This image shows two regions, each with one availability domain and three fault domains. File and object storage is provided in each region. The regions are connected using remote peering. Data Guard connects the production and disaster recovery database systems in each region to ensure synchronization and availability.

One region provides a production environment with a production virtual cloud network (VCN). The other region provides VCN for database disaster recovery that includes a single private subnet to host the backup database system. The VCNs provide the following gateways:

• Internet Gateway (production VCN only): Provides communications between public subnets and internet hosts.
• Dynamic Routing Gateway (DRG): Provides private communications between the customer data center and the VCN and subnets using VPN and for secure communications between VCNs in different regions.
• Service Gateway: Connects the VCN to object storage and other Oracle services for the region.
• Remote Peering Gateway: Allow VCN resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network.

The customer data center connects to a public subnet in the production VCN over a virtual private network (VPN) for internal access. Online users and third-party tools connect to the public subnet in the production VCN over an Imperva web application firewall (WAF).

The production VCN provides a public subnet and six private subnets arranged as functional layers:

• Traffic management (public subnet): External traffic is routed through a Palo Alto firewall virtual machine (VM) in fault domain 3 and is routed to a load balancer VM in fault domain 2. The load balancer manages user traffic to the customer web portal subnet and to the internal customer service center (CSC) subnet. External and internal toll system server VMs are located in each of the three fault domains. Domain control and proxy server VMs are also located in each of the three fault domains.
• Customer web portal (private subnet): VMS for customer web portal and customer web portal reporter servers are located in t fault domains 1 and 3. Data is stored in the NAS and database systems.
• Internal customer service center (CSC) (private subnet): VMS for internal CSC and internal CSC reporter servers are located in t fault domains 1 and 3.
• Road interfaces (private subnet): Washington State Department of Transportation (WSDOT) interface VMs are located in fault domains 1 and 3. RoadSide interfaces VMs are located in each of the 3 fault domains.
• Plate finder (private subnet): Plate finder (Java based) VM is located in fault domain 1. Image crop (Java based) VM is located in fault domain 3. Data is stored in the NAS system.
• Database system (private subnet): The database system is located in fault domain 1.
• Network attached storage (NAS) (private subnet): NAS storage VMs are located in fault domains 1 and 2.