DR with Oracle Compute Cloud@Customer

Last summer, Oracle introduced Compute Cloud@Customer, a distributed cloud solution that offers increased flexibility while addressing crucial business concerns regarding data residency and low-latency connectivity. Since its launch, numerous customers have embraced this rack-scale cloud platform by deploying their application tier and cloud-native workloads. They have also leveraged the low-latency, private connection with Exadata Cloud@Customer database tier within their own data center.

Compute Cloud@Customer has emerged as a disaster recovery solution by enabling replication from OCI Region, thus meeting stringent data residency requirements. A prominent example is one of the oldest commercial banks in the MEA region, which now runs its core banking solution on Oracle Cloud Infrastructure (OCI) with Disaster Recovery (DR) on Compute Cloud@Customer, adhering to local regulatory standards.

While Compute Cloud@Customer shares similarities with public OCI, it's important to understand few unique considerations which we have learned through this Lift implementation.

1. Before you can use Compute Cloud@Customer, you must prepare your site for the installation of the rack, prepare your tenancy, and initialize the connection of the Compute Cloud@Customer infrastructure to Oracle Cloud Infrastructure. As part of the OCI tenancy preparation setup these items: Federated identity provider, Users and groups, Compartments, Policies, Virtual cloud network (VCN) with a subnet
2. The tasks you performed in Preparing Your Tenancy (creating a user, compartment, policies, and a VCN) are used only to establish the connection between OCI and the Compute Cloud@Customer infrastructure. These resources aren't intended to be used for organizing your cloud resources. You need to create similar IAM and network resources for organizing and isolating your cloud resources.
3. After the Compute Cloud@Customer infrastructure is installed and connected to Oracle Cloud Infrastructure (OCI), you need to perform additional administrative tasks including security administration before you can create resources such as virtual cloud networks, instances, and storage on the Compute Cloud@Customer infrastructure.
4. Be familiar with the supported Operating System(OS) Images and virtual machine (VM) provisioning within Compute Cloud@Customer.
5. Though networking in Compute Cloud@Customer is very similar to networking in OCI there are few key differences (e.g., no DRG v2). In the Compute Cloud@Customer environment, multiple VCNs are connected through VCN peering, using Local Peering Gateways (LPGs). This way, resources in different VCNs can communicate using their private IPs addresses.
6. Ensure no overlapping CIDRs with the OCI environment VCNs.
7. In the Compute Cloud@Customer environment, encryption is managed by Oracle.
8. The Compute Cloud@Customer infrastructure offers default metric charts accessible through the OCI console using the oci_ccc namespace. Alternatively, OCI Management agents can be installed on Compute Cloud@Customer instances to transmit metrics via a management gateway. However, it's important to note that OCI Monitoring, Auditing, and Logging are not currently available on Compute Cloud@Customer.
9. Deploy databases with IaaS resources (compute, network, storage). DBCS is not yet supported.
10. Enforce Mutli Factor Authentication for user access to Compute Cloud@Customer: Access to the console is controlled by federation with the OCI IAM service; if MFA is enabled on the OCI region where Compute Cloud@Customer is registered, then users of the Compute Cloud@Customer will be required to use MFA.
11. Encrypt all data at-rest: data at-rest on Compute Cloud@Customer is encrypted with AES128.
12. Establish secure network access from OCI to Compute Cloud@Customer via FastConnect private connectivity.
13. For Compute Cloud@Customer, IAM resources are managed in OCI within your tenancy, and synchronized to Compute Cloud@Customer every ten minutes or so. IAM resources can't be managed on the Compute Cloud@Customer infrastructure. Currently no local user is supported in Compute Cloud@Customer.

The depicted architecture illustrates the disaster recovery (DR) topology implemented with the OCI Region serving as the primary site and Compute Cloud@Customer functioning as the passive site.

Replication technology in this Architecture is defined according to the resource type:

- Compute VMs are replicated using RackWare Hybrid Cloud Platform.

- Object Storage is replicated with rclone

- File Storage is replicated with rsync.

For more information refer Compute Cloud@Customer page https://www.oracle.com/cloud/compute/cloud-at-customer/

Disclaimer: "The views expressed in this post are my own and do not necessarily reflect the views of Oracle."

Shubhadeep B. Soumyadeep Mitra Ashish Kashalkar Hiren Mehta Ricardo Malhado Rajeev Gurjar Adamshaffi Shaik Noor Mohammad Shaik Pankuri Mahajan Pankaj Kumar, (MCA, MBA, ITIL?, PMP?, SAFe?) Mohamed Refaat Edris