Deploy a multicloud public health data management platform on Oracle Cloud
The public health department of one US state has helped residents and visitors identify health risks, prevent and control diseases, treat injuries, avoid exposure to environmental hazards, and provide equitable access to public health and human services.
Although the department had been solely responsible for collecting public health records, it previously went through third-party vendors to manage and analyze these records. Not only did this arrangement thwart efforts to visualize and interpret the data, it undermined the agency's ability to immediately act on any insights. To remedy this, the department created a multicloud "data bridge" that moves data between state agencies, the federal government, public health officials, and other stakeholders.
Highlights of the architecture include the following:
- Untethered access to data managed in a secure government cloud region on Oracle Cloud Infrastructure
- Multicloud integration between Amazon Web Services, OCI, and private clouds managed by the US Congress, and the White House
- Data Bridge platform that ingests data from individuals, schools, hospitals, pharmacies, and myriad databases and applications
- Data synchronized in real time, using Oracle GoldenGate, and stored in an Oracle Autonomous Data Warehouse
- Generate ad hoc reports on demand
- Communicate immediately with the public about imminent health risks, personalized treatment options, and available service providers
- Onboard vendors and healthcare service providers to the public health systems quickly, as new diseases and drug therapies emerge
Architecture
The first integration point is a SaaS application used by the state to track vaccinations. This application is hosted on a third-party cloud and connected through a site-to-site VPN tunnel. An Oracle GoldenGate hub is deployed in the third-party cloud, which helps pull data from the SaaS application database to an Oracle GoldenGate manager instance in the state’s OCI tenancy. The data is then stored in the staging database.
The second integration point allows various US Federal Government agencies to integrate with Oracle Autonomous Data Warehouse for reporting the state’s data at the federal level.
A third integration point integrates other state health applications that are hosted in various locations from other clouds to on-premises. These integrations also use various data integration tools to push to the staging database through Oracle GoldenGate and into the data warehouse, as needed.
The following diagram illustrates this reference architecture.
Description of the illustration tharseo-data-platform-oci-arch.png
tharseo-data-platform-oci-arch-oracle.zip
Data scientists and DBAs access the staging database and the data warehouse from the on-premises network that is connected through site-to-site VPN. Data scientists access the Oracle Autonomous Data Warehouse and run analytics through the Tableau Web Layer API.
For additional layers of security, the state agency uses firewalls deployed in various locations to enforce rules and policies, and filter network traffic. In addition to firewalls, the public health department has also implemented security lists and network security groups on the subnet in the OCI tenancy. The IP tunnels are restricted by IP addresses to ensure that only trusted source IP addresses are allowed to enter the virtual cloud network (VCN). The state uses Oracle Cloud Infrastructure Block Storage and Oracle Cloud Infrastructure File Storage for additional storage capabilities
For disaster recovery (DR), the state backs up the database frequently to Oracle Cloud Infrastructure Object Storage and offloads the backups to OCI Government Cloud Region Phoenix and on-premises to have additional copies of the backups.
The architecture has the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- Autonomous Database
Oracle Autonomous Database is a fully managed, preconfigured database environments that you can use for transaction processing and data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- GoldenGate
Oracle Cloud Infrastructure GoldenGate is a fully managed service that allows data ingestion from sources residing on premises or in any cloud, leveraging the GoldenGate CDC technology for a non intrusive and efficient capture of data and delivery to Oracle Autonomous Data Warehouse in real time and at scale in order to make relevant information available to consumers as quickly as possible.
- Oracle Base Database Service
Oracle Base Database Service enables you to maintain absolute control over your data while leveraging the combined capabilities of Oracle Database and Oracle Cloud Infrastructure. Oracle Cloud Infrastructure (OCI) offers single-node DB systems and multi-node RAC DB systems on virtual machines.
- Site-to-Site VPN
Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- File storage
The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.
- Block volume
With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.
- Data Integration
Oracle Cloud Infrastructure Data Integration is a fully managed, serverless, cloud-native service that extracts, loads, transforms, cleanses, and reshapes data from a variety of data sources into target Oracle Cloud Infrastructure services, such as Autonomous Data Warehouse and Oracle Cloud Infrastructure Object Storage. ETL (extract transform load) leverages fully-managed scale-out processing on Spark, and ELT (extract load transform) leverages full SQL push-down capabilities of the Autonomous Data Warehouse in order to minimize data movement and to improve the time to value for newly ingested data. Users design data integration processes using an intuitive, codeless user interface that optimizes integration flows to generate the most efficient engine and orchestration, automatically allocating and scaling the execution environment. Oracle Cloud Infrastructure Data Integration provides interactive exploration and data preparation and helps data engineers protect against schema drift by defining rules to handle schema changes.
- Backup/Restore
Oracle Database Backup Cloud Service is a secure, scalable, on-demand storage solution for backing up Oracle databases to Oracle Cloud. The service complements your existing backup strategy by providing an off-site storage location in the public cloud. When required, you can perform database restore and recovery using the backups stored in Oracle Cloud.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Internet gateway
The internet gateway allows traffic between the public subnets in a VCN and the public internet.
Get Featured in Built and Deployed
Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.
- Download the template (PPTX)
Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.
- Watch the architecture tutorial
Get step by step instructions on how to create a reference architecture.
- Submit your diagram
Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.
Explore More
Learn more about the features of this architecture and about related architectures.