-
DRCC – Cross Connects
I have been solutioning on OCI since the general availability of generation 2 (what was BareMetal cloud). It has been rare, for me, to implement Fast Connects with cross connection. DRCC is definitely going to be presenting more cross connect opportunities. Customers that choose a data center provider for the DRCC implementation will be required…
-
Dedicated Region Cloud at Customer – Planning
Now that I have had a couple of go-rounds with the OCI Dedicated Region Cloud at Customer (DRCC), I would like to think I have a pretty good understanding of how to effectively plan for an implementation. A DRCC is mostly like any other OCI region. The thing that makes it different is that it…
-
An AI journey continues – configure the scheduler
Now that the infrastructure has been deployed (software defined network, OKE, H100, storage, etc) it was now time to configure the scheduler (run:ai). The first question posed, post installation, “do we need any special configuration for the network operator in order for the scheduler pods to leverage RDMA?” Would we need Single Root I/O Virtualization…
-
An AI journey continues – GPU Deployment!
With our OKE cluster successfully deployed, it was time to start working on the GPU node deployment. Our GPU node/s have a requirement to run Ubuntu 22.04 because of the support for the NVIDIA GPU Operators that are required by the run:ai scheduler. For optimal performance between the GPU worker node instances, we needed to…
-
An AI journey continues – Network design
I wish I had been brilliant enough to have planned out the network deployment without issue but as the saying goes….we live and we learn. Here are some key networking decisions that will need to considered: After running through all of the pre-requisites for the run:ai cluster installation. We made sure that we had an…
-
An AI journey continues – storage
In the last blog entry, we left off with the scheduler and Kubernetes cluster decision in place. Our focus quickly turned to storage options. Since we will have two GPU worker nodes we required a shared storage option. The throughput objective requirement that was provided was 50 Gbps. OCI AI Architecture documentation lists Lustre, BeeGFS,…
-
An AI journey begins – choosing a scheduler
As a veteran of the technology industry, I have experienced the ebbs and flows of the “next big thing”. E-Commerce, blockchain, cloud computing, IoT, edge computing, quantum computing, big data, etc. The current buzz or “next big thing” is Artificial Intelligence (AI). I recently had an opportunity to deploy an AI architecture. I thought I…
-
Zero Trust Packet Routing – A use case
Part 3 of the Zero Trust Packet Routing (ZPR) blog post is to explore potential use cases. As fortune would have it, ZPR came up during a spirited discussion with some security colleagues. We were discussing CIS compliance and management access to an application stack. To kick start the discussion, I used the CIS compliant…
-
ZPR part 2 – implementation considerations
In the last entry I tried to explain how Zero Trust Packet Routing (ZPR) contrasted with Security Lists (SCL) and Network Security Groups (NSG). In this entry, I wanted to take a closer look at ZPR and what is required to implement in an OCI tenancy. That encompasses the IAM policies required, ZPR required components…
-
Zero Trust Packet Routing – What is it?
OCI has made zero trust packet routing (ZPR) generally available. There was quite a bit of buzz around the new feature during Oracle Cloud World. In conversation with some of my colleagues, there seemed to be a lack of consensus on what exactly the new feature is and what it can do. Now that I…
-
DR Considerations on OCI
Disaster Recovery (DR) planning is an essential part of a successful cloud strategy. Unplanned outages and data loss can have catastrophic effects on business operations. By implementing a solid disaster recovery plan, customers can ensure that their systems remain operational and that data is consistently backed up and retrievable, minimizing potential downtime and loss. Whether…
-
Migrating VMware to the Cloud
VMware migrations to cloud service provider (CSP) VMware services have been a recent focus of mine. There are generally two drivers for migrating VMware to the cloud. 1. A requirement to get out of a data center in a limited timeframe and 2. the acquisition and subsequent change to subscription-based licensing. I am actively working…
-
OCI Security Zones
OCI Security Zones are not a new feature, they have been available since 2020. Security zones ensure that your OCI resources comply with your security policies, including Oracle Cloud Infrastructure Compute, Oracle Cloud Infrastructure Networking, Oracle Cloud Infrastructure Object Storage, Oracle Cloud Infrastructure Block Volumes, and Database resources. OCI provides a Maximum Security Zone recipe that can be customized…
-
Careful what you advertise!
I was recently asked by a colleague if I would do a post on how to avoid potential issues with route advertisement via OCI’s Dynamic Routing Gateway. I will do my best not to make this post too technical. I have witnessed two occasions where an implementation has advertised a wrong route and caused a…
-
OCI Organization Management
Tenancy and the number required is a topic that customers bring up early in the design process. In my experience, customers already have footprints in AWS or Azure. Customers naturally start applying lessons learned or design processes they have from the other cloud service providers (i.e., AWS uses multiple accounts, Azure uses multiple subscriptions). What…
-
OCI Compartment Guide pt 4 of 4
To wrap up this series, let’s take a look at how introducing OCI tagging can benefit both the compartment design and streamline the network design. OCI introduced the tag-based policy concept around March of 2020. It allows customers to use tags for authorization to deployed resources. At the time of the introduction, my initial thought…
-
OCI Compartment Guide pt 3 of 4 – Network in project compartment
I purposefully selected compartments and network segmentation as the example for this series, because I generally tend to see customers tend to confuse or correlate network design and compartment design and it generally tends to drag out the design process. When we are looking at compartment structure, we are looking at the segmentation and authorization…
-
OCI Compartments Guide pt 2 of 4 – Network with sub-compartments
If a VCN is deployed within the same compartment, there was no way to specify, via policy, access control to a specific VCN or subnet. As an example, if a Production VCN and Non-Production VCN were deployed in the same compartment, compartment policy was too broad. Even with two different IAM groups, both groups would…
-
OCI Compartments Guide part 1 of 4
When designing an Oracle Cloud Infrastructure (OCI) tenancy, the first step to building the foundation is locking in the compartment design. Compartments are part of the Identity and Access Management (IAM) construct within OCI. IAM consists of users, groups, policies, and compartments. Client familiar with AWS, Azure, GCP, etc. but new to OCI often try…
Cloud Architecture Blog 