{"id":900,"date":"2026-04-16T15:02:09","date_gmt":"2026-04-16T15:02:09","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-compute-cloud-customer-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-edge-cloud\/"},"modified":"2026-04-16T15:02:09","modified_gmt":"2026-04-16T15:02:09","slug":"oracle-cloud-compute-cloud-customer-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-edge-cloud","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-compute-cloud-customer-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-edge-cloud\/","title":{"rendered":"Oracle Cloud Compute Cloud@Customer Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Edge Cloud"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Edge Cloud<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Compute Cloud@Customer is an Oracle Cloud service that brings Oracle Cloud Infrastructure (OCI) <strong>compute capabilities into your own data center<\/strong> while keeping an OCI-like operational model. It is part of the broader <strong>Oracle Cloud@Customer<\/strong> portfolio, designed for organizations that need cloud automation and APIs but must run workloads on-premises for data residency, low latency, or regulatory reasons.<\/p>\n\n\n\n<p>In simple terms: <strong>you get OCI-style virtual machines on hardware installed in your facility<\/strong>, operated with familiar OCI constructs such as compartments, virtual cloud networks (VCNs), subnets, and security lists\u2014without sending your application data to a public cloud region.<\/p>\n\n\n\n<p>Technically, Compute Cloud@Customer is a <strong>customer-located OCI environment<\/strong> that exposes OCI-compatible APIs and resource models for compute (VM instances) and related infrastructure services. Oracle provides and manages the underlying Cloud@Customer infrastructure, and your teams provision and operate workloads using OCI tools and practices (console\/CLI\/SDK), subject to what your specific deployment includes.<\/p>\n\n\n\n<p>It solves a common problem: many enterprises want <strong>cloud speed (self-service, automation, standard APIs)<\/strong> but cannot use a public region for certain workloads due to <strong>compliance<\/strong>, <strong>data sovereignty<\/strong>, <strong>connectivity constraints<\/strong>, or <strong>latency-sensitive edge scenarios<\/strong>. Compute Cloud@Customer targets that gap\u2014cloud operating model at the edge, in your controlled environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Compute Cloud@Customer?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>Compute Cloud@Customer is intended to deliver <strong>OCI compute services on-premises<\/strong> as part of Oracle\u2019s Cloud@Customer offerings. The key objective is to enable customers to run workloads locally with <strong>OCI-like provisioning, governance, and automation<\/strong>.<\/p>\n\n\n\n<p>For the most current service scope and included capabilities, verify the official documentation and your Oracle Cloud@Customer contract because Cloud@Customer offerings can vary by delivery model and purchased configuration:\n&#8211; Documentation (starting point): https:\/\/docs.oracle.com\/en-us\/iaas\/compute-cloud-at-customer\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities (high-level)<\/h3>\n\n\n\n<p>Compute Cloud@Customer commonly centers around:\n&#8211; <strong>Provisioning VM instances<\/strong> using OCI-like shapes and images\n&#8211; <strong>Customer-controlled networking<\/strong> using OCI-style VCN constructs (where supported in the deployment)\n&#8211; <strong>Identity and access governance<\/strong> aligned with OCI IAM concepts (tenancy, compartments, policies)\n&#8211; <strong>API-driven operations<\/strong> using OCI CLI\/SDK patterns (subject to local endpoints and connectivity)\n&#8211; <strong>Operational management<\/strong> where Oracle manages the underlying infrastructure lifecycle (patching\/firmware\/health of the Cloud@Customer system), and the customer manages the guest OS and applications<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual)<\/h3>\n\n\n\n<p>While the exact implementation details depend on your deployed Cloud@Customer system, a typical model includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cloud@Customer infrastructure<\/strong> installed in your facility (compute\/storage\/network components)<\/li>\n<li><strong>Compute service plane<\/strong> that provisions and runs VM instances<\/li>\n<li><strong>Local control plane \/ endpoints<\/strong> to provide OCI-compatible APIs and console access (deployment-specific)<\/li>\n<li><strong>Identity and governance integration<\/strong> with Oracle Cloud IAM concepts (verify exact identity model for your deployment)<\/li>\n<li><strong>Connectivity<\/strong> to your internal networks (and optionally to OCI public regions) for hybrid operations<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Service type:<\/strong> Edge\/on-prem cloud service (Oracle Cloud@Customer)<\/li>\n<li><strong>Consumption model:<\/strong> Contracted\/subscription and\/or consumption-based under enterprise agreement (verify your exact commercial model)<\/li>\n<li><strong>Operations model:<\/strong> Shared responsibility\u2014Oracle manages the Cloud@Customer infrastructure; you manage workloads, configurations, access controls, and data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scope (regional\/global\/zonal\/account-scoped)<\/h3>\n\n\n\n<p>Compute Cloud@Customer is deployed <strong>in your data center<\/strong> and typically behaves like an <strong>OCI \u201cregion-like\u201d environment<\/strong> for resource organization:\n&#8211; <strong>Tenancy\/account-scoped governance<\/strong>: compartments, policies, tagging strategies are generally tenancy-scoped patterns.\n&#8211; <strong>Resource locality<\/strong>: resources are local to your Cloud@Customer deployment (not to OCI public regions unless integrated).\n&#8211; <strong>Networking scope<\/strong>: VCN\/subnets are scoped to your deployment.<\/p>\n\n\n\n<p>The exact \u201cregion identifier,\u201d endpoint format, and feature availability can differ. Use the values provided by Oracle for your environment and <strong>verify in official docs<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n<p>Compute Cloud@Customer is best understood as an <strong>Edge Cloud extension of Oracle Cloud<\/strong>:\n&#8211; It brings OCI-style compute operations to on-premises environments.\n&#8211; It can be used as part of a <strong>hybrid architecture<\/strong>, integrating with OCI public regions for services you don\u2019t run on-prem (for example, centralized logging, SIEM, CI\/CD, artifact registries, backups, or analytics)\u2014subject to connectivity and governance approvals.\n&#8211; It complements other Oracle Cloud@Customer offerings such as <strong>Exadata Cloud@Customer<\/strong> and <strong>Dedicated Region Cloud@Customer<\/strong> (different scope and service breadth).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Compute Cloud@Customer?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Meet data residency requirements<\/strong>: Keep regulated or sensitive data within your facilities while still adopting cloud operating practices.<\/li>\n<li><strong>Reduce time-to-delivery<\/strong>: Enable self-service provisioning and standardized automation compared to traditional virtualization request queues.<\/li>\n<li><strong>Modernize incrementally<\/strong>: Move toward cloud-native practices without a \u201cbig bang\u201d migration to a public region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI-aligned APIs and resource model<\/strong>: Useful if you already build tooling around OCI.<\/li>\n<li><strong>Low-latency local processing<\/strong>: Run workloads close to where data is generated (manufacturing sites, telco edge, campuses).<\/li>\n<li><strong>Hybrid architecture<\/strong>: Keep core data on-prem but integrate with public cloud services where appropriate (verify supported integrations in your environment).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Standardization<\/strong>: Use OCI-style governance patterns (compartments\/policies\/tags) across teams.<\/li>\n<li><strong>Automation<\/strong>: Infrastructure provisioning via CLI\/SDK\/Terraform patterns becomes more consistent (verify exact Terraform provider support and endpoints for Cloud@Customer).<\/li>\n<li><strong>Oracle-managed infrastructure<\/strong>: Offload some hardware lifecycle tasks to Oracle (depending on contract and service boundaries).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Controlled physical location<\/strong>: You control where the infrastructure lives.<\/li>\n<li><strong>Segmentation and policy<\/strong>: Apply compartment-level separation and network security rules.<\/li>\n<li><strong>Auditability<\/strong>: OCI-style audit and logging concepts may apply (verify which logging\/audit services are included in your deployment).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Predictable locality<\/strong>: Avoid latency and bandwidth constraints of sending data to a public region.<\/li>\n<li><strong>Right-size for the site<\/strong>: Choose capacity aligned to your data center needs (scaling is typically by adding capacity via Oracle processes rather than instant elasticity\u2014verify your model).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<p>Choose Compute Cloud@Customer when:\n&#8211; Workloads must remain on-prem for <strong>regulatory<\/strong>, <strong>sovereignty<\/strong>, or <strong>customer contract<\/strong> reasons.\n&#8211; You need <strong>low latency<\/strong> access to local systems (OT\/IT integration, industrial control, local data sources).\n&#8211; You want <strong>OCI-aligned tooling<\/strong> and governance without operating everything yourself as a pure DIY private cloud.