The image shows two Oracle Cloud Infrastructure regions (OCI Region 1 and OCI Region 2), side by side, with API Consumers between them, along with a DNS instance. Both regions contain a single Availability Domain (AD), a VCN, a full stack Disaster Recovery (DR) instance, a Terraform file, a group of API providers, and a group of Oracle Service Network services. The regions monitor each other through a remote peering instance. When backup or failover is required, the DR instances communicate across the regions, and the Terraform files are passed over a CI/CD process.

The Oracle Service Network services included are:

OCI Audit
OCI Identity and Access Management
Oracle Identity Cloud Service
OCI Logging
OCI Logging Analytics
Policies

Each VCN contains two subnets, one public and one public/private. All of these components span the availability domains in their respective regions. The VCN also contains a web application firewall (WAF) that is external to the subnets. The public subnets contain an load balancer and, external to the AD, a bastion service. The public/private subnets contain an Oracle API Gateway. Access to the subnets is controlled by a security list and a routing table.

API consumers outside of both regions access Region 1 (or Region 2, in case of failover from Region 1) via a Domain Name Service (DNS) and then through a Internet Gateway to the WAF in the AD. Traffic is then directed to the load balancer in the public subnet, which passes it on to the Oracle API Gateway. The API Gateway sends a stack to Terraform and makes API calls to the API providers, which can feed back through a Service Gateway.