Oracle Cloud Infrastructure Documentation

Creating a Virtual Cloud Network

Before you can launch an instance, you need to have a virtual cloud network (VCN) and subnet to launch it into. A subnet is a subdivision of your VCN. The subnet directs traffic according to a Virtual route table for your VCN that provides mapping for the traffic from subnets via gateways to external destinations.. For this tutorial, you'll access the instance over the internet using its public IP address, so your route table will direct traffic to an internet gateway. The subnet also uses a security list to control traffic in and out of the instance.

For information about VCN features, see Overview of Networking.

Before You Begin

Create a Cloud Network Plus Related Resources


The Console offers two choices when you create a VCN: to create only the VCN, or to create the VCN with several related resources that are necessary if you want to immediately launch an instance. To help you get started quickly, the following procedure creates the VCN plus the related resources.

  1. Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.

    Ensure that the Sandbox compartment (or the compartment designated for you) is selected in the Compartment list on the left.

  2. Click Create Virtual Cloud Network.
  3. Enter the following:
    • Name: Enter a name for your cloud network, for example, <your_initials>_Network. Avoid entering confidential information.
    • Create in Compartment: This field defaults to your current compartment. Select the compartment you want to create the VCN in, if not already selected.
    • Select Create Virtual Cloud Network Plus Related Resources. The dialog expands to list the items that will be created with your cloud network.

    • Accept the defaults for any other fields.
  4. Scroll to the bottom of the dialog and click Create Virtual Cloud Network.

A confirmation page displays the details of the cloud network that you just created. The cloud network has the following resources and characteristics (some of which are not listed in the confirmation dialog):

  • CIDR block range of
  • An internet gateway
  • A route table with a default route rule to enable traffic to and from the internet gateway
  • A default security list. You will edit this default security list later in the tutorial.
  • A public subnet in each availability domain.
  • The VCN will automatically use the Internet and VCN Resolver for DNS.


This simple cloud network is designed to make it easy to launch an instance when trying out Oracle Cloud Infrastructure. When you create your production instances, ensure that you create appropriate security lists and route table rules to restrict network traffic to your instances.

Edit the Default Security List to Allow Traffic to Your Windows Instance

To enable network traffic to reach your Windows instance, you need to add a security list rule to enable Remote Desktop Protocol (RDP) access. Specifically, you need a stateful ingress rule for TCP traffic on destination port 3389 from source and any source port.

To edit the VCN's security list:

  1. Click the name of the VCN that you just created. Its details are displayed.
  2. Under Resources, click Security Lists.
  3. Click the default security list for your VCN.

    Its details are displayed.

  4. Click Edit All Rules.
  5. Under Allow Rules for Ingress, click + Another Ingress Rule.
  6. Enter the following for your new rule:
    1. Source Type: CIDR
    2. Source CIDR:
    3. IP Protocol: RDP (TCP/3389)
    4. Source Port Range: All
    5. Destination Port Range: 3389
  7. When done, click Save Security List Rules.

What's Next

Now you can launch an instance. See Launching a Windows Instance.