Detailed Review Of Preparation
Exam details:
Exam Duration: 85 minutes
No. of Questions: 55
Passing Score: 68%
Achieved Score: 100%
1) Getting started with Cloud
- Understand the differences between different cloud computing service models IaaS vs PaaS vs SaaS
- Understand Public, private and hybrid cloud computing models
- Understand the cloud terminologies High Availability, Fault tolerance, elasticity, scalability
- RPO vs RTO in terms of DR
- CAPEX vs OPEX and how TCO reduced by migrating from CAPEX to OPEX using public cloud infrastructure
2) OCI Architecture
- Clearly understand the key components of OCI architecture Regions vs Availability Domains vs Fault Domains, as there would be few questions around these concepts testing your knowledge of architecting a HA, Fault tolerant and resilient architecture
- Region: A Localized geographic area, comprised of one or more AD's is chosen based on Location (proximity to your users), Service availability and Data residency & compliance.
- AD: One or more fault-tolerant,isolated data centers located within a region. Each AD has 3 FD's
- FD: Grouping of hardware and infrastructure within an Availability Domain to provide anti-affinity(logical data center)
- Compartment is a collection of related resources to isolate and control access to your resources, which can interact with resources in other compartments and resources from multiple regions can be in the same compartment.
- Compartment can be nested up to 6 levels deep.
- Always recommended to create dedicated compartments instead of creating them in root compartment.
3) Core OCI services
a) Networking services
- Understand the SDN construct of OCI networking VCN and associated concepts of subnet, CIDR
- VCN can have both public and private subnets
- Understand the use cases of different gateways: Internet gateway, NAT, Service, DRG
- IPSec VPN vs FastConnect
- VCN security using security lists and Network security groups (NSG)
- VCN peering: Local vs Remote
- LB and its algorithms
- DNS and traffic management steering policies
b) Compute services
- Understand OCI Compute Services (Bare Metal, Virtual Machines, Dedicated Virtual Hosts, Container Engine {OKE: Oracle Kubernetes Engine} and Functions) and its use cases.
- Understand the differences between horizontal and vertical scaling
- Understand Autoscaling
c) Storage services
- Understand different storage services (Block volume, Object storage (Standard {Hot}, Archive {cold}), File storage, Local NVMe) and their use cases.
- Difference between Boot and Data volume
- OCI provides no RAID, snapshots, backups capabilities for NVMe devices and customers are responsible for data durability
d) DB services
- Understand OCI Database Services (Virtual Machine, Bare Metal, Exadata DB Systems, Autonomous — Shared, Autonomous — Dedicated) and their use cases
- Understand RAC and Dataguard for HA purposes
- Know which DB services support dynamic CPU and storage scaling
- Autonomous Databases: Fully managed database with 2 Workload types: Transaction processing, Data warehouse
- For best performance OLTP database use Exadata DB
e) IAM
- Understand the concepts: Users, Groups, Instance prinicipals, Dynamic Group
- Authentication methods in OCI: Username and Password, API Signing Key and Auth Tokens
- Authorization by writing policies
- Policy syntax: Allow to in where
- Verbs: Inspect, Read, Use and Manage
- After signing up for a new OCI tenancy,need to subscribe to the REGION in order to deploy Infrastructure and services in different parts of the world
f) Other services
- Registry: OCIR is a managed Docker container registry service to pull images for k8s deployment
- Market place: Here you can find listings for two types of solutions from Oracle and trusted partners: images and stacks. These listing types include different categories of applications.
- Data safe: Focused on the security of your data. Features include Security Assessment, User Assessment, Data Discovery, Data Masking, and Activity Auditing.
- Data catalog:metadata management solution
- Data flow: For running Apache Spark applications.
- Data integration: ETL processing
- API Gateway: To publish APIs with private endpoints that are accessible from within your network, and which you can expose with public IP addresses if you want them to accept internet traffic.
- Resource manager: Leverages Terraform to configure infrastructure as a code
- Events: To create automation based on the state changes of resources throughout your tenancy
- Notifications: broadcasts messages to distributed components through a publish-subscribe pattern. Used when event rules are triggered or alarms are breached, or to directly publish a message.
- Storage Gateway: Lets you connect your on-premises applications with OCI for data transfer, cloud tiering, backups, archival & DR purposes.
- Audit: Audit service automatically records calls to all supported OCI public API endpoints as log events. Information in the logs includes the following:
- Time the API activity occurred
- Source of the activity
- Target of the activity
- Type of action
- Type of response
- OS management: To manage updates and patches for your OS in OCI instances
4) OCI shared security model
- Customer responsible for security in the cloud
- Oracle responsible for security of the cloud
- Security Services
- IAM: OCI IAM, MFA, Federation
- Data protection: Key management, Data safe, Storage & DB services
- Infrastructure service: VCN NSG, SL, WAF, DDoS Protection (in-built)
5) OCI pricing, billing, SLA and support
- Pricing Models: Pay as you go (PAYG) , Monthly Flex (Universal Credits), Bring Your Own License (BYOL)
- Data transfer costs: Data Egress to the Internet, Transferring data across regions
- All OCI regions have the same pricing!
- Cost management: Using tags and compartments
- Cost analysis: Filter costs by Date, Tags and Compartments
- Budgets: set on cost-tracking tags or compartments, budget alerts are evaluated every 15 minutes and an alert can be sent when you might exceed your spending threshold
- Dedicated virtual hosts are billed for the Virtual Machine hosts and Boot Volume
- There are stopped state charges for Dense I/O, GPU and HPC Instance, not for Standard compute shapes
- Usage reports: Detailed information about your OCI consumption, automatically generated daily
- Be thorough about the services in Free tier vs Always free
- SLA (Offered: Control, Data, Performance; Not offered: Service/application Plane)
- To register and log support requests, you would need
- Customer Support Identifier (CSI)
- Tenancy OCID
- Resource OCID
6) Final thoughts:
- Remember the scope of various resources (Global vs Regional vs AD)
- Understand the use cases of each resource in OCI
- The questions are simple, yet can be confusing. As you would have ample amount of time left, please spend time on reading the questions thoroughly. Though Oracle writes in BOLD (NOT suitable) and confirms how many options have to be chosen, it’s worthwhile spending time in reading the question a bit slow until you are clear.
- Don’t jump the gun. For instance, I have seen many of our peers stating to choose object storage for the preferred method of storing on-prem backups. But sometimes, the other part of the question can also mention that the cheapest available storage option for such backups.
- Always remember to choose IaaS as the cloud computing model, whenever you would like to customize the setup to the fullest.
- Be thorough with OCI compliance standards (ISO, PCI DSS, HIPAA, SOC ). The complete list can be found at https://www.oracle.com/in/cloud/cloud-infrastructure-compliance/
All the best!