This image shows an Oracle Cloud Infrastructure tenancy with two compartments connected through a local peering gateway (LPG) in each of the compartments.

• Load Balancing (LB) compartment: Provides a virtual cloud network (VCN) with a single public subnet. The VCN uses an internet gateway connected through a web application firewall (WAF) to communicate with the internet. Communications are handled by a load balancer in the pubic subnet, then evaluated against the subnet's security list, and sent to the security zone compartment through the local peering gateway.
• Security zone (SZ) compartment: Provides a virtual cloud network (VCN) with a single private subnet. Communications through the local peering gateway are evaluated against the subnet's security list before being passed on to one of two policy-secured virtual machines (VMs) running the e-commerce application. Traffic from the VMs follows one of two paths:
  • Through a service gateway in the VCN to a vault or to policy-secured object storage.
  • To a private-endpoint autonomous database instance secured through a network security group.