Exadata Secure RDMA Fabric Isolation enables strict network isolation for virtual machine (VM) clusters on Oracle Exadata systems that use RDMA over Converged Ethernet (RoCE).

Secure Fabric provides critical infrastructure for secure consolidation of multiple tenants on Oracle Exadata, where each tenant resides in a dedicated VM cluster. Using this feature ensures that:

• Database servers in separate clusters cannot communicate with each other. They are completely isolated from each other on the network.
• Database servers in multiple clusters can share all of the storage server resources. However, even though the different clusters share the same storage network, no cross-cluster network traffic is possible.

To use Secure Fabric you must:

1. Configure the RoCE Network Fabric switch hardware to enable Secure Fabric. After you complete the switch configuration, the leaf switch ports become trunk ports, which can carry network traffic with multiple VLAN IDs.

   The switch configuration must occur before initial system deployment using OEDA. See Configuring the RoCE Network Fabric Switches to Enable Exadata Secure RDMA Fabric Isolation.

2. As part of initial system deployment using OEDA, select the option to enable Secure Fabric and specify VLAN IDs for the cluster and storage network partitions associated with each VM cluster.

   In the OEDA Web user interface, the option to enable Secure Fabric is one of the advanced options associated with the Cluster Networks page. When the option to enable Secure Fabric is selected, the Cluster Networks page automatically displays additional fields to specify the VLAN IDs required to configure Secure Fabric.

   Commencing with the October 2024 Oracle Exadata System Software release updates (24.1.5, 23.1.19, and 22.1.28), the option to enable Secure Fabric is selected by default for all new configurations using VM clusters.

   See Using the Browser-based Version of Oracle Exadata Deployment Assistant.