OC Infra Funda SG (050 101)

Private Subnet with a VPN
ORACLE CLOUD DATA CENTER REGION • Create an IPSec connection for VPN
AVAILABILITY DOMAIN-2 • Data center admin must configure the on-
premises router before network traffic can flow
Custom Route
Table
between your on-premises network and VCN
• At your end of the IPSec VPN is the actual
SUBNET B,
10.0.2.0/24 router in your on-premises network (hardware or
software). A virtual representation of the router
VCN, 10.0.0.0/16 in Bare Metal Cloud Services is referred to
as Customer-Premises Equipment (CPE)
CUSTOMER
DATA CENTER
Copyright © 2017, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud Infrastructure Fundamentals 3 - 14

DNS Choice
• The Domain Name System (DNS) enables lookup of other computers using host names.
• You choose the DNS for each subnet in the cloud network.
– Default Choice: Internet and VCN Resolver. This is an Oracle-provided option that
includes two parts:
— Internet Resolver: Lets instances use host names that are publicly published on the
Internet. The instances do not need to have Internet access by way of either an IGW or
an IPSec VPN DRG.
— VCN Resolver: Lets instances use host names (which you can assign) to communicate
with other instances in the VCN.
– Custom Resolver: Use your own DNS servers. These could be Internet IP
addresses for DNS servers in your VCN, or DNS servers in your on-premises
network, which is connected to your VCN by way of an IPSec VPN connection.
Instance FQDN: <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com
(you can specify VCN, Subnet and hostname DNS labels)
If you choose to use the default option of DNS, that is, Internet and VCN Resolver with DNS
Hostnames Across the VCN, then all instances in the VCN can communicate with each other without
knowing their IP addresses. Make sure to assign a DNS label to the VCN and every subnet. Then
make sure to assign every instance a host name (or at least a display name) at launch. The
instances can then communicate with each other using FQDNs instead of IP addresses. If you also
set the Search Domain DHCP option to the VCN domain name, the instances can then communicate
with each other using just <hostname>.<subnet DNS label> instead of the FQDN.
If you use Custom DNS Servers to Resolve DNS Hostnames, then you can set up an instance to be
a custom DNS server within your VCN and configure that instance to resolve the hostnames for your
instances. You must configure the servers to use 169.254.169.254 as the forwarder for the VCN
domain.

DHCP Configuration
• The VCN comes with the default DHCP

options.
• You can also create your own DHCP
options and the initial value.
• The DHCP options are applied at the
subnet level.
• You can't change which set of DHCP
options is associated with a subnet after
the subnet is created.
• Do not disable Network Manager unless
you use another method to ensure
renewal of the lease.
Your cloud network uses DHCP options to automatically provide configuration information to the
instances when they boot up. Each cloud network comes with a default set of DHCP options with an
initial value that you can change. If you don't specify otherwise, every subnet will use the VCN's
default set of DHCP options.
You can't change which set of DHCP options is associated with a subnet after the subnet is created.
If you don't want to use the default set, make sure to create your desired set of DHCP options before
creating the subnet. However, remember that you can also change the values for the options.
Whenever you change the value of one of the DHCP options, you need to either restart the DHCP
client on the instance, or reboot the instance, for the change to take effect on existing instances in
the subnets associated with that set of DHCP options.
Be sure to keep the DHCP client running so you can always access the instance. If you stop the
DHCP client manually or disable Network Manager, the instance can't renew its DHCP lease and will
become inaccessible when the lease expires (typically within 24 hours). Do not disable Network
Manager unless you use another method to ensure renewal of the lease. Stopping the DHCP client
might remove the host route table when the lease expires. Also, loss of network connectivity to your
iSCSI connections might result in loss of the boot drive.

FastConnect
ORACLE CLOUD DATA CENTER REGION The general concept of a connection
between your existing network and
AVAILABILITY DOMAIN-2
your VCN over a private physical
network instead of the internet.
Custom Route
Table
With FastConnect, you can establish a

SUBNET B,
10.0.2.0/24 connection in one of these ways:
• Colocation: By co-locating with
VCN, 10.0.0.0/16
Oracle in a FastConnect location
• Provider: By connecting to
FastConnect Location a FastConnect provider
YOUR EXISTING
NETWORK

Off-box Network Virtualization
On-Premises Network On-Premises Network
Gray VCN
Red VCN
Off-Box Network
Virtualization
Physical Network
We use ‘Off Box Network Virtualization’. Note that the virtualization layer is well isolated from the
Bare-Metal nodes and as a result, it is much harder for a bad actor to compromise the virtualization
layer.

Bandwidth and Latency between BM instances
[opc@iperf-client ~]$ sudo iperf3 -c 10.0.0.5 [opc@iperf-client ~]$ sudo iperf3 -c 129.213.56.64
Connecting to host 10.0.0.5, port 5201 Connecting to host 129.213.56.64, port 5201
[ 4] local 10.0.2.3 port 45988 connected to 10.0.0.5 port 5201 [ 4] local 10.0.2.3 port 34528 connected to 129.213.56.64 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd [ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 1.13 GBytes 9.67 Gbits/sec 25 2.54 MBytes [ 4] 0.00-1.00 sec 666 MBytes 5.59 Gbits/sec 428 1.43 MBytes
[ 4] 5.00-6.00 sec 1.15 GBytes 9.87 Gbits/sec 0 3.02 MBytes [ 4] 5.00-6.00 sec 476 MBytes 3.99 Gbits/sec 512 446 KBytes
------------------------- -------------------------
[ ID] Interval Transfer Bandwidth Retr [ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 11.5 GBytes 9.85 Gbits/sec 100 sender [ 4] 0.00-10.00 sec 4.82 GBytes 4.14 Gbits/sec 5331 sender
[ 4] 0.00-10.00 sec 11.5 GBytes 9.84 Gbits/sec receiver [ 4] 0.00-10.00 sec 4.81 GBytes 4.13 Gbits/sec receiver

Summary
In this lesson, you should have learned how to:

• Describe key Virtual Cloud Network (VCN) concepts
• Manage your cloud network components, such as:
– Route Table
– Security List
– Internet Gateway
– Dynamic Routing Gateway
• Evaluate the different options of connecting to the Internet

Practice 3: Network Management
In this practice, each participant uses

their assigned compartment and:
• Creates a virtual cloud network
(VCN) GROUP G01
• Creates a subnet within the VCN

SUBNET01
USER U01
VCN01
COMPARTMENT
TENANCY

4
Compute Service
September 2017

Objectives
After completing this lesson, you should be able to:

• Describe Compute Service
• Describe images, shapes, local storage
• Create and launch a compute instance
• Set up the credentials necessary for accessing the compute resource
• Add block volume to a compute instance

Compute: Bare Metal & Virtual Machines
Bare Metal (BM) Virtual Machine (VM)

No hypervisor involved – customers get the full A hypervisor to virtualize the underlying bare metal
bare metal server with 36 cores server into smaller VMs
(single-tenant model) (multi-tenant model)
VMs
Hypervisor
VM compute instances runs on the same hardware as a Bare Metal instances, leveraging the
same cloud-optimized hardware, firmware, software stack, and networking infrastructure
Latency: Same Random and Sequential: ~90 μsec Read, ~20 μsec Write

Shape: Processor and Memory Resources
• Oracle Compute Cloud Service enables you to select from a range of predefined shapes
that determine the number of CPUs available in an instance and the amount of RAM
available in an instance.
• Several predefined shapes are available for both bare metal and virtual machine
instances.
While creating Compute instances, you can assign CPU and memory resources by selecting from a
wide range of resource profiles (called shapes), each of which is a carefully designed combination of
processor and memory limits.

Available Shapes
Shape Instance type OCPU RAM (GB) Local Disk (TB)
BM.Standard1.36 Standard compute capacity 36 256 Block Storage only
BM.HighIO1.36 High I/O compute capacity 36 512 12.8 TB NVMe SSD
BM.DenseIO1.36 Dense I/O compute capacity 36 512 28.8 TB NVMe SSD
VM.Standard1.1 Standard 1 7 Block Storage only

VM.DenseIO1.4 Dense I/O compute capacity 4 60 3.2 TB NVMe SSD

In the case of standard VM instances, NVMe storage is not available. For all the shapes, Block
Volume storage is offered.
The Dense I/O instances are configured with 28.8 TB of local NVMe storage and are ideal for
extreme transactional workloads that work on large datasets and require low latency and high
throughput, such as Big Data and High Performance Compute (HPC) applications.

NVMe SSD Devices
• Locally attached SSDs are not protected

• Bare Metal Cloud Service provides no RAID, snapshots, backups capabilities for these
devices
• Customers are responsible for the durability of data on the local SSDs
Instance type NVMe SSD Devices ubuntu@nvme:~$ lsblk

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
BM.HighIO1.512 4 drives = 12.8TB raw sda 8:0 0 46.6G 0 disk
├─sda1 8:1 0 46.5G 0 part /
├─sda14 8:14 0 4M 0 part
BM.DenseIO1.512 9 drives = 28.8TB raw
└─sda15 8:15 0 106M 0 part /boot/efi
nvme0n1 259:4 0 2.9T 0 disk
VM.DenseIO1.4 1 drive = 3.2 TB raw nvme1n1 259:5 0 2.9T 0 disk
nvme2n1 259:3 0 2.9T 0 disk
VM.DenseIO1.8 2 drives = 6.4 TB raw nvme3n1 259:6 0 2.9T 0 disk
nvme4n1 259:7 0 2.9T 0 disk
VM.DenseIO1.16 4 drives = 12.8 TB raw nvme5n1 259:8 0 2.9T 0 disk
nvme6n1 259:1 0 2.9T 0 disk
nvme7n1 259:0 0 2.9T 0 disk
nvme8n1 259:2 0 2.9T 0 disk

Protecting NVMe SSD Devices
RAID 1: An exact copy RAID 10: Stripes data across multiple mirrored RAID 6: Block-level striping with two parity
(or mirror) of a set of pairs. As long as one disk in each mirrored pair blocks distributed across all member disks
data on two or more is functional, data can be retrieved
disks

BM.HighIO1.512 Options
RAID 10 across all 4 SSDs with 6.4 TB RAID 6 across all 4 SSDs with 6.4 TB
usable space, can survive the failure of usable space, but can survive the failure of
one device; fast performance two devices; slower, but higher durability

