Oracle Compute Cloud@Customer Isolated – Sovereign Public Sector Hosting for Oracle Partners

Jul 7, 2025 | OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer, Sovereign Cloud

Across Europe, public sector organisations are under increasing pressure to modernise their IT environments while maintaining full control over data, infrastructure, and operations. This is where Oracle partners can step in. With Oracle Compute Cloud@Customer Isolated (C3I), they now have the opportunity to offer sovereign cloud hosting services tailored to the needs of governments and regulated industries.

Oracle’s approach to digital sovereignty is not abstract. It is based on clearly defined principles that are embedded in the platform itself. With C3I, data – whether user data, metadata, or telemetry -remains entirely within the customer’s environment. Nothing is transmitted back to Oracle. The complete OCI control plane runs locally, fully disconnected from Oracle’s global infrastructure. This ensures that compliance requirements can be met without compromise.

Transparency and control are fundamental. There is no ongoing operator access to the system because C3I is an air-gapped, disconnected solution. Once installed, Oracle has no remote access to the environment. The installation and activation – including any expansion, such as GPU or storage racks – is handled on-site by Oracle’s field team. Ongoing operations, monitoring, and support are managed entirely by the hosting service provider (HSP), not by Oracle. Customers define their access policies, manage their own encryption keys, and control every layer of the platform.

Unlike traditional hosted solutions, C3I delivers the full Oracle Cloud Infrastructure (OCI) IaaS portfolio, along with key platform services such as Oracle Kubernetes Engine (OKE), all deployed within the HSP’s own data centre. This empowers Oracle Partners to offer modern, cloud-native infrastructure and container services to public-sector tenants, while keeping everything firmly under local control and governance.

What Makes C3I a Game‑Changer?

Besides OCI Dedicated Region, Alloy, and Oracle Isolated Cloud Region, C3I is Oracle’s most secure and sovereign cloud deployment model. One of the main drivers for adopting Oracle Compute Cloud@Customer Isolated is the need to run classified workloads in fully isolated environments. In this context, governments with strict regulations, ministries of defense, and intelligence services represent the key targeted customers.

What sets C3I apart is that its architecture is the entire control plane, the brain of OCI, is deployed inside the partner’s (or customer’s) premises. Again, there is no connection to Oracle’s public cloud regions, no shared management layer, and no external operator access. Once the system is installed, Oracle no longer has access. There is no remote telemetry, no persistent administrator credentials, and no automated updates. Every action, including patching, must be initiated and approved by the partner’s operators.

Despite its strict isolation, C3I delivers the same developer experience as the public cloud. Users can work with the same APIs, tools, and automation workflows. All core OCI services are available, from compute and storage to networking and IAM. This makes it possible to run modern applications, automate deployments, and enforce security policies. Just like in the public cloud, but with full control.

For Oracle partners, this opens new doors.

Hosting Multiple Tenants with IAM and Compartment Isolation

To serve multiple tenants on shared C3I infrastructure, Oracle relies on the strength of its Identity and Access Management (IAM) framework. Each tenant is hosted in a dedicated compartment, which acts as a logical and administrative boundary. Resources are isolated, policies are scoped, and access is strictly defined. IAM ensures that each tenant sees only what they are supposed to see and nothing more.

With compartments, policies, and groups, providers can implement fine-grained access control while still maintaining a clear operational model.

Oracle Compute Cloud@Customer Hosting Service Provider Model

On the networking side, Virtual Cloud Networks (VCNs) are provisioned per tenant. If connectivity is required between VCNs – let’s say, for shared services or for intercommunication – Dynamic Routing Gateways (DRGs) are used to establish secure and controlled interconnections. This approach allows for scalable, tenant-aware architectures without compromising performance or sovereignty.

C3I is Ready for AI – GPU Expansion Racks

C3I is not just built for traditional workloads. It is also designed to support next-generation applications, including those that require hardware acceleration. Currently, through dedicated GPU expansion racks, Oracle partners can add up to 48 NVIDIA L40S GPUs to a single C3I deployment. These GPUs are integrated into the system’s high-speed network and storage architecture, making them available to tenants just like any other OCI resource.

This capability allows Hosting Service Providers to offer GPU-as-a-Service directly to public-sector clients – ideal for AI, ML, and data analytics workloads that must remain within national borders. All resources are managed through the same local OCI control plane, keeping everything under the same compliance and operational framework.

The sensitive nature of government data demands absolute sovereignty. With Oracle C3I, sovereign AI becomes a reality.

Red Hat OpenShift Support

For Oracle Partners hosting public sector tenants on C3I, delivering enterprise-grade container platforms is critical. That’s why C3I fully supports Red Hat OpenShift, enabling end-customers to run their containerized workloads with confidence and flexibility.

