Oracle Cloud Infrastructure structures its platform around a core principle: failure is normal, so design for it. This philosophy shapes everything from data center design to workload deployment and access control. The architecture splits into two layers: physical resilience for where workloads run and logical control for who can access them, creating a predictable foundation for building systems.

Regions are isolated geographic locations that form the top-level disaster recovery layer. Within regions, Availability Domains are physically separate data centers with independent power and cooling. For local hardware protection, Fault Domains group hardware within an AD. The strategy is clear: use FDs for hardware failures, ADs for data center failures, and Regions for full disaster recovery.

IAM handles the logical control side. It uses a deny-by-default model, where policies explicitly permit actions. Identity Domains organize users and groups, similar to how Compartments organize resources. Every tenancy has a default domain for infrastructure management, while additional domains isolate teams or environments. Permissions are assigned to groups, not individuals, following the principle of least privilege.