The image shows an architecture that includes the customer's on-premises
network, Public internet data, an OCI Region, Customer SaaS, and Palantir Shared
Services and how they functional work together.
The following describes the components within each section of the
architecture and the flow:
- Customer Network contains the following, with all data flowing to a
Palantir on-premises agent:
- Source DB (database)
- Source FS (file system)
- Source app (application)
- Data Lake
- Customer Console users
- Public Internet Data sources are from public API and other cloud service
provider (CSP) object storage.
- Customer SaaS with NetSuite, Fusion applications, OPERA PMS, and Oracle
Healthcare
- The following Palantir shared services:
- Palantir management plane with a two-way connection to the VPN
gateway.
- Apollo upgrade and telemetry with a two-way connection to the
NAT gateway.
- Audit SIEM with a two-way connection to the NAT gateway.
- The OCI Region has the following:
- An Oracle Services Enclave with the following: Oracle
Integration with Adapters, OCI GenAI, OCI Object Storage, OCI Data Science,
and Oracle Analytics Cloud
- OCI Shared Services with the following: OCI Logging, OCI IAM,
OCI Events Service, Oracle Cloud Guard, OCI Vault, and OCI Monitoring
- Three Availability Domains, each with a persistent volume.
Availability Domain 1 has three Fault Domains (FD).
- A VCN spans all three availability domains and has a public and
private subnet. An Internet Gateway, VPN Gateway, Service Gateway, and NAT
Gateway.
- The Public Subnet (10.0.0.0/20) contains the following:
- Availability Domain 1: Egress Router with a static IP in FD1 and
FD3
- Availability Domain 1: Ingress NLB in FD2
- Availability Domain 2: Ingress NLB
- Availability Domain 3: Ingress NLB
- The Private Subnet (10.0.16.0/20) OpenShift DP and a balance pool that spans all 3
availability domains and contains the following:
- Availability Domain 1: Workers in FD1 and FD3. Data flows
bi-directionally between the egress router in the public subnet and the
workers in the private subnet.
- Availability Domain 1: GPU Workers in FD2. Data flows
bi-directionally between the ingress router in the public subnet and the
workers in FD2 in the private subnet.
- Availability Domain 2: Workers. Data flows bi-directionally
between the ingress NBL router in the public subnet and the workers in AD2
in the private subnet.
- Availability Domain 3: Workers. Data flows bi-directionally
between the egress router in the public subnet and the workers in AD3 in the
private subnet.
- The private subnet also contains an OpenShift CP in Availability Domain
1 (FD1, FD2, and FD3), and Availability Domain 2 and 3.
Data flows as follows from the Oracle Services Enclave:
- Bi-directionally, through the Service Gateway between the VCN and
the services in the enclave.
- From OCI Data Science to customer data scientists
- From Oracle Analytics Cloud to customer analytics users.
- From Customer SaaS (NetSuite, Fusion applications, OPERA PMS, and
Oracle Healthcare) to Oracle Integration with adapters and to the Internet
gateway.
