hey this is andrew brown from exam pro and welcome to another cloud certification and this time it's oracle foundation's associate certification it is the entry-level certification for the oracle cloud infrastructure platform uh and i'm going to show you in less than a week how to pass this certification and if you are new to cloud it's a really great one to do and i have some really great follow alongs for you that's going to show you how to set up your account how to launch an instance and database and just generally understand uh the reasons why you'd want to use cloud so uh you know i hope you enjoy this course please do the follow alongs it's gonna really help you pass uh and i'd love to hear uh your feedback and if you do pass definitely share that with me because i love to hear that you're passing these courses and i'll see you soon [Music] so i want to do a quick comparison between the oci foundations and the aws certified cloud practitioner certification both these uh certifications are foundational so they are the first certification you would take if you're starting out on cloud um but let's get into it and the first thing is that the oca foundation certification is only valid for 1.5 years and that is a very short period of time the aws certifications are generally two years but as of recent the ccp is now valid for three years and so why oracle did this i do not know but i i guess that the reason they might have done this is that because their platform is so new they're anticipating that their platform is going to rapidly change in the next couple of years and they don't want to have a bunch of certification holders who claim to know how to use their platform when the platform is so different so maybe uh the next time in the next two years we'll see um they'll have new versions of their certifications and they'll be valid for a longer period of time but right now it's a very short period of time and i do not like that one thing i want to point out is that the oci foundation certification is five dollars cheaper than the ccp that is a very minute difference but it might matter to you if you're on a budget if you are going for multiple certifications beyond the foundational cert um one thing i really like that aws does is they give you half off the next certification so if you sat the ccp which is a hundred dollars and you go for an associate which is generally 150 it's now just 75 dollars so you're spending 175 dollars for two certifications oracle does not have such a deal right now um if if you're listening oracle i strongly recommend that you uh adopt this because it's very very cool um but right now they do not have it so you're going to get a better deal on the side with aws if you've ever taken the az 900 or the aws ccp and you're wondering whether you should go take the oracle foundations i'm going to tell you that the knowledge transfer is extremely good if you were to pull up all three of these certifications on the screen right now uh like the exam guides you notice that their their outlines are extremely similar so the only difference is that the names of the services are different and there's some differences in billing so if you already have that ccp and you want to add another certification to your roster certifications and you have the money i do strongly go recommend and get the oracle foundations one thing i don't like about their exam is that it doesn't have weighted domains and i'll we'll talk about this in an upcoming slide but the problem with that is that if they're not weighted that means that the exam isn't going to be as balanced as it could be and so it'll be harder not because it's technically difficult but because the the balancing is off so hopefully they will solve this in the future this is a pro or con depending on the way you look at it but they are a very young cloud provider so they don't have as much stuff as aws but that's also advantage if you're new to cloud so if you find aws extremely overwhelming and you want to have a work on a simpler platform you can dig into oracle and grow with the platform as they add more additional services and the last thing or not the last thing but i want to point out that their documentation is very fragmented this was very hard for me to put this course together because there was conflicting information or just i had to fill in the blanks for you here uh and i think i did take the best guests here but that is one thing that i wish they would improve upon and the last thing and this is the most important thing is that there is a lack of oracle certification holders and oracle is a very old company they've been around since the 70s and there's a lot of companies using oracle so if you do get oracle certifications i definitely believe there are jobs out there where having these certs are going to matter i do consider it a smaller market than the adabus certifications but if you are looking to stand out then this is a great certification to get so there you go [Music] so let's take a look here at the exam guide and this is the outline of what's actually going to be required of us to pass the exam and then after we go through the highlights here we'll actually open up the actual exam guide and i'll show you uh where you can find that information so the first thing is the domains and so the domains are cloud concepts osa infrastructure osec core services security billing and pricing but one thing you're going to notice is that there are there is no domain waiting on this exam so these domains uh we don't know if the exam is comprised of 40 of the questions of security 10 percent if these are all evenly distributed we just don't have that information and so that is one of the downsides of oracle certifications i think maybe in the future they might tell us but at this time i could not figure out how the uh how the questions are distributed but that's just what it is to pass this exam you're going to have to get a 68 i don't know if oracle i do know things about oracle but i don't know if they uh they do it at based on like a point system so on a bus it's like a thousand out of whatever um so you know you'd have to get 680 points to score out of a thousand but anyway we know the passing grade is 68 there are 60 questions on the exam uh and so you can afford to get 19 questions wrong all the questions are multiple choice there's no uh no questions where you have to multi-select any boxes so that's a little bit nice all right well it turns out i was actually wrong it does have multiple choice and multiple answers i just wanted to quickly correct that there and we'll go back to the video so yeah you're going to get a combination of both and you could see multiple answers where they might be asking you between two and three choices to choose from and then multiple choice would be just one out of the four um but there you go uh you have 105 minutes to take this exam so that means you're going to roughly have two minutes per questions uh it's going to be less than two minutes but you're going to have a lot of time to uh pass this exam and i strongly recom you're going to definitely have time left over and i strongly recommend that you go back and review all your questions and make sure that you made the the correct choices because sometimes when you're studying you're just in a hurry to get to the end so you don't run out on the clock and you should really go and take a second look at your questions and the last thing is that this exam is only valid for 18 months so once you get the certification you do have to get recertified in 1.5 years and i did say earlier that i i found that a strong disadvantage for oracle certifications and maybe that will change in the future but that's just how it is right now um but there you go and we'll go jump into the actual doc the actual pdfs now so here i have the exam guide opened in front of us here so we can get a bit better details of what the domains are one thing i couldn't easily find was how long the certification was valid for the way i found it was there was another marketing page and from this page there was this link and in this link it told us it was valid for 18 months and that's how i found out you have to get your certificate recertified in 1.5 years why it's not in this documentation i have no idea or i might have just not noticed it but i just wanted to point that out if you're trying to validate what i'm saying about the um how long the certification is valid for so let's hop over to the certification details here and just give it a quick zoom in here and you're going to notice that the exam number or for this exam is 170 1085 hyphen 20. i do not know why they named it that because it's very complicated maybe they have a lot of other exams we're not aware of but that is the name of your exam number it's very important to know your exam number because if there are future exams you need to know which one you are taking because the content might be different here they say the target audience is designed for technical and non-technical professionals involved in selling and purchasing oci infrastructure which i definitely agree with um to take this exam you can take it via pearson vue so that is the partnered um data set or test center network so there's a few different tests test center networks and pearson view is a very well-known one for their proctored exams proctored meaning that you can take the exams online so you can take this in a test center and that is the preferred way that's the way i suggest you to take your exams or you can take it online where they connect via webcam and they make sure that you uh you aren't cheating and then you just take it from the comfort of your own home we can see that's 105 minutes we have 95 for the exam cost and it looks like it says 25 percent discount on the list price if you are an opn so part of the oracle partner network you are likely not part of the oracle partner network if it's anything like the amazon partner network uh you have to do a lot of work to join that but if you are working for company and they have this then you can save a bit of money and the passing score here is 68 again it doesn't tell us the points it doesn't say 680 points it doesn't tell us the breakdown of the uh the scoring but we'll take a look here and maybe i'm wrong but i'm pretty sure it does not then we have some stuff about certification benefits nothing super exciting here but this is what the badge looks like so once you pass the exam you can download this digital badge and you're going to want to you could put this on your website but the huge advantage is you wanted to have that certificate and put in your linkedin so everyone can see it that's the the main goal of getting certifications is putting them on your linkedin and so we'll just scroll down a little bit and now we'll get to the actual um exam topics or i like to call them domains because most other providers call them domain so the first one is cloud concepts so and understand terms like scalable elastic agility fault tolerance capex opex understand the difference between iass pass and sas understand public private hybrid models reduce tco with migrations on-prem cloud without re-architecting then you have the getting started with oracle infrastructure so describe the key features components of oci so multi-ad 1ad 80 fault domains console apis clis and sdks i don't think we cover these two things but there's not much to talk about so i don't know why they have it there because i did not see it on the exam oracle cloud infrastructure services so understand the core services i am compute network storage databases understand cloud native services okay ocr ffn streaming api gateway um so that's kind of interesting then you have security compliance so oci security services so vcn sl nsg waff etc etc pricing support and operations so oca pricing model understand oci subscription models pricing calculator free tier the oci sla oci operations oci concepts like budgets quota limits and support so that is the breakdown of information that we need to learn and that we're going to cover that all in the exam what's surprising is that they don't have any white paper so with aws they usually have technical white papers they want you to read oracle actually does have white papers but it doesn't appear to be part of their exam just yet so maybe they'll do that in the future there's some information about like exam score if we pop over here doesn't really tell us much about how the scoring works it's just saying that you'll get the score with pearson vue after the fact and there's just some other information so hopefully that helps you better understand the breakdown exam and now we can jump into uh the actual content itself and start learning oracle so uh with on-prem or on-premise uh you own the servers you hire the it people you pay the rent or real estate and you take all the risk but with using uh the cloud someone else owns the servers someone else hires the i.t people someone else pays pays or rents the real estate and all you're left to do is uh with the responsibility of configuring your cloud services and code and everything else is taken care by the cloud provider so it sounds pretty good to start with so to really understand cloud computing let's look at the evolution of servers to see how we got to cloud so if we go back to the 90s if you wanted a server you'd have to get a dedicated server and what that means is you'd have to go out buy a physical machine or all the components for it assemble that machine hire the it staff install the operating system and it was really designed only to run a single web app or website and so this was very expensive it was very high maintenance so if you wanted to run a web app you had to have a lot of money so it wasn't accessible to everybody and then as time progressed we figured out how to virtualize servers that means we were able to um place a virtual uh machine within a machine so you'd still buy a physical server but we had this other layer where we could actually run four websites or web apps on a single machine as opposed to buying four machines so the machine was better utilized uh and so that was a a a great advantage in um server technology then came along shared hosting so maybe the early 2000s the idea is that you had this one physical machine but instead of you having to buy that machine yourself which was really expensive you could share the cost with hundreds of other businesses and the way you're isolated uh from other um businesses is that uh you would wouldn't be necessarily in your own virtual machine but you'd have your own account on that machine uh and so you're really relying on other tenants so clients under utilizing the resources the only disadvantage of shared hosting is that if you have a particular client who overuses the machine everybody suffers because um that person is overusing the the the resources but generally most of the time it's very cheap but there are some serious limitations and then along came cloud and so what cloud did was instead of using a single machine you're able to use multiple physical machines that act as one system so the system abstracted uh the systems inspected away and we just called them cloud services and so the advantage here is that you get that virtual isolization uh which you have with virtual machines uh but you also get to save a lot of money because you're sharing the cost with a lot of other people um and and you get all these other advantages so with cloud hosting it's flexible scalable secure cost effective and high highly configurable if this isn't clear right now it will be uh later uh later on because i'm definitely going to really uh make the differences very clear here and all these models are still used so people still use dedicated servers virtual private servers shared hosting and cloud hosting it's just based on your use case but there's a lot we can do with cloud [Music] so let's take a quick look at what oracle is you may have seen their logo before if you've worked in enterprise or you've been working in tech for a very long time because they are a very well-known company they are an american multinational computer technology corporation headquartered in redwood shores california they are the second largest software company by revenue and market capitalization that is a quote from wikipedia so i believe that it may be true and they have been around since the late 1970s and that explains why they're in redwood shores california because a lot of tech companies established themselves there i think microsoft did as well and they're uh best known for their databases so it's always a surprise when people say oh they're cloud provider i thought they only did databases they do other things and one database you might know is the mysql database so oracle has their own database called oracle but they also have mysql i don't believe they originally made it i think they bought it and it's an open source database but um those are two very popular databases so then the question is is what is oracle cloud infrastructure and that is what oracle calls their cloud service provider so with aws um that is so you have amazon and so amazon's is called amazon web service for google it's called google cloud uh provider and so oracle calls there's oracle cloud infrastructure so that's just what it is and so we can generally refer to it as oracle cloud infrastructure so oci or oracle cloud so when i say either of these or all three of these these are all the same thing just so you don't get confused and that is what we're focused on for the certification learning the oracle cloud infrastructure [Music] let's talk about the advantages of cloud computing and the first thing is on demand so you only pay for the resources that you consume there's no upfront cost with cloud computing you generally pay by the hour or by uh the minute or second depending on the service so you don't have to buy a server out right or or necessarily commit to uh like a like a one year three year or five year contract so there's a lot more flexibility there if you want to start doing business anywhere in the world you can because with cloud computing you can launch your workloads anywhere if you want to launch servers in tokyo frankfurt or canada you can just do that there is no extra work in order to start doing that the cost is a lot cheaper because you're sharing the cost with thousands of other customers all those computers have been uh treated like a single computer so the idea is that you are really saving a lot of money because there's so many people on the platform but you're still secure because you're all virtually isolated from each other you no longer have to do a lot of upfront work to launch a server or set up infrastructure so if this was on prem you would have to decide okay we're going to have this kind of networking and these kind of servers and we're going to hire these kind of people and so you have to really plan for your project in the old way but with cloud you can just start launching resources experiment and as you experiment you have detailed monitoring on a lot of those services and so that's going to make it a lot easier for you to figure out exactly what you need and you don't really have to guess um if you uh are launching a physical server like if you're doing on-prem you might and you're expecting you're going to have a lot of growth you might end up having to buy a bunch of servers that are not being utilized because you haven't met that capacity yet but the cloud it's elastic so you can add or remove servers uh when need be so you're only paying for the actual uh capacity that you need so that's really nice and the last thing is that it's really really fast to market so with a few clicks you're going to be able to set up a bunch of infrastructure where if you're doing this on your own it could take weeks or months if you had to do it in your own on-premise or data center so hopefully that points out what are the advantages of cloud computing [Music] so let's take a look at the types of cloud computing and starting at the top of our pyramid and i promise you this is not a pyramid scheme it is