This image shows the basic architecture underlying a deployment of Oracle E-Business Suite workloads on Oracle Cloud with Palo Alto Network VM-Series virtual firewalls.

At the top of the image is an on-premises customer data center. Beneath that is a primary OCI region. Between these elemnts is a box representing the connectivity options for the data center to the OCI region. These options are to connect to a dynamic routing gateway (DRG) within the region via either FastConnect, over one of two private FastConnect virtual circuits (VC1 and VC2), or VPN Connect.

Also exterior to the OCI region the Internet or other cloud providers, to which traffic is routed from the region via an internet gateway.

The OCI region contains these virtual cloud networks:
  • Palo Alto Hub VCN
  • Management VCN
  • Production application and database VCN
  • Pre-production application and database VCN
The Palo Alto Hub VCN contains these subnets:
  • An untrust private subnet. Traffic is routed between this subnet and the internet gateway via an untrust vNIC.
  • A Palo Alto Management public subnet, containing two Palo Alto virtual machines (VM). These machines are connected by a floatimg VIP in the VCN's trust private subnet.
  • A Palo Alto high-availability subnet.
  • A trust private subnet. Traffic is routed between this subnet and the internet gateway via a trust vNIC.
The Management VCN contains two subnets:
  • A corporate management private subnet, comprising an Oracle Enterprise Manager and an E-Business Suite Cloud Manager.
  • A bastion private subnet, which contains the bastion host.
The Management VCN connects to the region via a service gateway.
The production application and database VCN contains these subnets:
  • A load balancer private subnet, which contains an active application load balancer and an OCI-created inactive default second load balancer.
  • An E-Business Suite private subnet, which contains four E-Business Suite applications (EBS App-1 through EBS App-4) and an E-Business Suite Enterprise Command Center (ECC). Traffic traverses each EBS App, from 4 to 1 and is then written to a file system that straddles the subnet and the OCI region.
  • An Exadata Cloud Service private subnet, which contains an Exadata Cloud Service VM cluster and a file system.
  • An Exadata Cloud Service private backup subnet.
The pre-production application and database VCN contains these subnets:
  • A load balancer private subnet, which contains an active application load balancer and an OCI-created inactive default second load balancer.
  • An E-Business Suite private subnet, which contains two E-Business Suite applications (EBS App-1 and EBS App-2) and an E-Business Suite Enterprise Command Center (ECC). Traffic traverses each EBS App, from 2to 1 and is then written to a file system that straddles the subnet and the OCI region.
  • An Exadata Cloud Service private subnet, which contains an Exadata Cloud Service VM cluster and a file system.
  • An Exadata Cloud Service private backup subnet.

Access to each subnet in this architecture is controlled by individual routing tables and security lists.

Also within the region is the Oracle Service Network, comprising the services of that network.

Traffic flows from outside the region through a DRG to the Palo Alto Hub VCN and then between the Trust or Untrust private subnets. All subnets receive traffic from the DRG.