This image shows two TimesTen databases in an active standby pair replication scheme provisioned in an Oracle Cloud Infrastructure Kubernetes Engine (OKE) cluster in an OCI region. Oracle Cloud Guard resides in the OCI region. The OCI region comprises a virtual cloud network (VCN), which spans one availability domain. The availability domain is spanned by:

• A public subnet that contains the Bastion service.

• A private subnet that contains a load balancer.

• A private subnet that contains the Kubernetes API endpoint.

• A private subnet that contains a worker node for the TimesTen Kubernetes Operator (TimesTen Operator) and a node pool for the TimesTen databases.

Each subnet is protected by a security list and route table.

Within the VCN but external to the subnets is the OCI Services Network, which includes the Audit, Logging, Identity and Access Management (IAM), and Block Volume services. The OKE cluster reaches these services through the service gateway.

Outside of the OCI region are the administrator and user applications.

• Traffic from the administrator flows through an Internet gateway to the Bastion service and then, to the Kubernetes API endpoint to reach the TimesTen Operator.

• Traffic from the user applications flows through an Internet gateway to the Bastion service and then, to the load balancer. The load balancer directs the traffic to one of the TimesTen databases in the node pool.

The VCN includes a NAT gateway to enable the OKE cluster access to the Internet and Oracle Container Registry.