just a great way of doing this visualization at the top we have a software as a service also known as sas this is a product that is run and managed by a service provider you do not worry about how the service is maintained it just works and remains available examples of sasses would be salesforce gmail and office 365 and this is for customers so you probably used a sas product and you just don't know it is the most common type of cloud computing so you've been using cloud all along then the next level down is platform as a service which is paas or maybe people would say pass but i've never heard anyone say it like that and this focuses on the deployment and management of your apps so you don't worry about provisioning configuring or understanding the hardware os to launch your applica your web applications so this for aws this could be elastic bean stock there's also heroku which is a very popular provider among junior developers and then you have google google app engine and this is really suited for developers it just makes development a lot easier without you having to worry about setting up your servers and then at the bottom we have infrastructure as a service and so this is the basic building blocks for cloud it provides access to network features computers data storage space you do not worry about the i.t staff the data centers or hardware and this is really what we are interested in uh so examples could be microsoft azure aws and oracle cloud and this is really intended for admins or being able to do anything and everything that you want um so when we look at oracle cloud it is an iaas or ice i don't know how to say that but you it also has platform as a service and software as a service so when you look at that pyramid you have to understand that infrastructure service the bottom encompasses everything so you know hopefully that makes sense but yeah that's the types of cloud computing [Music] so let's talk about cloud deployment models here very quickly so the first is cloud native and this is where everything is built on the cloud so here's an example of an architectural diagram what it does is it takes an image you upload to the cloud and then what it does is it turns it into a thumbnail and it gives it back to you but the point i want to get across here is that when we're talking about using the cloud as a deployment model that means that we're 100 using the cloud then you have hybrid architectures also just known as hybrid that's where you use on-prem and the cloud again on-prem would mean like your own local data center and then cloud would be the cloud provider and so what you could have here is you could have on the left-hand side this is the cloud network and then you have the on-premise network and they're being joined together to do work together so just because um you're utilizing cloud doesn't mean you have to get rid of your your uh your local data center or your on-premise data center you can use both and it's very common with large enterprises because there are definitely reasons to keep on-prem around for uh security regulations and or just because you've had a data center for so long it's just too hard to move everything over to cloud then you have cross-cloud this is where you're using multiple cloud providers some people might call this multi-cloud or hybrid cloud and so this is an example where we have aws on the left gcp on the right and we have azure connecting them together for the actual exam most cloud providers do not like mentioning cross cloud because they really want you to focus on uh their cloud platform some are more friendly than others for oracle they they're very collaborative with azure or microsoft so you'll see a lot of stuff cross cloud with those two providers oracle and microsoft and then microsoft tries to connect to everything but yeah those are the three deployment models but for the exam it's probably going to be like cloud hybrid and on-prem i just list that last one there for your own benefit [Music] so let's talk about cloud architectural terminologies which is very important about the cloud so the first term i want you know is called availability and this is the ability for a service and when i say service i mean web application um to remain available and if we had an application that was very very available we would call that high availability ha and that is a term you definitely need to know and don't worry we're just going through a quick list here and then we're going to actually look at them all in more granular detail but i'm just going to quickly go through all these terms this next one is scalability so this is the ability to grow rapidly or grow where you're unimpeded so that is scalability then you have elasticity elasticity this is the ability to shrink or grow to meet the current demand then you have fault tolerances the ability to prevent a failure then you have disaster recovery this is the ability to recover from a failure and we usually call this uh being highly durable so it's abbreviated to dr i'm sure these other ones have abbreviations but generally the only two that people know is ha and dr so this is the two ones i want to emphasize [Music] so let's take a look first at high availability and this is your ability for your service to remain available by ensuring there is no single point of failure and or ensure a certain level of performance now i put no single point of failure because some of these terminologies kind of overlap in terms of responsibilities and so single point failure is really for uh responsibly for another one but you know i do highlight it here uh just to make the example bit easier so an example of having high ability is imagine you have a server and uh if you only had a single server and for whatever reason if the um data center became unavailable like let's say there was a outage um or a network outage or some sort or natural disaster then your website would not be accessible anymore so in order to make it highly available what we need to do is we need to run our server in more than one data center and so that's what you're seeing in that graph where you see 81 82 83 we have three servers running in three data centers and then we are sending all the traffic to all of them and actually running your your um your uh your your service in more than one data center and in fact three in three different data centers is a very very common practice uh is is generally a minimum requirement for a lot of enterprise companies because if one data center was to go out um then you need to have another redundant data center that that has your service running but if two went out and that's very unlikely but it's totally possible that's why you need a third one so three is the magic number and you need to definitely remember that but what is the mechanism that allows us to um distribute traffic to all these three uh different data centers where we have servers in each one and that's called a load balancer and so every cloud provider has a load bouncer and i believe oracle's is called the oracle load bouncer and so a load bouncer allows you to evenly distribute traffic to multiple servers in one or more more multiple data centers if a data center or a server becomes unavailable and so we could say that that means that it's unhealthy the load bouncer would route traffic to only healthy data centers and servers so again the thing here this red thing that's the load bouncer that's the internet from the internet we have traffic coming in and then it's going to evenly distribute to all those servers so that is high availability [Music] so the next cloud architecture terminology we want to talk about is high scalability so this is your ability to increase your capacity based on the increasing demand of traffic memory and computing power so imagine you have a server and the server is not powerful enough to run your service so what would you do the first thing most people would do is they'd buy a bigger server and this is called vertical scaling or scaling up because you are uh you're using the same machine and you are making it bigger so that is what vertical scaling is another way to scale is called horizontal scaling and this is where you scale out so you're adding more servers of the same size so that's vertical scaling and horizontal scaling you need to know scaling up and scaling out but that is the general concept of high scalability [Music] so now let's take a look at high elasticity so this is your ability to automatically increase or decrease your capacity based on the current demand of traffic memory and computing power it sounds a lot like the last one but there's one key difference and that is that you can add or remove servers add or remove based on the current demand of traffic and so the only way we're going to be able to do this is with horizontal scaling but when we are adding more servers we call that scaling out and we're removing servers because the traffic is it has reduced in size that is called scaling in and so you generally won't hear the term vertical scaling with high elasticity because generally it's very hard for traditional architectures to um to to scale elastically it's very hard to resize a single server to make it larger or smaller it's a lot easier to add extra servers of the same size so you just generally will only see it associated with horizontal scaling now the question is is how would you automatically scale in or out and generally there all cloud providers have a service for that the one that is for oracle is called auto scaling configuration so in oci you can configure scaling rules for your instances with the oracle autoscaling configuration so you could say when my server is uh is being the cpu is being 75 utilized add another server and when it goes down then remove another server and so high elasticity is a really great way to save money but also to make sure that your web application remains available because it can meet the current demand of traffic [Music] so let's talk about um being fault tolerant so this is your ability for your service to ensure there is no single point of failure preventing the chance of failure you'll notice i had mentioned this in high availability the no single point of failure thing it really means fault tolerance but you'll see in the example it kind of seems very similar to our other example there where we have redundant systems to make sure that we don't have a problem so here's an example we have a database and so we have a master database and something's happened to our database and so we want to make sure that in the case of failure we can fail over to a redundant system so we call this a slave and it's on standby because it's not in active use but it will be once we move it over and a really good way to conceptualize this is if if you think of like a play like for theater you have the lead actor or actress and they always have an understudy a person that will take the the the main actor actresses place if they get sick and they will know everything they'll be up to date on everything and so that is what we have here where we have that says it's in sync because that standby slave has the exact same information as the master it's just not in use and so the and so when there is a failure we call it a failover that uh that's when uh you plan to shift the traffic to the redundant system in the case the primary system fails so that is fault tolerance [Music] so let's talk about high durability and this is the last one on our list so this is your ability to recover from a disaster and to prevent the loss of data so solutions that recover from a disaster is known as disaster recovery dr you're going to want to remember that abbreviation it's used a lot in the cloud and so imagine you have a database if you had a single database and something happened to it you would be out of business so you want to have backups you might also want to re run your database in multiple data centers across multiple regions and that's what we're doing here and then we want to have backups so that is generally like a very sim simplified way of thinking about disaster recovery but the questions you should be asking is do you have backups how fast can you restore that backup does your backup still work just because you have a backup doesn't mean it works and how can you ensure your current live data is not corrupt so just because you have a backup maybe there's actually a bug in the real-time database so maybe an analogy would be imagine that you have defective cells in your body your body wants to repair those cells so you don't get cancer so it's always replacing old dead cells and and this thing can actually also happen with databases where you have bad data and you don't want that bad data to spread so you can have self a self-healing database so hopefully that makes clear what high durability is [Music] so let's talk about the total cost of ownership tco but you might also know this as capex and opex as a comparison of what the total cost of ownership is and to understand this uh this concept i have this nice visualization where i have two icebergs um where you have the ice cap and then what's underneath some people don't think this looks like uh icebergs um they think they look like teeth or something strange so what i've done is i've added uh some penguins and a whale so that you know that they are icebergs uh and this is the best i can draw so um you know don't give me too hard of a time but let's look at the comparison here so on the left-hand side there is capex and this would generally be your on-prem and you'd be purchasing software license fees and then you have opex on the right-hand side so this would be your cloud provider so in our case this is oci and what you are paying for is subscription fees so the idea here is that the total cost of ownership is is the idea is that if you want to own everything that you have to pay for everything and the idea is that by letting go of the ownership of things and you're going to have a lot of reduced costs and also reduce responsibilities and that's going to be better for you in the long run but let's look at on-prem so if you're on-prem you have to worry about implementation configuration training and then the the the large cost there is the physical security of your building the hardware that you uh need to buy and install and maintain uh you the it personnel so all the people to manage your on-prem data center but when you move to the cloud you don't have to do any of that all you have to worry about is implementation configuration and training all that other stuff that infrastructure to run your servers and everything is abstracted away uh and so what you could see is about 75 percent saving so that's the aws example i'm sure it's the same for oracle but the idea is that uh previously you're paying a lot of money and now you're paying very little money and you can just focus on building your software um but what we really need to do for the oracle certification is really understand capex and opex because that's what they like to talk about so we're just going to cover this again and make sure you understand those two terms very clearly [Music] so let's talk about kpex versus opex and so kpec stands for capital expenditure and opera and opec stands for operational expenditure so for capital expenditure this is your on-prem cost like if you own everything so you own or rent the building you own the vehicles maybe like company vehicles you own the hardware uh you own any type of equipment to do the job and maybe you even own the lands uh or you rent the land so there is a capital expenses there a lot of people still like to do on-prem or data center because they care about capital expenses because they can get tax breaks and other things like that um i don't think that's a great practice because um you know it's better to uh not worry about these things um but some people that is a motivator in the enterprise world's like oh well if we we purchase it as a capital expense then we get to get a discount on it um for operational expenditures that would be like the products you purchase um the business itself or any systems so operational expenditures but the key takeaway i want you to have there is capital expenditure stands for capital that's where you buy things out rate and opex is operational expenditures and that's opex and this concept is the same thing as the tco where we're just looking at the difference between between who has ownership of what [Music] okay so i know we already covered the evolution of servers but i really wanted to uh make sure you understand the evolution of computing uh visually and the trade-offs as to why because it's going to really help you uh understand the difference between uh a bear bare metal machine vms containers and functions so what we have here is a graphical representation of a bare metal or you might call it a dedicated machine uh so the idea here is that we have a physical server that is wholly utilized by a single customer you don't have you have to guess your capacity uh and you'll probably overpay for an under utilized server so if you have an application or multiple applications you're always gonna end up with a wasted space because you're always gonna have to buy a larger server because you're anticipating you're going to have to fill it but that space is going to be costing you money because it's not being utilized upgrading beyond your capacity would be slow and expensive because you'd have to buy an additional server or you'd have to replace the server you're limited by the operating system so you have one uh operating system installed it's going to be hard to patch and update especially if you have multiple applications and if you do have multiple applications running on a single server because you're trying to save money you might have conflicts in resource sharing so one might use more memory than the others because they're not virtually isolated or one could cause a vulnerability than the other one but the advantages of having a dedicated or bare metal machine is that you have a guarantee of security privacy and full utility of the underlying resources but with the caveat that you're actually able to configure it so that it is secure private and etc and so notice that i have an asterisk over the word dedicated so dedicated could just mean that you wholly utilize a single customer but the thing with bare metal is that there is no hypervisor layer so you could have a dedicated virtual machine or a dedicated bare metal machine but you'd never actually ever have a bare metal machine that is not dedicated i don't think there is a shared version of it so just note that there is no hypervisor at this layer it's like the original server where you have no no extra software layer for abstraction [Music] so now we're going to take a look at vms they're also known as virtual machines so you can run multiple virtual machines on one machine so look at our graphic there and you'll notice that it's not just one app it's multiple applications uh and so the way we're able to launch virtual machines is with the software layer layer called hypervisor that's all you need to remember that hypervisor is the one that makes virtual machines work and it's a physical server shared by multiple customers if it wasn't and you're the only one using it it would be called a dedicated machine so you can definitely have dedicated virtual machines it just depends on how you want to use that word dedicated you only pay for a fraction of the server because you're sharing that cost with everyone else you're still overpaying for underutilized virtual machines so the whole server you're not paying for the entire server anymore you're paying for the slice of server um that you've chosen to use you are limited by the guest operating system so the the the machine has an operating system and in the virtual machine you have the guest operating system but if you want to run multiple apps they're all limited by that uh that same one but multiple apps on a single virtual machine can result in conflicts and resource sharing so we still have the problem as we did before where one app could use more memory than