BM.DenseIO1.512 Options
• RAID 6 across all nine SSDs $ sudo yum install mdadm -y

Single LUN with ~23.8TB of usable space that will
$ sudo mdadm --create /dev/md0 --raid-
survive the failure of any two devices
devices=9 --level=6 /dev/nvme0n1
• Four device RAID 10 and five device RAID 6 arrays /dev/nvme1n1 /dev/nvme2n1 /dev/nvme3n1
/dev/nvme4n1 /dev/nvme5n1 /dev/nvme6n1
Results in two arrays with isolated I/O (data and log /dev/nvme7n1 /dev/nvme8n1
files) with 6.4TB and 9.6TB of usable space
• RAID 10 array across 8 devices $ sudo mdadm --detail --scan | sudo tee -a
/etc/mdadm.conf >> /dev/null
Single LUN with ~12.8TB of space that will survive the
failure of any one device and a hot spare
• Two RAID 10 arrays of 4 devices each
Two LUNs, each with ~6.4TB of space and a global hot
spare

Images
A template of a virtual hard drive that determines the operating system and other software for an instance.
Images can be Oracle-provided, custom, or BYOI. Oracle-provided images -
Image Name Description

Oracle Linux 7 Unbreakable
Oracle-Linux-7.x- The UEK is Oracle's optimized operating system kernel
Enterprise Kernel Release 4
Oracle Linux 6 Unbreakable
Oracle-Linux-6.x- The UEK is Oracle's optimized operating system kernel
Enterprise Kernel Release 4
CentOS 7 CentOS-7-x CentOS is a free, open-source Linux distribution
CentOS 6 CentOS-6.x- CentOS is a free, open-source Linux distribution
Canonical-Ubuntu-16.x-
Ubuntu 16.04 LTS Ubuntu is a free, open-source Linux distribution
<date>-<number>
Windows Server 2012 R2 – Windows-Server-2012-R2-
Windows Server 2012 R2 Standard Edition
Bare Metal (BM) Standard-Edition-BM
Windows Server 2012 R2 - Windows-Server-2012-R2-
Windows Server 2012 R2 Standard Edition
Virtual Machine (VM) Standard-Edition-VM
All Oracle-provided images include rules that allow only "root" on Linux instances or "Administrators"
on Windows instances to make outgoing connections to the iSCSI network endpoint
(169.254.0.2:3260) that serves the instance's boot and block volumes.
Oracle recommends that you do not reconfigure the firewall on your instance to remove these rules.
Removing these rules allows non-root users or non-administrators to access the instance’s boot disk
volume. Oracle recommends that you do not create custom images without these rules unless you
understand the security risks.

Custom Images
• Possible to create a custom image of an instance’s boot disk and use it to launch other
instances.
• Instances you launch from your image include customizations, configuration, and
software installed when you created the image.
• When you create an image of a running instance, the instance shuts down and remains
unavailable for several minutes. When the process completes, the instance restarts.
• Custom images do not include the data from any attached block volumes.
• Custom images cannot be > 50 GB in size.
• Custom images cannot be downloaded or exported.
• Support Generalized and Specialized images for Windows.
– Generalized image - generalized OS disk, cleaned of computer-specific information.
– Specialized image - OS disk that is already fully installed, and a copy of the original
BM or VM.

Launching a Compute Instance
The steps to launch a compute instance are:

1. Create a Key Pair
2. Choose a Compartment
3. Create a Virtual Cloud Network
4. Launch an Instance
5. Connect to Your Instance
6. Add a Block Volume
The creation of a compute instance is referred to as Launching an Instance. To create an instance

irrespective of the type of image, you must follow the sequence of steps. In the previous lessons you
have already gained familiarity with the compartment and virtual network.

Creating a Key Pair
• Instances use an SSH key pair instead of a password to

authenticate a remote user.
• A key pair file contains a private key and public key.
• You keep the private key on your computer and provide the
public key every time you launch an instance.
• To create key pairs, you can use a third-party tool such as:
– OpenSSH on UNIX-style systems (including Linux, Solaris,
BSD, and OS X)
ssh-keygen -t rsa -N "" -b 2048 -C "<key_name>" -f <path/root_name>
– PuTTY Key Generator on Windows
While use of PuTTY is shown in the slide for accessing from Windows environments, you could also
install a bash shell – such as the Ubuntu based bash shell or Git bash – in a Windows environment.
When you use a bash environment, the Linux commands work the same way in bash shell in
Windows environment.

Choosing a Compartment
• Compartments help you organize and control access to your resources.

• Only users with permission to a compartment can manage the servers and volumes in
that compartment.
• Depending on your requirements, access the compartment in which you want to create
the resource.
As we already mentioned, compartment is a collection of related resources that can be accessed

only by those groups that have permission. For example, one compartment could contain all the
instances and storage volumes that make up the production version of your company's Human
Resources system. Only users with permission to that compartment can manage those instances
and volumes.
The compute instances, or any resource for that matter, once created in a compartment cannot be
moved to another compartment. You can however create an image and using that image clone a
compute instance to another compartment within your tenancy.

Using a Virtual Cloud Network
• In the Console, click Networking.

