Cloud Solutions Provider (CSP) モデルでOracle Cloud Infrastructureを利用するにあたって、設計上の考慮事項をまとめた資料です。
Cloud Solutions Provider(CSP)モデルにおけるOCI設計のガイドライン2022/12/30
View Slide
Copyright © 2022, Oracle and/or its affiliates2Oracle Cloud Infrastructure( OCI) Cloud Solutions Provider(CSP)••OCI
CSP* OCI/→ Identity DomainCSPCopyright © 2022, Oracle and/or its affiliates3OCIOCI+*CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/
Oracle IaaS/Paas/SaasCopyright © 2022, Oracle and/or its affiliates4OCI IAM Identity DomainsSSO(Outbound)•• SAML, OIDC, OAuth•• App Gateway• RADIUS• Linux PAM****Oracle Cloud IaaS/PaaS•••• OCI•ID• Console | CLI | APIs• /•• SCIM• AD• ( )!? ü(Inbound)• ID/• IdP• (SNS)•••OATH OAuth FIDO2 REST APIs SAML OIDC SCIMIAMOCI IAM IDCSOCI IAM Identity Domains
( )• 1 ※• ( )•Copyright © 2022, Oracle and/or its affiliates5001A(A )B(B )AB(A )(B )Default( )
Copyright © 2022, Oracle and/or its affiliates6(1 )(2 )(3 )DefaultVirtualMachineBlock Storage Database( )Policies( )PoliciesGroupsGroups
( ) Administrators( )•• (manage all-resources)※ ( ) ( )Copyright © 2022, Oracle and/or its affiliates7Allow Group / to manage all-resources in Compartment
Copyright © 2022, Oracle and/or its affiliates8• ( ) ( )••• OCI CLI SDK• Free 10• 6
( )Copyright © 2022, Oracle and/or its affiliates9OCI (…in tenancy)( )• (Cloud Shell )• ( : Cloud Guard)• (use) ( : )•( )( )
(allow group to…)inspect tenancies in tenancy IAMinspect compartments in tenancy IAMmanage tenancy-preferences in tenancy IAMmanage network-sources in tenancy IAM( )use tag-namespaces in tenancy where any{target.tag-namspace.name ='XXX' }IAM( )read announcements in tenancy Announcement (Announcement)read objectstorage-namespaces intenancyObject StorageAPIuse cloud-shell in tenancy Cloud Shell( )( ) (…in tenancy)Copyright © 2022, Oracle and/or its affiliates10
Thank you11 Copyright © 2022, Oracle and/or its affiliates
Our mission is to help people seedata in new ways, discover insights,unlock endless possibilities.