Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for...
Search
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Technology
1
2.3k
CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs
Cloud Solutions Provider (CSP) モデルでOracle Cloud Infrastructureを利用するにあたって、設計上の考慮事項をまとめた資料です。
Oracle Cloud Infrastructure ソリューション・エンジニア
December 28, 2022
Tweet
Share
More Decks by Oracle Cloud Infrastructure ソリューション・エンジニア
See All by Oracle Cloud Infrastructure ソリューション・エンジニア
FastConnect の冗長性
ocise
1
12k
ネットワーク・ロード・バランサー NLB 詳細 / Load Balancer NLB 200
ocise
1
890
OCI技術資料 : ファイル・ストレージ 概要
ocise
3
15k
Oracle Cloud Migrations Service概要
ocise
1
8.1k
OS管理ハブ 概要
ocise
2
2.1k
OCI コスト管理
ocise
3
2.9k
OCI セキュア・デスクトップ 概要
ocise
3
6.4k
OCI技術資料 : リソース・マネージャ(Resource Manager)概要
ocise
2
5.4k
OCI技術資料 : ロード・バランサ FLB 詳細 / Load Balancer FLB 200
ocise
3
18k
Other Decks in Technology
See All in Technology
AIを使っていい感じにE2Eテストを書けるようになるまで / Trying to Write Good E2E Tests with AI
katawara
2
1.1k
Ktor + Google Cloud Tasks/PubSub におけるOTel Messaging計装の実践
sansantech
PRO
1
200
Introduction to Bill One Development Engineer
sansan33
PRO
0
270
An introduction to Claude Code SDK
choplin
3
3.2k
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
13k
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
indigo13love
0
220
Step Functions First - サーバーレスアーキテクチャの新しいパラダイム
taikis
1
260
組織内、組織間の資産保護に必要なアイデンティティ基盤と関連技術の最新動向
fujie
0
500
Recoil脱却の現状と挑戦
kirik
2
100
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
sat
PRO
7
5.8k
SRE with AI:実践から学ぶ、運用課題解決と未来への展望
yoshiiryo1
1
670
激動の時代、新卒エンジニアはAIツールにどう向き合うか。 [LayerX Bet AI Day Countdown LT Day1 ツールの選択]
tak848
0
480
Featured
See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
271
27k
Large-scale JavaScript Application Architecture
addyosmani
512
110k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
235
140k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.3k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
What's in a price? How to price your products and services
michaelherold
246
12k
How STYLIGHT went responsive
nonsquared
100
5.6k
Done Done
chrislema
184
16k
Typedesign – Prime Four
hannesfritz
42
2.7k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
5.9k
Transcript
Cloud Solutions Provider(CSP)モデルにおける OCI設計のガイドライン 2022/12/30
Copyright © 2022, Oracle and/or its affiliates 2 Oracle Cloud
Infrastructure( OCI) Cloud Solutions Provider (CSP) • • OCI
CSP* OCI / → Identity Domain CSP Copyright © 2022,
Oracle and/or its affiliates 3 OCI OCI+ *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/
Oracle IaaS/Paas/Saas Copyright © 2022, Oracle and/or its affiliates 4
OCI IAM Identity Domains SSO (Outbound) • • SAML, OIDC, OAuth • • App Gateway • RADIUS • Linux PAM **** Oracle Cloud IaaS/PaaS • • • • OCI • ID • Console | CLI | APIs • / • • SCIM • AD • ( ) ! ? ü (Inbound) • ID/ • IdP • (SNS) • • • OATH OAuth FIDO2 REST APIs SAML OIDC SCIM IAM OCI IAM IDCS OCI IAM Identity Domains
( ) • 1 ※ • ( ) • Copyright
© 2022, Oracle and/or its affiliates 5 001 A (A ) B (B ) A B (A ) (B ) Default ( )
Copyright © 2022, Oracle and/or its affiliates 6 (1 )
(2 ) (3 ) Default Virtual Machine Block Storage Database ( ) Policies ( ) Policies Groups Groups
( ) Administrators ( ) • • (manage all-resources) ※
( ) ( ) Copyright © 2022, Oracle and/or its affiliates 7 Allow Group <Domain Name>/<Group Name> to manage all-resources in Compartment <Compartment Name>
Copyright © 2022, Oracle and/or its affiliates 8 • (
) ( ) • • • OCI CLI SDK • Free 10 • 6
( ) Copyright © 2022, Oracle and/or its affiliates 9
OCI (…in tenancy ) ( ) • (Cloud Shell ) • ( : Cloud Guard ) • (use) ( : ) • ( ) ( )
(allow group <domain/group> to…) inspect tenancies in tenancy IAM inspect
compartments in tenancy IAM manage tenancy-preferences in tenancy IAM manage network-sources in tenancy IAM ( ) use tag-namespaces in tenancy where any {target.tag-namspace.name ='XXX' } IAM ( ) read announcements in tenancy Announcement (Announcement) read objectstorage-namespaces in tenancy Object Storage API use cloud-shell in tenancy Cloud Shell ( ) ( ) (…in tenancy) Copyright © 2022, Oracle and/or its affiliates 10
Thank you 11 Copyright © 2022, Oracle and/or its affiliates
None
Our mission is to help people see data in new
ways, discover insights, unlock endless possibilities.