[Oracle Cloud] Best practices framework for Oracle Cloud Infrastructureの紹介


下記のブログ記事で紹介されていた「Best practices framework for Oracle Cloud Infrastructure」について、中身をざっと読んでみたので感想を交えつつ紹介する記事です。

Announcing Oracle Cloud Infrastructure Best Practices Framework


Best practices framework for Oracle Cloud Infrastructureとは



  • Security and compliance
    • Secure and protect your systems and information assets in the cloud.
    • セキュリティとシステムの保護
  • Reliability and resilience
    • Build reliable applications by architecting resilient cloud infrastructure.
    • 可用性
  • Performance and cost optimization
    • Utilize infrastructure resources efficiently, and derive the best performance at the lowest cost.
    • 性能とコスト最適化
  • Operational efficiency
    • Operate and monitor your applications and infrastructure resources to deliver the maximum business value.
    • 運用効率化










Best practices framework for OCIだけ見ておけばOK、とはなりませんが、例えば設計時のチェックリストとしては有効そうです。

「Best practices frameworkに準拠した設計にしてます(キリっ)」とか言えると、説得力がありそう?











Implement Role-Based Access Control

Limit the access privileges for users in each group to only the compartments that they need to access, by writing compartment-level policies.

Write policies that are as granular as possible in terms of the target resources and the required access privileges.

Create groups with permissions to do tasks that are common to all your deployed workloads (such as, network administration and volume administration), and assign appropriate admin users to these groups.



Factor Failover Usage in Your Service Limits

Ensure that you factor in a sufficient gap between the current service limit and the maximum usage to accommodate failover.

When a resource fails, it might still be counted against limits until it is successfully terminated. Ensure your limits cover the overlap of all failed resources with replacements before the failed resources are terminated. You should consider an availability domain failure when calculating this gap.



Learn About the Impact of Stateful Security Lists

Security lists contain stateless and stateful rules. Use stateless rules where it is expected to have large number of connections to avoid performance impact due to connection tracking. For example, use stateless rules for external facing components.



Check Exposure to Known Vulnerabilities

Regularly check Common Vulnerabilities and Exposures (CVE) to determine the level of exposure in your Oracle Cloud Infrastructure tenancy. CVEs provide standard names for publicly known security vulnerabilities and exposures that are cataloged in a dictionary-type format for reference.

The Oracle Cloud Infrastructure OS Management service offers a CVE search facility that enables you to search for a CVE, to see the packages and instances affected by the CVE, and to push out package updates to instances to patch them.







Best practices framework for Oracle Cloud Infrastructure




Be the first to comment

Leave a Reply

Your email address will not be published.