OpenShift brings a comprehensive Kubernetes-based platform with advanced features like developer tools, integrated CI/CD pipelines, and robust security controls. By running OpenShift on C3I, customers benefit from a sovereign, isolated environment that meets strict regulatory demands, while leveraging the rich ecosystem and productivity of Red Hat’s market-leading container platform.

A Sovereign Platform That Grows With You

C3I starts with a strong baseline: 552 cores, 6.7 TB of RAM, and 150 TB of storage. But it doesn’t stop there. The platform can scale to 6’072 cores, 73.7 TB of memory, 3.65 Petabytes of high-capacity storage, and 1.2 Petabytes of high-performance storage.

Unlocking a New Business Model for Oracle Partners

For Oracle Partners, C3I creates a new type of service opportunity. Instead of simply reselling cloud subscriptions, they can operate a sovereign cloud environment, offering secure, isolated, and scalable hosting to public sector clients. It is a cloud environment you can trust, built for those who need to guarantee data residency and operational autonomy.

With C3I, Oracle provides the tools. Now it is time for partners to build the services.

Oracle Compute Cloud@Customer – The Sovereign Cloud Platform Europe Has Been Waiting For

Jul 2, 2025 | Kubernetes, OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer, Sovereign Cloud

Europe has always taken data privacy, neutrality, and independence seriously. Whether you are operating in government, healthcare, banking, or energy, the message is clear: sensitive workloads need to stay within national borders. However, sovereignty shouldn’t come at the expense of innovation, agility, or cost efficiency. This is exactly where Oracle Compute Cloud@Customer (C3) steps in.

With C3, you are not forced to choose between the benefits of public cloud and the control of on-prem infrastructure. You get both. Oracle brings a consistent, fully managed OCI experience directly into your data center or trusted hosting environment.

This is cloud designed for data residency and regulatory alignment, without compromise. Customers retain full operational control thanks to Oracle’s secure Operator Control and disconnected operating model, giving you full autonomy over who can access what and when. If you don’t want Oracle to touch it, they won’t.

But this isn’t just about compliance, it’s about enabling innovation. With C3, organizations can develop once and run anywhere. You can build modern applications on OCI using containers, Kubernetes, or virtual machines (VMs), and then deploy them on-prem with C3, in a public OCI region, or any hybrid setup. This gives developers and architects freedom, without forcing the business into compliance headaches.

Even more compelling: C3 is priced the same as the public OCI regions. No “on-prem premium.” Unlike other hyperscalers that charge more for bringing cloud services into your data center, Oracle keeps the economics consistent. That means you can deploy at scale wherever you need it, without blowing your IT budget. And because OCI is up to 60% cheaper than competitors – especially for IaaS-heavy workloads and managed Kubernetes – C3 becomes not just a compliance play, but a strategic cost advantage.

For organizations already running Exadata Cloud@Customer (ExaCC), the transition to C3 is seamless. You extend the same OCI architecture from your Oracle Database infrastructure to your full application landscape – compute, storage, network, containers, and more – all under one public OCI control plane. One architecture, one operational model, full sovereignty.

And for those looking to modernize full application stacks from databases to middleware to frontend services, C3 provides the flexibility to run both Oracle and open-source technologies.

Note: Those requiring the full breadth of OCI services in a sovereign, connected environment, Oracle also offers OCI Dedicated Region.

Oracle Compute Cloud@Customer Isolated – The Next Level of Sovereignty

Oracle has taken the concept of sovereign cloud one step further. With Oracle Compute Cloud@Customer Isolated (C3I), organizations can now run cloud-native workloads in a fully air-gapped environment, without any operational dependency on Oracle. No outbound connections. No Oracle-managed control plane. No shared infrastructure. Just full autonomy and local control. C3I Oracle owned and customer/partner managed.

it’s a real, production-ready deployment model for mission-critical and highly regulated environments. Designed specifically for governments, defense, intelligence, and critical infrastructure operators like Telcos, Compute Cloud@Customer Isolated addresses scenarios where even a standard sovereign cloud isn’t enough.

The platform runs the same core OCI services (compute, storage, networking, Kubernetes) but is completely disconnected from Oracle’s global cloud infrastructure. Everything is deployed on-premises in your trusted facility, and operated entirely by your own team or a national partner under your control. Oracle is not in the loop. No telemetry is sent back. No patching happens unless you initiate it.

For Europe, this matters. Regulations are tightening. Risk tolerance is dropping. And cloud decisions now sit under the spotlight of data strategy, digital self-determination, and public trust. With C3I, organizations don’t need to compromise. You can modernize legacy infrastructure, run secure workloads, and meet the strictest data protection laws without handing over operational control to a foreign hyperscaler.

Oracle Compute Cloud@Customer Isolated

So if you’re building for maximum sovereignty, whether for a national security project, a classified analytics platform, or a regulated healthcare system, C3I gives you the control you need, without the complexity of building it all from scratch.