the other and there's no way of setting limits on in each individual app so that is virtual machines and we'll move on to containers [Music] so now with containers uh what we have done is we are running a virtual machine that's running multiple containers and so container is just another isolation of your application but it also bundles in with it uh like os layer and package stuff so we're not bound by the actual operating system so the the software layer that controls the ability to run multiple containers if you're using docker it's called a docker daemon it's like hypervisor but that's for containers and your server can have hypervisor and docker daemons at the same time but the best part about this is that now we can maximize the utility of our server so instead of it being wasted space it we now have uh available capacity and it's a lot more cost effective because it's very easy for us to launch isolate isolate applications and we don't have to worry about them affecting each other and we don't have to worry about uh messing with the configuration of the os because it's all isolated so your containers share the same underlying os but the containers are more efficient than multiple vms and multiple apps can run side by side without being limited to the same os requirements and will not cause conflicts during resource sharing so you look at this you say how can we get any better than this and that's what functions will be next but you know hopefully the takeaway here is that we have less wasted space with containers or i should say now the space is more flexible or available for us to utilize [Music] so now we'll take a look here at functions and functions breaks down um our computing even further so uh what we do have is we have a managed vm and we also have managed containers so we're not responsible for the containers or the vms the cloud provider has ones for us and this is known as serverless compute because you don't have to worry about like setting up the containers or setting up the vms or anything all you need to do is upload your code and choose the amount of memory duration that you need and you're only responsible for the code and data and nothing else so it's extremely cost effective and you only pay for the time the code runs vms only run when there is code to be executed the only downside to functions or serverless compute is that they generally have a cold start so the these the vm that runs the actual or the containers that need to need to be launched and so there's that time it takes for it to launch um and that's only that's the only downside but there are ways around it but the point is is that uh with with serverless or uh or con or serverless compute it you can see that there's a lot less responsibility that you have to manage but there is lack of flexibility because you you're constrained with whatever those managed containers are have but anyway that's functions [Music] hey this is andrew brown from exam pro and we are starting on a new section here called the oci global infrastructure where we're going to look at all the bigger things that run the oci platform and the first thing we're going to look at is called regions so region is a geographically distinct location that has many data centers uh data centers uh in ocr called availability domains which we are going to talk about uh shortly here um and so i just want to emphasize that i say a region is a geographically distinct location uh the oracle documentation calls it a localized geographical area um i think we're picking hairs here but on the exam you might see it called a localized geographical area just realize that it's the same thing but the idea is it's just a part it's a place in the world okay and as of the year 2020 oci has 21 regions and they plan on having 15 more the three kinds of regions you can have are commercial so that's any customer can launch a resource in these regions government so only governments can launch resources in these regions and then we have azure connected so we have some commercial regions that are connected to microsoft azure which is another cloud provider um and it's similar it's similar in terms of services and stuff but they seem to work together pretty well uh if you're still not sure about what regions are i'll pull up the website here in a moment but i just want to show you a technical architectural diagram and this is the first architectural diagram of this course so what we have here is a a representation of oci so oci there is the actual platform and then we have a region because that's where you would launch your servers and a region can be any like a bunch of places in the world so it could be in toronto or it could be in tokyo so in this one we have one that is for tokyo and inside there we have an ad that's the the actual data center and in that data center we have our actual server okay so that is a region and now we'll just hop over to the website so you get a better visual idea what a region is so i found a world map here of all the regions for oracle and so the ones in red are the ones are commercial those are the regions you'll be able to launch your resources within then you have government regions those are the ones in blue as you can see they only have two currently here in north america these government regions exist because the government wants to launch resources onto the cloud but they need to meet certain requirements so these data centers are highly specialized for government regulations so unless you work for the government you're not going to be able to launch resources within those regions then you can see we have planned regions here so that's just oracle saying hey we're going to have more servers soon so please keep please make sure that you use oracle um there's also azure connected regions but they're not showing up here on this map so it's probably an ashburn in phoenix so it's just not clear it's very hard to find that graphic if you want a full list of regions you can go to the documentation here and here they all are they have this region identifier uh so that's what you're going to be used to looking at this is how you're going to identify the regions but they also have this thing called a region key here so we have sdk mel and etc and it shows how many availability domains those are the amount of data centers within that region which we'll talk about more later um if you want to see like actually how you switch regions when you log into the actual provider you'll be able to drop this down and just switch the region that you are in and then if we come over here just to this page here this shows us that not all services are available in every single region so if you want to make best use of all the oracle services they're always going to be available in u.s east or usc 1. i bet they always launch their new services there but just be aware that you might not have access to certain services and it just could be a matter of time for them to get the infrastructure they need to be able to run those services within your region uh and so i think that is everything we need to know about region so there you go [Music] so let's take a look at ads and ads is short for availability domain and this is what oci calls a data center and a data center is a secured building that contains hundreds of thousands of computers on the right hand side we have an example of an interior of a data center and of course you wouldn't want to have your dog there but i love that photo and all those wires on the right hand side are connected to a ton of servers and so a region will generally contain three data centers and that is a very magic number and we'll talk about that here in a moment but to talk about data centers within a region they are they need to be isolated from each other so in diff completely different buildings and the reason why is that if one data center fails you have other ones you can rely on but another important thing is that the servers need to or these data centers need to be just close enough so they provide low latency so those are the two things they need to be far enough away and isolate so there's no disaster but close enough that they're super super fast to talk to each other and this comes down to our last thing here which is um it's a common practice to run your work workloads in at least three availability domains to ensure services remain available in case one or two data centers fail now when i use that word workload that's the same thing as if i said service or web application so you'll see me interchange those words throughout this course workloads service and web application it generally means the same thing and so here is an architectural diagram of a region and in that region we have three data centers so ad-1 8283 and this architectural diagram is not actually accurate because ca toronto one doesn't actually have um three data centers in that region so we said earlier that generally there's three data centers but toronto is not one of them but you'll see me use it as an example lot because that is where i'm from but anyway so this comes down to 1ad regions so oci regions not all ocr regions have 3 ads and it's a common strategy for cloud providers to initially launch a new region with only a single data center add more later and i mean this isn't great because if you want to work in enterprise you have to meet that minimum of having your workloads in three and three data centers in a region but the reason why oci does this is because they're trying to expand their business as quickly as possible and so it's important for them to open as many regions and they promise they'll say oh we'll open more later down the road so if we look at 1 80 regions and 380 regions you'll see that the majority of oracle regions only have one data center and there's only four regions that have three data centers germany london and uh the states so in this list we're actually only listing 16 and we said earlier there were 21 regions the reason why there's only 16 in this list is because we're only listing the commercial regions i'm not sure about the government regions but that's the reason this is a bit more short but there you go that's ads and that's it [Music] so let's take a look now at fds and fds is short for fault domains and fault domains is what oci calls a logical data center so what is a logical data center it's a virtual or abstract data center within a physical data center so the reason why we have these illogical data centers is that the physical data center which we call an availability domain contains resources such as infrastructure hardware and some of those resources are logically grouped together and made accessible to you within the oracle console and the reason why is that by having an abstraction on top of our physical data center this allows our cloud provider to put layers in between the uh in between such as logical security controls monitoring tools and fault tolerance and you'll notice fault tolerance is emphasized because that's the whole point of fault domains and the whole point of fault domains is that it's to isolate groupings of hardware within a data center so that they don't share a single point of failure so here is a diagram and again we're using ca toronto one which again only has a single region but for whatever reason i'm listing two but within that data center the the ad here right the uh the availability domain we have uh two fault domains and so the idea is like imagine there was a fire in the data center and so only half of the data center burnt down and if you happen to have your servers in the second fault domain then uh you know they would remain uh operational so this is just another way to reduce or to improve uh the fault tolerance of your systems and so that's the purpose of a fault domain [Music] hey this is andrew brown from exam pro and we are now looking at oci concepts and this is just a short section talking about some of the terminologies about that are in oci and so the first one we want to talk about is the console and so if you're going to hear me mention the word console multiple times and when i say that we're referring to the simple and intuitive web-based user interface that you can use to access and manage the oracle cloud infrastructure so see this this is the console anytime we are doing anything in oracle whether it's launching a server deleting a database or creating a new user we're using the console so just be aware of what that is [Music] so let's look at the concept of tenancy so when you first create your oci account oracle will create you a tenancy by default and this is where all your resources are going to go initially and what a tendency is it's a secure and isolated partition within oci where you create organize and administer your cloud resources a tendency is also known as a root compartment and a compartment is also another oci concept which we'll cover here shortly but you can see that we can have compartments within our compartments and our root compartment is also known as a tendency [Music] so now let's take a look at the osa uh concept of compartments so a compartment is a logical collection of related resources that can be accessed only by certain groups that have been given permission by an administrator and so a resource would be a cloud service so that could be an instance or vcns or block volume so the majority of cloud services in oci and so if you want to create compartments you just press create compartment and you can create a bunch there and so we can see we have three in this example one thing we want to note is that when you first create your account oracle creates you a tendency on sign up and this is known as a root compartment and that holds all of your cloud resources by default that's where they're gonna go uh you can only uh and some other additional things about compartments you can nest them and you can ask them six levels deep you can add and delete them whenever you like compartments are not region specific so you can group resources across region resources can be easily moved to other compartments you can compartment resources can interact with each other you can apply policies to compartments to determine user access and you can associate a compartment to a budget for cost analysis so you can see compartments um have a lot of functionality behind them but generally you know that's what they do so now we're going to take a look at oc ids so ocids is short for oracle cloud ids and this is a unique id assigned by oracle to your cloud resources and the reason they do this is so that you're able to easily identify these resources within your policies or maybe the api uh just to so that you can interact with them and so this is the format of an oc id so you have the uscid one the resource type the realm the region the future use and unique id it's not so important for us to go through all those all i want you to take away from this is that it's a unique identifier identifier for a resource here's an example of a tendency and you can see it's very long and complicated and then here is one for an instance so a server so that's oci ids [Music] so now i want to talk about how do we get pragmatic access to oci so the main way is through an api an application programming interface and this is a way to interact with cloud services pragmatically and this concept of api is not specific to oracle it's for all cloud providers or applications and so the api is how you would get access to it but there has to be some vehicle or mechanism to interact with the api so one way would be to use a command line interface also known as a cli and this is a shell terminal program that you could use you'd have to have linux and you'd have to have a terminal to access it but if you wanted to easily do it if you didn't have a linux machine oracle has a a web browser-based terminal called cloud shell and that's going to let you interact with the cli and it's going to already be pre-authenticated so it's already going to have the access access tokens to allow you to start interacting with cloud services pragmatically another way would be to use a software development kit also known as an sdk and so this allows you to use common programming languages so that you can [Music] build applications that interact with oci and they currently support java go ruby and python and the way you'd actually get programmatic access is that you'd have to have um an api public key private key so you'd generate this on your own and you would upload it into oracle some other cloud providers you just press a button it generates it for you but with oracle you have to generate them yourselves and upload them yourselves so there you go [Music] hey this is andrew brown from exam pro and we are starting off a new section which is the core services for oci and starting uh with the first and most important one are the computing services so first on our list we have virtual machines so virtual machines is a multi-tenant server running a hypervisor layer so the idea here is you choose your os virtual image and you launch your server you share the cost with other customers so you save so anytime you launch a server this is generally the go to server that you're going to want to launch because it's the most cost effective and the most flexible if you don't understand what a hypervisor layer is right now do not worry we're going to talk about it shortly next we have container engines so this uh service for oci is basically docker as a service it allows you to run docker containers on a virtual machine so this is very popular for microservice or containerized architecture then we have the oci functions service so this is serverless compute you just upload your code and the cloud provi uh provider takes care of the rest so the code is designed to run for a short period of time and you choose a managed container with a run time so if you have ruby code you upload your ruby code i don't know if they support ruby but as an example you would upload your code it would run it and then it would stop but the idea is that um it's a lot more cost effective than a virtual machine and it's just also a lot less responsibility for you then we have dedicated virtual hosts so this is a single tenant server that is running a hypervisor layer where you can run multiple virtual machines you don't share the server with anyone else so you get greater security and performance are guaranteed but you can still run your own virtual machines and last on our list is bare metal so bare metal is a dedicated server that has no hyper visor layer so bare metal allows you to provide your applications with direct access to the processor and memory resources underlying server and this is suited for specialized workloads where the hypervisor would hinder performance so some people they just really want the original server you know like uh they there's nothing on it and they can configure it and they have that option so remember earlier when i when we talked about the evolution of servers and i said that everybody's still using everything well this is that perfect example of that but let's get more into the details as to you know why we want to use one type of setup over another so now what i want to do is help you decide which computing service you should choose based on the level of control or responsibility you want to have the more the more control you have over security configuration the more responsible you're going to have the more time it's going to take for you to maintain and spend money on those resources so if you can let oci do it i definitely recommend it for you and across the top we have bare metal dedicated virtual hosts vms vm is short for virtual machine you'll hear me use that abbreviation a lot in this course container engines and functions and so the first thing we want to look at is your code so you're always responsible for your code no matter what computing service that you choose so just be aware of that the nexus app container and when i'm saying container i'm using this in a very generalized term maybe we're talking about containers as being the vm or whatever but the point is is that all the way up to functions is the