{"id":742,"date":"2026-04-15T09:57:09","date_gmt":"2026-04-15T09:57:09","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-file-storage-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage\/"},"modified":"2026-04-15T09:57:09","modified_gmt":"2026-04-15T09:57:09","slug":"oracle-cloud-file-storage-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-file-storage-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-storage\/","title":{"rendered":"Oracle Cloud File Storage Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Storage"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Storage<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>File Storage<\/strong> (often referred to in Oracle Cloud Infrastructure (OCI) documentation as the <em>File Storage service<\/em>) is a managed, shared file system designed for applications and users that need <strong>POSIX-like file semantics<\/strong> and <strong>network file access<\/strong>. It provides a centralized place to store files that can be mounted concurrently by multiple compute instances and services over a private network.<\/p>\n\n\n\n<p>In simple terms: <strong>File Storage gives you an NFS-accessible shared folder in Oracle Cloud<\/strong>. You create a file system, attach it to your virtual network through a mount target, export a path, and then mount it from Linux hosts (and other supported clients) as a regular directory.<\/p>\n\n\n\n<p>Technically, File Storage is a cloud-managed network file system. You provision a <strong>file system<\/strong> and expose it through a <strong>mount target<\/strong> that lives in your VCN subnet. Clients in your VCN (or connected networks) mount the export path using NFS. File Storage handles durability and availability of the storage backend, while you control access through IAM policies, export rules, and network security controls.<\/p>\n\n\n\n<p>The problem it solves: many workloads need <strong>shared, hierarchical storage<\/strong>\u2014for example, web server fleets sharing static content, CI\/CD runners sharing build artifacts, analytics tools reading common datasets, and lift-and-shift enterprise apps expecting shared NFS. File Storage provides this without you operating NFS servers, RAID, patching, or capacity planning at the instance level.<\/p>\n\n\n\n<blockquote>\n<p>Naming status: As of the latest generally available OCI terminology, <strong>\u201cFile Storage\u201d \/ \u201cFile Storage service\u201d is current and active<\/strong>. If you see older references to \u201cFile Storage Service (FSS)\u201d, that is typically the same service. Always verify the latest feature set and limits in the official documentation for your region.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is File Storage?<\/h2>\n\n\n\n<p><strong>Official purpose (scope):<\/strong> Oracle Cloud File Storage is a managed service for creating and accessing <strong>shared file systems<\/strong> over a network from resources in OCI. It is designed for workloads that require file-level access (directories, permissions, file locking semantics as supported by NFS), rather than object-level access (Object Storage) or block-level access (Block Volumes).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a <strong>file system<\/strong> in OCI.<\/li>\n<li>Create a <strong>mount target<\/strong> in a VCN subnet to provide a private endpoint.<\/li>\n<li>Create an <strong>export<\/strong> (export path) associated with the mount target.<\/li>\n<li>Mount the exported file system from clients over NFS.<\/li>\n<li>Manage access using a combination of:<\/li>\n<li>OCI IAM policies (who can create\/modify file storage resources)<\/li>\n<li>Network controls (VCN security lists \/ NSGs)<\/li>\n<li>Export rules \/ export options (which client source(s) can mount and with what permissions)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>File system<\/strong>: The managed storage resource that holds directories and files.<\/li>\n<li><strong>Mount target<\/strong>: A network endpoint (private IP in your subnet) that clients use to reach the file system.<\/li>\n<li><strong>Export set<\/strong>: A collection associated with a mount target that contains exports (paths).<\/li>\n<li><strong>Export<\/strong>: The exported path (for example <code>\/shared<\/code>) mapped to a file system, with export options\/rules.<\/li>\n<li><strong>Snapshots \/ clones \/ replication (if available in your tenancy\/region)<\/strong>: File-system data management features may exist depending on current OCI capabilities\u2014<strong>verify in official docs<\/strong> for what is supported in your region and tenancy.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Managed Storage (file)<\/strong>, accessed over the network (NFS-based).<\/li>\n<li>You manage <em>access and usage<\/em>; OCI manages the storage infrastructure.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope: regional vs. availability domain<\/h3>\n\n\n\n<p>OCI services vary between regional and availability-domain (AD) scoped resources. File Storage resources are commonly modeled as <strong>availability-domain\u2013scoped<\/strong> (for example, mount targets are created in a subnet in an AD). Exact scoping and HA behavior can differ by region and current implementation details\u2014<strong>verify in official docs<\/strong>:\n&#8211; Which resources are AD-specific\n&#8211; How availability is handled within a region\n&#8211; Whether and how you should deploy mount targets across multiple ADs for resilience<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>File Storage is part of OCI <strong>Storage<\/strong> and is frequently used with:\n&#8211; <strong>Compute<\/strong> (VMs\/BMs) that mount the file system\n&#8211; <strong>VCN<\/strong> networking (subnets, routing, security lists\/NSGs)\n&#8211; <strong>Bastion<\/strong> for secure administrative access without exposing SSH\n&#8211; <strong>IAM<\/strong> for least-privilege control over who can create\/update\/delete storage resources\n&#8211; <strong>Monitoring<\/strong> and <strong>Audit<\/strong> for operations and governance\n&#8211; Optional connectivity services: <strong>FastConnect<\/strong>, <strong>Site-to-Site VPN<\/strong>, <strong>Remote Peering<\/strong> for hybrid and multi-region access patterns<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use File Storage?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster delivery<\/strong>: Teams get shared storage without building and operating NFS clusters.<\/li>\n<li><strong>Lower operational overhead<\/strong>: OCI manages storage durability and service-level operations.<\/li>\n<li><strong>Supports legacy and enterprise apps<\/strong>: Many enterprise applications expect a shared filesystem.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Shared POSIX-style storage<\/strong>: A common directory tree across multiple clients.<\/li>\n<li><strong>Multi-host access<\/strong>: Multiple compute instances can mount the same export concurrently.<\/li>\n<li><strong>Fits lift-and-shift<\/strong>: Helps migrate on-prem apps that depend on NFS shares.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Simplified administration<\/strong>: Provision via Console, CLI, SDK, or Terraform.<\/li>\n<li><strong>Centralized storage management<\/strong>: One place for shared app data, configs, and artifacts.<\/li>\n<li><strong>Integrates with OCI governance<\/strong>: compartments, tags, audit trails, and policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Private network access<\/strong>: Mount targets are typically private IPs within your VCN.<\/li>\n<li><strong>Layered access controls<\/strong>:<\/li>\n<li>Network controls (NSGs\/security lists)<\/li>\n<li>Export rules restricting client sources<\/li>\n<li>IAM policies controlling administrative actions<\/li>\n<li><strong>Auditability<\/strong>: OCI Audit can record API operations on file storage resources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Elastic storage<\/strong>: You typically pay for what you store rather than pre-provisioning a volume size (verify exact model in pricing docs).<\/li>\n<li><strong>Designed for concurrent access<\/strong>: Suitable for shared-content and shared-workspace patterns.