About Connecting to Oracle Cloud and VMware Resources

Oracle Cloud Infrastructure is a public cloud offering that provides best-in-class compute, network, storage, and other cloud native features. Oracle Cloud VMware solution gives you the ability to deploy your VMware based virtual machines (VMs) into your Oracle Cloud Infrastructure environments.

Customers may want the ability to remotely access their Oracle Cloud and VMware resources. Some Oracle customers may have Oracle Platform as a Service and Software as a Service offerings deployed in a given region. Depending on your requirements, there are multiple ways to connect to these environments. This solution covers the various connectivity approaches, their benefits, their limitations, and how one can get started. Your use cases typically fit into one or more of the following design patterns.

Architecture for Direct Access from On-Premises to Oracle Cloud

You have one or more physical locations, and you need to interconnect your on-premises data centers, such as a corporate headquarters or a remote branch office, directly with Oracle Cloud to provide network connectivity for your applications, or potentially for bursting capacity into the cloud. Many customers also “lift and shift” their on-premises workloads to Oracle Cloud.

This architecture shows that you are typically trying to achieve lower-latency, higher-bandwidth links (1 Gbps or 10 Gbps), and a higher quality of service compared to going over the internet. Oracle’s FastConnect service provides a few different solutions for this use case.

Description of direct_acces_on-prem_oci.png follows
Description of the illustration direct_acces_on-prem_oci.png

Architecture for Multicloud Topology

This architecture shows a combination of resources that exist in one or more public clouds, and you need connectivity between Oracle Cloud and these existing public clouds.

  • If you have resources in Microsoft’s Azure Cloud, then Oracle Cloud already has an Azure Interconnect solution to provide high-bandwidth and low-latency links. Check Explore More to learn more about interconnecting Oracle Cloud with Microsoft Azure.
  • If you can tolerate high latency, then a simple strategy might be to deploy an IPSec site-to-site VPN tunnel from one cloud to the other.
  • If low latency and high bandwidth are required, then a virtual routing function is needed to interconnect FastConnect to the other cloud’s high-bandwidth solution. Network service providers, including but not limited to Equinix and Megaport, now offer virtual routers that can help forward traffic between the clouds.

Description of multicloud_topology.png follows
Description of the illustration multicloud_topology.png

Architecture for ROBO Connectivity to Oracle Cloud

This architecture shows multiple remote sites that need connectivity to each other and to Oracle Cloud. For example, ACME corporation has offices in San Diego, California; Denver, Colorado; and Miami Florida. All three sites need to connect to Oracle Cloud to access their application server in Oracle Cloud in Ashburn, Virginia.

Depending on your application latency requirements, this use case could be addressed with a few different technologies, including the following ones:
  • Communicating over the public internet with public IP addresses. This approach is not recommended for security reasons; your infrastructure would be exposed to the public internet.
  • IPSec site-to-site VPNs from the Remote Office/Branch Office (ROBO) sites over the internet to Oracle Cloud.
  • Using a multiprotocol label switching (MPLS) provider to establish a corporate backbone for each ROBO site and connecting the MPLS backbone to Oracle Cloud via FastConnect.
  • Using a software-defined wide area network (SD-WAN) solution to interconnect the ROBOs and Oracle Cloud. SD-WANs can offer bandwidth optimization features that provide high availability over MPLS and broadband connections. This approach could include technology similar to VMware’s VeloCloud solution, or Oracle’s Talari SD-WAN solution.

Currently, VMware’s VeloCloud solution doesn’t have a direct integration with Oracle Cloud. To review which SD-WAN solutions are currently available in Oracle Cloud, visit the Oracle Cloud Marketplace.

Description of sd-wan_topology.png follows
Description of the illustration sd-wan_topology.png

Architecture for Remote Access VPN

You have hundreds or thousands of end users who need to access a central application, such as VMware’s Horizon View virtual desktop infrastructure (VDI) solution. The users’ devices could be mobile phones, tablets, laptops, desktops, and so on, but they are distributed across multiple locations. They require secure connections to the VDI environment, and they don’t have dedicated VPN hardware concentrators to help scale out.

In this use case, you can use an application-layer SSL VPN tunnel for each user that terminates inside Oracle Cloud or possibly the Oracle Cloud VMware Solution environment. The Oracle Cloud Marketplace has many VPN appliance options, and OpenVPN is an example of an appliance that can support SSL VPN tunnels. For step-by-step instructions, see the Creating a Secure SSL VPN Connection between Oracle Cloud Infrastructure and a Remote User blog post.

Description of remote_access_vpn_topology.png follows
Description of the illustration remote_access_vpn_topology.png

Compare Different Use Cases

The following table compares the requirements and solutions for each of the use cases.

Different Use Cases Requirements Technology Solutions
On-premises to Oracle Cloud Low latency, high bandwidth FastConnect
Multicloud topology Internet connectivity between clouds IPSec site-to-site tunnels, SD-WAN solutions, or both
Multicloud topology Low latency, high bandwidth FastConnect, a cloud router, and a high-bandwidth solution from other cloud providers. If connecting to Azure, you can use the Azure Interconnect
ROBO Low latency, high bandwidth FastConnect
ROBO Internet connectivity between offices IPSec site-to-site tunnels, MPLS backbones, or SD-WAN solutions
Remote access VPN Ubiquitous access from a wide array of remote devices; also known as customer-premises equipment (CPE). IPSec VPN, or SSL VPN into a network virtual appliance (NVA) virtual machine