The image shows an architecture with the following logical flow:

1. An OCI Tenancy includes four tenants (A, B, C, and D).
2. Each tenant can request and receive JWT tokens from OCI IAM. Then, tenant traffic—tagged with tenant_id—reaches a Traffic-Routing Layer that can be either an OCI Load Balancer or OCI API Gateway.
3. The routing layer forwards requests to Shared Application Services. Each of tenant A, B, and C's Shared Application Services stack includes OCI Kubernetes Engine, OCI Functions, and OCI Virtual Machine.
4. Application services access Shared Database Resources through a Data Access Layer .
5. Shared Database Services use Oracle Data Safe, Oracle NoSQL Database Cloud Service, and Oracle MySQL Database Service, secured by OCI Key Management Service (KMS) for encryption.
6. KMS also secures a separate dedicated Database Services block for tenant D that contains Oracle Data Safe, OCI Object Storage, Oracle NoSQL Database Cloud Service, and Oracle MySQL Database Service.