only time that oci is responsible for it so if you want to use containers or sorry if you do not want to manage your container use uh the functions the next layer is your runtime a runtime is uh it's like you're setting so your environment variables common libraries directory structure networking neighbors all those sorts of uh configurations on your os and so you have a less control when you're using the container engine service or the functions service next is your operating system and so for your operating system if you're using bare metal dedicated virtual hosts or vms you have more control over what os you choose then down below we have virtualization so virtualization is being taken care of for you by oci with the vms and the dedicated virtual host there is no virtualization on bare metal so if you do want to have it you're going to have to add that hyper visor layer yourself so there you go that is the um the idea with level control for computing services [Music] so next on our list is storage services starting with block volume so block volume i like to think of it as having a local virtual hard drive where you choose the hhd or ssd uh this is what you're going to be primarily using when you're using your virtual machines you're going to want to be using a block volume attached to it the next thing we have is a local nvme nvme is a transfer protocol for ssd that allows the drive to operate very very efficiently i had to look this one up but i'm sure people that make video gaming computers or that do video editing really do care about using mvme because it gives you extremely fast performance then you have file storage and so file storage is when you're using a file system such as nsf version 3. this allows multiple connections to the same storage device at the same time which is really nice when you're doing cloud stuff and you need something to have the same files then you have object storage so object storage is serverless storage and you can upload as many files as you like and it scales without worrying about running out of space or data loss because generally the data you put into object storage is highly available it will be replicated across multiple data centers then we have archive storage this is long-term cold storage and this is when you need to keep files around for a very long period of time that you might infrequently access and so the idea is you wouldn't want to put them in object storage because um you know the idea is that it'd be more expensive so if you if you never have to use them so let's say you have to hold on to records for the next seven years uh for like let's say for taxes you'd want to put them in archive storage so they're not uh costing you more money so i want to talk a bit more about storage services and just make it a bit more clear the difference between block versus file versus object because those are the main three that you need to be thinking about so let's first talk about block storage and so oracle service is called block volume and this is where the data is split into evenly split blocks and the data is directly accessed by the operating system and there's only support for a single right volume so if you have multiple virtual machines you're going to have multiple block volumes and you're not going to be able to share that volume with other machines or at least if you do it's not very easy and this has to just do with the fact that it's only the operating system accessing it the protocols that are being used here is fc maybe iscsi or iscsi and there's another one there you don't really need to know the transfer protocols but i'm just trying to point out that a block volume is directly accessed by the os and only supports a single right volume so you're not sharing that drive with multiple uh vms or users next is file storage and file storage is stored with data and metadata uh and so with this format you can have multiple connections via a network share so you can use protocols such as nfs or smb and so it's going to allow multiple users or multiple vms to access that file system and it's going to act as if you're all on the same computer which is really nice so it supports multiple reads but when you are writing to a file it will lock so if i'm writing on a file then you can't access it until i'm done with it last we have object storage so object storage is stored with data metadata and unique id the protocols we're going to be using here is http or hps and api the way you're going to access these files is through the internet so that's how you're going to get access to them the advantage of object storage is there is no there is no limit in terms of the size of the files or or the amount of files that you store or if there is they're very very high you're not going to be affected by them and the last thing is that it supports multiple reads and writes so there's no locks so you aren't going to be hindered if somebody is working with a file um so yeah those are your three solutions and another thing that i don't have in the slide here but um block volume is the most expensive at scale and object storage is the least expensive at scale so uh you know the the more you get to the serverless and that object storage is a serverless service uh the more cost effective it gets [Music] okay so now we're going to look at networking services networking is generally very complicated for any cloud provider for the foundation certification you don't need to know it in great detail you just have to have some practical knowledge of it so don't worry if you don't know all the little details here but let's go through it so for networking services we've already seen some of these earlier so the first thing is region so a region is a geographical location of your network and so there's my line i don't usually annotate very often but your region would be here okay so we have ca toronto one and so that is a geographical location the next is your availability domain and remember its availability domain is short for ad and this is a data center for your aws resources so here we have the aed and so this one is ad1 then you have your fault domains this is a logical grouping of your resources in a data center and so there is our fault domain then you have your vcn and vcn stands for virtual cloud network you're definitely going to want to know that one and i believe i have a complete slide for virtual cloud network just to really make sense of that and so it is here and that is your that is a logically isolated section of the oc cloud where you can launch your ocr resources then you have internet gateway so internet gateway is how you get access to the internet so there is the symbol for internet gateway you can see that it sits on the edge of um of oci and that's how it gets out to the internet then you have subnets subnets is a logical partition of of an ip network into multiple smaller network segments and we'll talk about that a little bit more in the next slide and this orange line around here is that subnet um but anyway the easiest way to think of a subnet is it's a slice of the vcn and then down below we have a virtual firewall options and so we have security rules and network security groups and security lists all i want you to take away from this is that these three things uh protect your uh your resources and so here this icon here is a one of those i can't remember which one it is i think it's a network security group i'd have to double check but the point is is that it represents uh a virtual fire firewall that is protecting uh your server and that's your server right there so you know that's one part of networking services and we'll hop on to the next slide all right so we're on to the second part of our networking services the first one was really if you're a cloud native or using it for your own personal account and these networking services are really for enterprise or hybrid hybrid architecture but we still need to learn them we don't need to remember them in granular detail but you should generally know what they do so the first is service gateway so here's service gateway and what service gateway does is it creates a secure tunnel that keeps traffic within the oci network so here is the symbol over here for service gateway and what you're seeing is that it's creating this secure tunnel to this uh service which is object storage and the reason why we want a secure tunnel is that generally there are certain services especially serverless services where they're not part of your vcn they're just they're just in the global oci account and if you want to access them they have to go out to the internet so this server would go out to the internet and go around and come back in and you do not want it to uh leave oci because as soon as you leave oci out to the internet it's no longer secure so by using service gateway we can keep the traffic within oci so it never leaves that's super important for people uh that are operating in the enterprise then you have nat gateway so that gateway is down here uh this is the there's actually no symbol for it so i made my own and what naked way does it allows private uh a private subnet so resources or servers and a private subnet reach out to the internet this uh orange dotted line is our subnet and so it doesn't have any access to the internet and so let's say we wanted to grab packages or software to update um the server and we have to get out the internet we use a nat to do that so that's done the next is ipsec vpn so a virtual private network is a way of creating a secure tunnel over the internet from your on-premise uh into oracle cloud uh and again anytime we leave out to the internet it's a dangerous territory so we want to secure that connection and that's what we're gonna use for that uh the next is fast connect it's just like um uh ipsec vpn but the difference is that it's a dedicated a dedicated secure connection to your on-prem uh to oracle cloud what that means it's going to be really really really fast so not only is it going to be secure but it's going to be super fast and that could matter to an enterprise because they want the experience to be just as fast as their on-prem data center then we have dynamic routing gateway so dynamic routing gateway is a virtual router that provides a path for private traffic between your vcn and outside network so to actually connect the fast connect or ip uh or vpn we need this drg which is that virtual private router if it's confusing to you it's confusing to me i don't ever set these things up but i know that it's a virtual router and i know that it creates a connection into the vcn and that's all you need to know too and the last one here is vcn peering so peering is the concept of connecting two vcns together and and treating them as the same network so if you have vcn1 here and vcn2 here then they can peer they can this server can talk to that server as if they're on the same network uh so those are all the concepts i wanted you to learn for networking services i know it's super complicated but just do your best because at the foundation level knowing networking stuff is not as important as the next level [Music] so now let's take a look at vcns and subnets so vcn is short for virtual cloud network it is a logically isolated section of oci where you can launch oci resources and so the way you define a vcn is you have to choose a range of ips using a cider range and it's not so important to know the math behind cider range all i want you to know is that it's a range of ips so if you chose 10.0.0.0 ford slash 16 that 16 is defining the size of the ip addresses and that would give you 65 000 ip addresses and what does that mean it's like if you want to launch 65 servers you'll you'll have enough ips to launch 50 or 65 000 servers and so there's the architectural diagram of of a of the oci network with a region and so there would be your vcn now the thing is with the vcn is we want to split it up into smaller logical sections and that's where subnets come into play so subnets is a logical partition of the ip network into multiple smaller network segments you're breaking up your ip range for your vcn into smaller networks and subnets have a cider range as well but the cider range has to be smaller than the vcn cider range because you're it's like cutting up a pie it has to be smaller you can't take the whole pie so for the example here i'm using cider range 10.0.0.0424 which would give us 256 ip addresses so it's a very small slice out of our of out of our vcn now subnets can either be public and so subnets that are public are ones that can reach the internet and you can see that's where our server would be launched into into the actual subnet or if we wanted a a subnet where it cannot reach the internet we'd call that a private subnet that doesn't mean that it it can never reach the internet it's just generally it's not supposed to because it's supposed to be secure but with nats and some other means that it can reach the internet [Music] let's talk about vcin so vcin stands for virtual network interface card and this enables an interface or sorry an instance to connect to a vcn and determines how the instance connects with endpoints inside and outside the vcn now remember an instance just means a server so if you want your server uh to be able to connect um to other services you need a you need a vcin so without a vcn your server would not be able to communicate with the internet or other networked cloud services in your vcn and the reason we're talking about this is because we're going to be looking at security lists and they're dependent on vcins here but on the exam i don't think they're going to really be asking you about vcins too much [Music] so let's take a look at our virtual firewall options so the networking surface offers two virtual firewall features that both use security rules to control traffic at the packet level and those two are security lists abbreviated as sl so this is the original firewall feature from from the networking service and security lists are associated with subnets and the security rules apply to vcions in those subnets and that's why we were talking about vcins because security uh both of these really relate to the those networking components but what i want to remember is security lists are associated with subnets then you have networking security groups this is the new virtual firewall i don't necessarily know if it will replace the old one because they both kind of have different use cases but the nsgs are designed for the application components that have different security postures so nsgs are suppor are supported only for specific services and nsgs are directly associated with vcins regardless of what subnet they are in so remember secure lists are associated with subnets nsgs are directly associated with the vcins [Music] so now it's time to take a look at the database services um and oracle is generally known for databases so they do have a few options it can be a little bit confusing because some services especially in the console some some services are not distinctly uh isolate from each other but we'll work our way through it and it'll make sense in the end so the first one is vmdb systems so vm standing for virtual machine db standing for database and so it's a virtual machine running a manage oracle database instance and it's going to be backed by block storage so um this could also be a mysql database which we'll talk about shortly when we go to the next slide but it's just a virtual machine and it runs oracle for you and the reason you might want to use this one is that it has very fast provisioning and or this is the most general purpose database that you'll probably want to use the next one is vm bm system so bm is short for bare metal and so it is not running a virtual machine there is no hypervisor layer so you get a much faster uh performance it uses a fast local storage so if if if you need a server that or a database that is really fast this is an option that you might want to consider the next is oracle rack and so this is um this is i believe the virtual machine it's just like vmdb systems but it is running in a cluster a cluster meaning that it's running more than one database so so you have two uh instances of databases and they're sharing the same disk but they're running on different nodes and so if a node fails the connection is going to fail over to another node so this is a great way to get higher durability which we talked about in or sorry fault tolerance this is better to have a better fault tolerance which we talked about with our cloud technology concepts then you have exit data db systems uh the first time i've ever heard of exadata but exadata is a pre-configured combination of hardware and software that provides an infrastructure for running oracle databases so oracle created their own special combination i imagine that the the advantage here is that you have extremely good performance for very specific use cases i don't know what those use cases are i don't think it's going to matter on the exam if you if you know but you just need to know that exit data exit data db systems is just specialized infrastructure that gives you great performance and last on our list is autonomous so autonomous can be autonomous shared or dedicated the difference between one being multi-tenant or single tenant and this is for automatically or sorry this database does basically everything you will automatically patch upgrade it will do self-healing for bad data it's highly available by default it's secure by default and so it's a fully managed database it's going to cost you a lot more money than anything else on this list but it's going to it's going to do all the work for you so um you know it just it you never have to worry about this database so there you go so i just want to go over some of the uh database options because i do find it a bit confusing to know when you're creating what type of database in oracle because they have so many options so if you were to create a db systems or dbvm systems uh database option so that's kind of redundant how i wrote there but you could choose an oracle db system so that's the default and when you do you'd have to choose an availability domain any virtual machine and a shape type a shape type is just basically the vm like how much power do you want the machine to have like computing etc but you can also create a mysql database but what's strange is that when you make the oracle one you don't choose a fault domain but when you make one for mysql you can choose a fault domain is this going to be on the exam no but i just wanted to point out that you know i was a bit confused and this is what i observed as being the difference and then we have autonomous database options so when you go to create your autonomous database what you choose is between an oltp and an olap olap is going to be your data warehouse that's for reporting analytics and large and infrequent queries then you have oltp that's general purpose small and frequent and frequent queries um so oltp or transaction processing is what you're going to want for general workloads and then if you're working with big data you're going to want the data warehouse one then down below the next option you choose is between shared infrastructure so that's multi-tenant or dedicated that is single tenant then you can choose the license so bring your own license or you will use the license included so um again you know it's just like these aren't generally separated it's just like you go choose a database and you make these choices whereas in my my previous uh lecture there you saw that it looked like all the services were isolate so hopefully that clears that up when you're in the console if you feel a bit confused [Music] so let's quickly touch on oracle nosql and this is a service so you can have a nosql database so that it's a key value store um i'm sorry this slide is not more attractive but they just have no icons there's not a lot of information on it but generally we should know what a nosql database is and so the reason you'd want to use a nosql database over the other databases is that if you need to produce and consume