Deploy IBM Sterling Order Management Software in a Virtual Machine on Oracle Cloud Infrastructure

Many retailers are embarking on a digital transformation to scale their omnichannel e-commerce capabilities. A central focus of ominichannel strategy often includes a refreshed or re-architected website, and a simplified customer purchasing process.

IBM Sterling Order Management is an omnichannel order fulfillment platform. Retailers can create a single view of inventory across web, retail, and wholesale channels using IBM Sterling Order Management as a backend for omnichannel order fulfillment integrated with e-commerce platforms and point-of-service (POS). The solution provides centralized, near real-time visibility across inventory, order, and delivery status to help deliver an extraordinary consumer experience. The platform also enables retailers to better manage growing demand and streamline deployment from fulfillment options.

By migrating IBM Sterling Order Management to Oracle Cloud Infrastructure (OCI), our customers have improved their infrastructure strategy to bring resiliency to their commerce core, meet peak demand, and scale out when necessary. Key outcomes include:

  • Improved availability: 99.95% system availability.
  • Improved performance: 3 times better performance compared to on-premises.
  • No disruptions: Zero impact to app functionality and business availability while migrating.
  • Cost savings: Up to 60% reduction in infrastructure costs compared to on-premises.


This architecture provides a design for running IBM Sterling Order Management on OCI virtual machines (VM). Use this design for a high-availability architecture that uses multiple availability domains and fault domains to provide redundant resources across web, app, and database tiers.

Planning your installation involves considering your deployment, architecture, as well as performance needs and requirements for high availability. This architecture meets those infrastructure requirements in the following ways:

  • The application uses Oracle Exadata Database Service on OCI, a managed cloud service that enables organizations to run databases with the highest performance, availability, security, and cost-effectiveness. Online scaling of compute resources enables customers to quickly adjust consumption to match workload demands without interrupting operations. Full compatibility with on-premises Oracle Database and Exadata environments makes it easy for customers to migrate workloads to the cloud.
  • All tiers of the stack including web server, application tier, and data layer are deployed in the primary (active) environment across three fault domains in a single availability domain. This architecture ensures high availability within the availability domain.
  • A redundant topology is deployed as a standby (non-active) environment in another availability domain in the same region. The continuous delivery tools (BLD) are deployed on VMs in both availability domains.

This architecture shows a highly available web application running on OCI with redundant resources distributed across two availability domains in one OCI region. In this architecture, the primary (active) and standby (passive) environments in this architecture are symmetric:

  • When the primary environment is active, the private and public load balancers are configured to route requests to a pool of web servers distributed across three fault domains in the availability domain that host the primary instance. A hardware failure or maintenance event that affects one fault domain doesn't affect the application in the other fault domains. If a VM fails, the traffic is diverted to the other VMs in the availability domain, to continue processing the requests.
  • If the primary instance is unavailable for any reason, you can switch over to the standby environment, and update the backend set of the load balancer to route traffic to the availability domain that hosts the standby instance. When the primary environment becomes available, you can switch over again and update the load balancer accordingly. The standby web and app applications are synced to the primary by storing from the block volume backup of primary VMs at a predetermined interval based on Recovery Time Objective (RTO) and Recovery Point Objective (RPO). When there's an OS update to the primary, the boot volume backup is used to rebuild the standby VM. The Oracle standard Data Guard replicates the primary database to standby. The tnsnames in application configuration are updated to point to the standby database after the block volume is restored.

The following diagram illustrates this reference architecture.

The architecture has the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Bastion service

    Provide restricted and time-limited secure access to resources that don't have public endpoints and require strict resource access controls. Examples include compute instances, bare metal and virtual machines, MySQL, ATP, OKE, and any other resource that allows Secure Shell Protocol (SSH) access. With Oracle Cloud Infrastructure Bastion service, customers can enable access to private hosts without deploying and maintaining a jump host. In addition, customers gain improved security posture with identity-based permissions and a centralized, audited, and time-bound SSH session. OCI Bastion removes the need for a public IP for bastion access, eliminating the hassle and potential attack surface from remote access.

  • Web Application Firewall (WAF)

    Oracle Cloud Infrastructure Web Application Firewall (WAF) is a payment card industry (PCI) compliant, regional-based and edge enforcement service that is attached to an enforcement point, such as a load balancer or a web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.

  • Public Load Balancer

    HTTPS requests from external users (for example, customers ordering from a retailer's e-commerce platform integrated with IBM Sterling Order Management) flow through the internet gateway attached to the VCN. The requests then pass through the OCI Web Application Firewall (WAF) service, which protects the applications from malicious and unwanted internet traffic. Traffic that passes WAF rules are forwarded to the public load balancer. The load balancer terminates SSL/TLS, and distributes HTTP requests to the private web tier.