• Click Create Virtual Cloud Network.
• Enter the values:
– Create in Compartment: Select
the compartment you want to
create the VCN in, if not already
selected.
– Name: Enter a name for your
cloud network.
– Select: Create VCN plus related
resources. The dialog box expands
to list the items that will be created
with your cloud network.
• Scroll to the bottom of the dialog box
and click Virtual Cloud Network.
Before you can launch an instance, you need to have a Virtual Cloud Network (VCN). In the VCN,
you launch the instance into a subnet. A subnet is a subdivision of your VCN that you define in a
single Availability Domain. The subnet directs traffic according to a route table. The subnet also uses
a security list to control traffic in and out of the instance.
When you created a VCN, you would have noted the details of the VCN that you just created. The
VCN has the following resources and characteristics:
• CIDR block range of 10.0.0.0/16
• An Internet Gateway
• A route table with a default route rule to enable traffic to and from the Internet Gateway
• A Default Security List that allows specific ingress traffic to and all egress traffic from the
instance
• A public subnet in each Availability Domain.
• The VCN will automatically use the Internet and VCN Resolver for DNS.

Launching an Instance
• In the Console, click Compute.
• Click Launch Instance.
• In the Launch Instance dialog box:
– Name: Enter a name for the instance.
– Availability Domain: Select the first Availability
Domain in the list.
– Image: Select a suitable OS image.
– Shape: Select a size suitable for your project.
— The shape defines the number of CPUs and
amount of memory allocated to the instance.
– Virtual Cloud Network: Select the cloud network you
created.
– Subnet: Select the subnet created with your cloud
network.
– Hostname: Enter a name for the virtual host.
– SSH Keys: Paste in the public key.
The instance is displayed in the Console in a provisioning state. Expect provisioning to take a few
minutes before the status changes to Running. Do not refresh the page. Once the instance is
running, wait a few more minutes for the operating system to boot before you attempt to connect.
The shape you select determines the number of CPUs, memory to be allocated to your Compute
instances.

Getting the Public IP Address
• You need the public IP address of your instance to connect to it.

• To get the instance public IP address:
– Click the instance name to see its details.
– The Public IP Address is displayed on the details page.
The public IP address of your instance is what you need to connect to the instance and configure
other resources within that instance.
Use the following SSH command to access the instance. Enter the passphrase welcome1 when
prompted.
$ ssh opc@<public-ip-address>
• <public-ip-address> is your instance IP address that you retrieved from the Console.

Using a Block Volume
• In the Console, click Storage > Block Volumes.

• Click Create Block Volume.
• In the Create Block Volume dialog box, enter the following:
– Create in Compartment: Select the compartment in which you want to create the
volume.
– Name: Enter a user-friendly name.
– Availability Domain: Select the same Availability Domain that you selected for your
instance.
– Size: Select an appropriate size.
Block Volume Service provides network storage to use with your Compute instances. After you
create, attach, and mount a volume to your instance, you can use it just as you would a physical
hard drive on your computer. A volume can be attached to a single instance at a time, but you can
detach it from one instance and attach to another instance, keeping your data intact.

Attaching Volume to an Instance
• In the Console, click Compute and then

click Instances.
• Click your instance name to view its details.
• Click Attach Block Volume.
• In the dialog box, enter or select the
following:
– Block Volume Compartment: Select
the compartment where you created
the block volume.
– Block Volume: Select the block
volume from the list.
– Require CHAP Credentials
• Click Attach.
Challenge-Handshake Authentication Protocol (CHAP) is a security protocol. When you set up your
production environment, Oracle recommends that you use CHAP credentials.

Summary

• Describe Compute Service
• Describe images, shapes, local storage
• Create and launch a compute instance
• Set up the credentials necessary for accessing the compute resource
• Add block volume to a compute instance

Practice 4: Instance Management

their assigned compartment and:
• Launches an Oracle Linux VM
• Attaches the block volume created
in the previous practice GROUP G01
WP01 Block Volume
SUBNET01
• Mounts the block volume and
transfers some content
• Customizes the instance and USER U01
deploys the LAMP stack followed

by WordPress
VCN01
COMPARTMENT
TENANCY

5
Block Volume and Object Storage
Service
September 2017

Objectives
After completing this lesson, you should be able to:

• Create, attach, configure, and mount block volumes
• Back up and restore block volumes
• Detach and delete block volumes
• Describe concepts and uses of object storage
• Create object storage
• Upload objects to object storage
• Upload multipart objects to object storage

Storage Services
Oracle Cloud Infrastructure offers two main storage services

• Block Volume Service
– Block storage operates at the raw storage device level and manages data as a set of
numbered, fixed-size blocks using protocols such as iSCSI.
– Block Volume Service lets you dynamically provision and manage block storage
volumes.
– You can create, attach, connect, and move volumes, as needed, to meet your storage
and application requirements.
• Object Storage Service
– Object storage is independent of a server and accessed over the Internet
– Data is managed as objects using an API built on standard HTTP verbs
– It is an ideal storage platform to store very large amounts of data

