Oracle Cloud Infrastructure Documentation

PeopleSoft

PeopleSoft is an Oracle enterprise application suite that supports human capital management, financials, supply chain, and campus solutions. If you plan to deploy Oracle PeopleSoft in Azure or migrate PeopleSoft from your data center to Azure, you can design a secure, high-availability topology by leveraging Oracle AI Database@Azure.

Learn about the reference architecture for running Oracle PeopleSoft in Azure using Oracle AI Database@Azure for the database layer and Azure virtual machines for the web and application layers. This configuration provides low latency, as Oracle AI Database services are deployed in the same Azure data center.

Currently, Oracle Exadata Database Service on Dedicated Infrastructure, Oracle Autonomous AI Database Service, and Oracle Exadata Database Service on Exascale Infrastructure are supported with Oracle AI Database@Azure. You can check regional availability matrix to determine supported services by OCI and Azure regions.

This document is intended for cloud architects, infrastructure administrators, and PeopleSoft system administrators responsible for designing, deploying, and operating PeopleSoft environments. Familiarity with PeopleSoft architecture and components, Oracle AI Database, and cloud platforms including Oracle Cloud Infrastructure (OCI) and Microsoft Azure is recommended.

Architecture

This architecture demonstrates the deployment of Oracle PeopleSoft applications in a single availability zone of Azure region. To support disaster recovery, deploy a similar configuration across multiple Azure regions. Configure the databases to use Oracle Active Data Guard, and use rsync with the application stack to synchronize file systems across regions.

For more information on designing and implementing disaster recovery architectures, see Oracle Maximum Availability Architecture for Oracle AI Database@Azure.

This screenshot shows the architecture diagram.

This architecture deploys all components within a single Azure region and highlights important design considerations for PeopleSoft on Azure with Oracle AI Database@Azure.

Networking Tier

This architecture shows a single Azure region deployment of a PeopleSoft environment designed for low latency. The networking layout consists of an Azure Virtual Network (VNet) with dedicated subnets for Azure Bastion, load balancer, PeopleSoft web servers, application servers, and the database tier.

The database layer uses Oracle AI Database@Azure, which must be deployed in an Azure delegated subnet. Oracle AI Database@Azure services can be provisioned only in delegated subnets assigned to Oracle. Connectivity to on-premises environments can be established using Azure ExpressRoute for private, low-latency access.

The Azure Bastion host is deployed in a subnet with a public IP address, while all other PeopleSoft and database components reside in subnets without public IP addresses. Public IP addresses can be attached to specific instances based on business or operational requirements. Secure access to private instances is provided over port 22 (SSH) through Azure Bastion or via Azure ExpressRoute when direct connectivity to on-premises data centers is configured.

PeopleSoft application components are deployed across single Availability Zone to ensure low latency connectivity. The database is deployed in a single Availability Zone with Oracle RAC enabled by default. For regional redundancy, the database can be deployed in a second Availability Zone using Oracle Data Guard, providing high availability and disaster recovery at the regional level.

Networking Design Considerations
  • When planning IP address space, account for Oracle AI Database@Azure subnet requirements and address space consumption scenarios.
  • Plan DNS configuration carefully, especially when using custom DNS resolvers, to support Oracle AI Database@Azure DNS resolution requirements.
  • For multi-region disaster recovery architectures, consider detailed network connectivity patterns and inter-region routing for Oracle AI Database@Azure.
  • Review backup and recovery prerequisites early in the design phase to ensure network access requirements are met.
  • Use Network Security Groups (NSGs) to restrict access to database virtual machines:
    • Allow SSH (port 22) access only through Azure Bastion.
    • Allow database traffic (port 1521) exclusively from approved PeopleSoft application subnets and authorized on-premises networks.

Bastion Host

Azure Bastion is a fully managed service that provides a secure and controlled administrative access point to the Azure virtual network hosting Oracle PeopleSoft workloads.

Azure Bastion is deployed in a dedicated subnet (AzureBastionSubnet) and provides secure, private access to virtual machines in subnets without public IP addresses, ensuring they are not directly exposed to the public internet. By using Azure Bastion, the architecture maintains a single, known access point that can be centrally monitored and audited, while avoiding the need to expose public IP addresses or open inbound ports on individual virtual machines.

