- A dynamic routing gateway (DRG) for private connections from the customer's data center through IPSec VPN or FastConnect to the bastion and load balancing subnets.
- An internet gateway for user connections to the load balancing subnet.
- A network address translation (NAT) gateway for user connections to the applications layer and database subnets.
- A Service gateway to connect the VCN to object storage services.
The regional subnets are arranged as functional layers:
Bastion subnet (regional public subnet): A bastion server resides in fault domain 2 and connects to the DRG and to the application layer and database private subnets.
Load balancing subnet (regional public subnet): A load balancer resides in each of the two fault domains. The subnet connects to the DRG and the internet gateway and to the WebSphere Platform in the application layer subnet.
Application layer subnet (regional private subnet): A WebSphere Platform block spans the two fault domains and contains a virtual machine (VM) in each of the fault domains. The subnet connects to the NAT gateway. The WebSphere Platform block connects to both the load balancing and database subnets.
Database subnet (regional private subnet): The subnet contains a database system and connects to the NAT gateway. The database system communicates with the WebSphere Platform block through an ODBC interface.