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose File Storage when you need:\n&#8211; NFS-like shared storage\n&#8211; Concurrent access by multiple instances\n&#8211; Directory\/file semantics and shared paths\n&#8211; Lift-and-shift of NFS-based applications<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid File Storage when you need:\n&#8211; <strong>Object APIs<\/strong> (use <strong>Object Storage<\/strong> for S3-like semantics, lifecycle tiers, and massive scale for unstructured data)\n&#8211; <strong>Ultra-low-latency local IO<\/strong> (use local NVMe where appropriate)\n&#8211; <strong>Single-host block storage<\/strong> with database-grade tuning (use <strong>Block Volumes<\/strong>)\n&#8211; Built-in cross-region active-active global namespace (verify if\/when replication exists; do not assume it replaces application-level DR design)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is File Storage used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Media and entertainment (shared assets, render outputs)<\/li>\n<li>Healthcare and life sciences (shared datasets with access controls)<\/li>\n<li>Financial services (enterprise apps with shared config and batch I\/O)<\/li>\n<li>SaaS providers (shared configuration, artifacts, multi-VM web tiers)<\/li>\n<li>Education\/research (shared lab data, home directories)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering (shared runtime assets)<\/li>\n<li>DevOps\/SRE (shared build artifacts, deployment assets)<\/li>\n<li>Data engineering (shared staging areas)<\/li>\n<li>Security\/Compliance (controlled shared repositories)<\/li>\n<li>App teams modernizing legacy systems<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web farms sharing static content<\/li>\n<li>CI\/CD runners storing build\/test artifacts<\/li>\n<li>Shared home directories for Linux users<\/li>\n<li>Content management systems<\/li>\n<li>Batch processing pipelines with shared staging folders<\/li>\n<li>Lift-and-shift enterprise apps expecting NFS<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-tier apps where application servers share a common filesystem<\/li>\n<li>Compute clusters (VM\/BM) mounting shared exports<\/li>\n<li>Hybrid setups where on-prem clients access shared cloud storage via VPN\/FastConnect (with careful latency and security planning)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test<\/strong>: quick shared workspace for builds, artifacts, integration testing.<\/li>\n<li><strong>Production<\/strong>: shared app content, shared configs, data staging, and controlled collaboration areas\u2014designed with resilient networking, strict export rules, and monitoring.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Oracle Cloud File Storage is a strong fit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Web farm shared static content<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Multiple web servers must serve identical static assets.<\/li>\n<li><strong>Why File Storage fits<\/strong>: One shared directory mounted by all web servers.<\/li>\n<li><strong>Example<\/strong>: A pool of OCI Compute instances behind a load balancer mounts <code>\/www-assets<\/code> and serves the same images\/CSS\/JS.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) CI\/CD artifact repository (short-lived)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Build agents need a shared location for intermediate artifacts.<\/li>\n<li><strong>Why it fits<\/strong>: Simple POSIX paths; easy cleanup; concurrency.<\/li>\n<li><strong>Example<\/strong>: Jenkins agents mount <code>\/ci-artifacts<\/code> to store test reports and build outputs before publishing to Object Storage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Lift-and-shift NFS-dependent enterprise app<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: An on-prem app expects an NFS share for configs\/uploads.<\/li>\n<li><strong>Why it fits<\/strong>: NFS-style mount paths with familiar semantics.<\/li>\n<li><strong>Example<\/strong>: Migrate the app VMs to OCI and mount <code>\/app-share<\/code> instead of running an NFS server VM.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Shared home directories for Linux users<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Engineers need consistent home directories across multiple hosts.<\/li>\n<li><strong>Why it fits<\/strong>: Centralized filesystem with permissions.<\/li>\n<li><strong>Example<\/strong>: Bastion\/admin hosts mount <code>\/home<\/code> from File Storage so user profiles are consistent.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Data science \u201cworking set\u201d staging area<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Analysts need a shared folder for notebooks, small datasets, and outputs.<\/li>\n<li><strong>Why it fits<\/strong>: Easy collaboration and shared access patterns.<\/li>\n<li><strong>Example<\/strong>: A small team mounts <code>\/ds-shared<\/code> on compute instances running training jobs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Media workflow scratch space (shared)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Render nodes need shared access to input assets and output frames.<\/li>\n<li><strong>Why it fits<\/strong>: Shared files with directory structure, accessed by many clients.<\/li>\n<li><strong>Example<\/strong>: A render farm mounts <code>\/projectA<\/code> and reads textures while writing outputs to per-shot directories.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Container workloads needing shared persistent storage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Some containerized apps need ReadWriteMany-like storage semantics.<\/li>\n<li><strong>Why it fits<\/strong>: NFS mounts can provide shared access for multiple nodes (integration specifics depend on your orchestration stack; <strong>verify<\/strong> your CSI\/driver approach).<\/li>\n<li><strong>Example<\/strong>: A Kubernetes deployment mounts a shared export for shared uploads.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Shared configuration and certificates distribution (carefully)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A fleet needs consistent config bundles.<\/li>\n<li><strong>Why it fits<\/strong>: Centralized files accessible to multiple nodes.<\/li>\n<li><strong>Example<\/strong>: A controlled <code>\/config<\/code> export for non-secret configs (secrets should use a secrets manager; avoid storing secrets in plain text).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Batch processing pipeline staging area<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: ETL jobs exchange files between stages.<\/li>\n<li><strong>Why it fits<\/strong>: Shared directory structure and atomic rename\/move patterns.<\/li>\n<li><strong>Example<\/strong>: Stage1 writes to <code>\/incoming<\/code>, Stage2 processes and writes to <code>\/processed<\/code>, Stage3 archives to Object Storage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Application uploads shared across app servers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: User-uploaded images must be visible to all app instances.<\/li>\n<li><strong>Why it fits<\/strong>: Shared filesystem path simplifies application code.<\/li>\n<li><strong>Example<\/strong>: <code>\/uploads<\/code> mounted on each app server; application writes uploads once and all nodes can serve them.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Legacy tools requiring filesystem paths<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Some tools can\u2019t use object APIs.<\/li>\n<li><strong>Why it fits<\/strong>: Presents as a normal filesystem path.<\/li>\n<li><strong>Example<\/strong>: A reporting tool reads <code>\/reports\/input\/*.csv<\/code> nightly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Hybrid shared storage extension (with network planning)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: On-prem and cloud hosts must share data during migration.<\/li>\n<li><strong>Why it fits<\/strong>: With VPN\/FastConnect and strict export rules, you can provide controlled shared access (latency-sensitive).<\/li>\n<li><strong>Example<\/strong>: On-prem batch server mounts OCI File Storage during a phased migration.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Note: OCI services evolve. Confirm the current feature availability for your region\/tenancy in official docs.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Managed NFS-accessible shared file systems<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides a shared filesystem accessible over the network.<\/li>\n<li><strong>Why it matters<\/strong>: Many workloads need shared POSIX-like file access.<\/li>\n<li><strong>Practical benefit<\/strong>: No need to operate NFS servers, disks, or clustering.<\/li>\n<li><strong>Caveat<\/strong>: NFS protocol version(s) supported can vary; <strong>verify supported NFS versions<\/strong> and client OS support in OCI docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Mount targets in your VCN (private endpoints)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Exposes the file system via a mount target with private IP(s) in your subnet.<\/li>\n<li><strong>Why it matters<\/strong>: Keeps file access within your private network boundaries.<\/li>\n<li><strong>Practical benefit<\/strong>: Works with standard VCN routing, security lists, and NSGs.<\/li>\n<li><strong>Caveat<\/strong>: Mount target placement affects connectivity; ensure route tables and security rules allow NFS traffic.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Export paths and export options (access rules)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you define exported paths (for example <code>\/shared<\/code>) and specify which clients can mount and with what permissions.<\/li>\n<li><strong>Why it matters<\/strong>: Shared storage must be carefully access-controlled.<\/li>\n<li><strong>Practical benefit<\/strong>: Restrict mounts to specific CIDRs\/subnets and enforce read-only where needed.<\/li>\n<li><strong>Caveat<\/strong>: Misconfigured export options are a common cause of \u201cpermission denied\u201d or unexpected access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integration with OCI IAM (administrative control plane)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Uses OCI IAM policies to control who can create\/update\/delete file systems, mount targets, and exports.