    To ensure domain resolution of your application endpoints, you should register the IP address of the public load balancer in your public DNS.
  • Private Load Balancer

    Traffic from your internal and on-premises users flows through IPSec VPN tunnels, or FastConnect virtual circuits to the dynamic routing gateway (DRG) that's attached to the VCN. A private load balancer intercepts the requests and distributes them to the private web tier.


    To ensure domain resolution of your application endpoints, you should register the IP address of the private load balancer in your on-premises DNS.
  • Network address translation (NAT) gateway

    A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • DNS

    Oracle Cloud Infrastructure Domain Name System (DNS) service is a highly scalable, global anycast domain name system (DNS) network that offers enhanced DNS performance, resiliency, and scalability, so that end users connect to customers’ application as quickly as possible, from wherever they are.

  • Site-to-Site VPN

    Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

  • Exadata Database Service

    Oracle Exadata Database Service enables you to leverage the power of Exadata in the cloud. You can provision flexible X8M and X9M systems that allow you to add database compute servers and storage servers to your system as your needs grow. X8M and X9M systems offer RDMA over Converged Ethernet (RoCE) networking for high bandwidth and low latency, persistent memory (PMEM) modules, and intelligent Exadata software. You can provision X8M and X9M systems by using a shape that's equivalent to a quarter-rack X8 and X9M system, and then add database and storage servers at any time after provisioning.

    Oracle Exadata Database Service on Dedicated Infrastructure provides Oracle Exadata Database Machine as a service in an Oracle Cloud Infrastructure (OCI) data center. The Oracle Exadata Database Service on Dedicated Infrastructure instance is a virtual machine (VM) cluster that resides on Exadata racks in an OCI region.

    Oracle Exadata Database Service on Cloud@Customer provides Oracle Exadata Database Service that is hosted in your data center.

  • Data Guard

    Oracle Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to remain available without interruption. Oracle Data Guard maintains these standby databases as copies of the production database. Then, if the production database becomes unavailable because of a planned or an unplanned outage, Oracle Data Guard can switch any standby database to the production role, minimizing the downtime associated with the outage.

  • IBM Sterling Order Management

    IBM Sterling Order Management is represented in the architecture diagram as virtual machines (VMs): OMS Web VM, OMS App VM, and OMS BLD VM.

    • OMS Web VMs represent IBM Sterling Order Management Software deployed in web applications. This layer responds to traffic and manages the front-end functionality of order management and retail.
    • OMS App VMs manage the IBM Sterling Order Management application layer.
    • OMS BLD VMs are the build servers responsible for continuous delivery (CD). In a retail scenario, you can leverage build servers to refresh seasonal product catalogs and inventory.


Use the following recommendations as a starting point to design your deployment. Your requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

  • Cloud Guard

    Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public.

    Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations.

    You can also use the Managed List feature to apply certain configurations to detectors.

  • Load balancer bandwidth

    While creating the load balancer, you can either select a predefined shape that provides a fixed bandwidth, or specify a custom (flexible) shape where you set a bandwidth range and let the service scale the bandwidth automatically based on traffic patterns. With either approach, you can change the shape at any time after creating the load balancer.


Consider the following points when deploying this reference architecture.

  • Migrating to OCI

    Before building your environment, determine the preferred method for deploying IBM Sterling Order Management. You can use the Oracle Cloud Migrations service to automate the migration of virtual machines from on-premises to OCI, or install a new deployment of IBM Sterling Order Management. See the Explore More section for details. Whether you install your development, test, or production environment, the same high-level process applies:

    • Verify stack requirements for performance and availability.
    • Install and configure a database. IBM Sterling Order Management currently supports IBM Db2, Oracle Database, and PostgreSQL.
    • Install and configure an application server. IBM Sterling Order Management currently supports IBM WebSphere, JBoss, or Oracle WebLogic.
    • Install the base software and other components supported by the licensing agreement.
    • Adopt a continuous delivery (CD) model to update IBM Sterling Order Management. To learn more about the installation process, see Explore More.
  • System Dependencies

    IBM Sterling Order Management requires a database and a Java Message Service (JMS) server as prerequisites to deploy the application. IBM Sterling Order Management uses JMS extensively, but this architecture does not include the setup. For more information, see Explore More.

  • Disaster Recovery

    For a well-architected disaster recovery (DR) plan, consider distributing your resources across multiple regions.

  • High Availability

    You can have an active-active web and app tier by configuring the load balancer to direct user traffic to both availability domain 1 and availability domain 2, and pointing app tier in availability domain 2 to the database in availability domain 1. The database in availability domain 2 is still in standby mode. This option gives you additional processing power in the web and app tier.

Explore More

Review the following resources to learn more about deploying IBM Sterling Order Management on Oracle Cloud Infrastructure.

IBM Sterling Order Management:

Other IBM Sterling Order Management Reference Architectures:

Oracle Cloud Infrastructure:


  • Authors: Syed Imam, Nicole Champion
  • Contributors: Wei Han, Shishir Saha (IBM), Nico Cheong