{"id":752,"date":"2026-04-15T10:51:37","date_gmt":"2026-04-15T10:51:37","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-at-customer-gen1-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services\/"},"modified":"2026-04-15T10:51:37","modified_gmt":"2026-04-15T10:51:37","slug":"oracle-cloud-at-customer-gen1-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-at-customer-gen1-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-other-services\/","title":{"rendered":"Oracle Cloud at Customer Gen1 Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Other Services"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Other Services<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Cloud at Customer Gen1 is an Oracle Cloud service designed to run Oracle-managed cloud infrastructure inside your own data center. It exists for organizations that need cloud operating models (self-service, elastic capacity within a footprint, metering, standard APIs) while keeping workloads and data on-premises for latency, residency, or regulatory reasons.<\/p>\n\n\n\n<p>In simple terms: <strong>Oracle delivers cloud hardware to your site, Oracle operates it as a cloud, and your teams consume it like Oracle Cloud\u2014but the servers are physically in your building<\/strong>.<\/p>\n\n\n\n<p>Technically, <strong>Cloud at Customer Gen1<\/strong> is an on-premises cloud platform delivered as an engineered system (hardware + software + operations processes) that exposes a defined catalog of Oracle Cloud services through cloud-style interfaces. Oracle is typically responsible for infrastructure lifecycle (patching, break\/fix, capacity planning according to contract), while the customer controls tenants\/projects, workloads, identities, network segmentation, and application operations.<\/p>\n\n\n\n<p>It solves a very specific problem: <strong>how to get cloud-like agility and standardization when you cannot (or should not) move certain systems to a public cloud region<\/strong>\u2014without building and operating a full private cloud stack yourself.<\/p>\n\n\n\n<blockquote>\n<p>Important status note (read first): Oracle has evolved its \u201cCloud@Customer\u201d portfolio over time. In many environments, <strong>Cloud at Customer Gen1<\/strong> is considered a legacy\/earlier generation offering relative to newer OCI-based Cloud@Customer services (for example, <strong>Compute Cloud@Customer<\/strong> and <strong>Exadata Cloud@Customer<\/strong>). Availability for new purchases, service catalog, console\/CLI experience, and integrations can vary by contract and deployment vintage. <strong>Verify the current status and exact capabilities for your tenancy in official Oracle documentation and with Oracle support\/sales.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Cloud at Customer Gen1?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>The purpose of <strong>Cloud at Customer Gen1<\/strong> is to provide <strong>Oracle Cloud services delivered on-premises<\/strong>\u2014allowing customers to meet data locality, latency, and compliance needs while still adopting a cloud consumption model.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities (high-level)<\/h3>\n\n\n\n<p>Capabilities depend on what Oracle provisioned for your site and what your contract includes, but commonly center around:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>On-premises cloud infrastructure<\/strong> (compute, networking, storage) operated in a standardized way  <\/li>\n<li><strong>Self-service provisioning<\/strong> of cloud resources through a console and\/or APIs  <\/li>\n<li><strong>Tenant\/project-style isolation<\/strong> so multiple teams can share the platform  <\/li>\n<li><strong>Metering and subscription-based consumption<\/strong> (contract-defined)  <\/li>\n<li><strong>Oracle-operated infrastructure lifecycle<\/strong> (patching\/break-fix per contract)<\/li>\n<\/ul>\n\n\n\n<p>Because Cloud at Customer Gen1 is an on-prem deployed service, the exact \u201cservice catalog\u201d is not always identical to what is available in a public Oracle Cloud region. <strong>Verify in official docs<\/strong> which services and limits apply to your specific Cloud at Customer Gen1 installation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Major components<\/h3>\n\n\n\n<p>A typical Cloud at Customer Gen1 deployment includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>On-prem hardware footprint<\/strong> (racked systems in customer facility)<\/li>\n<li><strong>Virtualization \/ cloud control plane<\/strong> (management services that expose APIs\/console)<\/li>\n<li><strong>Network integration<\/strong> into the customer\u2019s LAN\/WAN (routing, firewall, DNS, NTP)<\/li>\n<li><strong>Identity integration<\/strong> (often federated with enterprise IdP)<\/li>\n<li><strong>Operations tooling<\/strong> (monitoring\/alerts\/logging, plus Oracle support access paths)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Type:<\/strong> On-premises managed cloud service (Oracle-managed infrastructure, customer-managed workloads)<\/li>\n<li><strong>Delivery model:<\/strong> Engineered system installed at customer site<\/li>\n<li><strong>Consumption model:<\/strong> Subscription\/contract, typically capacity-based plus service terms<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (how you should think about it)<\/h3>\n\n\n\n<p>Cloud at Customer Gen1 is not \u201cregional\u201d in the public-cloud sense; it is <strong>site-scoped<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Site-scoped:<\/strong> The platform is deployed to a specific data center location (or a pair, depending on contract).<\/li>\n<li><strong>Tenant\/account scoped:<\/strong> Access is usually controlled through an Oracle Cloud account\/tenant model.<\/li>\n<li><strong>Network-scoped:<\/strong> All traffic is within your site unless you explicitly connect it to other networks or to Oracle Cloud services.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>Cloud at Customer Gen1 is part of Oracle Cloud\u2019s \u201cOther Services\u201d category because it is primarily a <strong>delivery and operating model<\/strong> for cloud services rather than a single discrete service like object storage or a database. It is most often used to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep sensitive\/regulated workloads on-prem while adopting Oracle Cloud patterns<\/li>\n<li>Provide a stepping stone for modernization and cloud operating model adoption<\/li>\n<li>Integrate with Oracle\u2019s broader cloud portfolio (where supported), such as identity federation, monitoring, and hybrid networking<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Cloud at Customer Gen1?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data residency and sovereignty:<\/strong> Keep data physically within a specific facility\/country boundary.<\/li>\n<li><strong>Regulatory compliance:<\/strong> Support regulated workloads that cannot move to a public cloud region.<\/li>\n<li><strong>Risk management:<\/strong> Reduce dependency on WAN connectivity for mission-critical systems.<\/li>\n<li><strong>Contracting and procurement alignment:<\/strong> Some enterprises prefer cap\/term-based on-prem contracts instead of pure usage-based public cloud.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Low latency:<\/strong> Place compute close to factory floors, trading systems, hospital systems, or other latency-sensitive environments.<\/li>\n<li><strong>Predictable performance:<\/strong> Dedicated on-prem footprint reduces noisy-neighbor effects common in shared public regions (though multi-tenant internal contention still exists).<\/li>\n<li><strong>Hybrid architecture enablement:<\/strong> Keep \u201csystem of record\u201d on-prem while integrating with cloud-native services where allowed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Oracle-managed infrastructure:<\/strong> Offload portions of infrastructure lifecycle to Oracle (hardware break\/fix, patching processes\u2014contract-defined).<\/li>\n<li><strong>Standardization:<\/strong> Provide a consistent, cloud-like environment to multiple teams without building a private cloud platform from scratch.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security and compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Physical control:<\/strong> Systems remain in your facility with your physical security controls.<\/li>\n<li><strong>Network control:<\/strong> You define routing, firewalling, and segmentation in alignment with enterprise security policies.<\/li>\n<li><strong>Audit alignment:<\/strong> Logs and data can be retained on-prem to satisfy audit retention rules.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability and performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Local scaling within the footprint:<\/strong> Scale workloads without waiting for new data center builds (within contracted capacity).<\/li>\n<li><strong>Deterministic network paths:<\/strong> Internal routing can be tuned for east-west traffic and application tiers.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose Cloud at Customer Gen1 when you need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud self-service and governance <strong>on-prem<\/strong><\/li>\n<li>Strong constraints on where data can be stored\/processed<\/li>\n<li>Very low latency to on-prem systems<\/li>\n<li>A managed approach (Oracle operates infrastructure components) rather than full DIY private cloud<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid or reconsider Cloud at Customer Gen1 when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You want rapid global expansion across many geographies (public regions are better)<\/li>\n<li>Your workload is highly bursty and benefits from elastic hyperscale capacity<\/li>\n<li>You lack facility readiness (power\/cooling\/space) or cannot support on-prem footprint<\/li>\n<li>You need a broad set of modern cloud-native services not available in your Gen1 service catalog<br\/>\n  (In this case, consider newer Oracle Cloud@Customer offerings or Oracle Cloud regions.)