Exadata Cloud@Customer Technical Architecture
June 2025
Copyright © 2022, 2025 Oracle and/or its affiliates
Exadata Cloud@Customer Technical Architecture
June 2025
Copyright © 2022, 2025 Oracle and/or its affiliates
Copyright © 1994, 2025, Oracle and/or its affiliates.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software, software documentation, data (as defined in the Federal Acquisition Regulation), or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed, or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software," "commercial computer software documentation," or "limited rights data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed, or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government's use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle®, Java, MySQL, and NetSuite are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Oracle Exadata Cloud@Customer runs Oracle Exadata Database Service and Oracle Autonomous Database Service with Oracle-owned and managed infrastructure located in your data center.
Your databases run on one or more virtual machine (VM) clusters that reside on Exadata infrastructure in your data center. Exadata Cloud@Customer also includes control plane server (CPS) infrastructure that connects to an OCI region for cloud automation and administration.
Your client applications and administrators connect to the VM clusters through client and backup networks that you create. You access your databases through standard Oracle database connection methods, such as Oracle Net. You access the VM clusters through standard Oracle Linux methods, such as token-based Secure Shell (SSH).
Your Exadata and Autonomous Database administrators can use the web-based OCI Console, command-line interface (CLI), and REST APIs to connect to your OCI tenancy over an HTTPS connection. Your tenancy sends service management API calls to the Oracle service tenancy. The Oracle service tenancy connects to the Oracle-managed admin virtual cloud network (VCN). An outgoing, persistent, secure automation tunnel connects the CPS infrastructure in your data center to the Oracle-managed admin VCN in the OCI region for delivering cloud automation commands to the VM clusters.
For Autonomous Database, separate persistent automation and temporary operator tunnels are created, targeting separate service tenancy administrative VCNs. If you're using both Oracle Exadata Database Service and Oracle Autonomous Database Service, you'll have two persistent tunnels and, as required, up to two temporary tunnels. These separate tunnels enforce a strict separation of duties for developer operations personnel, who only have authorization to take action on specific VM cluster resources, segregated by service type.
Oracle Cloud Operations can use a console or REST APIs over an HTTPS or SSH connection to manage the infrastructure. Oracle operator SSH connections travel through bastion and management servers; the admin VCN; and an outgoing, temporary, secure operator tunnel from the CPS to the admin VCN. Oracle operator HTTPS connections travel to the infrastructure through the Oracle service tenancy, admin VCN, and the outgoing, persistent, secure automation tunnel. You can optionally control authorization of SSH access by Oracle operators by registering infrastructure resources with a separate Operator Access Control.
Your databases run on one or more virtual machine (VM) clusters that reside on Exadata infrastructure in your data center. Exadata Cloud@Customer also includes control plane server (CPS) infrastructure that connects to an Oracle Cloud Infrastructure (OCI) region for cloud automation and administration.
Your data center connects to the OCI region to access Exadata Cloud@Customer (ExaC@C) service endpoints, Object Storage, OCI telemetry monitoring, identity service, and logging service.
You can optionally connect your data center to the OCI region with FastConnect. This option uses a public virtual circuit to connect the edge of your network to the Oracle edge in the OCI region. Your edge connects to customer-premises equipment (CPE) in your data center.
The CPE connects to a switch or router, which directs traffic to and from the CPS, network time protocol (NTP) server, domain name system (DNS) server. If you're not using FastConnect, your network should also include a proxy server (not shown in the diagram).
Your client applications and administrators connect to your VM clusters and databases over the private client and backup subnets that you access through a switch or router in your data center. You create and manage the client and backup subnets.
Oracle Exadata Cloud@Customer includes multiple database servers and Exadata storage servers connected by high-speed, low-latency network fabric. The Exadata infrastructure resides in your data center.
You can choose from two elastic system shapes: elastic base and elastic. Each system shape can be scaled with additional database and storage servers.
The Exadata infrastructure can have 2 to 32 database servers and 3 to 64 storage servers. You can host one or more VMs per database server.
Note: Today, when deploying Autonomous Database VM clusters, you can't elastically expand the VM clusters after provisioning, so if you need larger clusters, first expand your infrastructure and then provision the Autonomous Database VM cluster.
The client and backup networks provide access to your virtual machine (VM) clusters on the database servers. Oracle manages the infrastructure through the management network, which connects the database and storage server hardware.
Each Oracle Exadata Cloud@Customer database server contains one or more virtual machine (VM) guests running on a hypervisor and you can designate each VM to host either Exadata Database or Autonomous Database Service instances. This configuration ensures a distinct separation between the Oracle-managed and customer-managed components for the Exadata Cloud@Customer platform.
Oracle manages the hypervisors through the management network. The client and backup networks connect to the VM guests through bonded network interfaces to maximize performance and availability.
If you include Oracle Database software licenses in your Exadata Database Service or Autonomous Database subscription, each VM guest has a complete Oracle Database installation that includes all the features of Oracle Database Enterprise Edition plus all the database enterprise management packs and all the Enterprise Edition options, such as Oracle Database In-Memory and Oracle Real Application Clusters (RAC), as well as Oracle Grid Infrastructure. Alternatively, you can use Oracle Database software licenses that you already own.
Note: Autonomous Database Service prevents customer access to the VM guests because Oracle manages these as part of the service. Administrative actions against the database are limited to protect the service configuration for availability and security. Given that SSH access to VM guests is removed, customer administrative actions in Autonomous Database are performed by an ADMIN user, not by the standard SYSTEM/SYSDBA users, and they're limited to the service-defined APIs, console, and CLI.
Exadata Database Service allows customer access to the VM guests. VM guests require an SSH public/private key pair for operating system security. You register a public key in each guest, and you retain the private key that enables access to the VM operating system. VM guests include standard user accounts, such as oracle, opc, grid, and root.
As a result of this configuration, Exadata Database Service customers manage the VM guests and all the software they contain, including the Oracle-provided management tools, including dbaascli for database lifecycle management and ExaCLI for monitoring and managing your Exadata storage servers.
The diagram shows Exadata infrastructure with two database and three storage servers.
The database servers connect to the Exadata storage servers through network fabric ports. The Exadata infrastructure resides in your data center.
Oracle manages the infrastructure and, for Autonomous Database, the VM guests and database, through the service-specific management network that connects the database and storage server hardware.
When you configure Oracle Exadata Cloud@Customer, Oracle Automatic Storage Management (ASM) provisions the storage space inside the Exadata storage servers. By default, ASM creates the following disk groups:
Only on Exadata Database Service, you can optionally create the SPARSE disk group to support Exadata snapshots. If you create the SPARSE disk group, ASM allocates less space to the DATA and RECO disk groups.
Exadata Cloud@Customer platform customers also need to decide whether to allocate storage to perform local backups to your Exadata storage. If you choose this option, ASM allocates more space to the RECO disk group and less to the DATA disk group.
The usable storage capacity is the storage available for Oracle Database files after taking into account high-redundancy ASM mirroring (triple mirroring), which provides highly resilient database storage on all Exadata Cloud@Customer configurations. The usable storage capacity does not factor in the use of Exadata compression capabilities, which can increase the effective storage capacity.
The database servers connect to the Exadata storage servers through network fabric ports with active bonding. The Exadata infrastructure resides in your data center.
The diagram shows Exadata infrastructure with two database and three storage servers. Each storage server has flash storage and Exadata RDMA Memory (XRMEM).
Oracle manages the infrastructure through the management network, which connects the database and storage server hardware.
The client and backup networks provide access to your virtual machine (VM) clusters on the database servers. Oracle manages the infrastructure through the management network, which connects the database and storage server hardware.
Your databases run on one or more virtual machine (VM) clusters that reside on Exadata infrastructure in your data center. Exadata Cloud@Customer also includes two control plane servers (CPS) that connect to an Oracle Cloud Infrastructure (OCI) region for cloud automation and administration.
Note: For clarity, the diagram displays only one database server, storage server, and CPS.
The client and backup networks provide access to your VM clusters on database servers through a layer 2 virtual local area network (VLAN) switch that you manage and bonded virtual network interface cards (VNICs).
Your VMs access your dedicated Exadata storage servers through a private, nonrouted interconnect network with SR-IOV mapped interfaces. Each physical Exadata database server and storage server has a highly available (HA) connection to a pair of redundant storage networking switches.
The database and storage servers are interconnected through a layer 2 management network and switches. There is no direct access from the management network to your client and backup networks. A subset of Oracle cloud automation functionality accesses your VMs through the management network by using a VNIC interface and a network address translation (NAT) address.
The CPS connects to the storage servers through the storage network switch, and it connects to the management network switch through the control plane network. An outgoing, persistent, secure automation tunnel connects the CPS to the Oracle-managed admin VCN in the OCI region through an internet access switch that you manage.
The following interfaces connect the various networks to the VM: