Migrate Workloads to Oracle Cloud VMware Solution and Oracle Exadata Database Service on Dedicated Infrastructure

Oracle Cloud VMware Solution allows you to easily deploy and manage an application stack in an Oracle Cloud VMware Solution software-defined data center (SDDC).

Oracle Cloud VMware Solution provides a customer-managed, native VMware-based cloud environment, installed within a customer’s tenancy. It offers complete control using familiar VMware tools. Users can move or extend VMware-based workloads to the cloud without rearchitecting applications or retooling operations.

Consequently, users can deploy Oracle Exadata Database Service on Dedicated Infrastructure natively and then seamlessly connect to applications in the VMware SDDC for a high-performance and high-availability solution.

By deploying a 3-tier application on this combined solution, you can access the full features of a VMware SDDC, including:

  • High availability: All VMware components are distributed across different fault domains within the OCI region’s availability domains.
  • Scalability: Using dense shapes, you can start with 3 ESXi hosts and scale up to 64 hosts in a single SDDC. If you use standard shapes, you can start with 3 ESXi hosts and scale up to 8 hosts in a single ESXi cluster within the SDDC.
  • Flexibility: Oracle Cloud VMware Solution is the most flexible VMware solution in the cloud. Compute and storage resources can be scaled independently. You can leverage Oracle Cloud Infrastructure Block Volumes to scale your storage either as a primary datastore with standard shapes or as a secondary datastore with dense shapes.
  • Lift and shift: Migration of on-premises VMware workloads to a VMware Solution SDDC is seamless.
  • Full integration: Because the SDDC resides in a virtual cloud network (VCN), it can be configured to communicate with other OCI resources such as compute instances, database services, storage services, continuous integration/continuous deployment (CI/CD), and so on.
  • Manageability: The OCI console provides workflows to facilitate SDDC creation and networking configuration.
  • Layer 2 networking: Oracle Cloud VMware Solution leverages VLANs within OCI for SDDC connectivity. If your application requires sub-millisecond latencies, deploy or migrate them to the cloud with peace of mind using OCI's layer 2 networking.


This reference architecture shows a 3-tier application stack in Oracle Cloud Infrastructure (OCI) with the application tier deployed in a VMware software-defined data center (SDDC) created by using Oracle Cloud VMware Solution.

The load balancer receives requests from clients and distributes them to front-end, application-stack virtual machines (VMs) running in the VMware SDDC. The VMware SDDC leverages the three fault domains in an OCI region for high availability. The bare metal ESXi hosts are deployed across the fault domains. The VM can be vMotioned to any ESXi host in the SDDC for high availability. The application stack connects to the Oracle Exadata Database Service on Dedicated Infrastructure instance that is deployed in the same OCI region.

The Oracle Exadata Database Service on Dedicated Infrastructure allows you to leverage the power of Exadata in the cloud. Oracle Exadata Database Service on Dedicated Infrastructure's scale-out architecture helps users to independently and efficiently right-size compute and storage resources to meet growing demands. Oracle Exadata Database Service on Dedicated Infrastructure offers RDMA over Converged Ethernet (RoCE) networking for high bandwidth and low latency, Exadata RDMA Memory (XRMEM) for shared read acceleration, and intelligent Exadata software to enable high-performance database workload processing.

Exadata cloud infrastructure deployments include built-in Oracle maximum availability architecture (Oracle MAA) best practices that increase database availability. Oracle Exadata Database Service on Dedicated Infrastructure reduces downtime and simplifies operational management with available zero downtime maintenance, online scaling, and automated provisioning of Oracle Real Application Clusters (Oracle RAC) and Oracle Active Data Guard.

A standby disaster recovery (DR) instance is recommended for the application and database tier resilience. The DR instances can be deployed in a separate OCI region with the same architecture.

The following diagram illustrates the architecture:


The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domain

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Service gateway

    The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Bastion service

    Oracle Cloud Infrastructure Bastion provides restricted and time-limited secure access to resources that don't have public endpoints and that require strict resource access controls, such as bare metal and virtual machines, Oracle MySQL Database Service, Autonomous Transaction Processing (ATP), Oracle Container Engine for Kubernetes (OKE), and any other resource that allows Secure Shell Protocol (SSH) access. With Oracle Cloud Infrastructure Bastion service, you can enable access to private hosts without deploying and maintaining a jump host. In addition, you gain improved security posture with identity-based permissions and a centralized, audited, and time-bound SSH session. Oracle Cloud Infrastructure Bastion removes the need for a public IP for bastion access, eliminating the hassle and potential attack surface when providing remote access.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • Bare metal

    Oracle’s bare metal servers provide isolation, visibility, and control by using dedicated compute instances. The servers support applications that require high core counts, large amounts of memory, and high bandwidth. They can scale up to 160 cores (the largest in the industry), 2 TB of RAM, and up to 1 PB of block storage. Customers can build cloud environments on Oracle’s bare metal servers with significant performance improvements over other public clouds and on-premises data centers.