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Cloud at Customer Gen1 used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<p>Cloud at Customer Gen1 tends to appear in industries with strict compliance and operational constraints:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Financial services (trading, risk, payments)<\/li>\n<li>Government \/ public sector<\/li>\n<li>Defense and controlled environments<\/li>\n<li>Healthcare (patient data systems, imaging)<\/li>\n<li>Telecommunications (network functions, OSS\/BSS)<\/li>\n<li>Manufacturing (plant-floor systems and OT integration)<\/li>\n<li>Energy and utilities (SCADA-adjacent data processing)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams offering internal cloud platforms<\/li>\n<li>Enterprise infrastructure teams modernizing data centers<\/li>\n<li>Security engineering teams enforcing locality controls<\/li>\n<li>SRE\/operations teams needing deterministic performance<\/li>\n<li>DevOps teams modernizing CI\/CD for on-prem workloads<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Line-of-business applications with strict data locality<\/li>\n<li>Databases and middleware stacks that must stay on-prem (verify supported service catalog)<\/li>\n<li>Legacy apps being containerized\/modernized (depending on platform capabilities)<\/li>\n<li>Batch processing where data gravity remains on-prem<\/li>\n<li>Latency-sensitive APIs and analytics near data sources<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Three-tier application stacks entirely on-prem (web\/app\/db)<\/li>\n<li>Hybrid: on-prem data tier with integration to external services<\/li>\n<li>Shared internal cloud for multiple business units with segmentation<\/li>\n<li>\u201cLanding zone\u201d pattern with standardized network\/IAM\/tagging<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A primary data center with a Cloud at Customer Gen1 footprint and enterprise WAN integration<\/li>\n<li>A regulated site where data must never leave the facility<\/li>\n<li>A modernization program that cannot move to public cloud within the project timeline<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production:<\/strong> common for regulated, latency-sensitive, or data-gravity workloads<\/li>\n<li><strong>Dev\/test:<\/strong> used when dev\/test must mirror production locality and controls, or when external connectivity is limited<br\/>\n  (But many organizations keep dev\/test in public cloud and reserve on-prem cloud capacity for production.)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Cloud at Customer Gen1 can fit. Because on-prem catalogs differ by installation, treat service references as conceptual and <strong>verify in official docs<\/strong> what your Gen1 environment supports.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Regulated data processing on-prem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Data cannot leave a controlled facility due to regulation.<\/li>\n<li><strong>Why Cloud at Customer Gen1 fits:<\/strong> Provides cloud-style provisioning while keeping data physically on-prem.<\/li>\n<li><strong>Example:<\/strong> A government agency processes citizen records in an on-prem cloud environment with strict network isolation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Low-latency apps tied to on-prem systems<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Applications depend on millisecond-level latency to local systems (OT\/legacy\/mainframe gateways).<\/li>\n<li><strong>Why it fits:<\/strong> Compute runs in the same facility; network paths are local.<\/li>\n<li><strong>Example:<\/strong> A manufacturing execution system (MES) consumes sensor data and controls line equipment without WAN hops.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Cloud operating model for internal teams (private cloud alternative)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams need self-service, but IT cannot operate a full private cloud stack.<\/li>\n<li><strong>Why it fits:<\/strong> Oracle manages the underlying platform lifecycle (per contract).<\/li>\n<li><strong>Example:<\/strong> A large enterprise offers an internal portal\/API for provisioning standardized VM stacks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Data gravity: analytics near on-prem data stores<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Moving petabytes of data to public cloud is slow, expensive, or prohibited.<\/li>\n<li><strong>Why it fits:<\/strong> Run compute near existing datasets.<\/li>\n<li><strong>Example:<\/strong> Telecom CDR analytics runs on-prem where raw data is generated and stored.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Compliance-driven isolation and audit retention<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Audit requires logs and sensitive datasets to remain within a facility for a fixed period.<\/li>\n<li><strong>Why it fits:<\/strong> On-prem storage and logging retention can remain under local control.<\/li>\n<li><strong>Example:<\/strong> A bank retains security logs and database audit trails on-prem for multi-year retention.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Modernization bridge for legacy Oracle estates<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Organization wants to modernize but cannot move core systems to public cloud yet.<\/li>\n<li><strong>Why it fits:<\/strong> Enables standardization and automation on-prem while planning future migration.<\/li>\n<li><strong>Example:<\/strong> A retailer modernizes deployment pipelines and infrastructure-as-code around on-prem cloud resources first.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Edge-adjacent workloads (but not full edge)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Needs local processing in a plant or controlled campus.<\/li>\n<li><strong>Why it fits:<\/strong> Provides a managed on-prem cloud footprint (though not as small as true edge devices).<\/li>\n<li><strong>Example:<\/strong> A utility runs forecasting workloads close to SCADA data collection systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Dedicated platform for shared services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Shared services (identity brokers, integration gateways) need stable, dedicated infrastructure.<\/li>\n<li><strong>Why it fits:<\/strong> Provides standardized VM\/networking, controlled change windows.<\/li>\n<li><strong>Example:<\/strong> An enterprise runs API gateways and integration brokers on Cloud at Customer Gen1 for internal consumption.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Disaster recovery preparation with locality controls<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Need DR plans that keep replicas on-prem and within compliance boundaries.<\/li>\n<li><strong>Why it fits:<\/strong> Supports on-prem architecture patterns; DR can be designed within permitted boundaries.<\/li>\n<li><strong>Example:<\/strong> A healthcare provider uses a second controlled site for DR (subject to contract and design).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Security-constrained environments with restricted internet access<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Site cannot allow outbound internet for production systems.<\/li>\n<li><strong>Why it fits:<\/strong> On-prem control plane and local network controls can operate in restricted mode (implementation-specific).<\/li>\n<li><strong>Example:<\/strong> A defense contractor runs workloads in a segmented environment with strict egress control.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Standardized \u201clanding zone\u201d for multiple business units<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Multiple teams need isolated environments with shared governance.<\/li>\n<li><strong>Why it fits:<\/strong> Tenant\/project and network segmentation support internal multi-tenancy.<\/li>\n<li><strong>Example:<\/strong> A conglomerate creates separate compartments\/projects for each subsidiary with consistent tagging and policy.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Predictable cost model for fixed-capacity needs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Finance prefers predictable subscription costs rather than variable public-cloud spend.<\/li>\n<li><strong>Why it fits:<\/strong> On-prem capacity and term contracts can improve predictability.<\/li>\n<li><strong>Example:<\/strong> A public institution budgets annual spend for on-prem cloud capacity for fixed workloads.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Because Cloud at Customer Gen1 is delivered as an on-prem system, \u201cfeatures\u201d often combine platform capabilities and operational model. Exact feature availability is deployment- and contract-dependent. The items below reflect commonly expected characteristics; <strong>verify in official docs<\/strong> for your environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) On-premises deployment of Oracle Cloud services<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Runs Oracle-provided cloud infrastructure within your data center.<\/li>\n<li><strong>Why it matters:<\/strong> Meets locality and latency requirements.<\/li>\n<li><strong>Practical benefit:<\/strong> Keep regulated data on-prem without giving up cloud-style provisioning.<\/li>\n<li><strong>Caveats:<\/strong> Capacity is limited to installed footprint; expansion requires procurement and delivery lead time.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Oracle-managed infrastructure operations (contract-defined)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Oracle handles certain lifecycle tasks (hardware break\/fix, platform patching, platform health checks).<\/li>\n<li><strong>Why it matters:<\/strong> Reduces operational burden compared to DIY private cloud.<\/li>\n<li><strong>Practical benefit:<\/strong> Platform team focuses more on app enablement than on low-level hardware maintenance.