This image shows primary and disaster recovery topologies across two Oracle Cloud Infrastructure (OCI) regions. Each region provides 2 availability domains.

A single dynamic routing gateway (DRG) is deployed in each region and acts as a central hub for external communication. The DRG also provides internal VCN-to-VCN communications by using remote peering which includes the Oracle Services Network in the remote region.

Both regions provide Oracle Services Network resources that include Policies, Oracle Cloud Infrastructure Identity and Access Management, Oracle Cloud Infrastructure Object Storage, Oracle Cloud Infrastructure Audit, Oracle Cloud Guard, Oracle Cloud Observability and Management Platform services, and backup and restore services.

External users connect to the regions as follows:

Internet users access the Oracle applications in the production region by using an internet gateway
Azure Windows Virtual Desktop users connect to the production region by using a site-to-site virtual private network (VPN) between Azure and the DRG
Data migration users in a private cloud data center connect to the production region DRG by using Oracle Cloud Infrastructure FastConnect
On-premises users connect to the production region DRG by using Oracle Cloud Infrastructure FastConnect with a secondary, backup connection by using a VPN IPSec tunnel

The production region is in OCI US East Region-Ashburn and includes 3 virtual cloud networks (VCNs).

Production VCN: Provides an internet gateway and a network address translation (NAT) gateway that enables private resources in a VCN to access hosts on the internet without exposing those resources to incoming internet connections. The production VCN provides:
- Public and private load balancer subnets
- Separate private subnets for apps and for databases for Oracle E-Business Suite, Oracle SOA, and Hyperion
- DMZ private subnet with a secure file transfer protocol (SFTP) server for Oracle application files from external sources
Non-production VCN: Provides service gateway to access Oracle Services Network resources in the DR region. The non-production VCN provides:
- Private load balancer subnet
- Separate private subnets for apps and for databases for Hyperion and for Oracle E-Business Suite, Oracle SOA for development, test, and UAT
Hub VCN: Includes a DRG and acts as central hub for external communication

The disaster recovery (DR) region is in OCI US West Region-Phoenix and 2 VCNs. The DR VCN has a topology similar to the production VCN, but without the DMZ or management subnets. The DR Hub VCN includes a DRG and acts as central hub for external communication.