Learn About Designing a Secure Multitier Topology in the Cloud

Previous Next JavaScript must be enabled to correctly display this content

Learn About Designing a Secure Multitier Topology in the Cloud

In a multitier application topology, your resources have distinct access-control requirements and traffic-flow constraints. Organize your resources in compartments, and define Oracle Cloud Infrastructure Identity and Access Management (IAM) policies to control users' access to the resources in each compartment. Isolate the resources in each tier in separate subnets.

Architecture

The following architecture shows the cloud resources grouped in compartments, based on the nature of the resources. The bastion hosts, compute instances, load balancers, and databases are in a single virtual cloud network (VCN), but are attached to different subnets.

Description of multi-tier-network-architecture.png follows

Description of the illustration multi-tier-network-architecture.png

Compartments provide logical boundaries to isolate your resources in the cloud, based on the user groups that are responsible for managing the resources. Compartments also enable you to track and manage the usage of cloud resources by each department in your organization. Note that a compartment is global to the tenancy; that is, it spans all the regions.
The resources in this architecture are distributed across three availability domains (AD). In a region that has a single AD, you can distribute the compute instances across the fault domains within the AD for high availability.
The Networks compartment contains the VCN and the associated gateways.
The compute instances in this architecture are attached to AD-specific subnets. To protect the subnets against AD failure, Oracle recommends that you use regional subnets, which span the entire region.
The Shared Services compartment contains compute instances that are shared across the tenancy.
The Admin compartment contains the bastion hosts that are exposed to traffic from the internet.
The Business Logic compartment contains the compute instances that host the web servers and application servers. It also contains the load balancers.
The Database compartment contains the database instances.

Title and Copyright Information

Learn about designing a secure multitier topology in the cloud

F12388-03

January 2020

Copyright © 2019, 2020, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at https://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit https://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit https://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.