<\/li>\n<li><strong>Caveats:<\/strong> Patch windows and operational responsibilities are governed by contract and change management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Self-service provisioning via console and APIs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Enables users to create\/manage cloud resources using a UI and\/or programmatic interfaces.<\/li>\n<li><strong>Why it matters:<\/strong> Enables DevOps automation and faster delivery.<\/li>\n<li><strong>Practical benefit:<\/strong> Repeatable provisioning and standardized environments.<\/li>\n<li><strong>Caveats:<\/strong> API compatibility may differ from OCI public regions (Gen1 vs Gen2 differences). Verify tooling support.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Tenant\/project-style isolation and governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Separates resources by organizational boundaries.<\/li>\n<li><strong>Why it matters:<\/strong> Enables safe multi-team sharing.<\/li>\n<li><strong>Practical benefit:<\/strong> Delegated administration with guardrails.<\/li>\n<li><strong>Caveats:<\/strong> Governance model depends on identity integration and the platform\u2019s IAM constructs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Network segmentation and security controls<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Supports isolated networks\/subnets and security rules to control east-west and north-south traffic.<\/li>\n<li><strong>Why it matters:<\/strong> Segmentation is foundational for compliance and secure architectures.<\/li>\n<li><strong>Practical benefit:<\/strong> Build multi-tier architectures with controlled traffic flows.<\/li>\n<li><strong>Caveats:<\/strong> Feature names and constructs vary by Gen1 platform version; coordinate with network\/security teams.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Metering\/usage reporting (subscription consumption)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Tracks consumption against contracted capacity or metered usage depending on agreement.<\/li>\n<li><strong>Why it matters:<\/strong> Enables chargeback\/showback and capacity planning.<\/li>\n<li><strong>Practical benefit:<\/strong> Helps internal platform teams allocate costs to business units.<\/li>\n<li><strong>Caveats:<\/strong> Metering granularity and export options vary; confirm reporting capabilities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Integration with enterprise identity (federation)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Allows centralized authentication\/authorization patterns (for example, SSO).<\/li>\n<li><strong>Why it matters:<\/strong> Reduces credential sprawl and improves auditability.<\/li>\n<li><strong>Practical benefit:<\/strong> Joiners\/movers\/leavers processes align with corporate identity governance.<\/li>\n<li><strong>Caveats:<\/strong> Federation methods vary; validate supported IdPs and protocols.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Support and escalation path with Oracle<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provides vendor support for the platform (hardware\/software) via Oracle support processes.<\/li>\n<li><strong>Why it matters:<\/strong> Critical for on-prem managed services\u2014especially incidents and patching.<\/li>\n<li><strong>Practical benefit:<\/strong> Clear ownership for platform-level issues.<\/li>\n<li><strong>Caveats:<\/strong> Ensure your RACI is documented: what Oracle supports vs what your team owns.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Hybrid connectivity patterns (environment-dependent)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Enables connectivity to other on-prem sites or (where supported) to Oracle Cloud services\/regions.<\/li>\n<li><strong>Why it matters:<\/strong> Most enterprises are hybrid.<\/li>\n<li><strong>Practical benefit:<\/strong> Integrate on-prem cloud workloads with external services (CI\/CD, logging, backup, identity).<\/li>\n<li><strong>Caveats:<\/strong> Connectivity patterns (VPN, private circuits) and supported endpoints are contract and design specific.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>Cloud at Customer Gen1 can be understood as three planes:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Data plane:<\/strong> Where your workloads run (VMs\/instances, storage, virtual networks).<\/li>\n<li><strong>Control plane:<\/strong> APIs, console, orchestration, IAM enforcement, metering.<\/li>\n<li><strong>Operations plane:<\/strong> Monitoring, logging, patching, hardware management, support access paths.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (typical)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A user or pipeline authenticates to the Cloud at Customer Gen1 console\/API endpoint.<\/li>\n<li>IAM policies\/roles determine what actions are allowed.<\/li>\n<li>The control plane schedules provisioning actions (create instance, attach volume, configure network rules).<\/li>\n<li>The data plane executes: compute hosts allocate CPU\/RAM, storage allocates volumes, networking programs virtual switches\/routers.<\/li>\n<li>Operational telemetry (health, metrics, logs) is captured by platform tooling and, if configured, forwarded to enterprise monitoring\/SIEM.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services (common patterns)<\/h3>\n\n\n\n<p>Integrations vary widely, but common enterprise patterns include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Identity provider (IdP):<\/strong> SSO using enterprise identity<\/li>\n<li><strong>DNS\/NTP:<\/strong> Corporate DNS and time services<\/li>\n<li><strong>Enterprise monitoring:<\/strong> Central monitoring\/SIEM (syslog forwarders, agents, log collectors)<\/li>\n<li><strong>CI\/CD:<\/strong> Build systems deploying to on-prem endpoints<\/li>\n<li><strong>ITSM:<\/strong> Change\/incident workflows tied to platform operations<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>A production Cloud at Customer Gen1 environment depends on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Facility readiness (power, cooling, rack space)<\/li>\n<li>LAN\/WAN connectivity and routing<\/li>\n<li>Firewall rules and security zones<\/li>\n<li>IP addressing plan and DNS<\/li>\n<li>Identity integration<\/li>\n<li>Oracle support connectivity method (implementation-specific)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authenticate via local identity store or federated enterprise identity (implementation-specific)<\/li>\n<li>Authorize actions via roles\/policies scoped to tenant\/project boundaries<\/li>\n<li>Audit user and API activity for governance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>One or more <strong>virtual networks<\/strong> with subnets mapped to security zones<\/li>\n<li>Security rules controlling ingress\/egress between subnets and to external networks<\/li>\n<li>North-south connectivity through enterprise firewalls<\/li>\n<li>Optional connectivity to other sites or Oracle Cloud (where supported)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define <strong>platform SLOs<\/strong> and incident processes: what is Oracle-owned vs customer-owned<\/li>\n<li>Centralize logs into a SIEM and align retention with compliance rules<\/li>\n<li>Monitor capacity: compute, storage, IP pools<\/li>\n<li>Standardize tags\/labels for cost allocation and ownership<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[Users \/ CI-CD] --&gt;|SSO\/API| CP[Cloud at Customer Gen1\\nControl Plane (on-prem)]\n  CP --&gt; DP[Data Plane: Compute\/Storage\/Network\\n(on-prem)]\n  DP --&gt; APP[Applications\/Workloads]\n  DP --&gt;|Logs\/Metrics| MON[Monitoring &amp; Logging\\n(on-prem or integrated)]\n  CP --&gt;|Metering\/Reports| FIN[Chargeback\/Showback]\n  DP &lt;--&gt;|LAN\/WAN| NET[Enterprise Network\\n(FW\/DNS\/NTP)]\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph DC[Customer Data Center]\n    subgraph SECZ[Security Zones]\n      subgraph DMZ[DMZ Subnet]\n        LB[Load Balancer \/ Reverse Proxy\\n(customer-managed)]\n      end\n      subgraph APPZ[App Subnet]\n        APP1[App Instances]\n        APP2[App Instances]\n      end\n      subgraph DATAZ[Data Subnet]\n        DB[(Database \/ Data Stores\\n(as supported))]\n        VOL[Block\/Local Storage\\n(as supported)]\n      end\n    end\n\n    subgraph CACC[Cloud at Customer Gen1 Platform]\n      CP2[Control Plane APIs &amp; Console]\n      IAM[IAM \/ Federation Endpoint\\n(implementation-specific)]\n      OPS[Ops Tooling: Monitoring\/Logging\\n+ Oracle Support Channel]\n      HV[Compute Hosts \/ Hypervisors]\n      VNET[Virtual Networking\\n(subnets, routing, security rules)]\n      CP2 --&gt; HV\n      CP2 --&gt; VNET\n      HV --&gt; APP1\n      HV --&gt; APP2\n      VOL --&gt; APP1\n      VOL --&gt; APP2\n      DB --- VOL\n    end\n\n    NET2[Enterprise FW\/Router\/DNS\/NTP]\n  end\n\n  USERS[Corporate Users &amp; CI\/CD Runners] --&gt; NET2 --&gt; CP2\n  USERS --&gt; NET2 --&gt; LB\n  LB --&gt; APP1\n  LB --&gt; APP2\n  APP1 --&gt; DB\n  APP2 --&gt; DB\n  OPS --&gt; SIEM[Central SIEM \/ Log Lake\\n(optional)]\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Because Cloud at Customer Gen1 is installed on customer premises and typically sold via contract, prerequisites are more about organizational readiness than clicking \u201cSign up\u201d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/subscription\/tenancy requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud<\/strong> contract covering <strong>Cloud at Customer Gen1<\/strong><\/li>\n<li>A provisioned environment (hardware installed and commissioned)<\/li>\n<li>A tenant\/account and administrative access model established by Oracle and your organization<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You typically need (names vary by deployment):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A platform administrator role to:<\/li>\n<li>Create projects\/tenants\/compartments (as applicable)<\/li>\n<li>Manage networks\/subnets\/security rules<\/li>\n<li>Create and manage compute resources<\/li>\n<li>A security admin\/auditor role to:<\/li>\n<li>View audit logs<\/li>\n<li>Configure log forwarding (if supported)<\/li>\n<li>A billing\/finance role to:<\/li>\n<li>Access usage\/metering reports<\/li>\n<\/ul>\n\n\n\n<p><strong>Verify in official docs<\/strong> the exact IAM roles and policy constructs for Cloud at Customer Gen1.