{"id":932,"date":"2026-04-17T04:31:34","date_gmt":"2026-04-17T04:31:34","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-service-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace\/"},"modified":"2026-04-17T04:31:34","modified_gmt":"2026-04-17T04:31:34","slug":"oracle-cloud-service-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-service-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-marketplace\/","title":{"rendered":"Oracle Cloud Service Catalog Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Marketplace"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Marketplace<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Service Catalog<\/strong> (in the <strong>Marketplace<\/strong> category) is the place in the Oracle Cloud Console where you discover, evaluate, and deploy software published by Oracle and third-party partners\u2014such as VM images, Terraform stacks, and other solution packages\u2014into your Oracle Cloud Infrastructure (OCI) tenancy.<\/p>\n\n\n\n<p>In simple terms: <strong>Service Catalog is the \u201capp store\u201d experience inside Oracle Cloud Marketplace<\/strong>, with the additional guardrails and tenancy-level controls that enterprises need (agreements, subscriptions, compartment placement, and governance).<\/p>\n\n\n\n<p>Technically, Service Catalog provides a catalog UI and supporting APIs that connect <strong>Marketplace listings<\/strong> (publisher content and terms) to <strong>OCI resource provisioning workflows<\/strong> (for example, launching a compute instance from a Marketplace image or deploying infrastructure using Resource Manager\/Terraform). It also helps track <strong>accepted agreements<\/strong> and <strong>subscriptions<\/strong> tied to those listings.<\/p>\n\n\n\n<p>The problem it solves: teams often waste time and take security risks by sourcing software informally (random images, unmanaged scripts, inconsistent configurations). Service Catalog centralizes access to vetted Marketplace offerings so you can <strong>standardize deployments, reduce time-to-value, and improve compliance<\/strong>\u2014while still enabling self-service.<\/p>\n\n\n\n<blockquote>\n<p>Naming note: In OCI, \u201cMarketplace\u201d is the overall capability and \u201cService Catalog\u201d is the console experience used to browse and deploy listings. If Oracle renames or reorganizes console navigation over time, <strong>verify in official docs<\/strong> that \u201cService Catalog\u201d is still the current term in your console and region.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Service Catalog?<\/h2>\n\n\n\n<p><strong>Official purpose (practical definition)<\/strong><br\/>\nService Catalog is the Oracle Cloud Marketplace interface for discovering and deploying Marketplace content (listings) into your OCI tenancy, typically by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reviewing listing details (publisher, versions, documentation, pricing model)<\/li>\n<li>Accepting legal terms (agreements)<\/li>\n<li>Creating a subscription (where applicable)<\/li>\n<li>Launching or deploying the listing into an OCI compartment<\/li>\n<\/ul>\n\n\n\n<p><strong>Core capabilities<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Catalog browsing and discovery<\/strong>: search, filter, and review Marketplace listings available to your tenancy\/region.<\/li>\n<li><strong>Agreement and subscription workflow<\/strong>: accept publisher terms before deployment and track what has been accepted.<\/li>\n<li><strong>Guided provisioning<\/strong>: launch or deploy resources based on listing type (commonly images and Terraform stacks).<\/li>\n<li><strong>Governed self-service<\/strong>: when combined with OCI IAM and Marketplace governance features (for example, curated access models), teams can limit what can be deployed.<\/li>\n<\/ul>\n\n\n\n<p><strong>Major components<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Component<\/th>\n<th>What it is<\/th>\n<th>Why it matters<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Marketplace listing<\/td>\n<td>A published software offering (Oracle or partner) with metadata, versions, and terms<\/td>\n<td>This is the unit you deploy<\/td>\n<\/tr>\n<tr>\n<td>Agreement \/ terms<\/td>\n<td>Legal terms you accept before use<\/td>\n<td>Enables compliant adoption<\/td>\n<\/tr>\n<tr>\n<td>Subscription (where applicable)<\/td>\n<td>A record that links your tenancy to the listing\u2019s usage terms\/entitlements<\/td>\n<td>Helps with billing\/usage governance<\/td>\n<\/tr>\n<tr>\n<td>Deployment mechanism<\/td>\n<td>The OCI workflow used to instantiate the listing (e.g., Compute launch, Resource Manager stack)<\/td>\n<td>Turns catalog item into running resources<\/td>\n<\/tr>\n<tr>\n<td>OCI resources<\/td>\n<td>Compute, VCN, Block Volume, Object Storage, etc. created by deployment<\/td>\n<td>These drive most costs and operations<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<p><strong>Service type<\/strong><br\/>\nService Catalog is primarily a <strong>control-plane experience<\/strong> (console + APIs) that orchestrates or initiates deployments of other OCI resources. It is not a standalone data-plane runtime.<\/p>\n\n\n\n<p><strong>Scope and availability model (important)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tenancy-scoped governance and access<\/strong>: who can browse\/subscribe\/deploy is controlled by OCI IAM and Marketplace-related permissions.<\/li>\n<li><strong>Region-dependent listing availability<\/strong>: Marketplace listings (especially images and stacks) may be available only in certain regions. <strong>Verify in official docs and in-console availability<\/strong> for your region.<\/li>\n<li><strong>Compartment-aware deployment<\/strong>: deployments typically target a specific OCI compartment, inheriting that compartment\u2019s policies, quotas, tags, and (if used) Security Zones.<\/li>\n<\/ul>\n\n\n\n<p><strong>How it fits into the Oracle Cloud ecosystem<\/strong><\/p>\n\n\n\n<p>Service Catalog is a front door to deploy solutions that ultimately run on core OCI services:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Compute<\/strong> for VM-based images<\/li>\n<li><strong>OCI Resource Manager<\/strong> (Terraform) for stack-based deployments<\/li>\n<li><strong>OCI Networking (VCN)<\/strong> for connectivity<\/li>\n<li><strong>OCI IAM<\/strong> for access control<\/li>\n<li><strong>OCI Logging\/Audit<\/strong> for governance and traceability<\/li>\n<li><strong>OCI Billing and Cost Management<\/strong> for cost tracking (including Marketplace-related charges when applicable)<\/li>\n<\/ul>\n\n\n\n<p>Official docs starting points (verify current URLs and navigation if Oracle updates doc structure):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Marketplace documentation hub: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm  <\/li>\n<li>OCI documentation main portal: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/home.htm<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Service Catalog?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster time-to-value<\/strong>: deploy common products and architectures from known publishers without building everything from scratch.<\/li>\n<li><strong>Vendor-backed solutions<\/strong>: many listings include publisher documentation and support models that reduce delivery risk.<\/li>\n<li><strong>Standardization<\/strong>: consistent deployment artifacts reduce drift across environments and teams.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Repeatable deployments<\/strong>: stack-based listings often encode infrastructure-as-code patterns that reduce configuration errors.<\/li>\n<li><strong>Compatibility guidance<\/strong>: listings usually specify OCI requirements (shapes, images, networking prerequisites).<\/li>\n<li><strong>Version selection<\/strong>: ability to choose listing versions helps manage upgrade and compatibility risk.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Central place to find approved solutions<\/strong>: less reliance on tribal knowledge or ad hoc VM images.<\/li>\n<li><strong>Cleaner handoffs<\/strong>: operations teams can document \u201csupported\u201d catalog items and known runbooks.<\/li>\n<li><strong>Deploy into compartments<\/strong>: aligns with OCI\u2019s compartment model for lifecycle and access boundaries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Agreement acceptance tracking<\/strong>: helps demonstrate that required legal terms were acknowledged.<\/li>\n<li><strong>Governance with IAM<\/strong>: restrict who can deploy Marketplace items and where they can deploy them.<\/li>\n<li><strong>Better provenance than random images\/scripts<\/strong>: while you must still validate publisher trust, Marketplace improves traceability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reference architectures encoded as stacks<\/strong>: commonly include scalable patterns (load balancers, autoscaling, HA layouts). Actual scalability depends on the listing; validate publisher docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You need a <strong>supported, repeatable<\/strong> way to deploy third-party or Oracle-packaged solutions.<\/li>\n<li>You want <strong>self-service<\/strong> with guardrails rather than bespoke one-off provisioning.<\/li>\n<li>You need to balance speed with governance (agreements, compartments, IAM).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You require <strong>fully bespoke<\/strong> builds with hard internal standards and you already have a mature internal platform catalog (though Service Catalog may still be used as an upstream content source).<\/li>\n<li>You cannot accept third-party legal terms or you require strict supply-chain control not met by the listing\u2019s artifacts.<\/li>\n<li>The listing is not available in your region or does not meet security requirements (for example, required OS hardening).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Service Catalog used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Financial services<\/strong>: governed adoption of vendor solutions with strong IAM boundaries.<\/li>\n<li><strong>Healthcare<\/strong>: controlled deployment patterns and traceable sourcing.<\/li>\n<li><strong>Public sector<\/strong>: catalog-based provisioning with auditing and compartment controls.<\/li>\n<li><strong>SaaS and technology<\/strong>: accelerating environment creation and standardized stacks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Platform engineering teams building curated \u201cgolden paths\u201d<\/li>\n<li>DevOps\/SRE teams standardizing common workloads (CI\/CD tooling, monitoring agents, gateways)<\/li>\n<li>Security teams enforcing \u201conly approved images\/stacks\u201d<\/li>\n<li>Application teams needing rapid deployments<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web applications and content platforms (VM images or stacks)<\/li>\n<li>Security tooling (bastions, scanners, WAF-related components\u2014validate actual listing)<\/li>\n<li>Data platforms and middleware (databases, caches, message brokers\u2014validate publisher and license model)<\/li>\n<li>Networking and connectivity appliances (VPN, firewalls\u2014validate licensing and networking requirements)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Single-VM quickstarts for dev\/test<\/li>\n<li>Multi-tier architectures deployed via Terraform stacks<\/li>\n<li>Enterprise landing zones using curated catalogs (where supported by Marketplace governance features)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Production vs dev\/test usage<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dev\/test<\/strong>: fast trialing of new software with minimal friction; ensure you still tag and budget-control.<\/li>\n<li><strong>Production<\/strong>: use only after validating:<\/li>\n<li>Publisher reputation and support model<\/li>\n<li>Security posture (patching, hardening, encryption defaults)<\/li>\n<li>HA\/DR design and operational runbooks<\/li>\n<li>Licensing and metering model<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic Service Catalog use cases. Availability depends on region and listing publishers\u2014validate in Service Catalog and official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Standardized \u201capproved VM images\u201d for teams<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Teams deploy inconsistent OS\/app images, increasing risk and support overhead.<\/li>\n<li><strong>Why Service Catalog fits<\/strong>: Offers discoverable images with publisher documentation; supports agreement tracking.<\/li>\n<li><strong>Example<\/strong>: Security approves a short list of Marketplace images for web servers; developers can self-serve those images only.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Deploying a multi-tier application via Terraform stack<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Manual multi-tier provisioning is slow and error-prone.<\/li>\n<li><strong>Why it fits<\/strong>: Stack listings typically deploy VCN, compute, load balancers, and security lists together.<\/li>\n<li><strong>Example<\/strong>: A partner publishes a stack that deploys an HA web tier and database tier; you deploy it into a project compartment.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Proof-of-concept for vendor software<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Evaluating vendor products requires procurement and manual setup.<\/li>\n<li><strong>Why it fits<\/strong>: Marketplace listings often provide \u201cdeploy now\u201d workflows for trials (licensing varies).<\/li>\n<li><strong>Example<\/strong>: A team deploys a monitoring tool from Marketplace into a sandbox compartment for 14 days.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Rapid deployment of security appliances (network virtual appliances)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Network teams need standardized, repeatable deployment of security gateways.<\/li>\n<li><strong>Why it fits<\/strong>: Appliance images can be launched with defined shapes and network interfaces.<\/li>\n<li><strong>Example<\/strong>: Deploy a firewall VM image into a dedicated network compartment with strict route controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Building a curated internal catalog experience (governed self-service)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Marketplace is too broad; the organization needs \u201conly these 12 items.\u201d<\/li>\n<li><strong>Why it fits<\/strong>: OCI supports Marketplace governance patterns (availability depends on your tenancy features; <strong>verify<\/strong>).<\/li>\n<li><strong>Example<\/strong>: Platform team curates a short list of approved Marketplace listings and restricts deployment to specific compartments.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Environment bootstrap for hackathons and training<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Training sessions need identical environments quickly.<\/li>\n<li><strong>Why it fits<\/strong>: Catalog-based launch reduces instructor setup time.<\/li>\n<li><strong>Example<\/strong>: Students deploy the same VM image or stack and follow identical labs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Partner solution onboarding with clear legal acceptance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Legal\/compliance requires documented acceptance of terms for third-party software.<\/li>\n<li><strong>Why it fits<\/strong>: Agreements are accepted through Service Catalog before deployment.<\/li>\n<li><strong>Example<\/strong>: Compliance team requires a record that terms were accepted for a data integration tool.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Repeatable deployment patterns across compartments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Different teams deploy the same software with different networking and tagging.<\/li>\n<li><strong>Why it fits<\/strong>: Guided deploy + compartment selection + tags help standardize.<\/li>\n<li><strong>Example<\/strong>: A \u201cdev\u201d compartment and \u201cprod\u201d compartment each deploy the same stack with different parameters and tags.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Controlled adoption of BYOL (Bring Your Own License) software<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Teams need to deploy licensed software while tracking ownership and responsibility.<\/li>\n<li><strong>Why it fits<\/strong>: Marketplace listings commonly state BYOL vs PAYG; you can standardize on the approved model.<\/li>\n<li><strong>Example<\/strong>: Enterprise deploys BYOL images and enforces tagging for license owner and cost center.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Accelerated delivery for internal platforms<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Platform team needs quick components (reverse proxies, identity gateways, artifact repos).<\/li>\n<li><strong>Why it fits<\/strong>: Catalog can reduce build time if a trusted listing exists.<\/li>\n<li><strong>Example<\/strong>: Platform deploys an artifact repository image in a shared services compartment.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Service Catalog capabilities depend on the listing type (image\/stack\/application) and your tenancy configuration. The features below reflect common OCI Marketplace\/Service Catalog patterns\u2014verify specifics in your console and official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 1: Browse, search, and filter Marketplace listings<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you discover available listings by category, publisher, and other metadata.<\/li>\n<li><strong>Why it matters<\/strong>: Reduces time spent hunting for supported components.<\/li>\n<li><strong>Practical benefit<\/strong>: Engineers can quickly identify a deployable solution that matches their architecture.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: Listing availability can differ by region; some publishers restrict distribution.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 2: Listing detail pages (publisher, versions, documentation, pricing model)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Displays the listing\u2019s deployment options, supported shapes, version history (if provided), and documentation links.<\/li>\n<li><strong>Why it matters<\/strong>: Helps you validate fit before deploying.<\/li>\n<li><strong>Practical benefit<\/strong>: You can match versions to your security and compatibility requirements.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: Detail completeness varies by publisher; always validate independently for production.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 3: Agreement acceptance workflow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Presents legal terms (Oracle and\/or third-party) that must be accepted to use the listing.<\/li>\n<li><strong>Why it matters<\/strong>: Ensures legal compliance and clarity about licensing and responsibilities.<\/li>\n<li><strong>Practical benefit<\/strong>: Simplifies audits by centralizing acceptance.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: Agreement acceptance may require elevated permissions; verify IAM policies.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 4: Subscriptions \/ entitlements tracking (where applicable)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Records your tenancy\u2019s relationship to the listing for deployment and billing purposes.<\/li>\n<li><strong>Why it matters<\/strong>: Helps governance and cost attribution.<\/li>\n<li><strong>Practical benefit<\/strong>: Easier to identify what Marketplace items are in use.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: The exact meaning of \u201csubscription\u201d varies by listing type; verify on the listing page.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 5: Guided deployment for VM images<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Launches an OCI Compute instance using a Marketplace-provided image.<\/li>\n<li><strong>Why it matters<\/strong>: Speeds up provisioning of pre-packaged software.<\/li>\n<li><strong>Practical benefit<\/strong>: Reduces manual OS\/application setup steps.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: You must still manage patching, backups, network controls, and secrets.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 6: Guided deployment for Terraform stacks (OCI Resource Manager)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Deploys infrastructure using Terraform packaged by the publisher (stack).<\/li>\n<li><strong>Why it matters<\/strong>: Encodes best practices and dependencies in infrastructure-as-code.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster, repeatable multi-resource provisioning.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: Review Terraform code and security posture before applying in production.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 7: Compartment-targeted deployments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you deploy into a chosen compartment.<\/li>\n<li><strong>Why it matters<\/strong>: Compartments are OCI\u2019s primary administrative and security boundary for resources.<\/li>\n<li><strong>Practical benefit<\/strong>: Clear cost and access separation per team\/environment.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: If users lack permissions in target compartments, deployment fails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Feature 8: Integration with OCI identity and governance<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Uses OCI IAM for authentication\/authorization; integrates with auditing and resource governance features.<\/li>\n<li><strong>Why it matters<\/strong>: Enterprise control over who can deploy what.<\/li>\n<li><strong>Practical benefit<\/strong>: Centralized access control and traceability.<\/li>\n<li><strong>Limitations\/caveats<\/strong>: Fine-grained Marketplace permissions can be complex; rely on official policy reference.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>At a high level, Service Catalog is part of the OCI control plane:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>A user (or automation) browses listings in <strong>Service Catalog<\/strong>.<\/li>\n<li>The user reviews listing details and <strong>accepts agreements<\/strong> (if required).<\/li>\n<li>The user initiates a <strong>deployment<\/strong>.<\/li>\n<li>OCI provisions resources using the appropriate service:\n   &#8211; <strong>Compute<\/strong> for VM images\n   &#8211; <strong>Resource Manager<\/strong> for Terraform stacks\n   &#8211; Potentially other OCI services depending on listing type<\/li>\n<li>Created resources run inside your VCN\/compartment and are operated like any other OCI resources.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request \/ data \/ control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control flow<\/strong>: Console\/API calls \u2192 Marketplace\/Service Catalog \u2192 target provisioning service (Compute or Resource Manager) \u2192 resource creation in compartments.<\/li>\n<li><strong>Data flow<\/strong>: The deployed application\u2019s data path is typically between your VCN subnets, load balancers, databases, and external clients. Service Catalog is not in the runtime data path.<\/li>\n<li><strong>State tracking<\/strong>: Agreement acceptance and subscription metadata are tracked at the control-plane level. Runtime state is managed by the created OCI resources.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<p>Common integrations you should expect to use with Service Catalog deployments:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI Identity and Access Management (IAM)<\/strong>: user auth and permissions<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/li>\n<li><strong>OCI Compartments<\/strong>: placement boundary for resources and policies<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Tasks\/managingcompartments.htm<\/li>\n<li><strong>OCI Resource Manager (Terraform)<\/strong>: for stack deployments<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/ResourceManager\/home.htm<\/li>\n<li><strong>OCI Compute<\/strong>: for VM image deployments<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Compute\/home.htm<\/li>\n<li><strong>OCI Networking (VCN)<\/strong>: subnets, gateways, routing, security lists\/NSGs<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/overview.htm<\/li>\n<li><strong>OCI Audit<\/strong>: record of control-plane API calls<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/li>\n<li><strong>OCI Logging<\/strong>: logs for created resources (where configured)<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Logging\/home.htm<\/li>\n<li><strong>OCI Cloud Guard \/ Security Zones<\/strong> (if your org uses them): posture management and preventive policies<br\/>\n  Verify current docs for these services in your tenancy.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>Service Catalog depends on the general OCI control plane, identity, and the target provisioning services (Compute\/Resource Manager). Your deployment will also depend on networking, key management (if you use CMEK), and your chosen storage\/database services.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Auth uses standard OCI authentication: console login, API signing keys, instance principals, etc.<\/li>\n<li>Authorization is enforced through <strong>OCI IAM policies<\/strong>.<\/li>\n<li>Agreements create a compliance gating step before provisioning.<\/li>\n<\/ul>\n\n\n\n<blockquote>\n<p>For exact IAM policy statements for Marketplace\/Service Catalog actions, use the OCI policy reference and Marketplace documentation. Policy resource names can change; <strong>verify in official docs<\/strong>:\nhttps:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/iampolicyreference.htm<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service Catalog itself is control-plane and not placed in your VCN.<\/li>\n<li>Your deployed resources are placed into your VCN\/subnets.<\/li>\n<li>Your security posture depends heavily on:<\/li>\n<li>NSGs\/security lists<\/li>\n<li>Internet Gateway \/ NAT Gateway usage<\/li>\n<li>Bastion access patterns<\/li>\n<li>Load balancers and TLS configuration<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Track deployments via:<\/li>\n<li>Resource Manager job status (stack deployments)<\/li>\n<li>Compute instance lifecycle and metrics (image deployments)<\/li>\n<li>Use <strong>Audit<\/strong> to track who accepted agreements and initiated deployments.<\/li>\n<li>Use <strong>tags<\/strong> to enforce cost attribution (cost center, owner, environment, app ID).<\/li>\n<li>Consider <strong>budgets and alarms<\/strong> in OCI to manage spend (verify current billing features in your tenancy).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  U[Engineer \/ Automation] --&gt; SC[Service Catalog&lt;br\/&gt;(OCI Marketplace)]\n  SC --&gt; AGR[Accept Agreement \/ Create Subscription]\n  SC --&gt; DEP{Deploy Type?}\n  DEP --&gt; IMG[Launch VM from Marketplace Image]\n  DEP --&gt; STK[Deploy Terraform Stack&lt;br\/&gt;(OCI Resource Manager)]\n  IMG --&gt; CMP[OCI Compute Instance]\n  STK --&gt; RES[OCI Resources&lt;br\/&gt;(VCN, Compute, LB, etc.)]\n  CMP --&gt; VCN[VCN\/Subnets\/NSGs]\n  RES --&gt; VCN\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Id[Identity &amp; Governance]\n    IAM[OCI IAM Policies]\n    TAG[Tagging Standards]\n    AUD[OCI Audit]\n    CG[Cloud Guard \/ Security Zones&lt;br\/&gt;(if enabled)]\n  end\n\n  subgraph MP[OCI Marketplace]\n    SC[Service Catalog]\n    LIST[Marketplace Listings&lt;br\/&gt;(Images \/ Stacks)]\n    AGR[Agreements &amp; Subscriptions]\n  end\n\n  subgraph Prov[Provisioning]\n    RM[OCI Resource Manager]\n    CMP[OCI Compute]\n  end\n\n  subgraph Net[Network Compartment]\n    VCN[VCN]\n    IGW[Internet Gateway \/ NAT \/ Service Gateway]\n    NSG[NSGs \/ Security Lists]\n    LB[Load Balancer (optional)]\n  end\n\n  subgraph App[Application Compartment]\n    VM1[App VM(s)]\n    DB[(DB Service or VM DB)]\n    LOG[OCI Logging]\n    MON[Monitoring\/Alarms]\n    VAULT[Vault\/KMS (optional)]\n  end\n\n  IAM --&gt; SC\n  TAG --&gt; RM\n  TAG --&gt; CMP\n  SC --&gt; LIST --&gt; AGR\n  SC --&gt; RM\n  SC --&gt; CMP\n  RM --&gt; VCN\n  CMP --&gt; VCN\n  VCN --&gt; NSG\n  IGW --&gt; VCN\n  VCN --&gt; LB --&gt; VM1\n  VM1 --&gt; DB\n  AUD --&gt; SC\n  CG --&gt; VCN\n  VM1 --&gt; LOG\n  VM1 --&gt; MON\n  VAULT --&gt; VM1\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Tenancy and account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An active <strong>Oracle Cloud (OCI) tenancy<\/strong> with access to the OCI Console.<\/li>\n<li>Access to a region where the Marketplace listing you want is available (listing availability can be region-specific).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM roles<\/h3>\n\n\n\n<p>You need permissions for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Browsing Marketplace\/Service Catalog listings<\/li>\n<li>Accepting agreements \/ creating subscriptions<\/li>\n<li>Creating the target resources (Compute, VCN, Resource Manager, etc.) in the target compartment<\/li>\n<\/ul>\n\n\n\n<p>Because IAM policy granularity and resource names can vary and evolve, use one of these approaches:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Lab-friendly<\/strong>: perform the lab as a user in the <strong>Administrators<\/strong> group (or equivalent).<\/li>\n<li><strong>Enterprise approach<\/strong>: create a dedicated group and write least-privilege policies per official docs (<strong>recommended for production<\/strong>; verify exact policy statements):\n   &#8211; IAM policy reference: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/iampolicyreference.htm\n   &#8211; Marketplace docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Many listings can be deployed with pay-as-you-go OCI resources (Compute\/Storage\/Network) and may also include Marketplace charges depending on the listing.<\/li>\n<li>Ensure your tenancy has a valid billing setup (Free Tier\/trial or paid account).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools (optional but useful)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Console (required for this tutorial\u2019s primary path)<\/li>\n<li>OCI CLI (optional, for automation; verify Marketplace command reference if you plan CLI usage):<br\/>\n  https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/Concepts\/cliconcepts.htm<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Marketplace listings are not guaranteed in every region.<\/li>\n<li>Always confirm the listing appears in <strong>Service Catalog<\/strong> in your chosen region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas \/ limits<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compute instance quotas (OCPUs, memory)<\/li>\n<li>VCN limits (VCN count, subnets, etc.)<\/li>\n<li>Resource Manager limits (stacks\/jobs) if deploying stacks<\/li>\n<\/ul>\n\n\n\n<p>Quotas vary by tenancy and region. Verify via OCI console quotas\/limits pages and official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (for the hands-on lab)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Networking (VCN) for connectivity to a compute instance<\/li>\n<li>OCI Compute for instance creation<\/li>\n<li>SSH client for verification (macOS\/Linux terminal or Windows PowerShell\/OpenSSH)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<p>Service Catalog itself is a control-plane experience; <strong>most cost comes from the Marketplace listing\u2019s pricing model and the OCI resources you deploy<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions (what you pay for)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Underlying OCI resources created by the deployment<\/strong>\n   &#8211; Compute instance hours (shape, OCPU, memory)\n   &#8211; Block Volume size and performance tier (if applicable)\n   &#8211; Load Balancer hours and bandwidth (if used)\n   &#8211; Public IP and outbound data transfer (internet egress)\n   &#8211; Object Storage usage (if the solution stores artifacts\/logs)<\/li>\n<li><strong>Marketplace listing charges (listing-dependent)<\/strong>\n   &#8211; Some listings are <strong>BYOL<\/strong> (bring your own license): you pay OCI infra costs; licensing handled outside OCI.\n   &#8211; Some listings are <strong>PAYG<\/strong> (pay-as-you-go): an additional hourly or usage-based software fee may apply.\n   &#8211; Some listings may link to external procurement; the billing relationship may be outside OCI. <strong>Verify the listing\u2019s pricing tab and terms.<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier \/ Always Free considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI offers Free Tier\/Always Free services in many regions, but eligibility varies.<\/li>\n<li>A Marketplace listing may still require resources that are not Always Free (or may impose charges even if infrastructure is free).<br\/>\n<strong>Always validate the listing\u2019s cost model before deploying.<\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers to watch<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Shape selection<\/strong>: larger shapes increase cost quickly.<\/li>\n<li><strong>Storage<\/strong>: large boot volumes and data volumes.<\/li>\n<li><strong>Network egress<\/strong>: internet outbound traffic is often a major hidden cost.<\/li>\n<li><strong>High availability<\/strong>: multiple instances, load balancers, cross-AD\/region patterns.<\/li>\n<li><strong>Operational tooling<\/strong>: logs retention, monitoring metrics, backups, vulnerability scanning.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden\/indirect costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Support<\/strong>: some partner solutions require paid support for production.<\/li>\n<li><strong>Licensing compliance<\/strong>: BYOL deployments still require you to track license usage.<\/li>\n<li><strong>Security hardening<\/strong>: time and tooling to harden\/patch third-party images.<\/li>\n<li><strong>Backups\/DR<\/strong>: snapshots, cross-region replication (if used).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network\/data transfer implications<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control-plane actions (browsing Service Catalog) do not create meaningful data transfer costs.<\/li>\n<li>Runtime workloads can generate:<\/li>\n<li>inbound traffic (often free or low cost)<\/li>\n<li>outbound internet egress (commonly billed)<\/li>\n<li>inter-region transfer (billed)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>Always Free eligible<\/strong> resources for learning environments (if available).<\/li>\n<li>Use <strong>budgets and cost alerts<\/strong> (verify OCI Billing features in your tenancy).<\/li>\n<li>Tag everything: <code>costCenter<\/code>, <code>owner<\/code>, <code>environment<\/code>, <code>app<\/code>.<\/li>\n<li>Use autoscaling only when needed; stop non-prod instances off-hours.<\/li>\n<li>Validate listing pricing model (BYOL vs PAYG) and avoid accidental PAYG software charges.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A low-cost learning deployment typically includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>1 small compute instance (Always Free eligible if available)<\/li>\n<li>1 small boot volume<\/li>\n<li>1 VCN with a public subnet<\/li>\n<li>Minimal logging retention<\/li>\n<\/ul>\n\n\n\n<p>Your cost may be near-zero if Always Free applies and the listing has no additional PAYG fee. If the listing has a PAYG fee, you may incur software charges even with small infrastructure. <strong>Use the pricing details shown in the listing and OCI\u2019s cost estimator for your region.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>A production deployment from Service Catalog often requires:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multiple instances (HA)<\/li>\n<li>Load balancer<\/li>\n<li>Managed database service or HA database on compute<\/li>\n<li>Centralized logging and monitoring<\/li>\n<li>Backups and DR (possibly cross-region)<\/li>\n<li>WAF \/ security services<\/li>\n<\/ul>\n\n\n\n<p>These add recurring costs beyond the software listing itself.<\/p>\n\n\n\n<p><strong>Official pricing references<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI pricing: https:\/\/www.oracle.com\/cloud\/pricing\/  <\/li>\n<li>OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html  <\/li>\n<li>Marketplace docs (for how listings and metering work; verify specifics per listing): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<p>This lab is designed to be <strong>beginner-friendly, realistic, and low-cost<\/strong>. It focuses on what Service Catalog is best at: <strong>finding a Marketplace listing, accepting terms, and deploying it<\/strong>.<\/p>\n\n\n\n<p>Because Marketplace listings vary by <strong>region<\/strong>, <strong>publisher<\/strong>, and <strong>tenancy entitlements<\/strong>, the lab uses a flexible approach: you will deploy <strong>any free (or low-cost) Marketplace VM image listing<\/strong> that supports a \u201cLaunch instance\u201d style workflow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>Oracle Cloud Marketplace \u2192 Service Catalog<\/strong> to:\n  1. Find a Marketplace VM image listing\n  2. Review pricing\/terms and accept the agreement\n  3. Launch a compute instance from the listing into a compartment\n  4. Verify the instance is reachable\n  5. Clean up resources to avoid ongoing charges<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Create (or choose) a compartment for the lab.<\/li>\n<li>Create a basic VCN and subnet.<\/li>\n<li>In Service Catalog, select a Marketplace listing of type <strong>Image<\/strong> (VM image).<\/li>\n<li>Accept the agreement and launch a VM.<\/li>\n<li>SSH to the VM (or validate via instance console and metrics).<\/li>\n<li>Terminate the instance and delete lab networking.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected cost<\/strong>: depends on your region, account type, shape, and whether the listing has a PAYG fee. Use Always Free eligible resources if available and confirm listing pricing is free\/BYOL.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create (or choose) a compartment for the lab<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console, open the navigation menu.<\/li>\n<li>Go to <strong>Identity &amp; Security \u2192 Compartments<\/strong>.<\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<li>Name: <code>lab-service-catalog<\/code><\/li>\n<li>Description: <code>Lab compartment for Marketplace Service Catalog tutorial<\/code><\/li>\n<li>Parent compartment: choose your root compartment (or a training parent compartment)<\/li>\n<li>Click <strong>Create Compartment<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: a compartment exists to isolate lab resources and simplify cleanup.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; Confirm <code>lab-service-catalog<\/code> appears in the compartments list and you can select it.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create a basic VCN for the instance<\/h3>\n\n\n\n<p>You need a network to reach the instance. The simplest approach is the <strong>VCN wizard<\/strong>.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to <strong>Networking \u2192 Virtual Cloud Networks<\/strong>.<\/li>\n<li>Ensure you are in the <code>lab-service-catalog<\/code> compartment.<\/li>\n<li>Click <strong>Create VCN<\/strong>.<\/li>\n<li>Choose <strong>VCN with Internet Connectivity<\/strong> (wizard name may vary slightly).<\/li>\n<li>Provide:\n   &#8211; VCN name: <code>lab-vcn<\/code>\n   &#8211; CIDR: leave default unless you have conflicts<\/li>\n<li>Create the VCN.<\/li>\n<\/ol>\n\n\n\n<p>This wizard typically creates:\n&#8211; 1 VCN\n&#8211; 1 public subnet\n&#8211; Internet Gateway\n&#8211; Route table with default route to IGW\n&#8211; Security list (default rules may be restrictive)<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: you have a VCN and a public subnet suitable for a basic SSH-accessible VM.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; In the VCN details, confirm you have:\n  &#8211; A public subnet\n  &#8211; An Internet Gateway\n  &#8211; A route rule to <code>0.0.0.0\/0<\/code> via the Internet Gateway<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Prepare security rules for SSH (and optionally HTTP\/HTTPS)<\/h3>\n\n\n\n<p>For verification, you\u2019ll typically SSH to Linux images. Many images also expose a web UI on ports 80\/443\u2014but do not open those unless you need them.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your VCN, open the <strong>public subnet<\/strong>.<\/li>\n<li>Find the associated <strong>security list<\/strong> (or NSG if you plan to use NSGs).<\/li>\n<li>Add an <strong>ingress rule<\/strong>:\n   &#8211; Source CIDR: your public IP <code>\/32<\/code> is best (or a trusted corporate CIDR)\n   &#8211; IP protocol: TCP\n   &#8211; Destination port: <code>22<\/code><\/li>\n<\/ol>\n\n\n\n<p>Optional (only if your chosen listing requires web access):\n&#8211; TCP 80 and\/or 443 from your IP range<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: your client IP can reach the VM via SSH on port 22.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; You can later test with <code>ssh<\/code> once the instance is running.<\/p>\n\n\n\n<p><strong>Security note<\/strong>: Do not set source to <code>0.0.0.0\/0<\/code> for SSH in production. For a lab, restrict to your IP if possible.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Open Service Catalog and find a VM image listing<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In the OCI Console navigation menu, go to <strong>Marketplace \u2192 Service Catalog<\/strong>.<\/li>\n<li>Use filters\/search to find a listing that:\n   &#8211; Is a <strong>VM image<\/strong> \/ <strong>Image<\/strong> type listing (wording varies)\n   &#8211; Is available in your current region\n   &#8211; Has a pricing model you understand (free\/BYOL preferred for labs)<\/li>\n<\/ol>\n\n\n\n<p>When you open a listing, review:\n&#8211; <strong>Publisher<\/strong>\n&#8211; <strong>Pricing<\/strong> (BYOL vs PAYG; hourly software fees if any)\n&#8211; <strong>Supported shapes<\/strong> and requirements\n&#8211; <strong>Documentation<\/strong>\n&#8211; <strong>Terms\/Agreement<\/strong><\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: you have selected a listing that supports launching a compute instance.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; You can see a deploy action such as <strong>Launch Instance<\/strong> (exact button label may vary by listing type).\n&#8211; If the listing is stack-based, it may offer <strong>Deploy<\/strong> via Resource Manager instead. If you land on a stack listing instead of an image listing, you can still proceed, but the workflow will differ (Resource Manager stack jobs). For this lab, prefer an image listing.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Accept the agreement and subscribe (if prompted)<\/h3>\n\n\n\n<p>Most Marketplace items require you to accept an agreement:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>On the listing page, click the action to proceed (e.g., <strong>Launch Instance<\/strong>).<\/li>\n<li>If prompted, read the agreement\/terms and click <strong>Accept<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>If you do not have permission to accept agreements, you\u2019ll get an authorization error\u2014see Troubleshooting.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: agreement is accepted for your tenancy\/user context and you can proceed to instance launch.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; The workflow continues to instance configuration.\n&#8211; In some consoles, you can view accepted agreements\/subscriptions from Marketplace\/Service Catalog pages (location may vary; verify in your console).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Launch a compute instance from the Marketplace image<\/h3>\n\n\n\n<p>You will now configure the Compute instance. Exact fields vary, but the core is consistent.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Name<\/strong>: <code>sc-lab-vm<\/code><\/li>\n<li><strong>Compartment<\/strong>: <code>lab-service-catalog<\/code><\/li>\n<li><strong>Placement \/ Availability domain<\/strong>: choose default<\/li>\n<li><strong>Image<\/strong>: should already be set to the Marketplace image<\/li>\n<li><strong>Shape<\/strong>:\n   &#8211; For low-cost labs, choose an Always Free eligible shape if your tenancy supports it (availability varies).\n   &#8211; Otherwise choose the smallest shape that meets listing requirements.<\/li>\n<li><strong>Networking<\/strong>:\n   &#8211; VCN: <code>lab-vcn<\/code>\n   &#8211; Subnet: your public subnet\n   &#8211; Assign a public IPv4 address: <strong>Yes<\/strong> (for SSH from your laptop)<\/li>\n<li><strong>SSH keys<\/strong>:\n   &#8211; Add your public SSH key<\/li>\n<li><strong>Boot volume<\/strong>: keep defaults unless listing requires otherwise<\/li>\n<li>Click <strong>Create<\/strong> (or <strong>Launch<\/strong>).<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: an instance is created and enters <code>PROVISIONING<\/code> then <code>RUNNING<\/code>.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; Go to <strong>Compute \u2192 Instances<\/strong> in the <code>lab-service-catalog<\/code> compartment.\n&#8211; Confirm the instance lifecycle state is <strong>RUNNING<\/strong>.\n&#8211; Copy the <strong>public IP address<\/strong>.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: SSH to the instance (verification)<\/h3>\n\n\n\n<p>From your local machine:<\/p>\n\n\n\n<pre><code class=\"language-bash\">ssh -i \/path\/to\/private_key opc@&lt;PUBLIC_IP&gt;\n<\/code><\/pre>\n\n\n\n<p>Notes:\n&#8211; The default username depends on the image (common examples include <code>opc<\/code>, <code>ubuntu<\/code>, or others). The listing documentation should state the correct username.\n&#8211; If you cannot SSH:\n  &#8211; Confirm security list\/NSG rules\n  &#8211; Confirm the instance has a public IP\n  &#8211; Confirm your local IP hasn\u2019t changed (home networks often do)\n  &#8211; Confirm you used the correct username for the image<\/p>\n\n\n\n<p>Once connected, run:<\/p>\n\n\n\n<pre><code class=\"language-bash\">uname -a\ncat \/etc\/os-release || true\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: you have shell access and can confirm OS details.<\/p>\n\n\n\n<p><strong>Verification<\/strong>:\n&#8211; You can execute commands and the OS release information matches expectations from the listing.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>You have successfully completed the lab if:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You located a listing in <strong>Marketplace \u2192 Service Catalog<\/strong><\/li>\n<li>You accepted its agreement (if required)<\/li>\n<li>You launched an instance using the listing image<\/li>\n<li>The instance is <code>RUNNING<\/code> in the target compartment<\/li>\n<li>You can connect to it via SSH and run basic commands<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Listing not found in your region<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Publisher may not distribute to your region or the listing type is not available there.<\/li>\n<li><strong>Fix<\/strong>:<\/li>\n<li>Switch OCI region (top-right region selector) and re-check Service Catalog.<\/li>\n<li>Choose a different listing available in your region.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: \u201cNot authorized\u201d when accepting agreement or launching<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: IAM policy doesn\u2019t allow Marketplace agreement acceptance and\/or resource creation in the compartment.<\/li>\n<li><strong>Fix<\/strong>:<\/li>\n<li>Use an administrator account for the lab, or<\/li>\n<li>Ask your admin to grant permissions per Marketplace\/IAM docs (<strong>verify exact policy statements<\/strong>):<br\/>\n    https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<br\/>\n    https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/iampolicyreference.htm<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Instance launches but no SSH connectivity<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Missing ingress rule, wrong subnet type, no public IP, route table issue, or wrong username.<\/li>\n<li><strong>Fix<\/strong>:<\/li>\n<li>Confirm public IP is assigned.<\/li>\n<li>Confirm subnet route table has <code>0.0.0.0\/0<\/code> to the Internet Gateway.<\/li>\n<li>Confirm security list\/NSG allows TCP 22 from your IP.<\/li>\n<li>Check the listing docs for the correct default username.<\/li>\n<li>If needed, use OCI console instance console connection features (verify latest docs).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Issue: Shape not available \/ capacity error<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Shape is not available in your AD\/fault domain or you hit limits.<\/li>\n<li><strong>Fix<\/strong>:<\/li>\n<li>Choose a different shape<\/li>\n<li>Try another availability domain (if applicable)<\/li>\n<li>Request quota increases (production) or use smaller shapes (lab)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid ongoing charges, delete resources in reverse order:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Terminate the instance<\/strong>\n   &#8211; Compute \u2192 Instances \u2192 <code>sc-lab-vm<\/code> \u2192 <strong>Terminate<\/strong>\n   &#8211; Choose whether to delete attached boot volume (for labs, typically <strong>delete<\/strong> to avoid storage costs)<\/p>\n<\/li>\n<li>\n<p><strong>Delete the VCN<\/strong>\n   &#8211; Networking \u2192 VCNs \u2192 <code>lab-vcn<\/code> \u2192 <strong>Terminate<\/strong>\n   &#8211; If deletion fails, delete dependent resources first (subnets, gateways, route tables, security lists).<\/p>\n<\/li>\n<li>\n<p>(Optional) <strong>Delete the compartment<\/strong>\n   &#8211; Only if it contains no needed resources and your organization allows deletion.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p>Note: Accepted agreements\/subscriptions may remain recorded. That is normal for governance; do not assume you can or should \u201cdelete\u201d agreement acceptance.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer <strong>stack-based deployments<\/strong> for multi-resource solutions so infrastructure is repeatable and reviewable.<\/li>\n<li>Use a <strong>standard network pattern<\/strong>:<\/li>\n<li>private subnets for app\/data tiers<\/li>\n<li>public subnet only for load balancers or bastions<\/li>\n<li>Design for <strong>HA<\/strong> explicitly; many Marketplace images are single-node by default.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use least privilege:<\/li>\n<li>Separate permissions to <strong>browse\/subscribe<\/strong> vs <strong>deploy<\/strong> vs <strong>manage<\/strong> resources.<\/li>\n<li>Restrict deployments to approved compartments.<\/li>\n<li>Require tags at creation (tag defaults or policy-based enforcement where available).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use budgets, alerts, and cost tracking tags.<\/li>\n<li>Prefer Always Free eligible resources for labs (if available).<\/li>\n<li>Validate listing pricing model carefully (BYOL vs PAYG) to avoid unexpected software charges.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Right-size shapes based on workload, not \u201cdefault recommended\u201d alone.<\/li>\n<li>Use block volume performance tiers appropriately (verify current OCI block volume performance options).<\/li>\n<li>Benchmark your workload; Marketplace packaging does not guarantee performance.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Treat Marketplace images as a starting point:<\/li>\n<li>implement backups<\/li>\n<li>configure monitoring<\/li>\n<li>design multi-AZ\/AD where applicable<\/li>\n<li>For production, avoid single points of failure (single VM, single subnet, single boot volume).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standardize:<\/li>\n<li>naming conventions: <code>env-app-component-##<\/code><\/li>\n<li>tagging conventions<\/li>\n<li>Patch management:<\/li>\n<li>validate how the image is updated<\/li>\n<li>integrate with your OS management approach<\/li>\n<li>Logging:<\/li>\n<li>forward OS\/app logs to a centralized destination (OCI Logging where applicable)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Minimum tag set:<\/li>\n<li><code>owner<\/code><\/li>\n<li><code>costCenter<\/code><\/li>\n<li><code>environment<\/code> (dev\/test\/prod)<\/li>\n<li><code>appName<\/code> or <code>serviceId<\/code><\/li>\n<li><code>dataClassification<\/code> (if applicable)<\/li>\n<li>Use compartments as a lifecycle boundary:<\/li>\n<li>separate dev\/test\/prod compartments<\/li>\n<li>separate shared services\/network compartments<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Service Catalog access is governed by <strong>OCI IAM<\/strong>.<\/li>\n<li>Deployments require permissions to create resources (Compute\/Network\/Resource Manager) in the selected compartment.<\/li>\n<li>Recommendation:<\/li>\n<li>Create dedicated groups for:<ul>\n<li>catalog browsers<\/li>\n<li>deployers<\/li>\n<li>administrators<\/li>\n<\/ul>\n<\/li>\n<li>Use policy-as-code or documented policy review processes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI services generally support encryption at rest for storage services. The exact defaults and options vary by service.<\/li>\n<li>For sensitive workloads:<\/li>\n<li>consider OCI Vault \/ customer-managed keys (CMEK) where applicable<\/li>\n<li>validate whether the listing supports CMEK workflows (especially for stacks)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Most security risk comes from what the listing deploys:<\/li>\n<li>public IPs<\/li>\n<li>open ports in security lists\/NSGs<\/li>\n<li>default credentials or weak bootstrap<\/li>\n<li>Recommendations:<\/li>\n<li>avoid public SSH; use a bastion pattern where possible<\/li>\n<li>restrict inbound ports to trusted CIDRs<\/li>\n<li>require TLS for any web endpoints<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not embed secrets in Terraform variables in plaintext.<\/li>\n<li>Prefer a secrets manager approach (OCI Vault) and pass secrets securely during bootstrap.<\/li>\n<li>Rotate credentials after deployment if the listing uses default users.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable and review <strong>OCI Audit<\/strong> for control-plane actions:<\/li>\n<li>who accepted agreements<\/li>\n<li>who launched deployments<\/li>\n<li>Enable logging\/monitoring on the deployed resources (OS\/app logs, metrics).<\/li>\n<\/ul>\n\n\n\n<p>Audit docs:\n&#8211; https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review:<\/li>\n<li>publisher support and security claims<\/li>\n<li>data residency (region)<\/li>\n<li>licensing terms (BYOL\/PAYG)<\/li>\n<li>vulnerability management responsibilities (who patches what)<\/li>\n<li>For regulated environments, implement:<\/li>\n<li>hardened images<\/li>\n<li>vulnerability scanning (OCI or third-party)<\/li>\n<li>configuration management<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Leaving SSH open to the world (<code>0.0.0.0\/0<\/code>).<\/li>\n<li>Treating Marketplace images as \u201cfully secure by default\u201d.<\/li>\n<li>Deploying into the wrong compartment (wrong policies, no logging, wrong network).<\/li>\n<li>Not reading the agreement and pricing terms.<\/li>\n<li>Forgetting to terminate instances after evaluation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review listing documentation and (for stacks) review Terraform code before apply.<\/li>\n<li>Use private subnets by default; expose only a load balancer.<\/li>\n<li>Enforce tagging and budgets.<\/li>\n<li>Use dedicated compartments and least privilege IAM.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Service Catalog is tied to Marketplace listings and OCI governance, common limitations include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Regional availability<\/strong>: a listing may not be available in your region.<\/li>\n<li><strong>Publisher quality variance<\/strong>: documentation and operational maturity vary widely.<\/li>\n<li><strong>IAM complexity<\/strong>: least-privilege policies can be non-trivial; plan for a governance design phase.<\/li>\n<li><strong>Hidden PAYG fees<\/strong>: some listings add software fees on top of OCI infrastructure.<\/li>\n<li><strong>Shape requirements<\/strong>: certain images require specific shapes or minimum resources.<\/li>\n<li><strong>Network assumptions<\/strong>: listings may assume public subnet access or open ports; adjust to your standards.<\/li>\n<li><strong>Upgrade paths<\/strong>: some images do not provide smooth upgrade mechanisms; treat them as immutable and redeploy where feasible.<\/li>\n<li><strong>Drift risk<\/strong>: manual changes after deployment can make stacks hard to update or recreate.<\/li>\n<li><strong>Logging defaults<\/strong>: many deployments do not enable centralized logging automatically.<\/li>\n<li><strong>Quota constraints<\/strong>: tenancy quotas can block deployments unexpectedly.