Note: those requiring the full breadth of OCI services in a sovereign, air-gapped environment, Oracle also offers an Isolated Region. It delivers the complete OCI stack, including advanced PaaS and data services, fully disconnected and deployed inside your own data center. It’s the natural next step when C3I isn’t enough.

Cloud-Native at Home – Modernizing Legacy Workloads on C3

Whether you are building microservices, deploying containers with Kubernetes, or refactoring legacy applications, C3 gives you the flexibility and tools to modernize at your own pace without sending data to the public cloud.

For many organizations, this is especially relevant when looking at existing on-premises environments. C3 opens a new path for modernizing applications without a full lift-and-shift. You can gradually move critical services from traditional virtual machines into containers, adopt infrastructure-as-code practices, and standardize on CI/CD pipelines. All within a compliant, in-country environment that mirrors public OCI.

Using OCI services like OKE (Oracle Kubernetes Engine) on C3, teams can deploy cloud-native apps alongside traditional workloads. It is entirely possible to run a legacy database VM next to containerized microservices, with consistent networking, storage, and security policies across both. This hybrid model is ideal for customers who want to modernize existing applications incrementally, without taking unnecessary risks.

For VMware and Nutanix customers, C3 provides a future-ready landing zone. You can continue to run VM-based workloads on OCI-compatible compute shapes and use that as the foundation to containerize where it makes sense. This avoids expensive rewrites or disruptive replatforming. Instead, C3 supports a phased modernization strategy.

Note: OKE on C3 is free. Standard OCI pricing for VM nodes applies.

Oracle Compute Cloud@Customer Supports Red Hat OpenShift

Oracle Compute Cloud@Customer (C3) keeps expanding its capabilities for customers, and a key recent addition is support for Red Hat OpenShift.

Artificial Intelligence on Compute Cloud@Customer

With Oracle’s announcement in February 2025, customers can add Nvidia GPUs to C3 deployments with the following key features:

Independent scaling of GPUs, compute, and storage: up to 48 L40S NVIDIA GPUs, 6,624 OCPUs with 80.4 TB of memory, and a mix of up to 3.65 PB of high-capacity storage and 1.2 PB of high-performance storage.
Powerful GPU VMs: up to four NVIDIA L40S GPUs, 108 Intel Xeon 8480+ CPU cores, 800-GB DDR5 memory, and 400 Gbps network bandwidth for the most demanding workloads.
Ultra-fast network connectivity: 800-Gbps data center connectivity that can directly connect an Exadata Cloud@Customer Machine to combine the power of GPUs with Oracle Database 23ai’s integrated AI Vector Search.

Description of multicloud-customer-and-oci.png follows

EU Sovereign Operations for Oracle Compute Cloud@Customer

In May 2025, Oracle announced the availability of Oracle EU Sovereign Operations for C3. This means, that C3 now also runs in the EU Sovereign Cloud, with the same pricing and the same service you know from commercial OCI regions.

Previously, operations and automation for Compute Cloud @ Customer were handled via global OCI control planes. With EU Sovereign Operations, that changes:

All automation and admin services now reside within Oracle’s EU Sovereign Cloud regions
Operations are managed by Oracle teams based in the EU, ensuring compliance
Hardware deployment and support is delivered by personnel authorized to work in the customer’s country

EU Sovereign Operations for Compute Cloud@Customer is offered with the control plane located in one of Oracle EU Sovereign Cloud regions, currently either Madrid, Spain or Frankfurt, Germany. This service is offered in European Union member countries and other select countries in Europe. The service delivers the same features, functions, value and service level objectives (SLOs) offered with Compute Cloud@Customer service with control planes from OCI Compute public regions.

Last Comments

In short, Oracle Compute Cloud@Customer is not just a cloud, it’s your sovereign cloud. It gives enterprises the tools they need to stay compliant, stay competitive, and stay in control. And that is what the next generation of digital sovereignty should look like.

Sovereignty Without Stagnation And The Real Cost of Operational Autonomy

Jul 1, 2025 | OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Sovereign Cloud

Everyone talks about sovereignty. But few talk about the trade-offs.
Across Europe, especially in Germany and Switzerland, operational autonomy is often seen as the gold standard for digital sovereignty. The idea: full control, no external dependencies, no surprises.

In theory, it’s a strong posture.
In practice? It can easily slow you down.

For highly regulated industries, it’s tempting to build walls around your systems to reduce exposure. But when operational autonomy becomes the central design principle, innovation suffers. You are no longer building for performance or scalability. You are building to minimize risk. And over time, that architecture becomes hard to evolve.

This is the balance we need to strike: Sovereignty without stagnation.

