00:00Welcome to this lesson on OCI Compartments. Compartments are a unique feature within OCI
00:10and these are really powerful. So, let us explore. So, what is a compartment? When you
00:19open an account in OCI, you get a tenancy, that is another fancy name for an account,
00:25and we also give you a root compartment. So, think of root compartment as this logical construct
00:31where you can keep all your cloud resources. And then what you could do is you could create
00:39your own individual compartments like you see here. There is a network compartment,
00:44there is a storage compartment, and the idea is you create these for isolation and controlling
00:50access and you could keep a collection of related resources in specific compartments. So,
00:56the network compartment has network resources and storage compartment has storage resources.
01:04Now, keep in mind, root compartment, as I said earlier, can hold all of the cloud resources.
01:09So, it can be sort of a kitchen sink, you could put everything in there, but the best practice
01:14is to create dedicated compartments to isolate resources. You will see why. Let me just explain.
01:19So, first thing is, each resource you create belongs to a single compartment. So, you create a virtual
01:26machine, for example, it goes to compartment A, it cannot go to compartment B again. You have to move
01:32it from compartment A or delete and recreate in compartment B. Keep in mind, each resource belongs
01:39to a single compartment. The reason why you want to compartmentalize your resources is exactly shown on
01:45this slide. Why you use compartment in the first place is for controlling access and isolation. So,
01:51the way you do that is you have resources, let us say in this case, a block storage kept in compartment A,
01:58you do not want those to be used by everyone. You want those to be used only by the compute admins
02:04and storage admins. So, you create those admins as users and groups, write these policies, and they can
02:10access these resources in this compartment. So, it is very important. Do not put all your resources in
02:19the root compartment. Create resource specific compartments or whichever way you want to divide
02:24your tenancies and put resources accordingly. Now, how do resources interact if they are in different
02:31compartments? Do they all have to be in the same compartment? Absolutely not. As you can see here,
02:36resource in one compartment can interact with resource in another compartment. Here,
02:40the virtual cloud network is the compute instance uses the virtual cloud network and but these are
02:47in two different compartments. So, this is absolutely supported and it keeps your design much cleaner.
02:54Keep in mind that resource can also be moved from one compartment to another. So, in this example,
02:59compartment A had a virtual machine, we can move that from compartment A to compartment B.
03:06Another concept which is very important to grasp is the compartments are global constructs like
03:13everything in identity. So, resources from multiple regions can be in the same compartment. So,
03:19when you go to Phoenix, you see this compartment existing, you go to Ashburn, you see the same
03:24compartment. Now, you can write policies to prevent users from accessing resources in a specific region,
03:34you could do that. But keep in mind all the compartments you create are global and they are
03:40available in every region you have access to. Compartments can also be nested. So, you have
03:47up to 6 levels nesting provided by compartments. You would do this again because this can mimic your
03:54current design whether it is your organizational design or whether it is your IT hierarchy, you could
04:00create nested compartments. It just helps keep your design cleaner. And then finally,
04:07you could set quotas and budgets on compartment. So, you could say that my particular compartment,
04:13you cannot create a bare metal machine or you cannot create an exadata resource. So, you could
04:18control it like that and then you could also create budgets on compartments. So, you could say that
04:23if the usage in a particular compartment goes beyond a thousand dollars, it gets flagged and you get
04:29notified. So, you could do that. So, that's compartment for you. It's a very unique feature within OCI.
04:35We believe it helps keep your tenancies much better organized and it really supports your current IT
04:45hierarchy and design.
Comments