OCI Satellite
Discover and manage Oracle Cloud Infrastructure resources, with companion automation for over 200 playbooks.
Oracle Cloud Infrastructure
OCI resources brought into the CMDB
- Compute instances, block & object storage
- Virtual cloud networks, subnets & load balancers
- Databases — DBaaS, Autonomous, MySQL & Exadata
- Compartment hierarchy discovery
- WAF/WAAS, DRG & gateways
- Vulnerability Scanning Service & announcements
- Metrics with up to one year of history
- Cost & usage reporting
Watch the OCI Satellite
Deploy in minutes from the OCI Marketplace
The preferred path is the Oracle-validated OCI Marketplace appliance — a pre-built Oracle Linux ARM image with the Satellite and all of its tools already installed. You can also run it as a Docker image, or install it on any supported Linux host.
OCI Marketplace appliance
Oracle-validated cloud appliance maintained in the Marketplace catalog. Choose a compartment (we suggest a new one named cmdb360) and deploy — the simplest, preferred option.
Docker image
Pull the public CMDB-360 OCI Satellite image from Docker Hub and run it on any host that already has Docker installed.
Linux installer
Install on any Oracle Linux 8/9 or Ubuntu 20.04/22.04 host (ARM or x86_64) with the graphical Installer or the non-interactive AutoInstaller for scripted setups.
We recommend deploying the Satellite inside the customer’s OCI tenancy so sensitive data stays within their environment — an Always Free ARM instance is sufficient for most tenancies. Because it uses the public OCI REST API, it can also run anywhere with outbound internet access. Minimum footprint: 1–2 vCPU, 4 GB RAM, 20 GB disk.
A simple two-step setup
When you deploy with the Installer or AutoInstaller, configuration is handled for you. Otherwise the on-instance Config Tool walks you through two steps.
1 · Connect to the Base Station
In the Satellite’s Config Tool, enter your MSP’s CMDB-360 Base Station host (SSL port 443 by default) and the unique access token issued for the Satellite. Add the Update Server token to turn on automatic updates, then save and restart services.
2 · Grant read-only OCI access
Authorize the Satellite to query the OCI REST API using Instance Principals (preferred) or a named user — read-only in both cases. Provided Terraform templates create the group, policies and credentials, and you can scope discovery to the whole tenancy or specific compartments.
OCI credentials are written to an AES-encrypted config file that only the Satellite software can decrypt — safe to store on disk and unreadable even to the root user. The default policy is simply ALLOW group cmdb360-group to read all-resources in tenancy, and every resource type can be fine-tuned or disabled to match each customer’s requirements.
How the OCI Satellite protects data
The OCI Satellite runs inside the Oracle Cloud Infrastructure environment and sends only non-sensitive resource rosters and metadata to the CMDB-360 Base Station. Detailed information is streamed on demand and only while a user is viewing a record — nothing sensitive is stored outside the environment.