|
1 | 1 | # Start Right With OCI |
2 | 2 |
|
3 | | -A five-step approach to deploy on Oracle Cloud Infrastructure (OCI) |
4 | | - |
5 | | -- [Start Right With OCI](#start-right-with-oci) |
6 | | - - [Introduction](#introduction) |
7 | | - - [Establishing Your OCI Environment](#establishing-your-oci-environment) |
8 | | - - [Step 1: Identity and Access Management (IAM)](#step-1-identity-and-access-management-iam) |
9 | | - - [Step 2: Deploying a Landing Zone](#step-2-deploying-a-landing-zone) |
10 | | - - [Step 3: Deploying a solution](#step-3-deploying-a-solution) |
11 | | - - [Step 4: Observability: Logging, Monitoring and Alerting](#step-4-observability-logging-monitoring-and-alerting) |
12 | | - - [Step 5: Resource Management and Governance](#step-5-resource-management-and-governance) |
13 | | -- [License](#license) |
14 | | - |
15 | | -Last updated: 7 March 2025 |
16 | | - |
17 | | -## Introduction |
18 | | - |
19 | | -This document serves as a guide for first-time OCI users. It outlines foundational security best practices from establishing secure landing zones and a well‑architected environment to enabling observability, managing identity and access, and enforcing robust security measures. The guidance below is aligned with the [CIS OCI Foundations Benchmark](https://www.cisecurity.org/benchmark/oracle_cloud) and Oracle’s [OCI Well-Architected Framework](https://docs.oracle.com/en/solutions/oci-best-practices/index.html). It includes curated resources, GitHub repositories, and additional reference links to help you get started. |
20 | | - |
21 | | -After reading the introduction, follow the steps outlined in **Establishing Your OCI Environment** to set up a secure and well-architected OCI deployment. These steps provide a structured approach to configuring identity and access management, setting up a landing zone, deploying solutions in OCI, and enabling logging and monitoring. |
22 | | - |
23 | | -Each step in the **Establishing Your OCI Environment** section contains links to essential OCI documentation. If you encounter any difficulties whilst following the documentation, additional video resources are available. This guide includes links to instructional videos that offer step-by-step explanations of key OCI concepts. Reviewing these videos can help clarify complex topics and provide practical demonstrations of best practices. |
24 | | - |
25 | | -To ensure a further **structured and successful** cloud adoption journey, Oracle provides two key frameworks: |
26 | | - |
27 | | -- The **[Cloud Adoption Framework for OCI (CAF)](https://www.oracle.com/cloud/cloud-adoption-framework/)** helps organizations transition to OCI by providing best practices for governance, security, operations, and financial management. It ensures that cloud strategies align with business goals and regulatory requirements. |
28 | | -- The **[OCI Well-Architected Framework (WAF)](https://docs.oracle.com/en/solutions/oci-best-practices/index.html)** focuses on the **technical implementation** of cloud workloads, ensuring they are secure, reliable, and optimized for performance and cost. |
29 | | - |
30 | | -These frameworks work together with the **CAF** establishing the foundation and governance model, and the **WAF** ensuring workloads are designed according to best practices. By following both, organizations can create a cloud environment that is scalable, secure, and operationally efficient. |
31 | | - |
32 | | -The entry point for all Oracle Cloud Infrastructure Services is the official [Oracle OCI Documentation](https://docs.oracle.com/en-us/iaas/Content/home.htm). |
33 | | -For an overview of the OCI security services you can review this [Security in OCI](https://videohub.oracle.com/media/Kick+off+your+Oracle+Cloud+Journey+-+Part+3/1_om5n1tll) video. You can also review other topics using this [video dashboard](https://www.oracle.com/uk/cloud/architecture-center/oci-in-5/). |
34 | | - |
35 | | -## Establishing Your OCI Environment |
36 | | - |
37 | | -Setting up your Oracle Cloud Infrastructure (OCI) environment correctly from the start is essential for security, governance, and operational efficiency. This section provides a structured approach to configuring your tenancy, ensuring that all foundational components are implemented according to best practices. |
38 | | - |
39 | | -The steps outlined here will guide you through: |
40 | | - |
41 | | -- **Step 1: Identity and Access Management (IAM):** Implementing strong security controls to protect administrative access. |
