This image shows an Oracle Cloud Infrastructure (OCI) region with 1 availability domain.

The region provides the following services:

• Oracle Cloud Infrastructure Audit
• Oracle Cloud Infrastructure Identity and Access Management
• Oracle Cloud Infrastructure Object Storage is used for database backups
• Oracle Data Safe

Three virtual cloud networks (VCNs) with similar topologies provides environments for production, QA/UAT, and development. A fourth VCN is used as a DMZ for shared services. The VCNs are connected by local peering gateways (LPG).

Each VCN provides the following gateways:

• Dynamic routing gateway (DRG): Provides private connectivity between on-premises networks and VCNs by using Site-to-Site VPN or FastConnect. A DRG can also route traffic between VCNs for remote peering.
• Local peering gateway (LPG): VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.
• Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.

Using RedIron's virtual private network (VPN) gateway deployed in AWS, site-to-site VPNs are used to connect to each VCN by using a dynamic routing gateway (DRG). An AWS tenancy is used to provide LDAP services and monitoring services by using Zabbix. Point-of-sale (POS) systems located at retail locations connect privately by using the VPN or OCI FastConnect. Each VCN is segmented into application and database subnets. Retailers connect to the production VCN by using the DRG.

The architecture includes the following VCNs:

• Shared services VCN: The DMZ subnet provides Zabbix for monitoring performance of the retail system application and a terraform server for Ansible automation.
• Production VCN: Provides three subnets:
  • Proxy subnet: HAProxy provides load balancing, high availability, and reverse proxy capabilities for the architecture.
  • Application subnet: Includes instances for point-of-sale (POS), applications, WebLogic, business intelligence (BI), and retail analytical platform (RAP).
  • Database subnet: Provides Oracle Base Database Service licensed with Enterprise Edition-High Performance (EE-HP)
• QA/UAT VCN: Has a similar topology to the production VCN.
• Development VCN: Has a similar topology to the production VCN except without the need for HAProxy and the proxy subnet and without the need for multiple instances in the application subnet.