1. Deploying JD Edwards EnterpriseOne on Oracle Cloud Infrastructure on Linux with DB Systems using Reference Architecture Learning Path
  2. Key Concepts of Reference Architecture

Key Concepts of Reference Architecture

This section describes these key concepts of reference architecture:

  1. NAT Gateway
  2. Bastion Hosts
  3. Private Load Balancer (LBaaS)
  4. Production Environments
  5. Non-Production Environments
  6. Disaster Recovery Environments
  7. POD Architecture

NAT Gateway

Key characteristics of a NAT gateway include:

  • The gateway gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections.
  • The gateway is a networking technique commonly used to give an entire private network access to the internet without assigning each host a public IPv4 address. The hosts can initiate connections to the internet and receive responses, but not cannot receive inbound connections initiated from the internet.

When a host in the private network initiates an internet-bound connection, the NAT device's public IP address becomes the source IP address for the outbound traffic. The response traffic from the internet therefore uses that public IP address as the destination IP address. The NAT device then routes the response to the host in the private network that initiated the connection.

For additional information on NAT gateways, refer to Oracle Cloud Infrastructure Documentation:

https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/NATgateway.htm

Bastion Hosts

Bastion hosts are an important part of the network security layer for both cloud and data center deployments. Combined with firewall policies, bastion hosts can protect your environment by blocking access to external management interfaces.

Because most of the infrastructure denies remote access, you need a method to log in to the servers located in the private subnets. You can establish a point-to-network VPN, but this method increases the complexity of and the management necessary for the setup. A secure and convenient method that you can use, is to connect to the bastion hosts by using the SSH protocol.

Private Load Balancer (LBaaS)

To isolate your load balancer (LBaaS) from the internet and simplify your security posture, you can create a private load balancer. The load balancing service assigns it to a private IP address that serves as the entry point for incoming traffic.

When you create a private load balancer, the service requires only one subnet to host both the primary and standby load balancers. The load balancer can be regional or AD-specific, depending on the scope of the host subnet. The load balancer is accessible only from within the VCN that contains the host subnet, or from any other network based on your security list rules.

The assigned floating private IP address is local to the host subnet. The primary and standby load balancers each require an additional private IP address from the host subnet.

If there is an availability domain outage, a private load balancer created in a regional subnet within a multi-AD region provides failover capability. A private load balancer created in an AD-specific subnet, or in a regional subnet within a single-AD region, has no failover capability in response to an availability domain outage.

Production Environment

Production environments include a set of resources that provides high availability and scalability in terms of resources and services. The production environment can be deployed in a single AD only.

Resources include:

  • NAT Service
  • Bastion Servers
  • One-Click Provisioning Server
  • RAC database servers (DBS only)
  • Enterprise Servers
  • Web Servers (HTML and AIS)
  • LBaaS for Web Servers
  • Microsoft Windows-based Deployment Server

Non-Production Environments

Non-production environments include a set of resources that provides JD Edwards EnterpriseOne servers that are not deployed in high availability abilities. The non-production environment can be deployed in a single AD only.

Resources include:

  • One-Click Provisioning Server
  • RAC Database Servers (DBS only)
  • Enterprise Servers
  • Web Servers (HTML and AIS)
  • Microsoft Windows-based Deployment Server

Disaster Recovery Environments

Disaster Recovery (DR) environments include the same set of resources as Production environments with high availability and scalability in terms of resources and services. The Production environment can be deployed in a single AD only.

Resources in the DR environment include:

  • NAT Service
  • Bastion Servers
  • RAC Database Servers (DBS created after enabling Oracle Data Guard for the PD environment)
  • Enterprise Servers
  • Web Servers (HTML and AIS)
  • LBaaS for Web Servers (HTML and AIS)

POD Architecture

The JD Edwards EnterpriseOne One-Click architecture for HTML and AIS Servers introduces the concept of pods, which matches the deployment concept of JD Edwards EnterpriseOne Infrastructure Provisioning for Reference Architecture. You can use pods to scale JD Edwards EnterpriseOne, or to separate by pathcodes such as Development and Production. The POD architecture is recommended for high performance environments such as Production.

For purposes of this discussion regarding the definition of HTML and AIS Servers, a pod consists of a Logic Server, a Batch Server, a Standard HTML Server, a Dedicated HTML Server and an AIS Server. Pods are generally associated by a common pathcode. To scale by pathcode, multiple pods can be configured.