BIAS Corporation: Migration of a Global Customer to Oracle Cloud

BIAS Corporation is an Oracle partner using Oracle technologies for some of the world’s leading companies and public sector organizations. BIAS provides a comprehensive approach to their customers, from design and implementation to support.

BIAS was engaged in an on-premises to cloud migration for a large global customer. The customer had two data centers that were connected through a p2p 1 GB backbone. However, deployment was facing the following challenges:
  • Hardware reaching end of life
  • Concerns with reliability and availability
  • Operating expense (opex) and capital expenditure (capex) costs for immediate and future growth

They chose Oracle Cloud Infrastructure (OCI) for its price, performance, and availability of features that were essential to the migration.

Customer Story

Learn more about the customer's journey to Oracle Cloud:

Learn more about how they used Oracle Identity Cloud Service with Microsoft Azure active directory to enable an end-to-end high-availability architecture for the authentication components: Oracle Cloud:

Architecture

The deployment used multiple compartment and virtual cloud networks (VCNs) with public and private subnets. Ashburn region was the primary with Phoenix as the disaster recovery site. Two Oracle Cloud Infrastructure FastConnect connections for high availability were used from Ashburn to either data center. Two IPSec VPNs provided a backup connection design to provide triple redundancy. This configuration proved effective when an accidental underground cable-cut caused both Oracle Cloud Infrastructure FastConnect connections to become unavailable, but the IPSec VPN connection prevented outage.

Compared to the on-premises deployment, which was a single-tier architecture, a multitier architecture was deployed in Oracle Cloud Infrastructure (OCI). Multiple application servers and databases in separate fault domains were deployed, providing high availability within the primary region. To ensure optimized traffic distribution to the application server, the customer also deployed both public and private load balancers. File Storage was used to sync data from on-premises to OCI. The disaster recovery site also hosted the backup database. In addition, the virtual machines being used on the disaster recovery site for database sync were flex shapes. This choice ensured that, when not in use, the customer incurred minimal cost. If an outage of the entire primary region occurs, the virtual machine scales automatically and quickly to manage the workload.

In addition to the production deployment, BIAS has also deployed a large development and QA environment on OCI. The following diagram illustrates this reference architecture.

Description of bias-datacenter-oci.png follows
Description of the illustration bias-datacenter-oci.png

In the on-premises deployment, the customer had active directory already set up for authentication. The Oracle Internet Directory and Oracle Access Manager applications running on-premises had an out-of-date software version. The customer was using Microsoft Azure's active directory services for authentication. They also wanted to enhance their authentication mechanism by using multi-factor authentication. BIAS proposed that they utilize Oracle Identity Cloud Service with Microsoft Azure active directory. The redundant domain controllers and Oracle E-Business Suite Asserter, which ensures Oracle Identity Cloud Service and Oracle E-Business Suite can talk to each other, were deployed. These controllers were integrated with Oracle Identity Cloud Service to the offline copy of active directory to ensure that all data is in sync. This connection enabled an end-to-end high-availability architecture for the authentication components.

The following diagram illustrates this reference architecture.

Description of bias-datacenter-idcs.png follows
Description of the illustration bias-datacenter-idcs.png

The architecture has the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • VM DB System

    Oracle VM Database System is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. A VM database system uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.

  • File storage

    The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • VPN Connect

    VPN Connect provides site-to-site IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Local peering gateway (LPG)

    An LPG enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.

  • Identity Cloud Service

    Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for a wide range of SaaS and on-premises applications.

  • Identity and access management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) enables you to control who can access your resources in Oracle Cloud Infrastructure and the operations that they can perform on those resources.

  • Oracle E-Business Suite Asserter

    The Oracle E-Business Suite Asserter component from Oracle Identity Cloud Service enables you to integrate your Oracle E-Business Suite environment with other cloud and non-cloud services using Oracle Identity Cloud Service Single Sign-On (SSO)

  • Microsoft Azure Active Directory

    Microsoft Azure Active Directory (AD) is a cloud-based identity and access management directory service.

  • Active Directory Bridge

    The Active Directory (AD) Bridge provides a link between your AD enterprise directory structure and Oracle Identity Cloud Service.

Explore More

Learn more about the features of this architecture.

Best practices framework for Oracle Cloud Infrastructure