Tagging Oracle Exadata Database Service on Cloud@Customer Resources
Tagging is a powerful foundational service for Oracle Cloud Infrastructure (OCI) that enables users to search, control access, and do bulk actions on a set of resources based on the tag.
Importance of Tagging
Using the Oracle Cloud Infrastructure (OCI) tagging system, you can tag resources per your organizational scheme allowing you to group resources, manage costs, and give insights into usage. Tags also help you build a governance model around security and Maximum Availability Architecture (MAA). As your organization expands its cloud footprint, it can become challenging to keep track of the deployment architectures, security best practices, MAA, application tier, and so on. Using metadata tags to identify workload attributes can help keep up with the security and availability of your tenancy without cost overruns.
To enable customers to manage OCI resources securely and cost-effectively, Oracle
provides a set of pre-defined tags in line with best practices for tagging
resources. These tags are grouped into two namespaces, the
oracleStandard namespace, and the
OracleApplicationName namespace. You can think of a tag
namespace as a container for your tag keys.
Consider a scenario where your organization has multiple cloud resources such as Exadata Infrastructure, VM Cluster, DB Home, Oracle Database, Autonomous Exadata VM Cluster, Autonomous Container Database, Autonomous Database, and VM Cluster Networks across multiple compartments in your tenancy. across multiple compartments in your tenancy. Suppose you wish to track these cloud resources for specific purposes, report on them, or take bulk actions. In that case, you will need a system that lets you group these resources based on different criteria such as environment, criticality, target users, application, etc. You can achieve this by applying appropriate tags to these resources.
For example, you may tag all resources in your development stack with
Oracle-Standard.Environment=Dev or for a business-critical
application stack set Oracle-Standard.Criticality=High or
Extreme. In the event of service disruptions due to various
reasons, you would then be able to quickly identify all OCI resources associated
with an application or business function or be able to separate critical and
non-critical workloads.
Tagging can also help you deploy optimized configurations based on
workload attributes identified via tags. For example, database deployments for the
PeopleSoft application require a specific configuration. Setting the
ApplicationName and AppMajorVersion tags while
deploying an Oracle Database or an Oracle Autonomous Database can ensure that the
database is configured and ready for the particular application, for example,
PeopleSoft out of the box.
Moreover, integration with the Cloud Advisor OCI service can provide you with direct, deep insight into how well your cloud services adhere to the corporate guidelines and help your management govern with a vision. See Cloud Advisor Overview for more details.
Adding Tags
You can tag resources using the Oracle Cloud Infrastructure (OCI) console, command-line interface, or SDK.
There are many cloud resources that can be tagged in an Oracle Exadata Database Service on Cloud@Customer deployment. Exadata Infrastructure, VM Cluster, DB Home, Oracle Database, Autonomous Exadata VM Cluster, Autonomous Container Database, Autonomous Database, and VM Cluster Networks are some of them. Tags can either be applied while creating the resources or modified later. For example, you can apply tags to an Autonomous Container Database (ACD) while provisioning the ACD or add them later from its Details page.
See How Tagging Works for more details on using tags. Tagging integrates with Oracle Cloud Infrastructure authorization system. You can use IAM policy controls to enable delegation or restriction of tag manipulation. See Authentication and Authorization to learn about the permissions required to work with defined and free-form tags. (Required) Enter introductory text here, including the definition and purpose of the concept.
Tip:
For a "try it out" tutorial that demonstrates implementing tags in Oracle Autonomous Database, refer to Lab 14: Oracle Standard Tags in Oracle Autonomous Database Dedicated for Fleet Administrators Workshop on Oracle LiveLabs.Your tenancies come with a library of standard tags that would apply to most resources. These tags are currently available as a set of Tag Namespaces that your governance administrators can deploy. OCI best practices recommend applying these tags to all resources a standard tag can be applied to. Besides reporting and governance, OCI service automation can deliver workload-specific optimizations based on standard tag values.
For example, database deployments for the PeopleSoft application require
a specific configuration. By setting the appropriate application tag key in the
Oracle-ApplicationName tag namespace while deploying an
Autonomous Database, can ensure that the database is configured ready for the
particular application, for example, PeopleSoft out of the box.