\n&#8211; You have enough steady demand to justify the Cloud@Customer commercial model (often enterprise-oriented).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid or reconsider when:\n&#8211; You primarily need bursty, elastic capacity for unpredictable loads (public cloud is typically better).\n&#8211; You want a lightweight, self-managed virtualization stack with minimal vendor involvement (e.g., plain KVM\/VMware\/OpenStack).\n&#8211; You cannot meet the on-prem prerequisites (space, power, cooling, network, operational readiness).\n&#8211; Your organization is not prepared for an OCI-style governance model (compartments, policies, automation) and prefers ad-hoc provisioning.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Compute Cloud@Customer used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<p>Commonly seen in:\n&#8211; <strong>Financial services<\/strong> (regulated workloads, latency to trading\/branch systems)\n&#8211; <strong>Public sector<\/strong> (data residency, sovereign control)\n&#8211; <strong>Healthcare<\/strong> (PHI data locality, integration with hospital systems)\n&#8211; <strong>Manufacturing<\/strong> (plant-floor analytics and control adjacent compute)\n&#8211; <strong>Telecommunications<\/strong> (edge compute use cases; local processing)\n&#8211; <strong>Retail<\/strong> (in-store or regional edge compute where connectivity is variable)\n&#8211; <strong>Energy and utilities<\/strong> (remote sites, constrained connectivity)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building internal cloud platforms<\/li>\n<li>Infrastructure\/VM operations teams modernizing provisioning<\/li>\n<li>DevOps\/SRE teams standardizing deployment patterns<\/li>\n<li>Security teams needing stronger governance and auditing<\/li>\n<li>Application teams that need local compute but cloud-like speed<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Line-of-business apps requiring local database connectivity<\/li>\n<li>API services and microservices that must remain on-prem<\/li>\n<li>Batch processing over local data sets<\/li>\n<li>VDI-like internal tools (depending on licensing and performance needs)<\/li>\n<li>Edge analytics and event processing<\/li>\n<li>Legacy apps requiring VMs but needing modern governance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>On-prem cloud island<\/strong>: All services local to a site<\/li>\n<li><strong>Hybrid<\/strong>: Compute local, selected managed services in OCI public region<\/li>\n<li><strong>Multi-site<\/strong>: Multiple Cloud@Customer deployments (governance and federation is deployment-specific\u2014verify)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Real-world deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Corporate data centers with strict security controls<\/li>\n<li>Co-location facilities used for regulated environments<\/li>\n<li>Industrial sites with local networking and intermittent WAN<\/li>\n<li>Defense\/critical infrastructure sites<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Production<\/strong>: Often the primary driver (compliance\/latency)<\/li>\n<li><strong>Dev\/test<\/strong>: Can be done, but be careful\u2014Cloud@Customer economics often favor steady production use. Many teams keep dev\/test in OCI public regions and deploy only regulated production workloads on Compute Cloud@Customer.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic scenarios where Compute Cloud@Customer is a strong fit. Each includes the problem, why the service fits, and a short example.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Regulated application hosting with on-prem data residency<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Regulations or contracts require data to remain in a controlled facility.<\/li>\n<li><strong>Why this fits:<\/strong> Compute Cloud@Customer provides cloud-like VM provisioning while keeping workloads physically on-prem.<\/li>\n<li><strong>Example:<\/strong> A healthcare provider runs claims processing services on Compute Cloud@Customer so PHI never leaves the hospital-owned data center.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Low-latency integration with on-prem databases and middleware<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> App tiers in public cloud suffer latency to on-prem databases or ERP systems.<\/li>\n<li><strong>Why this fits:<\/strong> Keep compute adjacent to local data and systems while modernizing provisioning and governance.<\/li>\n<li><strong>Example:<\/strong> A manufacturer runs a scheduling API on Compute Cloud@Customer with sub-millisecond access to local MES systems.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Edge analytics for factory\/plant telemetry<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Sending high-volume telemetry to cloud is costly and slow; decisions must be made locally.<\/li>\n<li><strong>Why this fits:<\/strong> Local compute processes data near the source; only aggregates\/results go upstream.<\/li>\n<li><strong>Example:<\/strong> Plant sensors stream events to a local VM-based pipeline; anomalies trigger local alerts and only summarized data is sent to central IT.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Sovereign operations and controlled physical access environments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A government agency needs cloud automation but must keep workloads in sovereign facilities.<\/li>\n<li><strong>Why this fits:<\/strong> On-prem deployment supports strict physical security and sovereignty requirements.<\/li>\n<li><strong>Example:<\/strong> An agency runs internal portals and workflow engines on Compute Cloud@Customer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Modernizing VMware-style VM provisioning into OCI-style governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> VM provisioning is slow and inconsistent, with manual firewall tickets and unclear ownership.<\/li>\n<li><strong>Why this fits:<\/strong> Compartment-based governance, tagging, and consistent network controls improve standardization.<\/li>\n<li><strong>Example:<\/strong> A platform team implements compartment-per-team provisioning with standardized VCN templates.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) On-prem API platform with standardized CI\/CD<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Development teams need repeatable environments but cannot deploy to public regions.<\/li>\n<li><strong>Why this fits:<\/strong> OCI-compatible APIs and automation enable infrastructure-as-code patterns.<\/li>\n<li><strong>Example:<\/strong> A fintech uses Terraform\/CLI-driven pipelines to deploy VM-based services on Compute Cloud@Customer.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Data gravity and large local datasets<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Large datasets are expensive\/slow to move to public cloud.<\/li>\n<li><strong>Why this fits:<\/strong> Compute runs where the data already lives.<\/li>\n<li><strong>Example:<\/strong> A media company processes multi-terabyte archives locally for compliance and bandwidth constraints.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Local identity and security tool integration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Security tooling is on-prem (SIEM, vulnerability scanners, patch systems).<\/li>\n<li><strong>Why this fits:<\/strong> Workloads run inside the security perimeter and integrate with existing tooling.<\/li>\n<li><strong>Example:<\/strong> A bank runs patch management agents and forwards logs to an on-prem SIEM.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Controlled upgrade cadence with vendor-managed infrastructure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Hardware lifecycle and platform patching are complex for internal teams.<\/li>\n<li><strong>Why this fits:<\/strong> Oracle manages the underlying Cloud@Customer infrastructure lifecycle (within agreed boundaries).<\/li>\n<li><strong>Example:<\/strong> IT focuses on guest OS and apps while Oracle manages hardware and platform updates.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Hybrid burst to OCI public regions (selectively)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Most workloads must be on-prem, but analytics or DR requires public cloud services.<\/li>\n<li><strong>Why this fits:<\/strong> Hybrid architecture can use OCI services for non-sensitive processing (if allowed).<\/li>\n<li><strong>Example:<\/strong> Daily anonymized data exports are processed in OCI public region analytics while raw data stays on-prem.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Branch or campus compute for intermittent connectivity<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Sites lose WAN connectivity; workloads must continue locally.<\/li>\n<li><strong>Why this fits:<\/strong> On-prem compute remains operational even with limited upstream connectivity (capabilities depend on control plane requirements\u2014verify).<\/li>\n<li><strong>Example:<\/strong> A retail chain runs local inventory services at a distribution center.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Migration staging environment for OCI-aligned workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> Teams want OCI alignment but must migrate in phases.<\/li>\n<li><strong>Why this fits:<\/strong> Same conceptual model helps standardize tooling; later some workloads can move to OCI public regions.<\/li>\n<li><strong>Example:<\/strong> An enterprise builds OCI-compatible automation on Compute Cloud@Customer then later shifts non-regulated tiers to OCI.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<blockquote>\n<p>Note: Cloud@Customer capabilities can vary by purchased offering and deployment configuration. Confirm feature availability for your specific Compute Cloud@Customer environment in official docs and your Oracle contract.