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud at Customer Gen1 is generally <strong>not<\/strong> a click-to-enable pay-as-you-go service.<\/li>\n<li>Expect a negotiated contract that covers:<\/li>\n<li>Hardware footprint and term<\/li>\n<li>Operational responsibilities<\/li>\n<li>Support levels<\/li>\n<li>Expansion terms<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed<\/h3>\n\n\n\n<p>Tooling differs by generation and deployment. Common needs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSH client for instance access<\/li>\n<li>Enterprise certificate tools (if TLS interception\/corporate PKI is involved)<\/li>\n<li>Infrastructure automation tooling used by your org (Ansible, Terraform, etc.), <strong>if supported<\/strong><\/li>\n<li>Oracle-provided console\/API endpoint access<\/li>\n<\/ul>\n\n\n\n<blockquote>\n<p>If you plan to use Terraform\/CLI, first confirm that your Cloud at Customer Gen1 environment supports the same providers and endpoints as OCI public regions. If not, use the supported APIs\/tools documented for Gen1.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud at Customer Gen1 is <strong>site-specific<\/strong>, not region-specific.<\/li>\n<li>Availability depends on Oracle sales and delivery in your geography and the current product status. <strong>Verify with Oracle<\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<p>Expect limits around:\n&#8211; Total compute capacity (cores\/RAM)\n&#8211; Storage capacity (block\/object as available)\n&#8211; IP address pools \/ VLANs \/ subnet counts\n&#8211; Maximum instances per project\n&#8211; API rate limits<\/p>\n\n\n\n<p>Exact quotas are <strong>deployment-specific<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>Usually required in the customer environment:\n&#8211; DNS and NTP sources\n&#8211; IP plan and routing\n&#8211; Firewall rules (north-south and management)\n&#8211; Identity federation readiness (optional but recommended)\n&#8211; A monitoring\/logging strategy (on-prem collectors or integrations)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Cloud at Customer Gen1 pricing is usually <strong>contractual and negotiated<\/strong>, not a simple public price-per-hour page. The most accurate sources are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle pricing entry points: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n<li>Oracle Sales \/ your Oracle account team (for Cloud@Customer contract SKUs)<\/li>\n<li>Your ordering documents and service descriptions (authoritative for what you purchased)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical for on-prem managed cloud)<\/h3>\n\n\n\n<p>While exact SKUs vary, Cloud at Customer Gen1 cost is commonly shaped by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Installed capacity<\/strong> (compute and storage footprint)<\/li>\n<li><strong>Subscription term length<\/strong><\/li>\n<li><strong>Support level and operational scope<\/strong><\/li>\n<li><strong>Expansion options<\/strong> (adding racks\/nodes\/storage shelves)<\/li>\n<li><strong>Optional services<\/strong> (connectivity, additional environments, specialized compliance)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud at Customer Gen1 typically <strong>does not<\/strong> align with Oracle Cloud Free Tier due to on-prem hardware delivery.<br\/>\n  (Free tier may still apply to some public Oracle Cloud services you integrate with, but not to the on-prem appliance itself.)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Primary cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Capacity you must provision upfront:<\/strong> Unlike public cloud elasticity, you pay for (or commit to) an on-prem footprint.<\/li>\n<li><strong>Environment count:<\/strong> Dev\/test + staging + prod footprints can multiply cost if physically separated.<\/li>\n<li><strong>High availability requirements:<\/strong> Redundancy across rooms\/sites affects footprint.<\/li>\n<li><strong>Support and operational scope:<\/strong> The more Oracle manages, the higher the service component may be.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs (don\u2019t miss these)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Facilities:<\/strong> rack space, power, cooling, and possibly raised-floor requirements<\/li>\n<li><strong>Network:<\/strong> switches\/ports, firewall capacity, load balancers, cabling<\/li>\n<li><strong>People\/process:<\/strong> change management, incident management, patch coordination<\/li>\n<li><strong>Security:<\/strong> SIEM ingest\/storage costs, vulnerability scanning, endpoint protection agents<\/li>\n<li><strong>Backup\/DR:<\/strong> off-platform backup storage or secondary site costs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Internal (on-prem) traffic is typically not \u201cmetered\u201d like public cloud egress, but you still pay for:<\/li>\n<li>WAN circuits<\/li>\n<li>Firewall throughput licensing<\/li>\n<li>Load balancer capacity<\/li>\n<li>If you integrate with public Oracle Cloud services, your WAN\/provider costs and any public-cloud network charges may apply. <strong>Verify with Oracle<\/strong> for any specific interconnect billing.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Storage\/compute\/API factors<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If your contract includes metering, costs may correlate to:<\/li>\n<li>number of vCPUs\/cores allocated<\/li>\n<li>storage GB provisioned<\/li>\n<li>snapshots\/backups retained<\/li>\n<li>If your contract is fixed-capacity, costs correlate to:<\/li>\n<li>committed footprint regardless of utilization (underutilization becomes the \u201ccost\u201d)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Right-size environments:<\/strong> Don\u2019t mirror production footprint for dev\/test unless required.<\/li>\n<li><strong>Implement cleanup automation:<\/strong> Stop\/delete non-production instances and reclaim storage.<\/li>\n<li><strong>Tag for ownership:<\/strong> Enforce owner\/cost-center tags and implement chargeback\/showback.<\/li>\n<li><strong>Capacity governance:<\/strong> Set quotas per team\/project to avoid resource hoarding.<\/li>\n<li><strong>Plan expansions carefully:<\/strong> Align expansion lead time with roadmap; avoid emergency expansions.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (conceptual)<\/h3>\n\n\n\n<p>Because exact prices are negotiated, a \u201cstarter estimate\u201d should be framed as a method:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Identify minimum footprint for:\n   &#8211; baseline management overhead\n   &#8211; one non-prod environment\n   &#8211; one small prod workload<\/li>\n<li>Add facilities and network costs.<\/li>\n<li>Add operational staffing and monitoring\/SIEM costs.<\/li>\n<li>Compare against a public Oracle Cloud region equivalent for the same workload profile.<\/li>\n<\/ol>\n\n\n\n<p><strong>Do not assume<\/strong> you can start at a tiny monthly spend; on-prem managed cloud usually has a meaningful minimum commitment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations (conceptual)<\/h3>\n\n\n\n<p>For production, include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>N+1 capacity overhead<\/li>\n<li>Security zone separation and firewall throughput<\/li>\n<li>Log retention and SIEM indexing costs<\/li>\n<li>Backup storage and restore testing<\/li>\n<li>DR approach (secondary site vs other method)<\/li>\n<li>Patch windows and change overhead (time cost)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab is designed to be <strong>realistic and executable<\/strong> in a Cloud at Customer Gen1 environment, but it cannot be \u201cone-click\u201d like a public cloud lab because Cloud at Customer Gen1 requires an on-prem installation and account provisioning.<\/p>\n\n\n\n<p>To keep the lab practical, we\u2019ll focus on a universal pattern that exists across most cloud platforms: <strong>provision a small compute instance, restrict network access, connect via SSH, attach\/mount storage (if available), and validate<\/strong>.<\/p>\n\n\n\n<blockquote>\n<p>Console and API labels vary across Cloud at Customer Gen1 deployments and vintages. Where names differ, use the closest equivalent in your environment and <strong>verify in official docs<\/strong> for your specific console.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Provision a small Linux instance on <strong>Cloud at Customer Gen1<\/strong>, secure it with least-privilege network rules, connect via SSH, optionally attach a block volume (if supported), and validate access and basic operations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Confirm access to the Cloud at Customer Gen1 console\/API endpoint.<\/li>\n<li>Create or select a project\/compartment (as applicable).<\/li>\n<li>Create a network\/subnet and a minimal SSH-only security rule.<\/li>\n<li>Launch a Linux instance.<\/li>\n<li>Connect via SSH and harden basic access.<\/li>\n<li>(Optional) Attach and mount a block volume.<\/li>\n<li>Validate network and storage.<\/li>\n<li>Clean up resources.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Confirm access and identify your environment endpoints<\/h3>\n\n\n\n<p><strong>What you do<\/strong>\n1. Obtain from your platform administrator:\n   &#8211; Cloud at Customer Gen1 console URL\n   &#8211; API endpoint (if you will automate)\n   &#8211; Your user credentials or SSO instructions\n   &#8211; Your assigned project\/tenant\/compartment\n2. Log in to the console.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You can access the Cloud at Customer Gen1 console and view at least one landing page listing services\/resources.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm you can reach the console URL from your workstation network.