This image shows a single tenancy and compartment encompassing two regions, a production region and a database failover region, each with one availability domain. The regions are connected using remote peering. Data Guard connects the production and disaster recovery database systems in each region which include transparent data encryption (TDE).
The compartment provides object storage and Cloud Guard security and the regions provide Auditing, Monitoring, Resource Management, and IAM services.
- The production region provides a single virtual cloud network (VCN) with the following gateways:
- Internet gateway: Provides communications between public subnets and internet hosts.
- NAT gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
- Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.
- Dynamic routing gateway (DRG): Provides private connectivity for remote peering.
- Remote Peering: Allow subnet resources in different regions to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network.
The production VCN provides three subnets with security lists arranged as functional tiers:
- Load Blanacer Tier - Public Subnet 1 (10.0.31.0/24): Provides load balancers in each of two fault domains to handle incoming traffic from the internet gateway.
- Server Tier - Public Subnet 2 (10.1.31.0/24): Provides Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster that spans both fault domains to deploy web and application servers. Oracle Cloud Infrastructure Registry works with OKE to store, share, and manage development artifacts, like Docker images
- Database Tier - Private Subnet 1 (10.0.32.0/24): Provides Oracle Database Cloud Service connected to the servers in the Server Tier.
- The database failover region provides a single VCN with a dynamic routing gateway and one private subnet with a security list. The private subnet provides a failover instance of Oracle Database Cloud Service connected to the production database instance by Data Guard and protected by TDE.