Deploy JD Edwards EnterpriseOne with Oracle Autonomous Database on Dedicated Exadata Infrastructure

Adopting Oracle Cloud Infrastructure (OCI) enables organizations to benefit from its agility, performance, scalability, and reliability to become more dynamic and responsive to a changing business environment. Moreover, an enterprise-ready architecture is critical to the success of large organizations.

The importance of enterprise-ready architecture for the Cloud cannot be overstated, especially for businesses which continuously strive to maintain their competitive advantage in the dynamic business environment. With an enterprise-ready architecture, you can leverage the full benefits of Cloud computing while maintaining the highest levels of scalability, security, and reliability. This is crucial for operating in highly regulated industries or maintaining near-zero downtime.

OCI Enterprise-Ready Architecture is designed to help Cloud developers, architects, and administrators configure, manage, and deploy workloads in OCI by using best practices and recommendations. Additionally, it provides the tools and best practices needed to meet the unique requirements for an integrated ERP suite like Oracle’s JD Edwards EnterpriseOne which is a fully integrated ERP suite for managing customer relationships, capital-intensive assets, finances, human resources, and orders.

JD Edwards EnterpriseOne with Oracle Autonomous Database on Dedicated Exadata Infrastructure is one of the highly recommended deployments in OCI.

Oracle Autonomous Database uses groundbreaking machine learning technology to automate the entire database management lifecycle. It has self-driving, self-securing, and self-repairing capabilities and can recover itself from any glitches or failures without human intervention. It helps customers to eliminate human labor for database maintenance activities including manual tuning of rapidly increasing data and associated human error, and ensures that the database is secure with the latest operating system and database patches being applied without any downtime. The high availability and scalability of Oracle Autonomous Database ensure that there is no downtime for JD Edwards EnterpriseOne customers and provides the flexibility to adjust the database resources based on the requirements of changing business cycles. This complete automation of database and infrastructure management activities will thus provide unprecedented security and availability, reduce risks, make database management more efficient, significantly reduce administrative costs and free up time of IT professionals which can be used to focus on innovation leading to increased productivity and transforming the core areas of business for JD Edwards EnterpriseOne customers.

Additionally, OCI offers an array of over 150 cloud services ranging from infrastructure to Artificial Intelligence (AI). JD Edwards EnterpriseOne digital platform, comprised of built-in features like extensibility framework, workflow, notifications, and orchestrations, is a key enabler in customer's journey to technology innovation. OCI AI services, used in conjunction with JD Edwards EnterpriseOne Orchestrator, can be a powerful combination with a wide range of possibilities.

For example, JD Edwards EnterpriseOne Orchestrator can be used to call the OCI Object Storage service to upload files to OCI Object Storage or to call the OCI Document Understanding service to read scanned images (in this case, receipt images to an JD Edwards EnterpriseOne expense report) and extract data from them.

Using the power and flexibility of the JD Edwards EnterpriseOne Orchestrator combined with the breadth of infrastructure, utility, and AI services offered by OCI, you can imagine many new usage patterns and solutions to augment your JD Edwards EnterpriseOne system with intelligence, automation, and higher business value.

Architecture

This reference architecture delineates a high availability JD Edwards deployment in a single Availability Domain in an OCI region with Oracle Autonomous Database on Dedicated Exadata Infrastructure. The emphasis of this architecture is to provide detailed information when you are planning to deploy your JD Edwards EnterpriseOne workload on Oracle Autonomous Database on Dedicated Exadata Infrastructure.

Note:

Although it is a JD Edwards specific deployment, this reference architecture can be a good starting point for any workload with Oracle Autonomous Database on Dedicated Exadata Infrastructure.

The following diagram illustrates this reference architecture.



oracle-adb-jde-exadata-arch-oracle.zip

This deployment has a Production and two Non-Production environments. All the instances in the Production as well as Non-Production environments including load balancer, web tier, application and database are deployed in a private subnet.

In the Production environment, Presentation tier or Web tier contains four instances which are load balanced by a single Production load balancer.

Each Web tier instance consists of a single Application Interface Services (AIS) Server, Standard HTML Server (Standard HTML), and Dedicated HTML Server (Dedicated HTML). As per the recommendation, all the Web tier components are installed in each Web tier instances (or VM) and scaled horizontally by deploying redundant instances of every component. High availability can be achieved by spreading the multiple VMs across different fault domains.

