Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for...
Search
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Technology
1
2.2k
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs
Cloud Solutions Provider (CSP) モデルでOracle Cloud Infrastructureを利用するにあたって、設計上の考慮事項をまとめた資料です。
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Tweet
Share
More Decks by Oracle Cloud Infrastructure ソリューション・エンジニア
See All by Oracle Cloud Infrastructure ソリューション・エンジニア
FastConnect の冗長性
ocise
1
11k
ネットワーク・ロード・バランサー NLB 詳細 / Load Balancer NLB 200
ocise
0
420
OCI技術資料 : ファイル・ストレージ 概要
ocise
3
13k
Oracle Cloud Migrations Service概要
ocise
1
7k
OS管理ハブ 概要
ocise
2
1.3k
OCI コスト管理
ocise
3
2.1k
OCI セキュア・デスクトップ 概要
ocise
1
5.7k
OCI技術資料 : リソース・マネージャ(Resource Manager)概要
ocise
1
4.8k
OCI技術資料 : ロード・バランサ FLB 詳細 / Load Balancer FLB 200
ocise
3
16k
Other Decks in Technology
See All in Technology
Amazon CloudWatch Application Signals ではじめるバーンレートアラーム / Burn rate alarm with Amazon CloudWatch Application Signals
ymotongpoo
5
530
Стильный код: натуральный поиск редких атрибутов по картинке. Юлия Антохина, Data Scientist, Lamoda Tech
lamodatech
0
740
Road to Go Gem #rubykaigi
sue445
0
790
Linuxのパッケージ管理とアップデート基礎知識
go_nishimoto
0
380
AIエージェント開発手法と業務導入のプラクティス
ykosaka
2
1.5k
PicoRabbit: a Tiny Presentation Device Powered by Ruby
harukasan
PRO
2
240
Would you THINK such a demonstration interesting ?
shumpei3
1
220
CodePipelineのアクション統合から学ぶAWS CDKの抽象化技術 / codepipeline-actions-cdk-abstraction
gotok365
5
210
AIコーディングの最前線 〜活用のコツと課題〜
pharma_x_tech
3
1.9k
SDカードフォレンジック
su3158
1
630
AWS全冠芸人が見た世界 ~資格取得より大切なこと~
masakiokuda
5
6.3k
LangfuseでAIエージェントの 可観測性を高めよう!/Enhancing AI Agent Observability with Langfuse!
jnymyk
1
240
Featured
See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.2k
YesSQL, Process and Tooling at Scale
rocio
172
14k
How STYLIGHT went responsive
nonsquared
99
5.5k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Building Flexible Design Systems
yeseniaperezcruz
329
38k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
A better future with KSS
kneath
239
17k
For a Future-Friendly Web
brad_frost
176
9.7k
Adopting Sorbet at Scale
ufuk
76
9.3k
Speed Design
sergeychernyshev
29
900
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
34
2.2k
Transcript
Cloud Solutions Provider(CSP)モデルにおける OCI設計のガイドライン 2022/12/30
Copyright © 2022, Oracle and/or its affiliates 2 Oracle Cloud
Infrastructure( OCI) Cloud Solutions Provider (CSP) • • OCI
CSP* OCI / → Identity Domain CSP Copyright © 2022,
Oracle and/or its affiliates 3 OCI OCI+ *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/
Oracle IaaS/Paas/Saas Copyright © 2022, Oracle and/or its affiliates 4
OCI IAM Identity Domains SSO (Outbound) • • SAML, OIDC, OAuth • • App Gateway • RADIUS • Linux PAM **** Oracle Cloud IaaS/PaaS • • • • OCI • ID • Console | CLI | APIs • / • • SCIM • AD • ( ) ! ? ü (Inbound) • ID/ • IdP • (SNS) • • • OATH OAuth FIDO2 REST APIs SAML OIDC SCIM IAM OCI IAM IDCS OCI IAM Identity Domains
( ) • 1 ※ • ( ) • Copyright
© 2022, Oracle and/or its affiliates 5 001 A (A ) B (B ) A B (A ) (B ) Default ( )
Copyright © 2022, Oracle and/or its affiliates 6 (1 )
(2 ) (3 ) Default Virtual Machine Block Storage Database ( ) Policies ( ) Policies Groups Groups
( ) Administrators ( ) • • (manage all-resources) ※
( ) ( ) Copyright © 2022, Oracle and/or its affiliates 7 Allow Group <Domain Name>/<Group Name> to manage all-resources in Compartment <Compartment Name>
Copyright © 2022, Oracle and/or its affiliates 8 • (
) ( ) • • • OCI CLI SDK • Free 10 • 6
( ) Copyright © 2022, Oracle and/or its affiliates 9
OCI (…in tenancy ) ( ) • (Cloud Shell ) • ( : Cloud Guard ) • (use) ( : ) • ( ) ( )
(allow group <domain/group> to…) inspect tenancies in tenancy IAM inspect
compartments in tenancy IAM manage tenancy-preferences in tenancy IAM manage network-sources in tenancy IAM ( ) use tag-namespaces in tenancy where any {target.tag-namspace.name ='XXX' } IAM ( ) read announcements in tenancy Announcement (Announcement) read objectstorage-namespaces in tenancy Object Storage API use cloud-shell in tenancy Cloud Shell ( ) ( ) (…in tenancy) Copyright © 2022, Oracle and/or its affiliates 10
Thank you 11 Copyright © 2022, Oracle and/or its affiliates
None
Our mission is to help people see data in new
ways, discover insights, unlock endless possibilities.