Architecture Differences
Oracle Cloud@Customer refers to Oracle’s pre-packaged on-premises cloud services delivered as single-purpose systems installed in the customer’s data centre. Exadata Cloud@Customer delivers an Oracle Exadata system as a managed cloud service for database workloads only — providing high-performance database capabilities including Autonomous Database but limited to database operations. Compute Cloud@Customer provides on-premises OCI compute and storage services for running application VMs, containers, and middleware — including basic OCI infrastructure components but not the entire OCI service catalogue. Both typically connect to Oracle’s public cloud for control plane functions. If the external link is lost, core services continue (databases remain accessible, VMs keep running) but management features may be limited until connectivity is restored.
Oracle Dedicated Region Cloud@Customer is a complete, isolated Oracle cloud region installed at the customer site. It consists of multiple racks (initial deployments typically start around 3–12 racks), scaling up to dozens as needed. The Dedicated Region brings 100+ Oracle Cloud services (IaaS, PaaS, and even Oracle Fusion SaaS applications) into the data centre. The control plane and management infrastructure reside entirely on-premises — the region does not require constant connectivity to Oracle’s public cloud. Oracle built it as an identical copy of a public OCI region behind the customer’s firewall, with the same hardware, software stack, SLAs, pricing model, and APIs.
| Dimension | Cloud@Customer (Exadata/Compute) | Dedicated Region |
|---|---|---|
| Physical footprint | 1–2 racks (single-purpose appliance) | 3–12+ racks (full cloud region) |
| Service scope | Targeted — database (Exadata) or compute/storage only | 100+ OCI services — complete IaaS, PaaS, and SaaS |
| Control plane | Partially in Oracle’s public cloud — some external dependency | Fully on-premises — self-contained, no external dependency |
| Architecture | Purpose-built appliance with OCI service subset | Identical to Oracle public cloud region — same stack, APIs, SLAs |
| Deployment time | Weeks (single rack delivery and configuration) | Months (multi-rack installation, network integration, testing) |
| Minimum commitment | 1 rack, 4-year term (lower entry point) | ~$6M+/year, multi-year term (significant investment) |
“Cloud@Customer provides targeted cloud services on a smaller scale. Dedicated Region is a massive on-premises deployment of Oracle’s entire cloud environment. The former has a smaller footprint focusing on specific functions with some external dependencies; the latter is a full-fledged private cloud region with total functionality and autonomy. A CIO’s choice between them is fundamentally a decision about scope: do you need a specific cloud capability on-premises, or do you need an entire cloud region?”
Use Cases and Workload Scenarios
Targeted On-Premises Cloud for Specific Needs
Running mission-critical Oracle databases on Exadata under a cloud subscription model while meeting data residency requirements. Hosting specific enterprise applications (ERP, CRM) on OCI compute in-house. Supporting development and testing in a cloud-like on-premises environment. Database consolidation, low-latency applications, or gradual introduction of cloud management. Ideal when the requirement is narrow and well-defined.
Full Private Cloud for Enterprise-Scale Requirements
Regulated industries (finance, government, healthcare) with broad data sovereignty requirements across many systems. Large enterprises modernising legacy Oracle applications (PeopleSoft, Siebel, JDE, EBS) with cloud services. Data centre consolidation replacing aging on-premises hardware with cloud-like scalability. Hybrid cloud strategies where the most sensitive or high-performance components run on-site while other workloads run in public OCI.
How to Choose
Cloud@Customer solves a narrow problem or complies with one set of requirements. Dedicated Region fundamentally transforms and outsources the operation of an entire on-premises data centre to Oracle’s cloud model. Choose Cloud@Customer when the need is specific and well-bounded. Choose Dedicated Region when you foresee broad cloud service adoption on-premises.
For Oracle’s software licensing rules when running workloads on Cloud@Customer, see Which Oracle Software Can You Run on Cloud@Customer. For BYOL mechanics, see How BYOL Works on Cloud@Customer.
Control and Management Model
In both offerings, Oracle retains responsibility for managing the infrastructure and cloud services while the customer controls their data and usage. However, the degree of control differs significantly.
| Aspect | Cloud@Customer | Dedicated Region |
|---|---|---|
| Infrastructure management | Oracle manages hardware, patching, and software updates for the appliance | Oracle manages end-to-end operations of the entire region — updates, scaling, security patching across all services |
| Customer workload control | Full control over VMs, databases, OS, middleware, and applications | Cloud-style self-service — provision resources via OCI console/APIs, but no access to underlying infrastructure |
| Patch scheduling | Customer can influence patch timing within Oracle’s maintenance windows | Oracle coordinates region upgrades with customer but manages the process |
| Data sovereignty | Data resides on-premises; some management metadata transits to Oracle’s cloud | All control plane and data plane on-premises — no data or configuration leaves the premises |
| Oracle access controls | Oracle Operator Access Control — customer approves/denies Oracle engineer access | Same Operator Access Control plus full audit logging within the isolated region |
| Management paradigm | Hands-on control of specific services (DBAs manage databases directly) | Cloud-style management (DBAs use cloud service interfaces rather than logging into servers) |
The practical difference: Cloud@Customer offers more hands-on control over specific services but with limited scope. Dedicated Region offers hands-off infrastructure (Oracle-managed everything) with full cloud breadth. In both cases, CIOs control their applications and data placement but cede low-level infrastructure management to Oracle.
