Upgrade to Pro — share decks privately, control downloads, hide ads and more …

CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs

CSPモデルにおけるOCI設計ガイドライン / OCI Design Guide for CSPs

Cloud Solutions Provider (CSP) モデルでOracle Cloud Infrastructureを利用するにあたって、設計上の考慮事項をまとめた資料です。

More Decks by Oracle Cloud Infrastructure ソリューション・エンジニア

Other Decks in Technology

Transcript

  1. Cloud Solutions Provider(CSP)モデルにおける
    OCI設計のガイドライン
    2022/12/30

    View Slide

  2. Copyright © 2022, Oracle and/or its affiliates
    2
    Oracle Cloud Infrastructure( OCI) Cloud Solutions Provider
    (CSP)


    OCI

    View Slide

  3. CSP* OCI
    /
    → Identity Domain
    CSP
    Copyright © 2022, Oracle and/or its affiliates
    3
    OCI
    OCI+
    *CSP( ): https://www.oracle.com/jp/partnernetwork/expertise/cloud-solutions-provider/

    View Slide

  4. Oracle IaaS/Paas/Saas
    Copyright © 2022, Oracle and/or its affiliates
    4
    OCI IAM Identity Domains
    SSO
    (Outbound)

    • SAML, OIDC, OAuth

    • App Gateway
    • RADIUS
    • Linux PAM
    ****
    Oracle Cloud IaaS/PaaS



    • OCI

    ID
    • Console | CLI | APIs
    • /

    • SCIM
    • AD
    • ( )
    !
    ? ü
    (Inbound)
    • ID/
    • IdP
    • (SNS)



    OATH OAuth FIDO2 REST APIs SAML OIDC SCIM
    IAM
    OCI IAM IDCS
    OCI IAM Identity Domains

    View Slide

  5. ( )
    • 1 ※
    • ( )

    Copyright © 2022, Oracle and/or its affiliates
    5
    001
    A
    (A )
    B
    (B )
    A
    B
    (A )
    (B )
    Default
    ( )

    View Slide

  6. Copyright © 2022, Oracle and/or its affiliates
    6
    (1 )
    (2 )
    (3 )
    Default
    Virtual
    Machine
    Block Storage Database
    ( )
    Policies
    ( )
    Policies
    Groups
    Groups

    View Slide

  7. ( ) Administrators
    ( )

    • (manage all-resources)
    ※ ( ) ( )
    Copyright © 2022, Oracle and/or its affiliates
    7
    Allow Group / to manage all-resources in Compartment

    View Slide

  8. Copyright © 2022, Oracle and/or its affiliates
    8
    • ( ) ( )


    • OCI CLI SDK
    • Free 10
    • 6

    View Slide

  9. ( )
    Copyright © 2022, Oracle and/or its affiliates
    9
    OCI (…in tenancy
    )
    ( )
    • (Cloud Shell )
    • ( : Cloud Guard
    )
    • (use) ( : )

    ( )
    ( )

    View Slide

  10. (allow group to…)
    inspect tenancies in tenancy IAM
    inspect compartments in tenancy IAM
    manage tenancy-preferences in tenancy IAM
    manage network-sources in tenancy IAM
    ( )
    use tag-namespaces in tenancy where any
    {target.tag-namspace.name ='XXX' }
    IAM
    ( )
    read announcements in tenancy Announcement (Announcement)
    read objectstorage-namespaces in
    tenancy
    Object Storage
    API
    use cloud-shell in tenancy Cloud Shell
    ( )
    ( ) (…in tenancy)
    Copyright © 2022, Oracle and/or its affiliates
    10

    View Slide

  11. Thank you
    11 Copyright © 2022, Oracle and/or its affiliates

    View Slide

  12. View Slide

  13. Our mission is to help people see
    data in new ways, discover insights,
    unlock endless possibilities.

    View Slide