In the vast realm of cloud computing, where businesses seek to optimize their operations and unlock new possibilities, Oracle Cloud Infrastructure (OCI) stands as a beacon of innovation and efficiency. Among its many powerful features, OCI’s multi-tenancy architecture empowers organizations to securely partition their cloud resources, creating isolated environments for different business units or subsidiaries. This functionality allows for granular control over access, data protection, and resource allocation, ensuring that each tenant operates independently while adhering to organizational policies.
Establishing a parent-tenant relationship is a fundamental step in leveraging OCI’s multi-tenancy capabilities. The parent tenant serves as a central hub, providing oversight and management of child tenants. By creating a parent tenant, organizations can establish a hierarchical structure for their cloud resources, enabling efficient resource management, centralized billing, and simplified access control. This article delves into the step-by-step process of creating a parent tenant in OCI, providing detailed instructions and best practices to ensure a seamless setup and optimal utilization of OCI’s multi-tenancy features.
To initiate the process, navigate to the OCI Console and select the Identity section. Within the Identity dashboard, click on “Tenancies” and then click on the “Create Tenancy” button. The Tenancy Creation Wizard will guide you through the necessary steps to configure and create your parent tenant. Specify the tenancy name, description, and contact email address. OCI allows for the creation of multiple compartments within a tenancy, providing further organizational flexibility. Compartments serve as logical containers for resources within a tenancy, enabling granular access control and resource management. After defining the tenancy details and compartments, review the settings and confirm the creation of your parent tenant.
Overview of OCI Tenancy Model
Oracle Cloud Infrastructure (OCI) tenancy is the fundamental container for managing your cloud resources. Each tenancy is isolated from other tenancies, providing a secure and dedicated environment for your organization’s cloud operations.
Tenancy Structure
An OCI tenancy consists of:
- Parent Tenancy: The root of the tenancy hierarchy, which can have child tenancies but cannot be a child tenant itself.
- Child Tenancy: A tenancy that is created within another tenancy, inheriting its policies and security settings.
- Root Account: The administrative account for the parent tenancy that has full control over all resources and users within the tenancy hierarchy.
- Users: Individual users who can be granted permissions to access and manage resources within a tenancy.
- Groups: Collections of users that can be assigned permissions collectively.
- Policies: Rules that define the permissions and restrictions for users and groups within the tenancy hierarchy.
Multi-Tenancy Benefits
OCI’s multi-tenancy model offers several benefits, including:
- Isolation and Security: Each tenancy is isolated from others, preventing unauthorized access to resources and data.
- Resource Management: Parent tenancies can centrally manage child tenancies, allocating resources and enforcing policies across the entire hierarchy.
- Billing and Cost Control: Child tenancies can be assigned separate billing accounts, allowing organizations to track and control costs more effectively.
- Compliance and Regulations: The tenancy hierarchy can be structured to meet specific compliance requirements, such as separating production and non-production environments.
Tenancy Hierarchy Structure
The following table illustrates the tenancy hierarchy structure in OCI:
| Tenancy Type | Can Have Child Tenancies? |
|---|---|
| Parent Tenancy | Yes |
| Child Tenancy | No |
Prerequisites for Parent Tenant Creation
To create a parent tenant in Oracle Cloud Infrastructure (OCI), ensure that the following requirements are met:
Required Permissions
The user who creates the parent tenant must have the following permissions:
Tenancy.Createpermission on the root tenant or the parent tenant under which the new parent tenant will be created.Tenant.Managepermission, which includes the following sub-permissions:Tenant.CreateTenant.Update
Required Resources
Ensure the following resources are available:
| Resource | Requirement |
|---|---|
|
Cloud account |
An active OCI account with a root tenancy. |
|
Identifier |
A unique identifier for the new parent tenant (up to 255 characters). |
|
Name |
A friendly name for the new parent tenant (up to 255 characters). |
|
Contact Email |
An email address to receive notifications about the parent tenant. |
|
Support Details |
Contact information for the primary support contact, including phone number and email address. |
Creating a Parent Tenant from the OCI Console
To create a parent tenant from the OCI Console, follow these steps:
1. Sign in to the OCI Console
Go to the OCI Console (console.cloud.oracle.com) and sign in with your tenancy administrator credentials.
2. Open the Tenancy Management page
Click the Navigation menu icon () in the upper-left corner and select “Identity”. Then, select “Tenancy Management” from the left navigation menu.
3. Create a Parent Tenant
Click the “Create Parent Tenant” button. Enter the following information in the “Create Parent Tenant” dialog box:
- Parent Tenant Name: Enter a unique name for the parent tenant.
- Contact Email: Enter the email address of the contact for the parent tenant.
- Contact Phone Number: Enter the phone number of the contact for the parent tenant.
- Disable All Access Policies: Select this option to disable all access policies for the parent tenant. This is recommended for security reasons.
- Tenant Tag (Optional): Enter a tag for the parent tenant. This can help you identify the parent tenant easily.
