Additional notes on the data flow through the architecture are provided in the surrounding text.

The image shows a high-availability production region, a database disaster recovery (DR) region, CountryPlace's on-premises network, a third-party bank environment, and a third-party credit check environment.

CountryPlace's on-premises network includes user groups that access work stations and core networking services (switch and data center, router, automation server, and SQL server) in the on-premises environment. Users are authenticated by using Oracle Cloud Infrastructure Identity and Access Management.

The third-party bank environment includes a file system gateway and inbound outbound services for payment approval or denial.

The third-party credit check environment includes an API gateway and credit check services.

CountryPlace's primary production environment runs in the Oracle Cloud region and compartment in US-Ashburn and its database disaster recovery (DR) environment runs in the US-Phoenix region and compartment. The two regions communicate using remote peering connections. The high-availability production region has two availability domains and a single virtual cloud network (VCN) and the disaster recovery (DR) region has a single availability domain and VCN. The region provides object storage and policies for the region. The VCNs have the following gateways:
  • Network address translation (NAT) gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
  • Dynamic routing gateway (DRG): Provides private connectivity using Site-to-site VPN to the customer's on-premises data center.
  • Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet. In this case object storage is used for database backup.
The production VCN has the following private subnets with security lists to provide secure communications between subnet resources using the NAT gateway:
  • Load balancer private subnet: Includes a primary load balancer in availability domain 1 and a standby load balancer in availability domain 2 to manage data and user traffic.
  • Application private subnet: Includes CountryPlace's primary Oracle Financial Services Lending and Leasing (OFSLL) and Oracle BI Publisher application servers in availability domain 1 and backup/DR servers in availability domain 2.
  • Database and storage private subnet: Includes Database Cloud Service in availability domain 1 and Oracle Cloud Infrastructure File Storage in availability domain 2.

The disaster recovery VCN has a single database private subnet, similar to the corresponding subnet in the production region that includes Database Cloud Service in availability domain 1.