Not all features present in Oracle Database Enterprise Edition are available in ATP, and some some Oracle Database features are restricted, for example, database features designed for administration are not available. so you need to validate it first, You can find a complete list of the features that are not supported.
Also, you must specify the initial storage required for your database but ADB is elastic, so it is possible to grow or shrink your database as needed.

Reference:
https://docs.oracle.com/en/cloud/paas/atp-cloud/atpug/experienced-database-users.html#GUID-58EE6599-6DB4-4F8E-816D-0422377857E5

The backups feature of the Oracle Cloud Infrastructure Block Volume service lets you make a point-in-time snapshot of the data on a block volume.These backups can then be restored to new volumes either immediately after a backup or at a later time that you choose.
You can copy block volume backups between regions using the Console, command line interface (CLI), SDKs, or REST APIs.
To copy volume backups between regions, you must have permission to read and copy volume backups in the source region, and permission to create volume backups in the destination region.
to do all things with block storage volumes, volume backups, and volume groups in all compartments with the exception of copying volume backups across regions.
Allow group VolumeAdmins to manage volume-family in tenancy
The aggregate resource type volume-family does not include the VOLUME_BACKUP_COPY permission, so to enable copying volume backups across regions you need to ensure that you include the third statement in that policy, which is:
Allow group VolumeAdmins to use volume-backups in tenancy where request.permission=’VOLUME_BACKUP_COPY’

Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to.

Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can’t list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can’t edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre?authenticated request.
The target and actions for a pre-authenticated request are based on the creator’s permissions. The request is not, however, bound to the creator’s account login credentials. If the creator’s login credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.

there are two main requirements for this Customer
First Highly available connection with service level redundancy and that can achieve by
1- VPN Connect with a Redundant Customer Edge Device

2- FastConnect Plus a Single VPN Connect Connection

3- Redundant FastConnect

second Dedicated network bandwidth with low latency and that can achieve by select fastconnect as Primary Path
One option Use a single edge device in your on premises data center for each connection that mean we have a single point of failure and also this is not the most cost effective solution

OCI Traffic Management Steering Policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across multiple resources, and account for the location where the query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.
Public Load Balancer Accepts traffic from the internet using a public IP address that serves as the entry point for incoming traffic.Load Balancing service creates a primary load balancer and a standby load balancer, each in a different availability domain

raffic Management Steering Policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across multiple resources, and account for the location where the query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.
1- OCI Traffic management with failover
Failover policies allow you to prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of answers in the policy. If the Primary Answer is determined to be unhealthy, DNS traffic will automatically be steered to the Secondary Answer.
so the answer # 1 is not correct which the customer decided to divert only 30% of the application works fine, they divert all traffic to OCI.
2- OCI Traffic management with LOAD BALANCER
Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can be assigned equal weights to distribute traffic evenly across the endpoints or custom weights may be assigned for ratio load balancing. Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of the endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to be unhealthy.

You can check on an active multipart upload by listing all parts that have been uploaded. (You cannot list information for an individual object part in an active multipart upload.)
The Oracle Cloud Infrastructure Object Storage service supports multipart uploads for more efficient and resilient uploads, especially for large objects. You can perform multipart uploads using the API and CLI
Before you use the multipart upload API, you are responsible for creating the parts to upload. Object Storage provides API operations for the remaining steps.
Note:
When you perform a multipart upload using the CLI, you do not need to split the object into parts as you are required to do by the API. Instead, you specify the part size of your choice, and Object Storage splits the object into parts and performs the upload of all parts automatically.
After you finish creating object parts, initiate a multipart upload by making a CreateMultipartUpload REST API call. Provide the object name and any object metadata. Object Storage responds with a unique upload ID that you must include in any requests related to this multipart upload. Object Storage also marks the upload as active. The upload remains active until you explicitly commit it or abort it.
You do not need to assign contiguous numbers, but Object Storage constructs the object by ordering part numbers in ascending order. also Part numbers do not have to be contiguous

All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a high risk of production outage, we don’t recommend using the maximum protection mode for your Data Guard configuration.
We recommend using the maximum availability mode in SYNC mode between two availability domains (same region), and using the maximum availability mode in ASYNC mode between two regions. This architecture provides you the best RTO and RPO without causing any data loss. We recommend building this architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in ASYNC mode. This method ensures that your primary database is not doing the double work of shipping redo logs, which can cause performance impact on a production workload.