42 | | -- **Step 2: Landing Zone Deployment:** Establishing a secure and scalable foundation for OCI workloads. |
43 | | -- **Step 3: Solution Deployment:** Using automation tools like Terraform and OCI Resource Manager to streamline application deployment. |
44 | | -- **Step 4: Observability and Monitoring:** Setting up logging, monitoring, and alerting to maintain visibility over cloud resources and their usage. |
45 | | -- **Step 5: Resource Management and Governance:** Applying governance frameworks to maintain compliance, track costs, and enforce policies. |
46 | | - |
47 | | -Each step in this guide includes links to **essential OCI documentation and video tutorials** to help you successfully configure your environment. If you encounter any challenges, refer to these resources for step-by-step guidance. |
48 | | - |
49 | | -### Step 1: Identity and Access Management (IAM) |
50 | | - |
51 | | -Securing OCI Administrators in the Default identity domain is crucial because these accounts have full control over your tenancy and are prime targets for attacks. Enforcing strong Multi Factor Authentication (MFA), least privilege access, and continuous monitoring for all administrative users within OCI from the start helps prevent unauthorized access and strengthens your cloud security posture. |
52 | | - |
53 | | -Secure access to your OCI resources by implementing strict IAM controls: |
54 | | - |
55 | | - |
56 | | -- **Set up an identity and access management (IAM) security model:** An initial version of a security model can help your organization [mitigate risk](https://docs.oracle.com/en-us/iaas/Content/cloud-adoption-framework/iam-security-structure.htm) |
57 | | -- **Principle of Least Privilege:** Grant only the necessary permissions and regularly audit your [IAM policies](https://www.ateam-oracle.com/post/oci-iam-policies-best-practices). |
58 | | -- **Breakglass Administrator:** Do not use the out-of-the-box OCI Adminstrator account for day-to-day operations. Configure additional administrators based on least privileges and secure the OCI Administrator account as a breakglass account, reserved for emergency use only, as defined in the [OCI IAM Security Best Practices](https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security.htm#Securing_IAM). |
59 | | -- **Multi‑Factor Authentication (MFA):** Enable MFA for all users to protect against unauthorized access. Additional best practices are detailed in the [OCI IAM Security Best Practices](https://docs.oracle.com/en-us/iaas/Content/Security/Reference/iam_security.htm#Securing_IAM). |
60 | | -- **Federation:** Configure federated identity management (e.g., using [MS EntraID](https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/federation.htm)) to streamline user access. |
61 | | -- **Additional Resources:** [Identity and Access Management Resources](https://github.com/oracle-quickstart/oci-self-service-security-guide/tree/main/3-Identity-and-Access-Management). |
62 | | - |
63 | | -### Step 2: Deploying a Landing Zone |
64 | | - |
65 | | -After securing your Default OCI IAM accounts, define a secure and scalable landing zone. An [OCI Landing Zone](https://github.com/oci-landing-zones/) is a pre-configured, secure, and scalable cloud environment that provides a standardized foundation for deploying workloads in Oracle Cloud Infrastructure. It is needed to ensure that best practices for security, governance, and compliance are implemented from the start, reducing misconfigurations and accelerating cloud adoption: |
66 | | - |
67 | | -- **Secure Onboarding:** Leverage resources to rapidly deploy a secure environment, including: |
68 | | - - [Core Landing Zone](https://github.com/oci-landing-zones/terraform-oci-core-landingzone), which contains blueprints ready for various workloads and is suitable for centralized operations within your organization. |
69 | | - - [Operating Entities Landing Zone](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities), which contains blueprints to onboard your organizations and partners and their workloads with distributed operations. |
70 | | -- **Compartmentalization:** [Organize resources into compartments](https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcompartments.htm#Working) to enforce governance, simplify billing, and separate workloads. |
71 | | - |
72 | | -### Step 3: Deploying a solution |
73 | | - |
74 | | -Once your OCI environment is set up, you can deploy your first workload by leveraging Oracle’s infrastructure and automation tools. OCI provides multiple deployment options, including Terraform, Resource Manager, and manual provisioning via the OCI Console, CLI, SDK, or API. |