<\/li>\n<li><strong>Why it matters<\/strong>: Separation of duties and least privilege.<\/li>\n<li><strong>Practical benefit<\/strong>: Storage administrators can be compartment-scoped; app teams can be constrained.<\/li>\n<li><strong>Caveat<\/strong>: IAM controls API actions, not runtime NFS file permissions\u2014use POSIX permissions and export rules as well.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption at rest (service-managed)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Encrypts stored data at rest using OCI\u2019s standard encryption mechanisms.<\/li>\n<li><strong>Why it matters<\/strong>: Reduces risk if underlying media is compromised.<\/li>\n<li><strong>Practical benefit<\/strong>: You typically get encryption without changing application code.<\/li>\n<li><strong>Caveat<\/strong>: If customer-managed keys (CMEK) are supported for File Storage in your region, that will be documented\u2014<strong>verify<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Snapshots \/ clones (data management)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides point-in-time copies (snapshots) and\/or rapid duplication (clones), depending on service capabilities.<\/li>\n<li><strong>Why it matters<\/strong>: Safer upgrades, quick rollback, test environments from production-like data.<\/li>\n<li><strong>Practical benefit<\/strong>: Restore quickly from logical mistakes.<\/li>\n<li><strong>Caveat<\/strong>: Snapshots and clones may contribute to billed storage; confirm billing and retention behavior.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Metrics and monitoring integration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Exposes performance and utilization metrics to OCI Monitoring.<\/li>\n<li><strong>Why it matters<\/strong>: Shared storage issues can impact many workloads simultaneously.<\/li>\n<li><strong>Practical benefit<\/strong>: Alert on throughput\/latency\/utilization symptoms (exact metrics vary; <strong>verify metric names<\/strong>).<\/li>\n<li><strong>Caveat<\/strong>: Monitoring helps detect symptoms but you still need workload-level tuning and access controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">High availability design (service-side) and multi-endpoint patterns (customer-side)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: The managed service is built for durability and availability; you can design client connectivity with multiple mount targets and redundancy patterns.<\/li>\n<li><strong>Why it matters<\/strong>: File shares often become critical dependencies.<\/li>\n<li><strong>Practical benefit<\/strong>: Reduced operational burden compared to self-managed NFS HA.<\/li>\n<li><strong>Caveat<\/strong>: The recommended HA approach (single vs multiple mount targets, multi-AD, etc.) is implementation-specific\u2014<strong>verify<\/strong> OCI\u2019s current best practices.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>You create a <strong>file system<\/strong> in a compartment.<\/li>\n<li>You create a <strong>mount target<\/strong> in a VCN subnet (private IP).<\/li>\n<li>You create an <strong>export<\/strong> mapping an export path (like <code>\/shared<\/code>) to your file system, with export options.<\/li>\n<li>Client instances in the VCN mount the share via NFS using the mount target IP and export path.<\/li>\n<li>Access is governed by:\n   &#8211; IAM for control plane operations\n   &#8211; VCN networking security for transport-level reachability\n   &#8211; Export rules and OS-level file permissions for runtime access<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Data flow vs control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control plane (API)<\/strong>: Console\/CLI\/SDK calls create and manage file systems, mount targets, and exports. These actions are governed by OCI IAM and recorded in OCI Audit.<\/li>\n<li><strong>Data plane (NFS traffic)<\/strong>: NFS read\/write operations flow from client instances to the mount target private IP over your VCN (and connected networks). Network security rules and export options determine allowed sources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Compute<\/strong>: primary client for mounting NFS shares.<\/li>\n<li><strong>VCN<\/strong>: required for mount target placement and connectivity.<\/li>\n<li><strong>Bastion<\/strong>: secure administrative access to instances mounting the filesystem.<\/li>\n<li><strong>FastConnect \/ IPSec VPN<\/strong>: for hybrid access patterns (latency-sensitive).<\/li>\n<li><strong>Monitoring<\/strong>: for metrics and alarms.<\/li>\n<li><strong>Audit<\/strong>: governance for API activity.<\/li>\n<li><strong>Terraform \/ Resource Manager<\/strong>: infrastructure as code for repeatability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VCN, subnet(s), route tables, and security lists\/NSGs<\/li>\n<li>IAM policies for the compartment<\/li>\n<li>Compute instances (or other clients) that mount the filesystem<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>API authentication<\/strong>: OCI IAM (users, groups, dynamic groups, instance principals).<\/li>\n<li><strong>NFS access control<\/strong>: Export rules\/options + network security + POSIX permissions on the mounted filesystem.<\/li>\n<li><strong>Network exposure<\/strong>: Mount targets are typically private; avoid exposing NFS to the public internet.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mount target resides in a subnet (private IP).<\/li>\n<li>Clients must have network routes to reach that subnet.<\/li>\n<li>Security rules must permit the required NFS traffic between client and mount target.<\/li>\n<li>The exact ports depend on NFS protocol\/version and OCI implementation\u2014<strong>verify in docs<\/strong>. Many deployments primarily require TCP 2049, but do not assume without confirmation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>Monitoring<\/strong> for service metrics and <strong>Alarms<\/strong> for thresholds.<\/li>\n<li>Use <strong>Audit<\/strong> to track create\/update\/delete operations.<\/li>\n<li>Use <strong>Tags<\/strong> to map cost and ownership.<\/li>\n<li>Use compartment structure to isolate environments (dev\/test\/prod).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Simple architecture diagram<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[Admin: Console\/CLI] --&gt;|Create| FS[(File System)]\n  U --&gt; MT[Mount Target&lt;br\/&gt;Private IP in Subnet]\n  U --&gt; EX[Export&lt;br\/&gt;Path \/shared]\n\n  C1[Compute Instance 1] --&gt;|NFS mount| MT\n  C2[Compute Instance 2] --&gt;|NFS mount| MT\n\n  MT --&gt; EX --&gt; FS\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Production-style architecture diagram<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph OCI[Oracle Cloud - Region]\n    subgraph Net[VCN]\n      subgraph AD1[Availability Domain 1]\n        APP1[App VM Pool A] --&gt; MT1[Mount Target A&lt;br\/&gt;Subnet A]\n      end\n\n      subgraph AD2[Availability Domain 2]\n        APP2[App VM Pool B] --&gt; MT2[Mount Target B&lt;br\/&gt;Subnet B]\n      end\n\n      MT1 --&gt; FS[(File Storage File System)]\n      MT2 --&gt; FS\n    end\n\n    MON[OCI Monitoring\/Alarms]\n    AUD[OCI Audit]\n  end\n\n  MON --- FS\n  AUD --- FS\n<\/code><\/pre>\n\n\n\n<blockquote>\n<p>The multi-mount-target pattern is a common production consideration for resilience and locality, but the exact best practice for File Storage across availability domains should be validated in OCI documentation for your region.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Before you start, ensure you have the following.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy\/account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud<\/strong> tenancy with permissions to use OCI Storage and Networking.<\/li>\n<li>A compartment to hold resources (recommended: separate compartments for dev\/test\/prod).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM policies<\/h3>\n\n\n\n<p>You need IAM permission to manage:\n&#8211; File Storage resources (file systems, mount targets, exports)\n&#8211; VCN resources (subnets, security lists\/NSGs, route tables)\n&#8211; Compute instances (to mount and validate)<\/p>\n\n\n\n<p>Example policy patterns (conceptual\u2014adapt to your compartment structure and security model):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allow a group to manage file storage in a compartment:<\/li>\n<li><strong>Verify exact policy verbs\/resource types in official docs<\/strong> (OCI policy syntax is strict and service families have specific names).<\/li>\n<\/ul>\n\n\n\n<p>In OCI, the family is commonly referred to as <code>file-family<\/code> for File Storage-related permissions, but <strong>verify<\/strong> the correct policy resource types here:\n&#8211; https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/policyreference.htm<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>File Storage is a paid service with usage-based billing.<\/li>\n<li>You should have a payment method set up (or credits) and understand the pricing dimensions (see Pricing section).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools<\/h3>\n\n\n\n<p>Choose one workflow:\n&#8211; <strong>OCI Console<\/strong> (browser-based; simplest for beginners)\n&#8211; <strong>OCI CLI<\/strong> (for scripting)\n&#8211; <strong>Terraform<\/strong> (recommended for production\/IaC)<\/p>\n\n\n\n<p>For this tutorial:\n&#8211; Console + SSH to a Linux compute instance is enough.