Back to Blog
Building a Secure VCN in OCI: A Complete Guide for Small Businesses

Building a Secure VCN in OCI: A Complete Guide for Small Businesses

   Mariusz Antonik    Oracle Cloud (OCI)    3 min read    470 views

1. Introduction

In this guide, I’ll take you through a deep technical walkthrough of building a Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure. If you’re a small business owner, developer, or network engineer, this is the foundation of everything you will ever deploy in OCI.

A poorly designed VCN creates ongoing problems—slow services, blocked traffic, security exposures, and troubleshooting nightmares. A well-designed VCN gives you speed, visibility, and a rock-solid security posture.

2. What Problem This Solves

Most new OCI tenants suffer from:

  • VCN scattered across random subnets

  • Missing route table entries

  • Wide-open 0.0.0.0/0 firewall rules

  • Unnecessary exposure of compute instances

  • No compartment or regional structure

This post solves exactly that—a clean, secure, production-ready VCN setup.

3. Step-by-Step Guide

Step 1 — Create the VCN

OCI Console → Networking → Virtual Cloud Networks → Create VCN

Recommended CIDR:

 
10.0.0.0/16

CLI

 
oci network vcn create \ --cidr-block 10.0.0.0/16 \ --compartment-id <compartment_ocid> \ --display-name prod-vcn

Step 2 — Create Subnets

Recommended structure:

Subnet CIDR Type Purpose
public-lb 10.0.10.0/24 Public Load balancers
app-private 10.0.20.0/24 Private App servers
db-private 10.0.30.0/24 Private Databases

CLI

 
oci network subnet create \ --vcn-id <vcn_ocid> \ --cidr-block 10.0.20.0/24 \ --display-name app-private \ --prohibit-public-ip-on-vnic true \ --compartment-id <compartment_ocid>

Step 3 — Create Gateways

Internet Gateway

 
oci network internet-gateway create \ --vcn-id <vcn_ocid> \ --is-enabled true \ --display-name igw-prod

NAT Gateway

 
oci network nat-gateway create \ --vcn-id <vcn_ocid> \ --display-name nat-prod

Service Gateway (important for DB + Object Storage)

 
oci network service-gateway create \ --vcn-id <vcn_ocid> \ --services '[{"serviceId":"all-gru-services"}]' \ --display-name sgw-prod

Step 4 — Configure Route Tables

App subnet route:

 
0.0.0.0/0 → NAT Gateway objectstorage → Service Gateway

Step 5 — Secure Network with Security Lists

Example security list:

 
# Allow SSH only from your home/work IP oci network security-list update \ --security-list-id <sl_id> \ --egress-security-rules '[{"protocol":"all","destination":"0.0.0.0/0"}]' \ --ingress-security-rules '[ {"protocol":"6","source":"203.0.113.0/24","tcpOptions":{"destinationPortRange":{"min":22,"max":22}}}, {"protocol":"6","source":"10.0.0.0/16","tcpOptions":{"destinationPortRange":{"min":80,"max":80}}} ]'

4. Architecture Diagram

 
┌──────────────────────────────┐ │ Oracle Region │ └──────────────┬───────────────┘ VCN (10.0.0.0/16) ┌──────────────────────────────────────────────────────────────┐ │ Public Subnet (10.0.10.0/24) │ │ ┌───────────────┐ │ │ │ LB (Public) │───Internet Gateway │ │ └───────────────┘ │ ├──────────────────────────────────────────────────────────────┤ │ App Private Subnet (10.0.20.0/24) │ │ ┌───────────────┐ │ │ │ Compute Nodes │───NAT Gateway │ │ └───────────────┘ │ ├──────────────────────────────────────────────────────────────┤ │ DB Private Subnet (10.0.30.0/24) │ │ ┌───────────────┐ │ │ │ MySQL/ATP │───Service Gateway → Object Storage │ │ └───────────────┘ │ └──────────────────────────────────────────────────────────────┘

5. Best Practices

  • Never assign public IPs to compute unless absolutely required

  • Prefer NAT Gateway for outbound traffic

  • Use network security groups instead of security lists for large deployments

  • Create dedicated compartments per environment: prod, qa, dev

  • Always use private subnets for databases

  • Enable VCN Flow Logs for troubleshooting

6. Common Errors / Troubleshooting

Error Cause Fix
Cannot SSH to compute Public subnet missing Move instance or add public IP
Database cannot reach Object Storage No Service Gateway route Add route entry
App cannot reach DB Security list blocking port Add TCP port 3306/1521 rule
Server has no internet Missing NAT route Update route table

7. Summary

You now have a complete, secure, and scalable VCN design ready for production or Always Free Tier environments. This is the backbone of every OCI deployment—compute, databases, load balancers, OKE, and more.

