{"id":931,"date":"2026-04-17T04:26:37","date_gmt":"2026-04-17T04:26:37","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-marketplace-policies-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace\/"},"modified":"2026-04-17T04:26:37","modified_gmt":"2026-04-17T04:26:37","slug":"oracle-cloud-marketplace-policies-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-marketplace-policies-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace\/","title":{"rendered":"Oracle Cloud Marketplace Policies Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Marketplace"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Marketplace<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Oracle Cloud Marketplace Policies<\/strong> are tenancy-level governance controls for Oracle Cloud Marketplace<\/strong>. They help you decide whether<\/em> your organization can use Marketplace at all and what kinds of Marketplace listings<\/em> (for example, Oracle-published vs partner-published, free vs paid) your users are allowed to subscribe to.<\/p>\n\n\n\n

In simple terms: Marketplace Policies let administrators reduce risk and control spending by limiting Marketplace usage<\/strong>. Instead of relying on tribal knowledge (\u201cdon\u2019t click Subscribe\u201d), you can put guardrails in place that align with procurement, security, and compliance requirements.<\/p>\n\n\n\n

Technically, Marketplace Policies are part of the Oracle Cloud Infrastructure (OCI) control plane for Marketplace. They are configured by administrators and then enforced when users browse, subscribe to, or attempt to deploy Marketplace listings<\/strong>. Marketplace Policies work alongside OCI IAM (Identity and Access Management): policies define what Marketplace categories are allowed at the tenancy level, and IAM defines which users\/groups can perform Marketplace-related actions in specific compartments.<\/p>\n\n\n\n

The problem Marketplace Policies solve is common in real OCI environments: Marketplace makes it easy to deploy vendor software and prebuilt solutions, but that convenience can introduce unreviewed third-party software, unclear license obligations, unexpected charges, or security exposure<\/strong>. Marketplace Policies provide a first line of governance before deployments happen.<\/p>\n\n\n\n

2. What is Marketplace Policies?<\/h2>\n\n\n\n

Official purpose (scope-aligned):<\/strong> Marketplace Policies in Oracle Cloud are administrative settings that govern the use of Oracle Cloud Marketplace within an OCI tenancy<\/strong>. These settings help you control which types of listings your users are allowed to subscribe to and use.<\/p>\n\n\n\n

Because the Oracle Cloud console and documentation can evolve, confirm the exact current options and labels in the official Oracle Cloud Marketplace documentation:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/p>\n\n\n\n

Core capabilities (what it does)<\/h3>\n\n\n\n

Marketplace Policies typically enable you to:\n– Restrict Marketplace usage<\/strong> at the tenancy level (governance guardrails).\n– Control subscription eligibility<\/strong> for certain listing types (for example, limiting categories of listings that can be subscribed to).\n– Support a safer operating model when combined with OCI IAM<\/strong>, compartments<\/strong>, tagging<\/strong>, and audit logging<\/strong>.<\/p>\n\n\n\n

\n

If your tenancy has multiple regions enabled, Marketplace Policies are generally treated as tenancy-wide governance settings<\/strong> (OCI governance commonly follows the IAM \u201cglobal to the tenancy\u201d model). Verify in official docs<\/strong> how policy enforcement behaves across regions\/realms for your specific tenancy configuration.<\/p>\n<\/blockquote>\n\n\n\n

Major components (practical view)<\/h3>\n\n\n\n

Marketplace Policies are not a \u201cdeployable resource.\u201d Think of them as:\n– A control-plane settings page<\/strong> (in the OCI Console) for Marketplace governance\n– A set of enforcement rules<\/strong> evaluated when Marketplace actions occur (browse\/subscribe\/deploy)\n– An administrative workflow<\/strong> typically owned by cloud platform\/security\/procurement stakeholders<\/p>\n\n\n\n

Service type<\/h3>\n\n\n\n
    \n
  • Service type:<\/strong> Governance \/ administrative control (control plane), aligned to Oracle Cloud Marketplace.<\/li>\n
  • Billing:<\/strong> Marketplace Policies themselves are not typically billed as a separate meter. The cost impact is indirect<\/strong>, driven by what Marketplace listings you allow users to deploy.<\/li>\n<\/ul>\n\n\n\n

    How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n

    Marketplace Policies sit at the intersection of:\n– Oracle Cloud Marketplace<\/strong> (where listings are discovered and subscribed to)\n– OCI IAM<\/strong> (who can do what, and where)\n– Compartments<\/strong> (where Marketplace deployments land)\n– Audit<\/strong> (traceability of administrative changes and user actions)\n– Budgets \/ Cost Management<\/strong> (control spend after deployments)<\/p>\n\n\n\n

    If you\u2019re building an OCI landing zone, Marketplace Policies fit naturally into \u201cDay 0\/Day 1 governance\u201d alongside IAM baseline policies, network architecture, and tagging standards.<\/p>\n\n\n\n

    3. Why use Marketplace Policies?<\/h2>\n\n\n\n

    Business reasons<\/h3>\n\n\n\n
      \n
    • Procurement control:<\/strong> Prevent unapproved software subscriptions and vendor engagements.<\/li>\n
    • Cost containment:<\/strong> Reduce the chance of accidental subscription to paid listings or paid usage models.<\/li>\n
    • Standardization:<\/strong> Encourage sanctioned images\/stacks rather than ad-hoc deployments.<\/li>\n<\/ul>\n\n\n\n

      Technical reasons<\/h3>\n\n\n\n
        \n
      • Reduce supply-chain risk:<\/strong> Marketplace introduces third-party software into your environment; restricting listing types is a practical first control.<\/li>\n
      • Improve environment consistency:<\/strong> Limiting to approved sources reduces variation in images, agents, and default configurations.<\/li>\n<\/ul>\n\n\n\n

        Operational reasons<\/h3>\n\n\n\n
          \n
        • Fewer incident classes:<\/strong> Unvetted appliances and images can introduce operational fragility (unknown patch cadence, obscure configuration, surprise dependencies).<\/li>\n
        • Clearer supportability:<\/strong> Keeping Marketplace usage aligned to support policies (Oracle or approved partners) simplifies escalation paths.<\/li>\n<\/ul>\n\n\n\n

          Security\/compliance reasons<\/h3>\n\n\n\n
            \n
          • Control third-party code intake:<\/strong> For regulated environments, limiting the types of listings that can be used helps meet internal audit requirements.<\/li>\n
          • License and data handling awareness:<\/strong> Some listings involve license terms and telemetry; restricting use reduces compliance exposure.<\/li>\n<\/ul>\n\n\n\n

            Scalability\/performance reasons<\/h3>\n\n\n\n

            Marketplace Policies don\u2019t directly improve performance, but they reduce risk that a \u201cquick deployment\u201d introduces:\n– Unsupported kernel modules\n– Nonstandard network patterns\n– Over-permissioned IAM roles\n– Unmonitored services that later impact performance and reliability<\/p>\n\n\n\n

            When teams should choose it<\/h3>\n\n\n\n

            Use Marketplace Policies if you:\n– Run a shared OCI tenancy<\/strong> serving multiple teams.\n– Need guardrails<\/strong> for software adoption.\n– Have compliance<\/strong> requirements (SOC 2, ISO 27001, PCI, HIPAA-like controls) that demand controlled third-party intake.\n– Want to enable Marketplace but with bounded risk<\/strong>.<\/p>\n\n\n\n

            When teams should not choose it (or should be cautious)<\/h3>\n\n\n\n

            Marketplace Policies may be too restrictive if:\n– You\u2019re in a small, fast-moving environment that depends on rapid vendor trials and can manage risk through other means.\n– You need granular allow\/deny controls at a per-listing level but your current Marketplace Policies capabilities are more coarse-grained (tenancy-wide categories). In that case you may need process controls<\/strong> (procurement approvals) and IAM compartment boundaries<\/strong> in addition.<\/p>\n\n\n\n

            4. Where is Marketplace Policies used?<\/h2>\n\n\n\n

            Industries<\/h3>\n\n\n\n

            Common in:\n– Financial services and insurance (strict vendor and software intake)\n– Healthcare and life sciences (compliance and data handling controls)\n– Government and public sector (approved software lists, procurement oversight)\n– Manufacturing and critical infrastructure (risk avoidance, standardized platforms)\n– SaaS companies (multi-team environments where guardrails matter)<\/p>\n\n\n\n

            Team types<\/h3>\n\n\n\n
              \n
            • Platform engineering \/ cloud center of excellence (CCoE)<\/li>\n
            • Security engineering and GRC teams<\/li>\n
            • SRE and operations teams<\/li>\n
            • DevOps and application platform teams<\/li>\n
            • Procurement \/ vendor management stakeholders (as governance partners)<\/li>\n<\/ul>\n\n\n\n

              Workloads<\/h3>\n\n\n\n
                \n
              • Kubernetes platforms (control which CNIs\/ingress\/security appliances enter)<\/li>\n
              • Security tooling (SIEM forwarders, WAF appliances, vulnerability scanners)<\/li>\n
              • Data platforms (Kafka distributions, databases, ETL tools)<\/li>\n
              • Enterprise apps (commercial appliances or prebuilt stacks)<\/li>\n<\/ul>\n\n\n\n