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>File Storage is available in many OCI regions, but not necessarily all features in all regions.<\/li>\n<li>Confirm region support and limits in official docs and your tenancy\u2019s Service Limits page.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limits exist for number of file systems, mount targets, exports, and possibly throughput or other constraints.<\/li>\n<li>Check:<\/li>\n<li>OCI Console \u2192 Governance\/Administration \u2192 <strong>Limits, Quotas and Usage<\/strong> (exact navigation may vary)<\/li>\n<li>Official \u201cService Limits\u201d docs for File Storage (<strong>verify in official docs<\/strong>)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VCN with at least one subnet for the mount target<\/li>\n<li>A Linux compute instance in a subnet that can reach the mount target<\/li>\n<li>Appropriate security rules allowing NFS traffic<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Oracle Cloud File Storage pricing is <strong>usage-based<\/strong>. Exact prices vary by region\/currency and can change; do not hardcode numbers in internal plans without checking the official pricing pages.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing references<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI pricing landing page: https:\/\/www.oracle.com\/cloud\/price-list\/<\/li>\n<li>OCI cost tools (pricing calculator): https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n<li>File Storage-specific pricing page (verify current URL and region selector):<br\/>\n  https:\/\/www.oracle.com\/cloud\/storage\/file-storage\/pricing\/ (Verify in official Oracle pricing pages)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical model)<\/h3>\n\n\n\n<p>Common billing drivers for managed file storage services include:\n&#8211; <strong>Storage capacity<\/strong> (GB-month): primary driver\u2014how much data is stored on the file system.\n&#8211; <strong>Snapshots\/clones storage<\/strong>: if snapshots\/clones exist, retained snapshot data may count toward billed usage (verify exact accounting).\n&#8211; <strong>Data transfer (network egress)<\/strong>:\n  &#8211; Intra-VCN traffic is often not billed as internet egress, but cross-region, internet egress, and some interconnect patterns may incur charges.\n  &#8211; Verify OCI data transfer pricing and whether traffic to\/from mount targets affects billable egress for your architecture.<\/p>\n\n\n\n<p>OCI\u2019s exact billing metrics for File Storage (including any performance tiers or operation-based charges) must be confirmed in current pricing docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<p>OCI has an Always Free tier for some services. File Storage may or may not be included in Always Free in your region\/tenancy.\n&#8211; <strong>Verify Always Free eligibility<\/strong> here: https:\/\/www.oracle.com\/cloud\/free\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers (what usually increases spend)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Storing large datasets in File Storage instead of Object Storage.<\/li>\n<li>Keeping many snapshots\/clones long-term (if billed).<\/li>\n<li>Cross-region replication\/DR copies (if used; <strong>verify<\/strong> feature availability and cost).<\/li>\n<li>Data egress to the internet or cross-region transfers.<\/li>\n<li>Over-provisioned compute instances dedicated solely to file sharing (if you could use managed File Storage instead\u2014here File Storage saves that compute cost).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden\/indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Compute<\/strong>: instances used to process or serve files; autoscaling can multiply read\/write load.<\/li>\n<li><strong>Backup\/DR<\/strong>: additional copies in other regions or services.<\/li>\n<li><strong>Connectivity<\/strong>: FastConnect\/VPN costs if hybrid access is required.<\/li>\n<li><strong>Operations<\/strong>: monitoring, logging retention, and security tooling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer private access over the VCN and avoid public exposure.<\/li>\n<li>Keep client instances and mount targets in the same region; cross-region access can introduce latency and possible egress charges.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use File Storage for active\/shared file workloads; move cold archives to <strong>Object Storage<\/strong> with lifecycle policies.<\/li>\n<li>Remove obsolete data and implement retention policies.<\/li>\n<li>Review snapshot\/clone retention (if used).<\/li>\n<li>Avoid using File Storage as a \u201cdata lake\u201d when object storage is more cost-efficient.<\/li>\n<li>Use tagging for cost allocation: <code>env<\/code>, <code>app<\/code>, <code>owner<\/code>, <code>cost-center<\/code>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (conceptual)<\/h3>\n\n\n\n<p>A small lab might include:\n&#8211; 1 small file system with a few GB to tens of GB of data\n&#8211; 1 mount target\n&#8211; 1 compute VM (the VM will likely dominate the cost if the file system remains small)<\/p>\n\n\n\n<p>Because prices vary, compute a range using the cost estimator:\n&#8211; Estimate storage as <strong>(average stored GB) \u00d7 (GB-month rate)<\/strong>.\n&#8211; Add compute for the VM hours.\n&#8211; Assume minimal egress if everything stays inside the VCN.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For production, plan for:\n&#8211; Growth of stored data (GB-month over time)\n&#8211; Snapshot\/clone retention (if applicable)\n&#8211; DR strategy (additional storage copies)\n&#8211; Hybrid network connectivity costs\n&#8211; Monitoring\/observability retention<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab creates a real Oracle Cloud File Storage setup and mounts it from a Linux compute instance over a private network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Provision Oracle Cloud <strong>File Storage<\/strong> and mount it on an OCI Compute Linux VM using NFS, then validate read\/write access and clean up resources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create (or reuse) a VCN and subnets.\n2. Launch a Linux compute instance and connect via SSH.\n3. Create a File Storage file system.\n4. Create a mount target in a subnet.\n5. Create an export path.\n6. Mount the export on the VM and validate I\/O.\n7. Clean up all resources.<\/p>\n\n\n\n<p><strong>Expected time:<\/strong> 45\u201390 minutes<br\/>\n<strong>Cost:<\/strong> Low, but not free (compute + storage). Keep the file system small and delete resources after the lab.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create or choose a compartment<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console, create a compartment such as:\n   &#8211; <code>lab-storage-file-storage<\/code><\/li>\n<li>Record the compartment OCID (optional) for CLI\/Terraform later.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A dedicated compartment to isolate and clean up lab resources easily.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create networking (VCN + subnets)<\/h3>\n\n\n\n<p>You need:\n&#8211; A subnet for the <strong>compute instance<\/strong>\n&#8211; A subnet for the <strong>mount target<\/strong> (can be the same subnet in small labs, but separating is common in production)<\/p>\n\n\n\n<p><strong>Console (typical approach):<\/strong>\n1. Go to <strong>Networking \u2192 Virtual Cloud Networks<\/strong>\n2. Click <strong>Create VCN<\/strong>\n3. Choose <strong>VCN with Internet Connectivity<\/strong> for a beginner lab (creates VCN, subnets, IGW, route tables).\n4. Name it <code>vcn-fss-lab<\/code>.<\/p>\n\n\n\n<p><strong>Important security note:<\/strong> The mount target should typically be in a <strong>private subnet<\/strong> in production. For a lab, you can still use a private subnet and SSH through a bastion, but that adds steps. This tutorial keeps it simple while still recommending private-by-default for the mount target.<\/p>\n\n\n\n<p><strong>Recommended lab layout:<\/strong>\n&#8211; Public subnet: compute instance (SSH allowed from your IP)\n&#8211; Private subnet: mount target<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> A VCN with at least two subnets and routing in place.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Configure security rules (NFS + SSH)<\/h3>\n\n\n\n<p>You must allow:\n&#8211; SSH to the compute VM (from your public IP)\n&#8211; NFS traffic from the compute subnet to the mount target subnet<\/p>\n\n\n\n<p><strong>Option A (recommended): use Network Security Groups (NSGs)<\/strong><br\/>\n&#8211; Create NSG for compute and NSG for mount target, then allow rules between them.<\/p>\n\n\n\n<p><strong>Option B: use Security Lists (simpler for labs)<\/strong><br\/>\nUpdate the mount target subnet\u2019s security list to allow NFS from the compute subnet CIDR.