  • Oracle Exadata Database Service on Dedicated Infrastructure

    Oracle Exadata Database Service on Dedicated Infrastructure provides Oracle Exadata Database Machine as a service in an Oracle Cloud Infrastructure (OCI) data center. The Oracle Exadata Database Service on Dedicated Infrastructure instance is a virtual machine (VM) cluster that resides on Exadata racks in an OCI region.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

  • Block volume

    With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.

  • Identity and Access Management (IAM)

    Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.

  • Audit

    The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Oracle Cloud Infrastructure Audit.

  • Logging
    Logging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:
    • Audit logs: Logs related to events emitted by the Audit service.
    • Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
    • Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.

Architecture - Software-Defined Data Center (SDDC)

The Oracle Cloud VMware Solution SDDC deploys on Oracle Cloud Infrastructure (OCI) bare metal servers.

You can start with 3 ESXi hosts using dense shapes and scale up to 64 hosts in a single SDDC. The VMs are isolated in the NSX Overlay subnet. The NSX Edge provides the network address translation (NAT) of the IPs in the NSX Overlay to the OCI virtual local area network (VLAN). OCVS SDDC uses Oracle Cloud Infrastructure Block Volumes, Oracle Cloud Infrastructure File Storage, and Oracle Cloud Infrastructure Object Storage for VM file system and application storage needs.

The following diagram shows the Oracle Cloud VMware Solution software-defined data center (SDDC) architecture.


The architecture has the following components in addition to those described with the general architecture:

  • VMware vSphere (ESXi)

    VMware vSphere ESXi is an enterprise-class, type-1 hypervisor. In this architecture, the hypervisor runs on bare metal compute instances that use the bare metal DenseIO shape, providing a strong foundation for the entire SDDC.

  • Compute/Virtual machines

    The virtual machines (VMs) in this architecture run on the VMware ESXi hypervisor. You can choose the guest operating system of the VMs, and you can specify the CPU and memory required. For example, you can deploy a simple Python Flask application running on CentOS 8 on VMs that have two CPUs and 2 GB of RAM.

Architecture - Oracle Exadata Database Service on Dedicated Infrastructure

When you subscribe to the Oracle Exadata Database Service on Dedicated Infrastructure, Oracle owns and manages the Exadata infrastructure and customers manage everything that runs in the database virtual machine (VM).

The customer VM includes the Oracle Grid Infrastructure software, database software, customer data, schema, and encryption keys. You can schedule maintenance windows for Oracle to perform infrastructure maintenance during a time that best aligns with their business needs.

The Oracle Exadata Database Service on Dedicated Infrastructure simplifies lifecycle tasks, such as provisioning, scaling, updates, backup, and disaster recovery through Oracle Cloud Infrastructure Automation.

Application users and administrators can connect to the database servers only by using the client and backup networks you previously created with your VCN. Your administrator can use the web-based Oracle Cloud Infrastructure (OCI) console, OCI command-line interface (CLI), and REST APIs to connect to your Exadata Database Service over an HTTPS connection. You can access your database through standard Oracle connection methods, such as Oracle Net, and you can connect to the VM cluster through traditional Oracle Linux methods, such as token-based secure shell (SSH).

The following diagram shows the high-level network architecture for Oracle Exadata Database Service on Dedicated Infrastructure.


The architecture has the following components:

  • Oracle Exadata Database Service on Dedicated Infrastructure:
    • The Oracle Exadata Database Service on Dedicated Infrastructure architecture includes a minimum of 2 Exadata database servers and 3 Exadata storage servers.
    • The physical database and storage servers are connected by using a high-speed, low-latency internal RoCE network fabric. Oracle Database uses this network for Oracle Real Application Clusters (RAC) interconnect traffic and for accessing data on Exadata storage servers.
    • This minimum configuration provides high-availability (HA) protection from equipment failure and allows for the ASM in the storage layer to be provisioned in High Redundancy mode (which provides Triple Mirroring of data across storage servers) to provide protection from disk and storage server failure.
    • When more performance or capacity is required, you can scale the Oracle Exadata Database Service on Dedicated Infrastructure online by simply adding database or storage servers.
    • An Oracle Exadata Database Service on Dedicated Infrastructure instance is a virtual machine (VM) cluster that resides on Exadata cloud infrastructure.
    • The VMs run on the physical Exadata database servers and the VMs from each Exadata database server form a VM Cluster.
    • VMs can host one or more database homes and database homes can host one or more RAC databases.
  • Client Network:

    The client network connects the Exadata database servers to your existing client network and is used for client access to the virtual machines. Applications access databases on Exadata Database Service through this network by using single client access name (SCAN) and Oracle RAC virtual IP (VIP) interfaces. The client-access network uses a pair of network interfaces on each database server connected to the customer network.

