Oracle US Defense Cloud

This topic contains information specific to the Oracle US Defense Cloud.

Compliance with Defense Cloud Security Requirements

US Defense Cloud supports applications that require Impact Level 5 (IL5) data, as defined in the Department of Defense Cloud Computing Security Requirements Guide (SRG).

Oracle US Defense Cloud Regions

The region names and identifiers for the US Defense Cloud regions are shown in the following table:

Region Name Region Identifier Region Key Realm Key Availability Domains
US DoD East (Ashburn) us-gov-ashburn-1 ric OC3 1
US DoD North (Chicago) us-gov-chicago-1 pia OC3 1
US DoD West (Phoenix) us-gov-phoenix-1 tus OC3 1

After your tenancy is created in one of the US Defense Cloud regions, you can subscribe to the other regions in the US Defense Cloud. These tenancies can't subscribe to any Oracle Cloud Infrastructure regions not belonging to the OC3 realm . For information about subscribing to a region, see Managing Regions.

Oracle US Defense Cloud API Reference and Endpoints

This section includes the APIs and corresponding regional endpoints with the US Defense Cloud.

Analytics API

API reference

  • https://analytics.us-gov-ashburn-1.ocp.oraclegovcloud.com
  • https://analytics.us-gov-chicago-1.ocp.oraclegovcloud.com
  • https://analytics.us-gov-phoenix-1.ocp.oraclegovcloud.com
Announcements API

API reference

  • https://announcements.us-gov-ashburn-1.oraclegovcloud.com
  • https://announcements.us-gov-chicago-1.oraclegovcloud.com
  • https://announcements.us-gov-phoenix-1.oraclegovcloud.com
Application Performance Monitoring Configuration API

API reference

  • https://apm-config.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://apm-config.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://apm-config.us-gov-phoenix-1.oci.oraclegovcloud.com
Application Performance Monitoring Control Plane API

API reference

  • https://apm-cp.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://apm-cp.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://apm-cp.us-gov-phoenix-1.oci.oraclegovcloud.com
Application Performance Monitoring Synthetic Monitoring API

API reference

  • https://apm-synthetic.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://apm-synthetic.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://apm-synthetic.us-gov-phoenix-1.oci.oraclegovcloud.com
Application Performance Monitoring Trace Monitoring API

API reference

  • https://apm-trace.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://apm-trace.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://apm-trace.us-gov-phoenix-1.oci.oraclegovcloud.com
API Gateway API

API reference

  • https://apigateway.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://apigateway.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://apigateway.us-gov-phoenix-1.oci.oraclegovcloud.com
Artifacts and Container Images API

API reference

  • https://artifacts.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://artifacts.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://artifacts.us-gov-phoenix-1.oci.oraclegovcloud.com
Autonomous Linux API

API reference

  • https://osmh.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://osmh.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://osmh.us-gov-phoenix-1.oci.oraclegovcloud.com
Autoscaling API

API reference

  • https://autoscaling.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://autoscaling.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://autoscaling.us-gov-phoenix-1.oci.oraclegovcloud.com
Bastion API

API reference

  • https://bastion.us-ashburn-1.oci.oraclegovcloud.com
  • https://bastion.us-chicago-1.oci.oraclegovcloud.com
  • https://bastion.us-phoenix-1.oci.oraclegovcloud.com
Big Data Service API

API reference

  • https://bigdataservice.us-ashburn-1.oci.oraclegovcloud.com
  • https://bigdataservice.us-chicago-1.oci.oraclegovcloud.com
  • https://bigdataservice.us-phoenix-1.oci.oraclegovcloud.com
Certificates Service Management API

API reference

  • https://certificatesmanagement.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://certificatesmanagement.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://certificatesmanagement.us-gov-phoenix-1.oci.oraclegovcloud.com
Certificates Service Retrieval API

API reference

  • https://certificates.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://certificates.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://certificates.us-gov-phoenix-1.oci.oraclegovcloud.com
Cloud Guard API

