Oracle Compute Cloud@Customer Isolated – Sovereign Public Sector Hosting for Oracle Partners

Oracle Compute Cloud@Customer Isolated – Sovereign Public Sector Hosting for Oracle Partners

Jul 7, 2025 | OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer, Sovereign Cloud

Across Europe, public sector organisations are under increasing pressure to modernise their IT environments while maintaining full control over data, infrastructure, and operations. This is where Oracle partners can step in. With Oracle Compute Cloud@Customer Isolated (C3I), they now have the opportunity to offer sovereign cloud hosting services tailored to the needs of governments and regulated industries.

Oracle’s approach to digital sovereignty is not abstract. It is based on clearly defined principles that are embedded in the platform itself. With C3I, data – whether user data, metadata, or telemetry -remains entirely within the customer’s environment. Nothing is transmitted back to Oracle. The complete OCI control plane runs locally, fully disconnected from Oracle’s global infrastructure. This ensures that compliance requirements can be met without compromise.

Transparency and control are fundamental. There is no ongoing operator access to the system because C3I is an air-gapped, disconnected solution. Once installed, Oracle has no remote access to the environment. The installation and activation – including any expansion, such as GPU or storage racks – is handled on-site by Oracle’s field team. Ongoing operations, monitoring, and support are managed entirely by the hosting service provider (HSP), not by Oracle. Customers define their access policies, manage their own encryption keys, and control every layer of the platform.

Unlike traditional hosted solutions, C3I delivers the full Oracle Cloud Infrastructure (OCI) IaaS portfolio, along with key platform services such as Oracle Kubernetes Engine (OKE), all deployed within the HSP’s own data centre. This empowers Oracle Partners to offer modern, cloud-native infrastructure and container services to public-sector tenants, while keeping everything firmly under local control and governance.

What Makes C3I a Game‑Changer?

Besides OCI Dedicated Region, Alloy, and Oracle Isolated Cloud Region, C3I is Oracle’s most secure and sovereign cloud deployment model. One of the main drivers for adopting Oracle Compute Cloud@Customer Isolated is the need to run classified workloads in fully isolated environments. In this context, governments with strict regulations, ministries of defense, and intelligence services represent the key targeted customers.

What sets C3I apart is that its architecture is the entire control plane, the brain of OCI, is deployed inside the partner’s (or customer’s) premises. Again, there is no connection to Oracle’s public cloud regions, no shared management layer, and no external operator access. Once the system is installed, Oracle no longer has access. There is no remote telemetry, no persistent administrator credentials, and no automated updates. Every action, including patching, must be initiated and approved by the partner’s operators.

Despite its strict isolation, C3I delivers the same developer experience as the public cloud. Users can work with the same APIs, tools, and automation workflows. All core OCI services are available, from compute and storage to networking and IAM. This makes it possible to run modern applications, automate deployments, and enforce security policies. Just like in the public cloud, but with full control.

For Oracle partners, this opens new doors.

Hosting Multiple Tenants with IAM and Compartment Isolation

To serve multiple tenants on shared C3I infrastructure, Oracle relies on the strength of its Identity and Access Management (IAM) framework. Each tenant is hosted in a dedicated compartment, which acts as a logical and administrative boundary. Resources are isolated, policies are scoped, and access is strictly defined. IAM ensures that each tenant sees only what they are supposed to see and nothing more.

With compartments, policies, and groups, providers can implement fine-grained access control while still maintaining a clear operational model.

Oracle Compute Cloud@Customer Hosting Service Provider Model

On the networking side, Virtual Cloud Networks (VCNs) are provisioned per tenant. If connectivity is required between VCNs – let’s say, for shared services or for intercommunication – Dynamic Routing Gateways (DRGs) are used to establish secure and controlled interconnections. This approach allows for scalable, tenant-aware architectures without compromising performance or sovereignty.

C3I is Ready for AI – GPU Expansion Racks

C3I is not just built for traditional workloads. It is also designed to support next-generation applications, including those that require hardware acceleration. Currently, through dedicated GPU expansion racks, Oracle partners can add up to 48 NVIDIA L40S GPUs to a single C3I deployment. These GPUs are integrated into the system’s high-speed network and storage architecture, making them available to tenants just like any other OCI resource.