                Architectures<\/h3>\n\n\n\n

                Marketplace Policies are used in:\n– Landing zones (baseline governance)\n– Multi-compartment enterprise tenancy models\n– Shared services architectures (central network, central logging, central security)<\/p>\n\n\n\n

                Real-world deployment contexts<\/h3>\n\n\n\n
                  \n
                • Production:<\/strong> Most valuable. You want explicit controls around third-party\/premium software.<\/li>\n
                • Dev\/test:<\/strong> Still useful to prevent uncontrolled spend and reduce the chance that dev deployments become \u201cshadow production.\u201d<\/li>\n<\/ul>\n\n\n\n

                  5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                  Below are realistic scenarios where Oracle Cloud Marketplace Policies<\/strong> are commonly applied. Each use case includes the problem, why Marketplace Policies fit, and a short scenario.<\/p>\n\n\n\n

                  1) Prevent accidental paid subscriptions<\/h3>\n\n\n\n
                    \n
                  • Problem:<\/strong> Engineers subscribe to paid listings unintentionally, triggering unexpected costs or procurement issues.<\/li>\n
                  • Why this service fits:<\/strong> Marketplace Policies can restrict Marketplace usage patterns at the tenancy level (exact paid\/free controls depend on current OCI policy options\u2014verify in official docs<\/strong>).<\/li>\n
                  • Scenario:<\/strong> A platform team enables Marketplace for productivity but restricts paid listing subscriptions until procurement workflows are ready.<\/li>\n<\/ul>\n\n\n\n

                    2) Block third-party listings in regulated environments<\/h3>\n\n\n\n
                      \n
                    • Problem:<\/strong> Compliance requires strict control of third-party software sources.<\/li>\n
                    • Why this service fits:<\/strong> Marketplace Policies can limit which categories of listings are allowed (for example, Oracle vs partner offerings\u2014verify current option names<\/strong>).<\/li>\n
                    • Scenario:<\/strong> A bank allows only Oracle-published listings while building a formal third-party risk assessment pipeline.<\/li>\n<\/ul>\n\n\n\n

                      3) Enable Marketplace only for a controlled pilot window<\/h3>\n\n\n\n
                        \n
                      • Problem:<\/strong> You want Marketplace benefits but only for a limited pilot period.<\/li>\n
                      • Why this service fits:<\/strong> Marketplace Policies are a fast control-plane lever for enabling\/disabling or restricting use without refactoring IAM everywhere.<\/li>\n
                      • Scenario:<\/strong> A cloud team enables Marketplace for 30 days to evaluate two vendor images, then disables or tightens restrictions after the pilot.<\/li>\n<\/ul>\n\n\n\n

                        4) Reduce software supply-chain risk<\/h3>\n\n\n\n
                          \n
                        • Problem:<\/strong> Marketplace listings may include images with unknown build provenance or update practices.<\/li>\n
                        • Why this service fits:<\/strong> Policies reduce the set of allowable intake paths and make governance auditable.<\/li>\n
                        • Scenario:<\/strong> Security team requires that only vetted sources can be subscribed to while they build a golden-image program.<\/li>\n<\/ul>\n\n\n\n

                          5) Enforce \u201cplatform team as broker\u201d model<\/h3>\n\n\n\n
                            \n
                          • Problem:<\/strong> App teams deploy appliances directly; operations later inherits them without knowledge.<\/li>\n
                          • Why this service fits:<\/strong> Marketplace Policies can be combined with IAM so only the platform group can subscribe\/deploy.<\/li>\n
                          • Scenario:<\/strong> Platform team becomes the broker: they subscribe to approved listings, publish internal Terraform modules, and app teams consume via standardized pipelines.<\/li>\n<\/ul>\n\n\n\n

                            6) Align Marketplace usage with compartment strategy<\/h3>\n\n\n\n
                              \n
                            • Problem:<\/strong> Marketplace resources appear in inconsistent compartments, breaking billing and ownership.<\/li>\n
                            • Why this service fits:<\/strong> Policies and IAM together help constrain where Marketplace actions occur, and tagging policies can complement governance.<\/li>\n
                            • Scenario:<\/strong> Subscriptions\/deployments are allowed only in Shared-Services<\/code> or Sandbox<\/code> compartments (enforced via IAM), while Marketplace Policies restrict listing types.<\/li>\n<\/ul>\n\n\n\n

                              7) Limit exposure during incident response<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> During an active security incident, you want to reduce change vectors and software introductions.<\/li>\n
                              • Why this service fits:<\/strong> Marketplace Policies can rapidly reduce allowed Marketplace activity (depending on available controls).<\/li>\n
                              • Scenario:<\/strong> Security incident commander temporarily restricts Marketplace usage while investigating lateral movement.<\/li>\n<\/ul>\n\n\n\n

                                8) Support internal audit requirements<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> Auditors ask, \u201cWho can bring in third-party software and under what control?\u201d<\/li>\n
                                • Why this service fits:<\/strong> Marketplace Policies provide a documented governance mechanism; Audit logs can show changes and actions.<\/li>\n
                                • Scenario:<\/strong> Annual audit requires evidence of preventive controls; Marketplace Policies plus IAM and Audit reports satisfy the requirement.<\/li>\n<\/ul>\n\n\n\n

                                  9) Control vendor terms acceptance responsibilities<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> Marketplace subscriptions often require acceptance of terms. You may want only authorized approvers to accept.<\/li>\n
                                  • Why this service fits:<\/strong> Marketplace Policies and IAM-based controls can restrict who can subscribe, aligning with procurement approval responsibilities.<\/li>\n
                                  • Scenario:<\/strong> Only the procurement-approved \u201cCloud Purchasers\u201d group is allowed to subscribe to listings.<\/li>\n<\/ul>\n\n\n\n

                                    10) Standardize reference architectures and repeatable deployments<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Teams deploy similar vendor stacks inconsistently.<\/li>\n
                                    • Why this service fits:<\/strong> Policies reduce the catalog to approved options; platform team provides approved \u201cpaths\u201d for deployment.<\/li>\n
                                    • Scenario:<\/strong> Org approves one WAF and one logging agent appliance from Marketplace; everything else is blocked or discouraged.<\/li>\n<\/ul>\n\n\n\n

                                      11) Multi-entity tenancy governance (business units)<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> One tenancy hosts multiple business units with different risk tolerances.<\/li>\n
                                      • Why this service fits:<\/strong> Marketplace Policies provide a global baseline; compartments + IAM provide more granular per-BU controls.<\/li>\n
                                      • Scenario:<\/strong> Global policy restricts risky listing types, while BU-specific IAM policies define which BU teams can deploy approved listings in their compartments.<\/li>\n<\/ul>\n\n\n\n

                                        12) Education and training tenancies<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> Students accidentally deploy costly marketplace solutions.<\/li>\n
                                        • Why this service fits:<\/strong> Restricting Marketplace scope reduces cost surprises.<\/li>\n
                                        • Scenario:<\/strong> A training tenancy allows only free\/sandbox-friendly marketplace options; budgets and quotas backstop spending.<\/li>\n<\/ul>\n\n\n\n

                                          6. Core Features<\/h2>\n\n\n\n

                                          Marketplace Policies are governance controls, so features are primarily about restriction and enforcement<\/strong> rather than deploying resources. The exact policy options can change; where your console differs, use the on-screen descriptions and confirm in official documentation:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/p>\n\n\n\n

                                          Feature 1: Tenancy-level governance for Marketplace usage<\/h3>\n\n\n\n
                                            \n
                                          • What it does:<\/strong> Lets administrators define whether and how Marketplace can be used within a tenancy.<\/li>\n
                                          • Why it matters:<\/strong> A single administrative control can reduce broad risk across all compartments.<\/li>\n
                                          • Practical benefit:<\/strong> Faster governance than building complex per-team rules first.<\/li>\n
                                          • Limitations\/caveats:<\/strong> Tenancy-wide settings can be coarse; you may still need IAM, compartments, and process controls for fine-grained governance.<\/li>\n<\/ul>\n\n\n\n

                                            Feature 2: Restriction of listing types (category-based allow\/deny)<\/h3>\n\n\n\n
                                              \n
                                            • What it does:<\/strong> Restricts what kinds of listings users can subscribe to (for example, based on publisher\/source and\/or commercial model, depending on current OCI options).<\/li>\n
                                            • Why it matters:<\/strong> Third-party and paid listings can introduce risk and cost.<\/li>\n
                                            • Practical benefit:<\/strong> Prevents risky or noncompliant subscriptions before they happen.<\/li>\n
                                            • Limitations\/caveats:<\/strong> If you need per-listing approvals, you may need additional governance and workflow tooling.<\/li>\n<\/ul>\n\n\n\n

                                              Feature 3: Enforced control-plane behavior during subscription\/deployment<\/h3>\n\n\n\n
                                                \n
                                              • What it does:<\/strong> Enforces restrictions when a user attempts to subscribe to a listing or proceed with Marketplace-driven deployment flows.<\/li>\n
                                              • Why it matters:<\/strong> Preventive controls are stronger than detective controls.<\/li>\n
                                              • Practical benefit:<\/strong> Reduces reliance on training and manual reviews.<\/li>\n
                                              • Limitations\/caveats:<\/strong> Enforcement is bounded by what Marketplace Policies are designed to control; it does not replace hardening deployed resources.<\/li>\n<\/ul>\n\n\n\n

