Put the pedal to the metal: Oracle Bare metal cloud! The first impressions on networking

Put the pedal to the metal: Oracle Bare metal cloud! The first impressions on networking

The beginning

In the beginning of this year (2017), I was doing a cloud project, despite all efforts, unfortunately not on the Oracle cloud. When we finally had to deliver, suddenly the license rules changes for non-Oracle other cloud environments and you might or might not remember all options were open again. At that point, I really needed to vent and I wrote the blogpost Why the sun shines for Oracle and it’s cloudy for others. I made some points that more insight and testing was necessary and that is exactly how I got in touch with the Oracle Bare Metal cloud.

Logging in

After obtaining a subscription, first things first. The GUI. Often when exploring products, I choose the easy way first. So I did with BMCS (Bare metal cloud services). For daily work, I use an macbook pro and I’m one of the people who use Safari. So logging in on the bmcs with safari looks like this:

The people who know me, which button I choose. And then we end up with an error:

According me, not the best way of handling an error, but … I got in touch with the BMCS guys and they are very supportive. So I listed how I did it and what I received in combination with all versions of my system and they promised to have a look at it. When it will be implemented I don’t know, but they heard me and that is already good.

Ofcourse we don’t want to be blocked, so I used the workaround and used a supported browser. In my case I chose google chrome.

Logging on to the portal is browsing to (in my case I have a subscription in Phoenix) https://console.us-phoenix-1.oraclecloud.com and then it asks you to provide your tenant.

Your tenancy is something that Oracle creates for you and you will use to log in. If you know the tenant name, you can avoid this screen by simply browsing to: https://console.us-phoenix-1.oraclecloud.com/?tenant=<fill in the name of your tenant> and that will bring you to a login screen.

Looks very intuitive So logging in is simple using the credentials you were provided with.

So that’s how it looks like.

Networking the easy way

The first thing you need to do when you want to start with a cloud service is decide and create the network you want.

Typically, I would recommend to create a private network in the public cloud and connect your on-premises network towards it. This way it is just an extension of your current network. The Oracle BMCS offers this as well:

For these tests, as I did them from my home network and the databases will only contain sample and artificial data, I used another option and that is a connection over the internet. Take into account, this is not the most secure option to choose!

Network connections with public subnets

The quick and dirty “I want to test something”-way I would like to call this. It looks like this:

This one actually also very easy to setup. You can also see in the picture why it is not very secure either. Depending on your linux skills to secure internet facing servers ofcourse, but as you can see, the servers are directly connected to the internet. In some cases you want this, but in most cases, it’s not something you want to opt out for. The creating is very simple though.

In the upper menu structure at the right, you select “networking -> virtual cloud networks” and in the next screen you click “create virtual cloud network”.

Then Following screen pops up:

It’s very self explanatory actually.

  • You have to select the compartment
  • Preferable give it a name
  • If you want to be able to reach this vcn (virtual cloud network) from the internet, make sure to select “plus related resources”.
  • I use dns hostnames, so I leave it checked

And the second screen, is completely generated

You see, nothing to be filled in here. The nice thing is that this wizard is creating actually 3 subnets for you. One in each availability domain.

After clicking “create virtual cloud network” all is automagically provisioned and you can start creating machines.

Network connections the way it should be done

The way described above this, is basically good for testing and playing and demo’s etc but if you want to use the public cloud in a more secure way, you really should add a little bit of security.

As you can see in the drawing, some components have changed.

Currently I cannot crosscheck if it is really working, because I have to reconfigure my router at home to be a vpn client too, but I will test that in the future (and document) it too.

The oracle bmc cloud part is fairly easy actually. First create a vcn without all the options:

Then create a dynamic routing gateway:

It just needs the name:

Then add it to the new vcn:

Then use the 3 dots and view/edit the configuration:

and create the ipsec connection:

This is the part where I need to adapt my own network, but I’m actually relatively confident this will work properly and that the servers will just be accessible. To test though.

The cool thing is, oracle did the hard work for you and they provided a list of most common routers on how to configure them: https://docs.us-phoenix-1.oraclecloud.com/Content/Network/Tasks/configuringCPE.htm

Thing is … let the battle with the security department begin, but that’s something every company needs to find out for itself.

I will also try to get this working and when it’s done, I will illustrate as well how it is done.
The parts currently missing are adding the details to the tunnel such as the pre shared key, I currently didn’t manage to get the tunnel up. Also the routes to be added are currently missing here, but that will be all in the blogpost when I manage to get all connected decently. That post will also handle 2 AD’s (availability domains) but without a load balancer.

So this is the first of some posts as I get a feeling it will be too long otherwise. Next step will be IaaS. I’ll show you how to deploy and use compute and storage and after that we go to rac dbaas. I can’t wait to share !

As always, questions, remarks? find me on twitter @vanpupi

Comments are closed.
%d bloggers like this: