| Oracle® Retail Merchandising Cloud Service Suite Security Guide – volume 1 Release 19.3.000 F44182-02 |
|
 Previous |
 Next |
| Oracle® Retail Merchandising Cloud Service Suite Security Guide – volume 1 Release 19.3.000 F44182-02 |
|
Previous |
Next |
Merchandising Cloud Service Suite is a set of ADF-based Java applications deployed on Oracle's Global Business Unit Cloud Services 3.x Platform Services. The applications are deployed in a highly available, high performance, horizontally scalable architecture. As of release 19.3.000, Merchandising Cloud Services uses either Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) as its identity provider (IDP). Information about logical, physical and data architecture in this document focuses on how the architecture supports security.
|
Note: Oracle Retail Merchandising Cloud Service Suite deployments currently on versions 16.0.029 and lower currently use an instance of Oracle Identity Management (IDM) Suite within Merchandising Cloud Services as an IDP. As these live customers are upgraded to 16.0.030 and transitioned to GBUCS3, their authentication will be transitioned to use IDCS or OCI IAM. Oracle Retail will move any user and group information currently in the live SaaS customer's IDM suite to the customer's IDCS or OCI IAM tenancy. |
Most customer access to the Merchandising Cloud Service is via the web tier. The web tier contains the perimeter network services that protect the Merchandising applications from the internet at large. All traffic from the web tier continues to the Web Tier Security Server (WTSS), which in turn uses the customer's Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) tenancy to perform authentication. More information about authentication via IDCS or OCI IAM is provided later in this document.
The application tier consists of a number of application servers. These servers provide the Merchandising applications and Job Orchestration (JOS), which allows retailers to schedule Merchandising batch jobs. A BI server provides access to Oracle Business Intelligence Enterprise Edition (OBIEE) reporting. If a customer also uses Oracle Retail Insights Cloud Service, this BI server will also host the ODI jobs that extract facts and measures from Merchandising for RI. RetailHome is a UI component that can serve as a coordinated dashboard for many Oracle Retail cloud services.
The underlying container DBaaS includes one pluggable database (PDB). Applications are able to access the Merchandising schema on the Merchandising PDB. Transparent data encryption (TDE) is set during provisioning. Tablespaces that contain personal data are encrypted.
Merchandising Cloud Service Suite applications integrate with external business systems via:
Native files upload/download
Native Rest Services
Retail Integration Cloud Service, which includes Retail Integration Bus (RIB), Retail Service Bus (RSB) and Bulk Data Integration (BDI)
Merchandising Cloud Service Suite uploads and downloads some files via an SFTP server, which resides in a dedicated network tier. Customer accounts are created in the SFTP server by the GBUCS operations team per a standardized process. All inbound files are scanned by anti-virus and anti-malware software.
Merchandising Cloud Service Suite authenticates native rest services using OAUTH2.0 via IDCS or OCI IAM. As a common authentication pattern is used, web service users are subject to the same strong controls as application users. All rest service calls are logged in the application logs.
All communication between Merchandising Cloud Service Suite and Retail Integration Cloud Service is via secured web services.
Retailers may also choose to replicate a subset of their data from the Merchandising PDB to an external database controlled by the Retailer. The replication uses Oracle Golden Gate. All Golden Gate trail files are encrypted and communicated via https. The retailer is responsible for securing the target destination database.
This document does not explain the full physical architecture of the Merchandising Cloud Service, but instead focuses on the high level aspects of this physical architecture that relate to security.
Merchandising Cloud Service Suite is deployed on a collection of single tenant VMs. Each VM resides in an appropriate tier and each tier resides in its own subnet. Communication between tiers within the Merchandising Cloud Service is limited by subnet ingress security lists.
To reduce attack surface, access to the Merchandising Cloud Service from the open internet is very limited. As described in the Logical Architecture section of this document, Business Users (via web browser) and external web service endpoints access application over https/443 (1). Firewall and load balancer in the DMZ pass traffic to the WTSS server in the Authentication Tier (3), which in turn to requests authentication (via outbound proxy) from the customer's Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) tenancy (4). Additionally, authenticated sftp users are able drop and collect files (2).
Within the Merchandising Cloud Service itself, traffic between tiers is very limited. Authenticated requests are passed from the AuthN Tier to the M-Tier (5). Access to the underlying DBaaS is only available via the M-Tier (6). The M-Tier is able to get and place files into storage within the DS-Tier (7), which in turn allows the exchange of files with authenticated sftp users (2). Both outbound web service traffic (8) and replication of data (9) are routed through the outbound proxy in the DMZ.
A subset of Oracle Retail AMS has very limited access to the underlying DBaaS and M-Tier via Bastion host. This access is limited to a small subset of Oracle employees as described in Oracle's Cloud Hosting and Delivery policy.
https://www.oracle.com/assets/ocloud-hosting-delivery-policies-3089853.pdf
