This image shows an on-premises university campus network and two Oracle Cloud
Infrastructure (OCI) regions: OCI Region - Phoenix and OCI Region - Ashburn. an active region in
Phoenix (OCI Region - Phoenix) and a standby region in Ashburn OCI Region - Ashburn
connected by remote peering.
Students have internet access to the active OCI Phoenix region. Internet users connect to
the active region by using a Oracle Cloud Infrastructure Web
Application Firewall (WAF) and an internet gateway to access a Bastion host.
The on-premises campus network includes a secure login portal that uses
site-to-site VPN for students, staff, and faculty traffic to connect to OCI Region -
Phoenix. There is an active VPN and a standby VPN. OCI Region - Phoenix uses Remote
Peering through dynamic routing gateways to connect to OCI Region - Ashburn.
The Phoenix region provides 3 availability domains (AD) and the following in
the Oracle Services Network:
- Oracle Database Backup
Cloud Service
- Oracle Cloud
Infrastructure Object Storage
- Oracle Cloud Infrastructure File
Storage
- Oracle Cloud Observability and
Management Platform
The active Phoenix region provides 1 virtual cloud network (VCN) with Cloud
Guard and the following gateways:
- Internet gateway: Provides internet access from the WAF to the public
load balancers in the region.
- Dynamic routing gateway (DRG): Provides private connectivity between
on-premises networks and VCNs by using Site-to-Site VPN and Remote Peering to the
second OCI Region - Ashburn.
- Service gateway: VCNs communicate with services such as object storage
over the Oracle network fabric without traversing the internet.
Active region VCN provides 5 subnets, each with its own security list
and route table. The VCN provides 5 subnets, each with its own security list and route
table:
- Edge Subnet (External): Provides two public load balancers, an
active and standby. It also provides a Bastion host instances for authorized
access.
- Edge Subnet (Internal): Provides two private load balancers, an
active and standby.
- Shared Services subnet: Provides two instances of Banner Central
Authentication Service (CAS). CAS1 is in AD1 and CAS2 is in AD2.
- App subnet 1: Provides compute instances with specific services including in
each of the availability domains. Application data is replicated to the
associated application subnet in the disaster recovery region.
- AD1: Job Server1, Banner Admin1, Banner Document Manager
(Xtender1), and Banner Forms2.
- AD2: Banner Document Manager (Xtender2), Banner Self Service
(SSB) Student1, Banner Admin2, and Banner Workflow2
- AD3: Banner Workflow1, Banner Forms1, Banner Self Service
(SSB) Student2, and Job Server2
- Management subnet: Provides compute instances in AD1 for Banner
Solution Manager.
- Database subnet: Provides an active Oracle Base Database Service for Banner database (Oracle RAC) in AD1 and a Standby Oracle Base Database Service for Banner database (Oracle RAC) in AD2. Communication flows from the active
database in AD1 to the standby Oracle Base Database Service for Banner database in OCI Region Ashburn using Oracle Data Guard.
Transparent data encryption (TDE) is in AD1.
The Ashburn region provides 1 virtual cloud network (VCN) with Cloud Guard
and the following gateways:
- Dynamic routing gateway (DRG): Provides Remote Peering connectivity
between OCI Region - Phoenix and OCI Region - Ashburn. It also provides
Site-to-Site access to the on-premises campus network.
- Service gateway: Provides replication communication from App Subnet1 in
OCI Region - Phoenix to Volume Replicas in OCI Region - Ashburn.
Disaster recovery region VCN: Provides a DRG, Service Gateway, Maximum
Security Zone, and Cloud Guard.
The DRG supports Site-to-Site VPN communication to the on-premises campus network. It
also supports communication between the two regions.
The VCN contains the following:
- Standby Oracle Base Database Service for Banner database. Communication flows from the database in the active
region to the database in the standby region.
- App servers
- Volume Replicas. Communication flows from the App subnet in the active region to
the volume replicas in the standby region.
