Strengthen Your Cloud Security: OCI Console Sign-On Policy Updates Explained

Review Changes to the Security Policy for OCI Console Sign-On Policy

Oracle Cloud Infrastructure (OCI) has recently announced updates to the Security Policy for Console Sign-On, which are now being rolled out with a pop-up notification 

in the OCI Console. This blog post will walk you through the changes, their implications, and the steps you can take to decide whether to keep these changes or restore them to their default settings.

Understanding the Update

The new security policy update focuses on enhancing the security of user authentication in OCI. This policy includes changes to password complexity, 

session timeouts, and multi-factor authentication (MFA) enforcement, among other aspects. When you log into the OCI Console, a pop-up notification will inform you about the changes and provide you with two options:

Keep Changes: By selecting this option, the updated security policy will remain in effect for your tenancy.

Restore to Defaults: This option reverts the security settings to their previous default state.

The notification ensures that administrators are aware of the changes and can make an informed decision based on their organizational requirements.

Key Changes in the Security Policy

Some of the notable updates include:

Stronger Password Policies: Passwords must meet stricter complexity requirements, including length and the use of special characters.

Session Management Enhancements: Sessions will automatically expire after a specified period of inactivity to minimize risks associated with unattended sessions.

Mandatory Multi-Factor Authentication (MFA): Enabling MFA is now emphasized as a best practice for secure access.

MFA for Administrators: MFA is enforced for all administrators to ensure that only authorized users can perform administrative tasks.

MFA for All Users: MFA is also being enforced for all users accessing the OCI Console. This ensures that all users must provide a second form of authentication, such as an OTP or device-based authentication, to enhance overall security.

Improved Audit and Monitoring Capabilities: Enhanced visibility into sign-on events and security logs.

Additionally, OCI has issued reminders and announcement in OCI console to ensure users are informed and can take timely action. Administrators are encouraged to actively review these changes to maintain secure and compliant cloud operations.

Deciding Between "Keep Changes" and "Restore to Defaults"

When to Select Keep Changes - You should select "Keep Changes" if:

Organization managing sensitive customer data may benefit from stricter password policies and mandatory MFA to prevent unauthorized access. Also If your organization is adhering to industry standards like GDPR, HIPAA, or PCI DSS, adopting the new policies ensures alignment with security best practices.

If any organization has another IDP like Azure AD and user is authenticated in OCI console through Azure then keep changes makes sense that they have different kind of security measures already set so they need to keep those changes.

When to Select Restore to Defaults - You should select "Restore to Defaults" if:

Your Existing Policies Differ: For example, if your organization uses custom password policies that meet specific business needs and stricter requirements may hinder operations. Organizations with a large user base might prefer less stringent policies to maintain ease of access for users.

Any organization who has not modified the sign-On policy, can select restore by Defaults.

Steps to Review and Decide

  • To manage the security policy changes, follow these steps:
  • Log In: Access the OCI Console using your credentials.
  • Review the Pop-Up: Read the notification carefully to understand the proposed changes.
  • Assess the Impact: Consider how these changes align with your organization’s security policies and compliance requirements.

Access Sign-On Policies:

  • Navigate to Identity & Security > Domains.
  • Select the Default Domain (or your specific domain).
  • Go to the Security tab and review the Sign-On Policies.









References:- 

Managing Sign-on Policy

Modify Security Policy For OCI Console Sign-On Policy

No comments:
Tags ,

Oracle E-Business Suite (EBS) Cloud Manager on OCI

Oracle E-Business Suite (EBS) Cloud Manager is a comprehensive tool designed to simplify the management of EBS environments on Oracle Cloud Infrastructure (OCI). It is a web-based application that allows you to provisioning new environments, performing lifecycle management activities on those environments, and restoring environments from backups.

It provides capabilities for provisioning, cloning, patching, and maintaining Oracle EBS applications efficiently. It can be used to manage environments across compartments and in different cloud regions.


How to Install EBS Cloud Manager

Prerequisites :- 

To start with EBS Cloud Manager which is available in OCI Marketplace, we need very few basic setup like below :- 

  • OCI tenancy
  • Compartment in which the EBS Cloud manager will be created
  • Users with correct policies assigned to install EBSCM.
  • VCN and subnet setup to install EBSCM
  • To provision resources through EBSCM, advance setup is required based on the provisioning and configuration needs
you can create separate users and groups for separation of duties in EBS CLoud manager operations like network users, Database users likewise or a single user or group can also be helpful.

Steps to Install

  • Access the Oracle Cloud Marketplace in OCI through OCI Console. Navigate to the Oracle Cloud Marketplace. Search for EBS Cloud Manager.


  • Click "Launch" to initiate the deployment process. This will deploy the EBS Cloud Manager VM.
  • Select OCI region, compartment and also shape and size of the compute instance for the cloud manager.
  • Once the instance is deployed, connect to the EBSCM VM via SSH.
  • Run the initial configuration script provided in the deployment documentation.
  • Set up the administrator credentials and network configurations.
  • Register the EBSCM application as confidential application  and activate the application.
  • Open the Necessary ports to access EBS Cloud Manager Console.
  • Verify the Installation:
  • Access the Cloud Manager UI by navigating to the provided public IP address or DNS.
  • Log in and verify that all features are accessible.


Key Features of EBS Cloud Manager

  • Provisioning: One-click deployment of EBS environments on OCI.
  • Cloning: Simplified cloning for testing or development purposes.
  • Patching: Streamlined patch application across environments.
  • Monitoring: Real-time performance metrics and diagnostics.
  • Backup and Recovery: Automated solutions for disaster recovery.
  • Benefits of Using EBS Cloud Manager
  • Enhanced operational efficiency.
  • Reduced downtime with automated backups.
  • Improved performance monitoring for proactive management.
  • Seamless integration with OCI services.


Provisioning

You can provision Fresh install environment using the EBS Cloud manager. Before provisioning new EBS environment, you need to create "Network Profile". The network profile means telling EBS Cloud Manager where to create necessary resources required for E-business suite like EBS Load Balancer, Application Servers and the Database.

There are 2 types to create new environment:- 

1. One Click:- In this option, single node EBS environment will be created within few clicks in which the application tier and database tier reside on a single VM

2. Advanced :- In advanced option, you can created new environment as Fresh with multiple settings and also based on the existing backup taken in EBS Cloud Manager of different environment. The new environments can also be created using the backups taken in private buckets by EBS Cloud manager.

The advance option has below options to cater different requirement like :- 

  • Custom network topology
  • Placing application and Database in different compartments.
  • Running Database on different available database options in OCI
  • Internal and external Zones (DMZ)
  • Application configuration with shared or non-shared file system, also FSS is supported.


Major Versions History and Updates

1. Version 20.2.1 (2020)
Multi-zone support for improved flexibility.
Automated creation of standby databases for disaster recovery.

2. Version 22.2.1 (2022)
Enhanced migration tools for seamless on-premises to OCI transitions.
Refined user interface for better navigation.

3. Version 23.3.1 (2023)
Automated backup capabilities for compliance and security.
Real-time performance monitoring for proactive system health checks.

4. Version 24.1.1 (2024)
Support for US Government Cloud (OC2).
Enhanced security with updated technology stack components.

5. Latest Version: 24.2.1 (2024)
Major new features to enhance EBS management on OCI.
Advanced diagnostics and troubleshooting tools.
reduced downtime for List and Shift capability for Database cloud services


Conclusion

Oracle EBS Cloud Manager has evolved into a robust tool for managing Oracle E-Business Suite environments on OCI. With each version update, it delivers new features to address user needs, ensuring smooth operations and scalability in the cloud.


References => 


Oracle E-business Suite Cloud Manager Guide 

Manage EBS Cloud Manager Virtual Machine

Getting Started with Oracle E-Business Suite on Oracle Cloud Infrastructure (MOS Note 2517025.1)




No comments:
Tags ,
Subscribe to: Comments (Atom)