Deploy Oracle Database@AWS

You can deploy Oracle Database on Oracle Exadata Database Service on Dedicated Infrastructure colocated in AWS data centers and managed by Oracle. Oracle Database@AWS integrates into AWS networking and AWS Virtual Private Cloud (VPC).

You can provision and manage Oracle Database@AWS using the AWS console. AWS IAM provides identity and access management for Oracle Database@AWS.

Note:

Oracle Database@AWS is currently available in Limited Preview. To request more information, see Learn about Oracle Database@AWS.

Before You Begin

Before you attempt to deploy this architecture:

You must subscribe to Oracle Database@AWS from the AWS Marketplace.
Ensure that you have adequate Oracle Exadata Database Service on Dedicated Infrastructure OCI service limits prior to provisioning. For more information, see OCI Service limits and Requesting a Service Limit Increase, linked in Explore More.

Architecture

Oracle Database@AWS extends Oracle Database capabilities into AWS Availability Zones as a native service. The following architecture diagram shows the main topology for Oracle Database@AWS with application resources within a VPC of an AWS region.

Description of db-aws-main-arch.png follows

Description of the illustration db-aws-main-arch.png

db-aws-main-arch-oracle.zip

The Oracle Exadata Database Service resides within the OCI-managed child site inside the ODB network created exclusively for Oracle Database@AWS. A customer application hosted on AWS and deployed within an application Virtual Private Cloud (VPC) communicates with Oracle Database@AWS by using the database connection options available.

This architecture supports the following components:

AWS Region
AWS Regions are separate geographic areas. They consist of multiple, physically separated, and isolated Availability Zones that are connected with low latency, high throughput, highly redundant networking.
AWS Availability Zone
Availability zones are highly available data centers within each AWS region.
AWS Virtual Private Cloud
AWS Virtual Private Cloud (AWS VPC) enables you to launch AWS resources into a virtual network you've defined. This virtual network resembles a traditional network that you operate in your own data center, with the benefits of using the scalable infrastructure of AWS. After you create a VPC, you can add subnets.
AWS Subnet
A subnet is a range of IP addresses in your AWS VPC. You can create AWS resources, such as EC2 instances, in specific subnets.
ODB network
The ODB network is a private network that hosts Exadata VM clusters in a specified availability zone. You can set up peering between an ODB network and a VPC, which enables applications to connect to your Exadata databases.
Oracle Exadata Database Service on Dedicated Infrastructure
Oracle Exadata Database Service on Dedicated Infrastructure enables you to leverage the power of Exadata in the cloud. Oracle Exadata Database Service delivers proven Oracle Database capabilities on purpose-built, optimized Oracle Exadata infrastructure in the public cloud. Built-in cloud automation, elastic resource scaling, security, and fast performance for all Oracle Database workloads helps you simplify management and reduce costs.
OCI Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, hosting availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
Network security groups (NSGs)
NSGs define a set of ingress and egress rules that apply to specific resources within a VCN and enable you to separate the VCN's subnet architecture from the security requirements of your application.
Object storage
OCI Object Storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store data directly from the internet or from within the cloud platform. You can scale storage without experiencing any degradation in performance or service reliability.
OCI Vault
OCI Vault enables you to centrally manage the encryption keys that protect your data and the secret credentials that you use to secure access to your resources in the cloud. You can use the Vault service to create and manage vaults, keys, and secrets. The default key management is Oracle-managed keys. You can use customer-managed keys which use OCI Vault.

OCI Vault also offers a rich set of Rest APIs to manage vaults and keys.

Recommendations

Use the following recommendations as a starting point when deploying multicloud workloads. Your requirements might differ from the architecture described here.

High Availability
Oracle Exadata Database Service on Dedicated Infrastructure provides high availability through several built-in features that ensure minimal downtime and data protection. Oracle Real Application Cluster (RAC) is used for active-active clustering, enabling database instances to run on multiple nodes, ensuring continuous availability even if one node fails. Additionally, Oracle Automatic Storage Management (ASM) has redundancy, fault tolerance, and fast recovery options, making it a robust platform for mission-critical workloads.
Backup
Automatic backups for databases provisioned in Oracle Exadata Database Service on Dedicated Infrastructure can be backed up to OCI Object Storage in the OCI region. The automatic backup process starts at any time during your daily backup window. You can optionally specify a two-hour scheduling window for your database during which the automatic backup process will begin and the retention window for those backups.
Security
Oracle Data Safe is an OCI cloud-native tool that enables you to achieve data privacy and data compliance for your Oracle databases. Oracle Data Safe empowers organizations to understand data sensitivity, evaluate data risks, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and manage Oracle Database 23ai SQL Firewall—all in a single, unified console. These capabilities help to manage the day-to-day security and compliance requirements of Oracle databases.

Considerations

Consider the following points when deploying this reference architecture:

OCI Tenancy
The OCI tenancy must support OCI identity domains. If you don't have an existing one, you can create an OCI tenancy when signing up.
Network Connectivity
Plan your network connectivity in advance to define your network address space (CIDR) and topologies. You need at least one Application VPC that you can pair with the ODB network and this application and VPC need to be in the same region and AZ as the ODB network. The CIDR blocks for any AWS VPC and OCI VCN must not overlap.
Configuration
Database subnets should be configured with non-overlapping IP classless inter-domain routing (CIDR) ranges. Optionally, client applications can be configured to use Oracle Transparent Application Continuity (TAC) to maximize availability during planned and unplanned outages.

Explore More

Learn more about deploying multicloud and running Oracle Database@AWS.

Review these additional solutions:

Review the following documentation:

Review these additional resources:

Acknowledgments

Authors: Anwar Belayachi, Suzanne Holliday
Contributors: Tammy Bedner, Eduardo Claro, Wei Han, Roy Rodan, Rajib Sadhu, Thomas Van Buggenhout, Soum Dasgupta, Gavin Parish