NetFoundry: Autonomous Data Warehouse deployment on Oracle Cloud Infrastructure

NetFoundry, the leader in zero-trust, cloud-native networking, provides a secure connection to a private endpoint in a virtual cloud network (VCN) without exposing your Autonomous Data Warehouse to the internet.

Customer Story

Learn more about NetFoundry and Autonomous Data Warehouse on Oracle Cloud:

Architecture

The NetFoundry platform enables secure networking between any user and any app, regardless of where they are, including work-from-home VPN replacement and hybrid cloud integrations. With this integration, companies can provide the modern version of VPNs to their remote users in a simpler, more secure, zero trust, higher-performance manner. NetFoundry’s micro-segmentation provides private IP access to the specific apps as defined by the AppWAN, greatly strengthening security and compliance.
Description of netfoundry_overview.png follows
Description of the illustration netfoundry_overview.png

All traffic to the Autonomous Data Warehouse with shared Exadata infrastructure moves through a private endpoint within a VCN in your tenancy. This configuration also uses no public subnets and allows you to keep all traffic to and from your Autonomous Data Warehouse off of the public internet.

The following diagram illustrates this reference architecture.

Description of netfoundry-adw-oci.png follows
Description of the illustration netfoundry-adw-oci.png
The architecture has the following components:
  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

    All the resources in this architecture are deployed in a single region.

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • VCN and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

    This architecture uses a single VCN, with separate subnets for the load balancer, web servers, application servers, and database.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Route tables

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security lists

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Identity Cloud Service

    Oracle Identity Cloud Service provides identity management, single sign-on (SSO), and identity governance for a wide range of SaaS and on-premises applications.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

  • Autonomous Data Warehouse

    Oracle Autonomous Data Warehouse is a self-driving, self-securing, self-repairing database service that is optimized for data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

Explore More

Learn more about the features of this architecture.