In this architecture, Azure Bastion does not require a public IP address on the target virtual machines. Administrative access is established over TLS (port 443) through the Azure portal or supported native clients. Network Security Groups on the target subnets do not require inbound SSH or RDP rules, which reduces the attack surface. Access to Azure Bastion can be restricted and managed using Azure role-based access control (RBAC) and Azure Active Directory authentication.

Azure Bastion enables administrators to connect to virtual machines without public IP address in subnets using SSH for Linux and RDP for Windows. Connections are initiated from the administrator’s local workstation and proxied through the Bastion service, ensuring that credentials and sessions are not exposed to the public network.

By centralizing administrative access and eliminating direct VM exposure, Azure Bastion enhances security while maintaining operational access to private workloads.

PeopleSoft Application Tier

All instances in the application tier are configured and connected to database instances that are in the active state. The application tier contains the following PeopleSoft Internet Architecture components:
  • PeopleSoft web servers: The PeopleSoft web servers receive application requests from the web environment, the internet, and the intranet through the load balancer. Incoming traffic is distributed by the load balancer over port 8000 (example). It forwards the requests to the Oracle Tuxedo Jolt port on the application server. In the architecture diagram, multiple web servers are deployed to support high availability.
  • ElasticSearch servers: The Oracle PeopleSoft search framework provides a standard method to use search indexes for all PeopleSoft applications. The search framework depends on ElasticSearch servers and interacts with the PeopleSoft web servers over port 9200 (example).
  • PeopleSoft application servers: PeopleSoft application servers handle the bulk of the workload in the PeopleSoft system. It runs the business logic and processes all application requests from the web server over Oracle Tuxedo Jolt ports over port 9000 (example). The application server also maintains the SQL connection to the database over port 1521. Application requests are received at the web server, forwarded to the application servers, and then submitted to the database servers.
  • PeopleSoft Process Scheduler: An instance of the PeopleSoft Process Scheduler is required in order to run batch processes or jobs, such as NVision.
  • PeopleTools client: PeopleTools clients are Windows-based and are also referred to as the PeopleTools Development Environment. These clients run on supported Microsoft Windows platforms and can connect to the PeopleSoft database using client connectivity software (two-tier connection) over port 1521 or through a PeopleSoft application server (three-tier connection) over port 7000. The PeopleTools client is an integrated part of the PeopleSoft Internet Architecture, as it helps administrators perform management and migration tasks.

Set up Azure File Storage to stage PeopleSoft software. A single file storage file system can be created to share software binaries across application servers, web servers, and ElasticSearch servers. Azure Files Premium is recommended instead of Azure Files Standard to deliver higher throughput and lower latency.

Database Tier

For high availability requirements, we recommend using one of the following Oracle AI Database@Azure options to set up PeopleSoft database instances:
  • Oracle Autonomous AI Database Serverless
  • Oracle Exadata Database Service on Dedicated Infrastructure
  • Oracle Exadata Database Service on Exascale Infrastructure

The database instances are configured for high availability with Oracle Real Application Clusters (RAC) enabled. To achieve availability zone redundancy for the database, use Oracle Active Data Guard in synchronous mode to replicate the database across availability zones.

A prerequisite for Active Data Guard is to establish a private networking path between availability zones, either through:
  • Azure backbone connectivity using VNet peering, or
  • OCI backbone connectivity using VCN peering with Local Peering Gateways

Port 1521 must be open for communication with Oracle Active Data Guard, as Data Guard transport services use port 1521 to transmit redo log files. For detailed networking design considerations, see Maximum Availability Architecture (MAA).

Backup and Recovery

Automated database backups can be configured using Oracle Autonomous Recovery Service or OCI Object Storage, depending on the selected database service and recovery requirements.

Data Encryption

For data in transit, Oracle AI Database@Azure services are accessible only through encrypted communication channels. By default, the Oracle Net client is configured to use encrypted sessions, ensuring that all database connections are protected in transit.

Oracle AI Database@Azure protects data at rest using Transparent Data Encryption (TDE), which is enabled by default with no customer configuration required. TDE automatically encrypts database files, redo and undo logs, backups, and other persistent data when written to storage, and transparently decrypts the data when accessed by authorized processes. Encryption is managed using a hierarchical key model, where a master encryption key protects tablespace keys that in turn encrypt the data.

