Available Storage Types For the PCA X9-2, you can order two different storage types. High Capacity or High Performance. They are different in size and speed as described in this table. High Capacity – DE3-24C High Performance – DE3-24P – 20x 18 TB, SAS-3, 3.5-inch, 7200 RPM HDDs– 2x read SSD accelerator– 2x write SSD accelerator – 20x 7.68TB SAS-3 2.5-inch SSDs– 2x write SSD accelerator The question this week was, which type do we use in our PCA X9-2 setup. In a PCA X9-2, there is as ZFS Storage Appliance running as we already know for example from ZS7-2. Oracle uses the same architecture and the software, the main difference is, that the ZFSSA is completely integrated into the…
Read MoreAuthor: Martin Berger
PCA X9-2 – Console Connection – How To
In a customer project, we have two Oracle Private Cloud Appliance X9-2 up and running. The management of a PCA X9-2 is almost like in Oracle Cloud Infrastructure. Even when the style of the user interface is not so cool. This week after a change on a virtual machine, the machine was not able to boot again. As in OCI, then Console Connection is the best way to troubleshoot the situation and gather more information. In this blog post I show you how to connect to a virtual machine from a Windows platform. See here for the virsh connection when no VCN viewer is available: PCA X9-2 – Console Connection – virsh Version Architecture Prerequisites Documentation – PCA 3.0.2 https://docs.oracle.com/en/engineered-systems/private-cloud-appliance/3.0/user-3.0.2/user-usr-compute.html#usr-instance-consoledisplay…
Read MoreHardening Oracle Cloud Infrastructure – Part 2: Remediation
In the first blog part, I wrote that’s not so easy to identify risk in your Oracle Cloud Infrastructure account. CIS – Center of Internet Security – has a free benchmark which supports you in hardening your account. And with Palo Alto Prisma or OCI Cloud Guard, there are two tools which provide information too. But I want to have an easier way to identify and remediate dangers. select * from cloud; Steampipe.io provides a powerful CLI tool, where you can query cloud account by API. Instead if clicking actions in the user interface to find out who has no MFA enabled, just execute this query: steampipe query “select name, is_mfa_activated from oci_identity_user where is_mfa_activated=false;” +———————————————————+——————+ | name | is_mfa_activated…
Read MoreHardening Oracle Cloud Infrastructure – Part 1: Identification
Cloud Security When you search with the term “Cloud Breaches 2022” in one of the search engines, there is a almost endless list of breaches. In this 2-part blog post I show you an easy way, to level up your security in Oracle Cloud Infrastructure. For example listed on https://www.immuniweb.com/blog/top-10-cloud-security-incidents-in-2022.html: As you can see here, these are all issues related to security settings done by the owner of the accounts. No special hacking methods, no social engineering. Just wrong settings. Sure, there are also technical bugs possible, this one has happened in summer 2022 in Oracle Cloud Infrastructure and was called #AttachMe: https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access Cloud Security Risks – Items These items are all configurable by customer, like roles not according least-privilege…
Read MoreOracle Cloud Infrastructure Quick Tip – Unlock the Windows OPC User Account
Today, after testing some Oracle Cloud Infrastructure firewall changes and login tests into a running Windows 2019 Server, the account of the administration user opc was locked. The referenced account is currently locked out and may not be logged on. And now? There was no other user available with administrator privileges to unlock this account. We have basically two methods to solve the issue. a) The Coffee Cup Style – just wait You know the password? The Oracle Cloud Infrastructure provided Windows Server 2019 images use a 5 minutes lock out policy until you can try again – so grab a cup of coffee and wait. FYI, these 5 mins…
Read More