1. ChainSys: Deploy a smart data platform on Oracle Cloud to move application data on demand
  2. ChainSys: Deploy a Smart Data Platform on Oracle Cloud to Move Application Data on Demand

ChainSys: Deploy a Smart Data Platform on Oracle Cloud to Move Application Data on Demand

Decision paralysis due to unreliable data and a lack of analytics tools caused avoidable delays in making critical decisions that cost businesses an average of $1.4 million in profit in 2021.

To help companies gain confidence in their data and to make more accurate decisions faster, ChainSys runs its Smart Data Platform on Oracle Cloud Infrastructure (OCI), enabling companies to migrate, integrate, catalog, and analyze their enterprise application data on demand. Founded in 1998 in Grand Ledge, MI, ChainSys helps its clients to centralize data across on-premises and cloud environments by unifying discrete data models and object sets, collecting data from machines, sensors, and other devices, and then providing real-time analytics. The company's Smart Data Platform also helps its clients to cleanse their data stored in data lakes, to apply data governance models, and to create data catalogs, making the data easily searchable, while maintaining the data's lineage, entity relationships, business glossaries, compliance, and virtualization capabilities.

The core products that ChainSys offers include:

  • dataZap for data movement: Performs data migration, data integration, and data reconciliation
  • dataZen for data quality: Enables data quality management, master data management, and data governance
  • dataZense for data analytics: Data analytics, data visualization, and data cataloging

The ChainSys architecture is a multitenant architecture that supports cloud and hybrid cloud deployments in a customer's tenancy. Highlights of the ChainSys deployment on OCI include:

  • PostgreSQL databases are used for data movement and are partitioned into separate schemas for each customer.
  • Virtual machines in the application (APP) subnet perform data integration, migration, extract transform load (ETL), reporting, visualization and dash-boarding, caching, and scheduling.
For its future state environment, ChainSys is also looking to do the following:
  • Deploy Oracle Cloud Infrastructure Web Application Firewall (WAF) to allow ChainSys customers to access the Smart Data Platform with greater security without having to maintain independent IPSec tunnels. The WAF provides both network-level and application-level security to help protect web applications from cyber attacks and other threats.
  • Move their PostgreSQL database to Oracle Autonomous Database to allow ChainSys to take advantage of Autonomous Database's autoscaling, self-patching, self-recovery, and automated backup features. Autonomous Database is offered to customers that prefer Oracle Database.
  • Adopt Maximum Security Zones to ensure that any new resources deployed are subject to maximum security configuration practices and to prevent exposing resources to areas of the network that should not have visibility or access.

Architecture

The ChainSys architecture is a multitenant architecture and can be deployed as a hybrid cloud option in a customer tenancy. This architecture shows the multitenant option.

The ChainSys architecture spreads functions and roles across multiple virtual machine (VM) instances. For each customer, ChainSys creates a unique, load balanced URL hosted on the web node instances. From a user perspective, this allow customers to access the the ChainSys Smart Data Platform to begin managing their data. In the DMZ subnet, there are additional virtual machines for data redirection (Collaborator) and API exposure (Publisher). These VMs interact with the external systems as well as with internal systems in the application (APP) subnet. After Collaborator or Publisher determines where to redirect the data, virtual machines in the application subnet perform data integration, migration, extract transform load (ETL), reporting, visualization and dash-boarding, caching, and scheduling.

In this architecture, PostgreSQL databases are used for data movement. For a multi-tenancy deployment, each database is partitioned into separate schemas for each customer. The databases are configured in an active-standby configuration. If system integrations are required, VPNs with IPSec tunnels are created during configuration to provide for secure connections from source systems to target systems. The source and target systems can include on-premises systems, private clouds, and public clouds.

Using Oracle Cloud Infrastructure Monitoring, Logging, Alarms, and Events, Chainsys is able to monitor the environment performance, health, and status to ensure that the systems are functioning properly and that they can proactively remedy any issues that may arise.

The following diagram illustrates the data flow through this reference architecture.


Description of chainsys-oci-flow.png follows
Description of the illustration chainsys-oci-flow.png

chainsys-oci-flow-oracle.zip

The following diagram illustrates this reference architecture.


Description of chainsys-oci-arch.png follows
Description of the illustration chainsys-oci-arch.png

chainsys-oci-arch-oracle.zip

While remaining true to its architectural principles, ChainSys is looking to further enhance its OCI implementation. In a future state architecture, ChainSys plans to take advantage of Oracle Cloud Infrastructure Web Application Firewall (WAF). This will allow ChainSys customers to access the Smart Data Platform with greater security and without having to maintain independent IPSec tunnels. The WAF provides both network-level and application-level security to help protect web applications from cyber attacks and from other threats.

Although not shown in the current state architecture, customers have the option of using Oracle Autonomous Database to store meta, datamart, and couch databases. ChainSys also plans to add Oracle Cloud Infrastructure Data Science, Oracle Analytics Cloud, and Oracle Cloud Infrastructure AI to the platform.

To provide a layer of security, ChainSys is looking to deploy OCI Security Zones. OCI Security Zones allow ChainSys to maintain a security posture and to prevent misconfigurations.

The following diagram illustrates the future state reference architecture.


Description of chainsys-oci-future.png follows
Description of the illustration chainsys-oci-future.png

chainsys-oci-future-oracle.zip

The architecture has the following components:

  • Tenancy

    A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Fault domains

    A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Site-to-Site VPN

    Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • Load balancer

    The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

  • Compute

    The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

Get Featured in Built and Deployed

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

  1. Download the template (PPTX)

    Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

  2. Watch the architecture tutorial

    Get step by step instructions on how to create a reference architecture.

  3. Submit your diagram

    Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.

Explore More

Learn more about the features of this architecture and about related architectures.

Acknowledgments

  • Authors: Robert Huie, Sasha Banks-Louie
  • Contributors:

    Oracle Extended Team: Puneet Khanna, Yianni Voyiatzis, Robert Lies

    Chainsys Team: Philip Viyagappa