This image shows an Oracle Cloud region. Within the region contains a Virtual Cloud Network (VCN); an Internet Gateway connects the VCN to the cloud. The Cloud Region also contains two availability domains (AD), labeled AD1 and AD2; AD2 is split into two containers.

Spread across the ADs are subnets, one public and two private. The public subnet of AD1 contains a primary load balancer, which is connected as follows: AD1's first private subnet contains a VM, which is connected bidirectionally to the AD1 public subnet load balancer, as described previously, and bidirectionally to a database system in AD2's database tier subnet.

AD1's database tier subnet contains a database system, which is synchronized by Data Guard to a database system in AD2's database tier subnet.

AD2 contains: AD2 also contains in the private subnet that contains the web servers a bastion host that links one way, secured by SSH, to those webservers and one way, also secured by SSH, to the database tier.

The bastion host is connected bidirectionally outside the region over SSH to a dynamic routing gateway, which itself connects bidirectionally over FastConnect VP to the customer's datacenter.

The database tier is connected to external object storage by a service gateway to Recovery Manager (RMAN) backup service.