This capability allows Hosting Service Providers to offer GPU-as-a-Service directly to public-sector clients – ideal for AI, ML, and data analytics workloads that must remain within national borders. All resources are managed through the same local OCI control plane, keeping everything under the same compliance and operational framework.

The sensitive nature of government data demands absolute sovereignty. With Oracle C3I, sovereign AI becomes a reality.

Red Hat OpenShift Support

For Oracle Partners hosting public sector tenants on C3I, delivering enterprise-grade container platforms is critical. That’s why C3I fully supports Red Hat OpenShift, enabling end-customers to run their containerized workloads with confidence and flexibility.

OpenShift brings a comprehensive Kubernetes-based platform with advanced features like developer tools, integrated CI/CD pipelines, and robust security controls. By running OpenShift on C3I, customers benefit from a sovereign, isolated environment that meets strict regulatory demands, while leveraging the rich ecosystem and productivity of Red Hat’s market-leading container platform.

A Sovereign Platform That Grows With You

C3I starts with a strong baseline: 552 cores, 6.7 TB of RAM, and 150 TB of storage. But it doesn’t stop there. The platform can scale to 6’072 cores, 73.7 TB of memory, 3.65 Petabytes of high-capacity storage, and 1.2 Petabytes of high-performance storage.

Unlocking a New Business Model for Oracle Partners

For Oracle Partners, C3I creates a new type of service opportunity. Instead of simply reselling cloud subscriptions, they can operate a sovereign cloud environment, offering secure, isolated, and scalable hosting to public sector clients. It is a cloud environment you can trust, built for those who need to guarantee data residency and operational autonomy.

With C3I, Oracle provides the tools. Now it is time for partners to build the services.

Rethinking Digital Sovereignty – A Response to the Public Cloud Critique

Rethinking Digital Sovereignty – A Response to the Public Cloud Critique

Jul 3, 2025 | Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer, Sovereign Cloud

I understand it, believe me. The public cloud promised a lot: speed, scale, flexibility. But over time, cracks have appeared. Bills grow faster than workloads and compliance becomes harder, not easier. And some applications never really fit, especially those that demand low latency or strict control.

So, we are told, companies are pulling workloads back from the public cloud. These reverse cloud migrations are also known as cloud repatriation. You have to understand, it is not a reversal of digital transformation and the abandoning of public cloud – it’s a correction. A realignment based on experience, governance needs, and financial pressure.

But the answer isn’t to go backward, if your expectations have not been met. The challenge is to retain the benefits of the cloud – automation, elasticity, operational efficiency – while regaining the control that is often lost in the public model.

But moving away from the cloud doesn’t mean giving up the cloud. The real question is: how do we keep what worked and fix what didn’t?

Oracle Compute Cloud@Customer (C3) was built precisely for that purpose. It brings Oracle’s public cloud infrastructure and tooling into your data center, under your governance, with the same APIs, security, and operational model. What follows is how C3 directly addresses the core reasons driving repatriation and why many enterprises are choosing a more strategic hybrid path forward. C3 changes everything.

Cost Control Without Surprises

Ask any IT leader what drove their move to the cloud, and chances are “cost savings” is on the list. Ask them what drove them back, and they will likely say “cost surprises.” 🙂

Public cloud can scale, but it also scales your bill. Between data egress fees, idle VM costs, and unpredictable licensing, many organizations find their cloud TCO spiraling. Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer in this scenario, changes the equation. It delivers the OCI experience on-premises, in a consumption-based OpEx model, but with predictability built in. No data egress. No hidden costs. No guessing. Just clear, auditable resource usage within your own data center.

Performance Without Compromise

Latency is often a business risk. Trading platforms, AI inference, and high-speed transaction systems, they all demand millisecond or sub-millisecond responsiveness. But in the public cloud, compute and data are often separated across zones or regions.

With C3, you bring compute right to where your data lives. Ultra-low latency, high-throughput workloads no longer need to be shoehorned into far-off regions. The cloud comes to you and it is backed by high-performance storage, native GPU options, and OCI’s virtual cloud networking.

Data Sovereignty, Security & Compliance – Rebuilt for Reality

Oracle C3 provides on-premises infrastructure, fully managed by Oracle, but entirely controlled by you. Data never leaves your facility unless you allow it. Access is managed through Operator Access Control, which gives you precise control over who can log in, when, and for what. Encryption at rest, in motion, and during access? Built in. Full audit trails? Native. That is the level of control regulators expect and enterprises now demand.

Governance, Visibility & Control

One of the hidden challenges of public cloud? Shadow IT. Teams spin up services without oversight, leading to risks in compliance, billing, and security posture.

With Oracle C3, everything runs within the bounds of your governance framework. You control IAM, compartmentalization, policy enforcement, tagging, metering, and quotas. It is the same control plane as OCI, so your security posture doesn’t depend on where the workload runs.

Operational Resilience You Actually Own

Let’s be honest: handing over infrastructure management can reduce operational overhead, but it can also mean giving up visibility, scheduling flexibility, and recovery control.

Oracle Compute Cloud@Customer delivers the best of both worlds. Oracle manages the infrastructure lifecycle, from firmware updates to patching. But you define the maintenance windows, and the failover behaviour. DR scenarios, backup policies, hardware separation – they are yours to orchestrate.

What Is Operator Access Control?

Oracle Operator Access Control (OpCtl) is a feature used in products like Oracle Compute Cloud@Customer (C3) and Exadata Cloud@Customer, designed to give customers:

  • Explicit approval over Oracle’s administrative access

  • Time-bound, purpose-specific access windows

  • Comprehensive logging and session recording

  • Segregation of duties and multi-party authorization

So, before any Oracle operator can access the C3 environment for maintenance, updates, or troubleshooting, the customer must approve the request, define the time window, and scope the level of access permitted. All sessions are fully audited, with logs available to the customer for compliance and security reviews. This ensures that sensitive workloads and data remain under strict governance, aligning with zero-trust principles and regulatory requirements. 

A diagram showing your tenancy in an OCI region, and how it connects to Compute Cloud@Customer in your data center.

So, in practice, you can say:

“No one from Oracle can access my infrastructure unless I approve it, for a specific task, at a specific time.”

This is an excellent feature and tool for operational governance, auditability, and security assurance.

If you think about the U.S. CLOUD Act, then OpCtl, in my opinion, strengthens your legal and practical posture since you control the external access to the C3 systems. Additionally, you can provide proof and logs that no access occurred without your approval.

Let’s Think Differently. Give It A Try!

A Swiss professor recently outlined four conditions for digital sovereignty in the public cloud. The assumptions are valid, but they are also rooted in a narrow view of how the cloud has to work. If you want cloud, you have to give up control. And if you want sovereignty, you have to give up most of the cloud (services).

That binary thinking doesn’t hold up anymore. And it never should have. 

Let’s be clear: digital sovereignty is not about avoiding cloud, it’s about deploying it on your terms. And that’s exactly what Oracle Compute Cloud@Customer (C3) enables as a third path (besides public cloud and repatriation).

Let’s take the arguments one by one.

1. “Only unmodified open source software ensures sovereignty”

Yes, I agree, open standards matter. But sovereignty isn’t just about code transparency. It’s about control over where software runs, how it’s operated, and who has access.

With C3, you run any open-source stack you want, inside your own data center. But more importantly, you also control the platform it runs on. Compute, storage, and networking stay within your facility, under your governance. You decide the architecture, the patch cycle, and the integrations. And you do it without giving up cloud automation, elasticity, or DevOps tooling.

2. “Internal know-how must be retained”

Agreed. Sovereignty without competence is meaningless.

C3 supports the same APIs, SDKs, Terraform modules, and CLI as the Oracle public cloud. That means your teams build skills once and apply them everywhere – on-premises, in the public cloud, or across hybrid landscapes.

You keep operational knowledge in-house. You train on real cloud-native patterns. And you run them on infrastructure that belongs to you.

3. “Avoid proprietary, specialized services”

This is where things get nuanced.

Most enterprises don’t want to avoid modern services. They just want freedom of movement (aka portability). With C3, you are not locked into proprietary ecosystems. You get the full Oracle Cloud Infrastructure stack but deployed in your data center, on infrastructure fully under your legal and physical control.

Because the environment is API-compatible with OCI, you are not locked in – you are portable by design. Move workloads to Oracle public regions. Or any other cloud. Or don’t. It is your choice. I would call that leverage.

4. “SaaS without data export is unacceptable”

Right again. Exit strategy matters.

C3 isn’t SaaS. It’s IaaS and PaaS delivered as a service inside your firewall. And because you control the storage, the networking, and the OS stack, you always retain the ability to export your data by using open formats, standard tools, and your own access policies.

Want to back up to another system? Build cross-platform failover? Disconnect from Oracle entirely? No problem. Your data stays in your hands.

Final Thought

Cloud repatriation is happening for good reasons. But walking away from cloud entirely isn’t the answer. The better move is to rethink where the cloud belongs and who’s in control of it.

Oracle Compute Cloud@Customer gives you the cloud experience your teams want, with the sovereignty your business needs.

And today, that may be the one most strategic infrastructure choice you can make (besides Oracle’s EU Sovereign Cloud and Dedicated Cloud offerings).

If you are working in the public sector, have a look at this article: Enabling Public Sector Unity – How Oracle Alloy Could Power a Government Cloud and Cross-Agency Collaboration

Oracle Compute Cloud@Customer – 10 IaaS Use Cases for SMBs

Oracle Compute Cloud@Customer – 10 IaaS Use Cases for SMBs

Jul 2, 2025 | Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer

Not every workload belongs in the public cloud. For small and mid-sized businesses, the reasons are often crystal clear: compliance, data residency, latency sensitivity, or the simple need for control.

Oracle Compute Cloud@Customer (C3) brings the full Oracle Cloud Infrastructure (OCI) IaaS stack into your own data center. Same services. Same APIs. Same automation. Just under your roof.

So what does that mean in practice? Here are 10 concrete use cases where C3 delivers real value.

1. Regulatory Zone: Data Sovereignty Compute

Industries like healthcare, finance, and public services often can’t move regulated data off-prem. With C3, you get:

  • Compute: VMs and bare metal instances

  • Storage: Block, object, and file storage

  • Networking: VCNs, security lists, route tables, subnets

  • IAM: OCI-native identity policies and compartments

This stack runs entirely on-prem, ensuring compliance while giving you full elasticity and automation.

2. Edge Accelerator: Low-Latency AI/ML

AI/ML workloads at the edge demand local processing. With C3’s GPU-enabled compute shapes and fast local networking, you can:

  • Run inference or training close to where the data is generated

  • Use high-performance block storage for datasets

  • Leverage VCN and subnets for secure and segmented data flows

Perfect for industrial analytics, real-time decision-making, or imaging workloads that can’t wait for the cloud.

3. Legacy Modernizer: Lift-and-Shift Platform

Modernization doesn’t have to mean refactoring. Migrate your legacy systems onto OCI compute and storage services:

  • Compute: OCI-compatible VM shapes for Windows, Linux, and custom OS images

  • Block Storage: Persistent volumes with high IOPS

  • Networking: VCN, subnets, and security lists for segmentation

  • Automation: Terraform, CLI, SDKs for fully scripted provisioning

Your legacy stack gets modern infrastructure without cloud lock-in or rewrites.

4. Hybrid Bridge: Seamless Cloud Integration

C3 extends your OCI tenancy into your own environment, enabling true hybrid operations:

  • Networking: Site-to-site VPN or FastConnect

  • Compute & Storage Replication: Move workloads or data between C3 and OCI regions

  • Automation: Use OCI APIs, SDKs, or Terraform across both footprints

With shared identity, policies, and tooling, C3 makes hybrid cloud feel like one seamless platform.

5. DevOps Sandbox: On-Prem CI/CD Pipelines

Dev teams benefit from production-like test environments – C3 provides them:

  • Compute: Ephemeral or persistent VM shapes for test environments

  • Object Storage: Store build artifacts, container images, or logs

  • VCNs: Isolate test networks for security

  • Automation: Run pipelines with familiar OCI SDKs, CLI, and Terraform

Test, deploy, and iterate locally with the same tools you use in OCI.

6. Secure Multi-Tenant: Departmental or Customer Isolation

Multi-tenancy is built into C3 with OCI’s native controls:

  • VCNs & Subnets: Logical separation of environments

  • Security Lists & NSGs: Define granular traffic rules

  • IAM: Fine-grained access controls per team, tenant, or department

  • Compartments: Organizational units for governance and billing

Whether you are a service provider or just segmenting business units, it’s multi-tenant by design.

7. Disaster Recovery Node: Local DR Site

Use C3 as a fast, local disaster recovery target:

  • Block Storage: Replicate volumes from primary sites

  • Compute: Pre-provision failover VM templates

  • Networking: Keep standby environments isolated until needed

  • Automation: Use OCI APIs or CLI to orchestrate recovery steps

C3 gives you a DR solution with minimal latency, full control, and no third-party dependencies.

8. SaaS Host: On-Prem Application Delivery

For delivering custom SaaS apps on-premises, C3 gives you:

  • Compute: Scale-out VM or bare metal shapes

  • Storage: Block storage for application data, object storage for backups and logs

  • Networking & IAM: Secure customer or tenant access with OCI VCNs and IAM policies

  • Automation: Automate provisioning and patching with Terraform or Ansible

Keep control of data location and meet strict hosting requirements without sacrificing automation.

9. HPC Cluster: High-Performance Compute Workloads

Scientific computing, simulations, and modeling all need power and throughput. C3 delivers:

  • Bare Metal Compute: High-core CPUs or GPU-enabled shapes

  • Block Storage: High-throughput, low-latency volumes

  • VCN Networking: Low-latency, high-bandwidth internal networking

  • Automation: Automate batch jobs and cluster provisioning

Run parallel workloads with full performance and zero public cloud exposure.

10. Cloud-Native Factory: Microservices and Containers

Modern apps are built as services. C3 provides a flexible platform for running containerized workloads:

  • Compute: VM shapes optimized for Kubernetes or container runtimes

  • Object Storage: Store unstructured data and backups

  • VCNs: Service discovery and secure east-west traffic

  • IAM & Policies: Control who can deploy, scale, and access services

  • Automation: Script infra using OCI-native modules

Build your own cloud-native stack on-premises, with no compromises.

OCI IaaS – Now Running Inside Your Data Center

C3 isn’t just “cloud-like infrastructure”, it’s a managed extension of OCI inside your own data center. While it doesn’t operate as a full OCI region, it gives you consistent architecture, tooling, and governance:

  • OCI Tenancy Integration: C3 connects directly to your OCI tenancy and control plane

  • Logical Domains: Configure availability and fault domains within C3 for redundancy and workload isolation

  • Compute & Storage: Use the same VM shapes, block storage, and object storage services as in OCI

  • Networking: Build out networks with VCNs, subnets, route tables, NSGs, and security lists (identical to OCI)

  • IAM: Apply OCI policies, compartments, and user access controls locally

  • Automation: Leverage the same Terraform modules, SDKs, and CLI used in OCI public regions

You get core OCI IaaS services, fully managed by Oracle, but physically hosted in your data center, without needing to change your tools, APIs, or architecture principles.

Oracle Compute Cloud@Customer – The Sovereign Cloud Platform Europe Has Been Waiting For

Oracle Compute Cloud@Customer – The Sovereign Cloud Platform Europe Has Been Waiting For

Jul 2, 2025 | Kubernetes, OCI Dedicated Region, Oracle Alloy, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer, Sovereign Cloud

Europe has always taken data privacy, neutrality, and independence seriously. Whether you are operating in government, healthcare, banking, or energy, the message is clear: sensitive workloads need to stay within national borders. However, sovereignty shouldn’t come at the expense of innovation, agility, or cost efficiency. This is exactly where Oracle Compute Cloud@Customer (C3) steps in.

With C3, you are not forced to choose between the benefits of public cloud and the control of on-prem infrastructure. You get both. Oracle brings a consistent, fully managed OCI experience directly into your data center or trusted hosting environment.

This is cloud designed for data residency and regulatory alignment, without compromise. Customers retain full operational control thanks to Oracle’s secure Operator Control and disconnected operating model, giving you full autonomy over who can access what and when. If you don’t want Oracle to touch it, they won’t.

But this isn’t just about compliance, it’s about enabling innovation. With C3, organizations can develop once and run anywhere. You can build modern applications on OCI using containers, Kubernetes, or virtual machines (VMs), and then deploy them on-prem with C3, in a public OCI region, or any hybrid setup. This gives developers and architects freedom, without forcing the business into compliance headaches.

Even more compelling: C3 is priced the same as the public OCI regions. No “on-prem premium.” Unlike other hyperscalers that charge more for bringing cloud services into your data center, Oracle keeps the economics consistent. That means you can deploy at scale wherever you need it, without blowing your IT budget. And because OCI is up to 60% cheaper than competitors – especially for IaaS-heavy workloads and managed Kubernetes – C3 becomes not just a compliance play, but a strategic cost advantage.