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">OCI-style compute instance provisioning<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Create and manage VM instances with images, shapes, and lifecycle operations (start\/stop\/terminate).<\/li>\n<li><strong>Why it matters:<\/strong> Enables self-service compute similar to OCI public regions.<\/li>\n<li><strong>Practical benefit:<\/strong> Standard automation patterns (CLI\/SDK\/IaC) across on-prem and OCI.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Shape\/image catalog and elasticity are limited to deployed capacity. Some OCI public-region features may not be present\u2014verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compartment-based resource organization<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Organize resources (instances, networks) into compartments for isolation and governance.<\/li>\n<li><strong>Why it matters:<\/strong> Enables least privilege and clear ownership boundaries.<\/li>\n<li><strong>Practical benefit:<\/strong> Team-by-team isolation and policy enforcement.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Requires upfront governance design; poor compartment design can complicate operations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM-style policies (tenancy governance)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Control who can create\/manage resources and where.<\/li>\n<li><strong>Why it matters:<\/strong> Prevents \u201cshadow IT\u201d inside on-prem environments.<\/li>\n<li><strong>Practical benefit:<\/strong> Separation of duties (network admins vs app teams).<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Identity integration (federation\/SSO) is deployment-specific\u2014verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">VCN-style networking and segmentation (where supported)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Define virtual networks, subnets, routing, and security controls similar to OCI VCN.<\/li>\n<li><strong>Why it matters:<\/strong> Modern network segmentation and repeatable patterns.<\/li>\n<li><strong>Practical benefit:<\/strong> Standard templates for app tiers and environments.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Integrations to physical networking and north-south connectivity depend on your data center design and Cloud@Customer configuration.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security lists \/ network security controls (where supported)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Control ingress\/egress traffic at subnet\/instance level depending on model.<\/li>\n<li><strong>Why it matters:<\/strong> Reduces lateral movement risk.<\/li>\n<li><strong>Practical benefit:<\/strong> Clear, auditable firewall rules.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Enforcing standards requires governance and review; misconfigurations can break connectivity.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Block storage attachment to instances (verify availability)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Provide persistent storage volumes attached to VM instances.<\/li>\n<li><strong>Why it matters:<\/strong> Separates compute lifecycle from data.<\/li>\n<li><strong>Practical benefit:<\/strong> Resize, snapshot\/backup patterns (depending on available features).<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Performance and volume limits depend on your Cloud@Customer hardware profile.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Image management and standardized OS baselines<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Use supported images and maintain golden images for compliance.<\/li>\n<li><strong>Why it matters:<\/strong> Reduces drift and vulnerabilities.<\/li>\n<li><strong>Practical benefit:<\/strong> Consistent builds across environments.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Image import\/build workflows may differ from OCI public regions\u2014verify.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">API\/CLI\/SDK access (OCI-compatible patterns)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Automate provisioning and management using OCI toolchains.<\/li>\n<li><strong>Why it matters:<\/strong> Enables DevOps workflows and repeatability.<\/li>\n<li><strong>Practical benefit:<\/strong> CI\/CD pipelines can create and tear down environments.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> Endpoints, regions, and authentication flows may differ for Cloud@Customer; validate configuration steps in official docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Oracle-managed infrastructure lifecycle (Cloud@Customer operational model)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does:<\/strong> Oracle manages parts of platform lifecycle (hardware\/platform updates) under the Cloud@Customer agreement.<\/li>\n<li><strong>Why it matters:<\/strong> Reduces burden on internal infra teams.<\/li>\n<li><strong>Practical benefit:<\/strong> Improved platform consistency and vendor accountability.<\/li>\n<li><strong>Limitations\/caveats:<\/strong> You still manage guest OS, patching, and application security; maintenance windows and change management must be planned.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level service architecture<\/h3>\n\n\n\n<p>Compute Cloud@Customer is deployed in your facility and exposes OCI-style primitives. At a high level:\n&#8211; Users and automation tools authenticate and call APIs (console\/CLI\/SDK).\n&#8211; The control plane schedules and provisions VM instances onto local compute capacity.\n&#8211; Networking is provided through OCI-style virtual networking constructs mapped to your physical network.\n&#8211; Operational telemetry (logs\/metrics\/audit) is collected according to what\u2019s enabled in your deployment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Request\/data\/control flow (typical)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>User\/CI pipeline<\/strong> authenticates using your configured identity provider\/IAM model.<\/li>\n<li>A request to create an instance is sent to the local Cloud@Customer API endpoint.<\/li>\n<li>The platform validates authorization (IAM policy\/compartment access).<\/li>\n<li>The platform provisions the VM on the local compute nodes and configures networking.<\/li>\n<li>The instance boots from an image; you connect via SSH\/RDP through your allowed network paths.<\/li>\n<li>You deploy your application; monitoring and logging flow to your chosen observability stack.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<p>Integrations depend heavily on your Cloud@Customer deployment and organizational design. Common patterns include:\n&#8211; <strong>OCI public region integration (hybrid)<\/strong>: VPN\/FastConnect-equivalent connectivity patterns may be used to connect to OCI regions (verify supported connectivity options).\n&#8211; <strong>On-prem identity<\/strong>: SSO\/federation models to central IdPs (verify)\n&#8211; <strong>On-prem security tooling<\/strong>: SIEM, vulnerability scanning, EDR, patch management\n&#8211; <strong>IaC tooling<\/strong>: OCI Terraform provider patterns may apply (verify endpoint support for Cloud@Customer)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>At minimum, you will rely on:\n&#8211; Identity\/IAM configuration (users, groups, policies)\n&#8211; Networking constructs (VCN\/subnets\/security)\n&#8211; Image catalog \/ compute capacity management\n&#8211; DNS (often customer-managed for on-prem zones)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Users are authorized via <strong>policies<\/strong> mapped to groups and compartments.<\/li>\n<li>API calls use OCI-style signing\/auth patterns (API keys) or federation depending on configuration.<\/li>\n<li>Network access is controlled via security rules and physical network boundaries.<\/li>\n<\/ul>\n\n\n\n<p>Because identity models can differ between OCI public regions and Cloud@Customer setups, <strong>verify in official docs<\/strong> for:\n&#8211; How to create API signing keys\n&#8211; How federation\/SSO is implemented\n&#8211; Where audit logs are stored and how to access them<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model (conceptual)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Virtual networks and subnets segment workloads.<\/li>\n<li>Routing is configured to connect to on-prem networks and (optionally) to OCI.<\/li>\n<li>Inbound access is typically through corporate networks (no default \u201cpublic internet\u201d unless you explicitly design it).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Define standard tags (cost center, environment, owner).<\/li>\n<li>Establish log\/metric collection strategy: local observability stack or integration with enterprise tools.<\/li>\n<li>Use audit trails for privileged actions.<\/li>\n<li>Enforce policy-as-code where possible (review\/approval workflows).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Simple architecture diagram (conceptual)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  Dev[Developer \/ DevOps] --&gt;|Console \/ CLI \/ SDK| API[Compute Cloud@Customer API Endpoint]\n  API --&gt; IAM[IAM Policies &amp; Compartments]\n  API --&gt; Prov[Provisioning \/ Scheduler]\n  Prov --&gt; VM[VM Instances on On-Prem Compute]\n  VM --&gt; Net[VCN\/Subnets\/Security Rules]\n  Net --&gt; DC[On-Prem Network]\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Production-style architecture diagram (hybrid-ready)<\/h4>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph OnPrem[\"Customer Data Center (Edge Cloud)\"]\n    IdP[Enterprise IdP\/SSO]\n    SOC[SIEM \/ SOC Tooling]\n    Jump[Jump Host \/ Admin Network]\n    subgraph C4C[\"Compute Cloud@Customer\"]\n      API[OCI-Compatible API\/Console Endpoint]\n      IAM[IAM: Groups\/Policies\/Compartments]\n      VCN[VCN: Subnets, Route Tables, Security]\n      CMP[Compute Capacity Pool]\n      VM1[App Tier VMs]\n      VM2[Worker Tier VMs]\n      Vol[Block Volumes (if enabled)]\n      Obs[Logging\/Metrics (deployment-specific)]\n    end\n    IdP --&gt; API\n    Jump --&gt; VM1\n    Jump --&gt; VM2\n    VM1 --&gt; Vol\n    VM2 --&gt; Vol\n    Obs --&gt; SOC\n  end\n\n  subgraph OCI[\"Oracle Cloud (Public Region - Optional)\"]\n    Repo[Artifact Repo \/ DevOps Tools]\n    Obj[Object Storage (Backups\/Artifacts)]\n    Sec[Central Security Services]\n  end\n\n  API -. optional hybrid connectivity .