Traditional cloud infrastructure is typically made up of virtual machines (VMs) running on top of a hypervisor. The hypervisor isolates the VMs (which share the same CPUs) then captures I/O from each VM to ensure they are abstracted from the hardware. The VM is therefore secure and portable as it sees only a software-defined NIC (network interface card). The hypervisor can inspect all packets between the VMs and enables features like IP whitelists and access control lists.Inspection of packets to and from a VM can eat into the host’s CPU cycles, however, as the hypervisor performs packet switching, encapsulation and enforces stateful firewall rules. There is also the risk of noisy neighbors (a VM monopolizing bandwidth, disk I/O and CPU at expense of its neighbors) and inconsistent performance.
Enter Oracle’s next generation Cloud Infrastructure which places network and I/O virtualization into the network. ‘Off box’ virtualization means virtualization is no longer committed into the hypervisor, it’s now engineered into the network outside the physical box. The control plane, which runs the network, cannot be reached from the public internet. You have the option of creating an explicit virtual connection which can be monitored, audited and switched off. New services such as Security Monitoring and Analytics enable machine learning-based anomaly detection.Moving virtualization into the network enables bare-metal capability resulting in dramatic performance and security gains as the performance overhead associated with traditional virtualization (in the hypervisor) is eliminated. There is also more choice and flexibility with the ability to plug anything (within reason) into the virtual network. Each option consumes a port on a flat virtual network. It can be a bare metal host, NVMe (Non-Volatile) storage, a VM, a container, even an engineered system… all running on a virtual private overlay with everything within 2 hops reach.
Bare Metal Compute is more secure than traditional virtualization as there is no software running on your host – the choice is yours to bring your own (BYO) hypervisor, OS and install any applications you want to run on your machine. Nobody (including Oracle) has access to your memory space as bare-metal offers a level of physical isolation not available using traditional virtualization. You have no adjacent co-tenants, you can simply encrypt all data on-premise, move it to your memory space and decrypt.Bare Metal Compute running on a flat, private overlay network boosts performance in terms of IOPS and bandwidth as everything (compute, object and block storage) runs inside the same low-latency, high-performance network fabric.This is just one way Oracle can address your security concerns. We haven’t even mentioned the advanced security features of Oracle’s database or SPARC on compute with its ‘software in silicon’ feature set.Oracle Bare Metal Cloud has been rebranded to Oracle Cloud Infrastructure and is available from Phoenix and Ashburn regions in North Amercia, as well as Frankfurt Germany from early October 2017.