This configuration offers the following benefits:
No data loss within a region.
No overhead on the production database to maintain standbys in another region.
Option to configure lagging on the DR site if needed for business reasons.
Option to configure multiple standbys in different regions without any additional overhead on the production database. A typical use case is a CDN application

Active Data Guard or GoldenGate are used for disaster recovery when fast recovery times or additional levels of data protection are required. and offload queries and backup to standby system.

Oracle GoldenGate to support a disaster recovery site is to have a working bi-directional data flow, from the primary system to the live-standby system and vice versa.

DataGuard and Automatic Backup
You can enable the Automatic Backup feature on a database with the standby role in a Data Guard association. However, automatic backups for that database will not be created until it assumes the primary role.

Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network like Object Storage)
so compute Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the intern

due to the network speed is not good enough and the connection is Intermittent due to the damages caused to the electrical grid
Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure.
you have 2 Options of Data Transfer
DISK-BASED DATA TRANSFER
You send your data as files on encrypted commodity disk to an Oracle transfer site. Operators at the Oracle transfer site upload the files into your designated Object Storage bucket in your tenancy.
APPLIANCE-BASED DATA TRANSFER
you send your data as files on secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the data into your designated Object Storage bucket in your tenancy.
the Storage Capacity is 150 TB of protected usable space

The Oracle Cloud Infrastructure Compute service provides console connections that enable you to remotely troubleshoot malfunctioning instances, such as:
An imported or customized image that does not complete a successful boot.
A previously working instance that stops responding.
the steps to connect to console and troubleshoot the OS Issue
1- Before you can connect to the serial console you need to create the instance console connection.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you’re interested in.
Under Resources, click Console Connections.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the status changes to ACTIVE.

2- Connecting to the Serial Console
you can connect to the serial console by using a Secure Shell (SSH) connection to the service endpoint of the console connection service
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you’re interested in.
Under Resources, click Console Connections.
Click the Actions icon (three dots), and then click Copy Serial Console Connection for Linux/Mac.
Paste the connection string copied from the previous step to a terminal window on a Mac OS X or Linux system, and then press Enter to connect to the console.
If you are not using the default SSH key or ssh-agent, you can modify the serial console connection string to include the identity file flag, -i, to specify the SSH key to use. You must specify this for both the SSH connection and the SSH ProxyCommand, as shown in the following line:
ssh -i // -o ProxyCommand=’ssh -i // -W %h:%p -p 443…
Press Enter again to activate the console.
3- Troubleshooting Instances from Instance Console Connections
To boot into maintenance mode
Reboot the instance from the Console.
When the reboot process starts, switch back to the terminal window, and you see Console messages start to appear in the window. As soon as you see the GRUB boot menu appear, use the up/down arrow key to stop the automatic boot process, enabling you to use the boot menu.
In the boot menu, highlight the top item in the menu, and type e to edit the boot entry.
In edit mode, use the down arrow key to scroll down through the entries until you reach the line that starts with either linuxefi for instances running Oracle Autonomous Linux 7.x or Oracle Linux 7.x, or kernel for instances running Oracle Linux 6.x.
At the end of that line, add the following:

init=/bin/bash

Reboot the instance from the terminal window by entering the keyboard shortcut CTRL+X.

VM.DeselO2.24 compute instance include locally attached NVMe devices. These devices provide extremely low latency, high performance block storage that is ideal for big data, OLTP, and any other workload that can benefit from high-performance block storage.

A protected RAID array is the most recommended way to protect against an NVMe device failure. There are three RAID levels that can be used for the majority of workloads:
RAID 1: An exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored pair contains two disks
RAID 10: Stripes data across multiple mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved
RAID 6: Block-level striping with two parity blocks distributed across all member disks

If you need the best possible performance and can sacrifice some of your available space, then RAID 10 array is an option.

WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer’s applications.
WAF provides you with the ability to create and manage rules for internet threats including
Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted
bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit
based on geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various
conditions. Conditions use various operations and regular expressions. A rule action can be
set to log and allow, detect, or block requests.

Oracle and Microsoft have created a cross-cloud connection between Oracle Cloud Infrastructure and Microsoft Azure in certain regions. This connection lets you set up cross-cloud workloads without the traffic between the clouds going over the internet.
you can connect your VNet and VCN so that traffic that uses private IP addresses goes over the cross-cloud connection.
For example, the following diagram shows a VNet that is connected to a VCN. Resources in the VNet are running a .NET application that access an Oracle database that runs on Database service resources in the VCN. The traffic between the application and database uses a logical circuit that runs on the cross-cloud connection between Azure and Oracle Cloud Infrastructure.
The two virtual networks must belong to the same company and not have overlapping CIDRs. The connection requires you to create an Azure ExpressRoute circuit and an Oracle Cloud Infrastructure FastConnect virtual circuit.

You can move a compartment to a different parent compartment within the same tenancy.When you move a compartment, all its contents (subcompartments and resources) are moved with it.
After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Before you move a compartment, ensure that:
– You are aware of the policies that govern access to the compartment in its current position.
– You are aware of the polices in the new parent compartment that will take effect when you move the compartment.

1- Policy that defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X
you move compartment X from Finance:A to HR:C. The policy that governs compartment X is attached to the shared parent, root compartment. When the compartment X is moved, the policy statement is automatically updated by the IAM service to specify the new compartment location.
The policy
Allow group admins to read subnets in compartment Finance:A:X
is updated to
Allow group admins to read subnets in compartment HR:C:X
so the admins group will have the same access after the compartment X is moved
2- Policy that defined in compartment A: Allow group networkadmins to manage subnets in compartment X
you move compartment X from Finance:A to HR:C. However, the policy that governs compartment X here is attached directly to the A compartment. When the compartment is moved, the policy is not automatically updated. The policy that specifies compartment X is no longer valid and must be manually removed. Group networkadmins no longer has access to compartment X in its new location under HR:C. Unless another existing policy grants access to group networkadmins , you must create a new policy to allow networkadmins to continue to manage buckets in compartment X.

An internet gateway is an optional virtual router you can add to your VCN to enable direct connectivity to the internet. Resources that need to use the gateway for internet access must be in a public subnet and have public IP addresses. Each public subnet that needs to use the internet gateway must have a route table rule that specifies the gateway as the target. For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly in the subnet’s route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway).
Dynamic Routing Gateway (DRG) is A virtual edge router attached to your VCN. Necessary for private peering. The DRG is a single point of entry for private traffic coming in to your VCN,After creating the DRG, you must attach it to your VCN and add a route for the DRG in the VCN’s route table to enable traffic flow.

You can OCI Load Balancer for this solution which can you the Public IPs of Load balancer to Traffic to third party services which allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to 15 Instances during peak traffic demand

INSTANCE PRINCIPALS
The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it.These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them.
Dynamic groups A special type of group that contains resources (such as compute instances) that match rules that you define (thus the membership can change dynamically as matching resources are created or deleted). These instances act as “principal” actors and can make API calls to services according to policies that you write for the dynamic group.

The following steps summarize the process flow for setting up and using instances as principals. The subsequent sections provide more details.
1. Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make API calls against services.
2. Create a policy granting permissions to the dynamic group to access services in your tenancy (or compartment).
3. A developer in your organization configures the application built using the Oracle Cloud Infrastructure SDK to authenticate using the instance principals provider. The developer deploys the application and the SDK to all the instances that belong to the dynamic group.
4. The deployed SDK makes calls to Oracle Cloud Infrastructure APIs as allowed by the policy (without needing to configure API credentials).
5. For each API call made by an instance, the Audit service logs the event, recording the OCID of the instance as the value of principalId in the event log.

You can use the CLI, REST APIs, or the SDKs to automate, script, and manage volume backups and their lifecycle.
Planning Your Backup
The primary use of backups is to support business continuity, disaster recovery, and long-term archiving requirements. When determining a backup schedule, your backup plan and goals should consider the following:
Frequency: How often you want to back up your data.
Recovery time: How long you can wait for a backup to be restored and accessible to the applications that use it. The time for a backup to complete varies on several factors, but it will generally take a few minutes or longer, depending on the size of the data being backed up and the amount of data that has changed since your last backup.
Number of stored backups: How many backups you need to keep available and the deletion schedule for those you no longer need. You can only create one backup at a time, so if a backup is underway, it will need to complete before you can create another one. For details about the number of backups you can store

The Oracle Cloud Infrastructure Streaming service provides a fully managed, scalable, and durable storage solution for ingesting continuous, high-volume streams of data that you can consume and process in real time. Streaming can be used for messaging, ingesting high-volume data such as application logs, operational telemetry, web click-stream data, or other use cases in which data is produced and processed continually and sequentially in a publish-subscribe messaging model.

Streaming Usage Scenarios
Here are some of the many possible uses for Streaming:
Metric and log ingestion: Use the Streaming service as an alternative for traditional file-scraping approaches to help make critical operational data more quickly available for indexing, analysis, and visualization.
Messaging: Use Streaming to decouple components of large systems. Streaming provides a pull/buffer-based communication model with sufficient capacity to flatten load spikes and the ability to feed multiple consumers with the same data independently. Key-scoped ordering and guaranteed durability provide reliable primitives to implement various messaging patterns, while high throughput potential allows for such a system to scale well.
Web/Mobile activity data ingestion: Use Streaming for capturing activity from websites or mobile apps (such as page views, searches, or other actions users may take). This information can be used for real-time monitoring and analytics, as well as in data warehousing systems for offline processing and reporting.
Infrastructure and apps event processing: Use Streaming as a unified entry point for cloud components to report their life cycle events for audit, accounting, and related activities.

You can configure the Autonomous Database instance as a target database for Oracle GoldenGate. but You can’t set up Oracle Autonomous Database as a source database for Oracle GoldenGate.

Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour
– To provision new VM and restore the production database from the backup on object storage, will exceed the RTO 1 hour
– You can create the standby DB system in a different availability domain from the primary DB system for availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO 1 hour.
– RAC Database is not required in this solution. Standalone will be most suitable and cost effective

Managing Traffic Management GEOLOCATION Steering Policies
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
The Health Checks service allows you to monitor the health of IP addresses and hostnames, as measured from geographic vantage points of your choosing, using HTTP and ping probes.After configuring a health check, you can view the monitor’s results. The results include the location from which the host was monitored, the availability of the endpoint, and the date and time the test was performed.

Also you can Combine Managing Traffic Management GEOLOCATION Steering Policies with Oracle Health Checks to fail over from one region to another
The Load Balancing service provides health status indicators that use your health check policies to report on the general health of your load balancers and their components.
if you misconfigure the health check Protocol between the Load balancer and backend set that can lead to not get an accurate response as example below
If you run a TCP-level health check against an HTTP service, you might not get an accurate response. The TCP handshake can succeed and indicate that the service is up even when the HTTP service is incorrectly configured or having other issues. Although the health check appears good customers might experience transaction failures.

Autonomous Database is an Oracle Managed and Secure environment.
A physical database can’t simply be migrated to autonomous because:
– Database must be converted to PDB, upgraded to 19c, and encrypted
– Any changes to Oracle shipped privileges, stored procedures or views must be removed
– All legacy structures and unsupported features must be removed (e.g. legacy LOBs)

GoldenGate replication can be used to keep database online during migration

Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured data. Use the Object Storage Standard tier for data to which you need fast, immediate, and frequent access. Use the Archive Storage service’s Archive tier for data that you access infrequently, but which must be preserved for long periods of time. Both storage tiers use the same manageable resources (for example, objects and buckets). The difference is that when you upload a file to Archive Storage, the object is immediately archived. Before you can access an archived object, you must first restore the object to the Standard tier.
you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a cost-effective backup solution. You can move individual files and compressed or uncompressed ZIP or TAR archives. Storing secondary copies of data is an ideal use case for Storage Gateway.

Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can’t move from one compartment to another. Some resources have attached resource dependencies and some don’t. Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new compartment. The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment. You can move these attached resources independently.

You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved.

You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and ephemeral IPs move with it to the new compartment.

There are 3 connections to ADW
1- Connecting to (ADW) from Public Internet
2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in the same tenancy)
3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same tenancy

The Oracle Cloud Infrastructure Streaming service provides a fully managed, scalable, and durable storage solution for ingesting continuous, high-volume streams of data that you can consume and process in real time. Streaming can be used for messaging, ingesting high-volume data such as application logs, operational telemetry, web click-stream data, or other use cases in which data is produced and processed continually and sequentially in a publish-subscribe messaging model.

Streaming Usage Scenarios
Here are some of the many possible uses for Streaming:
Metric and log ingestion: Use the Streaming service as an alternative for traditional file-scraping approaches to help make critical operational data more quickly available for indexing, analysis, and visualization.
Messaging: Use Streaming to decouple components of large systems. Streaming provides a pull/buffer-based communication model with sufficient capacity to flatten load spikes and the ability to feed multiple consumers with the same data independently. Key-scoped ordering and guaranteed durability provide reliable primitives to implement various messaging patterns, while high throughput potential allows for such a system to scale well.
Web/Mobile activity data ingestion: Use Streaming for capturing activity from websites or mobile apps (such as page views, searches, or other actions users may take). This information can be used for real-time monitoring and analytics, as well as in data warehousing systems for offline processing and reporting.
Infrastructure and apps event processing: Use Streaming as a unified entry point for cloud components to report their life cycle events for audit, accounting, and related activities.

Autoscaling
Autoscaling enables you to automatically adjust the number of Compute instances in an
instance pool based on performance metrics such as CPU utilization. This helps you provide
consistent performance for your end users during periods of high demand, and helps you
reduce your costs during periods of low demand.

Prerequisites
– You have an instance pool. Optionally, you can attach a load balancer to the instance pool. For steps to create an instance pool and attach a load balancer, see Creating an Instance Pool.
– Monitoring is enabled on the instances in the instance pool. For steps to enable monitoring, see Enabling Monitoring for Compute Instances.
– The instance pool supports the maximum number of instances that you want to scale to. This limit is determined by your tenancy’s service limits.
About Service Limits and Usage
When you sign up for Oracle Cloud Infrastructure, a set of service limits are configured for your tenancy. The service limit is the quota or allowance set on a resource. For example, your tenancy is allowed a maximum number of compute instances per availability domain. These limits are generally established with your Oracle sales representative when you purchase Oracle Cloud Infrastructure.
Compartment Quotas
Compartment quotas are similar to service limits; the biggest difference is that service limits are set by Oracle, and compartment quotas are set by administrators, using policies that allow them to allocate resources with a high level of flexibility.

There’s an advanced routing scenario called transit routing that enables communication between an on-premises network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect or IPSec VPN. The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of the scenario, the VCN that is acting as the hub has a route table associated with each LPG (typically route tables are associated with a VCN’s subnets).

https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVNICs.htm
https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/2.9.11/oci_cli_docs/cmdref/compute/vnic-attachment.html

You can change the shape of a virtual machine (VM) instance without having to rebuild your instances or redeploy your applications. This lets you scale up your Compute resources for increased performance, or scale down to reduce cost.
When you change the shape of an instance, it affects the number of OCPUs, amount of memory, network bandwidth, and maximum number of VNICs for the instance. Optionally, you can select a shape that uses a different processor. The instance’s public and private IP addresses, volume attachments, and VNIC attachments remain the same.

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/resizinginstances.htm

An Oracle-generated token that you can use to authenticate with third-party APIs. For example, use an auth token to authenticate with a Swift client when using Recovery Manager (RMAN) to back up an Oracle Database System (DB System) database to Object Storage.