For organizations already running Exadata Cloud@Customer (ExaCC), the transition to C3 is seamless. You extend the same OCI architecture from your Oracle Database infrastructure to your full application landscape – compute, storage, network, containers, and more – all under one public OCI control plane. One architecture, one operational model, full sovereignty.

And for those looking to modernize full application stacks from databases to middleware to frontend services, C3 provides the flexibility to run both Oracle and open-source technologies.

Note: Those requiring the full breadth of OCI services in a sovereign, connected environment, Oracle also offers OCI Dedicated Region

Oracle Compute Cloud@Customer Isolated – The Next Level of Sovereignty

Oracle has taken the concept of sovereign cloud one step further. With Oracle Compute Cloud@Customer Isolated (C3I), organizations can now run cloud-native workloads in a fully air-gapped environment, without any operational dependency on Oracle. No outbound connections. No Oracle-managed control plane. No shared infrastructure. Just full autonomy and local control. C3I Oracle owned and customer/partner managed.

it’s a real, production-ready deployment model for mission-critical and highly regulated environments. Designed specifically for governments, defense, intelligence, and critical infrastructure operators like Telcos, Compute Cloud@Customer Isolated addresses scenarios where even a standard sovereign cloud isn’t enough.

The platform runs the same core OCI services  (compute, storage, networking, Kubernetes) but is completely disconnected from Oracle’s global cloud infrastructure. Everything is deployed on-premises in your trusted facility, and operated entirely by your own team or a national partner under your control. Oracle is not in the loop. No telemetry is sent back. No patching happens unless you initiate it.

For Europe, this matters. Regulations are tightening. Risk tolerance is dropping. And cloud decisions now sit under the spotlight of data strategy, digital self-determination, and public trust. With C3I, organizations don’t need to compromise. You can modernize legacy infrastructure, run secure workloads, and meet the strictest data protection laws without handing over operational control to a foreign hyperscaler.

Oracle Compute Cloud@Customer Isolated

So if you’re building for maximum sovereignty, whether for a national security project, a classified analytics platform, or a regulated healthcare system, C3I gives you the control you need, without the complexity of building it all from scratch.

Note: those requiring the full breadth of OCI services in a sovereign, air-gapped environment, Oracle also offers an Isolated Region. It delivers the complete OCI stack, including advanced PaaS and data services, fully disconnected and deployed inside your own data center. It’s the natural next step when C3I isn’t enough.

Cloud-Native at Home – Modernizing Legacy Workloads on C3

Whether you are building microservices, deploying containers with Kubernetes, or refactoring legacy applications, C3 gives you the flexibility and tools to modernize at your own pace without sending data to the public cloud.

For many organizations, this is especially relevant when looking at existing on-premises environments. C3 opens a new path for modernizing applications without a full lift-and-shift. You can gradually move critical services from traditional virtual machines into containers, adopt infrastructure-as-code practices, and standardize on CI/CD pipelines. All within a compliant, in-country environment that mirrors public OCI.

Using OCI services like OKE (Oracle Kubernetes Engine) on C3, teams can deploy cloud-native apps alongside traditional workloads. It is entirely possible to run a legacy database VM next to containerized microservices, with consistent networking, storage, and security policies across both. This hybrid model is ideal for customers who want to modernize existing applications incrementally, without taking unnecessary risks.

For VMware and Nutanix customers, C3 provides a future-ready landing zone. You can continue to run VM-based workloads on OCI-compatible compute shapes and use that as the foundation to containerize where it makes sense. This avoids expensive rewrites or disruptive replatforming. Instead, C3 supports a phased modernization strategy.

Note: OKE on C3 is free. Standard OCI pricing for VM nodes applies. 

Oracle Compute Cloud@Customer Supports Red Hat OpenShift

Oracle Compute Cloud@Customer (C3) keeps expanding its capabilities for customers, and a key recent addition is support for Red Hat OpenShift.