-&gt; Repo\n  VM1 -. optional backup\/export .-&gt; Obj\n  Obs -. optional forwarding .-&gt; Sec\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<p>Because this is an on-prem Edge Cloud service, prerequisites are more involved than a typical public cloud tutorial.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Account\/tenancy requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud@Customer \/ Compute Cloud@Customer<\/strong> subscription and deployed environment.<\/li>\n<li>Access to the <strong>Compute Cloud@Customer console\/API endpoint<\/strong> inside your corporate network (or via approved remote access).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You need a user (or group membership) that can:\n&#8211; Create and manage compute instances\n&#8211; Create and manage networking resources (VCN\/subnets\/security), or have a network team do this for you\n&#8211; Create and manage block volumes (if used)<\/p>\n\n\n\n<p>In OCI terms, this is typically done via policies on compartments. Exact policy statements and identity constructs may vary\u2014<strong>verify in official docs<\/strong> for Compute Cloud@Customer.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This is typically not \u201cclick-to-enable\u201d and is generally <strong>contracted<\/strong>. Ensure your internal chargeback\/showback model is agreed before provisioning many instances.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">CLI\/SDK\/tools needed<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Console access for your Compute Cloud@Customer environment<\/li>\n<li>Optional but recommended:<\/li>\n<li>OCI CLI: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n<li>Terraform (if supported for your environment): https:\/\/developer.hashicorp.com\/terraform<\/li>\n<li>SSH client (OpenSSH) for Linux VMs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compute Cloud@Customer runs in your data center, not an OCI public region. You will have a deployment-specific \u201cregion\u201d\/endpoint configuration.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas\/limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Capacity is bounded by the installed system (CPU\/RAM\/storage\/network).<\/li>\n<li>Tenancy service limits may apply (instances, VNICs, volumes). <strong>Verify in official docs<\/strong> and your tenancy\/service limits view for your environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services<\/h3>\n\n\n\n<p>Common dependencies:\n&#8211; Networking connectivity from your admin workstation to the Cloud@Customer endpoint\n&#8211; IP address plan and DNS conventions\n&#8211; A jump host or admin subnet for SSH access (recommended)\n&#8211; Approved OS images and patch repositories accessible from your network<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Compute Cloud@Customer pricing is typically <strong>not simple pay-as-you-go like a public cloud free trial<\/strong>. It is often delivered under a <strong>contracted Cloud@Customer commercial model<\/strong> that may include:\n&#8211; Minimum commitments\n&#8211; Subscription periods\n&#8211; Metered usage for compute resources (depending on contract)\n&#8211; Support and operations components<\/p>\n\n\n\n<p>Because pricing can be negotiated and depends on your configuration, <strong>do not assume list prices<\/strong> for budgeting. Use official pricing pages and your Oracle sales agreement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official pricing references (start here)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Oracle Cloud Pricing overview: https:\/\/www.oracle.com\/cloud\/price\/<\/li>\n<li>Oracle Cloud@Customer (overview\/pricing entry points; verify current URLs): https:\/\/www.oracle.com\/cloud\/cloud-at-customer\/<\/li>\n<\/ul>\n\n\n\n<p>If a dedicated Compute Cloud@Customer pricing page exists for your region\/contract model, <strong>verify in official docs<\/strong> or with Oracle account team.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (typical cost components)<\/h3>\n\n\n\n<p>Common dimensions to expect:\n&#8211; <strong>Compute capacity<\/strong> (OCPU\/vCPU, memory) provisioned or consumed\n&#8211; <strong>Infrastructure subscription<\/strong> (the on-prem Cloud@Customer system, operations, support)\n&#8211; <strong>Storage<\/strong> (block volumes, backups, snapshots\u2014if applicable)\n&#8211; <strong>Networking<\/strong> (primarily internal; hybrid egress to OCI public regions may have costs)\n&#8211; <strong>Support level<\/strong> (enterprise support is usually part of the agreement)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compute Cloud@Customer is generally <strong>not a free-tier service<\/strong>. Learning often requires access to an organization\u2019s deployed environment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Primary cost drivers<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Number and size of VM instances (CPU\/RAM)<\/li>\n<li>Always-on workloads vs scheduled (if billing is time-based)<\/li>\n<li>Storage consumption and performance tiers (if applicable)<\/li>\n<li>Backup\/retention requirements<\/li>\n<li>Additional environments (dev\/test\/prod) and duplication of capacity<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden or indirect costs to plan for<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data center costs: rack space, power, cooling (even if Oracle supplies equipment, your facility bears operational costs)<\/li>\n<li>Network\/security tooling integration<\/li>\n<li>Operations staffing for guest OS\/app lifecycle<\/li>\n<li>Compliance validation and audits<\/li>\n<li>Connectivity to OCI public regions (circuits, cross-connects, egress)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Internal on-prem traffic usually has no \u201ccloud egress\u201d style charges, but it consumes LAN\/WAN capacity.<\/li>\n<li>If you integrate with OCI public regions, evaluate:<\/li>\n<li>Circuit costs (FastConnect or equivalent)<\/li>\n<li>Egress\/ingress charges in OCI (region-dependent)<\/li>\n<li>Data replication volumes (backups, logs, artifacts)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost (practical guidance)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size shapes: do not default to large memory\/CPU.<\/li>\n<li>Schedule non-production workloads off-hours if your commercial model benefits from reduced runtime (verify billing model).<\/li>\n<li>Use tagging and compartment structure for chargeback\/showback.<\/li>\n<li>Avoid duplicating full stacks across too many environments; centralize shared services.<\/li>\n<li>Standardize images and automation to reduce operational overhead.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (model, not numbers)<\/h3>\n\n\n\n<p>A starter pilot often includes:\n&#8211; 1 small admin\/jump VM\n&#8211; 1\u20132 small application VMs\n&#8211; A small block volume per VM (if needed)\n&#8211; Internal-only networking<\/p>\n\n\n\n<p>Costs depend entirely on:\n&#8211; Your contracted pricing model\n&#8211; Whether there is a fixed infrastructure fee independent of usage\n&#8211; The VM sizes and runtime<\/p>\n\n\n\n<p><strong>Action:<\/strong> Use the Oracle pricing calculator (if applicable to your contract) and validate with your Oracle rep.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>For production, plan for:\n&#8211; N+1 capacity for maintenance and failures (or service-level commitments in the contract)\n&#8211; Separate compartments and networks for prod vs non-prod\n&#8211; Backup retention and DR strategy (local vs OCI region)\n&#8211; Observability and security tooling costs\n&#8211; Patch windows and operational processes<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab assumes you already have an operational Compute Cloud@Customer environment and the ability to access its console\/API endpoints from your network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Provision a basic, secure VM on Compute Cloud@Customer, attach storage (if available), configure network access, and deploy a simple internal web service for validation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Confirm access, compartment, and networking prerequisites.\n2. Create a VCN and subnet (or use an existing approved network).\n3. Create a VM instance (Oracle Linux example).\n4. (Optional) Attach a block volume and mount it.\n5. Configure security rules to allow internal HTTP access.\n6. Validate access and then clean up resources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Confirm access and choose a compartment<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to your <strong>Compute Cloud@Customer console<\/strong> using your organization\u2019s URL.<\/li>\n<li>Identify the <strong>compartment<\/strong> where you are allowed to create resources.<\/li>\n<li>Confirm you have permissions to:\n   &#8211; Create instances\n   &#8211; Create networking (or identify the network compartment managed by the network team)<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> You know the compartment name\/OCID (or equivalent identifier shown in console) and can navigate to Compute and Networking services.