Autonomy Comes at a Cost

Operational autonomy/sovereignty means exactly what it says. It is the ability to run your digital environment independently, without reliance on foreign entities, external support teams, or global platforms. In regulated markets, that’s attractive. It means you control access, processes, and ultimately, risk.

But here’s the thing: autonomy isolates.

To maintain autonomy, many institutions move to self-managed stacks, siloed environments, or custom platforms that minimize external control, but also block external innovation.

Security updates? Slower.
Platform upgrades? Riskier.
Integration with modern SaaS or AI services? Most probably not.

In Germany and Switzerland, I have seen several projects stall for months. Not because the technology wasn’t ready, but because the operational model couldn’t support agile change. Teams were so focused on controlling every layer that they lost the ability to adopt new capabilities at speed.

Autonomy must not come at the cost of adaptability!

What really matters is who controls your operations:

Who can push updates to your systems?
Who manages escalation paths during outages?
Whose legal jurisdiction governs your support team?

This is the level of detail that regulators (and boards) now care about.
And yes, achieving this depth of control is hard. That is why many organizations default to “isolation”: they lock down their stack and cut themselves (disconnect) off from global services.

But this model only works for a while. Eventually, innovation pressure builds. AI, automation, cloud-native services – none of that fits cleanly into a closed system. Without a platform to safely absorb innovation, operational autonomy becomes a bottleneck, not a strength.

The Open Source Conversation – Freedom With Limits

Open source has always played an important role in reducing lock-in and increasing transparency. It gives you flexibility, choice, and in many cases even real control.

But we also need to acknowledge its limits, especially in enterprise environments.

Take the example of a Swiss industrial company. They run over 400 applications – a mix of off-the-shelf software, legacy platforms, and newer cloud-native solutions. They have adopted Kubernetes, Grafana, Prometheus, and open-source databases where it made sense. But they also rely on integrated enterprise systems for finance, HR, procurement, and logistics.

Could they replace every component with open source?
Maybe. But at what cost?

Who supports the platform during an audit?
Who integrates change management and compliance controls?
Who signs off on operational resilience?

This is where the promise of open source meets the reality of enterprise IT: not everything can or should be rebuilt just to reduce dependency. Open source is an important ingredient. But sovereignty also means being able to make informed choices, not ideological ones.

What I am seeing is this: teams spend months assembling monitoring stacks, security tools, compliance scripts etc., only to realize they have created something fragile, difficult to maintain, and sometimes completely undocumented for auditors.

The irony? In chasing autonomy, some organizations built systems less resilient than the platforms they were trying to avoid.

This is where pre-built sovereign cloud platforms can help. Not by locking you in, but by giving you compliance-aligned services that still let you move fast. With built-in logging, encryption, incident management, and support under local legal control, the platform handles the regulatory foundation. So your team can focus on what matters.

Isolation vs. Informed Independence

So, to summarize it, there are two paths organizations typically choose:

1. The Isolation Model

Control everything, self-manage infrastructure, and avoid foreign providers. This delivers maximum autonomy but at the cost of agility. Teams fall behind on updates, and integration becomes painful. Yep, innovation slows. Eventually, autonomy becomes a form of isolation.

2. The Informed Independence Model

Use a sovereign cloud platform with built-in compliance, local operations, and enterprise-grade services. Maintain flexibility and adopt open standards. But don’t reinvent what is already secure and certified. This lets you meet regulatory requirements without stalling digital progress. An example would be the EU Sovereign Cloud from Oracle.

Control Matters – But So Does Momentum

Sovereignty is about control. But let’s not forget: innovation needs momentum.

You can’t afford to build static systems in a dynamic world.
Yes, autonomy protects you, but only if you can also evolve, scale, and adapt.

The real challenge in sovereign cloud isn’t just achieving control.
It is doing it without losing your ability to build and innovate.

And that’s the future we need to design for: Sovereignty, without stagnation.

Enabling Public Sector Unity – How Oracle Alloy Could Power a Government Cloud and Cross-Agency Collaboration

Jun 19, 2025 | OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure

Building a “National Cloud” or a “Government Cloud” is a major strategic endeavour with implications for digital sovereignty, data protection, operational efficiency, and national resilience. Oracle Alloy is a powerful technology platform that can support such an initiative and that allows governments and large organizations to operate their own branded cloud, based on Oracle Cloud Infrastructure (OCI). It provides all the capabilities of OCI – compute, storage, networking, databases, security, AI/ML, analytics, and more – but it is deployed in your data centers with a local control plane.

In the heart of Europe, where neutrality, security, and privacy are mandatory infrastructure principles, your government is uniquely positioned to lead a global shift: from owning cloud infrastructure to renting it.

Disclaimer: This article reflects my opinions and views, not necessarily my employer’s.

From Lethargy to Leadership in Government IT

Let’s be honest. Too much of government IT has become stuck in survival mode.

