Difference between a Traditional Compute VM and Bare Metal VM
Bare metal instances are on-demand, bare metal compute resources in the cloud. Unlike virtual machine (VM) instances, bare metal instances are entire physical hosts dedicated to a single customer’s use with no hypervisor or Oracle-applied software installed on it.
Difference between Block and Object Storage
Block Storage
- Flexible Network Attached Storage over standard iSCSI protocol
- Dynamic Attach, Detach, Reattach
- 256GB , 2TB volume size
- Backup to High Durability Object Storage, easily restore to a new volume
Object Storage
- Located in same high performance network as Compute
- Superior latency and throughput
- Best for Big Data & Backup Storage
Getting Access Details : To access bare metal instance you would need tenant name, username and password from the service provider. Your console URL will be something like this https://console.us-datacenter-1.oraclecloud.com
After login you should see something like this
What is Virtual Cloud Network (VCN) ?
VCN is a software-defined version of your traditional, on-premise network — including subnets, route tables, and gateways — in which your instances run. A Virtual Cloud Network is a virtual version of a traditional network—including Subnets, route tables and Internet Gateways on which your instances run. A cloud network resides within a single region but can cross multiple Availability Domains. You can define subnets for a cloud network in different Availability Domains, but the Subnet itself must belong to a single Availability Domain. You need to set up at least one cloud network before you can launch instances. You can configure the cloud network with an optional Internet Gateway to handle public traffic, and an optional IPSec VPN connection to securely extend your on-premises network.
Create Virtual Cloud Network [ VCN ]
Under Networking click on Create Virtual Cloud Network
CIDR Block can be 10.0.0.0/16 , DNS Label you can give any name to identify this VCN
What is Internet Gateway ?
A software-defined router providing a path for network traffic from your VCN to the public internet. The Internet Gateway enables Oracle Cloud Infrastructure Compute instances to directly access the internet. You can also connect your VCN via a Dynamic Routing Gateway (DRG) and IPSec VPN connection to your on-premise data center, from which you can route traffic via your existing network egress points.
Create Internet Gateway under the newly created VCN
what is Route Table ?
A set of route rules, viewed in table format, that specifies how IP network traffic is directed based on a destination IP address matching a specified IP CIDR (e.g. 0.0.0.0/0 for the Internet).
A routing table is a set of rules, often viewed in table format, that is used to determine where data packets traveling over an Internet Protocol (IP) network will be directed. All IP-enabled devices, including routers and switches, use routing tables
Create Route Table for Internet Access and No Internet Access
CIDR Block: 0.0.0.0/0
CIDR Block: leave blank for No internet access
There will be 3 route tables 1st one is default, other two are the one that we just created
What is Security list / Firewall rules
A common set of stateful firewall rules associated with a subnet and applied to all instances launched inside the subnet.
Ingress v/s Egress Filtering
Ingress filtering is a technique used to ensure that incoming packets are actually from the networks from which they claim to originate. This can be used as a countermeasure against various spoofing attacks where the attacker’s packets contain fake IP addresses to make it difficult to find the source of the attack. This technique is often used in the denial-of-service attack, and this is a primary target of ingress filtering.
Egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically it is information from a private TCP/IP computer network to the Internet that is controlled.
TCP/IP packets that are being sent out of the internal network are examined via a router, firewall, or similar edge device. Packets that do not meet security policies are not allowed to leave – they are denied “egress”
Create Security list Ingress & Egress rules
1) Name: for-public-subnets
Rules for Ingress
SOURCE CIDR: 0.0.0.0/0, IP PROTOCOL: TCP, DESTINATION PORT RANGE: 22
Rules for Egress
DESTINATION CIDR: 0.0.0.0/0, IP PROTOCOL: TCP, DESTINATION PORT RANGE: All
2) Name: for-private-subnets
Rules for Ingress
SOURCE CIDR: 10.0.1.0/24, IP PROTOCOL: TCP, DESTINATION PORT RANGE: 22
Rules for Egress
None (press the “X” mark on the left side)
Same as above but with Red Cross checked and the Egress rules completely removed.
What is Subnet ?
A subnet is a small network inside a larger network. It is a logical grouping of connected network devices that tend to be located in close physical proximity to each other on a local area network—a LAN.
Advantages of a Subnet include:
- Network performance and speed improve.
- Network congestion is reduced.
- Data delivery is more efficient.
- An organization can take full advantage of the network’s capacity.
- Network security improves.
- Administration eases.
- Troubleshooting can be limited to a subnet rather than the entire network.
- The separation between different departments in an organization is maintained.
Create Sub net
Create two subnets
1) Name: Madhu_subnet_AD1-public
AVAILABILITY DOMAIN: <the-one-which-ends-with-AD1> PHX-AD1
CIDR BLOCK: 10.0.1.0/24
Route Table: internet-access
SUBNET ACCESS: PUBLIC SUBNET
DNS LABEL: leave it blank
DHCP OPTIONS: Default DHCP options for my-first-vcn
Security Lists: for-public-subnets
2) Name: Madhu_subnet_AD2-private
AVAILABILITY DOMAIN: <the-one-which-ends-with-AD2> PHX-AD2
CIDR BLOCK: 10.0.2.0/24
Route Table: no-internet-access
SUBNET ACCESS: PRIVATE SUBNET
DNS LABEL: leave it blank
DHCP OPTIONS: Default DHCP options for my-first-vcn
Security Lists: for-private-subnets
Generate SSH Keys using Putty KeyGen
Generate Public, Private and Open SSH keys using Putty Key Gen
Compute Instances (Public LAMP 14.04 Image)
Under Compute select Instance , then create instance
Name: myubuntuinstance
Availability Domain: <the-one-which-ends-with-AD1>
Image: Oracle-Linux-7.3-xxxxxx
Shape: VM.Standard1.4
Virtual Cloud Network: my-first-vcn
Subnet: AD1-public
Private IP Address: leave it blank
DNS Name: leave it blank
SSH-keys: Browse for your public key or paste-the-contents-of-public_key.pub
Finally our Ubuntu Image is running on Bare Metal
Blog Author Madhusudhan Rao ( follow me on cloud-videos.com and cloud-blogs.com for latest on cloud stuff )