data at a high volume and velocity null sql might be for you if you require instantaneous response time to match the user expectations no scale could be for you it's developed with continuous evolving data models and it can scale on demand based on dynamic workloads so there's just a point where uh relational databases um they they meet a point where it becomes very difficult to scale you have to do sharding and all these other things and so then it becomes a point where you want to move over to nosql so just think of nosql being for at scale and you know hopefully you don't get any questions on it but i just want to include it in there just in case [Music] so now i just want to cover some cloud native services um but really this section is just a bunch of oracle services that might show up on the exam and and so i need to get you a bit familiar with them so the first is oracle api gateway this is a comprehensive platform for managing delivering and securing web api so if you need to make a web api you're going to use api gateway then there's oracle streaming ingest and store continuous high volumes data streams and process them in real time if a question asks something to be in real time you so now let's talk about cloud native services but really what the section is about is just getting you exposure to more oracle services that might show up on the exam but you don't need to have deep knowledge about them so the first one is oracle api gateway and this is a comprehensive platform for managing delivery and securing web apis so if a question asks about creating an api it's probably uh it's probably telling you to choose api gateway then there's oracle streaming this is when you ingest and store continuous high volumes high volume data streams and process them in real time the question is asking about data streams or real time events then it's going to be oracle streaming oracle kubernetes container engine okay is a managed service to run kubernetes cluster if you see the word kubernetes it's talking about ok then there's oracle registry ocir and this is a repository repository for your docker containers if you need somewhere to store your docker containers it's going to be an ocir then there's oracle notifications it's a fully managed publish publish subscribe service for reliable and scalable message uh delivery so if the question has to do with something with notifications pub sub or message delivery that's what it's going to be the last one is oracle integrations a service to connect on-premise third-party to your oci with pre-made adapters for easy application integration so if you need to connect your on-prem to your oci in a very convenient way so oracle integrations might be the answer [Music] so we're on to the billion pricing section so let's talk about pricing models so oracle has ways for you to save with the universal credit pricing also known as oracle uc i'm a little bit confused by the terminology because i don't know if it applies to both their pricing models but i'm going to make mention of it because we definitely need to know what oracle uc is or universal credit pricing is the at least know of the terms and so the first way you can pay is you can pay as you go so p-a-y-g most other cloud providers call this on-demand so that's why i have it there and so the idea is that if you were to launch a server you're using pay-as-you-go there's no upfront commitment you're build based on hourly consumption and you pay at the end of the month the other way you could pay is monthly flex and so these are plans to save money and i guess this is what uses the oracle uc so what you do is you make a commitment so you say i'm going to commit for a minimum of 12 months and i'm going to commit at least a minimum of a thousand dollars per month and that's going to give me savings between 30 to 65 percent um so it's just a way if you're a larger company and you know what you're going to be using you can definitely save a lot of money up front there's also another thing to factor in for pricing models and that is bring your own uh license so oracle has been around for a very long time and so people are running oracle uh products and software on their on their on-premise data center and they might want to bring those licenses over to save money so if you bring on over those licenses uh then you'll get the same support contracts that you've already agreed to if you don't have an existing license you'll just get one when you use the oracle cloud platform and the number one thing that i want to emphasize number one thing is that no matter what region you're in the pricing is the same so if you if you launch a server in tokyo it's going to cost the same in canada it's going to cost the same in germany now why does oracle do this they say it's because it's to keep pricing simple i'm not sure if i i believe that but i think it's just they're a smaller provider and maybe in the future they will start changing the prices per region because if i'm a consumer wouldn't i want the best price i can get for that region and some regions will be more cost effective than others but for whatever reason all regions are the same and that is critical to know if you come from other cloud providers this would be a surprise to you because all cloud providers have different pricing based on regions so there you go so i just wanted to quickly pull up the oracle website just to show you where you can find pricing so i just searched oracle pricing and this will show you pay as you go universal credits so i guess universal credits is really part of monthly flex i still don't personally understand why they're called universal credits it makes me think that you can reuse them any unused amounts can be rolled over to the next month okay so there you go that's probably why they call them universal credits and then you have bring your own licenses if we go over to this page here this is the universal credit pricing you're going to come down here and you're going to notice that there is no regions everything is very standardized so whatever you're paying for analytics it's the same no matter what region you're in but that is the pay-as-you-go price and then that is the monthly flex price which is interesting because i would generally think that this price would vary based on your commitment whether it's one year or three years so i'm not really sure about that but what you need to know is that with monthly flex you save that's all that matters and then uh the last tab here this is just another one because this is a universal credit pricing but maybe you want to look at the actual compute pricing and so these are all the computing servers here so this i think this is their standard one so it's point zero three cents uh and point zero three cents if you're ever wondering how you would ever calculate your your yearly cost or your monthly cost you would just take this number here so i would take that i would just put it up in google i would do it times and i would say 730 hours and so the the base server would cost you 21. and 90 cents that's how i always calculate my monthly cost for servers it's just 730 times the number so there you go that is um uh the pricing [Music] so i want to show you one more thing here and that is the cost estimator so if you were to type in cloud pricing you're going to see this button here we're going to click into it and this is going to help you determine your cost so you saw me do the math where i took the hourly comp or the hourly compute and just times it by 7 30. but if you really need to compile out your own report what you can do is you can use their estimator here so we can go here and just look for any kind of service so we have infrastructure so let's add a vm so we'll go ahead and hit add and then it will say what kind of compute we can scroll down here and say we want to have one instance see where it says pay use pay as you go 63 dollars and there's just lots of things you can do here um so we would do that and i'm just gonna expand that so we have 63 dollars i could add an object store okay it says zero dollars um it's really based on our our storage so we'd have to go in here and start saying how much we'd use if we go to block volume uh this is um in gigabytes let's say we had 100 gigs now we can see it's four dollars so i just want you to be aware that there is a cost explorer and it will show you your pay as you go and flex it doesn't necessarily show you it has kind of an estimate but even here it doesn't give you a guarantee that it that is per month i've never hit the buy here but i would imagine that it just tells you to make a new account so there you go and you still have to set those up individually so just because you queued all those things up in the cost explorer doesn't mean that the the that they would create all those resources for you this is just a quick way of figuring out those costs and you can download it as a pdf so if you need to take it to your boss then we can just open this up here it'll just take me a moment and so there's that nice breakdown of all those costs all right so there you go um that is the cost explorer [Music] so let's talk about data transfer costs so for data transfer anything that is coming into um oci network is going to be free so data in is free we call that ingress any data that is leaving the oci network is going to cost us money we call that egress and so data transfer within the same availability domain is going to be free data transfer between available domains in the same region is going to be free data transfer between regions will result in a charge for data leaving the region but to really make this clear i'm going to give you an architectural diagram to to help visualize this so here's the oci network anything outside of the osa network we'll consider the internet imagine we have a server running in a data center in a region and so we have the internet and we want to bring data into that server so anything that's data in is going to be free anything leaving the oci network we're going to be charged for so now imagine we have another region and in this region we have an availability domain a data center and we have two servers maybe they're in different fault domains maybe they're different subnets but the point is they're in the same data center any data transfer between them is going to be free now imagine we have another data center availability domain in that region and we want to transfer data between those two that's going to be free because they're all in the same region now imagine imagine we want to get data from uh region the ch toronto one region to the um ap toronto one region so if you send data out it probably would have to go out to the internet and and it would and then it would come back in to that other region and so since it since even though we want to keep it in oci the fact that it's another region it has to leave the internet and come back in it's going to result in a charge now is there some way to bridge uh data from one region to another i'm not sure there is a service called service gateway but that seems to be for cloud services but if we could keep it all within oci i believe that it would be free but just remember if it has to go out to the internet it's going to cost money if it stays with an oci it's going to be free [Music] so i wanted to give block volume pricing a bit of emphasis because it's not as simple as one metric that it's built on there's actually two things you need to consider with block volume pricing the first is storage costs and the second is performance cost so for storage costs you're going to get build based on how what your store capacity is per month and so it's going to be the most because it's the same pricing in all regions it's going to be zero two five five uh cents per uh gigabyte i believe and then for performance cost it's going to be based on uh performance units per gpu per month and so they actually have a breakdown of three so for zero vpus it's zero dollars if you need to use 10 vp vpus it's going to be it's called balanced and it's point 17 cents if you need 20 vpus which they call higher performance it's zero 34 cents gigabyte per month if you're wondering what vpus are it's called volume performance units this thing is an oracle thing i'm not even sure exactly how it works i couldn't find any documentation on it but i just want you know that there are three categories and those are the prices and those are the options and those are the two factors you have to consider [Music] so in oracle you can actually tag your resources such as compute storage and databases and tagging allows you to filter resources so you can so it can be used in cost analysis to quickly determine costs or if you just want to find a group of resources but you're not necessarily applying permissions to them because compartments is for applying permissions so what you would do is let's say you had a compute resource you just say add a tag and then what you do is you'd fill in a tag key such as env and then a value such as prod now there is a drop down there where you have freeform tags and you have oracle tags oracle tags only have created on and created at like these two timestamps i have no idea what to use those for it looks like that is still in active development but really you just need to conceptually know what tags are and so tags are a way of tagging resources and allows you to use it for cost analysis [Music] so now we're going to look at the oracle service called cost analysis so oci cost analysis will help you visualize your ongoing costs you can filter based on compartments tagged resources and start and end date so if you're in your free tier if you use the service it will tell you how much of your credits that you have used up so far so um it's interesting because it's 300 usd but since we use canadian dollars it shows the canadian we get 400 so i feel like they're giving us a little bit more because they rounded it up to 400. uh and then if you want to get a breakdown of your service costs on the right-hand side they break it based on categories so compute storage networking and monitoring you can see the exact resource underneath and you get a nice little ticker graph there and as we said in the prior video you can use tags to help narrow down costs but that is the cost analysis service [Music] so now we're going to take a look at usage reports so if you want to get a granular view of your spending or find ways to save you can download a csv or use the oci api to access detailed billing information uh and so the cost report uh is automatically generated daily for you and it's stored in an oracle owned object storage bucket so you just go download that csv it's going to be based on that 24 hour history so just mentioning that 24 hours it generally contains 24 hours of data although occasionally a cost report may contain late arriving data that is older than 24 hours um and if what would you do with the csv or the api data you'd have to put in your own visualization tool i mean cost analysis kind of visualizes your information for you but the idea of having this raw data is so that you can put it in your business intelligence tool whatever tool that you want to use for that but the fact is that you have access to that raw data so now let's look at the free tiers and the free tiers is what is going to be free so you can best utilize oracle before you want to start spending money so we have the always free and these are services that are always free month over month so let's talk about them right now so what you'll get is two oracle autonomous databases uh and again autonomous databases are great because they're self-healing uh they're highly scalable durable et cetera et so a really great database to choose then you have two oci compute vms at 180 cpus ocpus is a oracle term i'm not sure what it is but that's how they calculate cpus and one gigabyte then you have two block volumes for 100 gigabytes in total then you have object store up to 10 gigabytes then you have archive storage up to 10 gigabytes at one load balancer and uh all data in is free so now and then monitoring notifications and then also oci developers so this will automate ci cd workflows i don't know where this is in the interface but they they advertise it on their page and this would be amazing because not having to pay for a ci cd workflow sounds awesome then you have the 30 day free trial so when you sign up you get 300 usd credits if you're in canada apparently it's 400 so that's really nice and it's only valid for 30 days so you get up to eight instances across all available services you get up to five terabytes of storage and those are the two things you want to remember on the tier now this isn't going to be on the exam but if you want to know the full list this is the full list so i actually went through it i was really curious so for compute you get 3005 hours 1.5 terabytes of storage for storage you get five terabytes for containers you get 3500 hours and two terabytes of storage for functions you get 112 uh invokes 20 uh million gigabytes memory second execution time for load bouncer you get 3500 hours for fast connect you get 1 400 hours for oracle weblogic server you get 1 700 hours 250 gigabytes i have an asterisk there because they give you two versions of oracle weblogic server um uh one's like 650 hours but it wasn't clear what the difference was so i'm just listing one of them here if you want to use digital assistant which is a chat bot you get 110 000 requests if you want to use mobile hub that's for building out web applications or mobile applications you get 110 requests if you need a wysiwyg to edit a website you get 400 seven 4 700 hours if you want to use their business intelligence tool for analytics cloud you can use that for 4 700 hours if you want to use their machine learning platform for data science you can use that uh for 4 700 hours there if you want to have a web central portal so this is a secure enterprise portal you get a thousand ten hundred hours if you need application integration so using oc integrations there's 248 hours and if you need to use soa based apis which is super old but there's some enterprises still using it you get 1 700 hours so all this isn't on the exam but it's great to know so you can best utilize the platform [Music] so now let's talk about the oracle marketplace so oracle marketplace are managed vm images or stacks from third-party vendors that are free or paid that you can launch so a third-party vendor you could be launching maybe rocketchat which is like a open source clone of slack maybe you need a gpu from nvidia um and there's security ones and all sorts of ones both from third party and even oracle themselves now if you want to know they can either be free or paid or bring your own license so there's a different few uh pricing options there and they have a lot of different categories so you can see analytics backup and data backup and recovery developer tools operating systems all sorts of things so if you really want to get started very quickly or you just you want to put the responsibility on someone else to manage those vms the oracle marketplace is a great place to take a look at [Music] so now we're going to take a look here at the oracle sla so sli stands for service level agreement and it's a guarantee of performance availability manageability of the of the oracle platform uh and oracle defines it as those three categories and if none of this makes sense don't worry we're gonna pull up the website to help understand a bit better so for the availability sla you have a 99.99 uptime for compute running in one ad region with measurements of regent unavailability uh we get 99.95 uptime compute in multiple fds those are fault domains in a single ad availability domain and so for uh for the availability when we're looking at compute uh and notice it says 10 and 25 10 and 25 that is the sla breach i'm not exactly sure what it means but you need to know the numbers at least face value for the exam so for uh region unavailability you're going to see that it's 99.9 for uh region unavailability for compute it's 99.9 but for block volumes it's 99 and