This image shows the required landing zone configuration and resources to deploy Infor LN and Infor OS on OCI .

The image comprises four sections:
  • An on-premises section
  • An OCI Region
  • The Internet
  • A third-party cloud

The on-premises section contains terminals that use an IPSec VPN for administrative access to VMS.

The OCI Region is the main component in this illustration. It contains:
  • A Bastion server, a Dynamic Routing Gateway (DRG), and an Identity Cloud Service (IDCS) stripe for developers.
  • A single Availability Domain (AD 1).

    This AD contains a hub-and-spoke architecture comprising a Hub VCN, which serves as a DMZ, and two Spoke VCNs, one for testing and developing and one for production. Access to the hub and production spoke is through a NAT gateway.

    Within the Hub VCN is a public subnet, which contains the application tier, where the Infor Web UI resides. Access to this subnet is controlled by a routing table and a security list.

    The testing and development spoke contains a data tier private subnet, which wherein resides a test server running on a Windows OS VM and is connected, within the subnet to block storage. Access to this subnet is controlled by a routing table and a security list.

    The development spoke contains the application tier, in a public subnet and a data tier in a private subnet. The application tier contains an Infor LN instance and an Infor OS instance. Each of these are connected to individual block storage components. The data tier subnet contains an Infor LN database, a domain controller (DC), and an Active Directory (AD) instance. All of these are connected to associated block storage components. Access to both subnets is controlled by routing tables and security lists. Both private spoke subnets use an Identity Cloud Service stripe within the OCI region but external to AD 1 for identity management.

    Within the OCI region but external to the AD is an Identity Cloud Service stripe for developers,and object storage component for images, Cloud Guard implementation, and a vulnerability scanning service.

  • The Internet section contains application users, who access the Hib VCN through a Web Application Firewall and Internet gateway.
  • The third-party cloud section is empty.

Traffic flows from the on-premises terminals through the DRG to each of the spokes, via a DRG VCN attachment. Identity traffic from the IDCS stripe for developers is transmitted via federated SSO to the test server in the test and development spoke, which stores necessary data in the attached block storage. Traffic the Hub VCN's Infor Web UI runs between that and the Production spoke's application tier, which itself exchanges data with the database, the domain controller, and Active Directory in the private subnet data tier. The production spoke writes image backup data to the object storage within the OCI region but external to AD 1.