CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs

Transcript

1. Cloud Solutions Provider(CSP)モデルにおける OCI設計のガイドライン 2022/12/30

2. Copyright © 2022, Oracle and/or its affiliates 2 Oracle Cloud

   Infrastructure( OCI) Cloud Solutions Provider (CSP) • • OCI

3. CSP* OCI / → Identity Domain CSP Copyright © 2022,

   Oracle and/or its affiliates 3 OCI OCI+ *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/

4. Oracle IaaS/Paas/Saas Copyright © 2022, Oracle and/or its affiliates 4

   OCI IAM Identity Domains SSO (Outbound) • • SAML, OIDC, OAuth • • App Gateway • RADIUS • Linux PAM **** Oracle Cloud IaaS/PaaS • • • • OCI • ID • Console | CLI | APIs • / • • SCIM • AD • ( ) ! ? ü (Inbound) • ID/ • IdP • (SNS) • • • OATH OAuth FIDO2 REST APIs SAML OIDC SCIM IAM OCI IAM IDCS OCI IAM Identity Domains

5. ( ) • 1 ※ • ( ) • Copyright

   © 2022, Oracle and/or its affiliates 5 001 A (A ) B (B ) A B (A ) (B ) Default ( )

6. Copyright © 2022, Oracle and/or its affiliates 6 (1 )

   (2 ) (3 ) Default Virtual Machine Block Storage Database ( ) Policies ( ) Policies Groups Groups

7. ( ) Administrators ( ) • • (manage all-resources) ※

   ( ) ( ) Copyright © 2022, Oracle and/or its affiliates 7 Allow Group <Domain Name>/<Group Name> to manage all-resources in Compartment <Compartment Name>

8. Copyright © 2022, Oracle and/or its affiliates 8 • (

   ) ( ) • • • OCI CLI SDK • Free 10 • 6

9. ( ) Copyright © 2022, Oracle and/or its affiliates 9

   OCI (…in tenancy ) ( ) • (Cloud Shell ) • ( : Cloud Guard ) • (use) ( : ) • ( ) ( )

10. (allow group <domain/group> to…) inspect tenancies in tenancy IAM inspect

    compartments in tenancy IAM manage tenancy-preferences in tenancy IAM manage network-sources in tenancy IAM ( ) use tag-namespaces in tenancy where any {target.tag-namspace.name ='XXX' } IAM ( ) read announcements in tenancy Announcement (Announcement) read objectstorage-namespaces in tenancy Object Storage API use cloud-shell in tenancy Cloud Shell ( ) ( ) (…in tenancy) Copyright © 2022, Oracle and/or its affiliates 10

11. Thank you 11 Copyright © 2022, Oracle and/or its affiliates

12. None

13. Our mission is to help people see data in new

    ways, discover insights, unlock endless possibilities.