then uh for availability domains on availability at 10 and 25 we get that 99.95 percent and then 99 which is described up in the in that uh area above right now for some other services um under availability uh for object storage and fast connect it's 99.9 and 99 for 10 and 25 percent respectively you're gonna see those numbers repeated so there's just that one exception with computes that it's a bit more complicated now looking at the manageability slas uh what we have here for compute block volumes and databases is 99.9 for for sla breach of 10 percent and 99 for sla breach of 25 percent then for performance slas uh for compute block volumes and database uh it's 99.9 for 10 percent and sla breach for 25 so you're seeing a bit of a pattern here so the thing i want you to remember is that if the sla breaches 10 with the exception availability compute it's going to be 99.9 percent and for a breach of 25 it's going to be 99 so you know just have that uh in consideration so here i am at the oracle website pulling up the sla agreements and i just wanted to show you um all these all the numbers that i was getting that information for you there so you can see that it's broken down by service then there are these measurements we didn't cover the measurements because they're not going to be not going to show up in the exam they're hard to remember and all you really need to know is like what at 10 or 25 percent what are the percentages that is the guarantee of uptime but you can see here for availability we have region unavailability availability domains api error rate for manageability it's all api error rate for performance it's disk iops and network performance and then there are some faqs here which should not show up on the exam but they are a bit interesting to read through if you are curious um but yeah there you go i just wanted to make sure that i could point this resource if you wanted to read a little bit more about it [Music] so let's talk about service limits for a moment here so when you sign up for oci a set of service limits is configured for your tenancy and the service limits is the quota or allowance of set on resources so you're going to actually have hard limits of how many servers you can spin up and utilize some things so for example your tendencies allow the maximum number of compute instances per ad a lot of times there's you can only have two um at the start especially when you're in your sandbox these limits are generally established with oracle sales representatives when you purchase oci if you do not establish limits with your oracle sales rep or if you signed up through the portal default or trial limits are set for your tenancy which is probably the case for you these limits may be increased for you automatically based on your oci resource usage and account standing you can request a service limit increase so that is the key thing you want to remember you can request a service limit increase if you cannot spin up more servers [Music] so let's talk about support for oci uh so from what i could tell they call it premier support uh and for the only part of information i thought was valuable to say was that uh they have rapid resolution for 24 7 access to the oracle knowledge base technical support and priority service request handling remote diagnostic with two-hour on-site hardware service um and if you're in the oracle console there is a live chat and i actually opened it up to ask what the support plans were and i literally was asked what do you mean and then they said you should go contact a sales rep to get a quote so it's strange because in the exam guide says you're supposed to know the support plans but the support plan is go call a support rep and i can't imagine anyone would do that so this is all that i know but we'll pull up the um support premiere page here in a moment just to see if we can see if there's anything else that is interesting to look at so i've gone here and i've opened up oracle support and this is the only support that i can find that is relevant to premiere or sorry to oracle cloud and so they say find out more about premiere support and then here we get a bunch of information that doesn't really tell us anything um you know there's software and systems and things like that so it's i'm not particularly sure um in terms of what they offer for support i imagine because they're enterprise you do have to call them and find out but yeah just if you are curious and you want to poke around and see if you can find something else that i didn't there you go [Music] so let's take a look at the shared security model and this is a very important concept to understand because it tells you what oracle is responsible for and what you the customer are responsible for in terms of securing your workloads and data so oci is going to be responsible for all the managed software and services that they offer so that could be compute uh storage databases and networking that is not the full spectrum of services but those are the the core four that i always say that uh is the ones that they are are responsible for then you have your hardware and your global infrastructure so the regions that are responsible for uh the data centers that are in there the availability domains those are the data centers themselves and then the physical security of those data centers um so you know if it's hardware or if it's the location or the it people that manage that infrastructure oci is going to take care of that for you now as the customer you are responsible for the configuration of managed services or third-party software so if you are using a particular platform or application or let's say you're creating new users or and you're giving them permissions in in iam it's your responsibility to configure those correctly and if you make a misconfiguration it's going to be on you then there's the configuration of the virtual infrastructure and systems so this could be the a virtual operating system that you have the virtual networking that you have to configure or the firewalls that you configure at your networking level then next we have security configuration of data so if you have data you have to decide whether you need to use client-side data encryption a lot of cloud services will let you check box that on and they might not be checked box on by default so that's something you have to double check then there's server side encryption then there is protecting your network traffic so that is putting uh services in control or monitoring tools to make sure that you're monitoring the traffic that is going through your environment and then last but not least but the most important is customer data you're responsible for the customer data so any data that you put on the platform you have to make sure that it is secure so that is the shared security model [Music] so now let's talk about iam so im stands for identity and access management and its a service that lets you control who has access to your cloud resources and so there are some components of iem that we need to know the first one are users so when you create your oracle account you're going to want to create users so people have access to your oracle resources so a user would be an individual employee or system that needs to manage or use oci resources then you have groups so groups is a collection of users who who all need the same type of access to set uh to to a set of resources or compartments then you have dynamic groups so dynamic groups is a special type of group that contains resources that match rules that you define if this is not clear don't worry we're going to go through how to make a policy and this will make it very clear and then we have policies so this is a language that defines permissions so if a user group or dynamic group or compartment should be allowed to access specific ocr resources within your account and one thing i want to note that if you've ever used any other cloud provider oci is a bit different in that you don't when you create a resource um or a user a group you don't assign at the time of creation a pre-created policy you just create the policy and it's in effect uh and this really confused me because i was looking forever in the console saying okay how do you sign it and so you just create the policy and it's in effect so hopefully that will be clear as we work our way through this stuff [Music] so what i want to do now to really help you understand i am policies i just want to show you some common examples of what that language would look like so this is the language or syntax so you have this allow subject to verb resource types in location where conditions and we're going to be going through all of these uh little bracketed areas so that you really understand but i just want to show you some common examples first so let's say you wanted to allow users to analyze the costs for your team so you do allow you would say the the budget team group is allowed to read only the usage reports which is the resource type in the tenancy so that's our root component uh next we have uh letting database admins manage db system so we're going to allow the database admin groups to manage the database family so any type of database within oracle in our tennessee or root account or root compartment then we have let users download objects from the object storage buckets so we're going to allow group object readers to read buckets in compartments in the compartment called a b whatever a b means uh so those are the common policy examples but i just want to show you that oracle has a huge list of policy examples on the on their website so i'm just going to pull that up here in a moment so here are those common policies i was talking about and i actually pulled those examples i showed you from this list so here's a big big list so if you're never sure what it is that you need to write in here you can go here so let's users create a volume group and they'll explain uh where to create the policy and what it would do but there's examples for you so i just wanted you to be aware that there was this big large list and all you had to do is google common policies to find it so i'm going to really help you understand how policies work by looking at the autonomy of a policy so what we're going to do is we're going to work through i don't know what they call those nouns or actions but all those brackets we're going to look at the examples of what we can do there so you have a better idea how you can use these policies do you have to know how to write policies for the exam no but it's a very good practical skill and it's good to learn it at the foundational level so that's why we're doing it so the first thing we're going to look at is the subject so a subject could be anything in your system so if you wanted to specify everything you do any user or you could specify i am group name or oc id so it could be group developers or group id and the oc id for that group that you want and then you could specify dynamic groups so it's the same thing as a group name you just say dynamic group tagged prod next we have verbs so a verb could be either inspect read use or manage and so if you want to only allow someone to list resources we would use inspect and oci recommends this is only for third-party auditors if you had uh only want to give people read access you do read and that would be generally for internal auditors if you wanted to give someone the ability to read and update but not delete or create resources you would use and that would be great for uh junior developers but they just say developers and if you want the ability to read create update or delete so be basically be able to do anything you would set it as manage and so that would be your administrators next we have resource types so if you want to specify all resource types you would just say all resources if you wanted to specify individual types such as only access to buckets or only access to route tables or only access to a particular type of servers than you do individual types but sometimes individual types can be a bit cumbersome so you might want to include everything uh within a category which they call family so maybe you want to say all types of databases or all types of servers or all types of storage volume so database family would be all databases there that you could put in there next would be the location so uh this could be the tenancy so that's your route com compartment maybe you want to specify a single compartment such as compartment development or compartment production or maybe you want to specify based on the compartment's oc id and then last is conditions and we have a lot of options here for conditions so we could match based on a string so we could say where target group dot name equals staging you could say you could match based on a regex so we only want to match target groups that have a customer and then we have not so this could be target group name so as long as it's not beta then we won't use the beta one then you can do it all so that's where you can actually have multiple statements condition statements so you have one where it's it's developer but you don't want to be production and then you have any so this could be when any of the statements are true so if you don't want it to be project a and we don't want it to be project b so maybe we wanted to be project c so you know hopefully that gives you a bit of an idea on how to uh construct a policy but you know to really understand you're gonna have to get some practical knowledge in there [Music] so now let's talk about mfa and mfa is short for multi-factor authentication it is a security control where after you fill in your username email and password you have to use a second device such as a phone to confirm that it's you logging in why would you want this well mfa protects against people who have stolen your password so if someone gets your username and password how would you know that like how does the system know if it's actually you and so this additional step when you're dealing with cloud infrastructure you definitely want to have mfa turned on and you can turn mfa on in most platforms so whether it's you're using aws oracle gcp or even if you're using facebook you can turn it on so the way it works is uh you have your uh your login so my my email my password and then what you do is you have a an app installed on your phone that is for mfa and it would give you a code so the code here would be 439 691 and you'd have to enter that code back into like as a second step after your login and that would make sure 100 percent that it is you who is logging in because the person who stole your password doesn't have your phone so they don't have that second factor so the first factor is your email and the second factor could be a device such as your phone that has mfa installed on it another device you could use is called an ubi key and so if you've ever turned on mfa on facebook it's really annoying because you have to pull up your phone unless you're already on your phone um but a newbie key is is looks like this little flash drive and you leave it plugged in your computer and it automatically enters in the second step for you so that it's just as easy as logging in and the great thing about this key is you can just take it with use uh so a lot of people will put it around their neck on a chain but that is what mfa is [Music] so now we're going to look at the concept of federation so federation identity is the ability to enable users from one domain to securely access data or systems of another domain without the need of a redundant user administrator if you're looking at that word domain and wondering what it means domain could just mean like your office and then another domain would be like oracle cloud so the idea is that um your office has given you a username and password to log in to your your your office network and you want to use those credentials other places so let's give an example as to why this would be useful so if you're a large company and you purchase multiple commercial and enterprise software products or services such as oracle cloud wouldn't it be convenient if the employee only had to log into their work computer and they had access to all these software products and services without having to log it again that concept is called single sign-on so single sign-on is technology that enables users to authenticate without the need to log in or have separate pair of credentials to third-party systems another concept we need to know is idp so identity identity provider so identity provider is a trusted provider of your user identity that lets you authenticate to access other services so identity provider could be microsoft active directory if you're in the enterprise world you've definitely heard of active directory also abbreviated as ad uh okata octa i don't know how to pronounce it but that is an enterprise identity provider but even facebook is an identity provider if you've ever went on a website that says log in with facebook that's an identity provider facebook is providing your identity so that you can gain access to things other ones could be amazon google twitter github linkedin and even oracle has their own it's called oracle identity cloud service so those are the three things you need to understand what is the federation identity single sign-on and on an idp [Music] so let's talk about encryption or security for the storage of our data and so for data we have block volume file storage object storage and then any database service um and so let's walk through this stuff so for block volumes uh by default we're gonna get encryption at rest so if you create a block volume file storage or object storage your data at rest is already encrypted so that's data that's just sitting on that drive on the server it's encrypted then you have encryption and transit that means when the data leaves the actual storage device to go to a server whatever is that traffic encrypted by default and it is for block volume and file storage uh you can also bring your own keys so uh the thing is is that for encryption at rest or in transit you're going to be using some kind of encryption key but if you have you want to bring your own you can definitely do that for block volume and file storage and then for object storage if you want to also be able to secure your buckets buckets is what they call folders for object storage you can make a private bucket and then for database services is a bit different they have tde data safe and database vault and if you're wondering what those are we'll talk about them right away so tde is transparent data encryption it's a technology employed by microsoft ibm and oracle to encrypt database files then you have oracle data safe is it's a security control that monitors sensitive data such as oci databases so it's not exclusive to the database service but our database services but that's what we generally use it for and then you have oracle database vault so this restricts access to specific areas in your oracle database from any user including users who have administrative access so there you go and we'll talk a little bit more about data safe things [Music] so we briefly mentioned at rest and in transit encryption but i didn't really explain to you what those are so let me tell you what they are right now so address encryption address encryption is securing data that is not moving encrypting a hard drive would be considered at rest encryption so you'd use something like the key pair to encrypt your data and a cryptographic algorithm such as ae256 but the key thing i want you to take away is that at rest encryption is when you're securing data when it's not moving then there's in-transit encryption and this is ensuring your data uh that while it's moving from location to another location that it's secure and if you're using in-transit encryption a protocol like ssl http or tls would be used ssl is very common if you've ever seen that little lock in your web browser that is using ssl so there you go those two terms [Music] so let's talk about um oracle's data safe uh service so oracle data save is a unified control center for your oracle databases and what it