                                                Feature 4: Works alongside OCI IAM for \u201cwho can subscribe\/deploy\u201d<\/h3>\n\n\n\n
                                                  \n
                                                • What it does:<\/strong> Marketplace Policies define \u201cwhat\u2019s allowed\u201d globally, while IAM defines \u201cwho can do what in which compartment.\u201d<\/li>\n
                                                • Why it matters:<\/strong> You need both: category restrictions and identity-based authorization.<\/li>\n
                                                • Practical benefit:<\/strong> Enables models like \u201cplatform team brokers subscriptions\u201d while app teams only deploy approved stacks.<\/li>\n
                                                • Limitations\/caveats:<\/strong> IAM permissions for Marketplace have specific resource types\/verbs\u2014verify exact IAM policy statements in official docs<\/strong>.<\/li>\n<\/ul>\n\n\n\n

                                                  Feature 5: Auditable changes via OCI Audit (governance traceability)<\/h3>\n\n\n\n
                                                    \n
                                                  • What it does:<\/strong> Administrative changes to tenancy settings and user actions are typically captured in OCI Audit (depending on event types and logging configuration).<\/li>\n
                                                  • Why it matters:<\/strong> Governance controls must be auditable for compliance.<\/li>\n
                                                  • Practical benefit:<\/strong> Helps answer \u201cwho changed Marketplace governance and when?\u201d<\/li>\n
                                                  • Limitations\/caveats:<\/strong> Audit retention, export, and query patterns should be planned; ensure your audit strategy meets your regulatory needs.<\/li>\n<\/ul>\n\n\n\n

                                                    Feature 6: Supports landing zone governance patterns<\/h3>\n\n\n\n
                                                      \n
                                                    • What it does:<\/strong> Integrates naturally into a landing zone build checklist (governance, IAM, network, tagging, budgets).<\/li>\n
                                                    • Why it matters:<\/strong> Marketplace is a common \u201cbackdoor\u201d for nonstandard deployments if not governed.<\/li>\n
                                                    • Practical benefit:<\/strong> Reduces variance across teams and environments.<\/li>\n
                                                    • Limitations\/caveats:<\/strong> Policies are only one layer; you still need secure network defaults, logging, and patching standards.<\/li>\n<\/ul>\n\n\n\n

                                                      7. Architecture and How It Works<\/h2>\n\n\n\n

                                                      High-level service architecture<\/h3>\n\n\n\n

                                                      At a high level:\n1. An OCI administrator<\/strong> configures Marketplace Policies<\/strong> at the tenancy level.\n2. Users browse Marketplace listings in the OCI Console (or via APIs\/automation where applicable).\n3. When a user attempts to subscribe<\/strong> or proceed with a deployment workflow, the Marketplace control plane evaluates:\n – Marketplace Policies<\/strong> (what listing types are allowed)\n – IAM authorization<\/strong> (whether the identity can perform the action in the target compartment)\n4. If allowed, the subscription\/deployment proceeds and may create OCI resources (compute instances, networking, storage, etc.) depending on the listing.<\/p>\n\n\n\n

                                                      Request\/data\/control flow (conceptual)<\/h3>\n\n\n\n
                                                        \n
                                                      • Control plane:<\/strong> Policy evaluation, subscription metadata, authorization decisions.<\/li>\n
                                                      • Data plane:<\/strong> The actual runtime resources created by Marketplace listings (instances, clusters, etc.).<\/li>\n
                                                      • Billing plane:<\/strong> Any charges from deployed OCI services and\/or listing-related commercial terms (varies by listing; verify listing pricing details<\/strong> before deploying).<\/li>\n<\/ul>\n\n\n\n

                                                        Integrations with related services<\/h3>\n\n\n\n

                                                        Common integrations around Marketplace Policies include:\n– OCI IAM:<\/strong> Manage who can subscribe\/deploy and where (compartment scope).\n– Compartments:<\/strong> Contain and isolate Marketplace deployments.\n– OCI Audit:<\/strong> Track policy changes and Marketplace actions for compliance.\n– Budgets and Cost Management:<\/strong> Detect and prevent spend escalation after enabling Marketplace.\n– Networking (VCN, NSGs, security lists):<\/strong> Constrain exposure of Marketplace-deployed resources.\n– Vault:<\/strong> Store secrets for workloads deployed from Marketplace (application-level).<\/p>\n\n\n\n

                                                        Dependency services (typical)<\/h3>\n\n\n\n
                                                          \n
                                                        • OCI tenancy\/IAM (required)<\/li>\n
                                                        • Oracle Cloud Marketplace (required)<\/li>\n
                                                        • Audit (strongly recommended)<\/li>\n
                                                        • Cost Management (recommended)<\/li>\n
                                                        • Networking and compute services (only if you deploy listings)<\/li>\n<\/ul>\n\n\n\n

                                                          Security\/authentication model<\/h3>\n\n\n\n
                                                            \n
                                                          • Users authenticate via OCI identity (local users, federation, etc.).<\/li>\n
                                                          • Authorization uses IAM policy statements<\/strong> and tenancy governance controls.<\/li>\n
                                                          • Marketplace Policies are an additional governance layer evaluated by the Marketplace control plane.<\/li>\n<\/ul>\n\n\n\n

                                                            Networking model<\/h3>\n\n\n\n

                                                            Marketplace Policies themselves have no networking. They govern the ability to deploy Marketplace software that will<\/em> have networking implications:\n– public IP assignment\n– inbound\/outbound rules\n– egress to the internet\n– private endpoints\n– load balancers\nPlan \u201csafe defaults\u201d in your landing zone so Marketplace deployments can\u2019t easily violate network security.<\/p>\n\n\n\n

                                                            Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                              \n
                                                            • Audit<\/strong> is central for governance.<\/li>\n
                                                            • For workloads deployed from Marketplace, ensure standard observability:<\/li>\n
                                                            • OCI Logging\/Monitoring\/Alarms (service availability varies by resource type)<\/li>\n
                                                            • OS logs (syslog\/journald), application logs<\/li>\n
                                                            • vulnerability scanning and patch compliance (your tools\/process)<\/li>\n<\/ul>\n\n\n\n