Across Europe and around the world, some public institutions are weighed down by aging systems, fragmented infrastructure, and long procurement cycles. Innovation is slow, integration is painful, and by the time new technologies are implemented, they are already years behind what is available in the commercial sector.

This isn’t due to a lack of intelligence or intention. It is a product of the traditional government IT operating model: risk-averse, capital-intensive, and structurally disconnected from the pace of global cloud innovation. The result? Public sector agencies spend the bulk of their budgets maintaining legacy environments, not improving services.

Oracle Alloy could offer a clean break from that cycle and not by outsourcing sovereignty to a foreign hyperscaler, but by shifting how innovation enters government infrastructure in the first place.

And the goal isn’t just to modernize infrastructure. It’s to enable a new culture inside government IT. One where agencies experiment faster, share components more easily, and co-develop services that benefit citizens directly.

This is the moment for public sector IT to stop playing catch-up and start leading.

A Cloud You Rent. A Cloud You Don’t Own

The same actions lead to the same results. That is true in life and true in the IT world. Perhaps it is time for something new.

Oracle Alloy is not just another version of a private cloud stack, and it is not just an appliance or limited variant of someone else’s infrastructure. It is the entire Oracle Cloud Infrastructure stack. The same hyperperformant services that power global organizations from different verticals – made available as a complete, sovereign cloud platform, on your soil, under your law.

Since I am based in Switzerland, let’s take Switzerland as a hypothetical example.

From Federal Agencies to Cantons to Hospitals

In Switzerland, the public sector is fragmented across agencies, cantons, municipalities, education and healthcare institutions. Each with their own infrastructure, standards, security models, and legacy systems. The result is duplication of effort, siloed data, different partnerships, different technologies, different contracts, and limited cross-agency innovation.

A national cloud powered by Oracle Alloy could change that. Not by centralizing everything under one inflexible system, but by enabling a federated digital infrastructure with shared standards, shared services, and trusted interoperability.

The key is standardization without centralization. Oracle Alloy would allow each public body to have its own isolated tenant, its own billing, and its own compliance scope, while sharing the same underlying services, including:

Secure identity federation (SSO, MFA, IAM)
Confidential data exchange platforms (via object storage, APIs, or data mesh patterns)
Federated analytics and dashboards
Common DevOps pipelines and cloud-native tooling
Unified observability and logging
Shared AI and machine learning models trained on in-country data

This means that a doctor in a canton hospital could access lab results or insurance data from a federal agency: securely, instantly, and with full auditability. A municipality could reuse an open-source app developed by another canton. A crisis response unit could integrate data from multiple agencies in real time. All without the friction of incompatible systems!

The Swiss national cloud would not just be infrastructure. It would be an enabler of public-sector collaboration, built on trust, scalability, and shared sovereignty. The kind of cloud that reflects Swiss federalism: distributed, resilient, and built for cooperation.

Stop Stretching the Cloud

For years, public sector IT leaders have tried to “stretch” hyperscale cloud into local data centers by deploying limited hybrid extensions like cloud appliances, edge stacks, or modified regions that offer only a fraction of what public cloud delivers. That model is the wrong approach.

Government ITs follow a cloud-smart approach and want to host the right application in the right cloud based on specific reasons and data. Without Oracle Alloy, they would do something like this:

Continue to run an on-premises virtualization stack with VMware
Stretch AWS on-premises with AWS Outposts
Another department would use Azure Local to stretch some Azure services to their local data center
Use the public regions from AWS and Azure for some workloads

Alloy lets you stop stretching. It lets you collapse public cloud, private cloud, and hybrid cloud into one integrated platform with a single control plane, consistent developer experience, and full-service parity with OCI. All hosted in your data centers. Start operating the cloud!

Sovereign But Not Isolated

One of the myths about sovereign cloud solutions is that they must come at the cost of flexibility, that once a government or public sector organization chooses a national cloud, it locks itself into a single ecosystem. But the reality, especially with Oracle Alloy, is far more nuanced and far more strategic.

Oracle Alloy is a sovereign cloud platform that respects openness. It is designed to coexist, interoperate, and integrate with other cloud providers, open-source technologies, and enterprise platforms, making it the ideal foundation for a forward-looking multi-cloud strategy.

Freedom by Design – Open Source and Flexibility

One of the most pressing concerns when governments consider adopting a cloud platform is vendor lock-in. The fear of being bound to a single commercial stack with proprietary formats, proprietary APIs, and inflexible pricing. Is not theoretical, it is real, and it shapes procurement decisions at every level of the public sector.

With Oracle Alloy, the cloud is not only sovereign but also flexible by design, thanks to deep support for and contributions to open-source software, open standards, and open governance.

