Check for Availability Domain Alignment

Risk Level: High (not acceptable risk)

Rule ID: OCI-FileStorage-004

To ensure accessibility and optimal performance, Oracle Cloud Infrastructure (OCI) File Storage systems must be provisioned in the same availability domain as their consuming compute instances. The correct, approved availability domain must be defined in the rule settings within the TrendAI Vision One™ Cloud Risk Management Dashboard.

Reliability

An Availability Domain (AD) in Oracle Cloud Infrastructure (OCI) is a standalone, independent data center within a specific OCI region. For optimal performance and minimal latency, the OCI File Storage file systems must be in the same Availability Domain (AD) as its consuming compute instances, since network traffic between different ADs incurs higher latency and can affect throughput.

Audit

To determine if OCI File Storage file systems are placed in same availability domain as compute resources, perform the following operations:

Using OCI Console

Sign into your TrendAI Vision One™ account to access Cloud Risk Management, access Check for Availability Domain Alignment rule settings, and identify the availability domain that hosts your OCI compute resources.
Sign in to your Oracle Cloud Infrastructure (OCI) account.
Navigate to File Storage console available at https://cloud.oracle.com/fss/.
In the left navigation panel, choose File Systems, and select an OCI compartment from the Compartment dropdown menu, to list the file systems provisioned in that compartment.
Click on the name (link) of the file system that you want to examine, listed in the Name column.
Select the File System information tab, and check the Availability Domain attribute value, listed in the General properties section, to identify the availability domain for the selected resource. If the file system's availability domain differs from the one configured for your compute resources and identified in step no. 1, the selected Oracle Cloud Infrastructure (OCI) File Storage system is not provisioned in the correct OCI availability domain.

Using OCI CLI

Sign into your TrendAI Vision One™ account to access Cloud Risk Management, access Check for Availability Domain Alignment rule settings, and identify the availability domain that hosts your OCI compute resources.
Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:
```
oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'
```

The command output should return the requested OCI compartment identifiers (OCIDs):

[
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

Run fs file-system list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, to list the ID of each File Storage system provisioned in the selected OCI compartment:
```
oci fs file-system list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--availability-domain 'ABC1:AB-ABC123-1-BC-1'
	--all
	--query 'data[]."id"'
```

The command output should return the requested file system IDs:

[
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

Run fs file-system get command (Windows/macOS/Linux) with custom output filters to describe the availability domain of the selected OCI File Storage file system:

oci fs file-system get
	--file-system-id 'ocid1.filesystem.oc1.ap_sydney_1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data."availability-domain"'

The command output should return the file system's availability domain:
```
"CABD:AP-SYDNEY-1-AD-1"
```
Compare the availability domain returned by the fs file-system get command output with the one configured for your compute resources and identified in step no. 1. If the file system's availability domain is not listed in the rule configuration settings, the selected Oracle Cloud Infrastructure (OCI) File Storage system is not provisioned in the correct OCI availability domain.

Remediation / Resolution

To deploy your Oracle Cloud Infrastructure (OCI) File Storage systems to the correct OCI availability domain, you must re-create your file systems with the appropriate availability domain. To deploy a new OCI File Storage system, perform the following operations:

Using OCI Console

Sign in to your Oracle Cloud Infrastructure (OCI) account.
Navigate to File Storage console available at https://cloud.oracle.com/fss/.
In the left navigation panel, choose File Systems, and select the OCI compartment that you want to access from the Compartment dropdown menu.
Choose Create File System and perform the following actions to deploy your new file system:
1. Select the type of file system you want to create, File System for NFS or File System for Replication.
2. Choose Edit details from the File System information section to edit the file system configuration.
3. (Optional) For Name, provide a name for the new file system.
4. For Availability Domain, select the availability domain that hosts your OCI compute resources in the selected OCI compartment.
5. For Create in Compartment, select the appropriate OCI compartment.
6. For Encryption, choose whether to use an Oracle-managed key or a Customer-Managed Key (CMK) for data encryption. For CMK-based encryption, see File Storage Systems Encrypted with Customer-Managed Keys.
7. (Optional) Choose Show advanced options and configure resource tags and resource locks for your file system.
8. Choose Create to deploy your new Oracle Cloud Infrastructure (OCI) File Storage system to the specified availability domain.

Using OCI CLI

Run fs file-system create command (Windows/macOS/Linux) to create a new Oracle Cloud Infrastructure (OCI) File Storage system in the availability domain that hosts your OCI compute resources:

oci fs file-system create
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--display-name 'cc-project5-nfs-file-system'
	--availability-domain 'ABCD:AP-SYDNEY-1-AD-1'

The command output should return the configuration information available for the new file system:

{
	"data": {
		"are-quota-rules-enabled": false,
		"availability-domain": "ABCD:AP-SYDNEY-1-AD-1",
		"clone-attach-status": "DETACHED",
		"clone-count": 0,
		"compartment-id": "ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"defined-tags": {
			"Oracle-Tags": {
				"CreatedBy": "user@domain.com",
				"CreatedOn": "2025-10-29T19:37:15.984Z"
			}
		},
		"display-name": "cc-project5-nfs-file-system",
		"filesystem-snapshot-policy-id": "",
		"freeform-tags": {},
		"id": "ocid1.filesystem.oc1.ap_sydney_1.aaaaaaaaaamnvro3on4willqojxwiotboawxg6lenzsxsljrfvqwiljr",
		"is-clone-parent": false,
		"is-hydrated": true,
		"is-targetable": true,
		"kms-key-id": "",
		"lifecycle-details": "",
		"lifecycle-state": "ACTIVE",
		"locks": [],
		"metered-bytes": 0,
		"quota-enforcement-state": "DISABLED",
		"replication-source-count": 0,
		"replication-target-id": "",
		"source-details": {
			"parent-file-system-id": "",
			"source-snapshot-id": ""
		},
		"system-tags": {},
		"time-created": "2025-10-29T19:37:16.047000+00:00"
	},
	"etag": "aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd--gzip"
}

References

Oracle Cloud Infrastructure Documentation
Overview of File Storage
Managing File Systems
Creating a File System

Oracle Cloud Infrastructure CLI Documentation
compartment list
file-system list
file-system get
replication create

Publication date Nov 12, 2025

Audit

Using OCI Console

Using OCI CLI

Remediation / Resolution

Using OCI Console

Using OCI CLI

References

Related OCI-FileStorage rules