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; In the console, confirm you can open the \u201cInstances\u201d page and see the \u201cCreate instance\u201d button enabled (not greyed out).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create (or reuse) a VCN and subnet<\/h3>\n\n\n\n<p>If your organization already has a standard VCN\/subnet pattern, reuse it. Otherwise create a minimal internal-only network.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Networking \u2192 Virtual Cloud Networks<\/strong>.<\/li>\n<li>Click <strong>Create VCN<\/strong>.<\/li>\n<li>Choose a simple option (commonly \u201cVCN with Internet Connectivity\u201d exists in OCI public regions; on Cloud@Customer, options may differ). Prefer <strong>internal-only<\/strong> unless your security team explicitly approves internet exposure.<\/li>\n<li>Provide:\n   &#8211; Name: <code>lab-vcn<\/code>\n   &#8211; CIDR: choose a non-overlapping RFC1918 range, e.g. <code>10.50.0.0\/16<\/code> (align with your corporate IP plan)<\/li>\n<li>Create a subnet:\n   &#8211; Name: <code>lab-subnet-app<\/code>\n   &#8211; CIDR: <code>10.50.10.0\/24<\/code>\n   &#8211; Private subnet (recommended)<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> A VCN and a private subnet exist for the VM.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; In the VCN details, confirm the subnet appears and is in \u201cAvailable\u201d state.<\/p>\n\n\n\n<p><strong>Common notes (important):<\/strong>\n&#8211; Routing to your on-prem network is design-specific. Some environments require route tables and physical network integration configured by the network team.\n&#8211; Do not assume an \u201cInternet Gateway\u201d is present or appropriate in a Cloud@Customer environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Create a security rule for SSH and internal HTTP<\/h3>\n\n\n\n<p>You need to reach the VM for administration and validation.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the subnet\u2019s security controls (security lists or network security groups\u2014your environment may differ), add <strong>ingress rules<\/strong>:\n   &#8211; SSH (TCP 22) from your admin network (recommended: a specific CIDR, not <code>0.0.0.0\/0<\/code>)\n   &#8211; HTTP (TCP 80) from your internal client CIDR (or a test subnet)<\/li>\n<\/ol>\n\n\n\n<p>Example rule intent (not a literal console export):\n&#8211; SSH: Source <code>10.0.0.0\/8<\/code> (replace with your admin CIDR), TCP 22\n&#8211; HTTP: Source <code>10.0.0.0\/8<\/code> (replace with your internal CIDR), TCP 80<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> Network policy allows SSH from admins and HTTP from internal clients.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; Review effective rules and confirm they are attached to the subnet or the instance NIC via NSG.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Create a VM instance<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Compute \u2192 Instances \u2192 Create instance<\/strong>.<\/li>\n<li>Configure:\n   &#8211; Name: <code>lab-web-01<\/code>\n   &#8211; Compartment: your lab compartment\n   &#8211; Placement\/availability: deployment-specific (select the default offered)\n   &#8211; Image: Oracle Linux (choose a supported version approved by your org)\n   &#8211; Shape: choose a small shape to minimize consumption\n   &#8211; Networking: select <code>lab-vcn<\/code> and <code>lab-subnet-app<\/code><\/li>\n<li>SSH keys:\n   &#8211; Paste your public key (<code>~\/.ssh\/id_rsa.pub<\/code> or <code>id_ed25519.pub<\/code>)<\/li>\n<li>Create the instance.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome:<\/strong> An instance is created and reaches the \u201cRunning\u201d state.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; Copy the instance\u2019s <strong>private IP<\/strong> from the instance details page.\n&#8211; If your environment uses a bastion\/jump network, note the path you must use to reach the private IP.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Connect via SSH and harden basics<\/h3>\n\n\n\n<p>From a machine that can reach the instance (often a jump host), run:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i ~\/.ssh\/id_ed25519 opc@10.50.10.10\n<\/code><\/pre>\n\n\n\n<p>Replace:\n&#8211; <code>opc<\/code> with the default user for the chosen image (Oracle Linux commonly uses <code>opc<\/code>; <strong>verify for your image<\/strong>)\n&#8211; <code>10.50.10.10<\/code> with your instance private IP<\/p>\n\n\n\n<p>Once connected:<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo dnf -y update || sudo yum -y update\nsudo systemctl status sshd\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> You can log in, and the OS is updated.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; <code>whoami<\/code> returns your user.\n&#8211; <code>uname -a<\/code> shows the kernel.\n&#8211; Updates complete successfully.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6 (Optional): Attach and mount a block volume<\/h3>\n\n\n\n<p>Block volume availability and steps can differ. If your Compute Cloud@Customer environment supports OCI-like block volumes, you can attach one.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In console: <strong>Block Storage \u2192 Block Volumes \u2192 Create<\/strong>\n   &#8211; Name: <code>lab-vol-01<\/code>\n   &#8211; Size: small (e.g., 50 GB) for the lab<\/li>\n<li>Attach it to <code>lab-web-01<\/code> (attachment type depends on your environment).<\/li>\n<\/ol>\n\n\n\n<p>On the VM, identify the new disk:<\/p>\n\n\n\n<pre><code class=\"language-bash\">lsblk\n<\/code><\/pre>\n\n\n\n<p>Assuming it appears as <code>\/dev\/sdb<\/code> (example only\u2014verify):<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo parted \/dev\/sdb --script mklabel gpt mkpart primary ext4 0% 100%\nsudo mkfs.ext4 \/dev\/sdb1\nsudo mkdir -p \/data\nsudo mount \/dev\/sdb1 \/data\ndf -h \/data\n<\/code><\/pre>\n\n\n\n<p>Persist mount (example using UUID):<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo blkid \/dev\/sdb1\n# Copy the UUID, then:\necho 'UUID=YOUR_UUID_HERE \/data ext4 defaults,nofail 0 2' | sudo tee -a \/etc\/fstab\nsudo mount -a\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> A persistent <code>\/data<\/code> mount is available.<\/p>\n\n\n\n<p><strong>Verification:<\/strong>\n&#8211; <code>df -h<\/code> shows <code>\/data<\/code>\n&#8211; Reboot test (optional in a lab): <code>sudo reboot<\/code> and confirm mount persists<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Install a simple internal web server<\/h3>\n\n\n\n<p>Install NGINX and serve a test page:<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo dnf -y install nginx || sudo yum -y install nginx\necho \"Compute Cloud@Customer lab web OK\" | sudo tee \/usr\/share\/nginx\/html\/index.html\nsudo systemctl enable --now nginx\nsudo systemctl status nginx --no-pager\n<\/code><\/pre>\n\n\n\n<p>If your OS firewall is enabled, allow HTTP:<\/p>\n\n\n\n<pre><code class=\"language-bash\">sudo firewall-cmd --permanent --add-service=http || true\nsudo firewall-cmd --reload || true\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome:<\/strong> NGINX is running and serves a test page.<\/p>\n\n\n\n<p><strong>Verification (from a client on the allowed network):<\/strong><\/p>\n\n\n\n<pre><code class=\"language-bash\">curl -s http:\/\/10.50.10.10\/\n<\/code><\/pre>\n\n\n\n<p>You should see:<\/p>\n\n\n\n<pre><code class=\"language-text\">Compute Cloud@Customer lab web OK\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:\n&#8211; Instance is in <strong>Running<\/strong> state in console.\n&#8211; SSH access works from the admin network\/jump host.\n&#8211; <code>curl http:\/\/&lt;private-ip&gt;\/<\/code> returns the expected page.\n&#8211; (Optional) <code>\/data<\/code> is mounted and writable:\n  <code>bash\n  echo test | sudo tee \/data\/test.txt\n  cat \/data\/test.txt<\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">SSH timeout \/ no route to host<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause:<\/strong> Missing route from your admin network to the VCN\/subnet, or missing security rules.<\/li>\n<li><strong>Fix:<\/strong><\/li>\n<li>Verify subnet route tables and on-prem routing integration (often handled by network team).<\/li>\n<li>Verify security list\/NSG allows TCP 22 from your admin CIDR.<\/li>\n<li>Confirm the instance has the expected IP and subnet.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><code>Permission denied (publickey)<\/code><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause:<\/strong> Wrong username, wrong SSH key, or key not injected.<\/li>\n<li><strong>Fix:<\/strong><\/li>\n<li>Verify the correct default username for the image.<\/li>\n<li>Confirm you pasted the correct public key at instance creation.<\/li>\n<li>If needed, recreate the instance with the correct key (common in labs).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">HTTP works on VM but not from client<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause:<\/strong> OS firewall blocks port 80, or subnet security rules missing, or client not in allowed CIDR.<\/li>\n<li><strong>Fix:<\/strong><\/li>\n<li><code>sudo systemctl status nginx<\/code><\/li>\n<li><code>sudo ss -lntp | grep :80<\/code><\/li>\n<li>Add security list\/NSG ingress rule for TCP 80 from correct CIDR.<\/li>\n<li>Configure OS firewall as shown.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Block volume not visible<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause:<\/strong> Volume not attached or attachment type requires different device path.<\/li>\n<li><strong>Fix:<\/strong><\/li>\n<li>Confirm attachment state in console.