Oracle FLEXCUBE provides integrated and modular universal banking that’s designed to modernize a bank’s core systems and transform it into a digital, agile, connected, and efficient bank of tomorrow. Move your Oracle FLEXCUBE deployment to Oracle Cloud Infrastructure, and take advantage of the inherent security and resilience features of Oracle Cloud.
This reference architecture shows a highly available topology for deploying Oracle FLEXCUBE Universal Banking on Oracle Cloud Infrastructure.
The applications and databases are in separate private subnets, which can be accessed through a bastion host. External access to the applications is through a public load balancer. Each tier has redundant resources in different fault domains to provide a highly available application environment.
Description of the illustration flexcube-oci.png
The architecture has the following components:
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domain
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
- Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from one entry point to multiple servers reachable from your VCN. When you provision the load balancer in a single availability domain, redundant load balancer nodes are distributed across two fault domains.
When you create the application layer in cluster mode, you can configure the load balancer to distribute traffic across the servers in your Oracle WebLogic Server domain.
- Bastion host
The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.
- Application serversThe middle tier consists of compute instances to deploy the following components on Oracle WebLogic Server:
The other components in this tier are:
- Oracle FLEXCUBE Universal Banking System integration with Enterprise Limits and Collateral Management (UBS-ELCM-OB)
- Oracle FLEXCUBE Integration Gateway
- Oracle Banking Digital Experience (OBDX)
- Web tier OBDX
- Oracle Business Intelligence Publisher
- ATM Switch Gateway
- DB systems
For a small deployment, a VM.Standard2.2 shape is sufficient. This architecture uses a DB system with Oracle Database Enterprise Edition - Extreme Performance, using Oracle Real Application Clusters (RAC). It also uses Oracle Automatic Storage Management (Oracle ASM) with a minimum of 256 GB.
- Block volume
With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- NAT gateway
The NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
- Network connectivity
You can manage the environment by connecting to your existing on-premises infrastructure using a site-to-site VPN or a dedicated connection with FastConnect. If the environment needs to be segregated from the existing infrastructure, a bastion host can secure the management connections.
The servers in this architecture use an Oracle Linux 7.7 image. The minimum shape required is VM.Standard2.2. If your application requires more memory, cores, or network bandwidth, choose a larger shape.
The performance of banking applications depends on the workload characteristics and requirements of the specific applications. A synthetic test can't predict performance reliably. For sizing assistance, work with your Oracle Sales consultant to characterize the workload requirements, and provision the resources required to support the environment.
Consider using a high-availability option based on your deployment requirements and your region. The options include distributing resources across multiple availability domains in a region, and distributing resources across the fault domains within an availability domain.