Since this is a networking-related post, CTA = Lead Magnet

👉 Download my free guide:
7 OCI Networking Mistakes to Avoid
https://dmcloudarchitect.com/c/7_oci_mistakes_to_avoid.html

Tags: #OCI
Share: Twitter LinkedIn Facebook
Read Next
Recover lost access to OCI server - lost passwrod for RSA key
Dec 03, 2025
Install AI CLI tools
Install AI CLI tools
Dec 07, 2025
How to Deploy Compute Servers in OCI: A Practical Deep-Dive Guide
How to Deploy Compute Servers in OCI: A Practical Deep-Dive Guide
Dec 09, 2025
Securing Your OCI Network: Practical Best Practices for Every Deployment
Securing Your OCI Network: Practical Best Practices for Every Deployment
Dec 09, 2025
About the Author
Mariusz Antonik

Oracle Cloud Infrastructure expert and consultant specializing in database management and automation.

Recent Posts
Track CPU Utilization on Linux Server (Simple & Practical Guide)
Apr 30, 2026 Infrastructure Trends vs Alerts: How to Prevent Server Outages Early
Apr 27, 2026 Simple Monitoring for Small Business Infrastructure
Apr 26, 2026 Lightweight Linux Monitoring That Actually Works
Apr 26, 2026 Infrastructure Health vs Monitoring: Why Trends Matter More Than Alerts
Apr 24, 2026
All Tags
#Advanced #alerts #Bash #bash cpu monitoring script #bash monitoring #bash scripting #Beginner #Best Practices #block volume backup #Capacity Planning #cloud backup strategy #cpu bottleneck #CPU Monitoring #cpu monitoring linux #cpu monitoring script linux #cpu trends #cpu usage trends #cpu usage trends linux #create oracle db system in oci #cron cpu monitoring #cron cpu monitoring linux #cron jobs #database monitoring #database performance #detect slow queries mysql #devops #disk capacity planning server #disk forecasting linux #Disk Monitoring #disk usage #disk usage script linux #disk usage trends #Early Detection #easy infrastructure monitoring #free-tier #Guide #health dashboards #Health Reporting #historical server monitoring #how to monitor cpu usage linux #infrastructure #infrastructure health #infrastructure health dashboard #infrastructure health reporting #infrastructure monitoring #infrastructure monitoring report #infrastructure trends monitoring #Infrastructure Visibility #lightweight linux monitoring #lightweight monitoring #linux #linux administration #linux cpu monitoring #linux cpu usage #linux disk capacity planning #linux disk usage #Linux monitoring #linux monitoring setup #linux monitoring tools #linux performance #linux performance monitoring #linux server #linux server monitoring #linux servers #linux storage #linux tools #low maintenance monitoring #monitor cpu usage over time linux #monitor linux server health #monitor server trends #monitor small production server #monitoring without complexity #MySQL #mysql health reporting #MySQL monitoring #mysql optimization #MySQL Performance #mysql performance degradation #mysql performance monitoring #mysql performance trends #mysql query performance issues #mysql server monitoring #mysql slow queries #mysql slow query analysis #mysql slow query monitoring #mysql trends #mysql-health #networking #nsg #OCI #oci backup #oci bastion tutorial #oci block volume #oci infrastructure as code #OCI monitoring #oci networking #oci oracle database private subnet setup #oci oracle database tutorial #oci security #oci setup guide #oci terraform tutorial #oci tutorial for beginners #oci vcn terraform #oci virtual machine db system guide #oracle base database service tutorial #oracle cloud bastion #oracle cloud free tier tutorial #oracle cloud infrastructure step by step #oracle cloud infrastructure tutorial #oracle cloud storage #oracle database on oci setup #oracle-cloud #Performance #Performance Degradation #performance monitoring #performance trend monitoring #performance trends #plan disk growth server #practical server monitoring #predict disk usage growth #private instance access #query optimization #Security #security lists #server health #server health reporting #server health weekly report #server monitoring #Server Performance #server trend analysis #server-trends #simple cpu monitoring linux #simple linux monitoring #simple monitoring small business #simple monitoring system #simple ops monitoring #slow queries #slow query reporting mysql #small business infrastructure #small business IT #small business servers #small infrastructure monitoring #small server monitoring #ssh bastion #storage capacity planning linux #storage monitoring #subnets #system health reporting #terraform oci compute #terraform oracle cloud infrastructure #Trend Monitoring #trends #Tutorial #vcn