As you grow your Oracle Cloud Infrastructure (OCI) environment, a single tenancy might not offer the isolation needed to scale your cloud infrastructure. Your development teams and customers demand separate tenancies build their environment without the possibility of impacting other workloads. How do you want to expand your OCI footprint with a multitenancy architecture, while centrally controlling cost and governance?

To help address this use case, OCI Organizations provides the tools necessary to manage your tenancies centrally. You can link and add tenancies to your organization, while sharing subscription credits and centrally managing cost and governance.

In this blog series, you learn how to set up and use Organizations to grow, manage, and govern your OCI footprint. Whether you’re just starting your cloud journey or a seasoned veteran seeking to better yourself with some useful tips and tricks, this series has info for everyone.

We cover the following subjects in the series:

  • Basic setup and cost control with Organizations

  • Cloud governance best practices

  • Cross charging and cost optimization best practices

OCI Organizations service helps customers scale their OCI footprint by adding tenancies and managing subscriptions. A tenancy is a fully isolated partition in OCI with its own identity domain. Isolation is important because it limits the blast radius from bad actors.

Terminology

  • Parent: The management tenancy that can view costs and govern tenancies within the whole organization

  • Child: A member tenancy of the organization that can either be created or invited into the organization

  • Subscription: The contract signed with Oracle that specifies the rate card for each resource used in OCI and credits allocated

The parent tenancy is used for management purposes, so ensure that your developer, finance, and IT operations can manage it. Because it’s for management purposes, we recommend that you don’t host any applications or services within this tenancy.

To set up your organization, think about how you want to structure your cloud architecture. The parent is typically used for management purposes, so it centrally manages cost reporting and where you would host your workloads. If you have a fresh parent tenancy, you can extend your organization by creating tenancies or by inviting existing tenancies as child tenancies. If you already use existing tenancies and you want to create a parent tenancy dedicated to management, contact an Oracle customer representative to guide you through this first setup process.

Adding tenancies

Whether you want to create an isolated partition for a new application or to test security policies, Organizations enables you to quickly provision a tenancy without booking a new order. To add a tenancy in the Oracle Cloud Console, go OCI Organizations and under Tenancies, select Add Tenancy. Fill out the form, and a tenancy is provisioned for you in a matter of minutes.

If you select to choose a tenancy, the recipient tenancy receives an invitation where they can accept or decline on the Console. If they accept, the parent tenancy has visibility into the child’s Universal Credit Model (UCM) subscription and the ability to map the subscription to other tenancies within the organization.

A screenshot of the Create new tenancy page.

Subscription mapping

For customers who invite tenancies into the organization, the tenancies and their respective subscriptions are now both visible to the parent tenancy. UCM subscriptions that enter with tenancies can use Pay As You Go (PAYG), Commitment, or Funded Allocation models. The parent tenancy can not only view the subscription information, but also map a subscription to other tenancies. Mapping a subscription means allowing a tenancy to utilize the rate card and credits within the UCM subscription.

For example, a regional office in France built a tenancy on a PAYG subscription model. When the headquarter of that office signed a contract with UCM subscription with OCI, they received a discounted rate on OCI usage. Using Organizations, you can link the French environment to the headquarters’ parent tenancy, so that both tenancies can benefit from using the discount and credits of the UCM subscription.

Managing costs within Organizations

Usually in large enterprise organizations, you have a centralized cloud cost management or financial ops team to oversee the costs of your tenancies. They need the ability to report, monitor, and alert on costs across your organization.

As a parent tenancy, you can centrally manage costs across the org for all your tenancies using the suite of cost management products, such as Cost Analysis, Cost Reports, and Budgets. Within Cost Analysis, you can visualize cost and usage metrics across the organization using granular dimensions, such as tenancy name, tenancy ID, and subscriptions. Cost Reports offers a comprehensive cost and usage data set at the hourly granularity for power users. Budgets also gives customers the ability to set alerts on costs by tenancies and subscriptions.

In Cost Analysis, when you have added a child tenancy, you can use new dimensions such as tenant ID, tenant name, and subscription ID for granular reporting. Costs are viewable by the parent after the child has joined or been added to the organization.

A screenshot of the Cost Analysis page

When you create a tailored report using the filtering and grouping capabilities, save the report for the future by using the save report functionality.

If you want to dive deeper into hourly granularity data, you can use the native Cost Reports. Customers also ingest these reports into an external source for analysis.

A screenshot of example cost reports.

Both the parent and child tenancies now support Budgets. So, as a parent tenancy, you can set a budget alert for a particular child tenancy or for a subscription, enabling you to monitor a single child tenancy or across tenancies consuming from a subscription. A budget alert triggers when the actual or forecasted amount is expected to exceed the budgeted amount, giving your parent tenancy the ability control costs across their organization. Similarly, each child tenancy can set a budget on their own tenancy or compartments within their tenancy to monitor their own costs.

A screenshot of the Create Budget window with fields filled in.

Deleting a child tenancy

If you don’t need a child tenancy and want to delete it and its resources, you can do so in the Console if you’re the child tenancy administrator. Go to the child tenancy’s detail page where you see an option to delete. Continue the process to delete the tenancy and its resources. When the work request starts, you have 30 days to retrieve any data within the child tenancy. Afterward, it isn’t accessible.

Conclusion

Stay tuned for updates on the product. To learn more about Organizations, refer to the documentation.

Blog Post: Govern your OCI organization with governance rules: Part 2 of 3

Blog Post: Structure your OCI organization into groups for cost optimization and reporting: Part 3 of 3