The image shows the connections between the Oracle Cloud and the on-premises data center as implemented by this architecture. The Oracle Cloud instance contains a tenancy, containing an OCI compartment, a Data Safe Service virtual cloud network (VCN), a private endpoint VCN, an Oracle Services tenancy, which resides ion the border of a VCN administrator instance containing Oracle Cloud operations. The OCI compartment contains an auditing service, on-premises connectors, and database targets.

The on-premises data center contains an Exadata Cloud@Customer instance, comprising ax Exadata database and a Data Safe connector, and a Control Plane Server (CPS) infrastructure instance.

Traffic is routed as follows:

Between the VCN administrator through the Oracle Service tenancy to the OCI compartment by using service management API calls.
Between the private endpoint and the Exadata Cloud@Customer instance, over FastConnect.
Between the Data Safe Service VCN and the Exadata Cloud@Customer instance, through the Data Safe Connector in the Exadata Cloud@Customer instance.
Between the Exadata Cloud@Customer instance and the CPS infrastructure instance over both a persistent tunnel and a temporary tunnel.
From the CPS to the VCN administrator over both a persistent tunnel and a temporary tunnel.