<\/p>\n\n\n\n<p>Because exact NFS ports can depend on the protocol version and implementation, use OCI docs to confirm the required ports. Commonly:\n&#8211; TCP 2049 (NFS)<\/p>\n\n\n\n<p>If you aren\u2019t sure, check the official File Storage \u201cMounting File Systems\u201d documentation for required ports:\n&#8211; File Storage docs landing page (navigate to mounting):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/home.htm<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> Network path exists for compute \u2192 mount target over NFS.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Launch a Linux compute instance<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Compute \u2192 Instances \u2192 Create instance<\/strong><\/li>\n<li>Name: <code>vm-fss-client-1<\/code><\/li>\n<li>Image: Oracle Linux (or another supported Linux)<\/li>\n<li>Shape: choose a small\/low-cost shape suitable for labs<\/li>\n<li>Networking:\n   &#8211; Put it in the <strong>public subnet<\/strong> for easy SSH (lab only)\n   &#8211; Ensure it has a public IP<\/li>\n<li>Add your SSH public key.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A running VM reachable via SSH.<\/p>\n\n\n\n<p><strong>SSH into the instance:<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i \/path\/to\/private_key opc@&lt;PUBLIC_IP&gt;\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Create a File Storage file system<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Storage \u2192 File Storage<\/strong><\/li>\n<li>Click <strong>Create file system<\/strong><\/li>\n<li>Name: <code>fss-lab-fs1<\/code><\/li>\n<li>Select the same compartment as your lab resources.<\/li>\n<li>Select the appropriate availability domain (if prompted).<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A file system resource exists.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Create a mount target in the private subnet<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In <strong>Storage \u2192 File Storage<\/strong>, go to <strong>Mount targets<\/strong><\/li>\n<li>Click <strong>Create mount target<\/strong><\/li>\n<li>Name: <code>fss-lab-mt1<\/code><\/li>\n<li>VCN: <code>vcn-fss-lab<\/code><\/li>\n<li>Subnet: choose the <strong>private subnet<\/strong><\/li>\n<li>(Optional) Assign an NSG if you\u2019re using NSGs.<\/li>\n<\/ol>\n\n\n\n<p>Record the mount target\u2019s <strong>private IP address<\/strong>.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> A mount target exists with a private IP reachable from your compute instance subnet.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Create an export (export path)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Navigate to your mount target and find its <strong>Export set<\/strong>.<\/li>\n<li>Create an <strong>export<\/strong>:\n   &#8211; File system: <code>fss-lab-fs1<\/code>\n   &#8211; Export path: <code>\/shared<\/code>\n   &#8211; Export options \/ rules:<ul>\n<li>Allow source: your compute subnet CIDR (or the specific VM IP for tighter scope)<\/li>\n<li>Access: Read\/Write for the lab<\/li>\n<li>Identity squashing options: choose defaults unless you have a specific reason\u2014<strong>verify meanings in docs<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> An export exists and is associated with the mount target.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8: Mount the file system on the compute instance<\/h3>\n\n\n\n<p>On the VM, install NFS utilities (package name varies by distro).<\/p>\n\n\n\n<p><strong>Oracle Linux \/ RHEL-like:<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo dnf -y install nfs-utils\n<\/code><\/pre>\n\n\n\n<p>Create a mount directory:<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo mkdir -p \/mnt\/fss\n<\/code><\/pre>\n\n\n\n<p>Mount using the mount target private IP and export path.<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo mount -t nfs &lt;MOUNT_TARGET_PRIVATE_IP&gt;:\/shared \/mnt\/fss\n<\/code><\/pre>\n\n\n\n<p>If your environment requires specifying an NFS version or options, use the syntax recommended in OCI docs for File Storage mounting. For example, you might need options like <code>vers=3<\/code> or <code>vers=4<\/code> depending on supported versions\u2014<strong>verify in official docs<\/strong> before enforcing a specific version:<\/p>\n\n\n\n<pre><code class=\"language-bash\"># Example only - verify required options in OCI docs\nsudo mount -t nfs -o vers=3 &lt;MOUNT_TARGET_PRIVATE_IP&gt;:\/shared \/mnt\/fss\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> The filesystem is mounted at <code>\/mnt\/fss<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 9: Create files and validate read\/write<\/h3>\n\n\n\n<p>Check mount:<\/p>\n\n\n\n<pre><code class=\"language-bash\">mount | grep fss\ndf -h | grep \/mnt\/fss\n<\/code><\/pre>\n\n\n\n<p>Write a test file:<\/p>\n\n\n\n<pre><code class=\"language-bash\">echo \"hello from OCI File Storage\" | sudo tee \/mnt\/fss\/hello.txt\nsudo ls -l \/mnt\/fss\nsudo cat \/mnt\/fss\/hello.txt\n<\/code><\/pre>\n\n\n\n<p>If you have a second instance, mount the same export and confirm the file is visible from both clients.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> You can read and write files, and changes persist across clients.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use the following checks:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Connectivity<\/strong>\n   &#8211; From the compute VM, confirm the mount target is reachable (ICMP may be blocked; TCP test is better):\n   <code>bash\n   # If nc is available:\n   nc -vz &lt;MOUNT_TARGET_PRIVATE_IP&gt; 2049<\/code>\n   If <code>nc<\/code> is not installed:\n   <code>bash\n   sudo dnf -y install nmap-ncat\n   nc -vz &lt;MOUNT_TARGET_PRIVATE_IP&gt; 2049<\/code><\/p>\n<\/li>\n<li>\n<p><strong>Mount status<\/strong>\n<code>bash\n   mount | grep \/mnt\/fss<\/code><\/p>\n<\/li>\n<li>\n<p><strong>File operations<\/strong>\n<code>bash\n   (cd \/mnt\/fss &amp;&amp; sudo touch validation-$(date +%s).txt &amp;&amp; ls -l)<\/code><\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common issues and realistic fixes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong><code>mount.nfs: Connection timed out<\/code><\/strong>\n   &#8211; Cause: routing or security rules block NFS traffic.\n   &#8211; Fix:<\/p>\n<ul>\n<li>Confirm compute subnet route table can reach mount target subnet (same VCN should work by default).<\/li>\n<li>Confirm NSG\/security list allows required NFS ports from compute to mount target.<\/li>\n<li>Confirm mount target is in the correct subnet and has correct private IP.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong><code>mount.nfs: access denied by server<\/code> or <code>Permission denied<\/code><\/strong>\n   &#8211; Cause: export options\/rules do not allow your client IP\/CIDR.\n   &#8211; Fix:<\/p>\n<ul>\n<li>Update export options to include the client subnet or specific client IP.<\/li>\n<li>Confirm you are mounting the correct export path.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>You can mount but cannot write<\/strong>\n   &#8211; Cause: export is read-only or POSIX permissions prevent writing.\n   &#8211; Fix:<\/p>\n<ul>\n<li>Ensure export options allow read\/write.<\/li>\n<li>Check directory ownership and permissions:\n   <code>bash\n   ls -ld \/mnt\/fss\n   sudo ls -ld \/mnt\/fss<\/code><\/li>\n<li>Create a directory and set appropriate ownership for your app user.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Performance seems slow<\/strong>\n   &#8211; Cause: workload pattern, instance sizing, network path, or service limits.\n   &#8211; Fix:<\/p>\n<ul>\n<li>Confirm instance shape and network throughput.<\/li>\n<li>Check Monitoring metrics for the file system (exact metrics: <strong>verify<\/strong>).<\/li>\n<li>Avoid tiny synchronous IO patterns; batch writes when possible.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing costs, delete resources in reverse order:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p>On the compute VM:\n   <code>bash\n   sudo umount \/mnt\/fss<\/code><\/p>\n<\/li>\n<li>\n<p>In OCI Console:\n   &#8211; Delete the <strong>export<\/strong>\n   &#8211; Delete the <strong>mount target<\/strong>\n   &#8211; Delete the <strong>file system<\/strong>\n   &#8211; Terminate the <strong>compute instance<\/strong>\n   &#8211; Delete the VCN (if it was created only for this lab)<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> No remaining billable File Storage resources.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Design for shared dependency<\/strong>: treat File Storage as a tier that can affect many systems. Document dependencies and blast radius.<\/li>\n<li><strong>Separate subnets<\/strong>: put mount targets in private subnets; restrict client access.<\/li>\n<li><strong>Multiple mount targets (if recommended)<\/strong>: consider deploying mount targets per AD or per subnet segment for resilience and locality\u2014<strong>verify OCI guidance<\/strong>.<\/li>\n<li><strong>Use Object Storage for cold data<\/strong>: store long-term archives in Object Storage and keep File Storage for active\/shared file workloads.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use compartments to separate environments.<\/li>\n<li>Apply least privilege:<\/li>\n<li>Storage admins manage file storage resources.<\/li>\n<li>App teams get only what they need.<\/li>\n<li>Prefer <strong>dynamic groups + instance principals<\/strong> for automation over long-lived user API keys (where appropriate).