\n&#8211; Confirm your user is shown in the profile menu and you can see your assigned scope.<\/p>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; If the console is not reachable: check VPN, firewall rules, DNS resolution, and whether the console is only accessible from a management subnet.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a project\/compartment (or select an existing one)<\/h3>\n\n\n\n<p><strong>What you do<\/strong>\n&#8211; If your organization uses compartments\/projects:\n  1. Create a new one for this lab, for example:\n     &#8211; Name: <code>lab-cacc-gen1<\/code>\n     &#8211; Description: <code>Hands-on lab resources<\/code>\n  2. Apply required tags\/labels (owner, cost center, environment).<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A dedicated scope exists where you can safely create and delete resources.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Navigate to the scope and confirm it is selected as the active context.<\/p>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; Permission denied: request a role that allows creating projects\/compartments, or ask an admin to create it for you.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a subnet and a minimal SSH security rule<\/h3>\n\n\n\n<p>This step enforces a key operational habit: <strong>never expose SSH to the entire corporate network (or worse, the internet)<\/strong> unless required.<\/p>\n\n\n\n<p><strong>What you do<\/strong>\n1. Navigate to the networking section (often \u201cNetworking\u201d, \u201cVirtual Networks\u201d, or similar).\n2. Create a network (if required) and a subnet:\n   &#8211; Network name: <code>lab-net<\/code>\n   &#8211; Subnet name: <code>lab-subnet<\/code>\n   &#8211; CIDR: choose an unused range in your enterprise IP plan (for example <code>10.50.10.0\/24<\/code>)\n3. Create security rules (security list \/ security group \/ firewall rules\u2014terms vary):\n   &#8211; Inbound: TCP 22 (SSH) from <strong>your workstation IP<\/strong> (recommended) or a small admin subnet\n   &#8211; Outbound: allow required egress to OS package repositories <strong>only if your policy permits<\/strong> (in restricted environments, use internal mirrors)<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; A subnet exists and has security rules that only allow SSH from approved sources.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm the security rule shows the correct source CIDR and port.\n&#8211; Confirm no broad <code>0.0.0.0\/0<\/code> inbound SSH rule exists.<\/p>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; Can\u2019t choose CIDR due to overlap: coordinate with network team; use an approved address block.\n&#8211; SSH blocked by enterprise firewall: request a rule from your workstation to the subnet.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Generate an SSH key pair (client-side)<\/h3>\n\n\n\n<p>On your workstation:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh-keygen -t ed25519 -C \"cacc-gen1-lab\" -f ~\/.ssh\/cacc_gen1_lab\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You have:\n  &#8211; Private key: <code>~\/.ssh\/cacc_gen1_lab<\/code>\n  &#8211; Public key: <code>~\/.ssh\/cacc_gen1_lab.pub<\/code><\/p>\n\n\n\n<p><strong>Verification<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">ls -l ~\/.ssh\/cacc_gen1_lab*\ncat ~\/.ssh\/cacc_gen1_lab.pub\n<\/code><\/pre>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; Permission warnings later: ensure your private key is not group\/world readable:<\/p>\n\n\n\n<pre><code class=\"language-bash\">chmod 600 ~\/.ssh\/cacc_gen1_lab\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Launch a small Linux compute instance<\/h3>\n\n\n\n<p><strong>What you do<\/strong>\n1. Go to Compute (or Instances\/VMs).\n2. Click Create Instance.\n3. Choose:\n   &#8211; Name: <code>lab-vm-1<\/code>\n   &#8211; Image: a supported Linux image (Oracle Linux or another supported distro)\n   &#8211; Shape\/flavor: smallest allowed for your environment (to reduce capacity use)\n   &#8211; Network: <code>lab-net<\/code> \/ <code>lab-subnet<\/code>\n   &#8211; SSH public key: paste contents of <code>~\/.ssh\/cacc_gen1_lab.pub<\/code>\n4. Create the instance.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Instance transitions to a \u201cRunning\u201d state.\n&#8211; You receive a private IP (and possibly no public IP, depending on design).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; From the instance details page, capture:\n  &#8211; Private IP address (e.g., <code>10.50.10.25<\/code>)\n  &#8211; Username for the image (often <code>opc<\/code>, <code>oracle<\/code>, or distro-specific\u2014<strong>verify in image docs<\/strong>)<\/p>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; Insufficient capacity\/quota: request quota increase or use a smaller shape.\n&#8211; Image not available: your Gen1 catalog may be limited; choose an approved image.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Connect to the instance via SSH<\/h3>\n\n\n\n<p>If your instance only has a private IP, ensure your workstation is on the right network\/VPN or use a bastion host (preferred in enterprise designs).<\/p>\n\n\n\n<p>SSH:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i ~\/.ssh\/cacc_gen1_lab &lt;username&gt;@&lt;private-ip&gt;\n<\/code><\/pre>\n\n\n\n<p>Example:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i ~\/.ssh\/cacc_gen1_lab opc@10.50.10.25\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; You get a shell prompt on the VM.<\/p>\n\n\n\n<p><strong>Verification<\/strong>\nRun:<\/p>\n\n\n\n<pre><code class=\"language-bash\">hostname\nuname -a\nip addr\n<\/code><\/pre>\n\n\n\n<p><strong>Common issues and fixes<\/strong>\n&#8211; <code>Permission denied (publickey)<\/code>: ensure you used the correct username and the same public key was injected at provisioning time.\n&#8211; <code>No route to host<\/code>: check subnet routing, firewall rules, VPN, and that the VM is in \u201cRunning\u201d state.\n&#8211; Timeout: check inbound rule (TCP 22) source CIDR and enterprise firewall.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Apply basic hardening on the VM (safe defaults)<\/h3>\n\n\n\n<p>On the instance:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Update packages (use your enterprise-approved method; example below assumes yum\/dnf):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">sudo dnf -y update || sudo yum -y update\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Confirm SSH settings align with policy (do not change without approval). Common checks:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">sudo ss -lntp | grep :22 || true\nsudo cat \/etc\/ssh\/sshd_config | egrep -i 'passwordauthentication|permitrootlogin' || true\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; OS is patched (or update attempt is blocked due to restricted egress, which is acceptable if you use internal repos).<\/p>\n\n\n\n<p><strong>Verification<\/strong>\n&#8211; Confirm package manager completes successfully or shows a clear policy-related error.<\/p>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; No outbound internet: configure internal repo mirrors; allow outbound to approved repositories; or use golden images.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 8 (Optional): Create, attach, and mount a block volume<\/h3>\n\n\n\n<p>Whether this is available depends on the Cloud at Customer Gen1 service catalog and what your admin enabled.<\/p>\n\n\n\n<p><strong>What you do (conceptual)<\/strong>\n1. In Storage, create a block volume:\n   &#8211; Name: <code>lab-vol-1<\/code>\n   &#8211; Size: minimum allowed (for example, 50 GB\u2014<strong>verify minimum<\/strong>)\n2. Attach it to <code>lab-vm-1<\/code> using the recommended attachment type for your platform.<\/p>\n\n\n\n<p><strong>On the VM: discover and mount<\/strong>\n1. List block devices:<\/p>\n\n\n\n<pre><code class=\"language-bash\">lsblk\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Identify the new disk (example: <code>\/dev\/sdb<\/code>). Create a filesystem:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">sudo mkfs.xfs \/dev\/sdb\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li>Create mount point and mount:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">sudo mkdir -p \/mnt\/labdata\nsudo mount \/dev\/sdb \/mnt\/labdata\ndf -h \/mnt\/labdata\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Persist mount (example using UUID):<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">sudo blkid \/dev\/sdb\n<\/code><\/pre>\n\n\n\n<p>Copy the UUID, then:<\/p>\n\n\n\n<pre><code class=\"language-bash\">echo 'UUID=&lt;your-uuid&gt; \/mnt\/labdata xfs defaults,nofail 0 2' | sudo tee -a \/etc\/fstab\nsudo mount -a\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; Volume is attached and mounted at <code>\/mnt\/labdata<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">echo \"hello from cacc gen1\" | sudo tee \/mnt\/labdata\/hello.txt\nsudo cat \/mnt\/labdata\/hello.txt\n<\/code><\/pre>\n\n\n\n<p><strong>Common issues<\/strong>\n&#8211; Volume not visible: attachment not completed, wrong device path, or requires iSCSI steps (platform-specific). <strong>Verify in official docs<\/strong> for your attachment method.\n&#8211; Filesystem command missing: install <code>xfsprogs<\/code> or use <code>ext4<\/code> if approved.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use the checklist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Console shows <code>lab-vm-1<\/code> in Running state.<\/li>\n<li>You can SSH to the VM from the approved source network.<\/li>\n<li>VM has the expected IP configuration.<\/li>\n<li>(Optional) Block volume is mounted and survives reboot.