API reference

  • https://cloudguard-cp-api.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://cloudguard-cp-api.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://cloudguard-cp-api.us-gov-phoenix-1.oci.oraclegovcloud.com
Cloud Advisor API

API reference

  • https://optimizer.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://optimizer.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://optimizer.us-gov-phoenix-1.oci.oraclegovcloud.com
Connector Hub API

API reference

  • https://service-connector-hub.us-ashburn-1.oci.oraclegovcloud.com
  • https://service-connector-hub.us-chicago-1.oci.oraclegovcloud.com
  • https://service-connector-hub.us-phoenix-1.oci.oraclegovcloud.com
Core Services (covering Networking, Compute, and Block Volume)

The Networking, Compute, and Block Volume services are accessible with the following API:

Core Services API

API reference

  • https://iaas.us-gov-ashburn-1.oraclegovcloud.com
  • https://iaas.us-gov-chicago-1.oraclegovcloud.com
  • https://iaas.us-gov-phoenix-1.oraclegovcloud.com
Data Flow API

API reference

  • https://dataflow.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://dataflow.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://dataflow.us-gov-phoenix-1.oci.oraclegovcloud.com
Data Integration API

API reference

  • https://dataintegration.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://dataintegration.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://dataintegration.us-gov-phoenix-1.oci.oraclegovcloud.com
Data Science API

API reference

  • https://datascience.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://datascience.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://datascience.us-gov-phoenix-1.oci.oraclegovcloud.com
Database API

API reference

  • https://database.us-gov-ashburn-1.oraclegovcloud.com
  • https://database.us-gov-chicago-1.oraclegovcloud.com
  • https://database.us-gov-phoenix-1.oraclegovcloud.com

You can track the progress of long-running Database operations with the Work Requests API.

Database Management API

API reference

  • https://dbmgmt.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://dbmgmt.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://dbmgmt.us-gov-phoenix-1.oci.oraclegovcloud.com
DevOps API

API reference

  • https://devops.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://devops.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://devops.us-gov-phoenix-1.oci.oraclegovcloud.com
Digital Assistant API

API reference

  • https://digitalassistant.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://digitalassistant.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://digitalassistant.us-gov-phoenix-1.oci.oraclegovcloud.com
DNS API
Note

This information is for private DNS only. Public DNS is not available in government realms.

API Reference

  • https://dns.us-gov-ashburn-1.oraclegovcloud.com
  • https://dns.us-gov-chicago-1.oraclegovcloud.com
  • https://dns.us-gov-phoenix-1.oraclegovcloud.com
Email Delivery API

API reference

  • https://ctrl.email.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://ctrl.email.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://ctrl.email.us-gov-phoenix-1.oci.oraclegovcloud.com
Events API

API reference

  • https://events.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://events.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://events.us-gov-phoenix-1.oci.oraclegovcloud.com
File Storage API

API reference

  • https://filestorage.us-gov-ashburn-1.oraclegovcloud.com
  • https://filestorage.us-gov-chicago-1.oraclegovcloud.com
  • https://filestorage.us-gov-phoenix-1.oraclegovcloud.com
Functions API

API reference

  • https://functions.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://functions.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://functions.us-gov-phoenix-1.oci.oraclegovcloud.com
GoldenGate API

API reference

  • https://goldengate.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://goldengate.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://goldengate.us-gov-phoenix-1.oci.oraclegovcloud.com
Generic Artifacts Content API

API reference

  • https://generic.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://generic.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://generic.us-gov-phoenix-1.oci.oraclegovcloud.com
IAM API

API reference

  • https://identity.us-gov-ashburn-1.oraclegovcloud.com
  • https://identity.us-gov-chicago-1.oraclegovcloud.com
  • https://identity.us-gov-phoenix-1.oraclegovcloud.com
Note

Use the Endpoint of Your Home Region for All IAM API Calls

When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for you in one region. This is your home region. Your home region is where your IAM resources are defined. When you subscribe to a new region, your IAM resources are replicated in the new region, however, the master definitions reside in your home region and can only be changed there. Make all IAM API calls against your home region endpoint. The changes automatically replicate to all regions. If you try to make an IAM API call against a region that is not your home region, you will receive an error. See What is the tenancy home region? How do I find my tenancy home region?

