This image shows a single tenancy and compartment encompassing two regions, a production region and a database failover region, each with one availability domain. The regions are connected using remote peering. Data Guard connects the production and disaster recovery database systems in each region which include transparent data encryption (TDE).

The compartment provides object storage and Cloud Guard security and the regions provide Auditing, Monitoring, Resource Management, and IAM services.

• The production region provides a single virtual cloud network (VCN) with the following gateways:
  • Internet gateway: Provides communications between public subnets and internet hosts.
  • NAT gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
  • Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.
  • Dynamic routing gateway (DRG): Provides private connectivity for remote peering.
  • Remote Peering: Allow subnet resources in different regions to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network.

  The production VCN provides two subnets with security lists arranged as functional tiers:

  • Server Tier - Public Subnet 1 (10.0.31.0/24): Provides block storage and web and application servers in each of two fault domains connected to the Database Tier.
  • Database Tier - Private Subnet 1 (10.0.32.0/24): Provides Oracle Database Cloud Service connected to the servers in the Server Tier.
• The database failover region provides a single VCN with a dynamic routing gateway and one private subnet with a security list. The private subnet provides a failover instance of Oracle Database Cloud Service connected to the production database instance by Data Guard and protected by TDE.