This image shows an Oracle Cloud Infrastructure (OCI) region with 1 availability domain, 3 fault domains, and a software-as-a-service (SaaS) tenancy.

The SaaS tenancy shows Oracle Fusion Cloud Enterprise Resource Planning and Oracle Fusion Cloud Supply Chain & Manufacturing apps.

The on-premises customer data center uses a firewall and site-to-site (active and standby) VPN to connect to OCI by using a dynamic routing gateway (DRG).

The region provides the following services:

• Oracle Mobile Hub
• Oracle Cloud Infrastructure Audit
• Oracle Cloud Infrastructure Identity and Access Management
• Oracle Cloud Infrastructure Object Storage is used for database backups
• Oracle Integration Cloud Service for SaaS

One virtual cloud network (VCN) provides the following gateways:

• Internet gateway: Provides communications between public subnets and internet hosts. In this case, mobile users connect to the gateway by using Oracle Cloud Infrastructure Web Application Firewall.
• Dynamic routing gateway (DRG): Provides private connectivity between on-premises networks and VCNs by using Site-to-Site VPN or FastConnect. A DRG can also route traffic between VCNs for remote peering.
• Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.

The VCN includes 3 subnets:

• DMZ subnet: Includes a firewall in fault domain 1 to handle traffic from the DRG and passes it on to the connectivity agents in the Active subnet.
• Active private subnet: Provides 6 Oracle Integration Cloud Service connectivity agents distributed across fault domains.
• Prod Database private subnet: Provides an Oracle Autonomous Transaction Processing instance across all fault domains.