looks like is this it's a bunch of graphs and it gives you a very clear picture of the security um of your actual uh databases so some things that it can do it helps you understand the sensitivity of your data evaluate risks to your data mass if you need to mask sensitive data you can do that you can implement and monitor security controls it has access or assesses user security it monitors user activity and addresses compliance requirements so this is very interesting because i've yet to see such a service on aws or other providers uh so you know oracle is known for databases and so this is one of the the stronger services they have uh in their uh in their cloud so you know that's data [Music] so let's talk about compliance programs so if you want to sell to an enterprise company or a government uh uh body they will not buy your software unless it is secure and so the question i pose to you is how are you going to meet their security compliance requirements so they'll say we'll only do business with you if you are nist 853 compliant so that would be the icon there p-i-p-e-d-a compliant that is a government compliance program or hipaa compliant so hipaa would be um if you want to do medicine it stands for health something something american something and then you have fips 140 hyphen 2 compliant and this is the way you handle encryption keys uh so the idea is that there's all these compliance programs and uh oci is compliant with them so if you do need to meet these comp compliance programs to get the business with the governments or large enterprises that is one of the strong advantages of the cloud and i'll see if i can pull up a page that shows all the compliance programs on their website so here i'm on the oracle website here i just search for compliance programs or up here it says cloud infrastructure compliance and these are all the compliance programs that they are meeting on their platforms so their infrastructure meets those requirements so we have sock system organization controls one two three uh we have one for the united kingdom cloud security principles there's that canadian one we saw um they have a bunch so hip uh hipaa so health insurance portability and accountability act i thought one was called amer american in there but it is an american act then we have gdpr you or we have fedramp but you don't need to know the names of all these it's good to know what hipaa is it's good to know um what dci uh pci dess payment card industry data security standards so if you're handling um credit cards online you generally need to be pci dss compliant um but yeah this is just and i just showing you all these compliance programs and i feel like you could expand this and it would tell you a bit more it'll tell you what the program is about and what infrastructure actually is meeting those requirements so hopefully that gives you an idea what compliance programs are and why you care should care about them so let's talk about oci vault so oc vault makes it easy for you to create and control rotate encryption keys used to encrypt data on oci oci vault was previously known as oci key management or i think they abbreviate it as kms uh at least that's what i think so just be aware if we're talking about vault or key management it's the same thing oci vault is a multi-tenant cloud hsm if you're wondering what an hsm is hsm stands for hardware security module it's a piece of hardware designed to store encryption keys and uh the reason why you want to use a cloud hsm or a hardware security module is that it meets a compliance program such as fips 140 hyphen 2. so we talked about compliance programs prior and this would be a way to be compliant with this program um and so and yeah the key thing here is that it's multi-tenant so that means multiple customers are sharing the cost if you had to buy that piece of hardware outright it's at least a thousand dollars just for the hardware so you can see how this is extremely cost effective using oci vault and you're still compliant [Music] so let's talk about os management so os management is a oracle service that allows you to manage update and patch your virtual machines operating systems running on uh your oracle cloud so i like to think of os management as a toolbox for your vms so that's an easy way to remember what it is so let's talk about the features of os management and what it can do for you so one thing you can do is it can search install and remove linux packages for you it can uh search a faculty or a facility that you can use to check individual cve so common vulnerabilities and exposures to determine level exposure in your tenancy uh so exposure meaning like as someone trying to do malicious things like trying to exploit security vulnerabilities within your vms then you have software sources this is specific to linux but you can add or delete software sources to provide packages to instances to track available updates to those packages so it's not necessarily the installation or removing or searching packages it's the the sources of those packages then you have managed instance groups this enables you to group your instances together for updates uh the purpose of this would be like let's say you want to apply patches to this set of servers you can do that you can schedule jobs so you can execute one time a single job so let's say you wanted to download the application logs because you need to debug a problem on your production server then you have work requests this is just like scheduled jobs so you execute a job but it's based on a schedule so maybe every every day you want to back up some very specific system files and the last thing is you're going to get metrics and alarms you can create alarms such as when it's time to apply a security update so that is os management [Music] so let's talk about ddos protection on oci so before we do let's make sure we understand what ddos is so a ddos attack is a malicious attempt to disrupt normal traffic by flooding a website with large amounts of fake traffic and so i have a nice little diagram to show you here so imagine you have a server and imagine it's not on oracle or any other cloud providers just you have it somewhere hosted and somebody decides that they want to attack you they want to flood you with a bunch of traffic so they have their own server you don't know where it is but they have that server and what they do is they can control multiple remote servers which we might call slaves and what these servers are going to do is they're going to send fake traffic so they're going to pretend each server could pretend that they're a thousand people and so if you have a you know 20 servers pertaining they're each a thousand then you send out all those fake uh traffic uh over the internet and as it goes over the internet it's a bit harder to figure out where that traffic's coming from and all those ip addresses are spoofed anyway so we have no idea if the ips are really real and then you get that flood of traffic and when you get all that traffic hitting your server it makes it to become unavailable becomes unavailable because it can't handle the amount of traffic that's coming in it's like imagine you're getting lots of phone calls you can only handle so much at a given time um and so you so real users can't reach your website and that's what a ddos attack is but by having your server just within oci on the oci network you automatically uh get built-in support for ddos protection so there's different types of ddos so for layers three and four it's going to protect a guns flood attacks for layer seven you'd use a waff or some other tools we're not going to talk about the layers too much here but i just want you to know that there's built-in ddos protection when you use your server on oci [Music] so let's take a look at what a web application firewall does so oci has their own it's called oci waff and that protects your web app against common web exploits so oseiwaf sits between your server and incoming traffic and filters out https traffic um this is known as layer 7. i know i'm not talking too much about the layers you just need to know that it's layer 7 and it decides that it is unwanted based on managed or custom configured rules so oci has rules that are going to say this is bad traffic or you can set your own and so here's an architectural diagram you have a server sitting in your vcn a virtual cloud network and then you have oci sitting in between the incoming traffic and the traffic that's supposed to reach your server and it's going to decide if it's good or bad based on those rules now if you're wondering like what are good rules for waff like to filter on generally they follow owasp's top ten so you might have never heard of a wasp their logo is a wasp but it stands for the open web application security project so this is a project that is from a non-profit organization and what they've done is they've detailed all the possible common attacks that can happen and how to prevent them and so that is the basis of the majority of waffs out there whether it's oracle or any other they'll always go back to this list but this really gives you a clear idea as to what you need to protect against so there you go that is wab [Music] all right so i'm going to show you how to get started by setting up your first oracle cloud account so what i want you to do is in the top right corner go to try oracle cloud free tier there might be another button somewhere else but we'll go here and then we'll hit start for uh start for free and then it's going to ask us to choose our country i am in canada so we will type in canada here and then we'll choose our email i'm going to choose android exam pro.co i'm not sure if i've already made an account but i guess we'll find out it's going to ask us between a company and a and personal use i'm going to stick with personal use i'm going to say exam pro uh and then we'll drop down and we get to choose our region um we could choose uh well we want to do the free tier i guess it's only free for particular tiers even though i'm in canada toronto i'm going to choose ashburn this is where the most available servers are going to be and then i need to fill out my account information um so i'm just going to go here and fill all that out okay okay and so now all my uh personal details are filled in here um you're not gonna be able to see them because i blank them out and we'll go ahead and we'll verify our phone number so we now just have to enter in the code that it has given us so i'm just gonna check my phone here to see if i received a code and i have so i'm just going to go ahead and fill that in so that's 1 4 9 5 0 2 4. go ahead and verify that code and so now we need to put in a password so i'm just going to go ahead and fill in a password great and so now that i meet all the password requirements i should go ahead here and go to payment information and i hear it's just saying that i need to add a credit card but i won't be charged unless i'd like to upgrade my account so go ahead and i'll go and add my credit card and so here we can see my payment information is being repeated so i'm just going to scroll down and so now we need to choose a payment type so i'm just going to fill that in and now i have that filled in i'm just going to hit finish and so now we're just going to get a confirmation here so i'm going to hit confirm and so now this has created my account so i can go ahead and just log in with my password so we'll go ahead and log in and here we are we're in my account so this is the oracle console and you can see that we're under a trial for 30 days and if we we can upgrade to get access to more things so there you go so that that's all it takes to create an account [Music] so one of the first things we should do in our account is set up mfa so i'm going to set up mfa for my root account here so what we'll do is we'll go to the top right corner here go to profile we're going to go to user settings and we have this button here this is enable multi-factor authentication i'm going to go ahead and click that and what that's going to do it's going to give us this qr code and so what you're going to need is you're going to install the oracle mobile authenticator or a similar application i believe you can use google's authenticator but this is a separate application you have to install on your phone so you have to go to the google play store or or whichever or whichever store is on your phone and so i'm just pulling mine up right now so i have authenticator and in authenticator i i can click um a plus button it says scan a barcode and i'm just going to hold up my phone to that barcode and then it's going to add it and so now it's had it's now added it and it's going to ask me to enter in the numbers i see on my phone so i'm going to enter it in so i got 421908 and i'm going to hit enter and now i have multi-factor authentication so the next time i log in to my account i'm going to have to use authenticator to enter in those numbers so my account is secure and that's how you set up mfa if you have a business account it's a little bit different and i think we do have instructions on that on our website but yeah for your personal account that's all you have to do to set up mfa [Music] so now we're going to look at setting up a user account within our oracle cloud so if you aren't on this home screen just always click the logo oracle cloud here uh if you are lost from the last video what i want you to do is open the hamburger menu go down to identity and go to users and so what we can do is we can add more users to our account so i'm going to hit create users i'm going to make one for baker who's my co-founder he's also named andrew so that's why we call him bako from his last name and i need to confirm the email um i guess you can't have a space we'll look at some advanced options we can tag him we'll go ahead here and create oh i'll just say co-founder and so now i've created a bacon account and i'll just click into him here and he's never logged in but we can enable mfa for him but i guess he would have to do it himself because he would have to add his phone we can create and reset his password we can edit him as a user some basic information so that's how easy it is to create a user so we'll just go back here to oracle cloud and we'll move on to the next step [Music] so now that we have a user let's go ahead and uh put them in a group so we'll go up to the hamburger menu go back down to identity we'll go to groups and we'll create a group and we're going to call this group developers and maybe we'll capitalize it because our other one has a capital on it doesn't matter so these are developer group and we'll go ahead here and create that group so now we have created that group let's go ahead and add baco to that developer group so i'll click in here and then we'll just hit add user to group and we'll choose our user so we'll choose baco and i'll hit add and so now they're added to that group and the reason why we want to add people to groups is so that we can apply policies so that they have limitations on what they can do within the platform but we'll go back to oracle cloud and that's all you have to do to create a [Music] group so now let's go ahead and create a compartment a compartment allows us to group resources together and apply permissions just like how groups allow us to apply permissions to users so go back up to the hamburger menu go down to identity and choose compartments we already have a compartment it's our root compartment it's named after our account but we want to make our our own so we'll hit create compartment we'll call it development we'll have to give it a description as development again it's going to be the parents going to be uh the the root one because you can nest these six levels down but we just need one we'll go ahead and hit create compartment so now we've created ourselves a compartment and that's all we had to do here so let's go back to oracle cloud and we'll move on to the next [Music] so now let's go ahead and create a policy a policy is going to help us limit access to resources so people don't have access to things they shouldn't have so what i want you to do is go back up to the hamburger menu go down to identity and then what we're going to do is we're going to choose policies now policies are interesting because the way they are applied is that you don't apply you don't make a policy and then say assign to user as soon as you make them they're assigned so now that we're here we need to choose a compartment so it says view and manage pick a compartment resource type so we'll drop this down here oh over here and we're going to choose um example root and we're going to go ahead and create ourselves a new policy so i'm going to name this policy i'm going to say developer access so we'll see developers and now we need to write our statement and so i have a statement here i'm just gonna write it out so we're gonna say allow group developers to manage all resources in compartment development and so if i name that all right i believe i gave that a capital d i don't know if it's case sensitive and we're going to go ahead there and create that policy and so that's all it takes to make a a policy uh and to really test it uh you know baker would have to use this account and he would have to see if he had access or if he didn't i believe that when you make new user accounts by default they don't have any access until they are part of the statement group so everything is deny by default and then you add things to allow but that's all it takes to create a policy we're gonna go back to oracle cloud and we're done with this section [Music] so in order for us to launch resources uh in oracle we're going to need a vcn and so what we're going to do is go up to the hamburger menu make our way over to networking and go to vcns which stands for virtual cloud networks and we have two options we can create a vcn from scratch or we can start a start one with the vcn wizard i'm going to use the wizard and so we have two options vcm with internet connectivity or vcm with internet connectivity site to site vpn connect this sounds really great if we had something a bit more complicated like connecting to an on-premise network as the image shows but we want something simple here so i'm going to hit start vcn wizard and that's going to create us a bunch of resources so we'll just name our vcn as myvcn it's automatically filled in us a cider block so we have 10.0.0.16 and then what we have here is the subnets so it's going to create as a public subnet and a private subnet and as you remember from my tutorial guide uh you always want your subnets to cider block to be smaller than your vcn because it's taking a slice out of it now it looks confusing because 24 is larger than 16 but the larger the number is the smaller the slice okay and then we'll just scroll on down here so it says dns resolution we definitely want that we'll just scroll down uh this all looks great and we'll go ahead and hit next but before we do just look it's going to create us a vcn a public subnet a private subnet the internet gateway a nat gateway and a service gateway so we'll go ahead and hit next and then we'll go ahead and hit create so we'll just wait for those to create and so there you go they're all have been created so we'll go view virtual cloud network and so now we have our own vcn where we can start launching resources within and that's going to allow us to set up our own server so i'm going to go up here to oracle cloud and that's what we'll do we'll launch a server next [Music] so what we're going to do now is set up our own server so what i want you to do is go to the hamburger menu at the top we're going to go to compute we're going to go to instances we're going to create ourselves a new instance now it gives us a randomly generated name which is fine we can choose the os that we want so the oracle has their own version of linux if we hit change we have a bunch of options we can choose from such as partner images or maybe you have your custom images but we're just going to stick with the oracle version then in order for us to launch this we're going to actually need to