Alef: Insurance Data System Deployment on Oracle Cloud Infrastructure
Advanced Laboratory for Economics and Finance (Alef) develops software that helps insurance companies, banks, government agencies, and other institutions to evaluate insurance contracts, manage investment portfolios, track pension funds, and analyze credit and other financial risks.
Alef implemented several solutions on Oracle Cloud Infrastructure (OCI) by using Oracle high-performance computing (HPC) and Oracle Database Exadata Cloud Service.
After benchmarking its HPC workloads on competing cloud infrastructure providers, Alef found that its workloads run 30% faster on Oracle Cloud Infrastructure. Alef also found that migrating its customer databases to Oracle Database Exadata Cloud Service brought an increase in database performance of up to 70%.
Planning and operating the migration of large and complex infrastructures to Oracle Cloud Infrastructure took only a few weeks, and has since allowed Alef to improve its ability to process and analyze large data sets, while increasing service reliability, fault tolerance, and disaster recovery.
Architecture
The architecture for delivering Advanced Laboratory for Economics and Finance's (Alef) insurance data systems (IDS) software follows a traditional client-server architecture.
Users access and interact with the client machines in a frontend subnet. The access is facilitated by remote desktop protocol (RDP). Client machines help users to provide input data, and to prepare and submit workloads. The backend is composed of high-performance computing (HPC) nodes designed for running large batch jobs, such as risk analysis, simulations, and other computationally-intense workloads. The insurance data system (IDS) software relies on Oracle Cloud Infrastructure Database for data persistence. In the future, Alef plans to implement Oracle Machine Learning to run their big data processing jobs with Hadoop and Spark. They're also looking to include its risk analysis software-as-a-service (SaaS) offering on the Oracle Cloud Marketplace.
The following diagram illustrates this reference architecture.
The following diagram illustrates the architecture that Alef deployed across multiple regions.
The architectures have the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
All the resources in this architecture are deployed in a single region.
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
All the resources in this architecture are deployed in a single availability domain.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- VPN Connect
VPN Connect provides site-to-site IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- NAT gateway
The NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Remote peering
Remote peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.
- Compute
The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
- File storage
The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.
- Cloud Guard
You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
- Oracle databases
- Autonomous database
Oracle Cloud Infrastructure autonomous databases are fully managed, preconfigured database environments that you can use for transaction processing and data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.
- VM DB System
Oracle VM Database System is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. A VM database system uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.
- Exadata DB system
Exadata Cloud Service enables you to leverage the power of Exadata in the cloud. You can provision flexible X8M systems that allow you to add database compute servers and storage servers to your system as your needs grow. X8M systems offer RoCE (RDMA over Converged Ethernet) networking for high bandwidth and low latency, persistent memory (PMEM) modules, and intelligent Exadata software. You can provision X8M systems by using a shape that's equivalent to a quarter-rack X8 system, and then add database and storage servers at any time after provisioning.
- Autonomous database
Considerations
Alef considering the following points when deploying this architecture:
- Performance
Alef use both bare metal and VM compute instances to run their workload. For HPC workloads, bare metal compute shapes are used to provide higher bandwidth, large memory, NVMe storage, and complete isolation. The shapes of the compute instances are decided based on the complexity and intensity of the workload and computing power required.
These compute instances use both Oracle Linux and Windows Operating systems. Alef also uses custom Linux-based images.
Alef use instance pools to autoscale their compute nodes whenever the computing power needs dynamic management, based on user needs.
- Security
Alef were early users of Oracle Cloud Infrastructure Cloud Guard. Alef's data consists of highly sensitive financial and insurance data, so they chose to secure their data using simple but powerful security features in Cloud Guard. Alef has ensured that none of their resources lie in public subnets. They deployed all the resources in private subnets and provisioned NAT gateways to access the public internet. IPSec VPN allows their users to communicate from the on-premises to Oracle Cloud Infrastructure through a dynamic routing gateway (DRG).
- Availability
Alef follows Oracle Cloud Infrastructure high availability best practices by spreading the compute nodes across different availability and fault domains. Alef uses remote peering between the two regions to provide maximum availability when disaster recovery occurs.
- Scalability
Oracle Cloud Infrastructure File Storage offers high scalability especially when computing parallel workloads. Alef uses Oracle Cloud Infrastructure File Storage connected to Oracle Database systems to store the Oracle archive redo logs. Oracle Cloud Infrastructure File Storage also exposes the shared NFS mount point to HPC cluster nodes.
Alef uses the backup feature of Oracle Cloud Infrastructure Block Volumes to store backups using their own custom defined policies in home region (eu-frankfurt-1) and secondary region (uk-london-1).