Java Management API

API reference

  • https://javamanagement.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://javamanagement.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://javamanagement.us-gov-phoenix-1.oci.oraclegovcloud.com
Key Management API (for the Vault service)

API reference

  • https://kms.us-gov-ashburn-1.oraclegovcloud.com
  • https://kms.us-gov-chicago-1.oraclegovcloud.com
  • https://kms.us-gov-phoenix-1.oraclegovcloud.com

In addition to these endpoints, each vault has a unique endpoint for create, update, and list operations for keys. This endpoint is referred to as the control plane URL or management endpoint. Each vault also has a unique endpoint for cryptographic operations. This endpoint is known as the data plane URL or the cryptographic endpoint.

Kubernetes Engine API

API reference

  • https://containerengine.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://containerengine.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://containerengine.us-gov-phoenix-1.oci.oraclegovcloud.com
License Manager API

API reference

  • https://licensemanager.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://licensemanager.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://licensemanager.us-gov-phoenix-1.oci.oraclegovcloud.com
LogAnalytics API

API reference

  • https://loganalytics.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://loganalytics.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://loganalytics.us-gov-phoenix-1.oci.oraclegovcloud.com

Using Sample Log Data to perform analysis operations isn't supported in US Defense Cloud.

Logging Ingestion API

API reference

  • https://ingestion.logging.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://ingestion.logging.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://ingestion.logging.us-gov-phoenix-1.oci.oraclegovcloud.com
Logging Management API

API reference

  • https://logging.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://logging.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://logging.us-gov-phoenix-1.oci.oraclegovcloud.com
Logging Search API

API reference

  • https://logging.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://logging.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://logging.us-gov-phoenix-1.oci.oraclegovcloud.com
Management Agent API

API reference

  • https://management-agent.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://management-agent.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://management-agent.us-gov-phoenix-1.oci.oraclegovcloud.com
Marketplace Service API

API reference

  • https://marketplace.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://marketplace.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://marketplace.us-gov-phoenix-1.oci.oraclegovcloud.com
Monitoring API

API reference

  • https://telemetry-ingestion.us-gov-ashburn-1.oraclegovcloud.com
  • https://telemetry-ingestion.us-gov-chicago-1.oraclegovcloud.com
  • https://telemetry-ingestion.us-gov-phoenix-1.oraclegovcloud.com
  • https://telemetry.us-gov-ashburn-1.oraclegovcloud.com
  • https://telemetry.us-gov-chicago-1.oraclegovcloud.com
  • https://telemetry.us-gov-phoenix-1.oraclegovcloud.com
Network Load Balancer API

API reference

  • https://network-load-balancer-api.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://network-load-balancer-api.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://network-load-balancer-api.us-gov-phoenix-1.oci.oraclegovcloud.com
Notifications API

API reference

  • https://notification.us-gov-ashburn-1.oraclegovcloud.com
  • https://notification.us-gov-chicago-1.oraclegovcloud.com
  • https://notification.us-gov-phoenix-1.oraclegovcloud.com

The source service must be available in US Defense Cloud regions for messages to be successfully sent through the Notifications service. If the source service isn't available in these regions, then the message isn't sent. For a list of unavailable services, see Services Not Supported in Oracle US Defense Cloud.

