I recently prepared for and passed the Oracle Cloud Infrastructure 1Z0-1072-OCI-Architect-Associate-2019 exam. The format and the content for the exam is available on Oracle’s education site – Become an OCI architect Associate
I would absolutely recommend a refresh of the OCI fundamentals before jumping into the OCI architect course. This blog would clear your fundamentals on OCI.
I went through the course once at 2x speed and captured most of the information in a word document. The exam is supposedly not as difficult as any other AWS or GCP associate level exams. I am listing the main topics of the preparation course and some of the key elements you should understand and remember before you take the #FREE exam offered by Oracle.
All resources shared during the course are available at this training site location – OCI Architect Associate Resources
Getting Started with OCI
To better understand the OCI interface as well as all the services please review the Infrastructure as a service documentation available here at OCI IAAS Documentation site and services availability across regions across the world.
Lets now focus on individual services and some of the focus areas to remember
- IAM – There are mainly 4 verbs used in IAM to define a policy and they are inspect, read, use and manage.
- Inspect – provided the ability to list resources
- Read – Includes inspect and ability to get user specified metadata/actual resource
- Use – Includes read + ability to work with existing resources (the actions vary by resource type). This verb does not allow the ability to create or delete any type of resource.
- Manage – Includes all permissions for the resource
- The most common format of an IAM policy is listed below –Allow <subject> to <verb> <resource type> in <location> where <conditions> . The subject can be an IAM user, group, resource group etcetera
- Please pay special attention to managing users, groups, Dynamic groups and network resources. You must specially understand that if you want to provide a specific role to a compute instance, you need to attach a dynamic group to it so that it is identified as “principal” and it can make API calls against other services on OCI.
- IAM-Compartment – Compartments are another way to manage your resources by relating them together and accessed by groups that are given permission.
- It must be understood that each resource can belong to one and only one compartment. However, resources can be shared across compartments.
- Resources can also be moved across compartments once they have been created.
- Compartments can have sub compartments that can go six level deep.
- COMP1 > COMP2 > COMP3 > COMP4 > COMP5 > COMP6
- These sub compartments inherit access permissions from compartments higher up the hierarchy
- When an IAM policy is being created, it must be specified which compartment to attach it to.
- IAM Policy Inheritance and Attachment
- Understand how IAM policy inheritance work when resources are moved across compartments.
- Tagging is an additional method to identify/categorize your services inside your compartments.
- Free form and custom tags are allowed under OCI.
It should be emphasized that you must have understanding of creating public and private networks and how all private networks use CIDR ranges identified under RFC 1918. The major networking components of OCI networking is listed below –
- VIRTUAL CLOUD NETWORK (VCN) and Subnets
- Default route table
- Default Security list
- Default DHCP options
- PRIVATE IP
- PUBLIC IP
- DYNAMIC ROUTING GATEWAY (DRG) – Connect on-premises networking and use it to peer VCNs across regions with remote peering gateway. Please understand that DRG connections are always private when used either with Fastconnect for in premises or with RPC across regions to pair VCNs.
- INTERNET GATEWAY
- NETWORK ADDRESS TRANSLATION (NAT) GATEWAY
- SERVICE GATEWAY – These provide a way to connect resources in your VCN to other manager services like OCI object storage.
- LOCAL PEERING GATEWAY (LPG)
- REMOTE PEERING CONNECTION (RPC) – Understand the user dynamic routing gateway (DRG) with on premises versus using DRG with RPC in a multi-region configuration.
- ROUTE TABLES
- SECURITY RULES
- Difference between security lists and network security groups.
- DHCP OPTIONS
- VPN Connect – Please do take a moment to understand how to establish cost effective and redundant connectivity with OCI using VPN connect and DRG. I found this example very interesting to read and understand.
Overview of connectivity options on OCI
- Concepts of load balancing on OCI
- Service discovery
- Health Check
- Benefits of load balancing on OCI
- Fault tolerance and high availability
- Naming Abstraction
- Concepts of a public load balancer
- Backend server
- Load balancing policy
- Round Robin
- IP Hash (sticky connections)
- Least Connection
- Back end sets
- Health Checks – this is a test to confirm the availability of backend servers. Health check is activated for backends, backend sets and overall load balancer.
- Concept of private load balancer
- Bare Metal
- Virtual Machines
- Dedicated VM Hosts
- Creating Custom Images of Boot Volumes
- Images Import/Export
- Emulation Mode
- Para virtualized Mode
- Native Mode
- Boot Volumes
- Cloning a boot volume – Please ensure that you check out the difference between boot volume backups and clones and how they are mutually exclusive to each other.
- Instance Configuration and pools – configure and manage a set of instances/images together.
- Autoscaling configurations
- Instance Metadata
- Instance Life Cycle – start/stop/reboot/terminate
Storage on OCI
- Object Storage
- Archive Storage
- File Storage – Please read through the concepts of creating/managing files systems, managing mount targets, snapshots , using export options (to provide granular access to a file system mounted on same mount target and accessed by two different clients/instances) etc. I found this complete section extremely useful.
- Block volume storage
- Local NVMe Storage
- Exadata cloud
- Exadata DB Systems
- Bare Metal and VB DB Systems
- Autonomous Databases
Some additional resources that I think are extremely useful to review that were not covered in the course are listed below –
- Using Data Guard for database services
- Data Flow
- Data Safe
- Data Science
- Data Science
- Oracle Audit
- OCI DNS Service
- OCI Traffic Management
- OCI Vault
I want to add a few tips from my experience during the exam –
- I noticed most of the answers are in the question, so if you are not completely confident, select what you think is right, mark the question to come back for review and then revisit it as soon as you are reviewing your exam.
- You will notice as you traverse through rest of the tests, some of the questions that follow latter may also have answer to what you could not answer earlier.
If you are interested in other cloud certifications and how to prepare for them, check out our website.
More from same author
AUTHOR: Mukesh Sharma is a multi and hybrid cloud enthusiast with a bias for building robust hybrid cloud systems around mainframes for financial organizations. You can reach him on LinkedIn.