Lee Container: Scaled ERP Deployment with APEX and Autonomous Database on Oracle Cloud

To keep up with the company's continued expansion, Lee Container decided to move its IQMS ERP system out of a co-located data center onto Oracle Cloud Infrastructure (OCI).

After its move to OCI, not only has the family-run manufacturer of plastic, blow-molded containers been able to tighten its security posture by adding multiple points of failure detection to the systems that connect to its production facilities in Texas, Georgia, and Iowa, but it is also getting higher server availability within all three of those facilities and for a lot lower cost.

Lee Container, founded in 1989, has expanded its operations from just three production lines to nearly 20 different types of bottles, jugs and totes. These containers are specifically made to hold all sorts of industrial lubricants, such as motor oil, fuel additives and other petroleum products, as well as agricultural, industrial, and garden chemicals.

Today, everyone who uses Lee Container's ERP system accesses it by using a terminal server hosted in OCI. Those users include the company's sales representatives, engineers, and shipping, purchasing, and accounts-payable teams, production supervisors, quality analysts, human resources personnel, schedulers, and upper management. Remote users, such as field sales representatives, engineers, and quality analysts connect to the OCI tenancy directly from the internet. After being authenticated by using an APEX web interface, these users can enter orders, load and retrieve specification drawings, and add production data into an Oracle Autonomous Database.

Customer Story

Learn more about Lee Container's journey to Oracle Cloud:


On-premises staff at each of Lee Container's three manufacturing plants can access the Oracle Cloud Infrastructure (OCI) tenancy by using virtual private networks (VPNs) or by using an Oracle APEX web interface.

Within the virtual cloud network (VCN), users can access Lee Container's IQMS ERP systems by using a remote desktop server. From here, they can enter sales, finance, accounting, HR, inventory, production, and purchasing data. The IQMS database is queried every 15 minutes using a PHP script run by the Windows scheduler on the internal automated ERP web server. This populates the autonomous database with current production data for each production line.

While engineers and quality analytics teams are also on premises, they typically access an Oracle Autonomous Database (ADB) by using the Oracle APEX web interface. After being routed through a service gateway, engineers access ADB to load product specifications and specification drawings. Quality analytics teams use ADB to log product measurements, such as bottle weights, neck circumferences, and wall thicknesses, annotating anomalies that fall out of spec tolerances during each production run. External salespeople access ADB remotely by using an APEX web interface which enables them to download product specifications and product drawings as needed.

The Paxton access server provides on-premises user access control. The production monitoring servers take the data from the IQMS database and display production line status for employees in real-time, including schedule adherence and product and item counts. The file server stores unstructured data, such as engineering drawings and user manuals, and shares the data with all users. The IQMS time & attn server is part of IQMS HR module. IQMS database is an Oracle 12c database running on a Windows server. The real time servers take relay signals from the production lines, convert them to produce the production run rate, and save the data into the real-time module of IQMS. The data is displayed by production monitoring servers to employees on the production lines.

Lift truck drivers and other warehouse operators use a warehouse management application (WMS) that is built into Lee Container's IQMS ERP system. Using Wi-Fi-enabled barcode scanners and a command line interface on a VT100 emulator terminal, warehouse operators connect to the WMS application where they can scan inventory, move that inventory to different locations, and then schedule items to be picked, packed, and shipped.

Prior to moving to OCI, Lee Container ran its servers out of its corporate office and a co-located data center nearby. The three plants accessed the data center through a single fiber optic circuit. If that circuit were ever compromised, it would cause a production outage for all three plants.

Today, all three of Lee Container's production facilities have their own dedicated fault domain and VM servers to provide access. In the event that one plant loses connectivity, users are still able to access the ERP application by using the failover cluster in the two additional fault domains.

In the future, Lee Container plans to use Oracle Analytics Cloud (OAC) to interact with the IQMS database for reporting and graphing. They plan to replace the IQMS database server with Oracle Database Cloud Service. They will do this migration when they upgrade the IQMS application and database.

The following diagram illustrates the architecture:


The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domain

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Identity and access management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.

  • Policy

    An Oracle Cloud Infrastructure Identity and Access Management policy specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy.

  • Logging
    Logging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:
    • Audit logs: Logs related to events emitted by the Audit service.
    • Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
    • Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.
  • Audit

    The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Oracle Cloud Infrastructure Audit.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Site-to-Site VPN

    Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • Autonomous database

    Oracle Cloud Infrastructure autonomous databases are fully managed, preconfigured database environments that you can use for transaction processing and data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

Get Featured in Built and Deployed

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

  1. Download the template (PPTX)

    Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

  2. Watch the architecture tutorial

    Get step by step instructions on how to create a reference architecture.

  3. Submit your diagram

    Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.


  • Authors: Sasha Banks-Louie, Kabir Kazimi, Chiping Hwang, Jay Lakumb
  • Contributor: Robert Lies