Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for...
Search
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Technology
0
1.6k
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs
Cloud Solutions Provider (CSP) モデルでOracle Cloud Infrastructureを利用するにあたって、設計上の考慮事項をまとめた資料です。
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Tweet
Share
More Decks by Oracle Cloud Infrastructure ソリューション・エンジニア
See All by Oracle Cloud Infrastructure ソリューション・エンジニア
OS管理ハブ 概要
ocise
1
260
FastConnect の冗長性
ocise
0
7.9k
OCI コスト管理
ocise
1
490
OCI セキュア・デスクトップ 概要
ocise
0
3.7k
OCI技術資料 : リソース・マネージャ(Resource Manager)概要
ocise
0
3.4k
OCI技術資料 : ロード・バランサー 詳細 / Load Balancer 200
ocise
2
14k
Oracle Cloud Migrations Service概要
ocise
0
4.1k
OCI技術資料 : ロード・バランサー 概要 / Load Balancer 100
ocise
3
18k
OCI サービス基本情報
ocise
3
9k
Other Decks in Technology
See All in Technology
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
スプリントゴールにチームの状態も設定する背景とその効果 / Team state in sprint goals why and impact
kakehashi
2
100
小規模に始めるデータメッシュとデータガバナンスの実践
kimujun
3
590
顧客が本当に必要だったもの - パフォーマンス改善編 / Make what is needed
soudai
24
6.8k
ABEMA のコンテンツ制作を最適化!生成 AI x クラウド映像編集システム / abema-ai-editor
cyberagentdevelopers
PRO
1
180
フルカイテン株式会社 採用資料
fullkaiten
0
36k
AWS re:Inventを徹底的に楽しむためのTips / Tips for thoroughly enjoying AWS re:Invent
yuj1osm
1
560
生成AIとAWS CDKで実現! 自社ブログレビューの効率化
ymae
2
330
MAMを軸とした動画ハンドリングにおけるAI活用前提の整備と次世代ビジョン / abema-ai-mam
cyberagentdevelopers
PRO
1
110
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
omakaseしないための.rubocop.yml のつくりかた / How to Build Your .rubocop.yml to Avoid Omakase #kaigionrails
linkers_tech
3
730
生成AIと知識グラフの相互利用に基づく文書解析
koujikozaki
1
140
Featured
See All Featured
Gamification - CAS2011
davidbonilla
80
5k
Docker and Python
trallard
40
3.1k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
GraphQLの誤解/rethinking-graphql
sonatard
66
9.9k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
4 Signs Your Business is Dying
shpigford
180
21k
How to train your dragon (web standard)
notwaldorf
88
5.7k
What's new in Ruby 2.0
geeforr
342
31k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Testing 201, or: Great Expectations
jmmastey
38
7k
Transcript
Cloud Solutions Provider(CSP)モデルにおける OCI設計のガイドライン 2022/12/30
Copyright © 2022, Oracle and/or its affiliates 2 Oracle Cloud
Infrastructure( OCI) Cloud Solutions Provider (CSP) • • OCI
CSP* OCI / → Identity Domain CSP Copyright © 2022,
Oracle and/or its affiliates 3 OCI OCI+ *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/
Oracle IaaS/Paas/Saas Copyright © 2022, Oracle and/or its affiliates 4
OCI IAM Identity Domains SSO (Outbound) • • SAML, OIDC, OAuth • • App Gateway • RADIUS • Linux PAM **** Oracle Cloud IaaS/PaaS • • • • OCI • ID • Console | CLI | APIs • / • • SCIM • AD • ( ) ! ? ü (Inbound) • ID/ • IdP • (SNS) • • • OATH OAuth FIDO2 REST APIs SAML OIDC SCIM IAM OCI IAM IDCS OCI IAM Identity Domains
( ) • 1 ※ • ( ) • Copyright
© 2022, Oracle and/or its affiliates 5 001 A (A ) B (B ) A B (A ) (B ) Default ( )
Copyright © 2022, Oracle and/or its affiliates 6 (1 )
(2 ) (3 ) Default Virtual Machine Block Storage Database ( ) Policies ( ) Policies Groups Groups
( ) Administrators ( ) • • (manage all-resources) ※
( ) ( ) Copyright © 2022, Oracle and/or its affiliates 7 Allow Group <Domain Name>/<Group Name> to manage all-resources in Compartment <Compartment Name>
Copyright © 2022, Oracle and/or its affiliates 8 • (
) ( ) • • • OCI CLI SDK • Free 10 • 6
( ) Copyright © 2022, Oracle and/or its affiliates 9
OCI (…in tenancy ) ( ) • (Cloud Shell ) • ( : Cloud Guard ) • (use) ( : ) • ( ) ( )
(allow group <domain/group> to…) inspect tenancies in tenancy IAM inspect
compartments in tenancy IAM manage tenancy-preferences in tenancy IAM manage network-sources in tenancy IAM ( ) use tag-namespaces in tenancy where any {target.tag-namspace.name ='XXX' } IAM ( ) read announcements in tenancy Announcement (Announcement) read objectstorage-namespaces in tenancy Object Storage API use cloud-shell in tenancy Cloud Shell ( ) ( ) (…in tenancy) Copyright © 2022, Oracle and/or its affiliates 10
Thank you 11 Copyright © 2022, Oracle and/or its affiliates
None
Our mission is to help people see data in new
ways, discover insights, unlock endless possibilities.