The Real Application Security architecture is depicted. At the left is a box labeled 'Web Clients'. It has 3 desktop computers in it arranged vertically. To the right of that is a box labeled ‘Application Server’. It has five sub-boxes in it, arranged vertically. The top sub-box is labeled 'JEE Applications'. The second sub-box is labeled 'Java Container'. The third sub-box is labeled 'Real Application Security Java APIs'. The fourth sub- box is labeled ‘Real Application Security’ and contains two components named ‘Application Session Cache’ and ‘ACL Cache’. The bottom sub-box is labeled ‘Connection Pool’ and contains three DB Sessions labeled ‘DB Session 1’, ‘DB Session 2’, and ‘DB Session 3’.

To the right of that is a cylinder labeled ‘Oracle Database’, which contains a box labeled ‘Real Application Security’. Within this box are three sections arranged vertically. The first section is labeled ‘ACL, Application Privileges, Users, and Roles’. Beneath that is a section labeled ‘Application Sessions’, and finally beneath that is a section containing four DB Sessions labeled ‘DB Session 1’, ‘DB Session 2’, ‘DB Session 3’, and DB Session 4’. Each DB Session is attached to an Application Session. DB Session 4 shows an active client SQL*Plus session.