<\/li>\n<li>Re-scan devices (<code>sudo partprobe<\/code>, <code>lsblk<\/code>).<\/li>\n<li>Check official docs for the correct attachment workflow for your Cloud@Customer deployment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid consuming capacity:\n1. Stop and terminate the instance:\n   &#8211; Console: <strong>Compute \u2192 Instances \u2192 lab-web-01 \u2192 Terminate<\/strong>\n2. Delete the block volume (if created) after confirming no needed data:\n   &#8211; Console: <strong>Block Volumes \u2192 lab-vol-01 \u2192 Delete<\/strong>\n3. Delete networking if it was only for this lab:\n   &#8211; Delete subnets, then VCN (<code>lab-vcn<\/code>)\n4. Remove any DNS records created for the VM.<\/p>\n\n\n\n<p><strong>Expected outcome:<\/strong> No lab resources remain, and consumed capacity is released.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design compartments around <strong>ownership and blast radius<\/strong> (e.g., <code>net-shared<\/code>, <code>prod-appA<\/code>, <code>nonprod-appA<\/code>).<\/li>\n<li>Use separate VCNs\/subnets for environments with different trust levels.<\/li>\n<li>Standardize VM images (\u201cgolden images\u201d) and configuration management.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Apply <strong>least privilege<\/strong> with compartment-scoped policies.<\/li>\n<li>Separate duties:<\/li>\n<li>Network team manages shared VCN and routing<\/li>\n<li>App teams manage instances in their compartments<\/li>\n<li>Require MFA\/SSO where supported.<\/li>\n<li>Rotate API keys and limit who can create them.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track usage with tags: <code>env<\/code>, <code>owner<\/code>, <code>cost-center<\/code>, <code>app<\/code>, <code>data-classification<\/code>.<\/li>\n<li>Rightsize instances; avoid \u201cdefault large\u201d templates.<\/li>\n<li>Implement lifecycle policies for non-prod: auto-stop, scheduled teardown (if it aligns with your billing model\u2014verify).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Place latency-sensitive tiers on the same subnet\/VLAN segment when appropriate.<\/li>\n<li>Use dedicated volumes for IO-heavy workloads.<\/li>\n<li>Benchmark and document expected performance; Cloud@Customer hardware profiles vary.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build redundancy at the application tier (multiple instances).<\/li>\n<li>Plan maintenance windows and test failover procedures.<\/li>\n<li>For DR, decide between:<\/li>\n<li>Local DR inside the data center<\/li>\n<li>DR to OCI public region (hybrid) if permitted<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Centralize logging and metrics (enterprise toolchain or supported OCI-like services in your deployment).<\/li>\n<li>Create runbooks for:<\/li>\n<li>Instance provisioning<\/li>\n<li>Patch cycles<\/li>\n<li>Incident response<\/li>\n<li>Capacity management<\/li>\n<li>Use Infrastructure as Code where supported, and peer review changes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Naming convention example:<\/li>\n<li><code>c4c-&lt;env&gt;-&lt;app&gt;-&lt;role&gt;-&lt;nn&gt;<\/code> \u2192 <code>c4c-prod-payments-web-01<\/code><\/li>\n<li>Tag standards:<\/li>\n<li><code>environment=prod|nonprod<\/code><\/li>\n<li><code>owner=email\/team<\/code><\/li>\n<li><code>data_class=restricted|confidential|internal|public<\/code><\/li>\n<li><code>rto<\/code> \/ <code>rpo<\/code> targets for critical apps<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use compartment-based policies and group membership to control resource access.<\/li>\n<li>Restrict who can:<\/li>\n<li>Create\/modify network resources<\/li>\n<li>Manage IAM policies<\/li>\n<li>Terminate instances<\/li>\n<li>Prefer SSO\/federation for humans and API keys for automation (where supported).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use OS-level encryption for sensitive data where required.<\/li>\n<li>For storage encryption-at-rest and key management, capabilities depend on deployment\u2014<strong>verify in official docs<\/strong> and your security architecture.<\/li>\n<li>Enforce TLS for application traffic; use internal PKI if appropriate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Avoid exposing management ports broadly.<\/li>\n<li>Keep instances in private subnets; use jump hosts and strict security rules.<\/li>\n<li>Segment workloads by trust zone (prod vs dev; PCI vs non-PCI).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not bake secrets into VM images.<\/li>\n<li>Use enterprise secrets management (Vault, CyberArk, etc.) or OCI-compatible services if available in your deployment (verify).<\/li>\n<li>Rotate credentials regularly and audit access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable audit logging where available and forward to SIEM.<\/li>\n<li>Log:<\/li>\n<li>IAM policy changes<\/li>\n<li>Instance lifecycle operations<\/li>\n<li>Network rule changes<\/li>\n<li>Protect logs from tampering (append-only storage, restricted access).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Map controls to frameworks (ISO 27001, SOC 2, PCI DSS, HIPAA) based on your obligations.<\/li>\n<li>Document shared responsibility:<\/li>\n<li>Oracle: underlying Cloud@Customer infrastructure management (contract-defined)<\/li>\n<li>Customer: guest OS hardening, application security, data governance<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Overly permissive security list rules (e.g., wide-open SSH)<\/li>\n<li>Shared admin accounts on VMs<\/li>\n<li>No patching strategy for guest OS<\/li>\n<li>No centralized logging or alerting<\/li>\n<li>No tagging\/ownership, leading to \u201corphan\u201d workloads<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use CIS benchmarks for OS hardening where feasible.<\/li>\n<li>Implement vulnerability scanning and EDR agents.<\/li>\n<li>Enforce IMDS\/metadata security best practices for cloud-like environments (verify what metadata services exist and how they behave in your deployment).<\/li>\n<li>Require change management for network and IAM changes.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<blockquote>\n<p>These are common constraints for on-prem Edge Cloud services. Confirm exact limits and feature availability for your Compute Cloud@Customer deployment in official docs.<\/p>\n<\/blockquote>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Capacity is finite<\/strong>: You cannot instantly scale beyond installed hardware.<\/li>\n<li><strong>Provisioning depends on governance<\/strong>: Network\/routing often requires coordination with enterprise network teams.<\/li>\n<li><strong>Feature parity gaps<\/strong>: Not all OCI public-region services\/features may exist or behave the same on Cloud@Customer.<\/li>\n<li><strong>Endpoint differences<\/strong>: CLI\/SDK configuration may require custom region\/endpoints.<\/li>\n<li><strong>Maintenance windows<\/strong>: Oracle-managed infrastructure updates still require coordination and impact planning.<\/li>\n<li><strong>Hybrid connectivity complexity<\/strong>: Integrations to OCI public regions can introduce network and security review overhead.<\/li>\n<li><strong>Cost model is contract-driven<\/strong>: Surprise costs often come from underutilized committed capacity or duplicated environments.<\/li>\n<li><strong>Operational responsibility<\/strong>: Oracle manages infrastructure; you still own guest OS and application lifecycle.<\/li>\n<li><strong>Image and patch repository access<\/strong>: On-prem environments often restrict outbound internet; plan internal mirrors.<\/li>\n<li><strong>Migration challenges<\/strong>: Moving workloads between Cloud@Customer and OCI public regions requires careful planning for IP ranges, DNS, identity, and compliance.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Compute Cloud@Customer sits between public cloud and self-managed private cloud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Compute Cloud@Customer<\/strong><\/td>\n<td>OCI-aligned VM workloads that must run on-prem (Edge Cloud)<\/td>\n<td>OCI-style governance and APIs on-prem; vendor-managed infrastructure model<\/td>\n<td>Requires on-prem deployment and contract; finite capacity; feature scope depends on offering<\/td>\n<td>When you need cloud-like operations but data\/workloads must stay in your facility<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Dedicated Region Cloud@Customer<\/strong><\/td>\n<td>Full OCI region services on-prem (broad service catalog)<\/td>\n<td>Broadest OCI-like service parity on-prem (verify scope)<\/td>\n<td>Larger footprint and typically higher commitment<\/td>\n<td>When you need many OCI services on-prem, not just compute-centric capability<\/td>\n<\/tr>\n<tr>\n<td><strong>Oracle Exadata Cloud@Customer<\/strong><\/td>\n<td>Oracle Database workloads needing Exadata performance on-prem<\/td>\n<td>Database-optimized platform; Oracle-managed<\/td>\n<td>Not a general-purpose compute platform<\/td>\n<td>When primary need is Oracle Database on Exadata in your data center<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Outposts<\/strong><\/td>\n<td>AWS services on-prem with AWS integration<\/td>\n<td>AWS ecosystem alignment; familiar AWS tooling<\/td>\n<td>Service catalog constraints; hardware dependency; region coupling<\/td>\n<td>When you are AWS-standardized and need on-prem AWS services<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Stack Hub \/ Azure Stack HCI<\/strong><\/td>\n<td>Azure-consistent on-prem\/hybrid<\/td>\n<td>Strong Microsoft ecosystem integration<\/td>\n<td>Complexity, licensing, and capability constraints<\/td>\n<td>When you are Microsoft-standardized and need on-prem Azure-like platform<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Distributed Cloud (various offerings)<\/strong><\/td>\n<td>Google-aligned edge\/hybrid use cases<\/td>\n<td>GKE\/anthos-centered patterns<\/td>\n<td>Fit depends heavily on Kubernetes strategy<\/td>\n<td>When Kubernetes platform is the core requirement<\/td>\n<\/tr>\n<tr>\n<td><strong>VMware vSphere (self-managed)<\/strong><\/td>\n<td>Traditional virtualization private cloud<\/td>\n<td>Mature tooling, broad ecosystem, internal control<\/td>\n<td>You manage lifecycle; less cloud-native governance by default<\/td>\n<td>When you want maximum control and already run VMware at scale<\/td>\n<\/tr>\n<tr>\n<td><strong>OpenStack (self-managed)<\/strong><\/td>\n<td>Open-source private cloud platform<\/td>\n<td>Flexibility and open ecosystem<\/td>\n<td>Operational complexity and staffing needs<\/td>\n<td>When you need open-source control and have strong ops capability<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Regulated payments processing on-prem with cloud-like automation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A financial institution must run certain payment processing components on-prem for regulatory and latency reasons, but their VM provisioning process is slow and inconsistent.