Network Scenarios

This section describes four different networking scenarios, based on the above three networking architectures, any of which you might consider when integrating Oracle Utilities Cloud Services with an application hosted externally. To assist you in choosing the appropriate network topology, here we provide a description and pro/con discussion of each scenario.

Use the following table and associated topics to help you decide which networking option best fits your needs.

Scenario	Description	Security	High Availability	Throughput	Cost
1	Connectivity over public internet without VPN or FastConnect	TLS only	Relies on connectivity over the internet	Limited	Low setup cost; Low setup cost; OCI data transfer charges may apply
2	Connectivity over public internet with VPN Connect and without FastConnect	IPSec, Encrypted	Limited	Typically <250Mbps	Low setup cost; Low setup cost; OCI data transfer charges may apply
3	Connectivity over FastConnect without VPN (VPN may reduce the throughput)	TLS over dedicated private line - Not Encrypted	Redundancy supported - Refer to High Redundancy Best Practices	Port speeds in 1 Gbps, 10 Gbps or 100 Gbps increments	Prominent setup cost; OCI data transfer charges do not apply
4	Connectivity over public internet with VPN (as a fallback) and FastConnect	Depending on the path used for communication (Fast Connect -Not Encrypted; VPN -Encrypted)	Redundancy by Design - Refer to Redundancy Best Practices	Depending on the path used for data transfer	Prominent setup cost; OCI data transfer fees may apply, depending on the path of communication

Although connecting to Oracle Utilities Cloud Service via the internet is the cheaper option to setup, due to its limited security and availability, when transferring secured information as part of product integrations, it might also be the riskier option. Also, the OCI data transfer charges should be taken into consideration when evaluating the networking options. To ensure utmost security and availability, the FastConnect option with a redundant setup of VPN over public internet may be preferred.

The following sections discuss these options in greater detail.

Scenario 1: Connect Over Public Internet Without VPN or FastConnect

You can consider connecting over the public Internet without a VPN or FastConnect when the integration with on-premises application doesn't need high bandwidth or high levels of security. This is illustrated in the diagram in Architecture 1: Integrating Through Public (Internet) Web Service APIs.

Note these considerations:

Pre-requisites (to be performed by the customer)	• On-premises application's APIs in customer's network should be publicly accessible through the internet. • Application's inside customer's network should have access to public internet.
Working	• Oracle Utilities Cloud Services REST APIs are exposed to the public internet, so on-premises applications can use these REST APIs for integrations. • Oracle Utilities Cloud Services can call on-premises public (internet facing) APIs for integration. • File transfers can be done by using Object Storage, which also has secured public (internet facing) REST APIs.
Pros	• Simple setup, lower cost.
Cons	• Limited security of data in transit by using TLS, through public internet. • No guaranteed availability of connection; network outages between the on-premises data center and Oracle's OCI can occur. • Unpredictable throughput; moving large amounts of data can take substantial time • OCI data transfer charges may apply.

Scenario 2: Connect Over Public Internet With VPN but Without FastConnect

This scenario covers integration over the public internet with a VPN Connect but not using FastConnect. This is applicable when the integration with on-premises applications doesn't need high bandwidth but requires higher levels of security, with private APIs. This is explained in Architecture-2 diagram and used where additional cost is a factor but network throughput isn't.

Note these considerations:

Pre-requisite setup (to be performed by the customer)	• Appropriate setup needs to be done between the on-premises data center and OCI for the VPN Connect. • Service Gateway needs to be setup within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud Services through the VPN connect. • Appropriate setup/configuration needs to be set up to route requests from Oracle Utilities Cloud Services to the private APIs on customer's on-premises data center as Oracle Utilities Cloud Services can only send requests to public APIs. • Redundancy can be planned and the VPN setup should be done accordingly (this is a redundancy best practice).
Working	• Oracle Utilities Cloud services REST APIs can be accessed via the VPN Connect route through the service gateway, so customer's on-premises applications can use these REST APIs for integrations. • Oracle Utilities Cloud services can access the private APIs of customer's applications through an intermediary such as a reverse proxy and via the VPN. • File transfers can be done by using Object Storage, which also has secured public (internet facing) REST APIs.
Pros	• Easy to set up; more secure than public internet option. • Redundancy is supported by way of multiple connections and tunnels.
Cons	• Cost of setting up the intermediary, such as a proxy to expose the customer's on-premises applications' private APIs to Oracle Utilities Cloud services. • Service gateway setup. • Low throughput-typically <250Mbps; moving large amounts of data can take substantial time. • OCI data transfer charges may apply.

Scenario 3: Connect Over FastConnect Without VPN

Connect over FastConnect without a VPN when the integration with an on-premises application requires high bandwidth; for example, when you need to transfer large files. This is illustrated in the diagram in Architecture 3. Integrating Through FastConnect for Private Web Service APIs.

Note these considerations:

Prerequisites setup (to be performed by the customer)	• A dedicated private line between a customer's on-premises data center and OCI. • Set up and configuration must be set up so that any private end points are exposed to Oracle Utilities Cloud services as public end points; for example, the use of a reverse proxy. • Service Gateway needs to be set up within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud services through the VPN connect. • Redundancy can be planned and the FastConnect setup should be done accordingly (Redundancy is a best practice).
Working	• Oracle Utilities Cloud services REST APIs can be accessed via the FastConnect and Service Gateway route, so customer's applications can use these REST APIs for integrations. • Oracle Utilities Cloud services can access the private APIs of customer's on-premises applications through the intermediary setup (such as a reverse proxy) and via FastConnect. • File transfers are done using Object Storage, which also has REST APIs.
Pros	• High bandwidth; secure line.
Cons	• Cost of setting up the FastConnect private line and the cost of setting up the intermediary (such as a proxy).

Scenario 4: Connect Over Public Internet with VPN and FASTConnect

Connect over the public internet with a VPN Connect and FASTConnect when the integration with an on-premises application requires not only high bandwidth, but also needs a fallback mechanism to ensure close to 100% availability. While the fallback mechanism in this case has a lower bandwidth, it ensures that connectivity persists. This is a combination of Architecture 2. Integrating Through VPN Connect and Architecture 3. Integrating Through FastConnect for Private Web Service APIs.

Note these considerations:

Pre-requisites (to be performed by the customer)	• A dedicated private line between a customer's on-premises data center and OCI. • An appropriate setup and configuration that allows exposure of any private end points to Oracle Utilities Cloud Services as public end points. • Service Gateway needs to be set up within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud services through the VPN connect. • Redundancy can be planned and the FastConnect setup should be done accordingly (Redundancy is a best practice). • Redundancy can be planned and the VPN setup should be done accordingly (Redundancy is a best practice).
Working:	• Oracle Utilities Cloud services REST APIs can be accessed via the FastConnect or the VPN Connect route, so customer's applications can use these REST APIs for integrations. • Oracle Utilities Cloud services can access the private APIs of customer's on-premise through the proxy and via FastConnect or the VPN Connect • File transfers can be done using Object Storage's public(internet facing) REST APIs or by connecting to the Object Storage through FastConnect.
Pros	• High bandwidth, high availability, and secure.
Cons	• Cost of setting up the private line for FastConnect and the cost of setting up the intermediary process to expose the on-premises private end points to Oracle Utilities Cloud services. • Low throughput of VPN Connect in case FastConnect line becomes unavailable.