Deploy a Multitier Application Stack on a VMware SDDC Connected to an Autonomous Database

Deploy your VMware workloads in the public cloud while maintaining full control of the environment, by using Oracle Cloud VMware Solution, a fully certified and supported software-defined data center (SDDC) solution developed jointly by Oracle and VMware.


This reference architecture shows a 3-tier application stack in Oracle Cloud Infrastructure with the application tier deployed in a VMware SDDC that's created by using Oracle Cloud VMware Solution. A load balancer receives requests from clients and distributes them to VMs running in the VMware SDDC. The application uses an autonomous database.

The following diagram illustrates this reference architecture.

The architecture has the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you place Compute instances across multiple fault domains, applications can tolerate physical server failure, system maintenance, and many common networking and power failures inside the availability domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a software-defined network that you set up in an Oracle Cloud Infrastructure region. VCNs can be segmented into subnets, which can be specific to a region or to an availability domain. Both region-specific and availability domain-specific subnets can coexist in the same VCN. A subnet can be public or private.

    In this architecture, the load balancer (LB), the bare-metal compute instances in the application tier, and the database are in separate subnets that you specify. Within the application tier, the VMs that host the application are attached to a VMware NSX-T overlay network connecting to the edge uplink VLAN.

    The following diagram shows the network architecture:

    The architecture shows the following example configuration:
    • VCN:
    • Public subnet for the LB:
    • Private subnet for Oracle Cloud VMware Solution:
    • Private subnet for the autonomous database:
    • VMware NSX-T overlay network for the VMs:
    In this example, the traffic to and from the VMs is controlled using route rules and a network security group (NSG).
    • A routing rule for the LB subnet directs traffic destined for the VMware NSX-T overlay network through the VMware NSX uplink VIP
    • The NSG for the VMware NSX uplink VIP contains the following security rules:
      • An ingress rule to allow TCP/443 traffic from the LB subnet
      • An egress rule to allow TCP/1522 traffic to the DB subnet
  • Network security group

    Network security groups (NSGs) act as virtual firewalls for your compute instances. With the zero-trust security model of Oracle Cloud Infrastructure, all traffic is denied, and you can control the network traffic inside the VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside the VCN, typically through gateways.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the backend.

  • VMware vSphere (ESXi)

    VMware vSphere ESXi is an enterprise-class, type-1 hypervisor. In this architecture, the hypervisor runs on bare metal compute instances that use the bare metal DenseIO shape, providing a strong foundation for the entire SDDC.

  • Virtual machines

    The virtual machines (VMs) in this architecture run on the VMware ESXi hypervisor. You can choose the guest operating system of the VMs, and you can specify the CPU and memory required. For example, you can deploy a simple Python Flask application running on CentOS 8 on VMs that have two CPUs and 2 GB of RAM.

  • Autonomous database

    Oracle Autonomous Database provides an easy-to-use, fully autonomous database that scales elastically, delivers fast query performance, and requires no database administration.


Use the following recommendations as a starting point to deploy your workloads to a VMware SDDC in Oracle Cloud Infrastructure. Your requirements might differ from the architecture described here.

  • VCN

    When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Using the Classless Inter-Domain Routing (CIDR) notation, specify a subnet mask and a network address range that's large enough for the required IP addresses. Use an address range that's within the standard private IP address space.

    Select an address range that doesn’t overlap with your on-premises network, so that you can set up a connection between the VCN and your on-premises network, if necessary.

    After you create a VCN, you can't change its address range.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

    Use regional subnets.

    The VCN represents the data center underlay network for hosting a VMware SDDC cluster. Oracle Cloud VMware Solution creates the subnets and the VLAN required for the SDDC cluster. Alternatively, you can use existing an subnet and VLAN for the SDDC. If you use an existing subnet and VLAN, the administrator should create all the VLANs and required network security rules beforehand.

    Optionally, you can provide an NSX workload CIDR, if this CIDR is known. Oracle Cloud VMware Solution creates an NSX overlay segment, and an NSX distributed port group called workload is created in the VMware vCenter server.

  • Compute instances for the VMware ESXi hypervisor

    Oracle Cloud VMware Solution supports both the addition and deletion of hypervisor host capacity to the SDDC cluster. So, you can start small and scale as required. For healthy cluster functioning, an SDDC cluster requires a minimum of three nodes, and you can scale up to 64 hosts in a given SDDC cluster. To identify the ESXi hosts that belong to an SDDC cluster, you can define user-friendly prefixes for ESXi compute instances.

    Currently, only the BM.DenseIO2.52 shape is supported to run a VMware SDDC on Oracle Cloud Infrastructure. The VMware vSphere cluster in Oracle Cloud VMware Solution offers 3-node ESXi clusters, providing 156 OCPUs and 2.25 TB of memory, and can be scaled up to 64 nodes in a cluster. Oracle Cloud Infrastructure manages the high availability of the bare metal compute instances that host the hypervisor.

  • Network security groups (NSGs)

    Oracle recommends using NSGs rather than security lists, because NSGs enable you to separate the VCN's subnet architecture from the security requirements of your application. In the reference architecture, all the network communication between the load balancer, VMs, and the database is controlled through NSGs.


When implementing a VMware-based SDDC in Oracle Cloud Infrastructure, consider these design options.

  • Performance

    You can vertically scale the amount of CPU and RAM of the VMs based on the resource requirements of your application.

  • Availability

    Oracle Cloud VMware Solution incorporates the VMware-recommended best practices for high availability.

    The VMware components are distributed across different fault domains within a given Oracle Cloud Infrastructure region’s availability domain.