What is the purpose of the SAML metadata file in the OCI Federation setup with Azure Active Di-rectory (AD)?
In general, SAML metadata is used to share configuration information between the Identity Pro-vider (IdP) and the Service Provider (SP).
A company wants to seamlessly build a private interconnection between their OCI and Microsoft Azure environments with consistent performance and low latency. They want to enable their cloud engineers to set up Single Sign-On (SSO) between Microsoft Azure and OCI for their Oracle appli-cations, such as PeopleSoft, JD Edwards EnterpriseOne, and E-Business Suite.
Which technology integration can the company use to achieve this goal?
By using Oracle FastConnect and Azure ExpressRoute, customers can seamlessly build a private interconnection between their OCI and Microsoft Azure environments. The Interconnect also ena-bles joint customers to take advantage of a unified identity and access management platform that leads to cost savings. Cloud engineers can set up SSO between Microsoft Azure and OCI for their Oracle applications, such as PeopleSoft, JD Edwards EnterpriseOne, and E-Business Suite. Having a federated SSO makes the integration seamless and allows users to authenticate only once to access multiple applications, without signing in separately to access each application.
Which components are required to establish a Site-to-Site VPN connection in Oracle Cloud Infra-structure?
Site-to-Site VPN Components:
CPE OBJECT: At your end of Site-to-Site VPN is the actual device in your on-premises network (whether hardware or software). The term customer-premises equipment (CPE) is commonly used in some industries to refer to this type of on-premises equipment.
DYNAMIC ROUTING GATEWAY (DRG): At Oracle's end of Site-to-Site VPN is a virtual router called a dynamic routing gateway, which is the gateway into your VCN from your on-premises network.
IPSEC CONNECTION: After creating the CPE object and DRG, you connect them by creating an IPSec connection, which you can think of as a parent object that represents the Site-to-Site VPN.
TUNNEL: An IPSec tunnel is used to encrypt traffic between secure IPSec endpoints. Oracle cre-ates two tunnels in each IPSec connection for redundancy.
So, Internet Gateway, NAT Gateway are NOT valid Site-to-Site VPN Components.
Hence, Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and IPsec tunnel is the CORRECT answer.
What should you do to prepare your Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) for potential security risks when connected to a Microsoft Azure VNet?
Controlling Traffic Flow Over the Connection
Even if a connection has been established between your VCN and VNet, you can control the packet flow over the connection with route tables in your VCN. For example, you can restrict traf-fic to only specific subnets in the VNet.
Controlling the Specific Types of Traffic Allowed
It's important that you ensure that all outbound and inbound traffic with the VNet is intended or expected and well defined. Implement Azure network security group and Oracle security rules that explicitly state the types of traffic one cloud can send to the other and accept from the other.
Which is a database service that CANNOT be provisioned in the Oracle Public Cloud?
As you can see in the screenshot, Exadata Database Service on Shared Infrastructure is NOT sup-ported.