The Application or middle tier contains four logic servers and batch servers. The logic server and the batch server can be hosted on the same enterprise server instance. However, it is recommended to set up the logic server and the batch server on separate enterprise server instances.

The JD Edwards EnterpriseOne application server connects to the Autonomous Database. Within the Production Autonomous VM cluster, it has a single container database and one pluggable database. Note that you can have a maximum number of five schemas distributed across one or many database instances. You can provision the database server instance with the available schemas as required. The following schemas are available for the database instance: Production (for example, PD920), Prototype (for example, PY920), Development (for example, DV920), Pristine (for example, PS920) and Shared (required).

One-Click is a Provisioning automation for OCI to accelerate the customers path to cloud. Using 'One-Click', customers must install all four namely Production, Prototype, Development and Pristine path codes along with 'Shared data source'. There is no automated way to add additional path codes post deployment. However, you can add other path codes as required using traditional On-Premise methodology.

The Non-Production section of the architecture has two environments. One is a multi-instance deployment and another is a single instance deployment for both Presentation and Middle or Application tier. Within the Non-Production Autonomous VM Cluster, we have a single container database and two pluggable databases for two Non-Production environments.

Additionally, One-Click Provisioning Server and Deployment Server are deployed in the Admin subnet. It also has an OCI Bastion which can be used for a secure SSH connectivity. Depending on your requirement, you can use either 'Self Service Bastion' or 'Bastion as a Service'. Optional JD Edwards EnterpriseOne components are hosted in the Admin subnet. Optional components are not deployed by One-Click provisioning. However, the web components can be manually added through server manager and the development client can be added in a new Microsoft Windows instance using the traditional On-Premise methodology.

This section explores the technical Architecture for Oracle Autonomous Database on Dedicated Exadata Infrastructure.

Rack Overview

The following image illustrates the rack overview for Oracle Autonomous Database on Dedicated Exadata Infrastructure.



oracle-adb-jde-exadata-rack-overview-oracle.zip

Each instance of Dedicated Exadata Infrastructure contains multiple database servers and Exadata storage servers that are connected by high-speed, low-latency network fabric. The Exadata database and storage server rack reside in an OCI region.

With elastic expansion in Exadata X8M and later series (X9M, X11M), the starting configuration is similar to a quarter rack (2 database servers and 3 storage servers), which can be expanded to up to 32 database servers and 64 storage servers to support workloads of different sizes.

Note:

Unlike the Oracle Exadata Database Service on Dedicated Infrastructure instance, Oracle Autonomous Database on Dedicated Exadata Infrastructure only needs to have a client subnet within the customer VCN. Oracle internally uses its service tenancy to route the backup traffic, as shown in the diagram above. Oracle also manages the infrastructure through the management network, which connects the database and storage server hardware.

VM Clusters Overview

The following diagram illustrates the VM Clusters overview on Dedicated Exadata Infrastructure.



oracle-adb-jde-vmclusters-oracle.zip

You can create multiple VM clusters on a single Oracle Exadata Cloud Infrastructure. This enables you to choose a specific database server within the infrastructure to host VM from the cluster. The same Oracle Exadata Cloud Infrastructure can host VM clusters supporting both the Oracle Exadata Database Service on Dedicated Infrastructure and the Oracle Autonomous Database (Oracle Autonomous Transaction Processing and Oracle Autonomous Data Warehouse). You can host up to eight VM clusters across all the database servers in your Oracle Exadata Database Service on Dedicated Infrastructure.

This diagram has two VM clusters (Production and Non-Production) with resources allocated across two database servers that are connected to three storage servers.

VMs and Database Servers Overview

The following diagram illustrates the hypervisor and database servers.



oracle-adb-jde-vms-db-servers-oracle.zip

Each Oracle Exadata database server contains one or more virtual machine guests running on a hypervisor. Oracle manages the hypervisors through the management network. Each hypervisor uses minimal resources: only 2 CPU cores (OCPUs) and 16 GB of RAM.

The client and backup networks connect to the VM guest through bonded network interfaces to maximize performance and availability, where the backup network for Autonomous VM Clusters as specified before is managed by Oracle internally.

Each VM guest has a complete Oracle Database installation including all the Enterprise Edition options, such as Oracle Database In-Memory and Oracle Real Application Clusters (RAC), as well as Oracle Grid Infrastructure. In the Autonomous cluster, we will have Autonomous Management tools. In this diagram we have shown two Autonomous Container databases (ACD1 and ACD2). One Autonomous Database (ADB1) in ACD1 and two Autonomous Databases (ADB2 and ADB3) in ACD2. Oracle manages the infrastructure through the management network, which connects the database and storage server hardware.

