Network Scenarios

This section describes four different networking scenarios, based on the above three networking architectures, any of which you might consider when integrating Oracle Utilities Cloud Services with an application hosted externally. To assist you in choosing the appropriate network topology, here we provide a description and pro/con discussion of each scenario.

Use the following table and associated topics to help you decide which networking option best fits your needs.

Scenario Description Security High Availability Throughput Cost
1 Connectivity over public internet without VPN or FastConnect TLS only Relies on connectivity over the internet Limited Low setup cost; Low setup cost; OCI data transfer charges may apply
2 Connectivity over public internet with VPN Connect and without FastConnect IPSec, Encrypted Limited Typically <250Mbps Low setup cost; Low setup cost; OCI data transfer charges may apply
3 Connectivity over FastConnect without VPN (VPN may reduce the throughput) TLS over dedicated private line - Not Encrypted Redundancy supported - Refer to High Redundancy Best Practices Port speeds in 1 Gbps, 10 Gbps or 100 Gbps increments Prominent setup cost; OCI data transfer charges do not apply
4 Connectivity over public internet with VPN (as a fallback) and FastConnect Depending on the path used for communication (Fast Connect -Not Encrypted; VPN -Encrypted) Redundancy by Design - Refer to Redundancy Best Practices Depending on the path used for data transfer Prominent setup cost; OCI data transfer fees may apply, depending on the path of communication

Although connecting to Oracle Utilities Cloud Service via the internet is the cheaper option to setup, due to its limited security and availability, when transferring secured information as part of product integrations, it might also be the riskier option. Also, the OCI data transfer charges should be taken into consideration when evaluating the networking options. To ensure utmost security and availability, the FastConnect option with a redundant setup of VPN over public internet may be preferred.

The following sections discuss these options in greater detail.

Scenario 1: Connect Over Public Internet Without VPN or FastConnect

You can consider connecting over the public Internet without a VPN or FastConnect when the integration with on-premises application doesn't need high bandwidth or high levels of security. This is illustrated in the diagram in Architecture 1: Integrating Through Public (Internet) Web Service APIs.

Note these considerations:

  • Pre-requisites (to be performed by the customer)
    • On-premises application's APIs in customer's network should be publicly accessible through the internet.
    • Application's inside customer's network should have access to public internet.
  • Working
    • Oracle Utilities Cloud Services REST APIs are exposed to the public internet, so on-premises applications can use these REST APIs for integrations.
    • Oracle Utilities Cloud Services can call on- premises public (internet facing) APIs for integration.
    • File transfers can be done by using Object Storage, which also has secured public (internet facing) REST APIs.
  • Pros
    • Simple setup, lower cost.
  • Cons
    • Limited security of data in transit by using TLS, through public internet.
    • No guaranteed availability of connection; network outages between the on-premises data center and Oracle's OCI can occur.
    • Unpredictable throughput; moving large amounts of data can take substantial time
    • OCI data transfer charges may apply.

Scenario 2: Connect Over Public Internet With VPN but Without FastConnect

This scenario covers integration over the public internet with a VPN Connect but not using FastConnect. This is applicable when the integration with on-premises applications doesn't need high bandwidth but requires higher levels of security, with private APIs. This is explained in Architecture-2 diagram and used where additional cost is a factor but network throughput isn't.

Note these considerations:

  • Pre-requisites (to be performed by the customer)
    • Appropriate setup needs to be done between the on-premises data center and OCI for the VPN Connect.
    • Service Gateway and/or private endpoint (PE) needs to be setup within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud Services through the VPN connect.
    • Appropriate setup/configuration needs to be set up to route requests from Oracle Utilities Cloud Services to the private APIs on customer's on- premises data center for both public and reverse connection endpoints (RCE).
    • Redundancy can be planned and the VPN setup should be done accordingly (this is a redundancy best practice).
  • Working
    • Oracle Utilities Cloud services REST APIs can be accessed via the VPN Connect route through the service gateway and/or private endpoint (PE), so customer's on-premises applications can use these REST APIs for integrations.
    • Oracle Utilities Cloud services can access both public and private APIs of customer's applications.
    • File transfers can be done by using Object Storage, which also has secured public (internet facing) REST APIs.
  • Pros
    • Easy to set up; more secure than public internet option.
    • Redundancy is supported by way of multiple connections and tunnels.
  • Cons
    • Service gateway setup and/or private endpoint (PE)/reverse connection endpoint (RCE)
    • Low throughput-typically <250Mbps; moving large amounts of data can take substantial time.
    • OCI data transfer charges may apply.

Scenario 3: Connect Over FastConnect Without VPN

Connect over FastConnect without a VPN when the integration with an on-premises application requires high bandwidth; for example, when you need to transfer large files. This is illustrated in the diagram in Architecture 3. Integrating Through FastConnect for Private Web Service APIs.

Note these considerations:

  • Pre-requisites (to be performed by the customer)
    • A dedicated private line between a customer's on-premises data center and OCI.
    • Set up and configuration must be set up so that any private endpoint (PE) and/or reverse connection endpoint (RCE) are exposed to Oracle Utilities Cloud services.
    • Service Gateway and/or private endpoint (PE) needs to be set up within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud services through the VPN connect.
    • Redundancy can be planned and the FastConnect setup should be done accordingly (Redundancy is a best practice).
  • Working
    • Oracle Utilities Cloud services REST APIs can be accessed via the FastConnect and Service Gateway route, so customer's applications can use these REST APIs for integrations.
    • Oracle Utilities Cloud services can access the private APIs of customer's on-premises applications via reverse connection endpoint (RCE) using FastConnect.
    • File transfers are done using Object Storage, which also has REST APIs.
  • Pros
    • High bandwidth; secure line.
  • Cons
    • Cost of setting up the FastConnect private line.

Scenario 4: Connect Over Public Internet with VPN and FASTConnect

Connect over the public internet with a VPN Connect and FASTConnect when the integration with an on-premises application requires not only high bandwidth, but also needs a fallback mechanism to ensure close to 100% availability. While the fallback mechanism in this case has a lower bandwidth, it ensures that connectivity persists. This is a combination of Architecture 2. Integrating Through VPN Connect and Architecture 3. Integrating Through FastConnect for Private Web Service APIs.

Note these considerations:

  • Pre-requisites (to be performed by the customer)
    • A dedicated private line between a customer's on-premises data center and OCI.
    • An appropriate setup and configuration that allows exposure of any public and private endpoint (PE) to Oracle Utilities Cloud Services as public end points.
    • Service Gateway and/or private endpoint (PE) needs to be set up within customer's OCI VCN to route requests from customer's on-premises data center to Oracle Utilities Cloud services through the VPN connect.
    • Redundancy can be planned and the FastConnect setup should be done accordingly (Redundancy is a best practice).
    • Redundancy can be planned and the VPN setup should be done accordingly (Redundancy is a best practice).
  • Working
    • Oracle Utilities Cloud services REST APIs can be accessed via the FastConnect or the VPN Connect route, so customer's applications can use these REST APIs for integrations.
    • Oracle Utilities Cloud services can access any public and/or private API of customer's on-premises implementation via FastConnect or the VPN Connect.
    • File transfers can be done using Object Storage's public (internet facing) REST APIs or by connecting to the Object Storage through FastConnect.
  • Pros
    • High bandwidth, high availability, and secure.
  • Cons
    • Cost of setting up the FastConnect private line.
    • Low throughput of VPN Connect in case FastConnect line becomes unavailable.