                                                              Simple architecture diagram (conceptual)<\/h4>\n\n\n\n
                                                              flowchart LR\n  Admin[Tenancy Admin] -->|Configure| MP[Marketplace Policies]\n  User[OCI User\/Engineer] -->|Browse\/Subscribe| Mkt[Oracle Cloud Marketplace]\n  Mkt -->|Evaluate| MP\n  Mkt -->|Authorize| IAM[OCI IAM Policies]\n  Mkt -->|If allowed, deploy| OCI[OCI Resources<br\/>Compute\/VCN\/Storage]\n  MP --> Audit[OCI Audit]\n  IAM --> Audit\n  OCI --> Cost[Cost Management\/Budgets]\n<\/code><\/pre>\n\n\n\n
                                                              Production-style architecture diagram (governed enterprise)<\/h4>\n\n\n\n
                                                              flowchart TB\n  subgraph Governance[\"Governance & Security\"]\n    MP[Marketplace Policies<br\/>(Tenancy-level)]\n    IAM[IAM Groups\/Policies]\n    Audit[OCI Audit]\n    Tag[Tagging\/Tag Defaults]\n    Budgets[Budgets & Cost Tracking]\n  end\n\n  subgraph LandingZone[\"Landing Zone Baseline\"]\n    Net[Network Compartments<br\/>VCN, NSGs, Routing]\n    Log[Central Logging\/Monitoring]\n    Vault[OCI Vault]\n  end\n\n  subgraph Workloads[\"Workload Compartments\"]\n    Dev[Dev Compartment]\n    Prod[Prod Compartment]\n    Shared[Shared Services Compartment]\n  end\n\n  Platform[Platform Team] --> MP\n  Platform --> IAM\n  Security[Security\/GRC] --> MP\n  Security --> Audit\n\n  Engineers[App Teams] -->|Request approved listing| Platform\n  Engineers -->|Deploy in allowed compartment| Dev\n  Engineers -->|Deploy in allowed compartment| Prod\n\n  MP -->|Restrict listing categories| Mkt[Oracle Cloud Marketplace]\n  IAM -->|Authorize actions| Mkt\n\n  Mkt -->|Deploys resources| Dev\n  Mkt -->|Deploys resources| Prod\n\n  Dev --> Log\n  Prod --> Log\n  Dev --> Vault\n  Prod --> Vault\n\n  MP --> Audit\n  Mkt --> Audit\n  Budgets -->|Alerts| Platform\n<\/code><\/pre>\n\n\n\n
                                                              8. Prerequisites<\/h2>\n\n\n\n
                                                              Tenancy requirements<\/h3>\n\n\n\n
                                                                \n
                                                              • An active Oracle Cloud (OCI) tenancy<\/strong> with access to Oracle Cloud Marketplace<\/strong>.<\/li>\n
                                                              • You must have administrative access<\/strong> to configure tenancy-level settings.<\/li>\n<\/ul>\n\n\n\n
                                                                Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                To work with Marketplace Policies, you typically need permissions equivalent to:\n– Tenancy administrator<\/strong> or a delegated administrator role with rights to manage Marketplace governance settings.<\/p>\n\n\n\n
                                                                For subscribing\/deploying Marketplace listings, users also need appropriate IAM permissions for Marketplace actions and for creating resources (compute, networking, etc.) in target compartments.<\/p>\n\n\n\n
                                                                \n
                                                                OCI IAM policy statements and resource types for Marketplace can vary and are periodically updated. Verify the latest IAM policy reference for Marketplace in official docs<\/strong>:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/p>\n<\/blockquote>\n\n\n\n
                                                                Billing requirements<\/h3>\n\n\n\n
                                                                  \n
                                                                • Marketplace Policies themselves are governance settings, but enabling Marketplace can lead to billable deployments:<\/li>\n
                                                                • OCI resources created from listings (compute, storage, networking)<\/li>\n
                                                                • Listing-related commercial terms (if applicable to the listing)<\/li>\n
                                                                • Ensure your tenancy has a configured payment method and cost controls (budgets, quotas).<\/li>\n<\/ul>\n\n\n\n
                                                                  Tools needed<\/h3>\n\n\n\n
                                                                    \n
                                                                  • OCI Console<\/strong> access (primary for Marketplace Policies).<\/li>\n
                                                                  • OCI CLI\/SDK are optional; Marketplace Policies are generally configured via console. If your organization automates governance, check whether OCI exposes APIs for these settings (verify in official docs<\/strong>).<\/li>\n<\/ul>\n\n\n\n
                                                                    Region availability<\/h3>\n\n\n\n
                                                                      \n
                                                                    • Oracle Cloud Marketplace is available in many OCI regions, but availability and listing support can vary by region and realm.  <\/li>\n
                                                                    • Marketplace Policies are typically tenancy-level; verify cross-region behavior<\/strong> in the official Marketplace documentation.<\/li>\n<\/ul>\n\n\n\n
                                                                      Quotas\/limits<\/h3>\n\n\n\n
                                                                      Marketplace Policies don\u2019t typically have \u201cquotas\u201d like compute. Practical limits are organizational:\n– How many teams need access\n– How you structure compartments and budgets\n– How many Marketplace deployments your operations team can support<\/p>\n\n\n\n
                                                                      Prerequisite services (recommended for production)<\/h3>\n\n\n\n
                                                                        \n
                                                                      • OCI Audit<\/strong> (for governance traceability)<\/li>\n
                                                                      • Budgets \/ cost tracking<\/strong> (to manage indirect Marketplace cost impact)<\/li>\n
                                                                      • Network baseline<\/strong> (VCN patterns, egress controls, NSGs)<\/li>\n
                                                                      • Vault<\/strong> (for secrets in deployed solutions)<\/li>\n<\/ul>\n\n\n\n
                                                                        9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                        Pricing model (accurate framing)<\/h3>\n\n\n\n
                                                                        Marketplace Policies<\/strong> are governance settings and are not typically priced as a standalone metered service<\/strong>. The main cost impact is indirect and comes from what you allow users to deploy through Marketplace.<\/p>\n\n\n\n
                                                                        Marketplace cost considerations split into two buckets:<\/p>\n\n\n\n
                                                                          \n
                                                                        1. \n
                                                                          OCI resource costs created by the listing<\/strong>\n   – Compute instances\n   – Block volumes\n   – Load balancers\n   – Object storage\n   – Network egress\n   – Managed services that a stack provisions<\/p>\n<\/li>\n
                                                                        2. \n
                                                                          Listing-related charges (listing-dependent)<\/strong>\n   – Some Marketplace listings may include paid software licensing models.\n   – Others may be BYOL (Bring Your Own License) where charges occur outside OCI.\n   – Some may be free to use but still incur underlying infrastructure costs.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                          Always check the listing page in Oracle Cloud Marketplace for:\n– Pricing notes\n– Billing units (if any)\n– License terms and conditions<\/p>\n\n\n\n
                                                                          Official pricing references<\/h3>\n\n\n\n
                                                                            \n
                                                                          • Oracle Cloud pricing overview: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n
                                                                          • OCI pricing documentation entry point: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/CostAnalysis\/home.htm (Cost Management docs area; verify current URL structure if it changes)<\/li>\n
                                                                          • Oracle Cloud Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/li>\n<\/ul>\n\n\n\n
                                                                            Cost drivers (most common)<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Compute shape selection<\/strong> (OCPU\/memory) used by a Marketplace image<\/li>\n
                                                                            • Always-on instances<\/strong> (24\/7 cost)<\/li>\n
                                                                            • Block storage sizing and performance tier<\/strong><\/li>\n
                                                                            • Load balancer hours + bandwidth<\/strong><\/li>\n
                                                                            • Outbound data transfer (egress)<\/strong>, especially internet egress<\/li>\n
                                                                            • High availability topologies<\/strong> (multiple instances, multi-AD patterns)<\/li>\n
                                                                            • Support and operations tooling<\/strong> you add after deployment<\/li>\n<\/ul>\n\n\n\n
                                                                              Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Logging and monitoring data ingestion\/storage<\/strong><\/li>\n
                                                                              • Backups and snapshots<\/strong><\/li>\n
                                                                              • Patch management overhead<\/strong><\/li>\n
                                                                              • Security scanning tooling<\/strong><\/li>\n
                                                                              • Network appliances<\/strong> (if the listing deploys additional components)<\/li>\n<\/ul>\n\n\n\n
                                                                                Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Marketplace deployments that pull container images, updates, or telemetry can generate:<\/li>\n
                                                                                • Internet egress<\/li>\n
                                                                                • NAT gateway usage<\/li>\n
                                                                                • Service gateway routing differences<\/li>\n
                                                                                • Plan egress controls and evaluate whether the solution can operate with restricted outbound access.<\/li>\n<\/ul>\n\n\n\n
                                                                                  How to optimize cost<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Prefer free\/BYOL listings<\/strong> for evaluation (when suitable).<\/li>\n
                                                                                  • Deploy into sandbox compartments<\/strong> with budgets and quotas.<\/li>\n
                                                                                  • Right-size compute; schedule shutdown for non-production.<\/li>\n
                                                                                  • Use tagging to attribute spend to a team\/project.<\/li>\n
                                                                                  • Require architecture review before production Marketplace deployments.<\/li>\n<\/ul>\n\n\n\n
                                                                                    Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                    A low-cost trial typically involves:\n– Subscribing to a free\/BYOL Marketplace listing (no direct listing fee)\n– Deploying a small compute instance for a few hours\/days\n– Minimal storage and no load balancer<\/p>\n\n\n\n
                                                                                    The exact cost depends on:\n– Region\n– Compute shape\n– Runtime duration\n– Storage size\n– Network egress<\/p>\n\n\n\n
                                                                                    Use the Oracle Cost Estimator for a region-accurate estimate:\nhttps:\/\/www.oracle.com\/cloud\/costestimator.html<\/p>\n\n\n\n
                                                                                    Example production cost considerations<\/h3>\n\n\n\n
                                                                                    In production, costs often come from:\n– Multiple instances for HA\n– Load balancers\n– Persistent volumes and backups\n– Monitoring\/log aggregation at scale\n– Security tooling and operations overhead<\/p>\n\n\n\n
                                                                                    A good practice is to treat Marketplace enablement as a platform product<\/strong>: require a cost model per approved listing and maintain a \u201cknown monthly run rate\u201d for each reference deployment.<\/p>\n\n\n\n
                                                                                    10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                    This lab is designed to be safe and low-cost<\/strong> by focusing on governance configuration and subscription behavior rather than deploying large stacks.<\/p>\n\n\n\n
                                                                                    Objective<\/h3>\n\n\n\n
                                                                                    Configure Marketplace Policies<\/strong> in Oracle Cloud to enforce a more controlled Marketplace usage model, then validate that restrictions are applied.<\/p>\n\n\n\n
                                                                                    Lab Overview<\/h3>\n\n\n\n
                                                                                    You will:\n1. Review your current Marketplace governance baseline.\n2. Configure Marketplace Policies to restrict Marketplace usage (based on the controls available in your tenancy).\n3. Validate the behavior by attempting a Marketplace subscription action that should be restricted.\n4. Confirm traceability using Audit logs.\n5. Roll back changes (cleanup) to restore the original state.<\/p>\n\n\n\n
                                                                                    \n
                                                                                    Important: Marketplace Policies options can differ by tenancy, realm, and OCI UI updates. Follow the intent of each step and rely on the descriptions shown in the console<\/strong>. For exact, current option labels, verify the official docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/p>\n<\/blockquote>\n\n\n\n
                                                                                    \n\n\n\n
                                                                                    Step 1: Confirm you have the right admin access<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    1. Sign in to the OCI Console<\/strong> using an account with tenancy administration privileges.<\/li>\n
