The image shows a future implementation with 2 Oracle Cloud Infrastructure (OCI) regions: a production region with 1 compartment with 3 availability domains and a disaster recovery (DR) region with a single compartment, availability domain, VCN, and private subnet. The diagram also shows the Impulse Logic network, a retail environment, and Azure Active Directory federated with OCI authentication (IAM). The production region provides the following existing services:

• Authentication (IAM)
• Oracle Cloud Infrastructure Registry
• Oracle Cloud Infrastructure Object Storage for database backup
• Oracle Cloud Infrastructure Bastion service

The augmented implementation includes the following additional services:

• Oracle Cloud Infrastructure Notifications
• Oracle Cloud Infrastructure Monitoring
• Policies
• Oracle Cloud Infrastructure DevOps
• Logging
• Auditing
• Oracle Cloud Infrastructure Events
• Oracle Functions
• Oracle Cloud Infrastructure Vault
• Oracle API Gateway

Impulse Logic Network: IT users connect to OCI by using a site-to-site VPN. Incoming traffic is routed through a dynamic routing gateway (DRG).

Retailer: Retail employees interact with the retail management system (RMS) which provides data to an on-premises MerchandiseiQ service (MiQ) instance. The MiQ instance, as well and smart devices and retail analysts use REST APIs to interface with OCI through an Internet gateway.

OCI Production: The compartment contains 1 virtual cloud network (VCN) with the following gateways:

• Internet gateway: Provides communications between public subnets and internet hosts.
• Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.
• Dynamic routing gateway (DRG): Provides private connectivity between on-premises networks and VCNs by using Site-to-Site VPN or FastConnect. A DRG can also route traffic between VCNs for remote peering.

The VCN includes 3 subnets, each of which provides a security list and a route table:

• Load balancer public subnet: Contains load balancers in availability domains 1 and 2 that manages REST API traffic from the retailer environment to the SLiQ application and worker nodes in the OKE namespace.
• OKE private subnet: Contains Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster with a single namespace. The cluster provides 3 OKE SLiQ management nodes, one in each availability domain, and an instance of MiQ on OCI. Incoming traffic from the Impulse Logic network comes in through the DRG and is validated by the Bastion service before being handled by the OKE SLiQ management nodes.

  The MiQ on OCI instance interfaces with the OKE namespace that contains the following SLiQ application OKE worker nodes: machine learning, user service, web/mobile app interface, product service, and store service.

• Database Subnet: Provides Oracle Autonomous Transaction Processing (ATP-S) which communicates with the namespace and MiQ instance in the OKE cluster and with object storage by using the service gateway.

OCI DR: Provides a single compartment, availability domain, VCN, and private subnet. The subnet contains an instance of Oracle Autonomous Transaction Processing connected to the ATP-S instance in the production region by using Data Guard for replication. The Oracle Service network provides object storage for replication of the object storage in the production region.