This architecture diagram shows a single Oracle Cloud
Infrastructure (OCI) regional architecture and multiple paths through the architecture.
First we'll describe the physical architecture followed by a description of the multiple
paths.
Micro-batch data is ingested into Oracle Cloud Infrastructure Data
Integration from on-premises sources such as databases, enterprise applications, and
software-as-a-service (SaaS) applications by using APIs. File data is ingested into the
data lake (Oracle Cloud
Infrastructure Object Storage). Federated data from third-party clouds, such as AWS, Azure, and Google Cloud uses a
network address translation (NAT) gateway and is stored in Oracle Autonomous Data Warehouse. Customer premises equipment (CPE) access the OCI region by using a dynmaic
routing gateway (DRG).
The following services and features are provided for the region by the Oracle
Services Network:
- Compartments
- Oracle Cloud Infrastructure Data Catalog
- Oracle Cloud Infrastructure Data Science Model Deployment
- Oracle Cloud Infrastructure Identity
and Access Management
- Oracle Cloud
Infrastructure Object Storage data lake with bronze, silver, and gold data collections
- Oracle Cloud Infrastructure Vault
- Policies
The region includes 2 virtual cloud networks (VCNs): a hub VCN and a
workload VCN. It also includes a dynamic routing gateway (DRG), which provides private
connectivity between on-premises networks and VCNs by using site-to-site VPN. A DRG can
also route traffic between VCNs for remote peering. The DRG is connected to VCN-0 (Hub
VCN) and VCN-1 (Workload VCN).
The Hub VCN includes the following gateways:
- Internet gateway: Provides communications between public subnets and
internet hosts.
- Service gateway: Allows the VCN to communicate with services such as
object storage over the Oracle network fabric without traversing the internet.
The Hub VCN has a public subnet with a security list and route table that
includes an Oracle Cloud Infrastructure Web
Application Firewall instance to handle incoming requests from the internet, and public and standby load
balancers to distribute traffic to Oracle
Analytics Cloud in the workload VCN.
The workload VCN provides the following gateways:
- Network address translation (NAT) gateway: Enables private resources in
a VCN to access hosts on the internet without exposing those resources to incoming
internet connections. In this architecture, data from third-party clouds uses a
network address translation (NAT) gateway and is stored in Oracle Autonomous Data Warehouse.
- Service gateway: Allows the VCN to communicate with services such as
object storage over the Oracle network fabric without traversing the internet.
The workload VCN has three private subnets, each with its own security list
and route table:
- Application private subnet: Includes an Oracle Cloud Infrastructure
Bastion instance to handle incoming requests from customer premises equipment (CPE) that
come through the DRG, Oracle
Analytics Cloud and Oracle Cloud
Infrastructure API Gateway.
- Mid-tier private subnet: Includes Oracle Cloud Infrastructure Data
Integration, Oracle Cloud Infrastructure Data Flow, and Oracle Cloud Infrastructure Data Science.
- Data private subnet: Includes Oracle Autonomous Data Warehouse.
Data paths shown in the diagram include:
- Ingest: Micro-batch data is ingested into Oracle Cloud Infrastructure Data
Integration from on-premises sources such as databases, enterprise applications, and
software-as-a-service (SaaS) applications by using APIs. File data is ingested
into the data lake (Oracle Cloud
Infrastructure Object Storage). Federated data from third-party clouds, such as AWS, Azure, and Google
Cloud uses a network address translation (NAT) gateway and is stored in Oracle Autonomous Data Warehouse.
- Transform: Micro-batch data is transformed by Oracle Cloud Infrastructure Data
Integration and Oracle Cloud Infrastructure Data Flow and is sent to Oracle Autonomous Data Warehouse.
- Curate: Oracle Cloud Infrastructure Data Catalog curates metadata that is harvested in ADW and object storage and is used by
ADW. Data is virtualized between ADW and the data lake (Oracle Cloud
Infrastructure Object Storage).
- Analyze, Predict, and Measure: Data from ADW is used by Oracle
Analytics Cloud and by Oracle Cloud Infrastructure Data Science to deploy models to Oracle Cloud Infrastructure Data Science Model Deployment. Oracle Cloud
Infrastructure API Gateway is used to invoke inferencing in the model.
- Federate: Federated data from third-party clouds, such as AWS, Azure, and
Google Cloud uses a network address translation (NAT) gateway and is stored in
ADW.