1. Connect Oracle Cloud Infrastructure Government Cloud to Microsoft Azure over Megaport
  2. Learn About Connecting Oracle Cloud Infrastructure Government Cloud to Microsoft Azure Over Megaport

Learn About Connecting Oracle Cloud Infrastructure Government Cloud to Microsoft Azure Over Megaport

As organizations expand their cloud infrastructure to meet growing demands, the need to securely connect and transfer data between different cloud environments becomes crucial. By utilizing ExpressRoute via Megaport Cloud Router (MCR) combined with Oracle Cloud Infrastructure (OCI) FastConnect, customers can establish continuous connectivity, with dedicated bandwidth between Azure and OCI Government Cloud, enabling seamless migration, data copying, all while achieving speeds up to 10Gbps.

This Solution Playbook shows you how to connect OCI Government Cloud to Microsoft Azure by using OCI FastConnect, Megaport Cloud Router, and Azure ExpressRoute. It also helps address the compliance challenges that arise when dealing with data from non-FedRAMP regions.

Architecture

Azure ExpressRoute enables organizations to establish private connections between Azure data centers and on-premises infrastructure or co-location environments. Oracle FastConnect provides dedicated network connections between on-premises networks, co-location, and Oracle Cloud services. Megaport acts as a cloud interconnection service providing a Layer 3 capable virtual router that simplifies the setup process by acting as an intermediary between Azure ExpressRoute and Oracle FastConnect. Azure ExpressRoute enables organizations to establish private connections between Azure data centers and on-premises infrastructure or co-location environments.Megaport acts as a cloud interconnection service.

The following diagram illustrates this reference architecture.


Description of connect-azure-oci-megaport.png follows
Description of the illustration connect-azure-oci-megaport.png

connect-azure-oci-megaport-oracle.zip

This architecture contains these components:
  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • NAT gateway

    The NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

About Microsoft Azure Components Used in this Architecture

In addition to these OCI components, this architecture also includes these Azure components:

  • Azure Virtual Network

    Azure Virtual Network allows you to build a private network in Azure. A virtual network that includes virtual machines (VMs) enables many types of resources to securely communicate with each other, the internet, and on-premises networks. Although a virtual network is similar to a traditional network that you'd operate in your own datacenter, it provides extra benefits such as scale, availability, and isolation.

  • Azure VPN Gateway

    Azure VPN Gateway uses a specific type of virtual network gateway to send encrypted traffic between an Azure virtual network and on-premises locations over the public Internet. You can also use it to send encrypted traffic between Azure virtual networks over the Microsoft network. You can create multiple connections to the same VPN gateway and all VPN tunnels share the available gateway bandwidth.

  • Azure ExpressRoute

    ExpressRoute enables you to create private connections between Azure data centers and those on your on-premises infrastructure or in a colocation environment. These connections avoid the public internet and offer greater reliability, faster speeds, lower latencies, and higher security than typical connections over the internet.

For more complete details on these components, see the official Microsoft Azure documentation listed in the Explore More topic, below.

About Megaport

Megaport provides an easy way to create and manage network connections. Through the Megaport network, you can deploy private point-to-point connectivity between any of the locations on Megaport's global network infrastructure. Megaport operates and manages a global network infrastructure through Software Defined Networking (SDN). It is fast, flexible, and provides on-demand connectivity to hundreds of global services with an extensive footprint throughout Asia Pacific, North America, Europe, and the Middle East.
In this solution, you will encounter and use these Megaport features:
  • Ports

    Ports are high-speed Ethernet interfaces (1 Gbps, 10 Gbps, and 100 Gbps) that connect to the Megaport network.

  • Virtual Cross Connect (VXC)

    A VCX connects any two endpoints on the Megaport network. Generally, these connections support capacities ranging from 1 Mbps to 10 Gbps, although some high-capacity ports within the same area can support connections of up to 20 Gbps .

  • Megaport Cloud Router (MCR)

    The MCR is a virtual router for on-demand, private, Layer 3 connectivity to service providers between key global routing zones.

Recommendations

Use the following recommendations as a starting point when setting up Azure ExpressRoute to Oracle Government Cloud FastConnect and using Megaport as the partner Your requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

About OCI US Government Cloud

OCI US Government Cloud has achieved FedRAMP High JAB P-ATO accreditation, as have all the OCI and platform-as-a-service (PaaS) services generally available in those regions. OCI provides a secure platform to host service and workloads that serve the US Government, whether you’re considering cloud computing to reduce costs or improve performance. Oracle has a dedicated team and established resources ready to support your migration and help you achieve your cloud migration goals.