Skip to content

OCI Zero Trust Packet Routing (ZPR) Now Available in TEAM Cloud Regions

4 Min Read
We’re excited to announce that OCI Zero Trust Packet Routing (ZPR) is now available in our sovereign regions bringing a new era of intent-based, zero trust networking to customers.
 
LinkedIn Post_ZPR_1.2
 

What is OCI ZPR?

Traditional network security relies heavily on IP addresses, port numbers, routing tables, and access control lists. It's like building a fortress where access depends on knowing a bunch of codes and addresses - hard to maintain, easy to misconfigure.
 
OCI ZPR flips the script. Instead of configuring security based on the network’s architecture, ZPR uses human-readable rules that describes how OCI resources like compute and databases, with security attributes, can connect to each other.
 

 

The Challenge: Security Tied to Complex Network Design

Traditional network security is tightly bound to network architecture-security rules that rely on IPs, ports, and routing tables. As environments grow more complex, so does the risk:
  • Security becomes hard to audit, manage, and scale.
  • Simple architectural changes can unintentionally weaken security.
  • Human error creeps in when security depends on low-level, technical configurations like IP ranges or subnet masks.
  • Applications sharing a subnet can unintentionally expose one another.
Customers need a way to express security intent clearly - without depending on network layout.
 
download
 

The Solution: OCI Zero Trust Packet Routing (ZPR)

ZPR separates security from network configuration. It allows you to define who can talk to what based on intent - not IPs or topology.
  • Intent-based security: Use plain-language, human-readable policies.
  • Independent of network architecture: ZPR policies operate separately from routing, firewalls, and security lists.
  • Stronger protection: No packet moves without explicit permission - greatly reducing risks from misconfigured firewalls or repurposed VMs that have not entirely been reconfigured in network security rules.
 

How ZPR Works

ZPR uses two main concepts:
  • Security Attributes: Labels (e.g. app:science, db:sensitive) that classify resources. Security attributes are applied to the Compute instances, virtual cloud networks (VCNs), and databases and tell ZPR which resources to protect.
  • ZPR Policies: Simple rules that define allowed connections i.e.
Example: A central database (db:sensitive) only accepts traffic over port 1521 from workloads labeled app:science. All other traffic - even from the same subnet or region - is denied by default.
 
download (1)

 

Why This Matters to You

Security That’s Clear and Reliable
  • No more fragile security tied to IP addresses or subnet layouts.
  • You define how traffic should flow, not where it flows from.
    • Policy is decoupled from architecture - allowing faster changes and fewer mistakes.
Reduced Operational Risk
  • Eliminates threats from forgotten firewall rules or misconfigured VMs.
  • Helps prevent data breaches caused by human error or configuration drift.
Built-in for Databases, Including Autonomous - ZPR now protects a wide range of Oracle databases:
  • Autonomous Database (Dedicated & Serverless)
  • Exadata Database Service
  • Base Database Service

 

Try It Out

Oracle have launched a LiveLabs workshop (Oracle LiveLabs Now Available for Zero Trust Packet Routing) that walks you through ZPR in four interactive labs. You'll learn how to:
  • Apply security attributes
  • Write ZPR policies
  • Test connectivity between resources
  • Secure a database with Zero Trust logic
 

 

Takeaways

If you're managing sensitive data or regulated workloads, ZPR gives you a secure perimeter - without the complexity.
 
ZPR is fully available in TEAM Cloud regions, giving partners and customers access to enterprise-grade zero trust controls natively, with no extra cost.
 
Whether you’re running finance, healthcare, government, or regulated workloads, ZPR helps ensure data stays where it belongs and gives you precision control over data flow without the traditional complexity.
 
By Joe Owenson
Enterprise Architect, TEAM Cloud
Published July 21st, 2025