Thursday, July 20, 2023

Navigating Multi-Factor Authentication (MFA) for Oracle Cloud Infrastructure (OCI) - A Guide for Customers

 Introduction:

As part of its ongoing commitment to enhancing security measures, Oracle Cloud Infrastructure (OCI) has announced the implementation of Multi-Factor Authentication (MFA) for all customers. This move is aimed at bolstering the protection of sensitive data and safeguarding against potential security threats.

OCI MFA Policy Overview: The MFA policy, named "Security Policy for OCI Console," will be created by Oracle for customers who do not have Single Sign-On (SSO) configured. The activation of this policy will be carried out in batches, commencing from 20th July. This includes both recently migrated customers to OCI Gen2 and existing OCI customers.



How to avoid MFA:

While MFA is highly recommended for its added layers of security, some customers may have concerns or queries about its implementation. In this blog, we will delve into the details of Oracle's MFA policy for OCI and explore the available options for customers to navigate this change effectively. We recommend following two options:

 

Option 1: 

Activate Policy and Exclude Users One approach to handle the MFA activation is to keep only essential users under the policy, leaving out others. Here's how you can execute this option:

  1. Create an Identity Domain Administrator User: Start by creating a new admin user, who will have the authority to manage the MFA policy and other administrative tasks. Once the admin user is in place, exclude all other users from the MFA policy. This ensures that only authorized administrator will be affected by the MFA requirement.
  2. Create a Temporary User: To effectively implement the policy, select a temporary user as the sole entity subject to MFA. This approach allows you to thoroughly test the MFA workflow while minimizing its impact on users.


Option 2: 

Deleting the MFA Policy For customers who wish to avoid MFA activation altogether, Oracle has confirmed that once the MFA policy is deleted, it will not be recreated. Here's how you can proceed with this option:

  1. Identity Domain Administrator Privilege: Ensure that the user is Identity Domain Administrator to delete policies.
  2. Deleting the MFA Policy: The Identity Domain Administrator can then proceed to delete the MFA policy, effectively bypassing MFA requirements for all users.

Conclusion:

Multi-Factor Authentication (MFA) is a vital aspect of modern cybersecurity, providing an extra layer of protection for cloud infrastructure and user accounts. While Oracle Cloud Infrastructure (OCI) implements MFA to enhance security, customers have the flexibility to choose from two available options to navigate this change effectively. Whether it is configuring MFA for a select group of users or opting to delete the policy altogether, customers can make informed decisions based on their unique security requirements.

Remember, while MFA may cause initial concerns, its implementation will provide peace of mind and strengthen the overall security posture of your organization's OCI infrastructure. Stay safe, secure, and ahead in the cloud journey!

 

Monday, June 5, 2023

Title: Securing Your Infrastructure: Exploring VM Snapshots on OCI

 

Introduction:

In today's digital landscape, securing your infrastructure is paramount. With the increasing reliance on cloud computing, it's essential to have robust mechanisms in place to protect your valuable data and ensure business continuity. One such mechanism offered by Oracle Cloud Infrastructure (OCI) is VM snapshots. In this blog, we will dive deep into the world of VM snapshots and explore how they play a crucial role in securing your infrastructure on OCI.

Snapshot Process

Snapshot of System drive

To take a snapshot of a Windows virtual machine (VM) image on Oracle Cloud Infrastructure (OCI), you can follow these steps:

  1. Sign in to the OCI Console at https://console.oraclecloud.com/.
  2. Open the navigation menu on the top left and select "Compute" under "Core Infrastructure."
  3. In the Compute menu, click on "Instances" to view your VM instances.
  4. Locate and select the Windows VM instance for which you want to create a snapshot.
  5. In the instance details page, click on the "More Actions" button (three dots icon) at the top-right corner.
  6. From the dropdown menu, select "Create Custom Image."
  7. In the "Create Custom Image" dialog, provide a name and description for the image.
  8. Select the "Create Image" button to initiate the image creation process.
  9. The snapshot creation process will start, and it may take some time depending on the size of the VM and the amount of data it contains.
  10. 1.      Once the snapshot is created, it will appear as a new image in the "Images" section of the OCI Compute service.

Please note that taking a snapshot creates a copy of the VM image at a specific point in time. The snapshot can be used to create new instances or restore the VM to a previous state if needed.

 

It's important to keep in mind that taking a snapshot will not capture any data stored on attached block volumes or any data stored in cloud storage services. If you have additional data that needs to be backed up, make sure to follow appropriate backup strategies for those resources as well.

 

Snapshot of Block Volume

To take a snapshot of an attached block volume on Oracle Cloud Infrastructure (OCI), you can follow these steps:

  1. Log in to the Oracle Cloud Infrastructure Console: https://cloud.oracle.com/identity/sign-in/
  2. Navigate to the OCI Compute service.
  3. In the left-side navigation menu, click on "Block Volumes" under the "Block Storage" section.
  4. Locate and select the block volume for which you want to take a snapshot.
  5. In the volume details page, click on the "Block Volume Backups”
  6. In the "Create Block Volume Backup" dialog, provide a name and description for the snapshot.
  7. Click on the "Create" button to initiate the snapshot creation process.
  8. The snapshot creation process will start, and it may take some time depending on the size of the block volume and the amount of data it contains.
  9. Once the snapshot is created, it will appear in the "Snapshots" section of the OCI Block Volumes service.

Please note that taking a snapshot of a block volume captures the data at a specific point in time. Snapshots can be used to create new block volumes or restore the original volume to a previous state if needed.