Object Storage and Archive Storage APIs

Both Object Storage and Archive Storage are accessible with the following APIs:

Object Storage API

API reference

  • https://objectstorage.us-gov-ashburn-1.oraclegovcloud.com
  • https://objectstorage.us-gov-chicago-1.oraclegovcloud.com
  • https://objectstorage.us-gov-phoenix-1.oraclegovcloud.com
Amazon S3 Compatibility API

API reference

  • https://<object_storage_namespace>.compat.objectstorage.us-gov-ashburn-1.oraclegovcloud.com
  • https://<object_storage_namespace>.compat.objectstorage.us-gov-chicago-1.oraclegovcloud.com
  • https://<object_storage_namespace>.compat.objectstorage.us-gov-phoenix-1.oraclegovcloud.com
Tip

See Understanding Object Storage Namespaces for information regarding how to find your Object Storage namespace.
Swift API (for use with Oracle RMAN)
  • https://swiftobjectstorage.us-gov-ashburn-1.oraclegovcloud.com
  • https://swiftobjectstorage.us-gov-chicago-1.oraclegovcloud.com
  • https://swiftobjectstorage.us-gov-phoenix-1.oraclegovcloud.com
OpenSearch API

API reference

  • https://opensearch.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://opensearch.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://opensearch.us-gov-phoenix-1.oci.oraclegovcloud.com
Operations Insights API

API reference

  • https://operationsinsights.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://operationsinsights.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://operationsinsights.us-gov-phoenix-1.oci.oraclegovcloud.com
Oracle Cloud VMware Solution API

API reference

  • https://ocvps.us-ashburn-1.oci.oraclegovcloud.com
  • https://ocvps.us-chicago-1.oci.oraclegovcloud.com
  • https://ocvps.us-phoenix-1.oci.oraclegovcloud.com
Oracle Integration API

API reference

  • https://integration.us-ashburn-1.oci.oraclegovcloud.com
  • https://integration.us-chicago-1.oci.oraclegovcloud.com
  • https://integration.us-phoenix-1.oci.oraclegovcloud.com

For more information, see Using Oracle Integration Generation 3 on US Government Cloud.

Organizations Management API

API reference

  • https://organizations.us-ashburn-1.oci.oraclegovcloud.com
  • https://organizations.us-chicago-1.oci.oraclegovcloud.com
  • https://organizations.us-phoenix-1.oci.oraclegovcloud.com
OS Management API

API reference

  • https://osms.us-ashburn-1.oci.oraclegovcloud.com
  • https://osms.us-chicago-1.oci.oraclegovcloud.com
  • https://osms.us-phoenix-1.oci.oraclegovcloud.com
OS Management Hub API

API reference

  • https://osmh.us-ashburn-1.oci.oraclegovcloud.com
  • https://osmh.us-chicago-1.oci.oraclegovcloud.com
  • https://osmh.us-phoenix-1.oci.oraclegovcloud.com
Registry

Registry

  • US DoD East (Ashburn)
    • ocir.us-gov-ashburn-1.oci.oraclegovcloud.com
  • US DoD North (Chicago)
    • ocir.us-gov-chicago-1.oci.oraclegovcloud.com
  • US DoD North (Chicago)
    • ocir.us-gov-phoenix-1.oci.oraclegovcloud.com
Resource Manager API

API reference

  • https://resourcemanager.us-ashburn-1.oci.oraclegovcloud.com
  • https://resourcemanager.us-chicago-1.oci.oraclegovcloud.com
  • https://resourcemanager.us-phoenix-1.oci.oraclegovcloud.com
Scanning API

API reference

  • https://vss-cp-api.us-ashburn-1.oci.oraclegovcloud.com
  • https://vss-cp-api.us-chicago-1.oci.oraclegovcloud.com
  • https://vss-cp-api.us-phoenix-1.oci.oraclegovcloud.com
Stack Monitoring API

API reference

  • https://stack-monitoring.us-ashburn-1.oci.oraclegovcloud.com
  • https://stack-monitoring.us-chicago-1.oci.oraclegovcloud.com
  • https://stack-monitoring.us-phoenix-1.oci.oraclegovcloud.com
Streaming API

API reference

  • https://streaming.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://streaming.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://streaming.us-gov-phoenix-1.oci.oraclegovcloud.com
Threat Intelligence API