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Concepts/usercredentials.htm#User_Credentials

https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/usingdataguard.htm

ADB (serverless) does have auto-scaling – you can select auto scaling during provisioning or later using the Scale Up/Down button on the Oracle Cloud Infrastructure console.
Autonomous Databases comes with over 30 machine learning algorithms implemented as SQL functions that leverage the strengths of the Oracle Autonomous Database.

Reference:
https://juliandontcheff.wordpress.com/2019/07/22/oracle-autonomous-database-dedicated-vs-serverless/
https://www.oracle.com/database/technologies/datawarehouse-bigdata/adb-faqs.html

You can add a NAT gateway to your VCN to give instances in a private subnet access to the internet.
Instances in a private subnet don’t have public IP addresses. With the NAT gateway, they can initiate connections to the internet and receive responses, but not receive inbound connections initiated from the internet.

You need to add one egress rule to allow all outbound traffic generated from private subnet.
In the route table you need to add a route, to route the traffic through NAT Gateway only.

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/NATgateway.htm#setup

Each subnet in a VCN consists of a contiguous range of IPv4 addresses that do not overlap with other subnets in the VCN.
Example: 172.16.1.0/24. The first two IPv4 addresses and the last in the subnet’s CIDR are reserved by the Networking service. You can’t change the size of the subnet after creation, so it’s important to think about the size of subnets you need before creating them.

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVCNs.htm

Each VCN automatically comes with a default route table that has no rules. If you don’t specify otherwise, every subnet uses the VCN’s default route table. When you add route rules to your VCN, you can simply add them to the default table if that suits your needs. However, if you need both a public subnet and a private subnet, you instead create a separate (custom) route table for each subnet.
Each subnet in a VCN uses a single route table. When you create the subnet, you specify which one to use. You can change which route table the subnet uses at any time. You can also edit a route table’s rules, or remove all the rules from the table
Dynamic routing gateway (DRG): For subnets that need private access to networks connected to your VCN (for example, your on-premises network connected with an IPSec VPN or FastConnect, or a peered VCN in another region)

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingroutetables.htm

https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm

Origin Management
An origin is an endpoint (typically an IP address) of the application protected by the WAF. An origin can be an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the application.

Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer’s applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.

Distributed Denial of Service (DDoS)
A DDoS attack is an often intentional attack that consumes an entity’s resources, usually using a large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4)

A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources and hamper a website’s ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF) service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.

Autoscaling lets you automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
you can associate a load balancer with an instance pool. If you do this, when you add an instance to the instance pool, the instance is automatically added to the load balancer’s backend set . After the instance reaches a healthy state (the instance is listening on the configured port number), incoming traffic is automatically routed to the new instance.
Instance pools let you provision and create multiple Compute instances based off the same configuration, within the same region.
By default, the instances in a pool are distributed across all fault Domains in a best-effort manner based on capacity. If capacity isn’t available in one fault domain, the instances are placed in other fault domains to allow the instance pool to launch successfully.
In a high availability scenario, you can require that the instances in a pool are evenly distributed across each of the fault domains that you specify. When sufficient capacity isn’t available in one of the fault domains, the instance pool will not launch or scale successfully, and a work request for the instance pool will return an “out of capacity” error. To fix the capacity error, either wait for capacity to become available, or use the UpdateInstancePool operation to update the placement configuration (the availability domain and fault domain) for the instance pool.

during create the instance pool you can select the location where you want to place the instances”
In the Availability Domain list, select the availability domain to launch the instances in.
If you want the instances in the pool to be placed evenly in one or more fault domains, select the Distribute instances evenly across selected fault domains check box. Then, select the fault domains to place the instances in.

Real-time processing of high-volume streams of data
– OCI Streaming service provides a fully managed, scalable, durable storage option for continuous, high-volume streams of data that you can consume and process in real-time
– Use cases
Log and Event data collection
Web/Mobile activity data ingestion
IoT Data streaming for processing and alerts
Messaging: use streaming to decouple components of large systems

– Oracle managed service with REST APIs (Create, Put, Get, Delete)
– Integrated Monitoring

A 503 Service Unavailable Error is an HTTP response status code indicating that a server is temporarily unable to handle the request. This may be due to the server being overloaded or down for maintenance.

which you have to work with company managed key to create a manage Key

Block Volume Encryption
By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.
You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead. This applies to both encryption at-rest and in-transit encryption.

