QRyde by HBSS: Comprehensive Shared Ride Scheduling Platform Deployment on Oracle Cloud
QRyde is a mobile, transportation management platform operated by HBSS, focusing on paratransit ride sharing services for underserved communities throughout the United States.
To help scale its ride booking, ride cost-sharing, and bidding management services to education institutions, healthcare companies, and public transit agencies throughout the U.S., QRyde has deployed its customers' workloads in their own private, dedicated tenancy on Oracle Cloud Infrastructure (OCI).
Customer Story
Learn more about QRyde by HBSS's journey to Oracle Cloud:
Learn more about QRyde by HBSS's future implementation plans:
Architecture
Each one of QRyde's customers has a primary system running in the Oracle Cloud region in Ashburn, and a disaster recovery environment running in the Oracle Cloud region in Phoenix. Both production and disaster recovery environments are connected using remote peering connections, allowing network traffic to flow swiftly between the two environments.
Traffic is directed to its customer environments on Oracle Cloud Infrastructure (OCI) through a domain name system (DNS) using an internet gateway for an internet connection to the public subnet.
QRyde's production environment has two virtual cloud networks (VCNs): a primary VCN and a secondary VCN. The two are connected by remote peering using dynamic routing gateways (DRGs).
The primary VCN has two subnets:
- Public subnet: Web and application servers
- Private subnet: Database
In the primary VCN, QRyde deploys its applications for customers in the public subnet and Oracle Database Cloud Service in the private subnet.
The virtual machine (VM) instances are distributed across two fault domains to protect against hardware failures.
QRyde also uses Active Data Guard on the Database Cloud Service instance to enable high availability, and to maintain an active replication of the primary database to a standby database. If a disaster occurs, the primary database can fail over to the standby, and continue running the application. With Active Data Guard, QRyde customers can offload reporting and querying to the standby database, eliminating downtime, rework, or data loss. To provide extra protection for its data, QRyde included regular database backups in the design, which are sent to Oracle Cloud Infrastructure Object Storage buckets.
QRyde also points out transparent data encryption as a critical feature to meet customer and compliance requirements. They have automated the provisioning and configuration of customer application servers using Oracle Cloud Infrastructure Resource Manager and Terraform.
The following diagram illustrates this reference architecture.
hbss-qryde-oci-arch-oracle.zip
Future implementation plans include adding load balancers and Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) to provide dynamic scalability as their multitenant infrastructure grows.
The architecture has the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
All the resources in this architecture are deployed in a single region.
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy.
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
All the resources in this architecture are deployed in a single availability domain.
- Fault domain
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
- Network address translation (NAT) gateway
A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
- Block volume
With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- Compute
The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
- Oracle Database Cloud service
Oracle Database Cloud service is a fully managed database service that lets developers quickly develop and deploy secure, cloud native applications. Oracle automates all tasks, such as backup and recovery, database and operating system patching, updates, and data encryption.
- Data Guard
Oracle Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to remain available without interruption. Oracle Data Guard maintains these standby databases as copies of the production database. Then, if the production database becomes unavailable because of a planned or an unplanned outage, Oracle Data Guard can switch any standby database to the production role, minimizing the downtime associated with the outage.
- Active Data Guard
Oracle Active Data Guard delivers real-time data protection and availability while eliminating compromise inherent to other solutions for the Oracle Database. It enables zero data loss disaster recovery across any distance without impacting database performance. It repairs physical corruption without impacting availability and saves network bandwidth without special-purpose network devices. Active Data Guard reduces downtime for Oracle Database upgrades without error-prone manual procedures. It increases return on investment in disaster recovery systems using the simplicity of physical replication.
- Remote peering
Remote peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.
- Cloud Guard
You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
- Monitoring
Oracle Cloud Infrastructure Monitoring service actively and passively monitors your cloud resources using metrics to monitor resources and alarms to notify you when these metrics meet alarm-specified triggers.
A future implementation has the following additional components:
- Load balancer
The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- Container Engine for Kubernetes
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing tenancy. Container Engine for Kubernetes uses Kubernetes to automate the deployment, scaling, and management of containerized applications across clusters of hosts.
- Registry
Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development-to-production workflow. Registry makes it easy for you to store, share, and manage development artifacts, like Docker images. The highly available and scalable architecture of Oracle Cloud Infrastructure ensures that you can deploy and manage your applications reliably.