The image shows a PayPal on-premises virtual network connected to an Oracle Cloud Infrastructure (OCI) compartment that spans two regions. The compartment provides the following services:
  • Identity and access management
  • Auditing
  • Policies
  • Logging

PayPal's on-premises network includes DropZone (a home-grown Secure-FTP server), identity and access management, and connections to Teradata, Hadoop, Informatica, and SAP systems. PayPal transfers data from its on-premises data warehouse to Essbase in OCI, using a VPN, proxy services, an IP allowed list, and Oracle Cloud Infrastructure Web Application Firewall through a dynamic routing gateway (DRG).

PayPal's primary production environment runs in the Oracle Cloud region in US-Phoenix and its disaster recovery (DR) environment runs in the US-Ashburn region. The two regions communicate using remote peering connections. Each region includes a single availability domain and virtual cloud network (VCN). The VCNs have the following gateways:
  • Network address translation (NAT) gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
  • Dynamic routing gateway (DRG) (production VCN only): Provides private connectivity using IPSec VPN to the customer's data center.
  • Service gateway (production VCN only): VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet. In this case object storage is used for database backup.
The VCNs have the following public subnets with security lists to provide secure communications between subnet resources using the NAT gateway:
  • Load balancer public subnet: Includes load balancers to manage data and user traffic. Oracle Analytics Cloud runs in the production VCN only.
  • Application public subnet: Includes PayPal's Essbase servers and an Oracle Autonomous Transaction Processing (ATP) database, both replicated in the DR site.
  • Server public subnet: Includes bastion server, ETL servers, file storage for all application and bastion servers, and a SQL Developer server. The SQL Developer server runs in the production VCN only.