Overview of Block Volume Service
• Block Volume Service lets you dynamically add storage capacity to an instance.
• You can create, attach, connect, and move volumes, as needed, to meet your storage
and application requirements.
• Once attached and connected to an instance, you can use a volume like a regular hard
drive.
• Volumes can also be disconnected and attached to another instance without the loss of
data, thereby providing persistence and portability.
• Elastic block storage volumes are configurable from 50GB to 2TB
• The service offers 60 IOPS per GB and scales linearly
• Data is encrypted at rest in both volumes and backups
• All volumes are automatically replicated for you helping to protect against data loss.
• Typically used for persistent and durable storage.
A common usage of Block Volume Service is to add storage capacity to an instance. To use a bock
storage volume, you should:
• Create a block storage volume through the console or the API
• Attach the volume to an instance using a volume attachment
• Connect to the volume from your instance's guest OS using iSCSI
• Mount the volume and use within your instance
A Block Volume Service volume can be detached from an instance and moved to a different instance
without loss of data. This data persistence allows you to easily migrate data between instances and
ensures that your data is safely stored, even when it is not connected to an instance. Any data will
remain intact until you reformat or delete the volume.
To move your volume to another instance, unmount the drive from the initial instance, terminate the
iSCSI connection, and attach it to the second instance. From there, you simply connect and mount
the drive from that instance's guest OS to instantly have access to all of your data. Additionally,
Block Volume Service volumes offer a high level of data durability compared to standard, attached
drives. All volumes are automatically replicated for you, helping to protect against data loss.

Block Volume Service Components
The components required to create a volume and attach it to an instance are briefly
described as follows:
• Instance
– An Oracle Cloud Infrastructure compute host
• iSCSI
– A TCP/IP-based standard used for communication between the instance and the
attached volume
• Volume
– A detachable block storage device that allows you to dynamically expand the storage
capacity of an instance
• Resource Identifier
– Each Oracle Bare Metal Cloud Services resource has a unique, Oracle-assigned
identifier called an Oracle Cloud ID (OCID).
The Internet Small Computer System Interface (iSCSI) is an IP-based standard for connecting
storage devices. iSCSI encapsulates SCSI commands in IP network packets, which allows data
transfer over long distances and sharing of storage by client systems. As iSCSI uses the existing IP
infrastructure, it does not require the purchase and installation of fiber-optic cabling and interface
adapters that are needed to implement Fibre Channel (FC) storage area networks.
Oracle Linux supports iSCSI initiator functionality in software. The kernel-resident device driver uses
the existing network interface card (NIC) and network stack to emulate a hardware iSCSI initiator. As
the iSCSI initiator functionality is not available at the level of the system BIOS, you cannot boot an
Oracle Linux system from iSCSI storage.

How Can I Use Block Storage with My Instance?
Data
Applications
Instance
Virtual
Disk
Attach to/detach Compute

from instance Service
A storage volume is a virtual disk that provides persistent block storage for Compute instances.
You can use storage volumes to store data and applications.
Block Volume Service, a part of Oracle Cloud Infrastructure, allows you to:
• Create block storage volumes and attach them to your Compute instances. When you create
a storage volume, you can specify the capacity that you need.
• Attach one or more storage volumes to an instance either while creating the instance or later,
while the instance is running.
• Scale up or scale down the block storage capacity for the instance by attaching or detaching
storage volumes even while the instance is running. Also, remember that, when a storage
volume is detached from an instance or when the instance is deleted, data stored on the
storage volume is not lost.

Creating and Attaching a Block Volume Using the Console
To create a Block Volume:

In the console, click Storage.
• Fill in the required volume information:
- Name: A user-friendly name or description.
- Domain: Must be in the same Availability Domain as the instance.
- Size: Can be between 50 GB to 2TB.
• Click Create.
The volume will be ready to attach once its icon no longer lists it as PROVISIONING in the volume
list.
To Attach a Block Volume:
In the Console, click Compute.
• In the Instances list, select the instance you want to attach to the volume.
• Click the name of the instance to display the instance details.
• Click Attach Volume and select the volume you want from the Volume drop-down menu.
• Click Attach.
You can connect to the volume once the volume's icon no longer lists it as Attaching.
To Connect to the Block Volume:
The Console provides the commands required to configure, authenticate, and log on to iSCSI.

Managing Block Storage Volumes
• You use the iSCSI protocol to connect to

and configure the block volume.
• After you configure the volume, you can
mount and use it like a normal hard drive.
• When you attach a block volume to an
instance, the console provides the volume
information. Click the Actions icon (…) on
your volume's row, and then click iSCSI
Commands and Information.
• You can use that information to configure
and mount the volume to the instance.
You use the iSCSI protocol to attach a volume to an instance. Once the volume is attached, you log
on to the instance and use the iscsiadm command-line tool to configure the iSCSI connection. After
you configure the volume, you can mount it and use it like a normal hard drive.