Oracle AI Database@Azure supports both Oracle-managed and customer-managed key options for TDE. With Oracle-managed keys, encryption keys are generated, stored, and managed automatically by Oracle. With customer-managed keys, customers can centrally control key lifecycle management, rotation, and auditing by integrating with OCI Vault, Oracle Key Vault, or Azure Key Vault (AKV).

Note

Cross-region Oracle Data Guard is not supported when customer-managed encryption keys are stored in Azure Key Vault (AKV)

Migration to Oracle AI Database@Azure

Oracle Zero Downtime Migration (ZDM) provides multiple migration work-flows for moving Hyperion databases to Oracle Database@Azure.

Migration to Exadata Database, Exascale Database, and Base Database
  • Physical Online Migration:

    The physical online migration work-flow supports migrations between the same database versions and platforms. This approach uses direct data transfer and the restore from service method to create the target database, avoiding the use of intermediate backup storage. Oracle Data Guard is used to keep the source and target databases synchronized, enabling minimal-downtime migration.

  • Physical Offline Migration:

    The physical offline migration work-flow supports migrations between the same database versions and platforms. The target database is created using Recovery Manager (RMAN) backup and restore. Azure Files is used to provide an NFS file share for storing RMAN backup files during the migration process.

  • Logical Online Migration:

    The logical online migration work-flow supports migrations between the same or different database versions and platforms. This work-flow uses Oracle Data Pump export and import to create the target database. Azure Files provides an NFS file share to store the Data Pump dump files. Oracle GoldenGate is used to synchronize the source and target databases, enabling minimal-downtime migration.

  • Logical Offline Migration:

    The logical offline migration work-flow supports migrations between the same or different database versions and platforms. The target database is created using Oracle Data Pump export and import. Azure Files provides an NFS file share to store the Data Pump dump files used during the migration.

Migration to Autonomous AI Database
  • Logical Online Migration

    The logical online migration work-flow supports migrations between the same or different database versions and platforms. This work-flow uses Oracle Data Pump export and import to create the target Autonomous Database. Azure Files provides an NFS file share for storing Data Pump dump files, while Oracle GoldenGate keeps the source and target databases synchronized to enable minimal-downtime migration.

  • Logical Offline Migration

    The logical offline migration work-flow supports migrations between the same or different database versions and platforms. The target Autonomous Database is created using Oracle Data Pump export and import. Azure Files provides an NFS file share to store the Data Pump dump files used during migration.

Components Overview

Component Purpose
Oracle AI Database@Azure Oracle AI Database@Azure provides Oracle Exadata Database deployed and operated in Azure with native Azure integration. It combines Oracle Exadata Database performance and Oracle AI Database capabilities with Azure networking, security, and consumption models. The offering includes Oracle Exadata Database, Oracle Exadata Database Service on Exascale Infrastructure, Oracle Autonomous AI Database Serverless, and Oracle Base Database Service for hosting database layer for PeopleSoft.
Azure Load Balancer Azure Load Balancer distributes incoming traffic across web or application servers and continuously monitors back-end health probes to send traffic only to healthy instances. This ensures even traffic distribution, high availability, and automatic failover without application.
Azure Bastion Azure Bastion enables secure RDP and SSH access to virtual machines over HTTPS without requiring public IP addresses. It improves security by centralizing administrative access and reducing exposure to inbound internet threats.
Autonomous Recovery Service Autonomous Recovery Service provides automated backup, continuous data protection, and fast recovery for Oracle AI Database(s). It reduces data loss and recovery time by autonomously managing backups, validation, and restore operations.
Object Storage Object Storage provides durable, scalable storage for unstructured data using a bucket-and-object model. It is commonly used for backups, archival, and data sharing with built-in security and lifecycle controls.
OCI Vault OCI Vault provides centralized management of encryption keys and secrets using Oracle-managed HSMs. It enables strong security, key rotation, and access control for protecting data across OCI services.
Azure Files Azure Files provides fully managed, shared file storage using standard SMB and NFS protocols. It enables applications to access scalable, highly available file shares without managing underlying storage systems.
Azure Key Vault Azure Key Vault is a managed service that provides secure storage and lifecycle management for sensitive information such as secrets, encryption keys, and certificates used by enterprise applications.

Learn more