This image shows an Oracle Cloud Infrastructure tenancy enclosing a region with a single availability domain and 3 fault domains. The region provides object storage and key management for the region. It also shows two virtual cloud networks (VCNs), each in their own compartment. Compartments cross all regions in a tenancy. The tanancy provides Cloud Guard protection across the tenancy.

VCN 10.0.0.0/16 (Compartment A): Contains 4 regional public subnets arranged as functional tiers. Each subnet provides a route table and a security list.

• The VCN provides the following features and gateways:

  • Cloud Guard protection for the compartment
  • An internet gateway
  • A local peering gateway (LPG) for communication between VCNs in the same regions using private IP addresses

• Load Balancing Tier 1 - regional public subnet 1 (10.0.1.0/24): A standby load balancer resides in fault domain 2 and an active load balancer resides in fault domain 3 and together they manage traffic to the administrator and self-service application tiers. An internet gateway provides a public connection to the load balancers

• Load Balancing Tier 2 - regional public subnet 2 (10.0.2.0/24): A standby load balancer resides in fault domain 2 and an active load balancer resides in fault domain 3 and together they manage traffic to the administrator and self-service application tiers. An internet gateway provides a public connection to the load balancers

• Administrator and Self-service Application Tier 1 - regional public subnet 3 (10.0.3.0/24): A self-service application (SSA) node resides in fault domain 1 and connects to the load balancers. An administrator application (AA) node resides in fault domain 2 and connects to the load balancers.

• Administrator and Self-service Application Tier 2 - regional public subnet 4 (10.0.4.0/24): A self-service application (SSA) node resides in fault domain 2 and connects to the load balancers. An administrator application (AA) node resides in fault domain 1 and connects to the load balancers.

VCN 192.168.0.0/16 (Compartment B): Contains 2 regional private subnets arranged as functional tiers. Each subnet provides a route table and a security list.

• The VCN provides the following features and gateways:

  • Cloud Guard and Security Zone protection for the compartment
  • A NAT gateway
  • A service gateway to connect to regional storage services
  • A local peering gateway (LPG) for communication between VCNs in the same regions using private IP addresses
  • A dynamic routing gateway (DRG) to connect the customer data center and customer premises equipment to the hub VCN over IPSec VPN or FastConnect

• Bastion Host Tier - regional private subnet (192.168.1.0/24): A bastion host node resides in fault domains 1 and 2.

• Database Tier - regional private subnet (192.168.1.0/24): A database node resides in fault domains 1 and 2 combined as a RAC database cluster.