This image shows an Oracle Cloud
Infrastructure (OCI) region with 1 availability domain (AD), 3 fault domains (FD), and 2 virtual cloud networks (VCNs). Takamol Holding
engineers connect to a zero-trust, network access tool and are authenticated through their own single sign-on before gaining
access to the virtual cloud network (VCN).
The region provides the following services:
- Oracle
Analytics Cloud (OAC)
- Oracle Cloud Advisor
- Oracle Cloud Guard
- Oracle Cloud
Infrastructure Object Storage
- Oracle Cloud Infrastructure
Registry
- Oracle Cloud Infrastructure Vault
- Oracle Cloud
Infrastructure VCN flow logs
The diagram shows the following future state regional services:
- Oracle Autonomous Data Warehouse
- Oracle Cloud
Infrastructure Search with OpenSearch
- Oracle Functions
App VCN 1: Provides the following subnets with security lists and route tables:
- Public subnet (A): Contains a distributed denial of service (DDoS) protection app and a load balancer in FD2 that handle incoming
traffic and hands it off to the Oracle Container Engine for
Kubernetes (OKE) subnet.
- Private subnet B: Ingress to the subnet is controlled by a web application firewall (WAF). The subnet includes Oracle Container Engine for
Kubernetes with application namespace pods in FD1 and 2. It includes a tools namespace with Prometheus and Grafana Loki in FD3 with
connections to object storage and OCI Registry in the Oracle Services Network. The subnet also includes Argo for continuous
integration/continuous delivery (CI/CD) to Kubernetes.
- Private subnet C: Provides a database clustering master in FD1 and a replica in each of which includes a virtual machine (VM)
running Postgres, backup storage, and a network security group (NSG).
- Private subnet D: Provides an OCI Service Connector Hub for communications between the database clusters and OAC.
Ops VCN 2: Provides the following subnets with security lists and route tables:
- Public subnet (A): Provides a front end for access to the VCN.
- Private subnet B: Ingress to the subnet is controlled by a web application firewall (WAF). The subnet includes Oracle Container Engine for
Kubernetes. The subnet also includes Argo for continuous integration/continuous delivery (CI/CD) to Kubernetes. OKE provides the following
namespaces:
- Fault domain 1: Includes a traces namespace that includes Tempo
- Fault domain 2: Includes a metrics namespace with Thanos and a vault namespace with connections to object storage and Vault
key management in the Oracle Services Network
- Fault domain 3: Includes a log namespace with scalable Loki and a monitoring namespace with Grafana