Object Storage Encryption
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it’s assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.

Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment). Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that’s the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you’ll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon:
:: . . .
to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples
if you attach it to Root compartment you need to specify the PATH as following
Engineering:Dev-Team:Compute
if you attach it to Engineering compartment you need to specify the PATH as following
Dev-Team:Compute
if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following
Compute
Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.

Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.

Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy.

budgets
You can use budgets to track costs in your tenancy. After creating a budget for a compartment, you can set up alerts that will notify you if a budget is forecast to be exceeded or if spending surpasses a certain amount.

OCI Cost Analysis
•Visualization tools Help understand spending patterns at a glance
•Filter costs by Date, Tags and Compartments
•Trend lines show how spending patterns are changing
•To use Cost Analysis you must be a member of the Administrators group

in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services Network.
The Networking service lets you implement network security functions such as intrusion detection, application-level firewalls
In fact, the IDS model can be host-based IDS (HIDS) or network-based IDS (NIDS). HIDS is installed at a host to periodically monitor specific system logs for patterns of intrusions. In contrast, an NIDS sniffs the traffic to analyze suspicious behaviors. A signature-based NIDS (SNIDS) examines the traffic for patterns of known intrusions. SNIDS can quickly and reliably diagnose the attacking techniques and security holes without generating an over-whelming number of false alarms because SNIDS relies on known signatures. However, anomaly-based NIDS (ANIDS) detects unusual behaviors based on statistical methods. ANIDS could detect symptoms of attacks without specific knowledge of details. However, if the training data of the normal traffic are inadequate, ANIDS may generate a large number of false alarms.

MongoDB is a cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schema, so the best to be migrated to Oracle NoSQL Database.
Autonomous transaction Processing Serverless (ATP-S) isn’t supported yet for EBS database

Reference
https://blogs.oracle.com/nosql/migrate-mongodb-data-to-oracle-nosql-database

Tag Variables
You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable resolves to the data it represents. You can use tag variables in defined tags and default tags.

Supported Tag Variables
The following tag variables are supported.
${iam.principal.name}The name of the principal that tagged the resource
${iam.principal.type}The type of principal that tagged the resource.
${oci.datetime}The date and time that the tag was created.
Consider the following example:
Operations.CostCenter=”${iam.principal.name} at ${oci.datetime}”
Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag variables ${iam.principal.name} and ${oci.datetime}. When you add this tag to a resource, the variable resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you added the tag.
user_name at 2019-06-18T18:00:57.604Z
The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone and only the data remains. You can edit the tag value in all the ways you would edit any other tag value.
To create a tag variable, you must use a specific format.
${}
Type a dollar sign followed by open and close curly brackets. The tag variable goes between the curly brackets. You can use tag variables with other tag variables and with string values.

Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user who is creating the resource to have access to the tag namespaces.

Reference
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm

Customer have 4 BM.Standard2.52 and After several months he need additional compute capacity
customer find The VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have significant CPU capacity that unused.
so the customer need to check the Load balance policy to make sure the 4 BM and VM is utilize correctally

you can monitor the health, capacity, and performance of functions you’ve deployed to Oracle Functions by using metrics

Oracle Functions monitors function execution, and collects and reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a ‘429 Too Many Requests’ error in the response (known as ‘throttled function invocations’).

The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Audit.
Every audit log event includes two main parts:
Envelopes that act as a container for all event messages
Payloads that contain data from the resource emitting the event message
The identity object contains the following attributes.
data.identity.authType The type of authentication used.
….
data.identity.principalIdThe OCID of the principal.
data.identity.principalNameThe name of the user or service. This value is the friendly name associated with principalId.

GEOLOCATION STEERING
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
Combine with Oracle Health Checks to fail over from one region to another