This image shows an Oracle Cloud Infrastructure region that provides object storage for the region. The region includes a single availability domain with two fault domains. The availability domain provides file storage for the availability domain. The availability domain includes a virtual cloud network (VCN) with four regional subnets with routing tables and security lists for each subnet. The VCN includes the following gateways:

• A dynamic routing gateway (DRG) for private connections from the customer's data center through IPSec VPN or FastConnect to the bastion and load balancing subnets.
• An internet gateway for user connections to the load balancing subnet.
• A network address translation (NAT) gateway for user connections to the applications layer and database subnets.
• A Service gateway to connect the VCN to object storage services.

The regional subnets are arranged as functional layers:

• Bastion subnet (regional public subnet): A bastion server resides in fault domain 2 and connects to the DRG and to the application layer and database private subnets.

• Load balancing subnet (regional public subnet): A load balancer resides in each of the two fault domains. The subnet connects to the DRG and the internet gateway and to the WebSphere Platform in the application layer subnet.

• Application layer subnet (regional private subnet): A WebSphere Platform block spans the two fault domains and contains a virtual machine (VM) in each of the fault domains. The subnet connects to the NAT gateway. The WebSphere Platform block connects to both the load balancing and database subnets.

• Database subnet (regional private subnet): The subnet contains a database system and connects to the NAT gateway. The database system communicates with the WebSphere Platform block through an ODBC interface.