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Compute Cloud@Customer hosts VM tiers: API gateway (internal), application services, batch workers<\/li>\n<li>Segmented VCN\/subnets: <code>dmz-internal<\/code>, <code>app<\/code>, <code>data<\/code>, <code>admin<\/code><\/li>\n<li>Central identity with SSO + least-privilege IAM policies<\/li>\n<li>Logs forwarded to on-prem SIEM<\/li>\n<li>Optional hybrid connection to OCI public region for artifact storage and non-sensitive analytics (subject to governance)<\/li>\n<li><strong>Why this service was chosen:<\/strong><\/li>\n<li>Data stays in the bank\u2019s controlled facility<\/li>\n<li>OCI-style governance and automation reduce provisioning time<\/li>\n<li>Vendor-managed infrastructure reduces hardware lifecycle burden<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Faster environment provisioning (hours instead of weeks)<\/li>\n<li>Improved audit readiness through consistent policies and tagging<\/li>\n<li>Lower operational risk via standardized patterns<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: On-prem edge analytics for a manufacturing startup<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem:<\/strong> A small industrial AI startup deploys to customer factories where WAN connectivity is inconsistent and sensor data volumes are high.<\/li>\n<li><strong>Proposed architecture:<\/strong><\/li>\n<li>Compute Cloud@Customer at the customer site runs VM-based ingestion and inference services<\/li>\n<li>Local storage for short-retention raw telemetry<\/li>\n<li>Periodic export of aggregated metrics to a central OCI region when connectivity permits<\/li>\n<li><strong>Why this service was chosen:<\/strong><\/li>\n<li>Edge-local processing meets latency and connectivity constraints<\/li>\n<li>OCI-like operational model supports automation and repeatable deployments across customer sites<\/li>\n<li><strong>Expected outcomes:<\/strong><\/li>\n<li>Reduced bandwidth costs and improved reliability<\/li>\n<li>Consistent deployment process across multiple factories<\/li>\n<li>Clear separation of customer data boundaries<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<p>1) <strong>Is Compute Cloud@Customer the same as OCI in a public region?<\/strong><br\/>\nNot exactly. It is designed to be OCI-like, but feature availability, endpoints, and scaling differ because it runs on-prem and depends on your deployed configuration. Verify service parity in official docs.<\/p>\n\n\n\n<p>2) <strong>Do I need internet access to use Compute Cloud@Customer?<\/strong><br\/>\nNot necessarily for workload runtime, but you may need connectivity for updates, patches, or integrations depending on how your environment is configured. Many deployments use controlled outbound access or internal mirrors.<\/p>\n\n\n\n<p>3) <strong>Who manages the hardware and platform updates?<\/strong><br\/>\nCloud@Customer offerings typically include Oracle-managed infrastructure responsibilities, while customers manage guest OS and applications. The exact split is contract-defined\u2014verify your agreement.<\/p>\n\n\n\n<p>4) <strong>How do I authenticate to the APIs?<\/strong><br\/>\nOften similar to OCI (API signing keys, policies), but federation\/SSO and endpoint configuration may differ. Follow the official Compute Cloud@Customer documentation for your environment.<\/p>\n\n\n\n<p>5) <strong>Can I use OCI CLI with Compute Cloud@Customer?<\/strong><br\/>\nCommonly yes in OCI-compatible patterns, but you must configure the correct region\/endpoint provided for your deployment. Verify in official docs.<\/p>\n\n\n\n<p>6) <strong>Can I use Terraform?<\/strong><br\/>\nTerraform may work if the OCI provider can reach the correct endpoints and the required APIs are supported. Validate with Oracle documentation for Cloud@Customer and run a small proof of concept.<\/p>\n\n\n\n<p>7) <strong>How do I connect to my VM if it has no public IP?<\/strong><br\/>\nUse your corporate network routing plus a jump host\/admin subnet approach. Avoid exposing SSH directly and keep management access restricted.<\/p>\n\n\n\n<p>8) <strong>What networking model should I use?<\/strong><br\/>\nUse segmented subnets and strict security rules. Coordinate with your network team for routing between the Cloud@Customer virtual networks and the rest of your data center.<\/p>\n\n\n\n<p>9) <strong>Is Compute Cloud@Customer suitable for Kubernetes?<\/strong><br\/>\nYou can run Kubernetes on VMs, but managed Kubernetes service availability is deployment-specific. Verify whether your Cloud@Customer environment includes Kubernetes-related services.<\/p>\n\n\n\n<p>10) <strong>How do I implement DR?<\/strong><br\/>\nOptions include local DR within the data center or hybrid DR to OCI public regions. The right approach depends on compliance, connectivity, and recovery requirements.<\/p>\n\n\n\n<p>11) <strong>Does Compute Cloud@Customer include managed database services?<\/strong><br\/>\nCompute Cloud@Customer is compute-centric. Database options may exist via other Oracle Cloud@Customer offerings (e.g., Exadata Cloud@Customer) or by running databases on VMs. Verify what your environment includes.<\/p>\n\n\n\n<p>12) <strong>How do I handle patching?<\/strong><br\/>\nOracle typically manages the platform\/hardware level, but you must patch guest OS and applications. Use enterprise patch tooling and maintenance windows.<\/p>\n\n\n\n<p>13) <strong>What are the biggest operational risks?<\/strong><br\/>\nCommon risks include unclear ownership, weak IAM policies, overly permissive network rules, insufficient logging, and lack of capacity planning.<\/p>\n\n\n\n<p>14) <strong>Can I migrate workloads to OCI public regions later?<\/strong><br\/>\nOften yes for VM-based workloads, but plan carefully: IP ranges, DNS, identity, compliance boundaries, and data migration all matter.<\/p>\n\n\n\n<p>15) <strong>Is Compute Cloud@Customer considered \u201cEdge Cloud\u201d?<\/strong><br\/>\nYes in the sense that it brings cloud-like compute to where you run your operations (on-prem), supporting locality-driven architectures.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Compute Cloud@Customer<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Compute Cloud@Customer Docs (Oracle) \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/compute-cloud-at-customer\/<\/td>\n<td>Primary source for supported features, endpoints, workflows, and limitations<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI CLI Install &amp; Config \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/td>\n<td>Helps you automate provisioning and operations with CLI patterns<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Oracle Cloud Pricing \u2014 https:\/\/www.oracle.com\/cloud\/price\/<\/td>\n<td>Starting point for Oracle pricing references and calculators<\/td>\n<\/tr>\n<tr>\n<td>Official product overview<\/td>\n<td>Oracle Cloud@Customer overview \u2014 https:\/\/www.oracle.com\/cloud\/cloud-at-customer\/<\/td>\n<td>Explains Cloud@Customer portfolio positioning and options<\/td>\n<\/tr>\n<tr>\n<td>Architecture center<\/td>\n<td>Oracle Architecture Center \u2014 https:\/\/www.oracle.com\/cloud\/architecture-center\/<\/td>\n<td>Reference architectures and best practices (filter for hybrid\/edge patterns)<\/td>\n<\/tr>\n<tr>\n<td>Tutorials\/labs<\/td>\n<td>Oracle LiveLabs \u2014 https:\/\/livelabs.oracle.com\/<\/td>\n<td>Hands-on labs (search for Cloud@Customer \/ hybrid \/ OCI compute patterns)<\/td>\n<\/tr>\n<tr>\n<td>Videos<\/td>\n<td>Oracle Cloud Infrastructure YouTube \u2014 https:\/\/www.youtube.com\/@OracleCloudInfrastructure<\/td>\n<td>Product walkthroughs and operational guidance (search within channel)<\/td>\n<\/tr>\n<tr>\n<td>SDK documentation<\/td>\n<td>OCI SDK Docs index \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/Concepts\/sdks.htm<\/td>\n<td>Automate with language SDKs and understand API auth models<\/td>\n<\/tr>\n<tr>\n<td>Community (reputable)<\/td>\n<td>Oracle Cloud customer\/community posts (use with validation) \u2014 https:\/\/community.oracle.com\/<\/td>\n<td>Practical experiences; cross-check with official docs for accuracy<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>DevOpsSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> DevOps engineers, SREs, platform teams, cloud engineers\n   &#8211; <strong>Likely learning focus:<\/strong> DevOps practices, IaC, CI\/CD, cloud operations (verify specific Oracle Cloud coverage on site)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>ScmGalaxy.