Backup and Restoration
• You can take point-in-time complete image backups of your block volumes.
• Backups are encrypted and stored in the Object Storage Service, and can be restored
as new volumes to any Availability Domain within the same region.
• This capability provides you with a spare copy of a volume and gives you the ability to
successfully complete recovery within the same region.
To take a backup:
• In the console, click Storage.
• Click Backups.
• Click the block volume for which you want to create a backup.
• Click Create Backup.
• Enter a name for the backup, and then click Create Backup.
The backup will be completed once its icon no longer lists it as CREATING in the volume list.
To restore a new volume from a backup:
• In the Console, click Storage, and then click Backups.
- A list of the block volumes in the compartment you're viewing is displayed. If you don’t
see the one you're looking for, make sure you’re viewing the correct compartment.
• Select the block volume backup you want to restore.
• Enter a name for the block volume and choose the Availability Domain in which you want to
restore it.
• Click Create.
The volume will be ready to attach once its icon no longer lists it as PROVISIONING in the volume
list.

What’s a Mount Point?
Various Mount Points
Mount on any
Mount Point
Storage Volume Directory structure on the

with file system Operating System
About Mount Points

The process of associating a storage volume with an operating system is called mounting.
A mount point is the place in the current system’s directory hierarchy where the storage volume and
its file system will be attached. The mount point is always a normal directory. The mount point
doesn’t have to be created directly at the root (/); it can be created anywhere in the hierarchy of the
system.
The /etc/fstab File System Table
Linux systems maintain a list of file systems and options in the /etc/fstab file. This is a plain text
file. To ensure that your storage volumes are mounted at boot time, add the mount point details as
an entry in the /etc/fstab file.

Detaching and Deleting Block Volumes
• When an instance no longer requires a block volume, you can disconnect and then
detach it from the instance without any loss of data.
• When you attach the same volume to another instance or to the same instance, DO
NOT FORMAT the disk volume. Otherwise, you will lose all the data on the volume.
• When the volume itself is no longer needed, you can delete the block volume.
• You cannot undo a delete operation. Any data on a volume will be permanently deleted
once the volume is deleted.

Performance Benchmark
• Create 1TB volume

• Attach to BM compute instance
• Run sample performance benchmarks per volume
• IOPS
sudo fio --filename=/dev/sdb --direct=1 --rw=randwrite --bs=4k --ioengine=libaio --iodepth=64 --
runtime=30 --numjobs=16 --time_based --group_reporting --name=client-max
• Throughput
sudo fio --filename=/dev/sdb --direct=1 --rw=randwrite --bs=256k --ioengine=libaio --iodepth=64 --
• Latency
sudo fio --filename=/dev/sdb --direct=1 --rw=randrw --bs=4k --ioengine=libaio --iodepth=1 --

Overview of Object Storage Service
• Object storage is where data is handled as an object, also known as unstructured data.
• Object Storage use cases:
– Big Data: Object Storage Service enables you to not only store large data sets, but
also operate seamlessly on them. You can generate business insights by using
the HDFS connector to interface with analytics engines such as Apache Spark and
MapReduce.
– Archive and Storage: Backup or archive data is typically written once and read
many times. The durability and low cost characteristics of Object Storage
Service make it suitable to store data for long durations.
– Content Repository: Object Storage Service supports any content type, images,
logs, and video. You can store this data for a long time and the storage scales in tune
with your need.
• Object storage is where data is handled as an object, also known as unstructured data. The
main differences between object storage and traditional storage (also known as block
storage), are listed as follows:
- Stored data contains customized metadata.
- Data is indexed, allowing for much faster search results.
- Data can be located by using pointers instead of finding its location based on tracks
and sectors on the hard disk (that is, the standard file system that we have used for
many years).
• This type of storage is used as an essential part of cloud services, in data centers, and it is
normally integrated with virtual machines.
• Because object storage allows for additional attributes as part of the “bundle,” applications,
programs and storage devices are able to better manipulate data.
• Nearly any file type can be stored in the form of object storage. Some popular files include
media files (images, videos, music, and photos), documents, PDFs, backups, archives, and
so on.
• Multiple users can access the data.
With Object Storage Service, you can safely and securely store or retrieve data directly from the
Internet or from within the cloud platform. Object Storage Service is agnostic to data content type. It
enables a variety of use cases and works equally well with them. The Object Storage Service is a
regional service. It is not tied to any specific compute instance. You can access data from anywhere
within or outside the context of the Oracle Cloud Infrastructure, as long as you have Internet
connectivity and can access the Object Storage Service API endpoint.
(HDFS Connector: https://docs.us-phoenix-1.oraclecloud.com/Content/Object/Tasks/hadoopsupport.htm)

Overview of Object Storage Service
• Object
• Bucket
• Namespace
• Compartment
The Object Storage Service resources are:

• Object: Any type of data, regardless of content type, is stored as an object. The object is
composed of the object itself and metadata about the object. Each object is stored in a
bucket.
• Bucket: A logical container for storing objects. Buckets are created by users or systems as
needed. A bucket is associated with a single compartment which, in turn, has policies that
indicate what actions a user can perform on a bucket and all the objects in the bucket.
• Namespace: The logical entity that lets you own your personal bucket names. Bucket names
need to be unique within the context of a namespace, but bucket names can be repeated
across namespaces. Each tenant is associated with one default namespace (tenant name)
that spans all compartments. Within a namespace, buckets and objects exist in flat hierarchy,
but you can simulate directories to help navigate a large set of objects (for example,
guitars/fender/stratocaster.jpg, guitars/gibson/lespaul.jpg).
• Compartment: Compartments help you organize resources to make it easier to control
access to them. A bucket can only exist in one compartment.