  • Backup Network

    The backup network is similar to the client access network, as it connects to the Exadata Database servers to separate backup traffic and bulk transfers from application traffic. Like the client network, the backup network uses a pair of network interfaces on each database server, which are connected to the customer network.


Use the following recommendations as a starting point to deploy your workloads to a VMware SDDC in Oracle Cloud Infrastructure (OCI). Your requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

    Use regional subnets.

    The VCN represents the data center underlay network for hosting a VMware SDDC cluster. Oracle Cloud VMware Solution creates the subnets and the VLAN required for the SDDC cluster. Alternatively, you can use existing an subnet and VLAN for the SDDC. If you use an existing subnet and VLAN, the administrator should create all the VLANs and required network security rules beforehand.

    Optionally, you can provide an NSX workload CIDR, if this CIDR is known. Oracle Cloud VMware Solution creates an NSX overlay segment, and an NSX distributed port group called workload is created in the VMware vCenter server.

  • Compute instances for the VMware ESXi hypervisor

    Oracle Cloud VMware Solution supports both the addition and deletion of hypervisor host capacity to the SDDC cluster. So, you can start small and scale as required. For healthy cluster functioning, an SDDC cluster requires a minimum of three nodes, and you can scale up to 64 hosts in a given SDDC cluster. To identify the ESXi hosts that belong to an SDDC cluster, you can define user-friendly prefixes for ESXi compute instances.

    Currently, the BM.DenseIO2.52, high-throughput I/O, and flexible compute shapes are supported for native deployment of a VMware SDDC on OCI. The VMware vSphere cluster in Oracle Cloud VMware Solution offers 3-node ESXi clusters, providing 156 OCPUs and 2.25 TB of memory, and can be scaled up to 64 nodes in a cluster. OCI manages the high availability of the bare metal compute instances that host the hypervisor.

    For production environments, a minimum of three hypervisors is required in a variety of shapes including high IO, flexible compute, and standard shapes for bare metal deployments.

  • Network security groups (NSGs)

    You can use NSGs to define a set of ingress and egress rules that apply to specific VNICs. We recommend using NSGs rather than security lists, because NSGs enable you to separate the VCN's subnet architecture from the security requirements of your application.

    In the reference architecture, all the network communication between the load balancer, VMs, and the database is controlled through NSGs.

  • Disaster Recovery (DR)

    A standby DR instance in a different OCI region is recommended for enterprise applications.

    The DR Strategy must be consistent across the 3-tiers in order to meet SLA and data durability requirements.

    The DR Oracle Cloud VMware Solution environment is synched up with production by using replication tools from VMware (SRM, HCX) and third-party solutions (for example Zerto, and Veeam Replication).

    The DR Oracle Exadata Database Service on Dedicated Infrastructure is synched up with production by using Oracle Data Guard. The standby Oracle Exadata Database Service on Dedicated Infrastructure is a transactionally consistent copy of the primary database. Oracle Data Guard automatically maintains synchronization between the databases by transmitting and applying redo data from the primary database to the standby. In the event of a disaster in the primary region,Oracle Data Guard automatically fails over to the standby database in the secondary region.

    Front-end load balancers are deployed either in a standby mode for network load balancers, or with high availability by using Load Balancer as a Service (LBaaS).

  • Application servers and custom applications running on Oracle Platform as a Service (PaaS)

    PaaS services, such as Oracle SOA Cloud Service and Oracle WebLogic Server for OCI, use most of the resources mentioned above internally (compute, block volumes, file storage, networking, database). They require specific disaster recover strategies that protect all the different layers in a consistent fashion. Oracle provides detailed best practices intended to create maximum availability architectures (MAA) and protect this type of systems against disasters. See Explore More for specific documentation on disaster recovery (DR) for PaaS.


When implementing a VMware-based software-defined data center (SDDC) in Oracle Cloud Infrastructure (OCI), consider these design options.

  • Performance

    You can vertically scale the amount of CPU and RAM of the VMs based on the resource requirements of your application.

  • Availability
    • Oracle Cloud VMware Solution incorporates the VMware-recommended best practices for high availability.
    • The VMware components are distributed across different fault domains within a given OCI region’s availability domain.
    • Oracle Exadata Database Service on Dedicated Infrastructure operates with zero data loss.
    • Data Guard provides database disaster recovery and high availability at a transaction level.
    • A low latency network facilitates transactional level replication.
    • Block volume regional replication allows for regional level HA for both VMs and hypervisors.


  • Authors: Michael Rutledge, Wei Han, Praveen Pedda Vakkalam, Nicole Ghalwash, Leo Alvarado, Eddie Ambler
  • Contributors: Anwar Belayachi, Robert Lies