This architecture diagram shows a single Oracle Cloud
Infrastructure (OCI) tenancy and a region with 3 availability domains (ADs) and 1 virtual cloud network (VCN). The following services are
provided for the region:
- Oracle Autonomous Database
- Oracle Cloud Infrastructure Identity
and Access Management (shown at the tenancy level)
- Oracle Cloud
Infrastructure Object Storage
- Compartment
- Policies
The VCN provides the following gateways:
- Internet gateway: Provides communications between public subnets and internet hosts.
- Network address translation (NAT) gateway: Enables private resources in a VCN to access hosts on the internet, without exposing
those resources to incoming internet connections.
- Service gateway: VCNs communicate with services in the Oracle Services Network (OSN) such as object storage over the Oracle
network fabric without traversing the internet.
The VCN provides 3 subnets, each with its own security list and route table:
- Bastion public subnet 172.0.0.128/27: Oracle Cloud Infrastructure
Bastion service in availability domain 1 processes incoming traffic from deployment users.
- Secure Agent private subnet 172.0.0.64/27: External INFA control panel communicates with the INFA Secure Agent in availability
domain 2 by using port 443 and a NAT gateway. The agent communicates with the Private Endpoint tier.
- Private Endpoint private subnet 172.0.0.64/27: Provides communication with Oracle Autonomous Database to process, store, analyze, and present data.