This image shows a single Oracle Cloud Infrastructure region and tenancy with three availability domains and a single virtual cloud network (VCN).

The region provides the following services:

• Identity and access management
• Object storage
• File storage
• Data Flow (SPARK)

External users connect to the VCN through Oracle Cloud Infrastructure Web Application Firewall and an internet gateway. The VCN also provides a NAT gateware for secure communications between subnets and a service gateway for communication with regional services. The VCN provides 5 subnets arranged as functional

• Load balancer tier (public subnet): Resides in availability domain 1 and distributes user traffic to the bastion, workload and failover tiers.
• Bastion host tier (public subnet): Resides in availability domain 1 and validates traffic to the database tier.
• Workload tier (private subnet): Resides in availability domain 2 and provides Kubernetes workloads for the Sisense and SpendAI applications which use regional file storage services. Workflows are scheduled and monitored using Oracle Cloud Infrastructure Data Flow in conjunction with Airflow running on compute instances and communicating with the database tier.
• Database tier (private subnet): Resides in availability domain 2 and contains an Oracle MySQL Database Service system.
• Failover tier (private subnet): Resides in availability domain 3 and includes a Sisense instance that is part of the Oracle Cloud Infrastructure Container Engine for Kubernetes cluster that includes Kubernetes workload in the Workload tier. It also includes a failover instance of Oracle MySQL Database Service for the database tier.