Tuesday, April 12, 2016

#486 IaaS - An Introduction

Welcome to the first in a series of posts on Oracle's Infrastructure as a Service offering.
In future posts I will go into some detail and highlight the value add of our platform in respect of other providers, such as Azure and AWS.

So what does IaaS cover?
Essentially the following -

  • Elastic Compute
  • Elastic Storage
  • Software Defined Network
And where does IaaS sit, in respect of our other cloud offerings?

Now what can you do with IaaS?

You can -

  • Run any type of workload in the cloud
  • Run Oracle workloads in an optimized manner.
Let's break this down a bit - here I am quoting from the ORCL docs available here

IaaS lets you -

  • Migrate your applications to a dedicated site in the public cloud
  • Assign processor and memory resources from a range of resource profiles
  • Automate your VM provisioning and management workflows
  • Create instances using Oracle-provided and custom machine images
  • Provide a persistent boot disk for your instance
  • Exercise fine-grained control over network traffic
  • Reserve and assign fixed public IP addresses
  • Attach high-capacity block storage to instances
  • Monitor and manage all of your resources through a unified interface
  • Ensure secure access to instances

Sounds good? Essentially, what you are getting is a software defined virtualized data center.
Let's now look at the components -


Currently, Oracle provides 2 compute services -

  1. Elastic Compute
  2. Dedicated Compute

Elastic Compute -

Elastic Web Scale Computing
  • Schedule from 1 to 1000’s of Cores Simultaneously within Minutes
  • Elastically Scale Up or Down depending on Workload Needs
Complete Self-Service Control of Instances
  • You have root access to each compute instance and VM
  • Web Service API to start, stop, scale up, scale out, scale down, delete, etc
  • Complete Access to Console Output – Access Log, Diagnostic Log, etc.
Choice of Heterogeneous Configurations
  • Multiple Instance Types – Choose Cores, Storage, Network, Boot Partition
  • Multiple OS – Linux (OEL, RHEL, Ubuntu), Windows(on the way), Solaris
  • Formation – Define & Orchestrate Multi-Tier Configurations
  • Service Catalog – Create your own private catalog of Services
  • Marketplace – Access Public Service Catalog of Packaged Images
Seamless Integration with Oracle PaaS & SaaS

Dedicated Compute -

Dedicated, as the name suggests, gives you a virtual elastic compute environment provisioned on isolated compute resources. So, if you do not want any noisy neighbours, or maybe have to meet certain compliance regulations, then Dedicated is the way to go. 

Public Cloud Machine -

Now recently Oracle announced the Public Cloud Machine -
See more details here

So why would I go for The Public Cloud Machine?

For instance, some companies and government agencies have strict performance demands, requiring close to zero latency between their applications and the data they must access. Some must keep their application development and data processing behind corporate firewalls in order to guarantee custom security or abide by data governance regulations.

To quote from the page linked above -

The new Oracle Cloud Machine makes available Oracle Cloud’s infrastructure as a service (IaaS), including compute, storage, networking, and platform as a service (PaaS), including Oracle Java Cloud Service, Oracle Integration Cloud Service, Oracle Database Cloud Service, and others, accessed in a cloud-oriented subscription model that’s priced the same as public cloud services.

So what does the Compute Service look like?

Note the menu items above -
  • Instances
  • Network
  • Storage
  • Orchestration
  • Monitoring
One of the instances above hosts DB CS, while the other is a JCS instance, i.e. app server and db instances.

So how do I create such as instance?
Via the Create Instance button or the API

The Image you select can be just an O/S`, such as CentOS, Oracle Linux etc., or a service image such as DB.

You can then specify the shape -

Note the checkbox -

More about Orchestrations later. 

Let's now look at storage -


To quote from the ORCL docs -

A storage volume is a virtual disk that provides persistent block storage space for instances in Oracle Compute Cloud Service.

You can use storage volumes to store data and applications.

You can also associate a storage volume with a machine image and then, while creating an instance, you can specify that volume as a persistent boot disk for the instance.

Here are some screenshots from the UI -

You can, of course, do all this via the API - POST /storage/volume/ method.
So, with the storage service, you can store as much data as you want and scale up and down as required, dramatically increasing your business agility.

Let's now look at Network -


You can implement fine-grained control over network access to your Oracle Compute Cloud Service instances, both from other instances as well as from external hosts. When you create an instance, by default, it doesn’t allow access from any other instance or external host.

Now to some Terminology -

security list is a group of Oracle Compute Cloud Service instances that you can specify as the source or destination in one or more security rules. The instances in a security list can communicate fully, on all ports, with other instances in the same security list.

Inbound and outbound policies control the inflow and outflow of traffic, to and from the instances in the list.

A security rule is essentially a firewall rule, which you can use to permit traffic between Oracle Compute Cloud Service instances in different security lists, as well as between instances and external hosts. When you create a security rule, you can specify a security list as a source or destination in that security rule. A security list can be specified as the source or destination in up to 10 security rules.

security application is a protocol-port mapping that you can use in security rules.

security IP list is a list of IP subnets (in the CIDR format) or IP addresses that are external to instances in Oracle Compute Cloud Service. You can use a security IP list as the source or the destination in security rules to control network access to or from Oracle Compute Cloud Service instances.

Here are some screenshots -

Status - can be Enabled or Disabled.

Security Application

Source -  from where the request is coming, e.g. one of my managed Weblogic servers.

Target - e.g. my DB instance

No comments: