Albertsons: PeopleSoft Payroll Deployment on Oracle Cloud

After going public in 2020, and seeing a huge burst in sales during the coronavirus pandemic, Albertsons needed a fast and cost-effective way to scale its human resource operations for the company's nearly 300,000 employees.

But with its on-premises human resource (HR) applications nearing end of life, the $70 billion grocery giant decided to migrate those applications to Oracle Cloud Infrastructure (OCI).

Founded in 1939 in Boise, Idaho, Albertsons currently operates more than 2,200 stores, making it one of the largest supermarket chains in North America. As the company began modernizing its in-store and digital shopping experiences for consumers, it had also begun modernizing the applications infrastructure for its staff. Today, Albertsons runs its core HR, and absence management applications in Oracle HCM Cloud, and runs its PeopleSoft Payroll application in OCI. The company also re-platformed its Oracle Database to Oracle Database Exadata Cloud Service (ExaCS). After migrating to OCI in May 2021, the weekly PeopleSoft 9.2 payroll jobs run 50% faster than they did when they ran on premises. Albertsons chose Oracle Managed Cloud Services (OMCS) from Oracle Advanced Customer Services (ACS) to provide administration of the PeopleSoft Payroll applications, databases, ExaCS, supporting infrastructure, and the OCI tenancy.

Highlights of Albertsons PeopleSoft Payroll application on OCI include:

  • Runs PeopleSoft Payroll 50% faster on OCI ExaCS
  • Provides high availability across fault domains
  • Ensures business continuity by using Data Guard and rync with the disaster recovery (DR) site
  • Secures user access integrated with Azure and public and private LBaaS
  • Depends on built-in redundancy across fault domains for web/App servers, batch processing, and Elastic Search, split across eight virtual machines (VMs)
  • Supports 13 environments including, production, disaster recovery, and non-production
  • Uses a sacrificial DR by sharing with a non-production database on a single ExaCS instance to increase performance and reduce costs
  • Connects to third-party applications including, ESP, Mantis and STAT

Customer Story

Learn more about Albertson's journey to Oracle Cloud and their networking and disaster recovery architecture:

Learn more about Albertson's PeopleSoft production architecture:


The production environment for Albertsons' PeopleSoft Payroll application is located in the Oracle Cloud Infrastructure (OCI) region in San Jose, California.

This production environment includes eight web/app servers, three PSUNX servers, one PSNT server, three Elastic Search servers and four PUM servers, all of which run on virtual machines (VMs) that are distributed across the fault domains. Oracle Database 19c RAC on Oracle Database Exadata Cloud Service (ExaCS) provides the database backend.

For the PeopleSoft database, Albertsons uses a quarter rack ExaCS, supporting a two-node Oracle Real Application Cluster (RAC). In a second region in Ashburn, Virginia, there are two additional ExaCS quarter racks, each of which supports both non-production and disaster recovery (DR) environments. Oracle Data Guard and rsync replicate the database and the non-database components to the DR site. The DR environment is deployed with a configuration that is similar to production, except that the DR database is located on one of the ExaCS servers, and shares this server with a collection of non-production environments. Albertsons chose Oracle Database Cloud Service (DBCS) running on VMs to support its third-party software applications.

During day-to-day operations, the DR database is downsized enough to run the replication process. The resources on that ExaCS node are primarily used to support several non-production environments. During DR testing or during an actual DR failover, the Oracle Managed Cloud Services (OMCS) team shuts down the non-production environments on that server, and then resizes the DR database resources to production capacity. The second ExaCS node in the DR region is dedicated to non-production workloads, supporting functions like regression, performance, and unit testing. Any key non-production environments needed for support during a DR scenario can be brought up on the second ExaCS node.

Albertsons also migrated several third-party applications to OCI, using a high availability architecture in two fault domains. Albertsons chose Oracle Database Cloud Service (DBCS) running on VMs to simplify support. While OMCS teams support these third-party applications up to the operating system, Albertsons manages, configures, and uses these tools to support their payroll application. Also located in the Application subnet is a set of utility/support servers, which are used by managed services to support the tenancy.

To secure user access to its OCI tenancy, Albertsons provides two transit hub VCNs in each region. One hub is used by office staff and management using Albertsons' internal network, and another is used by the OMCS support teams. External users access the PeopleSoft applications in OCI by using an internet gateway. Access is further secured by a public load balancer (LBaaS), which serves as a reverse-proxy and firewall. The LBaaS provides features that are common in firewalls such as enforcing port/network access policy by blocking all traffic except what needs to flow through, and by encrypting traffic by using transport layer security (TLS). Authentication traffic for external users is routed to a WebLogic/ForgeRock Identity Gateway, and then authenticated in Azure Active Directory (AD) for single sign-on (SSO). Internal users access the PeopleSoft applications by using a site-to-site VPN connected to the OCI transit VCN. After passing through a private LBaaS that serves as a reverse-proxy and firewall, they are then also routed to the WebLogic/ForgeRock Identity Gateway to use the same single sign-on (SSO) process as external users.

The file transfers between PeopleSoft and third parties must first pass through the Axway Managed File Transfer portal. Using vendor keys and Pretty Good Privacy (PGP) protocols for encryption and decryption, the files are then transmitted through a secure socket tunneling protocol (SSTP).

For security and isolation, the OMCS team configured Albertsons tenancy by using default deny and defense-in-depth controls at the subnet level. This gives Albertsons total control over who can access its different workloads. To isolate the components within the management VCN, OMCS set up a Bastion and Ansible Gateway. All of the OMCS support services within the San Jose region are connected by using local peering gateways (LPGs), while remote peering connects it to the Ashburn region.

The following diagram shows a simplified view that illustrates user access:

The following diagram illustrates the networking and disaster recovery architecture:

The following diagram illustrates the PeopleSoft production architecture:

The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domain

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Identity and access management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.

  • Policy

    An Oracle Cloud Infrastructure Identity and Access Management policy specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy.

  • Monitoring

    Oracle Cloud Infrastructure Monitoring service actively and passively monitors your cloud resources using metrics to monitor resources and alarms to notify you when these metrics meet alarm-specified triggers.

  • Logging
    Logging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:
    • Audit logs: Logs related to events emitted by the Audit service.
    • Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
    • Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.
  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Network security group (NSG)

    NSGs act as virtual firewalls for your cloud resources. With the zero-trust security model of Oracle Cloud Infrastructure, all traffic is denied, and you can control the network traffic inside a VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Site-to-Site VPN

    Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Network address translation (NAT) gateway

    A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Local peering gateway (LPG)

    An LPG enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.

  • Remote peering

    Remote peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.

  • Bastion host

    The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • Application Server

    Application servers use a secondary peer that, like the database, will take over processing in the event of a disaster. Application servers use configuration and metadata that is stored both in the database and the file system. Application server clustering provides protection in the scope of a single region but ongoing modifications and new deployments need to be replicated to the secondary location on an ongoing basis for a consistent disaster recovery.

  • Exadata DB system

    Exadata Cloud Service enables you to leverage the power of Exadata in the cloud. You can provision flexible X8M systems that allow you to add database compute servers and storage servers to your system as your needs grow. X8M systems offer RoCE (RDMA over Converged Ethernet) networking for high bandwidth and low latency, persistent memory (PMEM) modules, and intelligent Exadata software. You can provision X8M systems by using a shape that's equivalent to a quarter-rack X8 system, and then add database and storage servers at any time after provisioning.

  • VM DB System

    Oracle VM Database System is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. A VM database system uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.

  • Data Guard

    Oracle Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to remain available without interruption. Oracle Data Guard maintains these standby databases as copies of the production database. Then, if the production database becomes unavailable because of a planned or an unplanned outage, Oracle Data Guard can switch any standby database to the production role, minimizing the downtime associated with the outage.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • File storage

    The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.

  • Block volume

    With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

Get Featured in Built and Deployed

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

  1. Download the template (PPTX)

    Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

  2. Watch the architecture tutorial

    Get step by step instructions on how to create a reference architecture.

  3. Submit your diagram

    Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.


  • Authors: Sasha Banks-Louie, Perry Webster, Monica McGowan, Wei Han
  • Contributor: Robert Lies