Copyright © 2023, 2023, Oracle and/or its affiliates.
This image shows an Oracle Cloud Infrastructure Tenancy with compartments and the following resources in the Tenancy (Root Compartment): Vulnerability Scan, Logging, Data Safe, Cloud Guard + Threat Detector, OCI Audit, Vault, OS Management, Security Zone, and OCI IAM. The Tenancy includes a Cyber-Resilience Orchestration Tier/Compartment and two regions: Region 1 and Region 2. Region 1 is air-gapped with an OCI Services Enclave. An On-Premises region outside of the root tenancy, connects to Region 1 using FastConnect through a DRG.
Region 1 hosts these compartments each with their associated policies: Security Compartment, App Compartment, Backup Compartment, Vault Compartment, and a DB Compartment.
The Security compartment is provisioned with WAF, Bastion service, and Network Firewall.
The App Compartment hosts a VCN with Object Storage and File Storage (FS) outside the VCN. The VCN hosts a Private and Public subnet each with a Compute and NSG. The Computes have arrows to the Backup and Recovery services located in the OCI Services Enclave.
The Database Compartment hosts a VCN with a private subnet with DB Vault outside the VCN. The private subnet hosts ADB, Oracle Exadata, and DBCS. Outgoing arrows lead to the Autonomous Recovery Services within the OCI Services Enclave.
The Backup Compartment hosts a VCN with a private subnet with Backup Servers Mounting/Vaulting with an arrow to the File Storage in the App Compartment and to the Compute within this subnet. Also an Oracle-Managed OS. The subnet also includes an FS with an arrow to FS (Encrypted) in the Vault Compartment. Boot, Block, and WORM OS each with an arrow to the respective Boot, Block, and WORM OS in the Vault Compartment.
The Vault Compartment hosts a VCN with a private subnet, Boot, Block, and WORM OS. FS with an arrow to FS (Encrypted) in the Vault Compartment.
Region 2 hosts a Vault Compartment identical to Region 1 with cross-region replication set up from the Vault in Region 1 to Region 2. Region 2 also hosts a Clean Room Compartment.
The Clean Room compartment hosts separate Unstructured and Structured Data Compartments each of which include a VCN and a Private subnet. The Unstructured Data Private subnet hosts a Clean Tier with 2 Computes and a Boot/Block. The compartment includes AV Scanning Integrity Checking. One Compute has an arrow pointing to the FS within the Vault Compartment. The other Compute has three outgoing arrows one each to the Boot, Block, and WORM OS in the Vault Compartment. This Compute also has an arrow to the Boot/Block within the Clean Tier private subnet.
The Safe Prod. Restore Compartment includes a Security Zone which in turn hosts an App Compartment and a DB Compartment. Each compartment has their own associated policies. The App Compartment hosts a VCN with a Public and Private subnet with with a Compute and NSG. The DB Compartment has a VCN with a private subnet with an ADB, Oracle Exadata and DBCS identical to the Structured Data Compartment wihtin the Clean Room.
The OCI Services Enclave hosts the Backup and Recovery Services which have Bronze, Silver, Gold, and Custom Backup Policies in OCI - DB, File, and Block Storage, and also the Autonomous Recovery Service. The Autonomous Recovery Services have three outgoing arrows to the ADB, Oracle Exadata, and DBCS in the Structured Data Compartment within the Clean Room. The three arrows continue into the ADB, Oracle Exadata, and DBCS within the DB Compartment in the Safe Prod. Restore Compartment.
The On-Premises region outside the tenancy hosts the Oracle DB FW Audit Vault, ZDLRA Appliance, DB Cloud Backup machine with an arrow to Oracle Exadata Database Machine, Key Vault, Apps, and Users.