This image shows a secure architecture for OCI cyber resilience, organized into compartments and shows the flow of data, network segmentation, and key OCI services.

Network Compartment: Hosts OCI Network Hub VCN (Virtual Cloud Network) compartment which hosts a "Firewall Subnet" that includes a Firewall Compute Appliance or Oracle-managed Firewall service.

• The firewall connects to an "Internet Gateway" (for inbound/outbound internet traffic) and a "DRG" (Dynamic Routing Gateway) for connections between compartments.
• DRG attachments link to the Application and Database Compartments.

Application Compartment: Hosts Applications VCN with an Application subnet.

• Two App Compute Instances (virtual machines or containers)
• OCI File Storage
• DRG Attachment (connection to network using the DRG)
• Service Gateway (connection to Oracle Services Network)

Database Compartment: Hosts the Database VCN with a Database Subnet hosting three services:

• Oracle Autonomous Database on Dedicated Exadata Infrastructure
• Oracle Exadata Database Service
• Oracle Base Database Service

The DRG Attachment connects to the Internet gateway using the DRG. The compartment connects to the Oracle Services Network using the Sevice Gateway.

Oracle Services Network

• Receives connectivity from the Service Gateways of Application, Database, and Vault compartments.
• Hosts these central services:
  • Oracle Zero Data Loss Autonomous Recovery Service (ZDLRS)
  • Cloud Guard
  • Oracle Access Governance

Security Compartment: Hosts OCI security-related services, including:

• OCI Vault and Keys
• OCI Vulnerability Scanning Service
• OCI Logging
• Alarms
• OCI Events Service
• OCI Notifications
• Topic

Flow and Connectivity

• OCI connects to the Internet using the Internet Gateway into Network Hub VCN.
• DRG manages traffic between Network, Application, and Database Compartments.
• Service Gateways provide secured connectivity to essential Oracle Services.
• Roles and policies in the root compartment govern access and orchestration.