Artificial Intelligence on Compute Cloud@Customer

With Oracle’s announcement in February 2025, customers can add Nvidia GPUs to C3 deployments with the following key features:

  • Independent scaling of GPUs, compute, and storage: up to 48 L40S NVIDIA GPUs, 6,624 OCPUs with 80.4 TB of memory, and a mix of up to 3.65 PB of high-capacity storage and 1.2 PB of high-performance storage.
  • Powerful GPU VMs: up to four NVIDIA L40S GPUs, 108 Intel Xeon 8480+ CPU cores, 800-GB DDR5 memory, and 400 Gbps network bandwidth for the most demanding workloads.
  • Ultra-fast network connectivity: 800-Gbps data center connectivity that can directly connect an Exadata Cloud@Customer Machine to combine the power of GPUs with Oracle Database 23ai’s integrated AI Vector Search.

Description of multicloud-customer-and-oci.png follows

EU Sovereign Operations for Oracle Compute Cloud@Customer

In May 2025, Oracle announced the availability of Oracle EU Sovereign Operations for C3. This means, that C3 now also runs in the EU Sovereign Cloud, with the same pricing and the same service you know from commercial OCI regions.

Previously, operations and automation for Compute Cloud @ Customer were handled via global OCI control planes. With EU Sovereign Operations, that changes:

  • All automation and admin services now reside within Oracle’s EU Sovereign Cloud regions

  • Operations are managed by Oracle teams based in the EU, ensuring compliance

  • Hardware deployment and support is delivered by personnel authorized to work in the customer’s country

EU Sovereign Operations for Compute Cloud@Customer is offered with the control plane located in one of Oracle EU Sovereign Cloud regions, currently either Madrid, Spain or Frankfurt, Germany. This service is offered in European Union member countries and other select countries in Europe. The service delivers the same features, functions, value and service level objectives (SLOs) offered with Compute Cloud@Customer service with control planes from OCI Compute public regions.

Last Comments

In short, Oracle Compute Cloud@Customer is not just a cloud, it’s your sovereign cloud. It gives enterprises the tools they need to stay compliant, stay competitive, and stay in control. And that is what the next generation of digital sovereignty should look like.

A Primer On Oracle Compute Cloud@Customer

A Primer On Oracle Compute Cloud@Customer

Jun 10, 2025 | Kubernetes, OCI Dedicated Region, Oracle Cloud Infrastructure, Oracle Compute Cloud@Customer

Enterprises across regulated industries, such as banking, healthcare, and the public sector, often find themselves caught in a dilemma: they want the scale and innovation of the public cloud, but they can’t move their data off-premises due to regulatory, latency, or sovereignty concerns. The answer is not one-size-fits-all, and the market reflects that through several deployment models:

  1. Public cloud vendors extending to on-premises (AWS Outposts, Azure Local + Azure Arc, Google Distributed Cloud Edge)
  2. Software vendors offering a “private cloud” (Nutanix, VMware by Broadcom)
  3. Hardware vendors offering “cloud-like” experiences (HPE GreenLake, Dell APEX, Lenovo TruScale)

Oracle C3 bridges the best of all three worlds:

  • Runs OCI control plane on-prem, with native compute, storage, GPU, and PaaS services
  • Keeps data resident while Oracle manages the infrastructure
  • Oracle manages hardware, software, updates, and lifecycle
  • Integration with Oracle Exadata and Autonomous Database
  • Same APIs, SDKs, CLI, and DevOps tools as OCI

Architecture

The Cloud Control Plane is an advanced software platform that operates within Oracle Cloud Infrastructure (OCI). It serves as the central management interface for deploying and operating resources, including those running on Oracle Compute Cloud@Customer. Customers access the Cloud Control Plane securely via a web browser, command-line interface (CLI), REST APIs, or language-specific SDKs, enabling flexible integration into existing IT and DevOps workflows.

At the heart of the platform is the identity and access management (IAM) system that allows multiple teams or departments to share a single OCI tenancy while maintaining strict control over access. Using compartments, organizations can logically organize and isolate resources such as Compute Cloud@Customer instances, and enforce granular access policies across the environment.

Communication between the Cloud Control Plane and the on-premises C3 system is established through a dedicated, secure tunnel. This encrypted tunnel is hosted by specialized management nodes within the rack. These nodes function as a gateway to the infrastructure, handling all control plane communications. In addition to maintaining the secure connection, they also:

  • Orchestrate cloud automation within the on-premises environment
  • Aggregate and route telemetry and diagnostic data to Oracle Support Services
  • Host software images and updates used for patching and maintenance

A diagram showing your tenancy in an OCI region, and how it connects to Compute Cloud@Customer in your data center.

