With all the news about Europe needing to become more sovereign Oracle made the EU sovereign cloud regions available. With these cloud regions Oracle promises us the possibility to keep unwanted (government) interference out of the loop. In this article we’ll report our findings on using the OCI EU sovereign cloud.
What is it?
So, first of all, what is the Oracle OCI EU sovereign cloud? It is a separate organizations manned completely by European employees, no regular Oracle (Netherlands or USA) employees have access to any part in the EU sovereign cloud. The company running the EU sovereign cloud is a separate entity from the rest of the Oracle Organization. With this sovereign cloud solution Oracle implements practical requirements that European (government) agencies require in terms of GFPR, Governance and Sovereignty.
Currently there are two EU sovereign cloud regions, Frankfurt and Madrid. As these two regions are separate from the rest of OCI, there is no out of the box connectivity between “normal” cloud and EU sovereign cloud. If this is a requirement, you will have to arrange yourself via FastConnect or VPN configurations. Connectivity between the EU sovereign cloud regions is available as usual.
As far as the customer is concerned, the EU sovereign cloud is a OCI region just like any other. Management-wise it’s almost the same, with some minor exceptions. You can use the same tools as within the normal OCI environments. (terraform, OCI console, OCI CLI). Important to remember is that the Identity Management is not shared with the pubic OCI regions. Which makes sense of course.
One side note: please contact your local legal counsel to make sure the Oracle EU sovereign cloud is the solution to the problem you want to solve. We think this EU sovereign cloud has a use case (for example in healthcare, financial institutions, government) , but make sure it meets your requirements and expectations.
Getting started
To get access to OCI EU sovereign cloud, contact your local Oracle representative, or contact us. Getting a tenacy is the first step, Oracle Sales will prepare it by requesting it from the Oracle EU organization. The first thing you’ll notice is a different URL to access the cloud console: https://cloud.oracle.eu/. After access is granted the next steps are the same as with the “normal” OCI environments. Looking at the regions you can see there are two of them: eu-frankfurt-2 and eu-madrid-2. This means you can do disaster recovery to a different region while still remaining inside EU sovereign cloud.
Additionally, looking closer at the OCID’s you can see that also the realm identifier is different (oc19 instead of oc1, see also https://docs.oracle.com/en-us/iaas/Content/General/Concepts/identifiers.htm)
Is everything there? As far as we could see, the fast majority of the services are available, however not all compute shapes (both instance and database VM’s) are available, only the more recent Intel and AMD shapes are there. ARM Ampere CPU’s are currently not available and the same applies to the free tier offer.
Oracle claims there may be a small delay (weeks?) in updates for the sovereign cloud, however we found the Oracle 26ai database was almost immediately available on de EU sovereign cloud.
Rolling out our infrastructure with Terraform works just like we used to. Getting support (we were at first not able to select any database version for an Oracle Base database service) was also working as expected. We noted that the notifications were being sent from eu-madrid-2, so the support organization is really also on this very same sovereign cloud.
Conclusion
A first look on this sovereign cloud gives us the impression that this is a good solution for customers who want a bit more sovereignty than provided by the standard cloud(s). Being able to run your Oracle environment in this cloud at the same price as the standard Oracle Cloud will mean there is no financial burden to not do it.