<\/li>\n<li>Use tags for ownership and lifecycle automation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Implement retention: delete obsolete artifacts and user uploads as appropriate.<\/li>\n<li>Control snapshot\/clone growth (if used).<\/li>\n<li>Track spend with tags and budgets.<\/li>\n<li>Avoid cross-region data movement unless necessary for DR.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use appropriate client mount options recommended by OCI docs.<\/li>\n<li>Avoid chatty metadata operations when possible (workload dependent).<\/li>\n<li>Keep clients close (same region\/VCN). Hybrid mounts can be latency sensitive.<\/li>\n<li>Test with representative workload patterns before production cutover.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Plan for instance failures: mount in boot scripts or systemd, but handle mount delays gracefully.<\/li>\n<li>Consider multi-AD patterns if required.<\/li>\n<li>Use application-level resilience: retries, backoff, and proper error handling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitor:<\/li>\n<li>File system metrics (throughput, latency, etc.\u2014verify available metrics)<\/li>\n<li>Client-side metrics (CPU iowait, mount errors)<\/li>\n<li>Alert on:<\/li>\n<li>sudden latency spikes<\/li>\n<li>mount failures<\/li>\n<li>capacity growth anomalies<\/li>\n<li>Runbooks:<\/li>\n<li>how to add\/remove client access<\/li>\n<li>how to rotate subnets\/NSGs<\/li>\n<li>how to restore data from snapshots\/backups (based on your chosen method)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Naming:<\/li>\n<li><code>fss-&lt;env&gt;-&lt;app&gt;-fs-&lt;id&gt;<\/code><\/li>\n<li><code>fss-&lt;env&gt;-&lt;app&gt;-mt-&lt;id&gt;<\/code><\/li>\n<li>Tagging:<\/li>\n<li><code>env=dev|test|prod<\/code><\/li>\n<li><code>owner=&lt;team&gt;<\/code><\/li>\n<li><code>cost-center=&lt;id&gt;<\/code><\/li>\n<li><code>data-classification=public|internal|confidential|restricted<\/code><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<p>Security is layered:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>OCI IAM<\/strong> controls who can:\n   &#8211; Create\/delete file systems\n   &#8211; Create\/delete mount targets and exports\n   &#8211; Modify export rules<\/li>\n<li><strong>Network security<\/strong> controls which clients can reach the mount target:\n   &#8211; NSGs\/security lists\n   &#8211; Route tables and segmentation<\/li>\n<li><strong>Export options<\/strong> restrict which client sources can mount and what permissions they have.<\/li>\n<li><strong>POSIX permissions<\/strong> and ownership inside the filesystem control file-level access.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>At rest<\/strong>: File Storage is typically encrypted at rest by default using OCI-managed encryption.<\/li>\n<li><strong>In transit<\/strong>: NFS traffic is not inherently encrypted like HTTPS. To protect data in transit:<\/li>\n<li>Keep traffic on private networks<\/li>\n<li>Consider private connectivity (VPN\/FastConnect) for hybrid<\/li>\n<li>Consider host-based encryption approaches if required by policy (application-level encryption, OS-level encryption, or secure tunnels). Validate what is supported and appropriate for your environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not expose NFS to the public internet.<\/li>\n<li>Place mount targets in private subnets.<\/li>\n<li>Restrict inbound rules to only client subnets\/NSGs that require access.<\/li>\n<li>Prefer \u201cdeny by default\u201d patterns.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid storing secrets in File Storage as plaintext.<\/li>\n<li>Use OCI secrets management (OCI Vault \/ Secrets) for credentials and keys.<\/li>\n<li>If you must store sensitive files, enforce strict permissions and consider encryption at the application layer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>OCI Audit<\/strong> to track administrative actions on File Storage resources.<\/li>\n<li>Use Logging\/Monitoring for operational signals (exact integrations vary\u2014verify).<\/li>\n<li>Maintain change control on export rules and subnet\/NSG changes (these are security-sensitive).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Classify data (PII\/PHI\/etc.) and apply:<\/li>\n<li>least privilege access<\/li>\n<li>restricted export rules<\/li>\n<li>private connectivity<\/li>\n<li>retention and deletion policies<\/li>\n<li>If you have regulatory obligations, confirm OCI compliance documentation and service eligibility for your program (HIPAA, PCI, etc.)\u2014this is organization-specific and region-specific.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allowing <code>0.0.0.0\/0<\/code> access to mount target NFS ports.<\/li>\n<li>Export rules that allow broad CIDR ranges unnecessarily.<\/li>\n<li>Using one shared export for multiple environments (dev\/test\/prod) without isolation.<\/li>\n<li>Not tracking changes to export rules and security lists.<\/li>\n<li>Over-permissive POSIX permissions (<code>chmod 777<\/code>) in shared areas.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Put mount targets in private subnets.<\/li>\n<li>Use NSGs for tighter, instance-level control.<\/li>\n<li>Export only what you need; keep paths minimal and purpose-built.<\/li>\n<li>Use separate file systems\/exports for different data classifications.<\/li>\n<li>Monitor for unexpected access patterns (client-side logs + OCI governance).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because limits and behaviors can change, treat these as planning checkpoints and verify specifics.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitation patterns (verify exact details)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>NFS protocol constraints<\/strong>: Supported NFS versions and features (locking, ACL support, etc.) may differ; validate for your client OS and workload.<\/li>\n<li><strong>Linux-first mounting<\/strong>: Many cloud NFS services are primarily targeted at Linux\/UNIX clients; other OS support depends on client tooling and protocol compatibility.<\/li>\n<li><strong>Mount target networking<\/strong>: Mount target is reachable only via networks that can route to its subnet; cross-VCN requires peering\/DRG and security alignment.<\/li>\n<li><strong>Hybrid latency<\/strong>: On-prem mounts over VPN\/FastConnect can be sensitive to latency and jitter; test before committing.<\/li>\n<li><strong>Permissions model complexity<\/strong>: Export rules + POSIX permissions + application user IDs must align. UID\/GID mismatches across hosts are a classic gotcha.<\/li>\n<li><strong>Snapshot\/clone billing growth<\/strong>: Retained snapshots\/clones can increase billed usage; implement retention governance.<\/li>\n<li><strong>Service limits<\/strong>: Number of resources per compartment\/AD, and any throughput or concurrency limits\u2014check Service Limits.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not all OCI regions may support identical features.<\/li>\n<li>Feature rollout can be phased; always confirm in the docs for your target region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data egress charges for internet or cross-region transfers.<\/li>\n<li>Unbounded growth of stored data (especially shared upload folders).<\/li>\n<li>Snapshot\/clone retention if billed as stored data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Some applications assume specific filesystem features; validate:<\/li>\n<li>file locking behavior<\/li>\n<li>rename atomicity expectations<\/li>\n<li>fsync patterns and performance sensitivity<\/li>\n<li>Container\/Kubernetes integration requires a supported driver approach; verify current OCI recommendations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Migrating from on-prem NFS requires careful planning:<\/li>\n<li>UID\/GID mapping<\/li>\n<li>preserving permissions and timestamps<\/li>\n<li>handling open files and cutover windows<\/li>\n<li>Use tools like <code>rsync<\/code> for file-level migration, but test for correctness and performance.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI\u2019s model uses mount targets and export sets; this is different from AWS EFS, Azure Files, and Google Filestore naming and configuration patterns.<\/li>\n<li>Don\u2019t assume the same mount options and semantics apply across providers.