How to Create Oracle Bare metal Compute Instance

Difference between a Traditional Compute VM and Bare Metal VM

Bare metal instances are on-demand, bare metal compute resources in the cloud. Unlike virtual machine (VM) instances, bare metal instances are entire physical hosts dedicated to a single customer’s use with no hypervisor or Oracle-applied software installed on it.

Difference between Block and Object Storage

Block Storage

  • Flexible Network Attached Storage over standard iSCSI protocol
  • Dynamic Attach, Detach, Reattach
  • 256GB , 2TB volume size
  • Backup to High Durability Object Storage, easily restore to a new volume 

Object Storage

  • Located in same high performance network as Compute
  • Superior latency and throughput
  • Best for Big Data & Backup Storage  

Getting Access Details : To access bare metal instance you would need tenant name, username and password from the service provider. Your console URL will be something like this https://console.us-datacenter-1.oraclecloud.com  

After login you should see something like this 

What is Virtual Cloud Network (VCN) ?

VCN is a software-defined version of your traditional, on-premise network — including subnets, route tables, and gateways — in which your instances run. A Virtual Cloud Network is a virtual version of a traditional network—including Subnets, route tables and Internet Gateways on which your instances run. A cloud network resides within a single region but can cross multiple Availability Domains. You can define subnets for a cloud network in different Availability Domains, but the Subnet itself must belong to a single Availability Domain. You need to set up at least one cloud network before you can launch instances. You can configure the cloud network with an optional Internet Gateway to handle public traffic, and an optional IPSec VPN connection to securely extend your on-premises network.

Create Virtual Cloud Network [ VCN ]

Under Networking click on Create Virtual Cloud Network

CIDR Block can be 10.0.0.0/16 , DNS Label you can give any name to identify this VCN

What is Internet Gateway ?

A software-defined router providing a path for network traffic from your VCN to the public internet. The Internet Gateway enables Oracle Cloud Infrastructure Compute instances to directly access the internet. You can also connect your VCN via a Dynamic Routing Gateway (DRG) and IPSec VPN connection to your on-premise data center, from which you can route traffic via your existing network egress points.

read more on Internet Gateway

Create Internet Gateway under the newly created VCN

what is Route Table ?

A set of route rules, viewed in table format, that specifies how IP network traffic is directed based on a destination IP address matching a specified IP CIDR (e.g. 0.0.0.0/0 for the Internet).

routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables

Create Route Table for Internet Access and No Internet Access

CIDR Block: 0.0.0.0/0

CIDR Block: leave blank for No internet access

There will be 3 route tables 1st one is default, other two are the one that we just created

What is Security list / Firewall rules 

A common set of stateful firewall rules associated with a subnet and applied to all instances launched inside the subnet.

Ingress v/s Egress Filtering

 

Ingress filtering is a technique used to ensure that incoming packets are actually from the networks from which they claim to originate. This can be used as a countermeasure against various spoofing attacks where the attacker’s packets contain fake IP addresses to make it difficult to find the source of the attack. This technique is often used in the denial-of-service attack, and this is a primary target of ingress filtering.

Egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically it is information from a private TCP/IP computer network to the Internet that is controlled.

TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device. Packets that do not meet security policies are not allowed to leave – they are denied “egress”

Create Security list Ingress & Egress rules 

1) Name: for-public-subnets

Rules for Ingress

SOURCE CIDR: 0.0.0.0/0, IP PROTOCOL: TCP, DESTINATION PORT RANGE: 22

Rules for Egress

DESTINATION CIDR: 0.0.0.0/0, IP PROTOCOL: TCP, DESTINATION PORT RANGE: All

2) Name: for-private-subnets

Rules for Ingress

SOURCE CIDR: 10.0.1.0/24, IP PROTOCOL: TCP, DESTINATION PORT RANGE: 22

Rules for Egress

None (press the “X” mark on the left side)

Same as above but with Red Cross checked and the Egress rules completely removed.

What is Subnet ?

A subnet is a small network inside a larger network. It is a logical grouping of connected network devices that tend to be located in close physical proximity to each other on a local area network—a LAN. 

Advantages of a Subnet include:

  • Network performance and speed improve.
  • Network congestion is reduced.
  • Data delivery is more efficient. 
  • An organization can take full advantage of the network’s capacity.
  • Network security improves.
  • Administration eases.
  • Troubleshooting can be limited to a subnet rather than the entire network.
  • The separation between different departments in an organization is maintained.

Create Sub net  

Create two subnets

1) Name: Madhu_subnet_AD1-public

AVAILABILITY DOMAIN: <the-one-which-ends-with-AD1> PHX-AD1

CIDR BLOCK: 10.0.1.0/24

Route Table: internet-access

SUBNET ACCESS: PUBLIC SUBNET

DNS LABEL: leave it blank

DHCP OPTIONS: Default DHCP options for my-first-vcn

Security Lists: for-public-subnets

 

2) Name: Madhu_subnet_AD2-private

AVAILABILITY DOMAIN: <the-one-which-ends-with-AD2> PHX-AD2

CIDR BLOCK: 10.0.2.0/24

Route Table: no-internet-access

SUBNET ACCESS: PRIVATE SUBNET

DNS LABEL: leave it blank

DHCP OPTIONS: Default DHCP options for my-first-vcn

Security Lists: for-private-subnets

Generate SSH Keys using Putty KeyGen

Generate Public, Private and Open SSH keys using Putty Key Gen

Compute Instances (Public LAMP 14.04 Image)

Under Compute select Instance , then create instance

 

Name: myubuntuinstance

Availability Domain: <the-one-which-ends-with-AD1>

Image: Oracle-Linux-7.3-xxxxxx

Shape: VM.Standard1.4

Virtual Cloud Network: my-first-vcn

Subnet: AD1-public

Private IP Address: leave it blank

DNS Name: leave it blank

SSH-keys: Browse for your public key or paste-the-contents-of-public_key.pub

Finally our Ubuntu Image is running on Bare Metal

Blog Author Madhusudhan Rao ( follow me on cloud-videos.com and cloud-blogs.com for latest on cloud stuff )