4 Supplier Evaluation Cloud Service Architecture
The Supplier Evaluation Cloud Service application is deployed on Oracle's Global Business Unit Cloud Services Foundation Services. The application is deployed in a highly available, high performance, horizontally scalable architecture. Supplier Evaluation Cloud Service uses either Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) as its identity provider (IDP). Information about logical, physical and data architecture in this document focuses on how the architecture supports security.
Architecture Overview
Most customer access to the Supplier Evaluation Cloud Service is through the web tier. The web tier contains the perimeter network services that protects the Supplier Evaluation application from the internet at large. All traffic from the web tier continues to the Web Tier Security Server (WTSS), which in turn uses the customer's Oracle Identity Cloud Service (IDCS) or Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) tenancy to perform authentication. More information about authentication through IDCS or OCI IAM is provided later in this document.
The Supplier Evaluation application is deployed on a Kubernetes cluster. Reporting is provided by Oracle BI Publisher which can connect to the underlying database.
The underlying container DBaaS includes one pluggable database (PDB) for Supplier Evaluation. Applications are able to access the Supplier Evaluation schema on the Supplier Evaluation PDB. Transparent data encryption (TDE) is set during provisioning. Tablespaces that contain personal data are encrypted.
Supplier Evaluation Cloud Service applications integrate with external business systems by using:
-
Native files upload/download. All inbound files are scanned by anti-virus and anti-malware software.
-
Native Rest Services.
Supplier Evaluation Cloud Service authenticates native rest services using OAUTH2.0 through IDCS or OCI IAM. As a common authentication pattern is used, web service users are subject to the same strong controls as application users.
All rest service calls are logged in the application logs.
Access Flow
This document does not explain the full access flow of the Supplier Evaluation Cloud Service, but instead focuses on the high level aspects of this data flow that relate to security.
Supplier Evaluation Cloud Service is deployed on a Kubernetes cluster. Each application resides in an appropriate tier and each tier resides in its own subnet. Communication between tiers within the Supplier Evaluation Cloud Service is limited by subnet ingress security lists.
To reduce attack surface, access to the Supplier Evaluation Cloud Service from the open internet is very limited.
Business Users (using a web browser) and external web service endpoints access application over https/443. Firewall and load balancer in the DMZ route to the customer tenancy by using reverse proxy forward to WTSS. WTSS forwards unauthenticated requests to the customer's IDCS or OCI IAM tenancy using the NAT Gateway. IDCS or OCI IAM sends authentication HTML content to the end user (IDCS or OCI IAM Logon page). On successful AuthN, WTSS sends a call to the reverse proxy ingress controller, which routes to the appropriate application component.
Access to the underlying DBaaS is only available through the application M-Tier. The M-Tier is able to get and place files into object storage. Both outbound web service traffic (811) and replication of data (912) are routed through the outbound proxy in the DMZ.
A subset of Oracle Retail AMS has very limited access to the underlying M-Tier. This access is limited to a small subset of Oracle employees as described in Oracle's Cloud Hosting and Delivery policy.
https://www.oracle.com/assets/ocloud-hosting-delivery-policies-3089853.pdf