integration with Oracle applications and Databases
Integrated monitoring between Azure AppInsights and OCI Monitoring service
Integrated key management between Azure KMS and OCI KMS
Microsoft Teams integration with Oracle applications
Oracle and Microsoft have provided customers the flexibility to build and deploy applications in Oracle Cloud Infrastructure and Azure by providing a robust, reliable, low-latency, and a high-performance path between the two clouds
Note: Identity & Access Management (IAM) from the exam point only contains 10% but in real implementation is most important specially Compartments and Policies as they control who can access what OCI resources in Cloud.
In this session, We covered Module 2: Identity & Access Management (IAM) Service which includes the following lessons
The course which is available on the Membership Portal looks like below. We encourage trainees to go through the well-done recorded videos before coming to the Live session so that they can come prepared with their doubts & can clear the doubts during the session to make it more Interactive.
Below are some of the questions asked during live interactive session related to Module 2 IAM in OCI
[Q/A] Instance Principals
We covered different type of Users i.e. Principal in OCI, here are some of the questions related to Principal (3 different types of Users) in OCI
Q1) Can you please Describe more about Instance Principals?
Ans: There are 3 types of Principals that are used to authenticate and interact with OCI resources:
IAM Users & Groups
Example of Instance principal is when a compute instance wants to connect to storage for backup. The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them.
To know more about Instance Principals, click here
We will cover Instance Principals in detail in Module 10: Advance IAM
Q2) So I assume if I need to use other OCI resources such as storage etc, then I need instance principals?
Ans: Yes, Instance principal is one of the methods to connect but you can connect to storage using normal userID password too. Please refer to Question 1 above to know more on Instance Principal.
[Q/A] Groups and Policies in OCI
A Group in OCI is the collection of users on which you apply IAM Policy, whereas Policy is a set of rule that dictates who can access what resource (Compute, Storage, Network, Database, etc) in OCI. Here are a few questions related to Groups & Policies covered on Day2 of OCI Training.
Q3) What is a Dynamic Group?
Ans: A special type of IAM group that contains instances that match rules that you define (thus the membership can change dynamically as matching instances are terminated or launched). These instances act as “principal” actors and can make API calls to Oracle Cloud Infrastructure services according to IAM policies that you write for the Dynamic Group.
We will cover Dynamic Groups in detail in Module 10: Advance IAM
Q4) How can we restrict access on a Group so members of a group can access only selected OCI Resources?
Ans: Root user can control this access via IAM Policies. For issue on creating policies, please click here
Q5) What is Aggregate resource-type in IAM policies?
Ans: Aggregate means collection of resources like in Network Family we have a Load balancer, VCN, Subnet, etc. these represent the aggregate resource-types.
Q6) How do we create an IAM policy?
Ans: A policy specifies who can access which Oracle Cloud Infrastructure Resources (Compute, VCN, Object Storage, Database, etc). A policy allows a group to work in certain ways with specific types of resources under a particular Compartment
Policies are comprised of one or more statements.
It specifies which groups can access, what resources. Also, it plays a role in the level of access users have in a particular group.
Policy, attached to a group defines who can access what under a Tenancy or Compartment.
Note: For more information on creating IAM policy follow our step by step Activity Guide, click here
[Q/A] API keys & Auth Token
On Day2 we also covered various Authentication methods like Username/Password, API Singing Keys, and Auth Token. Here are some of the questions related to API Keys & Auth Tokens in OCI, so here we are educating that we covered this in class.
Q7) How many API sign keys a user can have.
Ans: A credential for securing requests to the Oracle Cloud Infrastructure REST API.
You can have up to three API key pairs per user.
In an API request, you specify the key’s fingerprint to indicate which key you’re using to sign the request.
Q8) Is Auth Token permanent or available for a period of time?
Ans: It is permanent as long as you keep and don’t delete from the account. Please refer to the Activity Guide which is covered in our DBA to Cloud DBA Training for Module 7 Activity Guide 6 from here.
Q9) If we lost the API key is there a way to recover or recreate it?
Ans: API keys can be generally recreated, best practice is to create multiple backups of your API keys
Q10) In Cloud Account there is “SMTP Credentials”, What is this?
Ans: Simple Mail Transfer Protocol (SMTP) credentials are necessary to send emails through Email Delivery. Each user is limited to a maximum of two SMTP credentials. If more than two are required, SMTP credentials must be generated on other existing users or more users must be created.
A security best practice is to generate SMTP credentials for a new user instead of your Console user that already has permissions assigned to it.
We also covered Compartments in OCI in detail as Compartments are one of the most important and critical in designing security on OCI.
A Compartment is a logical container to organize and control access to your OCI Resources (Compute, Storage, Network, Load Balancer, etc). When creating resources (compute, storage) it is decided in which Compartment to place them.
The compartment is global meaning they span across Regions. When Tenancy is provisioned a root compartment is created, each resource belongs to a single compartment but resources can be shared across compartments.
Q11) As we are saying Compartment can be renamed, so if we rename the Compartment, then what will happen to the policy created on Compartment?
Ans: Policy will remain the same on the Compartment as there is OCID for Compartment and OCID will not change, on change of name so access will stay as it is.
Q12) What is the business case for nested Compartment or to ease of billing?
Ans: It is for granting access (delegated access). As policies are hierarchical so whatever parent Compartment has access that will be accessible by child Compartments also.
As we covered nested compartment in OCI so there were some questions related to it
Q13) Is it a general practice to put each application in its own Compartment? It is a common requirement to have applications exchange data.
Ans: You need to decide who needs to access what resource and what privilege and based on that you put an application in a specific Compartment. Access to a resource in different Compartments can be granted via Policy.
