CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs

Transcript

1. Cloud Solutions Provider(CSP)モデルにおける
   OCI設計のガイドライン
   2022/12/30
   

   View Slide

2. Copyright © 2022, Oracle and/or its affiliates
   2
   Oracle Cloud Infrastructure( OCI) Cloud Solutions Provider
   (CSP)
   •
   •
   OCI
   

   View Slide

3. CSP* OCI
   /
   → Identity Domain
   CSP
   Copyright © 2022, Oracle and/or its affiliates
   3
   OCI
   OCI+
   *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/
   

   View Slide

4. Oracle IaaS/Paas/Saas
   Copyright © 2022, Oracle and/or its affiliates
   4
   OCI IAM Identity Domains
   SSO
   (Outbound)
   •
   • SAML, OIDC, OAuth
   •
   • App Gateway
   • RADIUS
   • Linux PAM
   ****
   Oracle Cloud IaaS/PaaS
   •
   •
   •
   • OCI
   •
   ID
   • Console | CLI | APIs
   • /
   •
   • SCIM
   • AD
   • ( )
   !
   ? ü
   (Inbound)
   • ID/
   • IdP
   • (SNS)
   •
   •
   •
   OATH OAuth FIDO2 REST APIs SAML OIDC SCIM
   IAM
   OCI IAM IDCS
   OCI IAM Identity Domains
   

   View Slide

5. ( )
   • 1 ※
   • ( )
   •
   Copyright © 2022, Oracle and/or its affiliates
   5
   001
   A
   (A )
   B
   (B )
   A
   B
   (A )
   (B )
   Default
   ( )
   

   View Slide

6. Copyright © 2022, Oracle and/or its affiliates
   6
   (1 )
   (2 )
   (3 )
   Default
   Virtual
   Machine
   Block Storage Database
   ( )
   Policies
   ( )
   Policies
   Groups
   Groups
   

   View Slide

7. ( ) Administrators
   ( )
   •
   • (manage all-resources)
   ※ ( ) ( )
   Copyright © 2022, Oracle and/or its affiliates
   7
   Allow Group / to manage all-resources in Compartment
   

   View Slide

8. Copyright © 2022, Oracle and/or its affiliates
   8
   • ( ) ( )
   •
   •
   • OCI CLI SDK
   • Free 10
   • 6
   

   View Slide

9. ( )
   Copyright © 2022, Oracle and/or its affiliates
   9
   OCI (…in tenancy
   )
   ( )
   • (Cloud Shell )
   • ( : Cloud Guard
   )
   • (use) ( : )
   •
   ( )
   ( )
   

   View Slide

10. (allow group to…)
    inspect tenancies in tenancy IAM
    inspect compartments in tenancy IAM
    manage tenancy-preferences in tenancy IAM
    manage network-sources in tenancy IAM
    ( )
    use tag-namespaces in tenancy where any
    {target.tag-namspace.name ='XXX' }
    IAM
    ( )
    read announcements in tenancy Announcement (Announcement)
    read objectstorage-namespaces in
    tenancy
    Object Storage
    API
    use cloud-shell in tenancy Cloud Shell
    ( )
    ( ) (…in tenancy)
    Copyright © 2022, Oracle and/or its affiliates
    10
    

    View Slide

11. Thank you
    11 Copyright © 2022, Oracle and/or its affiliates
    

    View Slide

12. View Slide

13. Our mission is to help people see
    data in new ways, discover insights,
    unlock endless possibilities.
    

    View Slide