At the core of Oracle Cloud Infrastructure (OCI), and thus Alloy, are technologies that reflect a strong commitment to the open-source ecosystem:

Oracle Linux is the foundation for OCI compute, but fully compatible with Red Hat, CentOS, and upstream Linux
Kubernetes and container-native technologies are first-class citizens. Alloy supports managed Kubernetes (OKE), Helm, Docker, and service meshes out of the box.
Open database compatibility is key. While Oracle Database is world-class and widely used in governments and many other global enterprises, Alloy also supports PostgreSQL, MySQL, and other open-source databases through Oracle’s managed services or BYOL (bring your own license) models.
Terraform, the IaC standard, is natively supported across OCI and Alloy, letting teams automate deployments using vendor-neutral tooling.
Oracle contributes upstream to projects like Linux, MySQL, KVM, GraalVM, Kafka,Grafana, Helm, ArgoCD, and many more.

What would it mean for Switzerland in this case? This open foundation means Switzerland is never trapped.

Whether you are running containerized microservices for a municipal portal, deploying a PostgreSQL-backed health analytics app in a hospital, or training AI models using open ML frameworks, you are using tools that aren’t locked into Oracle, and can move with you.

A national cloud powered by Alloy could even host, extend, and contribute back to public-sector open-source projects. Imagine cantons co-developing shared services, releasing reusable modules for identity, payments, or civic engagement.

Sovereignty is not just about where your data lives. It is about having the freedom to choose, adapt, and innovate on your own terms.

A Commercial Cloud With a National Purpose

Oracle Alloy is an economic and governance model. As the Alloy operator, you could:

Customize the branding of the end customer console and alerts
Define pricing, rate cards, account types, and discount schedules with your end customers
Define the support structure and service levels for end customers and provide complete billing and lifecycle management
Do the onboarding and provide centralized support
Onboard third-party software vendors into a local cloud marketplace
Offer vertical zones for health, education, defense, justice – each with tailored compliance definitions
Govern access, identity, encryption, and telemetry end-to-end.

The platform would support multi-tenancy across agencies and sectors, enabling a true “cloud utility” model.

Oracle remains in the background, ensuring global-class infrastructure, high-availability SLAs, offering tier 2 and tier 3 support, access to innovation and the latest technologies, and deep engineering support. But you remain in the driver’s seat.

It gives nations a way to operate full-spectrum cloud services with hyperscale performance, but on local, sovereign terms. Not just for compliance, but for trust. Not just for data, but for the entire value chain of digital services.

The Future Is Federated

We need a model where sovereignty becomes a strategy and not a limitation.

Public sector cloud strategy isn’t about picking a winner. It is about building an architecture of trust, resilience, and choice. Oracle Alloy would enable a future where the national cloud can be the sovereign anchor, while still connecting to and coexisting with the global cloud economy.

Oracle Alloy is sovereign-first, but not cloud-exclusive. It is a platform for governments that want independence without isolation, and interoperability without compromise.

Modern Platform Engineering with OCI Dedicated Region

Jun 16, 2025 | OCI Dedicated Region, Oracle Cloud Infrastructure

While the cloud has redefined how we build and operate software, not every organization can or should adopt a public cloud-only approach and at the same time, traditional on-premises platforms have reached their limits in delivering the agility, scalability, and developer experience required today. Businesses are stuck between two extremes: modern cloud-native capabilities on one side, and strict regulatory, data sovereignty, and operational requirements on the other.

This is exactly where OCI Dedicated Region offers a compelling path forward. It brings the full cloud experience including all Oracle Cloud Infrastructure (OCI) services into the customer’s own data center. But what makes this interesting isn’t just that you are running cloud services locally. It is what you can do on top of that foundation.

Why Platform Engineering Matters More Than Ever

At its core, platform engineering is the discipline of designing, building, and maintaining internal platforms that serve the needs of software developers and delivery teams. Platform engineering has emerged as a key capability for organizations that want to balance speed and control. Instead of pushing developers to learn infrastructure or write YAML for every deployment, enterprises are building internal platforms: curated environments that provide consistent, secure, and easy-to-use tools for developers.

These platforms abstract away complexity without removing flexibility. They create what many call “golden paths”. A predefined, secure ways to deploy services, databases, or applications, based on best practices and operational standards. The goal is not to restrict developers but to free them up to focus on what matters: building and shipping value.

But building such a platform requires cloud-native capabilities like automation, APIs, managed services, observability, and self-service tooling. These are hard to achieve with legacy virtualization stacks. And while hyperscalers do provide those services, they often come with trade-offs – less control, data residency challenges, compliance concerns, and unpredictable egress costs.

With OCI Dedicated Region, organizations don’t have to choose between cloud capabilities and control. They get both.