<\/li>\n<\/ul>\n\n\n\n<p>For up-to-date service limits and behavior, rely on:\n&#8211; Marketplace docs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm\n&#8211; Service limit\/quota docs in OCI for your services (Compute\/Network\/Resource Manager)<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Service Catalog is Oracle Cloud\u2019s Marketplace-driven catalog for deploying partner\/Oracle solutions. Alternatives depend on whether you want a catalog of <strong>third-party solutions<\/strong>, <strong>internal blueprints<\/strong>, or <strong>IaC modules<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Oracle Cloud Marketplace \u2192 Service Catalog<\/strong><\/td>\n<td>Deploying Oracle\/partner listings with agreements and guided provisioning<\/td>\n<td>Integrated with OCI console\/IAM\/compartments; agreement workflow; deploy images\/stacks<\/td>\n<td>Listing availability varies by region; publisher quality varies; can introduce licensing complexity<\/td>\n<td>You want OCI-native discovery and deployment of vendor solutions<\/td>\n<\/tr>\n<tr>\n<td>OCI Resource Manager (Terraform) without Marketplace<\/td>\n<td>Internal IaC, standardized infra blueprints<\/td>\n<td>Full control of code; repeatability; integrates with OCI<\/td>\n<td>You must build\/maintain templates; no Marketplace agreement\/subscription flow<\/td>\n<td>You have mature platform engineering and want fully controlled templates<\/td>\n<\/tr>\n<tr>\n<td>OCI Compute Custom Images \/ Image Pipelines (if used)<\/td>\n<td>Golden OS images under your control<\/td>\n<td>Strong standardization and security control<\/td>\n<td>More engineering effort; not \u201cvendor apps\u201d out of the box<\/td>\n<td>You want hardened internal images rather than third-party images<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS Service Catalog<\/strong> (other cloud)<\/td>\n<td>Enterprise catalog of approved products in AWS<\/td>\n<td>Mature governance; integrates with AWS IAM and provisioning<\/td>\n<td>Not OCI; not applicable for OCI deployments<\/td>\n<td>Choose when you are standardizing on AWS<\/td>\n<\/tr>\n<tr>\n<td><strong>Azure Marketplace + Managed Applications<\/strong> (other cloud)<\/td>\n<td>Marketplace solutions with managed deployment patterns<\/td>\n<td>Strong managed app patterns; Azure-native<\/td>\n<td>Not OCI; different governance model<\/td>\n<td>Choose when you are standardizing on Azure<\/td>\n<\/tr>\n<tr>\n<td><strong>Google Cloud Marketplace<\/strong> (other cloud)<\/td>\n<td>Marketplace solutions on GCP<\/td>\n<td>GCP-native procurement and deployment<\/td>\n<td>Not OCI<\/td>\n<td>Choose when you are standardizing on GCP<\/td>\n<\/tr>\n<tr>\n<td>Terraform Registry \/ Helm charts (self-managed approach)<\/td>\n<td>Engineering-led catalog of modules and apps<\/td>\n<td>Cloud-agnostic; code review and CI<\/td>\n<td>No built-in legal agreements; you must govern distribution<\/td>\n<td>Choose when you want portability and strict internal control<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Curated Marketplace adoption for a regulated organization<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A regulated enterprise wants faster delivery of vendor solutions (monitoring tools, security appliances, integration software) but must ensure governance, auditing, and compartment isolation.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>A \u201cShared Services\u201d compartment for platform-managed components<\/li>\n<li>Separate <code>dev<\/code>, <code>test<\/code>, <code>prod<\/code> compartments per business unit<\/li>\n<li>Service Catalog used as the approved source for select vendor listings<\/li>\n<li>Deployments primarily via Resource Manager stacks (reviewed before use)<\/li>\n<li>Centralized logging and audit enabled; strict network segmentation (private subnets)<\/li>\n<li><strong>Why Service Catalog was chosen<\/strong>:<\/li>\n<li>Provides a consistent Marketplace discovery and agreement acceptance workflow within Oracle Cloud<\/li>\n<li>Reduces shadow IT and ad hoc downloads<\/li>\n<li>Enables standard deployment patterns tied to compartments and IAM<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Shorter lead time to deploy vendor solutions<\/li>\n<li>Improved auditability of who deployed what and under which terms<\/li>\n<li>Better cost attribution with mandatory tags and compartment budgets<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Faster proof-of-concepts with controlled spend<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A small team needs to validate product-market fit quickly and wants to deploy a pre-built solution (for example, a web stack or gateway) without spending weeks on setup.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>One <code>sandbox<\/code> compartment for experiments<\/li>\n<li>A basic VCN and one compute instance from a Marketplace image<\/li>\n<li>Minimal but strict inbound rules (SSH from home IP only)<\/li>\n<li>Auto-cleanup workflow (terminate after tests)<\/li>\n<li><strong>Why Service Catalog was chosen<\/strong>:<\/li>\n<li>Quick access to deployable images\/stacks<\/li>\n<li>Minimal operational overhead for initial proof-of-concept<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Faster experiments<\/li>\n<li>Reduced engineering time spent on packaging<\/li>\n<li>Lower risk of adopting unknown artifacts compared to random downloads<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p><strong>Is Service Catalog the same as Oracle Cloud Marketplace?<\/strong><br\/>\n   Service Catalog is the Marketplace experience in the OCI Console where you browse and deploy Marketplace listings. Marketplace is the broader ecosystem; Service Catalog is how you access it in-console.<\/p>\n<\/li>\n<li>\n<p><strong>Is Oracle Cloud Service Catalog the same as AWS Service Catalog?<\/strong><br\/>\n   No. AWS Service Catalog is an AWS service for internal cataloged products. Oracle Cloud Service Catalog is tied to <strong>OCI Marketplace listings<\/strong> and their deployment workflows.<\/p>\n<\/li>\n<li>\n<p><strong>Do I pay for Service Catalog itself?<\/strong><br\/>\n   Service Catalog is primarily a control-plane interface. Costs come from (a) OCI resources you deploy and (b) any listing-specific PAYG software fees, if applicable.<\/p>\n<\/li>\n<li>\n<p><strong>What can I deploy from Service Catalog?<\/strong><br\/>\n   Commonly VM images and Terraform stacks. Availability depends on what listings are offered in your region and tenancy.<\/p>\n<\/li>\n<li>\n<p><strong>Why do I need to accept an agreement?<\/strong><br\/>\n   Marketplace listings often include legal terms and licensing conditions. Accepting the agreement is a required compliance step before deployment.<\/p>\n<\/li>\n<li>\n<p><strong>Can I restrict which Marketplace items my developers can deploy?<\/strong><br\/>\n   Typically yes, using a combination of IAM policies and Marketplace governance features (availability and exact configuration vary; verify in official docs and your console).<\/p>\n<\/li>\n<li>\n<p><strong>Are Marketplace images secure by default?<\/strong><br\/>\n   Not necessarily. Treat them as a starting point; you must still harden systems, restrict network access, patch, and monitor.<\/p>\n<\/li>\n<li>\n<p><strong>Can I deploy Marketplace items into a private subnet only?<\/strong><br\/>\n   Often yes, but it depends on how the listing is designed. Some images assume public access for bootstrap. Prefer stacks you can customize for private networking.<\/p>\n<\/li>\n<li>\n<p><strong>What\u2019s the difference between BYOL and PAYG listings?<\/strong><br\/>\n   BYOL means you bring your own license (and pay only OCI infrastructure). PAYG often adds a software usage charge through OCI billing or the publisher\u2019s model. Always confirm on the listing page.<\/p>\n<\/li>\n<li>\n<p><strong>Do all listings support Always Free resources?<\/strong><br\/>\n   No. Many require shapes or services that are not Always Free. Validate requirements before deployment.<\/p>\n<\/li>\n<li>\n<p><strong>Can I automate deployments from Service Catalog?<\/strong><br\/>\n   You can often automate provisioning using OCI APIs\/CLI\/SDKs and Resource Manager. Marketplace agreement acceptance and listing interactions may require specific API workflows\u2014verify current OCI API docs.<\/p>\n<\/li>\n<li>\n<p><strong>Where do I see what I\u2019ve already subscribed to or accepted?<\/strong><br\/>\n   The console typically provides views for subscriptions\/accepted agreements under Marketplace\/Service Catalog. Navigation may change\u2014verify in your console.<\/p>\n<\/li>\n<li>\n<p><strong>What happens if a publisher updates a listing version?<\/strong><br\/>\n   You may see new versions available. Updates to running deployments are usually your responsibility unless the listing provides an update mechanism. For stacks, you may need to redeploy or update the stack carefully.<\/p>\n<\/li>\n<li>\n<p><strong>Can I use Service Catalog in production?<\/strong><br\/>\n   Yes, if you validate the listing, licensing, security posture, and operational requirements. Establish governance and a review process before production use.<\/p>\n<\/li>\n<li>\n<p><strong>What is the safest way to evaluate a Marketplace listing?<\/strong><br\/>\n   Deploy into an isolated sandbox compartment and VCN, restrict inbound access, review Terraform code (if stack), monitor costs, and delete resources immediately after testing.<\/p>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Service Catalog<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Marketplace docs<\/td>\n<td>Primary reference for Marketplace and Service Catalog concepts and workflows: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Marketplace\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Compute docs<\/td>\n<td>Needed for image-based launches and instance operations: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Compute\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Resource Manager docs<\/td>\n<td>Needed for Terraform stack-based deployments: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/ResourceManager\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Networking docs<\/td>\n<td>Required for VCN\/subnet\/security rules used by deployments: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/overview.