Data Intensity: Lift and Shift On-Premises Apps, Databases, and Middleware to Oracle Cloud
Managed service provider, Data Intensity, scaled out a client's implementation of Oracle E-Business Suite 11.5.10.2, Hyperion 11.1, Oracle Database 11.2.0.4, and Oracle SOA middleware by "lifting and shifting" these applications and databases to Oracle Cloud Infrastructure (OCI).
Founded in 2001, Data Intensity provides full-stack, SLA-backed, technical and functional application-managed services on multiple cloud platforms. With technical certifications in Oracle E-Business Suite (EBS), Oracle Exadata, Oracle Cloud Infrastructure, Oracle SaaS ERP, and multiple PaaS services, Data Intensity offers a range of services including Effective License Position (ELP) assessments, cloud-migration services, operational managed services, and functional adaptation of Oracle E-Business Suite and Oracle software-as-as-service (SaaS) implementations.
Although its client was running unsupported versions of Oracle on-premises applications, they were still able to help modernize the customer’s workload environment by moving it to OCI and by providing the applications with greater stability, availability, performance, and efficiency, while taking advantage of native and modern cloud services.
After completing this migration, Data Intensity has helped its client:
- Upgrade IT infrastructure: By moving to OCI, Oracle E-Business Suite, Hyperion, and database applications can take advantage of the latest generations of hardware while using a hypervisor to update and patch that hardware.
- Accelerate development, QA, and UAT: By moving to OCI, Data Intensity’s client can easily provision multiple environments for development, testing, and user acceptance without having to worry about resource contention with on-premises hardware. Data Intensity’s client is now able to perform testing in a timely manner with adequate resources.
- Reduce labor costs: Migrating Hyperion from Windows 2008 R2 servers to OCI with Rackware enabled Data Intensity to reduce its client’s labor costs by 60%, delivering a more modern and scalable infrastructure that requires less care and maintenance.
- Consolidate resource and license management: Data Intensity’s customer previously ran three non-production database servers across six non-production environments. After moving to OCI virtual instances running on OCI hardware, Data Intensity was able to consolidate the environments into two non-production database servers, reduce the number of CPUs consumed and, reduce the Oracle licensing footprint
Highlights of this deployment include:
- Multiregion deployment, including a primary site in Ashburn, and a disaster recovery region in Phoenix
- Dual connectivity from an on-premises data center to the OCI virtual cloud network by using Oracle Cloud Infrastructure FastConnect and a virtual private network (VPN) with an internet protocol security (IPsec) tunnel
- Flexible routing by using Oracle dynamic routing gateway (DRG) configurations to define static and dynamic routing policies
Architecture
The primary region for this Oracle Cloud Infrastructure (OCI) deployment is the US East Region in Ashburn which includes multiple environments in two primary virtual cloud networks (VCNs): one for production workloads and another for non-production workloads.
The non-production VCN includes development (dev), quality assurance (QA), and user acceptance testing (UAT). A single, dynamic routing gateway (DRG) is deployed in each region and acts as a central hub for external communication. The DRG also provides internal VCN-to-VCN communications by using remote peering which includes the Oracle Services Network in the remote region.
Data Intensity uses Azure Windows Virtual Desktop (WVD) to manage this client's tenancy by using a site-to-site virtual private network (VPN) established between Azure and the DRG. From a private cloud data center, Data Intensity uses Oracle Cloud Infrastructure FastConnect to connect the customer’s location to the VCNs in the OCI Ashburn region for data migration. A VPN IPSec tunnel provides a secondary connection and serves as a backup connection from the on-premises environment to OCI. For disaster recovery (DR), remote peering is used to connect the Ashburn Region to the Phoenix Region. A FastConnect connection and a VPN IPSec tunnel are also established from on-premises to the Phoenix Region DRG. The connectivity configuration supports 1-hour recovery point objective (RPO) and 24-hour recovery time objective (RTO) requirements for the customer.
Users access the Oracle applications either from the internet by using an internet gateway or from on-premises by using FastConnect. The Oracle application front-ends are load balanced (private and public) for high availability and users are redirected to their application based on assigned URLs. Each application is segmented by subnets as well as by their corresponding databases. A secure file transfer protocol (SFTP) server is deployed in a DMZ subnet for Oracle application files from external sources. Oracle databases run on virtual machine instances. For disaster recovery, the Oracle databases are replicated by using data guard and the application data is replicated using rsync. The OCI native backup feature is used to back up the systems to Oracle Cloud Infrastructure Object Storage. LogicManager is deployed as a virtual machine instance to monitor application performance and alerts.
The following diagram illustrates the architecture:
data-intensity-oci-architecture-oracle.zip
To get even more value from the migrated applications and database workloads running on OCI, Data Intensity's client is now looking to deploy Oracle Analytics Cloud (OAC) and Oracle Integration. To ensure its OCI environment remains highly available and secure, Data Intensity's client is also looking to deploy various Oracle Cloud Observability and Management Platform services such as Stack Monitoring, Capacity Planning, and Cloud Guard.
The following diagram illustrates the future state architecture:
data-intensity-oci-future-oracle.zip
The architecture has the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Site-to-Site VPN
Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- FastConnect
Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Remote peering
Remote peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- VM DB System
Oracle VM Database System is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. A VM database system uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
Get Featured in Built and Deployed
Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.
- Download the template (PPTX)
Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.
- Watch the architecture tutorial
Get step by step instructions on how to create a reference architecture.
- Submit your diagram
Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.