API reference

  • https://api-threatintel.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://api-threatintel.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://api-threatintel.us-gov-phoenix-1.oci.oraclegovcloud.com
Vault Service Key Management API

API reference

  • https://kms.us-gov-ashburn-1.oraclegovcloud.com
  • https://kms.us-gov-chicago-1.oraclegovcloud.com
  • https://kms.us-gov-phoenix-1.oraclegovcloud.com
Vault Service Secret Management API

API reference

  • https://vaults.us-gov-ashburn-1.oraclegovcloud.com
  • https://vaults.us-gov-chicago-1.oraclegovcloud.com
  • https://vaults.us-gov-phoenix-1.oraclegovcloud.com
Vault Service Secret Retrieval API

API reference

  • https://secrets.us-gov-ashburn-1.oraclegovcloud.com
  • https://secrets.us-gov-chicago-1.oraclegovcloud.com
  • https://secrets.us-gov-phoenix-1.oraclegovcloud.com
Vision API

API reference

  • https://vision.aiservice.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://vision.aiservice.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://vision.aiservice.us-gov-phoenix-1.oci.oraclegovcloud.com
Visual Builder API

API reference

  • https://visualbuilder.us-gov-ashburn-1.ocp.oraclegovcloud.com
  • https://visualbuilder.us-gov-chicago-1.ocp.oraclegovcloud.com
  • https://visualbuilder.us-gov-phoenix-1.ocp.oraclegovcloud.com
Visual Builder Studio API

API reference

  • https://vbstudio.us-gov-ashburn-1.ocp.oraclegovcloud.com
  • https://vbstudio.us-gov-chicago-1.ocp.oraclegovcloud.com
  • https://vbstudio.us-gov-phoenix-1.ocp.oraclegovcloud.com
Web Application Firewall (WAF) API

API reference

  • https://waf.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://waf.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://waf.us-gov-phoenix-1.oci.oraclegovcloud.com
Work Requests API (for Compute and Database work requests)

API reference

  • https://iaas.us-gov-ashburn-1.oraclegovcloud.com
  • https://iaas.us-gov-chicago-1.oraclegovcloud.com
  • https://iaas.us-gov-phoenix-1.oraclegovcloud.com

Oracle YUM Repo Endpoints

The Oracle YUM repo regional endpoints for the US Defense Cloud are shown in the following table

Region YUM Server Endpoint
US DoD East (Ashburn)
  • https://yum.us-gov-ashburn-1.oci.oraclegovcloud.com
  • https://yum-us-gov-ashburn-1.oracle.com
US DoD North (Chicago)
  • https://yum.us-gov-chicago-1.oci.oraclegovcloud.com
  • https://yum-us-gov-chicago-1.oracle.com
US DoD West (Phoenix)
  • https://yum.us-gov-phoenix-1.oci.oraclegovcloud.com
  • https://yum-us-gov-phoenix-1.oracle.com

SMTP Authentication and Connection Endpoints

Email Delivery only supports the AUTH PLAIN command when using SMTP authentication. If the sending application is not flexible with the AUTH command, an SMTP proxy/relay can be used. For more information about the AUTH command, see AUTH Command and its Mechanisms.

Region SMTP Connection Endpoint
US DoD East (Ashburn) smtp.email.us-gov-ashburn-1.oci.oraclegovcloud.com
US DoD North (Chicago) smtp.email.us-gov-chicago-1.oci.oraclegovcloud.com
US DoD West (Phoenix) smtp.email.us-gov-phoenix-1.oci.oraclegovcloud.com

SPF Record Syntax

An SPF record is a TXT record on your sending domain that authorizes Email Delivery IP addresses to send on your behalf. SPF is required for subdomains of oraclegovcloud.com and recommended in other cases. The SPF record syntax for each sending region is shown in the following table:

Realm Key SPF Record
OC3 v=spf1 include:rp.email.oci.oraclegovcloud.com ~all
The Realm Key is applicable for any sending regions in that realm.