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI IAM docs<\/td>\n<td>For policies, groups, compartments: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>IAM policy reference<\/td>\n<td>For writing correct policies (verify Marketplace-specific resources): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Reference\/iampolicyreference.htm<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>OCI Audit docs<\/td>\n<td>Governance and investigation of actions: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/home.htm<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>OCI pricing<\/td>\n<td>Baseline for infrastructure costs: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<\/tr>\n<tr>\n<td>Official tool<\/td>\n<td>OCI Cost Estimator<\/td>\n<td>Model costs by region\/services: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n<tr>\n<td>Official learning portal<\/td>\n<td>Oracle University (OCI training)<\/td>\n<td>Structured OCI learning paths; search for Marketplace\/Resource Manager modules: https:\/\/education.oracle.com\/<\/td>\n<\/tr>\n<tr>\n<td>Official videos<\/td>\n<td>Oracle Cloud Infrastructure YouTube<\/td>\n<td>Often includes demos of Marketplace\/OCI services (verify playlists): https:\/\/www.youtube.com\/@OracleCloudInfrastructure<\/td>\n<\/tr>\n<tr>\n<td>Code samples<\/td>\n<td>OCI Resource Manager \/ Terraform examples (Oracle GitHub)<\/td>\n<td>Helpful for understanding stack structure; verify official repos: https:\/\/github.com\/oracle<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams, beginners<\/td>\n<td>DevOps tooling, cloud automation, CI\/CD, infrastructure practices<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>DevOps learners, engineers<\/td>\n<td>SCM, DevOps fundamentals, pipelines, release practices<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud engineers, operations teams<\/td>\n<td>Cloud operations, monitoring, reliability practices<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs, operations engineers, architects<\/td>\n<td>SRE practices, SLIs\/SLOs, incident management, reliability<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams, engineers exploring AIOps<\/td>\n<td>AIOps concepts, observability, automation<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud training content (verify exact offerings)<\/td>\n<td>Beginners to intermediate engineers<\/td>\n<td>https:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and coaching (verify exact offerings)<\/td>\n<td>DevOps engineers, students<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps support\/training platform (verify exact offerings)<\/td>\n<td>Teams needing short-term help or mentoring<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and guidance (verify exact offerings)<\/td>\n<td>Ops\/DevOps teams needing troubleshooting help<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>Cloud\/DevOps consulting (verify current scope)<\/td>\n<td>Cloud adoption, automation, delivery practices<\/td>\n<td>OCI environment setup, CI\/CD integration, Terraform standardization<\/td>\n<td>https:\/\/cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and training<\/td>\n<td>Platform engineering, DevOps transformation, automation<\/td>\n<td>Marketplace governance patterns, IaC adoption, operational readiness<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting services (verify current scope)<\/td>\n<td>Cloud DevOps and operations<\/td>\n<td>Cost optimization, security hardening, monitoring\/logging setup<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Service Catalog<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI fundamentals:<\/li>\n<li>compartments, VCNs, subnets, security lists\/NSGs<\/li>\n<li>Compute basics (instances, shapes, boot volumes)<\/li>\n<li>IAM:<\/li>\n<li>groups, dynamic groups, policies<\/li>\n<li>Basic Linux administration (SSH, firewall concepts)<\/li>\n<li>Terraform fundamentals (especially if you will deploy Marketplace stacks)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Service Catalog<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OCI Resource Manager advanced usage (jobs, variables, state handling)<\/li>\n<li>Secure networking patterns:<\/li>\n<li>private subnets, bastion access, load balancers<\/li>\n<li>Observability:<\/li>\n<li>OCI Logging, Monitoring, alarms, dashboards<\/li>\n<li>Governance:<\/li>\n<li>tagging strategy, budgets, audit reviews<\/li>\n<li>Supply-chain security:<\/li>\n<li>artifact provenance, image scanning, patching pipelines<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud engineer<\/li>\n<li>Solutions architect<\/li>\n<li>DevOps engineer<\/li>\n<li>Site reliability engineer (SRE)<\/li>\n<li>Platform engineer<\/li>\n<li>Security engineer (governance and approvals)<\/li>\n<li>Cloud operations engineer<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Oracle University offers OCI certifications. The most relevant tracks usually include:\n&#8211; OCI Foundations (for basics)\n&#8211; OCI Architect (for design)\n&#8211; OCI DevOps\/Operations (for implementation)<\/p>\n\n\n\n<p>Verify current OCI certification titles and requirements at:\n&#8211; https:\/\/education.oracle.com\/<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Build a \u201csandbox catalog\u201d process:\n   &#8211; define approved listings\n   &#8211; document deployment steps and guardrails<\/li>\n<li>Deploy a Marketplace stack into dev and prod compartments with different parameters.<\/li>\n<li>Create a cost governance kit:\n   &#8211; tags + budgets + alerts + cleanup automation<\/li>\n<li>Write a security review checklist for Marketplace listings:\n   &#8211; ports, credentials, patching, logs, encryption<\/li>\n<li>Build an internal runbook for agreement acceptance and approvals.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>OCI (Oracle Cloud Infrastructure)<\/strong>: Oracle Cloud\u2019s infrastructure platform (compute, network, storage, IAM).<\/li>\n<li><strong>Marketplace<\/strong>: OCI ecosystem of Oracle\/partner software offerings that can be deployed into OCI.<\/li>\n<li><strong>Service Catalog<\/strong>: The console experience under Marketplace used to browse, subscribe\/accept terms, and deploy Marketplace listings.<\/li>\n<li><strong>Listing<\/strong>: A Marketplace offering (image, stack, or other solution package) published by Oracle or a partner.<\/li>\n<li><strong>Agreement<\/strong>: Legal terms that must be accepted before using a listing.<\/li>\n<li><strong>Subscription<\/strong>: A record of entitlement\/usage relationship to a listing (meaning can vary by listing; verify per listing).<\/li>\n<li><strong>Compartment<\/strong>: OCI\u2019s logical container for resources and policies.<\/li>\n<li><strong>VCN (Virtual Cloud Network)<\/strong>: OCI\u2019s virtual network in a region.<\/li>\n<li><strong>Subnet<\/strong>: A segment within a VCN; can be public or private depending on routing and public IP usage.<\/li>\n<li><strong>Security List \/ NSG<\/strong>: Virtual firewall constructs controlling inbound\/outbound traffic.<\/li>\n<li><strong>Resource Manager<\/strong>: OCI\u2019s managed Terraform service for deploying IaC stacks.<\/li>\n<li><strong>BYOL<\/strong>: Bring Your Own License\u2014software licensing handled outside PAYG billing.<\/li>\n<li><strong>PAYG<\/strong>: Pay-As-You-Go\u2014software usage may be billed based on time\/usage in addition to infrastructure.<\/li>\n<li><strong>Audit<\/strong>: OCI service that records API calls for governance and investigation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Oracle Cloud <strong>Service Catalog<\/strong> in the <strong>Marketplace<\/strong> category is the practical way to discover and deploy Oracle and partner solutions into OCI with a governed workflow: you review a listing, accept agreements, and launch resources into compartments using OCI-native provisioning (Compute or Resource Manager).<\/p>\n\n\n\n<p>It matters because it enables <strong>faster, more standardized deployments<\/strong> while supporting enterprise needs like <strong>agreement tracking, IAM-controlled access, and compartment-based governance<\/strong>. Cost-wise, Service Catalog itself isn\u2019t usually the main cost\u2014your spend comes from deployed OCI resources and any listing-specific PAYG software charges. Security-wise, the biggest risks are misconfigured networking, overly permissive access, and treating third-party images as inherently hardened.<\/p>\n\n\n\n<p>Use Service Catalog when you want <strong>OCI-native self-service<\/strong> for vetted solutions and repeatable deployments. Avoid it (or gate it heavily) when you need strict internal supply-chain controls and fully custom builds without third-party terms.<\/p>\n\n\n\n<p>Next step: pick one stack-based listing you trust, review its Terraform carefully, deploy it into a sandbox compartment, and build a lightweight internal approval\/runbook process around it\u2014then expand into production with tagging, budgets, logging, and least-privilege IAM.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Marketplace<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[71,62],"tags":[],"class_list":["post-932","post","type-post","status-publish","format-standard","hentry","category-marketplace","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=932"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/932\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}