Q13B) Can the resources of one Compartment can be accessed by a resource/compute in another Compartment?
Ans: Yes, as long as there are appropriate access policies, you can access the resources in another Compartment
Q14) As per the client, I have created department wise Compartments as per the example 3 (Root/Fin, Root/HR, Root/Eng.), under that created a network, etc. My question is during OAC do I need to transfer data from one to another, do I need to have all in the same region or is it fine?
Ans: VCN can be created in one region, you can create a different VCN in another region and connect through VCN peering. If you are deploying in the different region there is a concept of remote VCN peering so you can connect two different applications in different regions. We will be covering this in the Networking and Advanced Networking Module.
Q15) If we do not use where clause then Compartment A will inherit root Compartment privileges?
Ans: No, the root Compartment contains the Compartment A and has the privileges for Compartment A also. If the parent Compartment has access to the child Compartment will also have access.
Q16) Can u explain the usability of Tags in detail? Real-time use cases, as it can be seen everywhere while creating resources.
Ans: When you have many resources (for example, instances, VCNs, load balancers, and block volumes) across multiple Compartments in your tenancy, it can become difficult to track resources used for specific purposes, or to aggregate them, report on them, or take bulk actions on them. Tagging allows you to define keys and values and associate them with resources. You can then use the tags to help you organize and list resources based on your business needs.
We covered & discussed many Exam Dumps during the Live session. Check below one of Sample Quiz Question based on the above Slide
Note: If you know the answer for the above question, then leave a comment in the comment box below. Make sure you post the answer with the explanation why you think that it should be correct & others not.
Cache memory, also called CPU memory, is high-speed static random access memory (SRAM) that a computer microprocessor can access more quickly than it can access regular random access memory (RAM).
Document caching enables you to temporarily hold an index frequently used documents in the Atom (that is, cache them) while you perform multiple integrations between documents within an integration process.
The purpose of cache memory is to store program instructions and data that are used repeatedly in the operation of programs or information that the CPU is likely to need next.
The computer processor can access this information quickly from the cache rather than having to get it from the computer’s main memory.
Fast access to these instructions increases the overall speed of the program.
Caching in Dell Boomi
Document caching lets you add documents to a cache so that you can reference them later in a process or in a subprocess.
This means that you can look up and hold in memory a large amount of data, and reference that data when you need it in the process.
It helps you to avoid having to make multiple connector calls to an application within a single process in order to look up different types of information.
You can get the documents from various sources, index and store the documents that you need, and then retrieve the cached documents for use in process execution.
Each document becomes an entry in the document cache. If a document contains multiple records that you want to retrieve separately (as in a batch file), you must split the document before adding it to the cache.
A document cache can be shared among parent and child processes. You can add documents to the cache in the parent process, and those documents are available in any child processes. However, the document cache is temporary — documents remain in the cache only for a single execution of a process, either in Test mode or when deployed to
production. You can also remove some or all of the documents from the cache during process execution if you want to reuse the same document
Developing SOAP/REST APIs in BoomiManaging Dell Boomi APIs
The Dell Boomi API management is a powerful API solution. The big advantage it’s built on the same platform as Dell Boomi AtomSphere. It has the same look and feels. It also runs on the same infrastructure. Managing the API management module is therefore very simple. In addition to that, every month, you receive every automatic upgrade with new features. This ensures your API management platform stays up-to-date, secure and competitive.
Web Services Server connector to listen for and accept REST, SOAP, and simple HTTP requests in real time and initiate Dell Boomi Integration processes.
When a process containing this connector is deployed to an Atom, the Atom’s internal web server listens for documents based on configurations made in the WebServices Server operation or, if applicable, the API component.
You can view the status of deployed web service listener processes and API components in the Listeners panel in Manage > Atom Management. In that panel, you can also pause, resume, and restart listeners.
API Management Features
API’s are generated by importing existing Atomsphere web services. Zero-code API’s!
Support for both SOAP of REST
Support for versioning
Deploy on-premise or in the Dell Boomi cloud
Dell Boomi generates automatically a Swagger 2.0 specification for every REST API
1. If you use a cache, and there is a large file so is there any fail loops? Ans. You have to make sure that you have a good amount of memory in cache
2. Can the cache handle a large amount of data? Does Cache mean that the file has to be in the cache or only data which is needed will be kept in the cache? Ans. It’s up to you there are a no. of ways in which you can only keep the relevant piece in the cache. Also, if the file size is too much we can use batching, we use flowcontrolship to convert the collected data into batches. So, You execute the first batch and then pick next accordingly
3. Which connector is used to read from local files? Ans. Disk Connector
4. Whenever you are developing a soap service in dell boomi, how do you get the wsdl URL
To get the WSDL URL you have to go to manage tab and then select the atom on which deployment has been done. Go to a shared server and there u will have hostname and port details.. Append /ws/soap?wsdl to it
You can also check our previous post on Four Key Points About Dell Boomi AtomSphere Platformhere
Step 3: Select the Licensing menu from the left pane
Step 4: Under Connection, we can find the connection details for PROD and TEST environment
Here we have three classifications:
Purchased: It specifies an overall number of connections purchased for prod and test environments by an individual organization.
Deployed: It specifies an overall number of connections consumed for prod and test environments by an individual organization.
Available: It specifies an overall number of connections available for prod and test environments within an account.
Step 5: Scroll down on the same page to know the details of the process, atom, connection type and connector name where the connections have been consumed.
We need to select the classification of connectors for which we are seeking the above-mentioned info from the top table, accordingly below tables get populated with the detailed information about the consumed connections.
Note: Dell Boomi classifies environments into a) PROD b) TEST.
There is no classification called “dev”. In case one wants to create a dev environment that can be done by consuming the connections available in TEST classification itself.