It's important to regularly back up critical data and follow appropriate backup strategies to ensure data integrity and availability.

Conclusion:

In conclusion, VM snapshots on Oracle Cloud Infrastructure provide a powerful tool for securing your infrastructure and safeguarding critical data. By leveraging the capabilities and following best practices related to VM snapshots, you can significantly enhance the resilience of your infrastructure and ensure rapid recovery in the face of unexpected events. Take advantage of the power of VM snapshots on OCI to establish a comprehensive and reliable data protection strategy that will give your organization peace of mind and enable uninterrupted operations. Embrace the potential of VM snapshots on OCI today and fortify your infrastructure against any potential threats.












Wednesday, May 24, 2023

Unlocking the Power of OCI: Building a Windows VM Server from Scratch in an hour

 

Introduction:

Oracle Cloud Infrastructure (OCI) is a robust and feature-rich cloud platform that enables businesses to harness the power of virtualization. In this blog post, we will guide you through the process of building a Windows VM server on OCI from scratch. By following our step-by-step instructions, you will be able to set up your own Windows VM server in just an hour, leveraging the full potential of OCI's capabilities. Let's dive in and unlock the power of OCI!

This flowchart provides a high-level overview of the steps involved 


Step 1: Sign up for OCI To get started, sign up for an OCI account if you haven't already. The sign-up process is quick and straightforward, and it will provide you with the necessary credentials to access OCI's services. https://cloud.oracle.com.

Step 2: Create compartment

A compartment is a logical container that helps organize and isolate resources within an OCI tenancy.

  1. On OCI home page, open the navigation menu, and click Identity & Security. Under Identity, click Compartments.

A list of the compartments in your tenancy is displayed. You can also choose existing compartment or create new compartment.

  1. Click Create Compartment.



 Step 3: Create a Virtual Cloud Network (VCN)

Step 4: Create a Subnet Within the VCN

Step 5: Configure Security Lists Security

Step 6: Create a Windows VM

 Either we can create VCN, Subnet separately or we can create them while creating VM server. I used the later option.

From OCI navigation menu àClick on Compute and then click on Instances.


Click on Create Instance.


 

 You can give logical name to the instance and select the compartment in which you want to create instance.

An availability domain is a standalone, independent data center that is physically isolated from other availability domains to provide high availability. I just selected the first availability domain.




From available shapes, select configuration of your required VM server. I have selected the minimal required for EPM installation.

 A Virtual Cloud Network (VCN) is the foundation of your network infrastructure on OCI. Create a VCN and configure this will provide the networking resources for your Windows VM server.

Create a subnet that will host your Windows VM. Specify the CIDR block for the subnet, subnet type (public or private), and choose the appropriate routing table.

After this, you need to specify details of boot volument (C Drive of VM)


Click on Create Instance.  This will take you to the instance details screen.


 

This gives us VM server with IP address mentioned as public IP address. This will allow us to connect to server using RDP.

Tried it and it failed



This brings us to another step 5 to configure security list. We can complete it after VCN is ready or when RDP fails 😊

We need to add our IP address to IP allowlist.

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click the instance that you're interested in.
  3. Under Instance details, for Virtual cloud network, click the name of the cloud network.
  4. To add the rule to a network security group that the instance belongs to:
    1. Under Resources, click Network Security Groups.
    2. Click the network security group that you're interested in.

    1. Click Security lists , then click default security list

    1. Click Add Ingress Rule
    1. Click Add.
  1. Return to the Instance details page: Open the navigation menu and click Compute. Under Compute, click Instances. Click the instance.

Try to connect now. Change your password on first logon and then go ahead.



Yayy, we are now connected to our OCI server.

Step 7: Configure Storage

Step 8: Configure Networking

Step 9: Secure with essential VM update

 

For storage, we will be creating another volume on server – similar to D drive. It is called Block volume.

1.      Open the navigation menu and click Storage. Under Block Storage, click Block Volumes.



2.      Click Create Block Volume.



3.      Fill in the required volume information:

·        Name: A user-friendly name or description. Avoid entering confidential information.

·        Domain: Must be in the same availability domain as the instance.

·        Volume Size and Performance

o   Size: Must be between 50 GB and 32 TB.

o   Volume Performance: Optionally, you can select the appropriate performance level for your requirements.

·        Backup Policy: Optionally, you can select the appropriate backup policy for your requirements



4.      Click Create Block Volume.

Attach This volume to Server

1.      Open the navigation menu and click Compute. Under Compute, click Instances.

2.      In the Instances list, click the instance that you want to attach a volume to.

3.      In the Resources section, click Attached Block Volumes.



4.      Click Attach Block Volume.

5.      Specify the volume you want to attach to. To use the volume name, choose SELECT VOLUME and then select the volume from the Block Volume drop-down list.

6.      Select the volume attachment type, iSCSIParavirtualized, or Let Oracle Cloud Infrastructure choose the best attachment type. I went with iSCSI.




7.      Click Attach.

 



Login to server, open iSCSI initiator



 

Discovery tab à Discover Portal




Give IP and Port of newly created Block volume. Click OK.

 Click on Targets Tab.


Select the block volume and click connect. It shows connected.



Go to computer management



 


Right click on Disk 1, new simple volume



 

 




 

And our server is ready. I am going to use it for EPM. Maybe you are aware of it from naming conventions 😊

Conclusion: By following these steps outlined in this blog post, you can unlock the power of Oracle Cloud Infrastructure (OCI) and build your Windows VM server from scratch in just an hour. Don't miss out on the benefits of OCI – start building your Windows VM server today and take full advantage of the power and capabilities that OCI offers.