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> Build\/release engineers, DevOps learners, system administrators\n   &#8211; <strong>Likely learning focus:<\/strong> SCM, CI\/CD, automation fundamentals (verify cloud-specific tracks)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.scmgalaxy.com\/<\/p>\n<\/li>\n<li>\n<p><strong>CLoudOpsNow.in<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> Cloud operations teams, NOC\/SOC-adjacent ops, junior cloud engineers\n   &#8211; <strong>Likely learning focus:<\/strong> Cloud operations practices, monitoring, reliability basics (verify Oracle Cloud topics)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.cloudopsnow.in\/<\/p>\n<\/li>\n<li>\n<p><strong>SreSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> SREs, reliability engineers, platform engineers\n   &#8211; <strong>Likely learning focus:<\/strong> SRE principles, incident management, SLOs\/SLIs, observability (verify vendor-specific content)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.sreschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>AiOpsSchool.com<\/strong>\n   &#8211; <strong>Suitable audience:<\/strong> Ops teams adopting AIOps, IT operations leaders\n   &#8211; <strong>Likely learning focus:<\/strong> AIOps concepts, monitoring automation, event correlation (verify cloud provider coverage)\n   &#8211; <strong>Mode:<\/strong> Check website\n   &#8211; <strong>Website:<\/strong> https:\/\/www.aiopsschool.com\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>RajeshKumar.xyz<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps and cloud training topics (verify Oracle Cloud specialization on site)\n   &#8211; <strong>Suitable audience:<\/strong> Engineers seeking hands-on coaching\n   &#8211; <strong>Website:<\/strong> https:\/\/www.rajeshkumar.xyz\/<\/p>\n<\/li>\n<li>\n<p><strong>devopstrainer.in<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps tools, CI\/CD, automation (verify Oracle Cloud content)\n   &#8211; <strong>Suitable audience:<\/strong> Beginners to intermediate DevOps practitioners\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopstrainer.in\/<\/p>\n<\/li>\n<li>\n<p><strong>devopsfreelancer.com<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps freelancing\/training\/services marketplace-style resource (verify offerings)\n   &#8211; <strong>Suitable audience:<\/strong> Teams looking for short-term DevOps help or mentoring\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsfreelancer.com\/<\/p>\n<\/li>\n<li>\n<p><strong>devopssupport.in<\/strong>\n   &#8211; <strong>Likely specialization:<\/strong> DevOps support and training topics (verify Oracle Cloud coverage)\n   &#8211; <strong>Suitable audience:<\/strong> Ops\/DevOps teams needing implementation assistance\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopssupport.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>cotocus.com<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> Cloud\/DevOps consulting, automation, platform engineering (verify exact scope)\n   &#8211; <strong>Where they may help:<\/strong> Cloud@Customer adoption planning, CI\/CD design, IaC, operational readiness\n   &#8211; <strong>Consulting use case examples:<\/strong> Landing zone design, tagging\/governance standards, VM provisioning automation\n   &#8211; <strong>Website:<\/strong> https:\/\/cotocus.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DevOpsSchool.com<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> DevOps consulting and enablement (verify Oracle Cloud@Customer offerings)\n   &#8211; <strong>Where they may help:<\/strong> DevOps transformation, automation toolchains, training + implementation support\n   &#8211; <strong>Consulting use case examples:<\/strong> CI\/CD rollout for VM-based apps, observability stack setup, runbook creation\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsschool.com\/<\/p>\n<\/li>\n<li>\n<p><strong>DEVOPSCONSULTING.IN<\/strong>\n   &#8211; <strong>Likely service area:<\/strong> DevOps consulting services (verify service catalog)\n   &#8211; <strong>Where they may help:<\/strong> Build\/release automation, IaC rollout, operational processes\n   &#8211; <strong>Consulting use case examples:<\/strong> Standardized instance provisioning pipelines, security baseline automation, monitoring integration\n   &#8211; <strong>Website:<\/strong> https:\/\/www.devopsconsulting.in\/<\/p>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before this service<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals: compartments, IAM policies, networking (VCN\/subnets\/security)<\/li>\n<li>Linux administration: SSH, systemd, firewalling, package management<\/li>\n<li>Network fundamentals: CIDR planning, routing, DNS, NAT concepts<\/li>\n<li>Security basics: least privilege, key management, patching<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after this service<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure as Code with OCI\/Terraform patterns (if supported in your environment)<\/li>\n<li>Observability: metrics, logs, tracing, alerting, SLOs<\/li>\n<li>Enterprise identity integration (SSO, federation) and privileged access management<\/li>\n<li>Hybrid networking patterns (VPN\/private circuits) if integrating with OCI public regions<\/li>\n<li>DR planning and backup strategies<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud\/Platform Engineer (on-prem cloud platform)<\/li>\n<li>DevOps Engineer \/ SRE (automation, reliability, operations)<\/li>\n<li>Cloud Solution Architect (hybrid\/edge architectures)<\/li>\n<li>Security Engineer (governance, segmentation, audits)<\/li>\n<li>Infrastructure Engineer (VM lifecycle, network integration)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI certifications can be relevant for foundational concepts and tooling, even if you operate on Cloud@Customer. Check Oracle\u2019s certification portal for current tracks: https:\/\/education.oracle.com\/<\/li>\n<li>For Cloud@Customer-specific enablement, organizations often rely on Oracle-delivered onboarding and internal runbooks. Verify what official training exists for your purchased offering.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build a \u201clanding zone\u201d template: compartments, tags, baseline VCNs, standard security rules.<\/li>\n<li>Create a CI pipeline that provisions a VM, configures it (Ansible), deploys an app, runs tests, and destroys resources.<\/li>\n<li>Implement centralized logging forwarding from VMs to your SIEM.<\/li>\n<li>Write a capacity and quota dashboard for your Cloud@Customer environment (using whatever metrics are available).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cloud@Customer:<\/strong> Oracle portfolio delivering cloud services in a customer-controlled location (on-prem\/co-lo), with Oracle-managed infrastructure responsibilities.<\/li>\n<li><strong>Compute Cloud@Customer:<\/strong> Cloud@Customer offering focused on OCI-like compute (VM instances) on-prem.<\/li>\n<li><strong>OCI (Oracle Cloud Infrastructure):<\/strong> Oracle\u2019s public cloud platform, with services, APIs, and governance model.<\/li>\n<li><strong>Compartment:<\/strong> OCI logical container for organizing and isolating resources for access control and governance.<\/li>\n<li><strong>IAM Policy:<\/strong> Authorization rules defining who can do what on which resources, typically scoped to compartments.<\/li>\n<li><strong>VCN (Virtual Cloud Network):<\/strong> OCI-style virtual networking construct similar to a virtual network\/VPC.<\/li>\n<li><strong>Subnet:<\/strong> CIDR block within a VCN where instances are placed.<\/li>\n<li><strong>Security List \/ NSG:<\/strong> Network security controls that define allowed ingress\/egress traffic (exact model may vary).<\/li>\n<li><strong>OCPU:<\/strong> Oracle CPU unit used in OCI pricing and shapes (conceptual sizing unit).<\/li>\n<li><strong>Golden Image:<\/strong> Standardized VM image baseline used for consistent provisioning and compliance.<\/li>\n<li><strong>Jump Host (Bastion):<\/strong> Controlled access host used to reach private instances without exposing them publicly.<\/li>\n<li><strong>Edge Cloud:<\/strong> Compute deployed near data sources\/users, often outside traditional public cloud regions.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Compute Cloud@Customer (Oracle Cloud) is an <strong>Edge Cloud<\/strong> service that brings OCI-style <strong>VM compute provisioning and governance into your data center<\/strong>, enabling cloud-like automation while meeting on-prem requirements such as data residency, latency, and controlled physical access.<\/p>\n\n\n\n<p>It matters because it supports a practical hybrid strategy: keep sensitive or latency-critical workloads local while adopting <strong>standardized IAM, networking segmentation, and automation<\/strong> patterns aligned with Oracle Cloud. Cost is typically <strong>contract-driven<\/strong> (often with commitments and infrastructure components), so capacity planning and tagging-based governance are essential. Security success depends on <strong>least privilege IAM<\/strong>, strict network segmentation, hardened images, patching discipline, and centralized logging\/auditing.<\/p>\n\n\n\n<p>Use Compute Cloud@Customer when workloads must remain on-prem but you want OCI-aligned operations; prefer OCI public regions when elasticity and broad managed-service catalogs are the priority. Next step: read the official Compute Cloud@Customer documentation, validate feature availability for your deployment, and implement a small landing zone plus an automated VM provisioning pipeline.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Edge Cloud<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,62],"tags":[],"class_list":["post-900","post","type-post","status-publish","format-standard","hentry","category-edge-cloud","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=900"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/900\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}