Understanding OCI Infrastructure: Regions, Availability Domains, and Fault Domains

Oracle Cloud Infrastructure (OCI) Physical Architecture: A Complete Guide

Oracle Cloud Infrastructure (OCI) is built on a robust physical architecture designed to deliver high availability, fault tolerance, and optimal performance. Understanding this architecture is crucial for designing resilient cloud solutions. Let's dive into the key components that make up OCI's infrastructure.

Core Infrastructure Components

OCI's physical architecture is organized into three main levels:

• Regions - Geographic locations

• Availability Domains (ADs) - Data centers within regions

• Fault Domains (FDs) - Hardware groupings within availability domains

Regions: Your Geographic Foundation

A region is a localized geographical area where Oracle has deployed OCI infrastructure. Think of regions as Oracle's data center hubs strategically placed around the world. For example, Phoenix serves as a major region on the US West Coast.

As of August 2024, Oracle Cloud Infrastructure (OCI) boasts more than 45 active regions and over 100 Availability Domains globally, making it comparable to major cloud providers like AWS and Microsoft Azure.

Choosing the Right Region

The golden rule for region selection is simple: choose the region closest to your users. This ensures:

• Lowest network latency

• Best application performance

• Optimal user experience

Data sovereignty and compliance requirements may also influence your region choice, especially for regulated industries.

Availability Domains: Isolated Data Centers

An Availability Domain (AD) consists of one or more fault-tolerant data centers located within a single OCI region. Here's what makes them special:

Key Characteristics

• Availability domains are isolated from each other, fault tolerant, and very unlikely to fail simultaneously

• Connected by low-latency, high-bandwidth networks

• No shared physical infrastructure (power, cooling, or internal networks)

• Traffic between availability domains and between regions is encrypted

Availability Domain Distribution

• Every Region can have up to 3 Availability Domains

• Some regions may have fewer ADs depending on their size and scope

• Each AD operates independently to prevent cascading failures

Fault Domains: Hardware-Level Resilience

Fault Domains (FDs) represent the finest level of isolation in OCI's architecture. They're groupings of hardware and infrastructure within an availability domain.

Fault Domain Structure

• Each region has at least three fault domains

• Every availability domain contains exactly 3 fault domains

• Software deployments across multiple fault domains are staggered

Protection Benefits

Fault domains provide anti-affinity protection against:

• Unexpected hardware failures - Server crashes, network issues, storage problems

• Planned maintenance - Scheduled updates and infrastructure work

• Power and cooling issues - Localized infrastructure problems

Oracle Maximum Availability Architecture (MAA)

Oracle Maximum Availability Architecture (MAA) is a set of best practices developed by Oracle engineers over many years for the integrated use of Oracle High Availability, data protection, and disaster recovery technologies.

MAA Components

The MAA blueprint includes these critical technologies:

• Oracle Flashback - optimizes logical failure repair

• Backup and Recovery - Comprehensive data protection strategies

• Multitenancy - Efficient resource sharing and isolation

• Data Guard - Database disaster recovery and high availability

• Real Application Clusters (RAC) - allow customers to run a single Oracle Database across multiple servers to maximize availability and enable horizontal scalability

• Application Continuity - Seamless failover for database connections

Integrated Security

MAA implements a defense-in-depth security approach covering:

• Data encryption and protection

• Identity and access management

• Network security controls

• Compute infrastructure security

• OCI tenancy-level protections

Organizational Structure: Tenancy and Compartments

Tenancy: Your OCI Account

• Each OCI account receives one tenancy (root compartment)

• Think of tenancy as your organization's master container

• Provides the highest level of resource organization

Compartments: Logical Organization

Compartments are logical containers that help you organize and isolate cloud resources:

Key Features

• Can be nested up to 6 levels deep

• Inherit policies from parent compartments

• Tenancy-wide availability - accessible across all subscribed regions

• Resource mobility - most resources can be moved between compartments

Best Practices

• Use compartments to separate environments (dev, test, prod)

• Align compartments with your organizational structure

• Implement least-privilege access through compartment-based policies

Virtual Cloud Network (VCN): Your Software-Defined Network

A Virtual Cloud Network (VCN) is your private software-defined network in OCI, functioning like a traditional physical network but with cloud flexibility.

VCN Characteristics

• Regional scope - Each VCN exists within a single OCI region

• CIDR support - Supports both IPv4 and IPv6 addressing

• Complete networking stack - Includes subnets, route tables, and security lists

Subnet Types

Public Subnets (Internet Gateway)

Public subnets enable direct internet connectivity:

• Allow ingress traffic from the internet

• Allow egress traffic to the internet

• Support public IP addresses for resources

• Ideal for web servers, load balancers, and public-facing services

Private Subnets (NAT Gateway)

Private subnets provide secure, isolated environments:

• No direct ingress from the internet

• Controlled egress through NAT Gateway

• No public IP addresses assigned

• Perfect for databases, application servers, and sensitive workloads

Networking Components

• Route Tables - Define traffic routing rules

• Security Lists - Act as subnet-level firewalls

• Gateways - Provide connectivity options (Internet, NAT, Service)

Identity and Access Management (IAM) Policies

IAM policies form the backbone of OCI security, controlling who can access what resources and when.

Policy Hierarchy

Fleet administrators can set IAM policies at multiple levels:

• Tenancy level - Organization-wide policies

• Compartment level - Environment or project-specific access

• User level - Individual user permissions

• Group level - Role-based access control

Policy Capabilities

IAM policies enable you to:

• Create, manage, and delete cloud resources

• Control access to specific services and features

• Implement compliance requirements

• Audit and monitor resource usage

Best Practices

• Follow the principle of least privilege

• Use groups instead of individual user assignments

• Regularly review and audit policy assignments

• Implement separation of duties for critical operations

Conclusion

Oracle Cloud Infrastructure's physical architecture provides a solid foundation for building highly available, scalable, and secure cloud applications. By understanding regions, availability domains, and fault domains, you can design resilient architectures that withstand various failure scenarios.

The combination of MAA best practices, flexible compartment organization, robust VCN networking, and comprehensive IAM policies gives you the tools needed to build enterprise-grade cloud solutions.

Whether you're migrating existing workloads or building new cloud-native applications, OCI's architecture provides the reliability and performance your business demands.

---

Ready to start your OCI journey? Consider your region selection carefully, plan your compartment strategy, and always design for high availability across multiple fault domains.