Skip to main content

Cloud

Onboard an OCI tenant

This topic explains how to onboard an OCI tenant. Before onboarding, see Prerequisites for onboarding OCI.

Background for onboarding an OCI tenant

An OCI tenant is a service Oracle provides that allows you to consolidate multiple compartments and manage them centrally. The hierarchy of OCI is as follows:

  • Tenant - The parent container for all accounts. It consists of compartments

  • Compartment- The standard OCI account that contains the OCI resources

When the OCI tenant is onboarded into Illumio Segmentation for the Cloud, all the compartments (accounts) are onboarded, up to six parent-child levels deep. Illumio Segmentation for the Cloud supports onboarding tenants. It does not support onboarding individual compartments.

Onboarding of an OCI tenant is a two-step process.

  1. Run a Terraform script on a root account.

  2. Use the information to populate Illumio Segmentation for the Cloud onboarding dialog fields.

Onboard OCI Tenants in Cloud

The following instructions describe how to begin the tenant onboarding sequence in Illumio Segmentation for the Cloud.

Connect to OCI

The following instructions describe how to begin the tenant onboarding sequence in Illumio Segmentation for the Cloud .

  1. Launch the onboarding wizard in either of the following ways:

    • Click + OCI in the Onboarding page to onboard your first tenant when you sign in for the first time

    • From the left navigation, choose Onboarding and click + Add OCI at the top of the page

  2. Provide the following information about your OCI tenant:

    • Name for the tenant

    • This name is what appears in Illumio Segmentation for the Cloud. The name should be descriptive so that you can easily identify it.

    • The Root Tenancy/Compartment OCID of the root account you are onboarding. It might look something like ocid1.tenancy.oc1..xxxxxxxyz1a2b3c....

    • The home region

      This is the geographic area that applies to your tenant. Select one from the list.

  3. Note

    The page contains a toggle to specify the type of access Illumio Segmentation for the Cloud has to your OCI tenant. To view the permissions you are granting Illumio Segmentation for the Cloud to your OCI tenant, click Download Permissions.

    The write feature is in BETA.

    By participating in the BETA program for OCI features you agree that your company’s use of the BETA version of OCI features will be governed by Illumio’s Beta Terms and Conditions.

  4. Click Next.

    The wizard advances to step two: Set up Access.

  5. Click Download Terraform File to get the .zip file containing the necessary terraform scripts.

    Before you proceed in the onboarding wizard, you first need to open the OCI console and perform some steps.

Running the Terraform Scripts in the OCI Console

  1. Open the OCI Console at https://cloud.oracle.com. From the menu, navigate to Developer Services > Resource Manager > Stacks and click Create Stack.

  2. Select My configuration, and in the stack, configuration click the .Zip file radio button, and upload the cs_connector.zip file.

    This will auto populate the Name for the stack.

  3. Provide a description if needed, and make sure that the root compartment is selected under the Create in Compartment option. Leave the rest of the defaults if desired, and click Next.

  4. In the Configuration variables page, all the values will be auto populated. If needed, the username can be changed. Click Next.'

  5. Verify all the values in the review page and, in the Run apply on the created stack option, make sure to select the Run Apply check box and click Create. The stack will run and create the required resources in the OCI console.

  6. Once the stack completes running, select the output page and copy the values from the following fields:

  • User OCID. It might look something like ocid1.user.oc1..xxxxxxxyz1a2b3c....

  • Group Name. It might look something like <username>-group.

  • API Fingerprint. It might look something like 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:....

Now you will return to the Illumio Segmentation for the Cloud onboarding wizard.

Set up Access

  1. Click the Terraform script was successfully run check box.

  2. Paste the outputs from your OCI console into the following fields and click Next:

  • User OCID. It might look something like ocid1.user.oc1..xxxxxxxyz1a2b3c....

  • Group Name. It might look something like <username>-group.

  • API Fingerprint. It might look something like 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:....

The final step of the onboarding wizard (Confirm and Save) appears.

Confirm and Save

  1. Review the account information and if everything looks correct, click Save and Confirm. If you see issues you need to correct, click Back and return to that wizard step.

  2. To edit the account information, such as the name and read/write access, click the account in the Onboarding page and click Edit.

Next steps after onboarding your OCI tenant

For the next steps after onboarding your OCI tenant including enabling access to flow logs and viewing traffic, see Onboarding OCI and After onboarding your accounts.

Remove the OCI tenant integration

You can delete the integration for a given organization by selecting the it in the Onboarding page and clicking Remove > Remove.

Once the OCI onboarding is removed from Illumio Segmentation for the Cloud, open the OCI console, navigate to the stack details, and click the Destroy button. Once the access is destroyed, select More actions > Delete stack. This will completely remove the resources created during the onboarding and granting flow access processes.