<\/li>\n<\/ul>\n\n\n\n<p>Reboot test (optional):<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo reboot\n<\/code><\/pre>\n\n\n\n<p>Then reconnect and verify:<\/p>\n\n\n\n<pre><code class=\"language-bash\">df -h | grep \/mnt\/labdata || true\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Symptom<\/th>\n<th>Likely cause<\/th>\n<th>Fix<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>SSH timeout<\/td>\n<td>Security rule or enterprise firewall blocking<\/td>\n<td>Restrictively allow TCP\/22 from your IP\/admin subnet; verify routing<\/td>\n<\/tr>\n<tr>\n<td>Permission denied (publickey)<\/td>\n<td>Wrong username or wrong key injected<\/td>\n<td>Verify image username; re-create instance with correct public key<\/td>\n<\/tr>\n<tr>\n<td>No package updates<\/td>\n<td>No outbound access or no internal repos<\/td>\n<td>Use enterprise mirrors; request egress to approved repos<\/td>\n<\/tr>\n<tr>\n<td>Volume attach fails<\/td>\n<td>Catalog limitation or wrong attachment type<\/td>\n<td>Confirm storage service availability and supported attachment method<\/td>\n<\/tr>\n<tr>\n<td>Can\u2019t create instance<\/td>\n<td>Quota\/capacity exhausted<\/td>\n<td>Use smaller shape, clean up resources, or request capacity\/quota<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid consuming scarce on-prem capacity:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Unmount and detach optional volume:\n   <code>bash\n   sudo umount \/mnt\/labdata || true<\/code><\/li>\n<li>In console:\n   &#8211; Detach and delete <code>lab-vol-1<\/code> (if created)\n   &#8211; Terminate\/delete instance <code>lab-vm-1<\/code>\n   &#8211; Delete subnet\/network <code>lab-subnet<\/code> \/ <code>lab-net<\/code> (if dedicated to the lab)\n   &#8211; Delete project\/compartment <code>lab-cacc-gen1<\/code> if created for lab use and policy allows<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>\n&#8211; No lab resources remain and capacity is reclaimed.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Design for segmentation:<\/strong> Use separate subnets\/security zones for DMZ\/app\/data tiers.<\/li>\n<li><strong>Use standardized landing zones:<\/strong> Define consistent IAM, network, logging, and tagging patterns before onboarding teams.<\/li>\n<li><strong>Plan for capacity constraints:<\/strong> Treat on-prem capacity as a finite pool; implement quotas and forecasting.<\/li>\n<li><strong>Treat the platform as cattle, workloads as pets only when necessary:<\/strong> Automate provisioning; avoid hand-crafted snowflakes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Least privilege:<\/strong> Roles should map to job functions (network admin, compute admin, auditor, developer).<\/li>\n<li><strong>Short-lived access:<\/strong> Prefer federated SSO and avoid shared accounts.<\/li>\n<li><strong>Separation of duties:<\/strong> Production network\/security changes should require elevated roles and approvals.<\/li>\n<li><strong>Audit everything:<\/strong> Ensure management-plane actions are logged and reviewed.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Chargeback\/showback:<\/strong> Allocate capacity consumption to teams; prevent resource hoarding.<\/li>\n<li><strong>Non-prod governance:<\/strong> Enforce TTL labels and scheduled cleanup.<\/li>\n<li><strong>Right-size images and shapes:<\/strong> Standardize on a small set of approved sizes.<\/li>\n<li><strong>Monitor storage growth:<\/strong> Snapshots and orphaned volumes can accumulate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Place latency-sensitive tiers close together:<\/strong> Keep app\/data tiers in the same on-prem fabric when required.<\/li>\n<li><strong>Use OS tuning and right storage classes:<\/strong> Verify performance characteristics of available storage.<\/li>\n<li><strong>Avoid chatty cross-zone traffic through firewalls:<\/strong> Design east-west flows efficiently while maintaining security.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Document RACI:<\/strong> Who handles what during incidents\u2014Oracle vs your ops team.<\/li>\n<li><strong>Backups and restore testing:<\/strong> On-prem doesn\u2019t automatically mean \u201cbacked up.\u201d<\/li>\n<li><strong>Change management:<\/strong> Coordinate platform patch windows with app maintenance windows.<\/li>\n<li><strong>Capacity headroom:<\/strong> Keep buffer capacity for failover and emergency scaling.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Centralize monitoring:<\/strong> Integrate host metrics\/logs with enterprise monitoring and SIEM.<\/li>\n<li><strong>Golden images:<\/strong> Use hardened images and configuration management.<\/li>\n<li><strong>Runbooks:<\/strong> Create runbooks for common actions (provisioning, access requests, incident triage).<\/li>\n<li><strong>Patch compliance reporting:<\/strong> Track OS and application patch levels continuously.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Naming convention:<\/strong> Include environment, app, owner, and sequence (e.g., <code>prd-payments-api-01<\/code>).<\/li>\n<li><strong>Mandatory tags:<\/strong> <code>owner<\/code>, <code>cost_center<\/code>, <code>environment<\/code>, <code>data_classification<\/code>.<\/li>\n<li><strong>Policy as code (where possible):<\/strong> Standardize network\/security baselines.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>federated identity<\/strong> (SSO) integrated with enterprise IdP.<\/li>\n<li>Avoid local user sprawl; enforce MFA where supported.<\/li>\n<li>Use role-based access with clear scoping boundaries (project\/tenant\/compartment).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>In transit:<\/strong> Require TLS for console and API endpoints. Validate certificate trust chain and rotation process.<\/li>\n<li><strong>At rest:<\/strong> Storage encryption availability depends on the storage subsystem and platform configuration. <strong>Verify in official docs<\/strong> whether encryption at rest is enabled by default and whether customer-managed keys are supported.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat Cloud at Customer Gen1 management endpoints as <strong>high-value targets<\/strong>:<\/li>\n<li>Place console\/API endpoints on management networks<\/li>\n<li>Restrict admin access by IP and strong authentication<\/li>\n<li>Use bastion\/jump hosts for SSH access to workloads<\/li>\n<li>Avoid direct inbound exposure from untrusted networks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not store secrets in instance user-data, images, or repos.<\/li>\n<li>Use your enterprise secrets manager (or an approved secrets system) and rotate credentials.<\/li>\n<li>Audit access to secrets, and scope secrets to environment and application.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure management-plane actions (create\/delete instances, modify security rules, attach volumes) are logged.<\/li>\n<li>Forward logs to a centralized, immutable store per compliance needs.<\/li>\n<li>Monitor for:<\/li>\n<li>privilege escalation attempts<\/li>\n<li>unusual provisioning spikes<\/li>\n<li>repeated failed logins<\/li>\n<li>changes to network\/security policies<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Map Cloud at Customer Gen1 controls to your compliance framework (ISO 27001, PCI DSS, HIPAA, etc.).<\/li>\n<li>Confirm:<\/li>\n<li>where logs are stored<\/li>\n<li>who has physical access<\/li>\n<li>how Oracle support access is controlled and audited<\/li>\n<li>Maintain evidence: change tickets, patch reports, vulnerability scans.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Broad SSH exposure (<code>0.0.0.0\/0<\/code>) or wide corporate ranges without justification<\/li>\n<li>Shared administrator accounts<\/li>\n<li>No central log collection<\/li>\n<li>Not defining Oracle vs customer responsibilities (gaps in incident response)<\/li>\n<li>Leaving orphaned volumes with sensitive data<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a hardened baseline:<\/li>\n<li>standard network segments<\/li>\n<li>default-deny inbound rules<\/li>\n<li>egress control aligned with policy<\/li>\n<li>Use golden images, CIS-aligned hardening (where applicable), and continuous scanning.<\/li>\n<li>Implement mandatory tagging and ownership metadata to support incident response.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Cloud at Customer Gen1 is an on-prem managed platform, you should expect differences compared to public cloud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Known limitations (common patterns)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Finite capacity:<\/strong> You cannot instantly scale beyond installed footprint.<\/li>\n<li><strong>Service catalog differences:<\/strong> Not all Oracle Cloud services may be available. <strong>Verify in official docs<\/strong> for your Gen1 version.<\/li>\n<li><strong>Expansion lead time:<\/strong> Adding capacity is procurement + shipping + install.<\/li>\n<li><strong>Change windows:<\/strong> Platform updates may require coordination with Oracle and your operations team.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hard quotas around compute, storage, networks, and projects are common.<\/li>\n<li>Some quotas may be contractual rather than self-service adjustable.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Regional constraints<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Site-specific; resiliency across regions is not inherent unless you build multi-site designs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing surprises<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Underutilization: paying for committed capacity even when idle<\/li>\n<li>Facilities and operational overhead (power\/cooling\/logging\/SIEM costs)<\/li>\n<li>DR requirements: duplicating footprint for DR is expensive<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compatibility issues<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tooling mismatch if you assume OCI public region parity.<\/li>\n<li>Image availability may be limited to approved\/hardened images.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational gotchas<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Network ownership ambiguity: enterprise firewall\/routing changes can delay provisioning.<\/li>\n<li>Patch coordination: platform and OS patch schedules must be aligned.