Deploy a Multicloud Public Health Data Management Platform on Oracle Cloud
In Washington, D.C., DC Health has helped residents and visitors identify health risks, prevent and control diseases, treat injuries, avoid exposure to environmental hazards, and provide equitable access to public health and human services.
Although DC Health had been solely responsible for collecting public health records, it previously went through third-party vendors to manage and analyze these records. Not only did this arrangement thwart efforts to visualize and interpret the data, it undermined the agency's ability to immediately act on any insights. To remedy this, the DC Health created a multicloud "data bridge" that moves data between state agencies, the federal government, public health officials, and other stakeholders.
Highlights of the architecture include the following:
- Untethered access to data managed in a secure government cloud region on Oracle Cloud Infrastructure
- Multicloud integration between Amazon Web Services, OCI, and private clouds managed by the US Congress, and the White House
- Data Bridge platform that ingests data from individuals, schools, hospitals, pharmacies, and myriad databases and applications
- Data synchronized in real time, using Oracle GoldenGate, and stored in an Oracle Autonomous Data Warehouse
- Generate ad hoc reports on demand
- Communicate immediately with the public about imminent health risks, personalized treatment options, and available service providers
- Onboard vendors and healthcare service providers to the public health systems quickly, as new diseases and drug therapies emerge
Architecture
The first integration point is a SaaS application used by the state to track vaccinations. This application is hosted on a third-party cloud and connected through a site-to-site VPN tunnel. An Oracle GoldenGate hub is deployed in the third-party cloud, which helps pull data from the SaaS application database to an Oracle GoldenGate manager instance in the state’s OCI tenancy. The data is then stored in the staging database.
The second integration point allows various US Federal Government agencies to integrate with Oracle Autonomous Data Warehouse for reporting the state’s data at the federal level.
A third integration point integrates other state health applications that are hosted in various locations from other clouds to on-premises. These integrations also use various data integration tools to push to the staging database through Oracle GoldenGate and into the data warehouse, as needed.
The following diagram illustrates this reference architecture.
Description of the illustration tharseo-data-platform-oci-arch.png
tharseo-data-platform-oci-arch-oracle.zip
Data scientists and DBAs access the staging database and the data warehouse from the on-premises network that is connected through site-to-site VPN. Data scientists access the Oracle Autonomous Data Warehouse and run analytics through the Tableau Web Layer API.
For additional layers of security, the state agency uses firewalls deployed in various locations to enforce rules and policies, and filter network traffic. In addition to firewalls, DC Health has also implemented security lists and network security groups on the subnet in the OCI tenancy. The IP tunnels are restricted by IP addresses to ensure that only trusted source IP addresses are allowed to enter the virtual cloud network (VCN). The state uses Oracle Cloud Infrastructure Block Storage and Oracle Cloud Infrastructure File Storage for additional storage capabilities
For disaster recovery (DR), the state backs up the database frequently to Oracle Cloud Infrastructure Object Storage and offloads the backups to OCI Government Cloud Region Phoenix and on-premises to have additional copies of the backups.
The architecture has the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for OCI. You can create, organize, and administer your resources on OCI within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An OCI region is a localized geographic area that contains one or more data centers, hosting availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain shouldn't affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnets
A virtual cloud network (VCN) is a customizable, software-defined network that you set up in an OCI region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping classless inter-domain routing (CIDR) blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Service
gateway
A service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and does not traverse the internet.
- OCI Object Storage
OCI Object Storage provides access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store data directly from applications or from within the cloud platform. You can scale storage without experiencing any degradation in performance or service reliability.
Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- Oracle Autonomous Database
Oracle Autonomous Database is a fully-managed, preconfigured database environment that you can use for transaction processing and data warehousing workloads. You do not need to configure or manage any hardware, or install any software. OCI handles creating, backing up, patching, upgrading, and tuning the database.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that is allowed in and out of the subnet.
- GoldenGate
Oracle GoldenGate Cloud Service is a fully-managed service that allows data ingestion from sources residing on premises or in any cloud. It leverages the GoldenGate Change Data Capture (CDC) technology for non-intrusive and efficient capture of data and delivery to Oracle Autonomous Data Warehouse in real time and at scale.
- Oracle Base Database Service
Oracle Base Database Service enables you to maintain absolute control over your data while leveraging the combined capabilities of Oracle Database and Oracle Cloud Infrastructure. Oracle Cloud Infrastructure (OCI) offers single-node DB systems and multi-node RAC DB systems on virtual machines.
- OCI Site-to-Site VPN
OCI Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs on OCI. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- OCI File Storage
Oracle Cloud Infrastructure File Storage provides a durable, scalable, secure, enterprise-grade network file system. You can connect to OCI File Storage from any bare metal, virtual machine, or container instance in a VCN. You can also access OCI File Storage from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.
- OCI Block Volumes
With Oracle Cloud Infrastructure Block Volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.
- Data Integration
Oracle Cloud Infrastructure Data Integration is a fully managed, serverless, cloud-native service that extracts, loads, transforms, cleanses, and reshapes data from a variety of data sources into target Oracle Cloud Infrastructure services, such as Autonomous Data Warehouse and Oracle Cloud Infrastructure Object Storage. ETL (extract transform load) leverages fully-managed scale-out processing on Spark, and ELT (extract load transform) leverages full SQL push-down capabilities of the Autonomous Data Warehouse in order to minimize data movement and to improve the time to value for newly ingested data. Users design data integration processes using an intuitive, codeless user interface that optimizes integration flows to generate the most efficient engine and orchestration, automatically allocating and scaling the execution environment. Oracle Cloud Infrastructure Data Integration provides interactive exploration and data preparation and helps data engineers protect against schema drift by defining rules to handle schema changes.
- Backup/Restore
Oracle Database Backup Cloud Service is a secure, scalable, on-demand storage solution for backing up Oracle databases to Oracle Cloud. The service complements your existing backup strategy by providing an off-site storage location in the public cloud. When required, you can perform database restore and recovery using the backups stored in Oracle Cloud.
- Dynamic routing gateway
(DRG)
The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another OCI region, an on-premises network, or a network in another cloud provider.
- Internet
gateway
An internet gateway allows traffic between the public subnets in a VCN and the public internet.
Explore More
Learn more about the features of this architecture and about related architectures.