75 | | - |
76 | | -- **Using Terraform:** Automate deployments with Terraform by using the official [Oracle OCI Provider](https://registry.terraform.io/providers/oracle/oci/latest/docs). This provider includes modules for networking, compute, databases, security, and other OCI resources. |
77 | | -- **Resource Manager:** Use OCI [Resource Manager](https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm) to run Terraform templates directly within the OCI Console, simplifying deployment and lifecycle management. |
78 | | -- **Marketplace Solutions:** Explore pre-configured applications and solutions available in the [OCI Marketplace](https://cloudmarketplace.oracle.com/marketplace/en_US/homePage.jspx) to accelerate deployment. |
79 | | -- **Manual Deployment:** If needed, you can manually provision resources through the [OCI Console](https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/launchinginstance.htm) or automate tasks with the [OCI CLI](https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm), including [Bring Your Own Image](https://docs.oracle.com/en-us/iaas/Content/Compute/References/bringyourownimage.htm). |
80 | | - |
81 | | -For detailed guidance on deploying specific workloads, refer to Oracle's [Reference Architectures](https://www.oracle.com/cloud/architecture-center/) and [Solution Playbooks](https://docs.oracle.com/solutions/). |
82 | | - |
83 | | -### Step 4: Observability: Logging, Monitoring and Alerting |
84 | | - |
85 | | -Establishing robust observability is key to maintaining the health of your environment. Follow these best practices: |
86 | | - |
87 | | -- **SIEM Integration Pattern:** A SIEM platform is required to increase responsiveness to [security attacks](https://docs.oracle.com/en-us/iaas/Content/cloud-adoption-framework/siem-integration.htm) |
88 | | -- **Enable Logging and Monitoring:** Utilize OCI’s logging and monitoring services to track your resources and applications. Setting up alerts for operational insights is crucial for maintaining system health. Refer to [OCI Best Practices](https://docs.oracle.com/en/solutions/oci-best-practices/index.html) for strategies. |
89 | | -- **Data Visualization Tools:** Leverage OCI Monitoring and OCI Logging to visualize data in [dashboards and track performance metrics](https://docs.oracle.com/en-us/iaas/Content/Dashboards/Tasks/dashboards.htm). A number of [security dashboards](https://blogs.oracle.com/observability/post/oracle-cloud-infrastructure-security-fundamentals-dashboards-using-oci-logging-analytics) have been published to help you gain rapid visibility into your operational security metrics. |
90 | | -- **Integrate with Third-Party Tools:** Integrate OCI with a [third-party SIEM](https://docs.oracle.com/solutions/?q=SIEM&cType=reference-architectures%2Csolution-playbook%2Cbuilt-deployed&sort=date-desc&lang=en) (if you are using one) to enhance your monitoring capabilities, as suggested in the OCI Architecture Center. |
91 | | -- **Additional Resources**: [Observability and Monitoring Resources](https://github.com/oracle-quickstart/oci-self-service-security-guide/tree/main/1-Logging-Monitoring-and-Alerting#logging-monitoring-and-alerting). |
92 | | - |
93 | | -### Step 5: Resource Management and Governance |
94 | | - |
95 | | -Effective resource management is crucial to maintain control over your OCI environment: |
96 | | - |
97 | | -- **Tagging:** Apply [tags](https://docs.oracle.com/en-us/iaas/Content/Tagging/Concepts/taggingoverview.htm) to all resources for better organization, cost tracking, and compliance. |
98 | | -- **Cost Management:** Enable [budgets](https://docs.oracle.com/en-us/iaas/Content/Billing/Tasks/managingbudgets.htm) and [alerts](https://docs.oracle.com/en-us/iaas/Content/Billing/Tasks/managingalertrules.htm) to monitor cloud spending and proactively address cost anomalies. |
99 | | -- **Governance:** Use [cloud governance practices](https://docs.oracle.com/en/solutions/foundational-oci-governance-model/index.html) to enforce policies and maintain regulatory compliance. |
100 | | - |
101 | | -# License |
102 | | - |
103 | | -Copyright (c) 2025 Oracle and/or its affiliates. |
104 | | - |
105 | | -Licensed under the Universal Permissive License (UPL), Version 1.0. |
106 | | - |
107 | | -See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details. |
108 | | - |
| 3 | +CONTENT WILL BE ADDED SOON...... |
0 commit comments