This image shows the basic architecture of two different EBS deployment models across two tenancies and managed by their MSP.
At the top of the image are an on-premises Customer A CPE, Managed Service Provider CPE and an on-premises Customer B CPE. Beneath that is a primary OCI region. Between these elements is a box representing the connectivity options for the CPEs to the OCI region. These options are to connect to a dynamic routing gateway (DRG) within the region via FastConnect. The OCI region contains an availability domain with Tenancy A and Tenancy B.
Tenancy A contains these virtual cloud networks:
- Customer A VCN
- Managed Service Provider VCN
The Customer A VCN contains these subnets:
- Management private subnet, which contains an EBS Cloud Manager and an EBS Cloud Manager LB.
- A LB private subnet, which contains an Application Private LB.
- A LB public subnet, which contains an Application Public LB within a DMZ.
- An App private subnet, which contains the following zones:
- An internal zone, which contains an EBS Application VM-1, File System (Common APPL_TOP), and EBS Application VM-2. Traffic is routed to the internal zone from the LB private subnet - application private LB.
- An external zone, which contains an EBS Application VM-3. Traffic is routed to the external zone from the LB public subnet - application public LB.
- A DB private subnet, which contains a DBCS VMDB RAC and a file system.
The Managed Service Provider VCN contains a Management Admin Private subnet containing a RDP Server and OEM.
Tenancy B contains a Customer B VCN, which contains the following subnets:
- A management private subnet, which contains an EBS Cloud Manager and an EBS Cloud Manager EB.
- A LB private subnet, which contains an Application Private LB.
- An App private subnet, which contains an EB Application. Traffic is routed to the App private subnet from the LB private subnet - application private LB.
- A DB private subnet with an EBS Database Compute VM.
Access to each subnet in this architecture is controlled by individual routing tables and security lists.
Also within the region is the Oracle Services Network, comprising the services of that network.
Traffic flows from outside the region through a DRG and all subnets receive traffic from the DRG.