                                                                                    2. Open the navigation menu and confirm you can access tenancy administration\/governance areas.<\/li>\n<\/ol>\n\n\n\n
                                                                                      Expected outcome:<\/strong> You can access governance settings in the tenancy and can open Marketplace-related administration pages.<\/p>\n\n\n\n
                                                                                      Verification:<\/strong>\n– You can view tenancy details and governance settings without authorization errors.<\/p>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      Step 2: Locate the Marketplace Policies page<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      1. In the OCI Console, open the navigation menu.<\/li>\n
                                                                                      2. Navigate to Marketplace<\/strong> and look for Marketplace Policies<\/strong> (or a similarly named governance entry under administration\/tenancy settings depending on your console layout).<\/li>\n<\/ol>\n\n\n\n
                                                                                        Expected outcome:<\/strong> You reach a page that shows Marketplace governance controls for your tenancy.<\/p>\n\n\n\n
                                                                                        Verification:<\/strong>\n– You can see current policy settings and a way to edit\/update them.<\/p>\n\n\n\n
                                                                                        \n\n\n\n
                                                                                        Step 3: Record the current baseline (before changes)<\/h3>\n\n\n\n
                                                                                        Before you change anything, capture your baseline:\n– Which controls are enabled\/disabled\n– Any notes about what is allowed\n– A timestamp and your admin username (for audit traceability)<\/p>\n\n\n\n
                                                                                        Expected outcome:<\/strong> You have a recorded baseline so you can revert safely.<\/p>\n\n\n\n
                                                                                        Verification checklist:<\/strong>\n– Baseline recorded in your change ticket \/ notes.\n– You understand which Marketplace actions should be allowed today.<\/p>\n\n\n\n
                                                                                        \n\n\n\n
                                                                                        Step 4: Apply a restrictive Marketplace Policies configuration (safe governance change)<\/h3>\n\n\n\n
                                                                                        On the Marketplace Policies page, update settings to implement a conservative posture. Choose one or more restrictions that match your governance goal, for example:\n– Restrict Marketplace usage to lower-risk listing categories<\/strong>\n– Disallow subscription to listing categories that your organization is not ready to govern (for example, third-party and\/or paid listings\u2014depending on what your console provides)<\/p>\n\n\n\n
                                                                                        Make a minimal change first (one control), then apply\/save.<\/p>\n\n\n\n
                                                                                        Expected outcome:<\/strong> Marketplace governance settings are updated successfully.<\/p>\n\n\n\n
                                                                                        Verification:<\/strong>\n– The console confirms the update.\n– The displayed policy state reflects your changes.<\/p>\n\n\n\n
                                                                                        \n
                                                                                        Tip: If the console provides an explanatory tooltip or description for each policy, rely on that text for understanding the impact. Oracle may adjust naming over time; the intent is consistent: restrict Marketplace usage to reduce risk.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                        \n\n\n\n
                                                                                        Step 5: Validate enforcement by attempting a restricted Marketplace action<\/h3>\n\n\n\n
                                                                                        Now validate behavior.<\/p>\n\n\n\n
                                                                                          \n
                                                                                        1. Open Oracle Cloud Marketplace<\/strong> listings in the console.<\/li>\n
                                                                                        2. Identify a listing type that should be restricted by your new Marketplace Policies settings (for example, a category you disabled).<\/li>\n
                                                                                        3. Attempt the action that should be blocked (commonly \u201cSubscribe\u201d or proceeding past terms acceptance, depending on the listing workflow).<\/li>\n<\/ol>\n\n\n\n
                                                                                          Expected outcome:<\/strong> The console prevents the action or displays an error\/denial indicating the tenancy\u2019s Marketplace governance does not allow it.<\/p>\n\n\n\n
                                                                                          Verification:<\/strong>\n– You see a clear UI block, denial message, or the action is not available.\n– The listing cannot be subscribed to under the restricted category.<\/p>\n\n\n\n
                                                                                          If you cannot find a listing that matches your restricted category:\n– Use a different listing category, or\n– Temporarily adjust the restriction to a category you can test immediately.<\/p>\n\n\n\n
                                                                                          \n\n\n\n
                                                                                          Step 6: Confirm governance traceability in OCI Audit<\/h3>\n\n\n\n
                                                                                          To ensure your governance changes are auditable:<\/p>\n\n\n\n
                                                                                            \n
                                                                                          1. Navigate to Audit<\/strong> (OCI Audit service) in the console.<\/li>\n
                                                                                          2. Set the time range to include your Marketplace Policies change timestamp.<\/li>\n
                                                                                          3. Filter by your user identity and look for events that correspond to governance or tenancy setting updates.<\/li>\n<\/ol>\n\n\n\n
                                                                                            Expected outcome:<\/strong> An audit event exists showing that Marketplace Policies (or an associated tenancy setting) was updated, including who made the change and when.<\/p>\n\n\n\n
                                                                                            Verification:<\/strong>\n– You can identify:\n  – the event time\n  – the user\/principal\n  – the action\/event name\n  – the affected resource\/settings (as shown in the event payload)<\/p>\n\n\n\n
                                                                                            \n
                                                                                            Audit event names and payload schemas evolve. If you don\u2019t immediately see a clear event, broaden filters and verify audit configuration in your tenancy.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                            \n\n\n\n
                                                                                            Validation<\/h3>\n\n\n\n
                                                                                            Use this quick validation checklist:<\/p>\n\n\n\n
                                                                                              \n
                                                                                            1. Control plane:<\/strong> Marketplace Policies page reflects the intended restrictions.<\/li>\n
                                                                                            2. Enforcement:<\/strong> A restricted Marketplace action is blocked.<\/li>\n
                                                                                            3. Auditability:<\/strong> OCI Audit shows an event for the policy change (and ideally for the blocked\/attempted action where applicable).<\/li>\n
                                                                                            4. Reversibility:<\/strong> You can revert to baseline without ambiguity.<\/li>\n<\/ol>\n\n\n\n
                                                                                              \n\n\n\n
                                                                                              Troubleshooting<\/h3>\n\n\n\n
                                                                                              Common issues and fixes:<\/p>\n\n\n\n
                                                                                                \n
                                                                                              1. \n
                                                                                                You can\u2019t find \u201cMarketplace Policies\u201d in the console<\/strong>\n   – Your tenancy may have a different menu layout or you may lack permissions.\n   – Try searching within the console for \u201cMarketplace\u201d and \u201cPolicies\u201d.\n   – Confirm you\u2019re in the correct tenancy and have admin rights.<\/p>\n<\/li>\n
                                                                                              2. \n
                                                                                                Changes don\u2019t appear to take effect<\/strong>\n   – Refresh the console session.\n   – Confirm the changes were saved successfully.\n   – Re-check that you changed the correct setting (some controls may affect only certain listing types).<\/p>\n<\/li>\n
                                                                                              3. \n
                                                                                                You can still subscribe when you expect it to be blocked<\/strong>\n   – Your restriction may not apply to that listing category.\n   – The listing may be considered an allowed category under your current policy set.\n   – Verify in official docs how the policy is evaluated for that listing type.<\/p>\n<\/li>\n
                                                                                              4. \n
                                                                                                No Audit events found<\/strong>\n   – Confirm Audit is enabled and you\u2019re searching the right time range and compartment\/tenancy context.\n   – Expand filters (principal, event type).\n   – Verify Audit documentation and your retention\/export approach.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Cleanup<\/h3>\n\n\n\n
                                                                                                Revert changes to restore the original baseline:<\/p>\n\n\n\n
                                                                                                  \n
                                                                                                1. Return to the Marketplace Policies page.<\/li>\n
                                                                                                2. Restore the settings you recorded in Step 3.<\/li>\n
                                                                                                3. Save\/apply changes.<\/li>\n<\/ol>\n\n\n\n
                                                                                                  Expected outcome:<\/strong> Your tenancy\u2019s Marketplace governance is returned to its pre-lab state.<\/p>\n\n\n\n
                                                                                                  Verification:<\/strong>\n– Marketplace Policies match the baseline.\n– Marketplace subscription behavior returns to previous behavior.<\/p>\n\n\n\n
                                                                                                  11. Best Practices<\/h2>\n\n\n\n
                                                                                                  Architecture best practices<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Treat Marketplace enablement as part of your landing zone architecture<\/strong>, not an afterthought.<\/li>\n
                                                                                                  • Separate sandbox<\/strong> and production<\/strong> compartments and restrict Marketplace deployments to sandbox until a listing is approved.<\/li>\n
                                                                                                  • Standardize Marketplace-based deployments through reference architectures<\/strong> and \u201cknown good\u201d patterns.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • Use least privilege<\/strong> for Marketplace actions:<\/li>\n
                                                                                                    • Only allow subscription\/deployment actions to approved groups.<\/li>\n
                                                                                                    • Restrict target compartments where deployments can occur.<\/li>\n
                                                                                                    • Avoid granting broad permissions like \u201cmanage all-resources\u201d to teams just to use Marketplace.<\/li>\n
                                                                                                    • Use federation (where appropriate) and strong MFA for identities that can change governance settings.<\/li>\n<\/ul>\n\n\n\n
                                                                                                      \n
                                                                                                      For exact IAM statements related to Marketplace, rely on the latest OCI IAM policy reference (verify in official docs<\/strong>):\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                      Cost best practices<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Require a cost model<\/strong> per approved listing (compute shape, expected runtime, egress, backups).<\/li>\n
                                                                                                      • Use Budgets<\/strong> and alerts for compartments where Marketplace deployments are allowed.<\/li>\n
                                                                                                      • Enforce tagging so Marketplace spend is attributable to owners.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Performance best practices<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Benchmark vendor appliances like you would any production workload.<\/li>\n
                                                                                                        • Validate that Marketplace images meet performance needs and can be tuned (storage IOPS, network throughput, CPU pinning, etc.).<\/li>\n
                                                                                                        • Treat Marketplace deployments as a starting point, not a final architecture.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Reliability best practices<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Validate HA patterns supported by the listing (single instance vs multi-node).<\/li>\n