Object Storage Elements
Buckets
• Object: any type of data,
regardless of content type, is Object
stored as an object. The object
is comprised of the object itself Metadata Object Object
Data
and metadata about the object. Object
Object
• Buckets: a logical container for Object
Object
storing objects. A bucket is
associated with a single
compartment.
• A bucket is a user-created resource, which can hold an unlimited number of objects.

• When using this form of storage, data is treated as an object. Think of an object as a
document file. Users can add additional attributes to each object such as: notes about the
file, location where the file was created, compatibility options, and so on.
• Traditional data storage (block storage) does not support additional metadata and attributes.
Additionally, the file location must be specified by the user; this way, the operating system
calls up that file from the hard drive directly.
• Object storage allows for searchable metadata, automatic indexing, multiple copies/backups
of stored data, and the ability to access storage nodes found in different parts of the world.
- If the storage container is about to reach its capacity limit, a new storage node is
created to allow the user to continue adding data.
• A common analogy to better understand object storage is valet parking:
- Even though you do not know where the car is parked—or if it has been relocated
multiple times while you were away—when you are ready to leave, your ticket number
is used to trace your car and return it to you. The car is the object; the ticket number is
the object’s unique identifying number that provides the location of the car; and the
valet’s parking lot is the container where the vehicles are parked in a flat area.

Object Storage Service Features
The salient features of Object Storage include:

• Strong consistency - When a read request is made, the Object Storage Service always
serves the most recent copy of the data that was written to the system
• Durability - Data stored redundantly across multiple storage servers across multiple ADs.
Data integrity is actively monitored and corrupt data detected and auto repaired
• Performance - Compute and the Object Storage Services are co-located on the same
fast network
• Custom metadata - define your own extensive metadata as key-value pairs
• Hadoop support - use the Object Storage Service as the primary data repository for big
data
• Encryption - employs 256-bit Advanced Encryption Standard (AES-256) to encrypt
object data. Each object is encrypted with its own key and object keys are encrypted
with a master encryption key that is frequently rotated.
Following are some salient features of object storage:

• Strong Consistency: When a read request is made, the Object Storage Service always
serves the most recent copy of the data that was written to the system. The Object Storage
Service also offers a high-performing, high-bandwidth network.
• Durability: Data is stored redundantly across multiple storage servers across multiple
Availability Domains. Data integrity is actively monitored using checksums and corrupt data is
detected and auto repaired. Any loss of data redundancy is actively managed by recreating a
copy of the data from the redundant copy.
• Performance: The Compute Service and the Object Storage Service are co-located on the
same network. This means that instances running on the Compute Service can expect very
high, non-blocking network bandwidth to the object store.
• Custom Metadata: You can define your own extensive metadata as key-value pairs for any
purpose. For example, you can create descriptive tags for objects, retrieve those tags, and
sort through the data.
• Hadoop Support: You can use the Object Storage Service as the primary data repository for
big data. The HDFS connector provides connectivity to various big data analytic engines.
This connectivity enables the analytics engines to work directly with data stored in the Object
Storage Service.
• Encryption: The Object Storage Service employs 256-bit Advanced Encryption Standard
(AES-256) to encrypt object data on the server. Each object is encrypted with its own key.
Object keys are encrypted with a master encryption key that is frequently rotated. Encryption
is enabled by default and cannot be turned off.

Managing Buckets and Objects
• A bucket is a container for storing objects in a compartment within a namespace.

• In the console, access a compartment. Then navigate to Storage > Object Storage and
click Create bucket. Enter a name and click Create.
• To upload an object:
– Click the bucket name. A list of objects in the bucket is displayed.
– Click Upload Object. Then click Browse, navigate to and select the file you want to
upload, and then click Open.
— If you want to change the name of the object, edit the name in the Object Name field.
– Click Upload Object. The object is uploaded and displayed in the list of objects.
• You can also download or delete an object using the console.
A bucket is associated with a single compartment. The compartment has policies that indicate what
actions a user can perform on a bucket and all the objects in the bucket.
An object is a file or unstructured data such as: multimedia files, data backups, static web content, or
logs that you upload to a bucket within a compartment within a namespace. Objects are processed
as a single entity. You can't edit or append data to an object, but you can replace the entire object.
Note: In this course, while you can create a bucket and upload data as objects, we will not use
object storage resources in the hands-on labs and practices.

Managing Multipart Uploads
• Object Storage Service supports multipart uploads for more efficient and resilient
uploads, especially for large objects.
• You can use the retry feature to upload only the failed upload.
• You can use multipart upload RESTAPI calls or the Java Software Development Kit
(SDK) to manage multipart uploads, but not the Console.
With multipart uploads, individual parts of an object can be uploaded in parallel to reduce the amount
of time you spend uploading. Multipart uploads can also minimize the impact of network failures by
letting you retry a failed part upload instead of requiring you to retry an entire object upload. Oracle
recommends that you perform a multipart upload to upload objects larger than 100 MB. The
maximum size for an uploaded object is 10 TB. Object parts must be no larger than 50 GB. For very
large uploads, a multipart upload also offers you the flexibility of pausing and resuming at your own
pace.
A multipart upload consists of the following steps:
• Initiating an upload
• Uploading object parts
• Committing the upload
In the initiating step, you should create the parts to upload. The Object Storage Service provides API
operations for the remaining steps. The service also provides API operations for listing in-progress
multipart uploads, listing the object parts in an in-progress multipart upload, and aborting in-progress
multipart uploads.
Creating Object Parts
With multipart upload, you split the object you want to upload into individual parts. Individual parts
can be as large as 50 GB or as small as 10 MB. (The Object Storage Service waives the minimum
part size restriction for the last uploaded part.) Decide what part number you want to use for each
part. Part numbers can range from 1 to 10,000. You do not need to assign contiguous numbers, but
the Object Storage Service will construct the object by ordering part numbers in ascending order.