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>File Storage is one option in OCI Storage. Choose based on access pattern (file vs block vs object), sharing requirements, and protocol needs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud File Storage<\/strong><\/td>\n<td>Shared POSIX-like file access, NFS-style workloads<\/td>\n<td>Managed service, shared mounts, integrates with VCN\/IAM<\/td>\n<td>NFS constraints; needs careful network\/export rules; not object-native<\/td>\n<td>Multiple instances need shared filesystem paths<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Block Volumes<\/strong><\/td>\n<td>Single-instance block storage (databases, low-latency block IO)<\/td>\n<td>Predictable block semantics, attach\/detach, good for databases<\/td>\n<td>Typically not shared read\/write across many instances without clustering<\/td>\n<td>You need block devices for a VM\/BM or clustered FS<\/td>\n<\/tr>\n<tr>\n<td><strong>OCI Object Storage<\/strong><\/td>\n<td>Unstructured data, archival, data lakes, static content via HTTP<\/td>\n<td>Massive scale, lifecycle tiers, API-first, cost-effective for cold data<\/td>\n<td>Not POSIX filesystem; app changes needed<\/td>\n<td>You can use object APIs and want tiering\/lifecycle management<\/td>\n<\/tr>\n<tr>\n<td><strong>Local NVMe (instance storage)<\/strong><\/td>\n<td>Ultra-fast temporary scratch<\/td>\n<td>Very low latency\/high IOPS<\/td>\n<td>Data not durable across instance lifecycle; not shared<\/td>\n<td>High-performance scratch space with ephemeral data<\/td>\n<\/tr>\n<tr>\n<td><strong>Self-managed NFS on Compute<\/strong><\/td>\n<td>Full control, custom configs<\/td>\n<td>Customizable, can use special NFS features<\/td>\n<td>You manage HA, patching, scaling, failures<\/td>\n<td>You have strict requirements not met by managed service<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS EFS (other cloud)<\/strong><\/td>\n<td>NFS shared storage in AWS<\/td>\n<td>Mature managed NFS ecosystem<\/td>\n<td>Different cloud; migration complexity<\/td>\n<td>You\u2019re standardizing on AWS<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Files (other cloud)<\/strong><\/td>\n<td>SMB\/NFS shares in Azure<\/td>\n<td>Strong Windows\/SMB integration (depending on tier)<\/td>\n<td>Different semantics\/options; different cost model<\/td>\n<td>Windows-heavy or Azure-first environments<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Filestore (other cloud)<\/strong><\/td>\n<td>Managed NFS in GCP<\/td>\n<td>Good integration with GCP<\/td>\n<td>Different service tiers and limits<\/td>\n<td>GCP-first environments<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Shared application content for a multi-tier enterprise app<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A legacy enterprise application runs on multiple application servers and requires a shared directory for uploads, generated reports, and shared configuration. On-prem it used an NFS cluster.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>OCI Compute instance pool for app servers across fault domains (and possibly ADs)<\/li>\n<li>Oracle Cloud File Storage for <code>\/appdata<\/code><\/li>\n<li>Mount targets in private subnets; NSGs restrict NFS to app tier only<\/li>\n<li>OCI Load Balancer in front of app servers<\/li>\n<li>Monitoring alarms on file storage metrics and client-side iowait<\/li>\n<li>DR plan: scheduled file sync to Object Storage or File Storage replication if supported (verify), plus infrastructure as code<\/li>\n<li><strong>Why File Storage was chosen<\/strong>:<\/li>\n<li>Minimizes app changes (still mounts a shared filesystem)<\/li>\n<li>Removes need to operate NFS servers and HA clusters<\/li>\n<li>Integrates with OCI networking and IAM governance<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Reduced ops burden (no NFS server patching)<\/li>\n<li>Consistent shared app state across servers<\/li>\n<li>Better auditability of storage administration changes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Shared build artifacts and web assets<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A small team runs a few VMs for a web app and wants a shared directory for build artifacts, static assets, and logs during troubleshooting.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>2\u20133 small OCI Compute instances<\/li>\n<li>One File Storage file system mounted on all instances at <code>\/srv\/shared<\/code><\/li>\n<li>Export rules allow only the compute subnet<\/li>\n<li>Basic alarms for sudden growth<\/li>\n<li>Nightly rsync of critical artifacts to Object Storage<\/li>\n<li><strong>Why File Storage was chosen<\/strong>:<\/li>\n<li>Simple to mount and use like a normal filesystem<\/li>\n<li>Avoids running an extra \u201cstorage VM\u201d<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Faster deployments (shared assets path)<\/li>\n<li>Fewer moving parts<\/li>\n<li>Controlled costs by keeping stored data small and archiving to Object Storage<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) What is Oracle Cloud File Storage?<\/h3>\n\n\n\n<p>A managed OCI Storage service that provides shared file systems accessible over the network (typically via NFS) from instances and other clients in your OCI network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Is File Storage the same as Object Storage?<\/h3>\n\n\n\n<p>No. File Storage is a filesystem (directories\/files, NFS mounts). Object Storage is an object store accessed via API\/HTTP with buckets and objects.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Can multiple compute instances mount the same File Storage export?<\/h3>\n\n\n\n<p>Yes\u2014shared access is a primary use case. Ensure export rules and POSIX permissions are designed for multi-client access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Does File Storage support Windows\/SMB?<\/h3>\n\n\n\n<p>File Storage is generally positioned as NFS-based. If you need SMB, evaluate other approaches (such as Windows file services on compute or other OCI options). <strong>Verify current protocol support in OCI docs.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Is File Storage encrypted at rest?<\/h3>\n\n\n\n<p>Typically yes, using OCI\u2019s standard encryption-at-rest mechanisms. Verify any customer-managed key options in the current documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) Is File Storage encrypted in transit?<\/h3>\n\n\n\n<p>NFS traffic is not inherently encrypted like HTTPS. Protect it using private networking and, if required, additional encryption methods (tunnels\/app-level). Verify best practices for your compliance needs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) Do I need a public IP to use File Storage?<\/h3>\n\n\n\n<p>No. Mount targets are typically private IPs in a subnet; clients access them through the VCN (or connected private networks).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) What are mount targets and why do I need them?<\/h3>\n\n\n\n<p>A mount target is the network endpoint (private IP) used by clients to mount your exported file system. It ties File Storage into your VCN networking model.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) How do export rules work?<\/h3>\n\n\n\n<p>Export rules\/options define which client sources can mount an export and what access (read-only\/read-write) they have. Exact options vary\u2014verify in docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) How do I restrict access to only one application subnet?<\/h3>\n\n\n\n<p>Use NSGs\/security lists to allow NFS only from that subnet\/NSG, and configure export rules to match only that subnet CIDR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Can I access File Storage from on-premises?<\/h3>\n\n\n\n<p>Yes, via private connectivity (IPSec VPN or FastConnect) if routing and security rules permit it. Expect latency sensitivity and test thoroughly.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) How do snapshots affect cost?<\/h3>\n\n\n\n<p>If snapshots are supported and billed as stored capacity, keeping many snapshots can increase your bill. Confirm snapshot billing behavior on the pricing page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) How do I back up File Storage?<\/h3>\n\n\n\n<p>Options include snapshots (if supported), file-level tools (rsync), or copying important data to Object Storage. Choose based on RPO\/RTO and verify OCI\u2019s current recommended approach.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) What\u2019s the difference between File Storage and Block Volumes?<\/h3>\n\n\n\n<p>Block Volumes provide block devices attached to instances (like disks). File Storage provides shared filesystem access over the network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) What are the most common causes of mount failures?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Missing NFS port rules in NSGs\/security lists<\/li>\n<li>Export rules not allowing the client subnet\/IP<\/li>\n<li>Routing misconfiguration (peering\/DRG)<\/li>\n<li>Wrong export path or mount target IP<\/li>\n<li>Missing NFS client utilities on the VM<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">16) Can I use File Storage with Kubernetes?<\/h3>\n\n\n\n<p>Often yes, via an NFS-based approach. Implementation depends on your Kubernetes environment and supported CSI\/drivers. Verify current OCI guidance for OKE and persistent shared storage.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">17) How do I estimate performance?<\/h3>\n\n\n\n<p>Review OCI\u2019s current File Storage performance documentation, understand workload IO patterns, and test with representative load. Monitor both server-side metrics and client-side iowait.