<\/li>\n<li>Access paths for Oracle support must be designed securely and audited.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Migration challenges<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Moving from Gen1 to newer Cloud@Customer or OCI may require:<\/li>\n<li>API\/tooling changes<\/li>\n<li>network redesign<\/li>\n<li>re-creation of images and pipelines<\/li>\n<li>data migration planning<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Vendor-specific nuances<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clarify support boundaries: hardware vs hypervisor vs guest OS vs application.<\/li>\n<li>Confirm what telemetry Oracle can access and how it is governed.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Cloud at Customer Gen1 is one option in a broader landscape. The \u201cbest\u201d choice depends on whether you want Oracle-managed on-prem, which services you need, and how closely you need to match public-cloud capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud at Customer Gen1<\/strong><\/td>\n<td>Regulated\/latency-sensitive on-prem workloads needing Oracle-managed platform<\/td>\n<td>On-prem data locality, Oracle-managed infrastructure (contract-defined), cloud-like provisioning<\/td>\n<td>Finite capacity, catalog\/tooling differences vs OCI, may be legacy vs newer offerings<\/td>\n<td>You already have Gen1 installed, or your program requires this exact platform and contract<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Compute Cloud@Customer (newer)<\/strong><\/td>\n<td>OCI-style compute on-prem<\/td>\n<td>OCI-aligned experience (often), clearer forward roadmap<\/td>\n<td>Availability\/capability depends on Oracle<\/td>\n<td>When you want on-prem OCI-like compute and a newer platform direction<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Exadata Cloud@Customer<\/strong><\/td>\n<td>High-performance Oracle Database on-prem with cloud operations<\/td>\n<td>Strong DB performance, Oracle-managed Exadata ops<\/td>\n<td>Database-centric; not general-purpose for all workloads<\/td>\n<td>When the core need is Oracle Database performance + on-prem residency<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Outposts<\/strong><\/td>\n<td>AWS services on-prem<\/td>\n<td>Tight AWS integration, consistent APIs with AWS<\/td>\n<td>Service catalog constraints; vendor lock-in<\/td>\n<td>When your org is AWS-centered and needs on-prem AWS services<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Stack Hub \/ Azure Stack HCI<\/strong><\/td>\n<td>Azure-consistent on-prem\/hybrid<\/td>\n<td>Azure integration and hybrid patterns<\/td>\n<td>Complexity; service limitations<\/td>\n<td>When Microsoft ecosystem alignment is primary<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Distributed Cloud \/ Anthos (hybrid)<\/strong><\/td>\n<td>Kubernetes-centric hybrid<\/td>\n<td>Strong K8s story, multi-cloud management<\/td>\n<td>Operational complexity<\/td>\n<td>When Kubernetes is the platform and you need hybrid consistency<\/td>\n<\/tr>\n<tr>\n<td><strong>VMware Cloud Foundation (self-managed)<\/strong><\/td>\n<td>Private cloud with VMware stack<\/td>\n<td>Mature virtualization ecosystem<\/td>\n<td>You operate it; cloud-like consumption is DIY<\/td>\n<td>When you want maximum on-prem control and have VMware skills<\/td>\n<\/tr>\n<tr>\n<td><strong>OpenStack (self-managed)<\/strong><\/td>\n<td>Custom private cloud<\/td>\n<td>Flexible and open<\/td>\n<td>High operational overhead<\/td>\n<td>When you need open\/private cloud and can run a platform team<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Regulated bank workloads with strict locality<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A bank must keep certain customer and transaction datasets on-prem for regulatory reasons, but development teams need faster provisioning and standardized environments.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Cloud at Customer Gen1 provides compute\/network\/storage on-prem.<\/li>\n<li>Segmented subnets for DMZ\/app\/data with strict east-west rules.<\/li>\n<li>Federated SSO with MFA for admin access.<\/li>\n<li>Central log forwarding to the bank SIEM.<\/li>\n<li>CI\/CD deploys app tiers to on-prem instances; artifacts stored in an approved internal repo.<\/li>\n<li><strong>Why Cloud at Customer Gen1 was chosen:<\/strong><\/li>\n<li>Meets on-prem data residency requirements.<\/li>\n<li>Provides self-service provisioning with governance.<\/li>\n<li>Offloads hardware\/platform operations to Oracle per contract.<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Faster environment provisioning (hours instead of weeks)<\/li>\n<li>Improved audit posture (standardized logging and access control)<\/li>\n<li>Reduced infrastructure maintenance burden for internal teams<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: On-prem requirement due to customer contracts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small SaaS team sells into regulated customers who require the SaaS to run in the customer\u2019s facility.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Deploy application stack on Cloud at Customer Gen1 in the customer site.<\/li>\n<li>Use strict network segmentation; remote admin access only through bastion and customer VPN.<\/li>\n<li>Automated provisioning scripts for repeatable deployments.<\/li>\n<li><strong>Why Cloud at Customer Gen1 was chosen:<\/strong><\/li>\n<li>Customer contract requires on-prem deployment and data locality.<\/li>\n<li>Oracle-managed platform reduces the startup\u2019s need to operate physical infrastructure.<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Ability to meet customer on-prem requirements with a repeatable platform approach<\/li>\n<li>More predictable performance and reduced operational surprises compared to bespoke hardware builds<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Is Cloud at Customer Gen1 the same as Oracle Cloud regions?<\/strong><br\/>\n   No. Oracle Cloud regions are public cloud locations operated by Oracle. Cloud at Customer Gen1 is installed in your data center and is site-scoped.<\/p>\n<\/li>\n<li>\n<p><strong>Is Cloud at Customer Gen1 still available for new customers?<\/strong><br\/>\n   Availability can change as Oracle evolves its Cloud@Customer portfolio. <strong>Verify with Oracle sales and official documentation<\/strong> for current availability and recommended offerings.<\/p>\n<\/li>\n<li>\n<p><strong>What services are included in Cloud at Customer Gen1?<\/strong><br\/>\n   The service catalog varies by contract and deployment. <strong>Verify in official docs<\/strong> for your environment\u2019s supported services.<\/p>\n<\/li>\n<li>\n<p><strong>Who manages the infrastructure?<\/strong><br\/>\n   Typically Oracle manages platform infrastructure tasks (per contract), while customers manage workloads, data, and configurations within their allowed scope.<\/p>\n<\/li>\n<li>\n<p><strong>Can I use Terraform with Cloud at Customer Gen1?<\/strong><br\/>\n   It depends on whether Gen1 exposes compatible APIs\/providers. <strong>Verify in official docs<\/strong> and test in a non-production project.<\/p>\n<\/li>\n<li>\n<p><strong>How do I connect to instances if there\u2019s no public IP?<\/strong><br\/>\n   Use enterprise routing\/VPN and a bastion host\/jump box pattern, or access via approved management networks.<\/p>\n<\/li>\n<li>\n<p><strong>What are the biggest cost drivers?<\/strong><br\/>\n   Contracted capacity\/term, facilities (power\/cooling\/space), operational overhead, and DR\/HA requirements.<\/p>\n<\/li>\n<li>\n<p><strong>Does Cloud at Customer Gen1 provide multi-site high availability?<\/strong><br\/>\n   Not automatically. HA\/DR is an architecture you design, and it may require a second site and additional contracted capacity.<\/p>\n<\/li>\n<li>\n<p><strong>How is access audited?<\/strong><br\/>\n   Management-plane logging\/auditing should be enabled and forwarded to a centralized audit store. Exact audit features depend on the platform version\u2014<strong>verify in official docs<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>Can we keep logs entirely on-prem?<\/strong><br\/>\n   Often yes, but exact log pipelines depend on what tooling is included and your integrations.<\/p>\n<\/li>\n<li>\n<p><strong>What\u2019s the biggest operational gotcha?<\/strong><br\/>\n   Treating it like unlimited public cloud. Capacity is finite, and expansions take time.<\/p>\n<\/li>\n<li>\n<p><strong>Can Cloud at Customer Gen1 integrate with our SIEM?<\/strong><br\/>\n   Usually yes via log forwarding\/agents, but the mechanism depends on your approved tooling and platform capabilities.<\/p>\n<\/li>\n<li>\n<p><strong>Do we need an internet connection?<\/strong><br\/>\n   Many sites run with restricted egress; you may need controlled connectivity for updates\/support channels. Requirements vary\u2014<strong>verify with Oracle<\/strong>.<\/p>\n<\/li>\n<li>\n<p><strong>How do patch windows work?<\/strong><br\/>\n   Platform patching and responsibilities are contract-defined. Coordinate patch windows with application maintenance.<\/p>\n<\/li>\n<li>\n<p><strong>Should we choose Gen1 or a newer Cloud@Customer offering?<\/strong><br\/>\n   For new projects, Oracle may recommend newer OCI-aligned Cloud@Customer options. If you already run Gen1, focus on secure operations and plan an evolution path. <strong>Verify with Oracle<\/strong>.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Cloud at Customer Gen1<\/h2>\n\n\n\n<p>Because Oracle\u2019s Cloud@Customer portfolio has multiple generations and offerings, start with Oracle\u2019s Cloud@Customer hub and then follow product documentation relevant to your installed version.