While the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) service provides high quality and secure Podman images for the Management Cloud Engine (MCE), the MCE is deployed in your network running on your platforms (for example, Operating System (OS) and file systems). It remains a joint responsibility to ensure that the MCE runs in a secured environment. Oracle recommends that you securely harden your OS, and that access to your OS, upon which MCE is running, is well managed. Inappropriate access to the MCE environments can lead to exposure of the configuration. Oracle recommends that you ensure that you reserve proper resources (memory, CPU, network bandwidth) for the MCE.

The Management Cloud Engine (MCE) facilitates providing communication between Network Functions (NFs) on the customer premises (for example, SBC, ESBC, or OCSM) which are considered trusted components with the Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) services in the cloud. Because the MCE is an important component in management and monitoring of the NFs, Oracle recommends that you deploy the MCE in the DMZ and ensure that the NFs have access to it in order to ensure MCE to NF communications can be established.

Often, security gateways (or firewalls) are deployed before DMZs in private networks. In such scenarios, you must configure the gateways to properly allow traffic to the NFs and the MCE. The MCE installation documents list the default ports, which you can modify. The port configuration is needed to configure security gateways. See the Oracle Session Delivery Management Cloud Getting Started Guide for the default ports and installation instructions.

The Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) service provides user activity logging as part of the Oracle SDM Cloud Security Manager Audit logs. All user initiated activity is logged automatically in the Audit logs as part of the compliance to FCAPS, (Fault, Configuration Audit, Performance and Security). You can Audit the logs to track all users' activities on Oracle SDM Cloud. The Audit Logs are owned by you and can only be accessed via your Oracle SDM Cloud Security Manager portal. Oracle SDM Cloud does not maintain or publish the contents of these audit logs to any internal logging system.

Oracle SDM Cloud uses a generic Identity Access Management (IAM) capability of Oracle Cloud Infrastructure (OCI) called Identity Cloud Services (IDCS). The Oracle SDM Cloud Security Manager is fully integrated with IDCS. IDCS operations can capture login, log out, and user profile changes and make them auditable.