This image shows an Oracle Cloud Infrastructure (OCI) region with 3 availability domains, a single virtual cloud network (VCN), and additional resources provided for the region.
External users and sensors access OCI from the internet as follows:
- Customers access OCI by using an Oracle Cloud Infrastructure Web Application Firewall (WAF) and an internet gateway.
- Data from log collection engines, API connectors, and Stellar Cyber's own sensors, such as network sensors, security sensors, server sensors, container sensors, and deception sensors also comes into OCI by using WAF and the internet gateway.
- Stellar Cyber engineers access resources in the Oracle Container Engine for Kubernetes (OKE) cluster by using the internet gateway. They access code repositories in the OCI region directly which feed into OCI DevOps and Oracle Cloud Infrastructure Registry before feeding into the OKE jobs pod.
The region provides the following services:
- Oracle Cloud Infrastructure Audit
- Oracle Cloud Infrastructure DevOps
- Oracle Cloud Infrastructure Domain Name Service (DNS)
- Oracle Cloud Infrastructure Email Delivery
- Oracle Cloud Infrastructure File Storage
- Oracle Cloud Infrastructure Notifications
- Oracle Cloud Infrastructure Object Storage
- Oracle Cloud Infrastructure Registry
- Oracle Cloud Infrastructure code repositories
- Oracle Cloud Infrastructure Vault
- Policies
- Web application firewall (WAF)
The VCN provides the following gateways:
- Internet gateway: Provides communications between public subnets and internet hosts.
- Network address translation (NAT) gateway: Enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.
- Service gateway: VCNs communicate with services such as object storage over the Oracle network fabric without traversing the internet.
The VCN has 2 subnets:
- Load balancer public subnet: Contains a public load balancer for customer and data-ingest traffic and an internal load balancer with Oracle Cloud Infrastructure Bastion service for Stellar Cyber engineers.
- Kubernetes private subnet: The subnet provides an Oracle Cloud Infrastructure Container
Engine for Kubernetes (OKE) cluster that spans the 3 availability domains and includes the following:
- Stream service node pool: Contains Apache Kafka and Apache Flink to ingest and enrich data
- Elastic Stack master pool: Includes Elasticsearch for data retrieval and analysis
- Elastic Stack data pool: Includes the Elasticsearch data lake which uses Oracle Cloud Infrastructure Block Volumes to store the raw data
- Microservices node pool: Includes correlation, machine learning, API, interface, and autoscaling services
- Jobs pod: includes engineer jobs and the autoscaling service