This architecture diagram shows a single Oracle Cloud Infrastructure (OCI) tenancy and a region with 3 availability domains (ADs) and 1 virtual cloud network (VCN). The following services are provided for the region:

Oracle Autonomous Database
Oracle Cloud Infrastructure Identity and Access Management (shown at the tenancy level)
Oracle Cloud Infrastructure Object Storage
Compartment
Policies

The VCN provides the following gateways:

Internet gateway: Provides communications between public subnets and internet hosts.
Network address translation (NAT) gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
Service gateway: VCNs communicate with services in the Oracle Services Network (OSN) such as object storage over the Oracle network fabric without traversing the internet.

The VCN provides 3 subnets, each with its own security list and route table:

Bastion public subnet 172.0.0.128/27: Oracle Cloud Infrastructure Bastion service in availability domain 1 processes incoming traffic from deployment users.
Secure Agent private subnet 172.0.0.64/27: External INFA control panel communicates with the INFA Secure Agent in availability domain 2 by using port 443 and a NAT gateway. The agent communicates with the Private Endpoint tier.
Private Endpoint private subnet 172.0.0.64/27: Provides communication with Oracle Autonomous Database to process, store, analyze, and present data.