| Oracle® Retail Merchandising Cloud Service Suite Security Guide – volume 1 Release 22.1.201.0 F55869-01 |
|
 Previous |
 Next |
| Oracle® Retail Merchandising Cloud Service Suite Security Guide – volume 1 Release 22.1.201.0 F55869-01 |
|
Previous |
Next |
Merchandising Cloud Service Suite is a set of ADF-based Java applications deployed on Oracle's Global Business Unit Cloud Services Foundation Services. The applications are deployed in a highly available, high performance, horizontally scalable architecture. As of release 16.0.030, Merchandising Cloud Services uses either Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) as its identity provider (IDP). Information about logical, physical and data architecture in this document focuses on how the architecture supports security.
Most customer access to the Merchandising Cloud Service is via the web tier. The web tier contains the perimeter network services that protect the Merchandising applications from the internet at large. All traffic from the web tier continues to the Web Tier Security Server (WTSS), which in turn uses the customer's Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) tenancy to perform authentication. More information about authentication via IDCS or OCI IAM is provided later in this document.
The Merchandising applications are deployed in a Kubernetes. Scheduling of batch processes is provided by Job Orchestration and Scheduling (JOS). Reporting is provided by an OBIEE instance which can connect to the underlying database.
The underlying container DBaaS includes one pluggable database (PDB) for Merchandising. Applications are able to access the Merchandising schema on the Merchandising PDB. Transparent data encryption (TDE) is set during provisioning. Tablespaces that contain personal data are encrypted.
Merchandising Cloud Service Suite applications integrate with external business systems via:
Native files upload/download
Native Rest Services
Retail Integration Cloud Service, which includes Retail Integration Bus (RIB), Retail Service Bus (RSB) and Bulk Data Integration (BDI)
Files via service based upload to Object Storage. All inbound files are scanned by anti-virus and anti-malware software.
Merchandising Cloud Service Suite authenticates native rest services using OAUTH2.0 via IDCS or OCI IAM. As a common authentication pattern is used, web service users are subject to the same strong controls as application users. All rest service calls are logged in the application logs.
All communication between Merchandising Cloud Service Suite and Retail Integration Cloud Service is via secured web services.
Retailers may also choose to replicate a subset of their data from the Merchandising PDB to an external database controlled by the Retailer. The replication uses Oracle Golden Gate. All Golden Gate trail files are encrypted and communicated via https. The retailer is responsible for securing the target destination database.
This document does not explain the full access flow of the Merchandising Cloud Service, but instead focuses on the high level aspects of this data flow that relate to security.
Merchandising Cloud Service Suite is deployed on a Kubernetes cluster. Each application resides in an appropriate tier and each tier resides in its own subnet. Communication between tiers within the Merchandising Cloud Service is limited by subnet ingress security lists.
To reduce attack surface, access to the Merchandising Cloud Service from the open internet is very limited.
Business Users (via web browser) and external web service endpoints access application over https/443 (1, 1A). Firewall and load balancer in the DMZ route to the customer tenancy via reverse proxy forward to WTSS (3). WTSS forwards (4) unauthenticated requests to the customer's IDCS or OCI IAM tenancy via NAT Gateway (4A). IDCS or OCI IAM sends authentication HTML content to the end user (IDCS or OCI IAM Logon page) (5). On successful AuthN, WTSS sends a call to the reverse proxy ingress controller, which routes to the appropriate application component (6).
Pre Authenticated Request (PAR) service calls can drop/collect files from Object Storage (2).
Access to the underlying DBaaS is only available via the application M-Tier (67). The M-Tier is able to get and place files into object storage (8), which in turn allows the exchange of files with the Retailer (2). Both outbound web service traffic (811) and replication of data (912) are routed through the outbound proxy in the DMZ.
A subset of Oracle Retail AMS has very limited access to the underlying M-Tier (15). This access is limited to a small subset of Oracle employees as described in Oracle's Cloud Hosting and Delivery policy.
https://www.oracle.com/assets/ocloud-hosting-delivery-policies-3089853.pdf
