Migrate Ellucian Banner ERP in a Multiregion Deployment on Oracle Cloud
After transitioning from a small town community college to a top-six state university, an Arkansas university began modernizing its entire campus operations, migrating multiple Ellucian Banner applications, shared services, and databases to Oracle Cloud Infrastructure (OCI).
Despite its initial struggle to qualify for performance-based public funding, the university would soon surmount this challenge with the help of managed services provider Tharseo IT. Fulfilling the state's ever-changing requirements would demand that the university not only improve student completion and graduation rates, increase enrollment of under-served student groups, and make tuition more affordable, it also needed to achieve these goals with a small IT team and an even smaller budget.
Founded in 1928 as an extension of a private high school, the college's first students, faculty, and administrators swept hallways, washed windows, and painted the walls of offices, and classrooms just so the college could afford to keep the lights on. In contrast to its humble beginning, recent public funding programs have helped the university flourish, with some 6,500 students enrolling each year and contributing millions of dollars to the Arkansas state economy.
Highlights of the university's architecture include:
- Production environment is deployed in a single OCI region across three availability domains
- Ellucian Banner ERP and a Banner Document Management System (commonly known as BDMS) are deployed in an application tier in the OCI US-Ashburn region
- In addition to deploying a single production Banner pluggable database (PDB-Alpha) in OCI, a non-production database (Beta) was also deployed to support test and preproduction pluggable databases (PDBs)
- The network topology is comprised of an Ashburn-based VCN with 11 subnets
- Disaster recovery (DR) in the OCI US Phoenix region comprised of one VCN, and 11 subnets
- The DR region is peered with Ashburn by using remote peering through dynamic routing gateways (DRGs) and replicates the production application server volumes between the regions
- A jump host is used to schedule scripts for non-production VM state changes (start/stop) to minimize costs after business hours
Architecture
Tharseo helped the university move its on premises deployment of Ellucian Banner ERP (Banner) to Oracle Cloud Infrastructure (OCI) by using the following components:
- Self Service Banner (Student)
- Self Service Banner (Admin)
- Job Submission Server
- Document Manager (Xtender)
- Workflow
- Forms
- Solution Manager
- Central Authentication Service (CAS)
To control access to its OCI tenancy, the university's students, faculty, and staff access Banner through the campus network. This network is connected with two site-to-site VPN tunnels, which are set up in an active-standby configuration. Users first access the CAS server for authentication, and are then passed to their destination, depending on the Banner component they wish to access. The Banner components are spread across multiple availability domains. The CAS is in a shared services subnet where it straddles both the production and non-production environments.
An application subnet hosts the Banner components, while the management subnet is deployed to host the solution manager. A database subnet is deployed to host the Banner Database, which is deployed on OCI, using Oracle Base Database Service. An edge subnet is deployed to host a jump server.
While the system isn't currently designed for high availability, the university has created a disaster recovery plan, which includes using the OCI region in Phoenix as a warm standby.
Data volumes are replicated every 30 minutes across regions through a remote peering connection (RPC). In the event there's an outage in the primary region (OCI Region Ashburn), the university will be able to attach and boot the replicated volumes to restore the application.
Cloud Guard helps monitor the tenancy's security posture. Oracle Cloud Infrastructure Object Storage is used to store backups. The university intends to use Oracle Cloud Infrastructure File Storage to store Banner home code trees, and to configure files used by Ellucian Solution Manager, taking the place of NFS running from VMs.
Additional subnets are created (not shown) for the non-production environments. These subnets mirror the production subnets.
The following diagram illustrates the architecture:
tharseo-multiregion-architecture-oracle.zip
On the roadmap for the university are the following:
- Achieve high availability with load balancers and create additional instances across fault domains
- Implement Oracle Real Application Clusters (Oracle RAC) for high availability of the database
- Deploy a web application firewall (WAF) as an additional layer of security, The WAF can be implemented with both private and public load balancers to inspect both internal and external traffic
- Enable OCI Security Zone to provide additional monitoring of the tenancy's security posture
- Review the disaster recovery plan, implement Oracle Data Guard, replicate the database, and create site-to-site VPN tunnels from the campus network to the standby region
- Evaluate OCI Full Stack Disaster Recovery Service to automate failover processes
- Consider Oracle Cloud Observability and Management Platform (O&M) services to get more insight into the performance of the environment
The following diagram illustrates the future architecture:
Description of the illustration tharseo-multiregion-future.png
tharseo-multiregion-future-oracle.zip
The architecture has the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnets
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Route table
Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Remote peering
Remote peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.
- Network security group (NSG)
Network security group (NSG) acts as a virtual firewall for your cloud resources. With the zero-trust security model of Oracle Cloud Infrastructure, all traffic is denied, and you can control the network traffic inside a VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.
- Compute
The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- File storage
The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.
- Oracle Base Database Service
Oracle Base Database Service is an is an Oracle Cloud Infrastructure (OCI) database service that enables you to build, scale, and manage full-featured Oracle databases on virtual machines. A VM database system uses OCI Block Volumes storage instead of local storage and can run Oracle Real Application Clusters (Oracle RAC) to improve availability.
- Cloud Guard
You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
Get Featured in Built and Deployed
Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.
- Download the template (PPTX)
Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.
- Watch the architecture tutorial
Get step by step instructions on how to create a reference architecture.
- Submit your diagram
Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.
Explore More
Learn more about the features of this architecture and about related architectures.