Services Not Supported in Oracle US Defense Cloud

Currently, the following services aren't available or aren't supported for tenancies in the US Defense Cloud.

Note

This list isn't exhaustive. Full Stack Disaster Recovery services and features are not available. Other services and features might also be unavailable or unsupported.

Networking services and features not available:

  • FastConnect with a provider (FastConnect in a colocation model is supported)
  • DNS Zone Management - public DNS zones (private DNS zones are supported)
  • Traffic Management

Oracle Database services not available:

  • Data Safe

Storage services and features not available:

  • In-transit encryption for bare metal instances.
  • The Ultra High Performance level for block volumes and boot volumes.
  • File Storage LDAP authorization and Kerberos authentication.

Analytics & AI services not available:

  • Analytics Cloud
  • Fusion Data Intelligence

Developer Services features not supported:

  • Container Instances
  • Content Management
  • Process Automation

Identity & Security services not available:

  • Compliance Documents

Observability & Management services and features not available:

  • Health Checks

Migration & Disaster Recovery services and features not available:

  • Data Transfer service

Governance & Administration features not supported:

  • Auto-federation with Oracle Identity Cloud Service
  • WAF service

Integration with Oracle SaaS and PaaS services, including those listed here: Get Started with Oracle Platform Services.

Oracle Cloud Infrastructure Free Tier, including promotional trial and Always Free offers aren't available in US Defense Cloud regions.

Access to Multiple Oracle US Defense Cloud Regions

This section shows how to give the on-premises resources that are part of NIPRNet access to multiple US Defense Cloud regions over a single FastConnect connection. This is important if one of the regions doesn't have a direct connection to the NIPRNet's border cloud access point (BCAP). The BCAP is also referred to as the meet me point.

Overview

Some US Defense Cloud regions have a direct connection to a NIPRNet BCAP, but others don't. You can use the Networking service to give on-premises resources that are part of NIPRNet access to a US Defense Cloud region that's not directly connected to the NIPRNet's BCAP. You might do this to extend on-premises workloads into a particular US Defense Cloud region that you're interested in, or to use that region for disaster recovery (DR).

This scenario is illustrated in the following diagram.

This image shows the layout of the NIPRNet connected to two different Oracle regions by way of FastConnect and remote peering.
Callout 1: Route Table for VCN-1's Subnets
Destination CIDR Route Target
172.16.1.0/24 DRG-1
10.0.3.0/24 DRG-1
Callout 2: Route Table for VCN-2's Subnets
Destination CIDR Route Target
172.16.1.0/24 DRG-2
10.0.1.0/24 DRG-2
Callout 3: BGP at BCAP Edge
Advertises Receives
172.16.1.0/24 10.0.1.0/24
10.0.3.0/24
Callout 4: BGP at DRG-1
Advertises Receives
10.0.1.0/24 172.16.1.0/24
10.0.3.0/24

In the diagram, US Defense Cloud region 1 has a direct connection to the NIPRNet's BCAP, but US Defense Cloud region 2 doesn't. Imagine that on-premises resources in NIPRNet (in subnet 172.16.1.0/24) need access to a virtual cloud network (VCN) in region 2 (with CIDR 10.0.3.0/24).

Optionally, there could also be a VCN with cloud resources in region 1 (with CIDR 10.0.1.0/24), but a VCN in region 1 isn't required for this scenario. The intent of this scenario is for the on-premises resources to get access to resources in region 2.

In general, you set up two types of connections:

Here are some details about the connections:

  • That FastConnect has at least one physical connection, or cross-connect . You set up a private virtual circuit that runs on the FastConnect. The private virtual circuit enables communication that uses private IP addresses between the on-premises resources and the cloud resources.
  • The remote peering connection is between a dynamic routing gateway (DRG) in region 1, and a DRG in region 2. A DRG is a virtual router that you typically attach to a VCN to give that VCN access to resources outside its Oracle region.
  • You can control which on-premises subnets are advertised to the VCNs by configuring the BCAP edge router accordingly.
  • The subnets in both VCN-1 and VCN-2 are advertised to the BCAP edge router over the FastConnect connection.
  • You can optionally configure VCN security rules and other firewalls that you maintain to allow only certain types of traffic (such as SSH or SQL*NET) between the on-premises resources and VCNs.

