This image shows a cloud topology deployed in an Oracle Cloud Infrastructure region with a single availability domain. The resources are distributed across two fault domains.

The topology has a single VCN, with the following subnets:

• A public subnet for the bastion host.
• A public subnet for the load balancer.
• A private subnet for the following Oracle WebLogic servers, one in each fault domain:
  • Oracle Banking Digital Experience (OBDX)

This subnet also contains block volumes for the WebLogic servers.

• A private subnet for the app tier, which includes the following components:
  • Web tier OBDX

This subnet also contains block volumes for the components in the app tier.

• A private subnet for the data tier, which consists of a 2-node RAC database system.

Every subnet has a route table and a security list to regulate network traffic.

The VCN has the following gateways:

• An internet gateway for connectivity between the public internet and the bastion host (SSH/22) and the LB nodes (HTTPS/43).
• A NAT gateway for one-way access from the resources in the private subnets to the public internet.
• A service gateway for connectivity between the private subnets and resources in the Oracle services network: the Object Storage service and the regional Yum repository.

The network security group (NSG) provides a virtual firewall for a set of cloud resources that all have the same security posture. In the architecture, we suggest one NSG per subnet.

Oracle Cloud Guard is used to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions based on responder recipes that you define.