The image shows the Oracle E-Business Suite Cloud Manager (CM) Tenancy (or Root Compartment) using the secure landing zone on Oracle Cloud Infrastructure (OCI) with compartments, management groups and other resources in the Root compartment, like Policies, Events, and Cloud Guard. You can also create an optional enclosing compartment to contain the Landing Zone compartments: Network, Security, and the EBS Top-Level Application Compartment which hosts the EBS Cloud Manager, and application compartments.

A member of the Tenancy Administrators group must run the initial deployment of the IAM stack. After initial deployment, IAM Administrators can manage the IAM stack including compartments, groups, and policies.

The Management Groups include various user groups including IAM and Credentials administrators, Security administrators, Security users, Network users, Network administrators, EBS CM admins, and EBS environment admins for each category of environment such as Production, Test, or QA.

The Tenancy includes a Network compartment, Security compartment, and an E-Business Suite (EBS) Top-Level Application Compartment.

Tenancy admins must run the initial setup. The IAM Stack creates the management groups and must be deployed into all the compartments to apply the policies to each compartment including Root. After initial deployment, IAM administrators can manage the IAM stack including compartments, groups, and policies.

• The Network Stack must be deployed to the Network compartment. The Network compartment has a Virtual Cloud Network (VCN) that includes one set of subnets for each EBS environment category, such as Production, Test, or QA. Network administrators manage the Network Stack. The Network compartment hosts the following subnets:
  • A Bastion subnet which has a Bastion service
  • An EBS CM subnet
  • And an EBS CB LB subnet
  • File Storage Mount Target subnet

  The following are the set of subnets in the Network compartment for each EBS environment category:

  • Load Balancer (LB) Subnet
  • App Subnet
  • Database Subnet
  • External LB Subnet: This is the only public subnet
  • External App Subnet

  Note:

  You must have one set of subnets for each EBS category.
  The type of VCN drives which gateways are attached to them:
  • An internet gateway for connectivity to the public internet.
  • A NAT gateway for one-way connectivity from resources in the private subnets to the public internet.
  • Service gateway for connectivity to the Oracle Services Network (OSN).
  • The route tables of the private subnets contain rules to direct traffic destined for the OSN through the Service Gateway.
  • The route table of the App subnet has an additional rule to direct traffic bound for the public internet through the Internet Gateway.
• The Security compartment hosts the Oracle Cloud Infrastructure Vault which has the key and Secrets.
• EBS CM Admins manage the CM Stack which deploys the EBS CM instance and the EBS CM LB to the E-Business Suite Top-Level Application.
• The Oracle E-Business Suite Top-Level Application compartment includes two compartments: an E-Business Suite Cloud Manager (CM) compartment and an application environment compartment.
  • The EBS Cloud Manager compartment hosts the EBS CM stack, EBS CM instance, EBS CM LB, and the CM LB. The EBS CM admins manage the EBS CM stack.
  • The EBS environment compartment (grayed out) shows the EBS environment LB, App Tier, and DB tier that you can install and set up after you complete the deployment of this solution. You require one compartment for each EBS environment category such as Production, Test, QA.
  • EBS Environment Admins management group manages the EBS environments (grayed out) which run an EBS CM instance, using the CM Web Portal.
  • The grayed out EBS Environment includes an LB, App Tier, and DB Tier.

    Note:

    You must have one compartment for each environment category, such as Production, Test, and QA.