1. Security Guide – volume 1
  2. Merchandising Cloud Service Suite Architecture
  3. Architecture Overview

Architecture Overview

Most customer access to the Merchandising Cloud Service is via the web tier. The web tier contains the perimeter network services that protect the Merchandising applications from the internet at large. All traffic from the web tier continues to the Web Tier Security Server (WTSS), which in turn uses the customer's Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) tenancy to perform authentication. More information about authentication via IDCS or OCI IAM is provided later in this document.

The Merchandising applications are deployed in a Kubernetes. Scheduling of batch processes is provided by Job Orchestration and Scheduling (JOS). Reporting is provided by an OBIEE instance which can connect to the underlying database.

The underlying container DBaaS includes one pluggable database (PDB) for Merchandising. Applications are able to access the Merchandising schema on the Merchandising PDB. Transparent data encryption (TDE) is set during provisioning. Tablespaces that contain personal data are encrypted.

Merchandising Cloud Service Suite applications integrate with external business systems via:

  • Native files upload/download

  • Native Rest Services

  • Retail Integration Cloud Service, which includes Retail Integration Bus (RIB), Retail Service Bus (RSB) and Bulk Data Integration (BDI)

  • Files via service based upload to Object Storage. All inbound files are scanned by anti-virus and anti-malware software.

Merchandising Cloud Service Suite authenticates native rest services using OAUTH2.0 via IDCS or OCI IAM. As a common authentication pattern is used, web service users are subject to the same strong controls as application users. All rest service calls are logged in the application logs.

All communication between Merchandising Cloud Service Suite and Retail Integration Cloud Service is via secured web services.

Retailers may also choose to replicate a subset of their data from the Merchandising PDB to an external database controlled by the Retailer. The replication uses Oracle Golden Gate. All Golden Gate trail files are encrypted and communicated via https. The retailer is responsible for securing the target destination database.