                                                                                                          • Confirm patching\/upgrade strategy:<\/li>\n
                                                                                                          • Can you update without breaking support?<\/li>\n
                                                                                                          • Is there a vendor-supported upgrade path?<\/li>\n
                                                                                                          • Include backup\/restore plans and test them.<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Operations best practices<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • Standardize observability:<\/li>\n
                                                                                                            • metrics, logs, alarms, dashboards<\/li>\n
                                                                                                            • Integrate with incident response:<\/li>\n
                                                                                                            • ownership tags<\/li>\n
                                                                                                            • runbooks<\/li>\n
                                                                                                            • escalation path with vendor (if third-party)<\/li>\n
                                                                                                            • Keep an inventory of Marketplace subscriptions and deployments.<\/li>\n<\/ul>\n\n\n\n
                                                                                                              Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Use consistent naming for Marketplace-related resources and compartments:<\/li>\n
                                                                                                              • mkt-<team>-<env>-<app><\/code><\/li>\n
                                                                                                              • Enforce tags like:<\/li>\n
                                                                                                              • owner<\/code>, cost-center<\/code>, environment<\/code>, data-classification<\/code>, support-tier<\/code><\/li>\n
                                                                                                              • Document approved listing categories and your review workflow.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                Identity and access model<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Marketplace Policies are administrative governance<\/strong> controls.<\/li>\n
                                                                                                                • IAM is the authorization engine<\/strong> determining who can subscribe\/deploy and where.<\/li>\n
                                                                                                                • Best practice: separate duties:<\/li>\n
                                                                                                                • Security\/platform team controls Marketplace Policies and approvals<\/li>\n
                                                                                                                • App teams deploy only into approved compartments with bounded permissions<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  Encryption<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Marketplace Policies themselves don\u2019t store your data; they govern actions.<\/li>\n
                                                                                                                  • For Marketplace deployments, enforce encryption standards:<\/li>\n
                                                                                                                  • encryption at rest (block volumes, databases)<\/li>\n
                                                                                                                  • encryption in transit (TLS)<\/li>\n
                                                                                                                  • Use OCI Vault for keys\/secrets when workloads require them.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    Network exposure<\/h3>\n\n\n\n
                                                                                                                    Marketplace listings often deploy software that listens on network ports. Common mistakes:\n– Exposing admin consoles to the public internet\n– Using wide-open security lists (0.0.0.0\/0 inbound)\n– Allowing unrestricted outbound egress<\/p>\n\n\n\n
                                                                                                                    Recommendations:\n– Prefer private subnets for internal services.\n– Use NSGs with minimal rules.\n– Use bastions and private access patterns for administration.<\/p>\n\n\n\n
                                                                                                                    Secrets handling<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Do not embed credentials in Terraform variables stored in plaintext.<\/li>\n
                                                                                                                    • Use Vault and secret injection patterns supported by your deployment tooling.<\/li>\n
                                                                                                                    • Rotate credentials after initial deployment.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      Audit\/logging<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Ensure governance changes (Marketplace Policies) are auditable.<\/li>\n
                                                                                                                      • Export audit logs to a protected logging account\/project if required.<\/li>\n
                                                                                                                      • For deployed workloads, centralize logs and protect log integrity.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                        Compliance considerations<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • Maintain an approved software list and map Marketplace policy posture to it.<\/li>\n
                                                                                                                        • Archive:<\/li>\n
                                                                                                                        • Marketplace listing terms accepted (where applicable)<\/li>\n
                                                                                                                        • who accepted them and under what authority<\/li>\n
                                                                                                                        • Validate vendor compliance requirements (data residency, telemetry, support boundaries).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          Common security mistakes<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          • Enabling Marketplace broadly with no budgets, no tagging, and no compartment boundaries.<\/li>\n
                                                                                                                          • Allowing \u201cany user\u201d to accept vendor terms.<\/li>\n
                                                                                                                          • Deploying third-party appliances into production without:<\/li>\n
                                                                                                                          • vulnerability scanning<\/li>\n
                                                                                                                          • patch strategy<\/li>\n
                                                                                                                          • secure network defaults<\/li>\n<\/ul>\n\n\n\n
                                                                                                                            Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Start with restrictive Marketplace Policies, then relax as your governance matures.<\/li>\n
                                                                                                                            • Require a security review for any listing that:<\/li>\n
                                                                                                                            • introduces inbound internet exposure<\/li>\n
                                                                                                                            • processes sensitive data<\/li>\n
                                                                                                                            • installs agents with broad access<\/li>\n
                                                                                                                            • Use a dedicated \u201cMarketplace Sandbox\u201d compartment with tight budgets and quotas.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                              \n
                                                                                                                              Marketplace Policies are governance controls, not a full procurement system. Plan accordingly.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                              Known limitations (practical)<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Coarse-grained controls:<\/strong> Marketplace Policies may not provide per-listing allow\/deny or rich approval workflows.<\/li>\n
                                                                                                                              • Not a substitute for IAM:<\/strong> You still must control who can deploy resources and where.<\/li>\n
                                                                                                                              • Not a substitute for security hardening:<\/strong> Allowed Marketplace images can still be insecure if deployed with permissive networking and weak credentials.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                Quotas<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • No typical service quota like compute, but your tenancy resource quotas still apply for anything you deploy from Marketplace.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Regional constraints<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Marketplace listing availability can vary by region.<\/li>\n
                                                                                                                                  • Enforcement is usually tenancy-wide, but behavior can depend on realm\/region configuration\u2014verify in official docs<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • \u201cFree\u201d listings can still incur substantial infrastructure costs.<\/li>\n
                                                                                                                                    • Vendor licensing can be separate from OCI billing for BYOL models.<\/li>\n
                                                                                                                                    • Network egress and load balancers frequently dominate cost in real deployments.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Some listings assume certain network patterns (public subnets, specific ports).<\/li>\n
                                                                                                                                      • Some images may not align with your baseline hardening (CIS benchmarks, custom agents, logging).<\/li>\n
                                                                                                                                      • Some stacks assume specific OCI features are enabled in the region.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Marketplace deployments can drift from standard configuration management.<\/li>\n
                                                                                                                                        • Updates might require vendor-specific tooling and procedures.<\/li>\n
                                                                                                                                        • Ownership can become unclear (\u201cwho runs this appliance?\u201d) without tagging and runbooks.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Migration challenges<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Moving from Marketplace-deployed vendor appliances to internally built images can be nontrivial:<\/li>\n
                                                                                                                                          • data migration<\/li>\n
                                                                                                                                          • license transitions<\/li>\n
                                                                                                                                          • operational model changes<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Vendor-specific nuances<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Support boundaries vary by publisher.<\/li>\n
                                                                                                                                            • Terms acceptance and telemetry may differ per listing.<\/li>\n
                                                                                                                                            • Always review listing documentation and terms.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                              Marketplace Policies are a governance feature for Oracle Cloud Marketplace. Alternatives typically fall into:\n– Other OCI governance controls (IAM, compartments, quotas, budgets)\n– Marketplace governance in other clouds\n– Self-managed software catalogs and internal platform engineering approaches<\/p>\n\n\n\n
                                                                                                                                              Comparison table<\/h3>\n\n\n\n
                                                                                                                                              \n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                              Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                              Oracle Cloud Marketplace Policies<\/strong><\/td>\nTenancy-wide governance of Marketplace usage<\/td>\nFast guardrails; reduces risky\/unauthorized Marketplace adoption; complements IAM and Audit<\/td>\nOften coarse-grained; not a procurement workflow engine<\/td>\nYou need immediate Marketplace governance across teams<\/td>\n<\/tr>\n
                                                                                                                                              OCI IAM (compartment-based authorization)<\/strong><\/td>\nControlling who can deploy what and where<\/td>\nFine-grained permissioning; strong separation of duties<\/td>\nDoesn\u2019t inherently restrict Marketplace listing categories tenancy-wide<\/td>\nYou need per-team\/per-compartment control; use with Marketplace Policies<\/td>\n<\/tr>\n
                                                                                                                                              OCI Budgets + tagging strategy<\/strong><\/td>\nCost governance<\/td>\nStrong cost attribution and alerting; easy to operationalize<\/td>\nDetective\/after-the-fact; doesn\u2019t prevent subscription alone<\/td>\nYou want cost controls after enabling Marketplace<\/td>\n<\/tr>\n
                                                                                                                                              OCI Quotas<\/strong><\/td>\nHard caps on resource usage<\/td>\nPrevents runaway provisioning<\/td>\nDoesn\u2019t address license\/terms\/vendor risk<\/td>\nYou want strict guardrails on resource consumption<\/td>\n<\/tr>\n
                                                                                                                                              AWS Organizations + IAM + AWS Marketplace controls<\/strong><\/td>\nAWS enterprise governance<\/td>\nMature org-level governance patterns; broad tooling<\/td>\nDifferent cloud; requires AWS adoption<\/td>\nYour workloads are on AWS and Marketplace governance is needed there<\/td>\n<\/tr>\n
                                                                                                                                              Azure Marketplace Private Store + Azure Policy<\/strong><\/td>\nAzure enterprise governance<\/td>\nStrong governance and policy framework<\/td>\nDifferent cloud; not OCI<\/td>\nYou operate primarily in Azure<\/td>\n<\/tr>\n
                                                                                                                                              Google Cloud Marketplace controls + Org Policy<\/strong><\/td>\nGCP governance<\/td>\nOrganization policy model; integrates with GCP<\/td>\nDifferent cloud; not OCI<\/td>\nYou operate primarily in GCP<\/td>\n<\/tr>\n
                                                                                                                                              Internal curated catalog (self-managed)<\/strong><\/td>\nHighly regulated environments<\/td>\nMaximum control; can require approvals and scanning<\/td>\nHigher engineering overhead; slower adoption<\/td>\nYou need strict intake processes beyond Marketplace Policies<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                              15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                              Enterprise example (regulated industry)<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Problem:<\/strong> A financial services company wants to use Oracle Cloud Marketplace for faster provisioning of security tools and vendor appliances, but internal audit prohibits uncontrolled third-party software adoption and paid subscriptions without procurement.<\/li>\n
                                                                                                                                              • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                              • Marketplace Policies configured to restrict Marketplace usage to approved categories (per available controls).<\/li>\n
                                                                                                                                              • IAM model:
                                                                                                                                                  \n
                                                                                                                                                • Only a \u201cPlatform-Broker\u201d group can subscribe to Marketplace listings.<\/li>\n
                                                                                                                                                • App teams can deploy only from approved internal Terraform modules into their compartments.<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                • Audit logs exported to a centralized logging account.<\/li>\n
                                                                                                                                                • Budgets on Marketplace-enabled compartments with alerting to FinOps and platform ops.<\/li>\n
                                                                                                                                                • Why Marketplace Policies were chosen:<\/strong><\/li>\n
                                                                                                                                                • Immediate tenancy-level guardrails to reduce supply-chain and procurement risk.<\/li>\n
                                                                                                                                                • Clear governance story for auditors: preventive controls + auditable changes.<\/li>\n
                                                                                                                                                • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                • Reduced unauthorized subscriptions<\/li>\n
                                                                                                                                                • Clear ownership and cost attribution<\/li>\n
                                                                                                                                                • Faster onboarding of approved vendor solutions with controlled risk<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Startup\/small-team example<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Problem:<\/strong> A startup wants to move quickly and uses Marketplace to deploy a database tool and a logging agent, but they\u2019ve already had one surprise bill from a mis-sized deployment.<\/li>\n
                                                                                                                                                  • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                  • Marketplace Policies set to a conservative baseline (restrict risky categories if available; keep the catalog tight).<\/li>\n
                                                                                                                                                  • \u201cSandbox\u201d compartment for experiments with a strict budget and auto-alerts.<\/li>\n
                                                                                                                                                  • Tagging enforced for any Marketplace deployment.<\/li>\n
                                                                                                                                                  • Why Marketplace Policies were chosen:<\/strong><\/li>\n
                                                                                                                                                  • Low operational overhead: a small team needs simple guardrails, not heavy process.<\/li>\n
                                                                                                                                                  • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                  • Fewer cost surprises<\/li>\n
                                                                                                                                                  • Safer experimentation<\/li>\n
                                                                                                                                                  • Faster iteration with less governance debt<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    1. \n
                                                                                                                                                      Is Marketplace Policies a standalone Oracle Cloud service?<\/strong>\n   Marketplace Policies are best understood as governance controls for Oracle Cloud Marketplace<\/strong> rather than a separately deployed service.<\/p>\n<\/li>\n
                                                                                                                                                    2. \n
                                                                                                                                                      Does enabling Marketplace Policies cost extra?<\/strong>\n   Marketplace Policies themselves are governance settings and are not typically billed separately. Costs come from resources deployed<\/strong> from Marketplace and any listing-specific commercial terms.<\/p>\n<\/li>\n
                                                                                                                                                    3. \n
                                                                                                                                                      Do Marketplace Policies replace OCI IAM policies?<\/strong>\n   No. Marketplace Policies restrict Marketplace usage categories at a high level; IAM<\/strong> controls which identities can perform actions and in which compartments.<\/p>\n<\/li>\n
                                                                                                                                                    4. \n
                                                                                                                                                      Can I restrict Marketplace to only one compartment?<\/strong>\n   Marketplace Policies are generally tenancy-level. Compartment restrictions are typically done with IAM policies<\/strong>. Combine both for strong governance.<\/p>\n<\/li>\n
                                                                                                                                                    5. \n
                                                                                                                                                      Can I allow only Oracle-published listings and block third-party listings?<\/strong>\n   Many organizations implement that posture. The exact control available depends on current Marketplace Policies options\u2014verify in official docs and your console<\/strong>.<\/p>\n<\/li>\n
                                                                                                                                                    6. \n
                                                                                                                                                      Can Marketplace Policies prevent users from deploying resources that cost money?<\/strong>\n   They can reduce risk by restricting listing types, but resource costs<\/strong> can still occur from allowed listings. Use budgets, quotas, and IAM<\/strong> as additional controls.<\/p>\n<\/li>\n
                                                                                                                                                    7. \n
                                                                                                                                                      How do I audit changes to Marketplace Policies?<\/strong>\n   Use OCI Audit<\/strong> to track administrative actions. Confirm your audit retention and export strategy for compliance.<\/p>\n<\/li>\n
                                                                                                                                                    8. \n
                                                                                                                                                      If a user already subscribed to a listing, what happens if I tighten Marketplace Policies later?<\/strong>\n   Governance changes may block new subscriptions or actions, but existing deployments may continue to run. Plan operationally: inventory existing subscriptions and deployed resources. Verify exact behavior in official docs.<\/strong><\/p>\n<\/li>\n
                                                                                                                                                    9. \n
                                                                                                                                                      Can Marketplace Policies enforce security hardening on deployed images?<\/strong>\n   No. They control Marketplace access categories. Use hardened images, network controls, scanning, and configuration management for security posture.<\/p>\n<\/li>\n
                                                                                                                                                    10. \n
                                                                                                                                                      Is Marketplace available in all OCI regions?<\/strong>\n   Marketplace availability and specific listings can vary by region and realm. Verify region support on the listing and in official docs.<\/p>\n<\/li>\n
                                                                                                                                                    11. \n
                                                                                                                                                      How do I prevent engineers from exposing Marketplace-deployed admin UIs to the internet?<\/strong>\n   Use network baseline controls: private subnets, NSGs, ingress restrictions, bastion access patterns, and security review.<\/p>\n<\/li>\n
                                                                                                                                                    12. \n
                                                                                                                                                      Can I integrate Marketplace approvals into ITSM tools (ServiceNow\/Jira)?<\/strong>\n   Marketplace Policies alone are not an ITSM workflow engine. Implement process controls: require tickets for approvals and restrict subscription permissions via IAM.<\/p>\n<\/li>\n
                                                                                                                                                    13. \n
                                                                                                                                                      What\u2019s the safest way to start using Marketplace in a new tenancy?<\/strong>\n   Start with restrictive Marketplace Policies, a sandbox compartment with tight budgets, enforced tagging, and a platform-broker model.<\/p>\n<\/li>\n
                                                                                                                                                    14. \n
                                                                                                                                                      Do Marketplace listings always include compute instances?<\/strong>\n   Not always; it depends on the listing. Many listings deploy compute images or stacks that provision compute and related resources.<\/p>\n<\/li>\n
                                                                                                                                                    15. \n
                                                                                                                                                      Where do I find the authoritative list of Marketplace Policies options?<\/strong>\n   In the OCI Console under Marketplace governance and in official docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/p>\n<\/li>\n
                                                                                                                                                    16. \n
                                                                                                                                                      Can I manage Marketplace Policies through Terraform?<\/strong>\n   Not all tenancy settings are exposed through Terraform. Verify in official docs and the OCI Terraform provider documentation<\/strong> whether Marketplace Policies are supported as a resource\/data source.<\/p>\n<\/li>\n
                                                                                                                                                    17. \n
