The image shows 1 region with 2 compartments in a single availability domain, an on-premises location, and multiple third-party clouds and service providers. The region provides authentication (IDCS), auditing, policies, Oracle Cloud Infrastructure Resource Manager for Terraform, and Oracle Cloud Infrastructure Object Storage for COMM vault backup.

On-premises users connect to Oracle Cloud Infrastructure (OCI) by using on-premises routers and then either a multiprotocol label switching (MPLS) network and Oracle Cloud Infrastructure FastConnect or a site-to-site VPN. Incoming traffic to Oracle Cloud is routed through a dynamic routing gateway (DRG). Users connect to Azure development operations (DevOps) over the internet, while Azure is connected to OCI by using the site-to-site VPN.

VPN compartment: Contains 1 hub virtual cloud network (VCN) and 1 subnet which provides a security list and a route table. The VCN acts as a hub that includes a DRG and a network address translation (NAT) gateway and that houses a virtual private network (VPN) server on a virtual machine (VM). The VCN communicates with the VCN in the other compartment by using local peering.

Production compartment: Contains 1 virtual cloud network (VCN) that communicates with the VCN in the other compartment by using local peering. The VCN provides an internet gateway for communications with third-party clouds and service providers. The VCN has 5 spoke subnets, each of which provides a security list and a route table:

• DMZ Subnet: Contains a load balancer that manages traffic to the backend subnet.
• Backend Subnet: Contains an Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster with a node pool and 3 namespaces:
  • Node Pool: Provides a master node, and multiple worker nodes, which scale from 10-30 depending on demand.
  • Namespace B2C: Provides Bookings, MyTrips, Checkin, and Flight services.
  • Namespace Sales: Provides Flight Anticipation, Config, Cancellation-Refund, Profile, Cat2, External Ancillaries, Shopping Booking, Flight Status, Customer Communication, and Checkin services.
  • Namespace Common: Provides Authentication, Session Manager, and Profile services. The Profile service communicates with the profile database in the Database compartment.
• Database Subnet: Provides an Oracle Autonomous Database database for profiles and an Oracle Exadata Database Service instance for database NetLine replication.
• Backup Subnet: Provides a COMM vault backup that uses Oracle Cloud Infrastructure Object Storage provided at the regional level.
• Observability Subnet: Provides an Elasticsearch, Logstash, and Kibana (ELK) stack running on virtual machines.

Third-party providers include:

• Third-party cloud: B2C customers use the app and international website to access the Oracle Cloud by using Oracle Cloud Infrastructure Web Application Firewall on OCI.
• Third-party BRA (Rental Services): Uses an API and firewall to access data from External Ancillary services in OKE.
• Third-party BRA (Insurance Company): Uses an API and firewall to access data from External Ancillary services in OKE.
• Third-party BRA (Credit Card Services): Uses an API and firewall to access data from Shopping Booking services in OKE.
• Third-party BRA (Mailing Services): Uses an API and firewall to access data from Shopping Booking services in OKE.
• Oracle Responsys: Accesses data from Customer Communication services in OKE.
• Third-party GER: Houses and replicates the NetLine database to the Database Compartment in Oracle Cloud and uses an API to access data from services in OKE.