Building Your Platform on OCI Dedicated Region

With OCI Dedicated Region deployed in your own data center, you get access to the full suite of Oracle’s cloud services: Kubernetes, functions, serverless, CI/CD pipelines, observability tooling, databases, analytics, and more. This means you can build an internal platform the same way leading SaaS providers do. Developers interact with self-service portals or APIs to provision environments, deploy containers, or spin up databases. The platform team designs reusable templates, enforces policy as code, and embeds security and compliance by default.

And the best part? You are not managing the underlying cloud infrastructure. Oracle does that for you. Updates, patching, capacity planning, and security operations are handled by Oracle, freeing up your platform team to focus on the layers where you create real business value – developer experience, productivity, and innovation.

It gives your team full flexibility in how the platform is built and consumed, without the heavy burden of running everything yourself.

Closing the Gaps Left by Hyperscalers

Provisioning a VM and handing it off to a team is no longer enough. Developers expect containers, automation, and self-service. And operations teams expect built-in observability, governance, and lifecycle management. While it is technically possible to build a platform on top of a legacy virtualization stack, the reality is that most organizations end up patching together too many disconnected tools. Integration becomes fragile, and the user experience is rarely smooth.

Public hyperscalers, on the other hand, offer highly integrated developer platforms. But for many industries (finance, healthcare, public sector) sending data to a public cloud simply isn’t an option. Compliance, latency, or sovereignty requirements block the move.

OCI Dedicated Region on-prem

Again, OCI Dedicated Region closes this gap. You get a modern cloud-native platform that stays in your data center, under your governance. You can integrate with existing security policies, identity providers, or enterprise systems. You can enforce your compliance models while still giving developers a first-class experience.

And if you already run Oracle databases or applications, this is even more interesting. Instead of managing those database systems separately, they become part of the same platform landscape.

Creating Value Where It Matters Most

One of the key shifts we are seeing in enterprise IT is the desire to focus on the areas where organizations can generate differentiated value. Nobody wants to reinvent the wheel when it comes to infrastructure or compliance. But most teams do want to invest in developer enablement, software quality, and time to market.

By running OCI Dedicated Region in your data center and building a modern platform on top of it, you’re essentially outsourcing the foundation – networking, compute, storage, database infrastructure, and operational plumbing – to Oracle. This frees your internal teams to focus on crafting “golden paths”, improving onboarding experiences, building reusable services, and driving developer adoption.

You are not just building a platform: you are creating an environment where your teams can deliver better software, faster, and with less risk.

Conclusion

The mandate to CIOs is clear: digital transformation without compromising on control, compliance, or operational resilience. OCI Dedicated Region presents a powerful option to balance innovation and accountability.

It is about how your organization builds and delivers software, how it supports business agility, and how it remains competitive in a world where time-to-market and developer productivity are key differentiators. Platform engineering powered by OCI Dedicated Region becomes a lever for both operational efficiency and strategic advancements.

For decision-makers looking to reimagine their IT foundation while delivering real value to the business, this is more than a technical solution. It is an opportunity. Now is the time to move from managing infrastructure to enabling outcomes.

And OCI Dedicated Region, combined with a modern platform engineering mindset, might just be the smartest step forward.

A Primer On Oracle Compute Cloud@Customer

Jun 10, 2025 | Kubernetes, OCI Dedicated Region, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer

Enterprises across regulated industries, such as banking, healthcare, and the public sector, often find themselves caught in a dilemma: they want the scale and innovation of the public cloud, but they can’t move their data off-premises due to regulatory, latency, or sovereignty concerns. The answer is not one-size-fits-all, and the market reflects that through several deployment models:

Public cloud vendors extending to on-premises (AWS Outposts, Azure Local + Azure Arc, Google Distributed Cloud Edge)
Software vendors offering a “private cloud” (Nutanix, VMware by Broadcom)
Hardware vendors offering “cloud-like” experiences (HPE GreenLake, Dell APEX, Lenovo TruScale)

Oracle C3 bridges the best of all three worlds:

Runs OCI control plane on-prem, with native compute, storage, GPU, and PaaS services
Keeps data resident while Oracle manages the infrastructure
Oracle manages hardware, software, updates, and lifecycle
Integration with Oracle Exadata and Autonomous Database
Same APIs, SDKs, CLI, and DevOps tools as OCI

Architecture

The Cloud Control Plane is an advanced software platform that operates within Oracle Cloud Infrastructure (OCI). It serves as the central management interface for deploying and operating resources, including those running on Oracle Compute Cloud@Customer. Customers access the Cloud Control Plane securely via a web browser, command-line interface (CLI), REST APIs, or language-specific SDKs, enabling flexible integration into existing IT and DevOps workflows.

At the heart of the platform is the identity and access management (IAM) system that allows multiple teams or departments to share a single OCI tenancy while maintaining strict control over access. Using compartments, organizations can logically organize and isolate resources such as Compute Cloud@Customer instances, and enforce granular access policies across the environment.