The architecture has the following components:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, hosting availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain shouldn't affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and Subnets

    A VCN is a customizable, software-defined network that you set up in an OCI region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. You can set a subnet to exist either in a single availability domain or across an entire region (regional subnets are recommended). A subnet can be public or private. Private means VNICs in the subnet can't have public IPv4 addresses and internet communication with IPv6 endpoints is prohibited. Public means VNICs in the subnet can have public IPv4 addresses and internet communication is allowed with IPv6 endpoints.

  • Network security group (NSG)

    NSGs act as virtual firewalls for your cloud resources. With the zero-trust security model of Oracle Cloud Infrastructure you control the network traffic inside a VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Network address translation (NAT) gateway

    A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • Internet gateway

    An internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Oracle Cloud Infrastructure FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Virtual circuit

    A virtual circuit is a layer-2 or layer-3 Ethernet VLAN that runs over one or more physical network connections to provide a single, logical connection between the router on the edge of your network and the Oracle router. Each virtual circuit is made up of information shared between the customer and Oracle, as well as an Oracle FastConnect partner (if you're connecting through an Oracle FastConnect partner). Private virtual circuits support private peering, while public virtual circuits support public peering.

  • Distributed Denial of Service (DDoS) Services

    The primary objective of the OCI DDoS protection service is to provide a highly available and scalable architecture with a defense-in-depth security model. OCI services provide DDoS attack detection and mitigation for the different DDoS layers.

    All Oracle Cloud data centers have DDoS attack detection and mitigation for high volume, Layer 3 or 4 DDoS attacks. If it sees high-volume-based attacks, it has the tools and processes to mitigate and scrub the malicious traffic. Oracle is fully managing this protection for OCI customers. These DDoS protection services from OCI help ensure the availability of Oracle network resources even under sustained Layer 3 or 4 attacks.

    Layer 7 application-layer-based attacks require something to protect the application itself. Within OCI, Oracle provides a Web Application Firewall (WAF) as part of its Cloud Security portfolio. WAF provides application-layer protection against botnets, application attacks, and DDoS attacks.

    OCI DNS is a global anycast network of multiple data centers strategically located across various continents. It leverages a mix of redundant internet transit providers for ultimate resiliency and protection against DDoS attacks.

    OCI Network Firewall service, powered by Palo Alto Networks®, gives you visibility into network traffic entering cloud environments (north-south) and between subnets (east-west). You can use the Network Firewall service with other security services to create a layered network security solution. It supports three types of Palo Alto Networks threat signatures, each designed to detect different types of threats as the firewall scans network traffic:
    • Antivirus signatures: Detect viruses and malware found in executables and file types.
    • Anti-spyware signatures: Detects command-and-control (C2) activity, where spyware on an infected client is collecting data without the user's consent and/or communicating with a remote attacker.
    • Vulnerability signatures: Detects system flaws that an attacker might otherwise attempt to exploit.
  • Service gateway

    A service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and does not traverse the internet.

  • OCI Object Storage

    The Object Storage service is an internet-scale, high-performance storage platform that offers reliable and cost-efficient data durability. The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.

    With Object Storage, you can safely and securely store or retrieve data directly from the internet or from within the cloud platform. Object Storage offers multiple management interfaces that let you easily manage storage at scale. Object Storage also supports private access from Oracle Cloud Infrastructure resources in a VCN through a service gateway. A service gateway allows connectivity to the Object Storage public endpoints from private IP addresses in private subnets. For example, you can back up Database systems to an Object Storage bucket over the OCI backbone instead of over the internet.

  • Oracle Database Autonomous Recovery Service

    Oracle Database Autonomous Recovery Service is a fully managed, standalone, and centralized cloud backup solution for OCI databases. The premium Zero Data Loss Autonomous Recovery Service provides real-time protection of the database, enabling recovery to within less than a second of when an outage or ransomware attack occurs. Now, if a ransomware attack happens, you know you are protected up to the moment before instead of having to go back to the last scheduled backup, which could have been hours ago. Select Autonomous Recovery Service as the backup destination for Oracle managed automatic backups, which is the method that Oracle recommends for backing up Oracle Cloud Databases.

Acknowledgments

  • Author: Madhusri Bhattacharya
  • Contributors: Anupama Pundpal, Nandha Kumar Thirupathi