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official product overview<\/td>\n<td>https:\/\/www.oracle.com\/cloud\/cloud-at-customer\/<\/td>\n<td>Entry point to Oracle\u2019s Cloud@Customer portfolio and positioning<\/td>\n<\/tr>\n<tr>\n<td>Official documentation landing page<\/td>\n<td>https:\/\/docs.oracle.com\/en\/cloud\/<\/td>\n<td>Starting point to locate Cloud@Customer and related docs<\/td>\n<\/tr>\n<tr>\n<td>Official OCI documentation (context)<\/td>\n<td>https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Index.htm<\/td>\n<td>Useful for understanding OCI concepts that may apply in hybrid\/adjacent designs<\/td>\n<\/tr>\n<tr>\n<td>Official pricing entry point<\/td>\n<td>https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<td>Official pricing hub (Cloud@Customer pricing is often contract-based)<\/td>\n<\/tr>\n<tr>\n<td>Official Architecture Center<\/td>\n<td>https:\/\/www.oracle.com\/cloud\/architecture-center\/<\/td>\n<td>Reference architectures and design guidance (hybrid patterns)<\/td>\n<\/tr>\n<tr>\n<td>Official videos<\/td>\n<td>https:\/\/www.youtube.com\/@Oracle<\/td>\n<td>Oracle\u2019s official YouTube channel; search within for \u201cCloud@Customer\u201d<\/td>\n<\/tr>\n<tr>\n<td>Product pages for newer alternatives (for roadmap planning)<\/td>\n<td>https:\/\/www.oracle.com\/cloud\/exadata-cloud-at-customer\/<\/td>\n<td>Helps compare Gen1 with newer Cloud@Customer offerings<\/td>\n<\/tr>\n<tr>\n<td>Product pages for newer alternatives (for roadmap planning)<\/td>\n<td>https:\/\/www.oracle.com\/cloud\/compute-cloud-at-customer\/<\/td>\n<td>Helps evaluate OCI-aligned on-prem compute options (availability varies)<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<blockquote>\n<p>If you need the exact Cloud at Customer Gen1 admin\/user guides for your environment, use the documentation links provided in your customer support portal or from your Oracle account team, because Gen1 documentation can be version- and contract-specific.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<p>The following training providers may offer DevOps, SRE, cloud, and platform engineering curricula that can complement Oracle Cloud and on-prem cloud operations. Availability of Cloud at Customer Gen1-specific training should be <strong>checked on their websites<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams<\/td>\n<td>DevOps, CI\/CD, cloud fundamentals, automation<\/td>\n<td>check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>SCM, DevOps tooling, build\/release practices<\/td>\n<td>check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud\/ops practitioners<\/td>\n<td>Cloud operations, monitoring, governance<\/td>\n<td>check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, operations teams<\/td>\n<td>Reliability engineering, incident response, observability<\/td>\n<td>check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops\/SRE leaders, automation engineers<\/td>\n<td>AIOps concepts, event correlation, automation<\/td>\n<td>check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<p>These sites may provide trainer listings, corporate training, or independent trainer services. Verify Cloud at Customer Gen1 coverage directly with the provider.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content<\/td>\n<td>Engineers seeking practical DevOps guidance<\/td>\n<td>https:\/\/www.rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps tooling and practices<\/td>\n<td>Beginners to intermediate DevOps engineers<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps support\/training<\/td>\n<td>Teams needing short-term enablement<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and mentoring<\/td>\n<td>Ops\/DevOps teams needing hands-on help<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<p>These consultancies may help with cloud adoption, DevOps, platform engineering, and operations\u2014often relevant when deploying and governing on-prem cloud platforms.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting<\/td>\n<td>Architecture, automation, platform engineering<\/td>\n<td>Landing zone design, CI\/CD rollout, monitoring strategy<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and enablement<\/td>\n<td>Training + implementation support<\/td>\n<td>DevOps pipeline buildout, IaC practices, ops runbooks<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting<\/td>\n<td>DevOps transformations and operations<\/td>\n<td>Observability rollout, incident response processes, automation<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before this service<\/h3>\n\n\n\n<p>To work effectively with Cloud at Customer Gen1, you should understand:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Linux administration (SSH, storage, networking, systemd)<\/li>\n<li>IP networking fundamentals (subnets, routing, DNS, NAT, firewall rules)<\/li>\n<li>Identity and access management (RBAC, SSO, MFA, least privilege)<\/li>\n<li>Virtualization and basic cloud concepts (instances, images, volumes)<\/li>\n<li>Operational fundamentals (monitoring, logging, incident\/change management)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after this service<\/h3>\n\n\n\n<p>To grow beyond basic operations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure as Code (if supported): Terraform\/Ansible patterns<\/li>\n<li>Secure network architecture: segmentation, zero trust principles<\/li>\n<li>Observability engineering: metrics, logs, traces; SIEM integration<\/li>\n<li>Capacity management and FinOps: chargeback\/showback, utilization optimization<\/li>\n<li>Hybrid integration patterns: API management, message queues, private connectivity<\/li>\n<li>Migration strategy: Gen1 to newer Oracle Cloud@Customer or to Oracle Cloud regions<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud\/Platform Engineer (on-prem cloud)<\/li>\n<li>DevOps Engineer supporting regulated environments<\/li>\n<li>SRE for internal cloud platforms<\/li>\n<li>Security Engineer for cloud governance and audit<\/li>\n<li>Solutions Architect designing hybrid\/on-prem cloud patterns<\/li>\n<li>Operations Engineer managing capacity and reliability<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle certification paths change over time. Start at Oracle\u2019s official training portal and look for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud Infrastructure (OCI) foundations and architect tracks<\/li>\n<li>Hybrid cloud and security courses<\/li>\n<\/ul>\n\n\n\n<p>Then map that knowledge to your Cloud at Customer Gen1 deployment specifics.<\/p>\n\n\n\n<p><strong>Verify current Oracle certifications and learning paths<\/strong> on Oracle University:\n&#8211; https:\/\/education.oracle.com\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a \u201cgolden image\u201d pipeline for Linux VMs and validate CIS-aligned hardening<\/li>\n<li>Implement a tagging policy and showback dashboard for internal teams<\/li>\n<li>Create a standard three-tier reference deployment with restricted security rules<\/li>\n<li>Design a logging pipeline from instances to a central SIEM with retention policy<\/li>\n<li>Write runbooks for provisioning, incident triage, and capacity forecasting<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cloud at Customer Gen1:<\/strong> Oracle Cloud offering delivered into a customer data center (first-generation), providing cloud-like services on-prem with Oracle-managed infrastructure aspects (contract-defined).<\/li>\n<li><strong>Control plane:<\/strong> The management layer (console\/APIs) used to provision and govern resources.<\/li>\n<li><strong>Data plane:<\/strong> The layer where workloads run and data is processed (compute\/storage\/network).<\/li>\n<li><strong>Operations plane:<\/strong> Monitoring, logging, patching, support, and day-2 management processes.<\/li>\n<li><strong>Tenant\/Project\/Compartment:<\/strong> Logical boundaries for organizing and isolating resources (exact term varies).<\/li>\n<li><strong>Security zone \/ Subnet segmentation:<\/strong> Dividing networks into smaller trust boundaries to limit blast radius.<\/li>\n<li><strong>Bastion host (jump box):<\/strong> A controlled entry point used to access private instances securely.<\/li>\n<li><strong>Golden image:<\/strong> A standardized VM image with approved OS settings, agents, and hardening.<\/li>\n<li><strong>RACI:<\/strong> Responsibility assignment matrix clarifying who is Responsible\/Accountable\/Consulted\/Informed.<\/li>\n<li><strong>Showback\/Chargeback:<\/strong> Reporting (showback) or billing (chargeback) internal teams based on usage.<\/li>\n<li><strong>Finite capacity:<\/strong> On-prem capacity is limited to installed hardware; scaling requires expansion.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Cloud at Customer Gen1 (Oracle Cloud, Other Services) is an on-premises, Oracle-delivered cloud platform that brings cloud provisioning and governance into your data center. It matters when data residency, latency, or regulatory constraints prevent the use of public Oracle Cloud regions, but your teams still need cloud operating models and self-service.<\/p>\n\n\n\n<p>Architecturally, treat it as a site-scoped cloud with distinct control\/data\/operations planes, strong segmentation requirements, and finite capacity. Cost is typically contract-based and driven by committed footprint, facilities, and operational overhead\u2014so governance, quota management, and chargeback\/showback are essential. Security success depends on least-privilege IAM, tight network exposure controls, centralized auditing, and clear RACI boundaries between Oracle and customer responsibilities.<\/p>\n\n\n\n<p>Use Cloud at Customer Gen1 when on-prem constraints are real and enduring. If you are planning new deployments, also evaluate newer Oracle Cloud@Customer offerings for roadmap alignment\u2014then validate capabilities, pricing, and tooling in official Oracle documentation and with Oracle representatives as your next step.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Other Services<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62,63],"tags":[],"class_list":["post-752","post","type-post","status-publish","format-standard","hentry","category-oracle-cloud","category-other-services"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=752"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/752\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}