Figure 4-1 Tagging Example
Oracle Standard Tags
Your tenancy governance administrators can deploy the standard tags at the tenancy
level and may also mark certain tags as required, thereby enforcing tags on
resources in those compartments. The following are the standard tags defined in the
namespace called OracleStandard. For more information about
importing standard tags, see To import standard tags under the
Managing Tag Namespaces section.
Table 4-1 Oracle Standard Tags
| Tag Key | Tag Value Options | Description |
|---|---|---|
|
|
|
Enables tiering of resources in line with corporate application classification standards. Customer governance can use this tag for reporting and ensuring resources are configured as per the guideline for the tier they belong to. For example, a database resource with
|
|
|
|
Denotes a resource lifecycle. In the case of databases, it helps determine consolidation density, database distribution across containers, set maintenance plans, and manage clones. |
|
|
|
An application or database classification tag.
|
|
|
Refer to List of Compliance Regulations for values. |
Denotes one or more compliance regulations that a resource must adhere to. Tag administrators may add values to the list from the OCI Governance and Administration console. Refer to Using Predefined Values for more details. |
|
|
|
Denotes the end users of a resource. Another form of resource classification that helps determine target users and allows governance teams to set corporate standards based on user or application type. |
|
|
|
An approximate count of end-users. This tag helps determine the number of users impacted or the blast radius during an availability or security event. This also helps prioritize recovery efforts in the event of major outages affecting a large number of cloud resources. |
|
|
Free form tag. For example john.smith@acme.com or app_support_grp@acme.com |
Denotes the email address of the resource owner. |
|
|
|
Identifies the customer's line of business or department that owns or uses the resource. This may help with cost aggregation reports and determining usage across business units.Tag administrators may add relevant values to the list from the OCI Governance and Administration console. Refer to Using Predefined Values for more details. |
|
|
|
Freeform field for cost center. |
|
|
0-10080 |
Time in minutes. Denotes the maximum time within which the resource is required to recover from a failure. |
|
|
0-1440 |
Time in minutes. Maximum data loss tolerance for a data store resource such as a database or a storage device. |
List of Compliance Regulations
Table 4-2 List of Compliance Regulations
| Regulation | Description |
|---|---|
|
PCI DSS |
Payment Card Industry Data Security Standard |
|
HIPAA |
Health Insurance Portability and Accountability Act |
|
ISO |
International Standards Organization |
|
SOC1 |
System and Organization Controls 1 |
|
SOC 2 |
System and Organization Controls 2 |
|
FedRamp |
Federal Risk and Authorization Management Program |
|
GLBA |
Gramm–Leach–Bliley Act |
|
CCPA |
California Consumer Privacy Act |
|
SOX |
Sarbanes Oxley |
|
NIST |
National Institute of Standards and Technology - Cyber Security |
|
FISMA |
Federal Information Security Management |
|
HITECH |
Health Information Technology for Economic and Clinical Health Act |
|
FERPA |
Family Educational Rights and Privacy Act ( Student privacy) |
|
FACTA |
Fair and Accurate Credit Transaction Act |
|
Texas HB300 |
Texas Medical Records Privacy Act |
|
CIS |
Center for Internet Security |
|
CJIS |
Criminal Justice Information Services Security Policy |
|
C-TPAT |
Customs-Trade Partnership Against Terrorism |
|
COPPA |
Children's Online Privacy Protection Act |
|
PIPED Act, or PIPEDA |
Personal Information Protection and Electronic Documents Act |
|
GDPR |
General Data Protection Regulation |
|
PIPL |
Personal Information Protection Law |
Oracle Application Name Tags
Table 4-3 Oracle Application Name Tags
| Tag Key | Tag Value Options | Description |
|---|---|---|
|
Hyperion |
|
Denotes the version of the Hyperion application. |
|
JD Edwards |
|
Denotes the version of the JD Edwards application. |
|
Oracle_E-Business_Suite |
|
Denotes the version of the Oracle E-Business Suite application. |
|
PeopleSoft |
|
Denotes the version of the PeopleSoft application. |
|
Siebel |
|
Denotes the version of the Siebel application. |
|
Other_Oracle_Application |
Free form tag in string format. |
Can be used to denote any application other than those listed above. You can enter the application name as a string value. |
Related Topics