Compliance and Data Residency
Both Cloud@Customer and Dedicated Region keep data on-premises, but compliance capability differs in scope.
Data residency. Both solutions ensure sensitive data stays in your data centre. Dedicated Region goes further — since the control plane and metadata are also local, no system information or service telemetry is sent to an external cloud. This satisfies the strictest national security and government requirements for complete sovereignty.
Certifications. A Dedicated Region can be certified to the same breadth of compliance standards as Oracle’s public cloud (ISO 27001, SOC 2, PCI-DSS, HIPAA) because it runs the same services. Cloud@Customer compliance scope is narrower — focused on the specific deployed service (database security controls for Exadata, for example) rather than a full-stack certification.
Isolation. Both offerings are single-tenant dedicated hardware (unlike public cloud where tenants share systems). Cloud@Customer provides a dedicated rack; Dedicated Region provides an entire dedicated region. This isolation enhances compliance since resources are not shared with other organisations.
Connectivity. Cloud@Customer requires some management connectivity to Oracle’s cloud, which may concern organisations with strict no-external-connectivity policies. Dedicated Region can operate fully disconnected by special arrangement, making it the answer for extreme isolation requirements.
Security Considerations
Both deployments use a shared security model: Oracle secures the cloud infrastructure while the customer secures their data, user access, and integration points. The security capabilities are identical to Oracle Cloud — the difference is scope.
Encryption. Both include built-in encryption for data at rest and in transit. Customers can use OCI Vault for key management and IAM for access control, even in on-premises deployments. Data never leaves the premises except for off-site backups if configured.
Operator access control. Oracle’s Operator Access Control allows customers to approve or deny Oracle support personnel access to the maintenance infrastructure in both offerings — ensuring Oracle cannot access customer systems without explicit consent.
Patching. Oracle handles security patching for firmware, hypervisors, and cloud service software. In Dedicated Region, updates are delivered on-site as they are in public cloud — ensuring the on-premises region receives security fixes as soon as Oracle releases them. Cloud@Customer receives similar regular patch cycles.
Network security. Both support the same OCI network segmentation features (VCNs, security lists, network security groups). Because traffic between internal users and cloud services does not traverse the internet, external threat exposure is reduced. Dedicated Region includes the full OCI security service stack (web application firewalls, threat detection) while Cloud@Customer has a more limited security service set appropriate to its narrower scope.
Technical and Business Trade-Offs
| Trade-Off | Cloud@Customer | Dedicated Region |
|---|---|---|
| Breadth vs specificity | Addresses today’s specific need precisely. May require additional deployments if requirements expand. | Future-proof platform with 100+ services. Avoids “needing something unavailable” risk. |
| Cost and commitment | Lower entry point (1 rack, 4-year term). Suitable for targeted, bounded requirements. | ~$6M+/year minimum. Justified only for large portfolios or broad cloud adoption on-premises. |
| Control vs convenience | More direct, hands-on control over specific services. Familiar management for DBAs/admins. | Cloud-style management by Oracle. Less staff effort, but requires trust and acceptance of standardised operations. |
| Deployment speed | Weeks to deliver and configure. Faster time-to-value for specific projects. | Months for multi-rack installation, network integration, and testing. Larger organisational disruption. |
| Vendor lock-in | Narrower lock-in — can still use other vendors for applications and infrastructure. Easier to unwind. | Deeper lock-in — vast portions of IT environment on one vendor’s platform. Harder to exit but single-vendor simplicity. |
| Scaling | Limited to the appliance’s capacity. Adding more capability requires additional deployments. | Scales within the region — add racks as needed. Oracle manages capacity expansion. |
The strategic question for CIOs is whether the organisation needs a specific cloud capability on-premises (Cloud@Customer) or an entire cloud region (Dedicated Region). If the goal is to cloud-enable a specific function due to compliance or performance requirements, Cloud@Customer may suffice with lower risk and investment. If the strategy is data centre modernisation, private cloud creation for many teams, or a comprehensive hybrid cloud architecture, Dedicated Region provides a more complete solution with potentially better long-term ROI if it replaces multiple disparate systems. For Oracle licensing implications of cloud deployments, see Licensing Oracle Software in the Cloud. For pricing details, see Cloud@Customer Pricing and Benefits.
Decision Framework for CIOs
To determine the right path, CIOs should evaluate four critical questions. First, are your requirements limited to databases or a few applications, or do you foresee broad adoption of cloud services on-premises? If narrow, Cloud@Customer is likely sufficient. If broad, Dedicated Region avoids the inefficiency of deploying multiple separate appliances. Second, do you have the budget and long-term vision for a private cloud region? Dedicated Region requires $6M+ annual commitment and multi-year terms — justified only for large-scale transformation. Third, how important is complete autonomy with no external dependencies? If strict no-external-connectivity policies apply, Dedicated Region’s fully local control plane is necessary. If some management connectivity is acceptable, Cloud@Customer works. Fourth, will a single-purpose solution meet long-term needs, or will you need additional capabilities over time? If expansion is likely, starting with Dedicated Region may be more efficient than adding Cloud@Customer appliances incrementally.
Both paths lead to the same goal: cloud benefits delivered on-premises. The decision is about choosing the vehicle that best fits the enterprise’s scale, regulatory environment, budget, and strategic direction. See Oracle Contract Negotiation Service for independent advisory on Oracle cloud commercial terms.