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn File Storage<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI File Storage documentation home: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/home.htm<\/td>\n<td>Primary reference for concepts, limits, and step-by-step procedures<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI File Storage overview (navigate within docs): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/File\/Concepts\/filestorageoverview.htm<\/td>\n<td>Explains components (file systems, mount targets, exports)<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI IAM policy reference: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/policyreference.htm<\/td>\n<td>Required to write correct least-privilege policies<\/td>\n<\/tr>\n<tr>\n<td>Official docs\/tools<\/td>\n<td>OCI CLI documentation: https:\/\/docs.oracle.com\/en-us\/iaas\/tools\/oci-cli\/latest\/<\/td>\n<td>Automate provisioning and operations<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud price list: https:\/\/www.oracle.com\/cloud\/price-list\/<\/td>\n<td>Authoritative pricing references by service and region<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<td>Build a region-specific estimate without guessing<\/td>\n<\/tr>\n<tr>\n<td>Official free tier<\/td>\n<td>Oracle Cloud Free Tier: https:\/\/www.oracle.com\/cloud\/free\/<\/td>\n<td>Check whether any File Storage usage qualifies (often not)<\/td>\n<\/tr>\n<tr>\n<td>Official architecture<\/td>\n<td>Oracle Cloud Architecture Center: https:\/\/www.oracle.com\/cloud\/architecture-center\/<\/td>\n<td>Reference architectures and patterns (validate File Storage-specific examples)<\/td>\n<\/tr>\n<tr>\n<td>Official governance<\/td>\n<td>OCI Audit documentation (navigate from OCI docs): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/td>\n<td>Understand auditing of API actions on storage resources<\/td>\n<\/tr>\n<tr>\n<td>Community (high-level)<\/td>\n<td>Oracle Cloud community and blogs (verify accuracy vs docs): https:\/\/blogs.oracle.com\/cloud-infrastructure\/<\/td>\n<td>Practical articles and updates; confirm details in official docs<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>Beginners to working professionals<\/td>\n<td>DevOps, cloud operations, automation fundamentals that apply to OCI storage deployments<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Students and engineers<\/td>\n<td>SCM, DevOps, CI\/CD practices that pair with shared storage use cases<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud engineers and ops teams<\/td>\n<td>Cloud operations practices (monitoring, governance, cost awareness)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs and reliability engineers<\/td>\n<td>Reliability engineering, incident response, monitoring practices relevant to shared storage dependencies<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams and platform engineers<\/td>\n<td>AIOps concepts (observability, automation) applicable to storage monitoring and anomaly detection<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content (verify current offerings)<\/td>\n<td>Engineers seeking practical training resources<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and mentoring (verify specific OCI coverage)<\/td>\n<td>Beginners to intermediate DevOps learners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps help\/training resources (treat as a platform; verify offerings)<\/td>\n<td>Teams needing hands-on assistance<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support\/training services (verify scope)<\/td>\n<td>Operations teams and engineers<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify service catalog)<\/td>\n<td>Architecture review, migration planning, operations setup<\/td>\n<td>Designing secure mount target networking; defining IAM policies; migration runbooks<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps and cloud consulting\/training<\/td>\n<td>Implementation guidance, best practices, enablement<\/td>\n<td>Setting up IaC for File Storage + VCN; operational monitoring; team enablement workshops<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify service catalog)<\/td>\n<td>CI\/CD, automation, cloud operations<\/td>\n<td>Automating provisioning and cleanup; integrating shared storage into deployment workflows<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before File Storage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals:<\/li>\n<li>Compartments, IAM users\/groups, policies<\/li>\n<li>Regions and availability domains<\/li>\n<li>Networking:<\/li>\n<li>VCN, subnets, route tables<\/li>\n<li>Security lists and NSGs<\/li>\n<li>Private connectivity basics (VPN\/FastConnect) for hybrid patterns<\/li>\n<li>Linux basics:<\/li>\n<li>Filesystem permissions (UID\/GID, chmod\/chown)<\/li>\n<li>NFS client tools and mounting<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after File Storage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure as Code:<\/li>\n<li>Terraform for OCI (network + storage + compute)<\/li>\n<li>CI pipelines for IaC validation and drift detection<\/li>\n<li>Observability:<\/li>\n<li>OCI Monitoring alarms<\/li>\n<li>Central logging patterns and client-side telemetry<\/li>\n<li>Backup\/DR:<\/li>\n<li>Snapshot strategies (if supported)<\/li>\n<li>File-level backups to Object Storage<\/li>\n<li>Cross-region DR patterns<\/li>\n<li>Security:<\/li>\n<li>Zero-trust network segmentation<\/li>\n<li>Continuous compliance checks (Cloud Guard and policies\u2014verify applicability)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Engineer \/ Platform Engineer<\/li>\n<li>DevOps Engineer<\/li>\n<li>Site Reliability Engineer (SRE)<\/li>\n<li>Solutions Architect<\/li>\n<li>Systems Administrator (Linux)<\/li>\n<li>Security Engineer (for access control reviews)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certification programs change over time. Look for current OCI certifications and training paths on Oracle University and official Oracle certification pages. Start with OCI foundations and then progress to architect or operations tracks.\n&#8211; Verify current certification options in official Oracle training resources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a \u201cshared uploads\u201d tier for a two-instance web app.<\/li>\n<li>Automate File Storage provisioning with Terraform and enforce tags + naming policy.<\/li>\n<li>Create a migration plan: rsync on-prem NFS \u2192 OCI File Storage with a cutover window and validation checklist.<\/li>\n<li>Implement monitoring: alarms for unusual growth and client mount failures.<\/li>\n<li>Design a DR workflow: periodic sync to Object Storage and a restore runbook.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AD (Availability Domain)<\/strong>: A physically isolated data center within an OCI region (in regions that use ADs).<\/li>\n<li><strong>Compartment<\/strong>: A logical container in OCI IAM for organizing and isolating resources.<\/li>\n<li><strong>Export<\/strong>: A path (like <code>\/shared<\/code>) that maps to a file system and is made available via a mount target.<\/li>\n<li><strong>Export options \/ rules<\/strong>: Settings that control which clients can mount an export and their access rights.<\/li>\n<li><strong>File system<\/strong>: The managed storage resource holding directories and files.<\/li>\n<li><strong>Mount target<\/strong>: The private endpoint in your subnet used to access File Storage.<\/li>\n<li><strong>NFS<\/strong>: Network File System protocol used to mount shared file systems over a network.<\/li>\n<li><strong>NSG (Network Security Group)<\/strong>: Virtual firewall rules applied to VNICs\/resources for fine-grained security.<\/li>\n<li><strong>POSIX permissions<\/strong>: Unix-like permissions model (user\/group\/other with read\/write\/execute).<\/li>\n<li><strong>Private subnet<\/strong>: A subnet without direct public internet exposure (instances typically have no public IP).<\/li>\n<li><strong>Security list<\/strong>: Subnet-level virtual firewall rules in OCI.<\/li>\n<li><strong>VCN (Virtual Cloud Network)<\/strong>: Your private network in OCI.<\/li>\n<li><strong>DR (Disaster Recovery)<\/strong>: Processes and architecture enabling recovery from region\/zone failures.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>File Storage<\/strong> is OCI\u2019s managed <strong>shared file system<\/strong> service in the <strong>Storage<\/strong> category, designed for workloads that need NFS-style mounts and POSIX-like file semantics. It fits best when multiple compute instances (or connected private networks) must read and write to the same directory tree without running and maintaining NFS servers.<\/p>\n\n\n\n<p>Cost is primarily driven by <strong>stored capacity<\/strong> (and potentially snapshots\/clones if used), plus any <strong>data transfer<\/strong> charges for cross-region or internet egress. Security hinges on layered controls: <strong>IAM for administration<\/strong>, <strong>VCN network rules<\/strong> for reachability, <strong>export rules<\/strong> for allowed clients, and <strong>POSIX permissions<\/strong> for file-level access.<\/p>\n\n\n\n<p>Use File Storage when you need shared filesystem semantics; choose Block Volumes for block-level needs and Object Storage for API-native, massively scalable unstructured data. Next step: implement the same lab using Terraform and add monitoring\/alarms plus a backup\/restore runbook aligned to your organization\u2019s RPO\/RTO requirements.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Storage<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,7],"tags":[],"class_list":["post-742","post","type-post","status-publish","format-standard","hentry","category-oracle-cloud","category-storage"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=742"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/742\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}