Click the “Create” button to create the parent tenant.
Specifying Tenant Name and Identifier
Tenant Name
The tenant name must be unique within the organization and cannot be changed once created. It is recommended to use a descriptive name that reflects the purpose or ownership of the tenant. For example, "Development Tenant" or "HR Tenant".
Tenant Identifier
The tenant identifier is a unique and immutable string that identifies the tenant within Oracle Cloud Infrastructure (OCI). It is automatically generated by OCI but can be customized using the following guidelines:
- Must start with an alphabetic character (a-z).
- Can contain only alphabetic characters (a-z), numeric characters (0-9), or hyphens (-).
- Must be between 3 and 63 characters long.
- Cannot end with a hyphen (-).
Example:
| Tenant Identifier | Valid | Invalid | Reason |
|---|---|---|---|
| dev-tenant | Yes | No | Starts with a non-alphabetic character |
| 12345 | No | Yes | Contains non-alphanumeric characters |
| marketing-tenant- | No | Yes | Ends with a hyphen |
| tenant-name | Yes | No | Length is within the allowed range |
Specifying Tenant Name and Identifier via Console:
- Navigate to the Identity section in the OCI console.
- Click on Tenants.
- Click on Create Tenant.
- Enter a unique Tenant Name and Tenant Identifier.
- Click Create.
Optional: Enabling Usage Tracking
To monitor and manage how your tenants consume cloud resources, you can enable usage tracking. This feature provides detailed insights into usage patterns, costs, and billing information.
Steps to Enable Usage Tracking:
- Navigate to the Usage Tracking page in the Oracle Cloud Infrastructure console.
- Click on the "Create Usage Plan" button.
- Select the desired plan type from the "Plan Type" dropdown.
- Choose the tenants you want to include in the usage plan.
- Specify the following options in the "Advanced Options" section:
- Data Retention Period: Set the number of days for which usage data will be stored.
- Data Collection Interval: Choose the frequency at which usage data will be collected.
- Cost Allocation Tag: Specify a common tag to apply to all costs associated with tenants in this usage plan.
- Click on the "Create Usage Plan" button to enable usage tracking.
Benefits of Enabling Usage Tracking:
– Provides detailed insights into resource usage and costs.- Helps identify usage trends and potential optimization opportunities.- Facilitates cost allocation and billing management across tenants.
Additional Notes:
– Usage tracking requires the use of a valid Oracle Cloud Infrastructure account.- The data collected through usage tracking is stored securely in Oracle’s cloud infrastructure.- You can modify or disable usage plans at any time to adjust monitoring and tracking settings.
| Option | Description |
|---|---|
| Data Retention Period | Specifies the number of days usage data will be retained. |
| Data Collection Interval | Determines how often usage data is collected. |
| Cost Allocation Tag | A common tag applied to costs incurred by tenants in the usage plan. |
Provisioning Parent Tenant Services
To provision parent tenant services, follow these steps:
1. Create a parent compartment
In the Oracle Cloud Infrastructure (OCI) Console, navigate to the Compartments page.
2. Click Create Compartment
Enter a name and description for the compartment.
3. Select the tenancy
Select the tenancy that you want to create the parent compartment in.
4. Click Create
The parent compartment is created.
5. Create a parent tenant
In the OCI Console, navigate to the Identity page.
6. Click Create Tenant
Enter the following information:
| Field | Description |
|---|---|
| Name | The name of the parent tenant. |
| Description | A description of the parent tenant. |
| Parent Compartment | The parent compartment for the parent tenant. |
| Administrator | The user who will be the administrator of the parent tenant. |
Click Create.
The parent tenant is created.
Establishing a Parent-Child Relationship
When you create a child tenancy, it establishes a parent-child relationship with the tenancy that you used to create it. This relationship is immutable and cannot be changed after the child tenancy is created.
Benefits of a Parent-Child Relationship
There are several benefits to establishing a parent-child relationship between tenancies:
- Administrative control: The parent tenancy can manage the child tenancy’s resources, including users, groups, policies, and compartments.
- Resource sharing: Child tenancies can access resources from the parent tenancy, such as virtual cloud networks (VCNs), route tables, and security lists.
- Cost consolidation: Costs for child tenancies can be consolidated into the parent tenancy’s bill.
Creating a Child Tenancy
To create a child tenancy, you must have the necessary permissions in the parent tenancy. The steps to create a child tenancy are as follows:
- Log in to the parent tenancy’s console.
- Click on the “Tenancy” tab.
- Click on the “Create Child Tenancy” button.
- Enter a name for the child tenancy.
- Select the parent tenancy for the child tenancy.
- Click on the “Create” button.
Managing Child Tenancies
After you create a child tenancy, you can manage it from the parent tenancy’s console. You can view the child tenancy’s resources, manage its users, and set its policies. You can also terminate a child tenancy if necessary.
Managing Parent Tenants
Parent tenants serve as the root of the tenancy hierarchy in Oracle Cloud Infrastructure (OCI). They allow you to manage and organize multiple child tenancies in a centralized manner.