Here are some basic requirements:

  • The VCNs and DRGs in region 1 and region 2 must belong to the same tenancy, but they can be in different compartments  within the tenancy.
  • For accurate routing, the CIDR blocks of the on-premises subnets of interest and the VCNs must not overlap.
  • To enable traffic to flow from a VCN to the on-premises subnets of interest, you must add a route rule to the VCN subnet route tables for each of the on-premises subnets. The preceding diagram shows the route rule for 172.16.1.0/24 in each VCN's route table.

General Setup Process

Task 1: Set up FastConnect to region 1

Summary: In this task, you set up the FastConnect between the NIPRNet BCAP and region 1. FastConnect has three connectivity models, and you generally follow the colocate with Oracle model. In this case, colocation occurs in the BCAP (the meet me point). The connection consists of both a physical connection (at least one cross-connect) and logical connection (private virtual circuit).

For instructions, follow the flow chart and tasks listed in Getting Started with FastConnect, and notice these specific variations:

  • In task 2, the instructions assume that you have a VCN (in region 1), but it's optional.
  • In task 8, create a private virtual circuit (not a public one).
Task 2: Set up a VCN and DRG in region 2

Summary: If you don't yet have a VCN in region 2 (VCN-2 in the preceding diagram), you set it up in this task. You also create a DRG in region 2 and attach it to the VCN. Then, for each VCN-2 subnet that needs to communicate with the on-premises network, you update that subnet's route table to include a route rule for the on-premises subnet of interest. If there are multiple on-premises subnets that you want to route to, set up a route rule for each one.

For instructions, see these procedures:

  1. Creating a VCN
  2. Creating a DRG
  3. Attaching a VCN to a DRG
  4. To route a subnet's traffic to a DRG
    Important

    In step 4 in the preceding list, add a route rule with the following settings:

    • Destination CIDR = the on-premises subnet of interest
    • Target = the VCN's DRG

    In the preceding diagram, it's the rule with 172.16.1.0/24 as the destination CIDR, and target as DRG-2. The second rule in the diagram (for 10.0.1.0/24 and DRG-2) is necessary only if resources in VCN-2 need to communicate with resources in VCN-1.

Task 3: Set up remote peering between region 1 and region 2

Summary: In this task, you set up a remote peering to enable private traffic between DRG-1 and DRG-2. The term remote peering typically means that resources in one VCN can communicate privately with resources in a VCN in a different region. In this case, the remote peering also enables private communication between the on-premises network and VCN-2.

For instructions, see Setting Up a Remote Peering, and notice these important details:

  • Optional region 1 VCN: The instructions assume that each region has a VCN, but in this situation, it is optional for region 1.
  • Single VCN administrator: The instructions assume that there are two different VCN administrators: one for the VCN in region 1 and another for the VCN in region 2. In this situation, there might be only a single VCN administrator (you) who handles both regions and configures the remote peering connection.
  • Unnecessary IAM policies: The instructions include a task for each VCN administrator to set up particular IAM policies to enable the remote peering connection. One policy is for the VCN administrator who is designated as the requestor, and one is for the VCN administrator who is designated as the acceptor. Those terms are further defined in Important Remote Peering Concepts. However, if there's only a single VCN administrator with comprehensive networking permissions across the tenancy, those IAM policies aren't necessary. For more information, read the tip that appears at the end of the task.
  • RPC anchor points and connection: The remote peering actually consists of multiple components that you must set up. There's an anchor point on each DRG (shown as RPC-1 and RPC-2 in the preceding diagram), plus a connection between those two RPC anchor points. The instructions include steps for creating those RPCs and the connection between them. Ensure that you create all the components.

More Information for Oracle US Defense Cloud Customers