                                                                                                                                                      How do I handle license compliance for Marketplace software?<\/strong>\n   Treat it as software asset management: review listing terms, record approvals, restrict who can subscribe, and maintain an inventory of deployments and versions.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                                      17. Top Online Resources to Learn Marketplace Policies<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                      Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      Official documentation<\/td>\nOracle Cloud Marketplace docs<\/td>\nPrimary reference for Marketplace concepts, subscriptions, and governance context: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                      Official documentation<\/td>\nOCI Identity and Access Management docs<\/td>\nNeeded to design least-privilege access around Marketplace usage: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                      Official documentation<\/td>\nOCI Audit docs<\/td>\nLearn how to find and retain governance change events: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                      Official pricing<\/td>\nOracle Cloud Pricing<\/td>\nUnderstand pricing dimensions for resources deployed from Marketplace: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official cost tool<\/td>\nOracle Cloud Cost Estimator<\/td>\nBuild region-accurate cost estimates for Marketplace deployments: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n
                                                                                                                                                      Official docs (cost governance)<\/td>\nOCI Cost Management docs entry point<\/td>\nBudgets, tracking, and cost analysis patterns (verify navigation if it changes): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/CostAnalysis\/home.htm<\/td>\n<\/tr>\n
                                                                                                                                                      Official architecture<\/td>\nOracle Architecture Center<\/td>\nReference architectures and governance patterns that complement Marketplace controls: https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official learning<\/td>\nOracle University (OCI training)<\/td>\nStructured OCI training paths (Marketplace content varies by course): https:\/\/education.oracle.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      Official videos<\/td>\nOracle Cloud YouTube channel<\/td>\nProduct updates and demos; search for Marketplace governance topics: https:\/\/www.youtube.com\/@OracleCloudInfrastructure<\/td>\n<\/tr>\n
                                                                                                                                                      Community (reputable)<\/td>\nOCI blogs and field notes (Oracle Cloud Blog)<\/td>\nPractical guidance and announcements; validate details against docs: https:\/\/blogs.oracle.com\/cloud-infrastructure\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n\n
                                                                                                                                                      Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      DevOpsSchool.com<\/td>\nDevOps engineers, SREs, platform teams<\/td>\nOCI operations, DevOps practices, cloud governance topics<\/td>\ncheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      ScmGalaxy.com<\/td>\nBeginners to intermediate engineers<\/td>\nDevOps\/SCM foundations that support cloud governance<\/td>\ncheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      CLoudOpsNow.in<\/td>\nCloud operations teams<\/td>\nCloud operations, monitoring, governance fundamentals<\/td>\ncheck website<\/td>\nhttps:\/\/cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                      SreSchool.com<\/td>\nSREs, reliability engineers<\/td>\nReliability engineering practices applicable to OCI workloads<\/td>\ncheck website<\/td>\nhttps:\/\/sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      AiOpsSchool.com<\/td>\nOps and platform teams<\/td>\nAIOps concepts for monitoring and incident response<\/td>\ncheck website<\/td>\nhttps:\/\/aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n\n
                                                                                                                                                      Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      RajeshKumar.xyz<\/td>\nDevOps\/cloud training content<\/td>\nIndividuals and teams seeking practical DevOps coaching<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopstrainer.in<\/td>\nDevOps training services<\/td>\nEngineers wanting guided DevOps learning paths<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopsfreelancer.com<\/td>\nFreelance DevOps enablement<\/td>\nTeams needing short-term mentoring\/implementation help<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      devopssupport.in<\/td>\nDevOps support and training<\/td>\nOps teams needing troubleshooting-oriented guidance<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                      \n\n\n\n\n\n\n
                                                                                                                                                      Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                      cotocus.com<\/td>\nCloud\/DevOps consulting<\/td>\nGovernance, automation, operational readiness<\/td>\nLanding zone governance, cost controls, operational runbooks for Marketplace deployments<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      DevOpsSchool.com<\/td>\nDevOps\/Cloud consulting & enablement<\/td>\nPlatform engineering, DevOps pipelines, training<\/td>\nImplement controlled Marketplace adoption with IAM, budgets, audit reporting<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                      DEVOPSCONSULTING.IN<\/td>\nDevOps consulting<\/td>\nCI\/CD, cloud operations, governance practices<\/td>\nBuild guardrails around Marketplace usage and standardize approved deployment patterns<\/td>\nhttps:\/\/devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                      21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                      What to learn before Marketplace Policies<\/h3>\n\n\n\n
                                                                                                                                                      To use Marketplace Policies effectively, you should understand:\n– OCI tenancy basics: compartments, regions, and identity model\n– OCI IAM fundamentals: groups, policies, least privilege\n– OCI networking basics: VCNs, subnets, NSGs, routing, internet\/NAT\/service gateways\n– Cost basics: how OCI resources are billed (compute, storage, egress)<\/p>\n\n\n\n
                                                                                                                                                      What to learn after Marketplace Policies<\/h3>\n\n\n\n
                                                                                                                                                      Next skills that compound the value:\n– Landing zone architecture patterns on Oracle Cloud\n– Tagging strategy and governance automation\n– Cost governance:\n  – budgets, cost analysis, and chargeback\/showback\n– Security posture management:\n  – vulnerability scanning\n  – patching strategy\n  – secret management with Vault\n– Infrastructure as Code:\n  – Terraform modules for approved Marketplace patterns (where applicable)<\/p>\n\n\n\n
                                                                                                                                                      Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Cloud platform engineer<\/li>\n
                                                                                                                                                      • Cloud security engineer \/ GRC engineer<\/li>\n
                                                                                                                                                      • Solutions architect<\/li>\n
                                                                                                                                                      • DevOps engineer<\/li>\n
                                                                                                                                                      • SRE \/ operations engineer<\/li>\n
                                                                                                                                                      • FinOps analyst (in governance collaboration)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                        Oracle\u2019s certification offerings evolve. A common approach:\n– Start with OCI foundations training\/certification paths on Oracle University.\n– Add security and architecture credentials as needed.<\/p>\n\n\n\n
                                                                                                                                                        Check Oracle University for current OCI certification tracks:\nhttps:\/\/education.oracle.com\/<\/p>\n\n\n\n
                                                                                                                                                        Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        1. Build an OCI \u201cMarketplace Sandbox\u201d compartment with budgets, tags, and restrictive Marketplace Policies.<\/li>\n
                                                                                                                                                        2. Implement a platform-broker model:\n   – Only platform group can subscribe\n   – App teams deploy via approved modules<\/li>\n
                                                                                                                                                        3. Create an audit report:\n   – Marketplace policy changes\n   – Marketplace subscription activity<\/li>\n
                                                                                                                                                        4. Design a secure network baseline for typical Marketplace appliances:\n   – private subnets\n   – controlled egress\n   – bastion access<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                                          22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Oracle Cloud (OCI):<\/strong> Oracle Cloud Infrastructure services and control plane used to provision and manage cloud resources.<\/li>\n
                                                                                                                                                          • Marketplace:<\/strong> Oracle Cloud Marketplace, a catalog of listings (images, stacks, solutions) from Oracle and partners.<\/li>\n
                                                                                                                                                          • Marketplace Policies:<\/strong> Tenancy-level governance settings that restrict and control Marketplace usage.<\/li>\n
                                                                                                                                                          • Tenancy:<\/strong> The top-level OCI account boundary containing identity, compartments, and governance configuration.<\/li>\n
                                                                                                                                                          • Compartment:<\/strong> Logical container for OCI resources used for isolation, access control, and billing organization.<\/li>\n
                                                                                                                                                          • IAM Policy:<\/strong> OCI authorization rule defining who can perform which actions on what resources in which scope.<\/li>\n
                                                                                                                                                          • Audit:<\/strong> OCI service that records control-plane events for governance and security investigations.<\/li>\n
                                                                                                                                                          • Listing:<\/strong> A Marketplace item (image\/solution\/stack) that can be subscribed to and deployed.<\/li>\n
                                                                                                                                                          • Subscription:<\/strong> The act of accepting terms and enabling the ability to deploy a Marketplace listing.<\/li>\n
                                                                                                                                                          • BYOL:<\/strong> Bring Your Own License; licensing is handled outside OCI billing, but infrastructure costs still apply.<\/li>\n
                                                                                                                                                          • Egress:<\/strong> Outbound network traffic, often billed when going to the public internet.<\/li>\n
                                                                                                                                                          • Landing Zone:<\/strong> Standardized baseline architecture for accounts\/tenancies including IAM, networking, governance, and logging.<\/li>\n
                                                                                                                                                          • Least privilege:<\/strong> Security principle of granting only the minimum permissions necessary.<\/li>\n
                                                                                                                                                          • FinOps:<\/strong> Cross-functional practice for cloud financial management and cost governance.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            23. Summary<\/h2>\n\n\n\n
                                                                                                                                                            Oracle Cloud Marketplace Policies<\/strong> are tenancy-level governance controls for Oracle Cloud Marketplace<\/strong>. They matter because Marketplace is a fast path to deploy vendor software, but without guardrails it can introduce security, compliance, operational, and cost<\/strong> risks.<\/p>\n\n\n\n
                                                                                                                                                            Marketplace Policies fit into Oracle Cloud as a control-plane governance layer<\/strong> that works best when paired with OCI IAM<\/strong>, compartments<\/strong>, Audit<\/strong>, and budgets<\/strong>. They don\u2019t directly cost money, but they materially affect spend by controlling which Marketplace paths are available and by reducing accidental or unapproved deployments.<\/p>\n\n\n\n
                                                                                                                                                            Use Marketplace Policies when you need organization-wide Marketplace governance\u2014especially in shared tenancies and regulated environments. Next, deepen your implementation by aligning IAM compartment controls, adding cost guardrails, and standardizing approved deployment patterns through reference architectures and IaC.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                            Marketplace<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71,62],"tags":[],"class_list":["post-931","post","type-post","status-publish","format-standard","hentry","category-marketplace","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/931","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=931"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/931\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=931"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=931"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=931"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}