Important: Even if connectivity between the Cloud Control Plane and the on-premises system is temporarily lost, virtual machines (VMs) and applications continue running uninterrupted on C3. This ensures high availability and operational continuity, even in isolated or restricted network environments.

Beyond deployment and orchestration, the Cloud Control Plane also handles essential lifecycle operations such as provisioning, patching, backup, and monitoring, and supports usage metering and billing.

Core Capabilities & Services

When you sign in to Oracle Compute Cloud@Customer, you gain access to the same types of core infrastructure resources available in the public Oracle Cloud Infrastructure (OCI). Here is what you can create and manage on C3:

  • Compute Instances. You can launch virtual machines (instances) tailored to your application requirements. Choose from various instance shapes based on CPU count, memory size, and network performance. Instances can be deployed using Oracle-provided platform images or custom images you bring yourself.
  • Virtual Cloud Networks (VCNs). A VCN is a software-defined, private network that replicates the structure of traditional physical networks. It includes subnets, route tables, internet/NAT gateways, and security rules. Every compute instance must reside within a VCN. On C3, you can configure the Load Balancing service (LBaaS) to automatically distribute network traffic.
  • Capacity and Performance Storage. Block Volumes, File Storage, Object Storage

Oracle Operator Access Control

To further support enterprise-grade security and governance, Oracle Compute Cloud@Customer includes Oracle Operator Access Control (OpCtl), which is a sophisticated system designed to manage and audit privileged access to your on-premises infrastructure by Oracle personnel. Unlike traditional support models, where vendor access can be blurred or overly permissive, OpCtl gives customers explicit control over every support interaction.

Before any Oracle operator can access the C3 environment for maintenance, updates, or troubleshooting, the customer must approve the request, define the time window, and scope the level of access permitted. All sessions are fully audited, with logs available to the customer for compliance and security reviews. This ensures that sensitive workloads and data remain under strict governance, aligning with zero-trust principles and regulatory requirements. 

Available GPU Options on Compute Cloud@Customer

As enterprises aim to run AI, machine learning, digital twins, and graphics-intensive applications on-premises, Oracle introduced GPU expansion for Compute Cloud@Customer. This enhancement brings NVIDIA L40S GPU power directly into your data center.

Each GPU expansion node in the C3 environment is equipped with four NVIDIA L40S GPUs, and up to six of these nodes can be added to a single rack. For larger deployments, a second expansion rack can be connected, enabling support for a total of 12 nodes and up to 48 GPUs within a C3 deployment.

Oracle engineers deliver and install these GPU racks pre-configured, ensuring seamless integration with the base C3 system. These nodes connect to the existing compute and storage infrastructure over a high-speed spine-leaf network topology and are fully integrated with Oracle’s ZFS storage platform.

Platform-as-a-Service (PaaS) Offerings on C3

For organizations adopting microservices and containerized applications, Oracle Kubernetes Engine (OKE) on C3 provides a fully managed Kubernetes environment. Developers can deploy and manage Kubernetes clusters using the same cloud-native tooling and APIs as in OCI, while operators benefit from lifecycle automation, integrated logging, and metrics collection. OKE on C3 is ideal for hybrid deployments where containers may span on-prem and cloud environments.

The Logical Next Step After Compute Cloud@Customer?

Typically, organizations choose to move to OCI Dedicated Region when their cloud needs outgrow what C3 currently offers. As companies expand their cloud adoption, they require a richer set of PaaS capabilities, more advanced integration and analytics tools, and cloud-native services like AI and DevOps platforms that are not fully available in C3 yet. OCI Dedicated Region is designed to meet these demands by providing a comprehensive, turnkey cloud environment that is fully managed by Oracle but physically isolated within your data center.

I consider OCI Dedicated Region as the next-generation private cloud. If you are a VMware by Broadcom customer and looking for alternatives, have a look at 5 Strategic Paths from VMware to Oracle Cloud Infrastructure.

Final Thought – Choose the Right Model for Your Journey

Every organization is on its own digital transformation journey. For some, that means moving aggressively into the public cloud. For others, it’s about modernizing existing infrastructure or complying with tight regulations. If you need cloud-native services, enterprise-grade compute, and strong data sovereignty, Oracle Compute Cloud@Customer is one of the most complete and future-proof options available.