Initiating an Upload: After you finish creating object parts, initiate a multipart upload by making a
CreateMultipartUpload REST API call. Provide the object name and any object metadata. The
Object Storage Service responds with a unique upload ID that you must include in any requests
related to this multipart upload. The Object Storage Service also marks the upload as active. The
upload remains active until you explicitly commit it or abort it.
Uploading Object Parts: Make an UploadPart request for each object part upload. In the request
parameters, provide the namespace, bucket name, upload ID, and part number. In the request body,
include the object part. Object parts can be uploaded in parallel and in any order. When you commit
the upload, the Object Storage Service uses the part numbers to sequence object parts. Part
numbers do not have to be contiguous. If multiple object parts are uploaded using the same upload
ID and part number, the last upload overwrites the part and is committed when you call the
CommitMultipartUpload API.
• The Object Storage Service returns an ETag value for each part uploaded. You need both
the part number and corresponding ETag value for each part when you commit the upload.
• In the event of network issues, you can restart a failed upload for an individual part. You do
not need to restart the entire upload. If, for some reason, you cannot perform an upload all at
once, multipart upload lets you continue uploading parts at your own pace. While a multipart
upload is still active, you can keep adding parts as long as the total number is less than
10,000.
• You can keep track of an active multipart upload by listing all parts that have been uploaded.
(You cannot list information for an individual object part in an active multipart upload.) The
ListMultipartUploadParts operation requires the namespace, bucket name, and upload ID.
The Object Storage Service will respond with information about the parts associated with the
specified upload ID. Parts information includes the part number, ETag value, MD5 hash, and
part size (in bytes).
Committing the Upload: When you have uploaded all object parts, complete the multipart upload
by committing it. Use the CommitMultipartUpload request parameters to specify the namespace,
bucket name, and upload ID. Include the part number and corresponding ETag value for each part in
the body of the request. When you commit the upload, the Object Storage Service constructs the
object from its constituent parts. The object is stored in the specified bucket and namespace. You
can treat it like you would any other object. Garbage collection will release storage space occupied
by any part numbers you uploaded, but did not include in the CommitMultipartUpload request.
• You cannot list or retrieve parts from a completed upload. You cannot append or remove
parts from the completed upload either. If you want, you can replace the object by initiating a
new upload.
• If you decide to abort a multipart upload instead of committing it, wait for in-progress part
uploads to complete and then use the AbortMultipartUpload operation. If you abort an upload
while part uploads are still in progress anyway, the Object Storage Service cleans up both
completed and in-progress parts. Upload IDs from aborted multipart uploads cannot be
reused.

Summary

• Create, attach, configure, and mount block volumes
• Back up and restore block volumes
• Detach and delete block volumes
• Describe concepts and uses of object storage
• Create object storage
• Upload objects to object storage
• Upload multipart objects to object storage

Practice 5: Storage Management

their assigned compartment and
creates a block volume of 256 GB.
GROUP G01
SUBNET01
USER U01
VCN01
COMPARTMENT
TENANCY

OC Infra Funda SG (050 101)

Uploaded by

Copyright:

Available Formats

OC Infra Funda SG (050 101)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OC Infra Funda SG (050 101)

Uploaded by

Copyright:

Available Formats

Private Subnet with a VPN

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 14

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 15

• The VCN comes with the default DHCP

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 16

With FastConnect, you can establish a

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 17

On-Premises Network On-Premises Network

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 18

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 19

In this lesson, you should have learned how to:

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 20

In this practice, each participant uses

• Creates a subnet within the VCN

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 3 - 21

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

After completing this lesson, you should be able to:

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 2

Bare Metal (BM) Virtual Machine (VM)

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 3

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 4

VM.Standard1.1 Standard 1 7 Block Storage only

VM.DenseIO1.4 Dense I/O compute capacity 4 60 3.2 TB NVMe SSD

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 5

• Locally attached SSDs are not protected

Instance type NVMe SSD Devices ubuntu@nvme:~$ lsblk

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 6

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 7

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 8

• RAID 6 across all nine SSDs $ sudo yum install mdadm -y

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 9

Image Name Description

CentOS 7 CentOS-7-x CentOS is a free, open-source Linux distribution

CentOS 6 CentOS-6.x- CentOS is a free, open-source Linux distribution

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 10

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Infrastructure Fundamentals 4 - 11

The steps to launch a compute instance are:

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

The creation of a compute instance is referred to as Launching an Instance. To create an instance

Oracle Cloud Infrastructure Fundamentals 4 - 12

• Instances use an SSH key pair instead of a password to