upload an ssh key but before we do that let's just look at some of the options here so we can change the availability domain we can choose the size of instance they call them shapes so if we open up change shape we have different sizes we can even choose the provider for the for that you can choose bare metal if you want or go virtual and we're not we might not be seeing all the options because we are in the trial account so if we upgrade we probably would see a lot more options but what we'll do we'll just hide that there and what we need is we need a private and public key and this is a little bit hard because oracle doesn't give you a button just to generate them here so what you have to do is you have to create your own key pair and they do have this nice page on how to do whether you're on windows or if you're on um on linux or mac so i'm right now i'm on a windows machine so i would have to use putty so you'd have to go ahead and install putty once you've installed it you'd search for puttygen and again all these instructions are here so if you are a bit lost look for creating a key pair under the oracle cloud infrastructure documentation and it's under the getting started section okay but here i have uh putty and what it wants it wants us to create an ssh to rsa so it says find it okay specify a type of key so in the key menu confirm the default is rsa ssh key and this is a bit confusing because i'm looking at putty right here right now oh i had an old one open and i'm not seeing that so oh i guess you drop it down from there so it says ssh hyphen 2 rsa key type for the type of key generate accept the default key value as rsa so that's what's set as set the number of bits generated to 2048 so it's already set to 240048 and then click generate then when you need to move your mouse a bit that actually helps it generate random data and then it's going to say so it says move your mouse around when the key is generated appears under the public key for pacing ossh so it's just talking about that leave the key the passphrase blank we're going to do that save the private key and click yes um and then the key pair saved and putty which will be proprietary you can name the key anything you want it's ppka select all the generated keys and appears under the public key for pasting ossh do not save the public key because it does not save the key in the open ssh format okay so we'll go ahead and we will save our private key and we'll say yes because it's okay if we leave it blank we'll go to desktop i'm just going to name this as um oracle exam pro and it's going to name it as a dot ppk we'll hit save and so now we just need to grab the public key which is apparently this here so we'll go ahead and copy that out it's a bit easier on a mac because you just run the um a single command which is i'm sure it shows in here for linux and mac and so we'll go back over here yeah see that's what it is for mac you just run that line we'll go back over here and we can choose or paste we're gonna i think we just paste it in here we'll go ahead and hit create and hopefully that will work and there we go so it's creating our instance and it's starting up so now we just have to wait for it to provision i'm not sure how long it takes it shouldn't take too long but we'll just wait a little bit here so after waiting uh about five minutes our server is now running it's gone green and so i just wanted to show you a few things here so over here we have vnic so that's the virtual network interface card that is attached to this you can see that we want to get instant access you're connected a running instance using a shell we could connect so that's why we made our private and public key there we can see our shape configuration that we chose if we scroll down here and we go to boot volume you can see that it created us a boot volume and it's attached it looks like there's a console connection so this might be a convenient way to connect to the instance here you can set up work requests um so we can see that it created an instance so it shows us some history there um but yeah that's the instance there so yeah there we go so now that we're done with this instance let's go ahead and just terminate it so we'll go to actions and we'll hit terminate and we'll permanently delete the boot volume because we're done with that all right so there you go now if you wanted to make a database it's not going to be that much different you could do autonomous i think we get two for free so we just go ahead here i'm not going to go through the whole process i just want to quickly show you that the way you'd set up a database is you choose the database or the the transaction processing or the shared infrastructure you fill in your username password and etc you can bring your own license or license and create your database that way so i just wanted to quickly show you that but we'll make our way back to the compute instance and we can see that it's terminating it's going to take a little bit of time but if we see that we know that it's terminating we don't have to worry about it so i think we're all good for that so i just click back the home here and this section is done [Music] all right so i'm going to show you how to uh create your own bucket and start using object storage so we'll go all the way up here um to the hamburger menu and we're going to go to object storage and we're going to choose object storage what we're going to do is create ourselves a bucket and then we'll name the bucket whatever we want and we'll go ahead and we can enable object versioning we don't need to do that you'll notice that we can use the oracle manage keys to encrypt it but by default it is encrypted we can choose standard or archive archive is going to help us save more money if we choose that go ahead and create that bucket and so now we can click into that bucket and if we want to upload objects we just have to click upload so i'm just going to upload something from my desktop so let's go upload ourselves an object so we'll go to upload object i happen to have an image of the enterprise d that i want to upload so i'll just place it there i'm going to call that enterprise d we can see if there's a few other options here so we can just change the metadata and response header i'm just going to leave that all alone we'll hit upload and it uploaded was very fast okay and so there's our object and so on the left hand side we do have some other options such as metrics so we can see bucket size and number of objects we have pre-authenticated requests so if objects are private and we want to give people access to it i assume we could use that there are work requests work request is a feature of management os so i'm not sure how that fits in lifecycle policies you could create a rule probably to move it to archive so imagine that you had a like a lot of files and you needed to move them into archive so that you could hold onto them for seven years but you wanted to move an archive so that you're saving money that's what you use a life cycle policy for there's a replication policy replication would be for um backing up your data in another region so if this region for whatever reason uh suffered a disaster you would lose your data but if you replicated it into another region uh you wouldn't have that issue there then we have retention rules this sounds like that you can decide whether to delete files over time so by time bound or indefinite so it says object delete a modification is prevented from the retention during period so you can say you're not allowed to delete a file for this period of time so imagine that you are you have accounting files you have to hold on for seven years you could say hold on to these for seven years or you could say indefinite never never delete these files so hopefully that gives you an idea of object storage i'm going to go ahead here and delete this object but that's as simple as it is so there we go [Music] so now let's take a look at launching a database or at least look at the options because oracle is known for databases and they have quite a few options we have the autonomous data warehouse the autonomous transactional processing bare metal vm exudate exadata data safe which is for visualizing whether our data is safe nosql database and mysql where we have db systems and it can do backups we'll go to the autonomous data warehouse and it doesn't really matter what we choose because i think when we choose it it allows us to choose these two options and right now i'm under baker's account but let's say we want to do transactional processing so that's an oltp we want to be shared so that it's it's more cost effective and we want to use the free tier always free resources can be created in both free tier and paid so we'll check box that on if you're if you're always free tier has no activity seven days the database will automatically stop so they don't want us to really use it if we're not we can choose our database version apparently there's only one we have auto scaling we could turn that on so our database automatically scales um it's not let me checkbox it so i don't know there our admin credentials is going to be admin apparently we can't change that and we're just going to set this a password i'm going to do testing one two three um for one two three abc exclamation um testing one two three abc oh it's making this really hard for me uh uh contain at least one uppercase lowercase one number cannot use double quotations okay so i say testing abc all caps one two three testing abc one two three and we'll just look here configure access control rules um i don't know if we need to do any of that i guess we could restrict based on ip to say only this person from this ip so like my only my home address is allowed to access the server and we're gonna use license included i'm gonna look at some advanced options we just have some tags we'll go ahead and hit create autonomous database and so it's going to start provisioning that instance and so we're just gonna wait and i'll see you back here in a moment so after a short wait our autonomous database is all ready and running and we have some options here we can scale up and scale down which is kind of cool we can restart it we could create a clone we could add access control list we could reset the password and we can do a db connection so let's go ahead and click that so here it says to download the client credentials download the wallet so we can go ahead there and download that i'm not going to go do that we have metrics down below if we have backups we could see them here we can make a manual backup whenever we just click that put the name in and it would create a backup creating backups can be a little bit slow so i don't want to do it and i think right now we'd have to upgrade to use this feature so we're not going to be able to do any backups let's go to the tools and so in tools we have sql developer web oracle ml user administrator oracle application express and soda drivers i think this might give us an interface i'm just going to go ahead here and click that and see what we get and we'll just wait here a little bit and so here we are in the sql developer i wonder if it's the same if i go admin testing abc123 and there we are and we're actually in our database so that's really nice because it allows us to directly work with our database has a data modeler that sounds really cool um so i'm just clicking around here so i'm not exactly sure how this works but it's kind of cool that we have this interface here that's built in i haven't seen this with any other provider i assume we just start writing sql so you say select all or show tables i can't say i really know my oracle i know my mysql pretty well but we launched an oracle autonomous instance okay so i didn't see any output there but it's nice to see that we have that as an option um but yeah that is launching a database so let's go ahead and we'll just shut down this database because we're done with it we'll just say terminate type in the database name to confirm termination are you sure you want to name it here they put it there so you can just copy paste it like that that is a very nice name for a database and that's terminating so that's all we have to do and so that's databases [Music] so if you're ever wondering uh like how you can determine uh who is doing what within your account uh there's a service uh for oracle called audit so what i want you to do is go to your hamburger menu we're going to go down to security or sorry [Music] i can't remember what it's under here governance and we're going to go to audit and so what audit allows us to do it allows us to see what's been going on within our account so if we wanted to find out who did what that's how we could do it you could drop it down based on their action types filter but based on keywords but we can just scroll down here and eventually you'll see my names you can see that i was in the database service so i was looking at the database service deciding whether i wanted to start a server and then if we keep on going down we probably would see that i was trying to launch a server but yeah if you're just trying to figure out who did what in the system that is what audit does okay that's just good to know [Music] all right i just want to show you another thing with billing that is something you should probably do so if you go to the hamburger menu here and we're going to go to account management and we go to budgets we can set a budget and a budget's really good because it's going to help us make sure that we are keeping track of our costs so i've already created a budget here called the overall budget and it can show us that we had spent a hundred dollars and our spend so far is four dollars and fifty four cents and that's how much of our spend period that has occurred so far and that's how much it forecasts it's going to happen um in the future let's go ahead and create ourselves a new budget we can say another budget and you can do it based on compartment or a tag it's probably going to ask us for a description so you choose your component you say a hundred dollars you can choose the threshold so actual span versus forecast you could choose the threshold being 50 percent this is going to determine when it actually emails you to say hey your budget is approaching and then you put your email in here and that way you'd get an email about it so i'll go ahead and create ourselves a budget um a budget already exists for this component so i guess you can only make one uh per compartment all right and so i just made another one there but i don't really need another one so i'm going to go ahead and delete that but yeah you should definitely set up a budget because you want to keep on top of your cost so that you don't get over billed and so there you go [Music] okay so now what i want to do to show you a little bit about building um so i actually switched over to baker's account because um he actually has some spend out of his free tier you can see over here on the right hand side it says he spent four dollars so far and he has four days for his um his trial to end but what we'll do is we'll go to the hamburger menu up here we're going to scroll all the way down and we're going to go to account management and we're going to go to cost analysis and this will show us our free trial again so it's the same information there it tells us to upgrade but it's also going to give us a breakdown of compute block storage networking etc so here we can see those costs in detail so i just really wanted to show you that so you know where you can analyze your costs [Music] so now we're going to look at booking our exam and so the test center network that is associated with oracle is called pearson view and they do both in data center and also proctored exams proctored meaning from the comfort of your own home and that's all up to you but if we want to go start taking an exam what we can do is go to test takers and click on schedule an exam then we can search uh the type of certification we want so i'll type in oracle and we'll click here and then from there what we'll have to do is go and create ourselves an account or sign in i don't have an account so we'll go ahead and hit create account we're going to have to click i agree um indicate that you've read the terms we'll scroll all the way down the bottom check box that i agree so what we'll have to do is fill in our personal information so i'm just going to scroll through this so you can see so you have to put your title your first name middle name last name suffix and then your email so i'm going to go ahead and do that do you know of an oracle testing id no i do not know my oracle testing id so i am mr andrew william [Music] charles brown i don't have a suffix we'll go ahead here and i'll just say andrew at exam pro dot co andrew at exam pro dot co uh and sure i'll receive some marketing messages that looks good to me there's four steps personal information contact information additional information and create an account so hit next for create an account or the next step and what we need to do is we need to fill in our personal contact information so i'm going to say i'm from home and i'm in canada and i'm just going to fill in the rest of my information here great and now that i've filled in my personal uh address here i'm just going to scroll down and i just need to fill in my phone number and choose my corresponding language and we can go to next and now it's going to ask me if i'm part of the oracle partner network i am not if i was i would get a discount now it's going to ask me to make a username i'm going to go ahead and try to make one great and now i need to make a password so i'm just going to go make a password and then it's going to just ask me a security question great and we'll go next and now what we can do is we can view the exams that we want to book and so here we have a list of exams so we're looking for the foundation's exam so we could just type in foundations up here and then we have the the course codes here so we want to make sure that it's the correct one you can see that there's 20 and 20 f so i'm just going to double check what the code is so our code doesn't have the f i don't know why there's one with f maybe it's like for french i didn't mean to click it it's just loading now so what we'll do is we'll click the one that doesn't have the f then it's going to ask us where do we want to take the test we can say in our home office and then we can run a pre-check you definitely want to do a pre-check if you can so what this is going to do it's just going to check our systems we're going to see if we can pass right now my webcam isn't working it's showing something here and so this is just to check is my audio working do i have good internet and does my webcam work i'm just going to go hit next and so i've passed the checks so i can close this and then go next and the next thing we can do is we can agree to the online policy so we have to go and click through all of them here hit next and then it's going to show us the price of the exam and also what exam we're taking and the operating systems and other settings that matter we'll hit next and then here we have this option consecutive appointments you may add one or more exams to take on the same day and so i'm just going to hit next and so now we would choose a time so i could say you know on the on the monday here so we could say let's do it on monday and then we would need to choose the time the only time available is 9 pm so i could also choose maybe wednesday where i have more available times so here we could say 2 15. and then from here we're going to see our options it's going to show some of my personal information here and then all we have to do from here is proceed to checkout we're going to be presented with the policies prison with policies and then from here you just go hit accept and you would pay with your credit card and that's all there is to it so the reason i don't want to go through the whole whole end here is because i actually i'm not looking to book the exam today but this is the whole process to book with pearson vue and so good luck on your exam