Communication between the Cloud Control Plane and the on-premises C3 system is established through a dedicated, secure tunnel. This encrypted tunnel is hosted by specialized management nodes within the rack. These nodes function as a gateway to the infrastructure, handling all control plane communications. In addition to maintaining the secure connection, they also:

Orchestrate cloud automation within the on-premises environment
Aggregate and route telemetry and diagnostic data to Oracle Support Services
Host software images and updates used for patching and maintenance

A diagram showing your tenancy in an OCI region, and how it connects to Compute Cloud@Customer in your data center.

Important: Even if connectivity between the Cloud Control Plane and the on-premises system is temporarily lost, virtual machines (VMs) and applications continue running uninterrupted on C3. This ensures high availability and operational continuity, even in isolated or restricted network environments.

Beyond deployment and orchestration, the Cloud Control Plane also handles essential lifecycle operations such as provisioning, patching, backup, and monitoring, and supports usage metering and billing.

Core Capabilities & Services

When you sign in to Oracle Compute Cloud@Customer, you gain access to the same types of core infrastructure resources available in the public Oracle Cloud Infrastructure (OCI). Here is what you can create and manage on C3:

Compute Instances. You can launch virtual machines (instances) tailored to your application requirements. Choose from various instance shapes based on CPU count, memory size, and network performance. Instances can be deployed using Oracle-provided platform images or custom images you bring yourself.
Virtual Cloud Networks (VCNs). A VCN is a software-defined, private network that replicates the structure of traditional physical networks. It includes subnets, route tables, internet/NAT gateways, and security rules. Every compute instance must reside within a VCN. On C3, you can configure the Load Balancing service (LBaaS) to automatically distribute network traffic.
Capacity and Performance Storage. Block Volumes, File Storage, Object Storage

Oracle Operator Access Control

To further support enterprise-grade security and governance, Oracle Compute Cloud@Customer includes Oracle Operator Access Control (OpCtl), which is a sophisticated system designed to manage and audit privileged access to your on-premises infrastructure by Oracle personnel. Unlike traditional support models, where vendor access can be blurred or overly permissive, OpCtl gives customers explicit control over every support interaction.

Before any Oracle operator can access the C3 environment for maintenance, updates, or troubleshooting, the customer must approve the request, define the time window, and scope the level of access permitted. All sessions are fully audited, with logs available to the customer for compliance and security reviews. This ensures that sensitive workloads and data remain under strict governance, aligning with zero-trust principles and regulatory requirements.

Available GPU Options on Compute Cloud@Customer

As enterprises aim to run AI, machine learning, digital twins, and graphics-intensive applications on-premises, Oracle introduced GPU expansion for Compute Cloud@Customer. This enhancement brings NVIDIA L40S GPU power directly into your data center.

Each GPU expansion node in the C3 environment is equipped with four NVIDIA L40S GPUs, and up to six of these nodes can be added to a single rack. For larger deployments, a second expansion rack can be connected, enabling support for a total of 12 nodes and up to 48 GPUs within a C3 deployment.

Oracle engineers deliver and install these GPU racks pre-configured, ensuring seamless integration with the base C3 system. These nodes connect to the existing compute and storage infrastructure over a high-speed spine-leaf network topology and are fully integrated with Oracle’s ZFS storage platform.

Platform-as-a-Service (PaaS) Offerings on C3

For organizations adopting microservices and containerized applications, Oracle Kubernetes Engine (OKE) on C3 provides a fully managed Kubernetes environment. Developers can deploy and manage Kubernetes clusters using the same cloud-native tooling and APIs as in OCI, while operators benefit from lifecycle automation, integrated logging, and metrics collection. OKE on C3 is ideal for hybrid deployments where containers may span on-prem and cloud environments.

The Logical Next Step After Compute Cloud@Customer?

Typically, organizations choose to move to OCI Dedicated Region when their cloud needs outgrow what C3 currently offers. As companies expand their cloud adoption, they require a richer set of PaaS capabilities, more advanced integration and analytics tools, and cloud-native services like AI and DevOps platforms that are not fully available in C3 yet. OCI Dedicated Region is designed to meet these demands by providing a comprehensive, turnkey cloud environment that is fully managed by Oracle but physically isolated within your data center.

I consider OCI Dedicated Region as the next-generation private cloud. If you are a VMware by Broadcom customer and looking for alternatives, have a look at 5 Strategic Paths from VMware to Oracle Cloud Infrastructure.

Final Thought – Choose the Right Model for Your Journey

Every organization is on its own digital transformation journey. For some, that means moving aggressively into the public cloud. For others, it’s about modernizing existing infrastructure or complying with tight regulations. If you need cloud-native services, enterprise-grade compute, and strong data sovereignty, Oracle Compute Cloud@Customer is one of the most complete and future-proof options available.