Creating a Parent Tenant
To create a parent tenant:
- Sign in to the OCI Console as an administrator with the appropriate permissions.
- Click on the “Tenancy” icon in the left navigation panel.
- Click on the “Actions” menu and select “Create Parent Tenancy”.
- Enter a unique name for the parent tenancy and click “Create”.
Managing Child Tenancies
Once you have created a parent tenant, you can manage child tenancies within it:
- Create new child tenancies
- Delete existing child tenancies
- Modify the properties of child tenancies
Managing Policies
You can assign policies to parent tenants to control access to child tenancies and their resources:
- Create custom policies
- Assign policies to users, groups, or other entities
- Monitor policy usage and compliance
Managing Billing
Parent tenants can manage billing for all child tenancies:
- Configure billing settings
- Monitor resource usage
- Manage invoices and payments
Managing Usage and Quotas
Parent tenants can monitor usage and manage quotas for all child tenancies:
- Set usage limits and quotas
- Monitor resource utilization
- Enforce policies to prevent overutilization
Managing Tags
Parent tenants can manage tags for all child tenancies:
- Create and manage custom tags
- Assign tags to child tenancies and their resources
- Search and filter resources based on tags
Managing Audit Logs
Parent tenants can manage audit logs for all child tenancies:
- Configure audit logging settings
- Monitor audit logs
- Respond to security incidents
Managing Service Access
Parent tenants can manage service access for all child tenancies:
- Configure service access policies
- Grant or deny access to specific services
- Monitor service usage
Best Practices for Parent Tenant Management
1. Define a Clear Governance Model
Establish a structured framework that outlines roles, responsibilities, and processes for managing parent tenants. Clearly define who is responsible for creating, updating, and terminating tenants, as well as the procedures for onboarding and offboarding new tenants.
2. Establish Tenant Naming Conventions
Create a consistent naming convention for parent tenants to ensure easy identification and organization. Consider using a hierarchical structure to reflect the tenant’s relationship to the parent organization.
3. Use Identifiers for Tenants
Assign unique identifiers to each tenant to differentiate them within the parent organization. These identifiers can be used for tracking, billing, and other administrative purposes.
4. Enforce Resource Limits
Define resource limits for each tenant to prevent overconsumption and ensure公平分配。设置限制,包括 CPU、内存、存储等。
5. Monitor Tenant Usage
Regularly monitor tenant usage to identify any anomalies or potential issues. Track metrics such as resource consumption, service usage, and user activity to ensure compliance with policies and optimize performance.
6. Manage Tenant Permissions
Grant tenants only the permissions necessary to perform their assigned tasks. Define roles and permissions to control access to sensitive data and resources.
7. Secure Tenant Environments
Implement security measures to protect parent tenants and child tenants from unauthorized access. Use encryption, multi-factor authentication, and least privilege principles to secure data and resources.
8. Provide Tenant Support
Establish a support mechanism for tenants, providing them with technical assistance, documentation, and guidance. Ensure that tenants have access to the resources they need to resolve issues and maintain their environments.
9. Regularly Review and Audit
Periodically review and audit parent tenant management practices to ensure compliance with governance policies. Identify areas for improvement and make necessary adjustments to enhance the efficiency and effectiveness of tenant management.
10. Use Automation to Streamline Management
Consider using automation tools to simplify parent tenant management tasks. Automate processes such as tenant provisioning, resource allocation, and monitoring to reduce administrative burden and improve efficiency.
How to Create a Parent Tenant in Oracle Cloud Infrastructure (OCI)
A parent tenant is the top-level tenant in an OCI organization. It can create child tenants, manage resources across the organization, and set policies that apply to all child tenants.
To create a parent tenant, follow these steps:
- Log in to the OCI console as an administrator with the proper permissions.
- Go to the **Identity** section and click **Tenancies**.
- Click **Create Tenancy**.
- Enter a name and description for the parent tenant.
- Select the compartment where you want to create the parent tenant.
- Click **Create**.
Once the parent tenant is created, you can start adding child tenants and managing resources across your organization.
People Also Ask About OCI How to Create Parent Tenant
How do I create a child tenant in OCI?
To create a child tenant, you must first have a parent tenant. Once you have a parent tenant, you can follow these steps:
- Log in to the OCI console as an administrator with the proper permissions.
- Go to the **Identity** section and click **Tenancies**.
- Click the name of the parent tenant.
- Click the **Child Tenancies** tab.
- Click **Create Child Tenancy**.
How do I manage resources across my organization in OCI?
You can manage resources across your organization by using the OCI console or the OCI API. The OCI console provides a centralized view of all resources in your organization, and you can use it to perform tasks such as creating, modifying, and deleting resources.
How do I set policies that apply to all child tenants in OCI?
You can set policies that apply to all child tenants in your organization by using the OCI console or the OCI API. The OCI console provides a centralized view of all policies in your organization, and you can use it to create, modify, and delete policies.
