Deploy an End-to-End Application Stack with Oracle Cloud@Customer
Running a full application stack, inclusive of middleware, and the database inside your data center to address data residency, security, and connectivity needs can be challenging and expensive.
Oracle Cloud@Customer provides the benefits of Oracle Cloud Infrastructure's managed cloud services to enable you to run applications faster, and lower your costs, all while maintaining complete control of your data to address data residency, security, and connectivity concerns.
With Oracle Compute Cloud@Customer and Oracle Exadata Database Service on Cloud@Customer, you can deploy and migrate workloads to a fully managed end-to-end full stack architecture that lets you run applications, middleware, and database using Oracle Cloud Infrastructure.
Architecture
Oracle Exadata Database Service on Cloud@Customer enables you to leverage the power of Oracle Exadata in the cloud. Oracle Exadata's Cloud Infrastructure scale-out architecture helps users to independently and efficiently right-size compute and storage resources to meet growing demands. Oracle Exadata Database Service on Cloud@Customer offers remote direct memory access (RDMA) over converged ethernet (RoCE) networking for high bandwidth and low latency, while using the Exadata RDMA Memory (XRMEM) for shared read acceleration, and the intelligent Exadata storage software to enable high-performance database workload processing.
Oracle Exadata cloud infrastructure deployments include built-in Oracle maximum availability architecture best practices that increase database availability. Oracle Exadata Database Service on Cloud@Customer reduces downtime and simplifies operational management by using cloud automation to conduct online scaling, patching, and provisioning of Oracle Real Application Clusters (Oracle RAC) and Oracle Active Data Guard.
Production Deployment
The following diagram shows the deployment of Oracle Compute Cloud@Customer with Oracle Exadata Database Service on Cloud@Customer for production environments.
Description of the illustration multicloud-customer-and-oci.png
multicloud-customer-and-oci.zip
Production, Non-Production, and Disaster Recovery Deployment
The following diagram illustrates this deployment for production, non-production, and disaster recovery.
multicloud-customer-and-oci-dr.zip
The architectures have the following components:
- Tenancy
A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Compartment
Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Security list
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Object storage
Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
- FastConnect
Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.
- Oracle Compute Cloud@Customer
Oracle Compute Cloud@Customer is a rack-scale, edge cloud infrastructure resource that brings next-generation cloud services to the edge, making it the ideal cloud infrastructure to modernize legacy applications and build cloud-native applications.
- Oracle Exadata Database Service
on Cloud@Customer
Oracle Exadata Database Service on Cloud@Customer provides Oracle Exadata Database Service that is hosted in your data center.
- Identity and Access Management (IAM)
Oracle Cloud Infrastructure Identity and Access Management (IAM) is the access control plane for Oracle Cloud Infrastructure (OCI) and Oracle Cloud Applications. The IAM API and the user interface enable you to manage identity domains and the resources within the identity domain. Each OCI IAM identity domain represents a standalone identity and access management solution or a different user population.
- Audit
The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Oracle Cloud Infrastructure Audit.
- LoggingLogging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:
- Audit logs: Logs related to events emitted by the Audit service.
- Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
- Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.
Recommendations
- Networking
As part of the Oracle Exadata Database Service on Cloud@Customer deployment process, you must decide on the host names and IP addresses to be used for various Oracle Exadata Database Service on Cloud@Customer network interfaces.
Oracle requires you to register the host names and IP addresses for the Oracle Exadata Database Service on Cloud@Customer client and backup network interfaces in your corporate Domain Name System (DNS).
When you launch Oracle Exadata Database Service on Cloud@Customer, you must plan to allocate a range of IP addresses to the administration network and another range of IP addresses to the RoCE network.
When planning the IP addresses, it is essential that no overlap with existing IP addresses in your corporate network is permitted between the address ranges for the administration network and the RoCE network.
When you create the Oracle Exadata Database Service Cloud Infrastructure, the Console prepopulates default values for the Administration network CIDR block and the RoCE network CIDR block. You can use the suggested CIDR blocks if there is no overlap with existing IP addresses in your corporate network.
- Security
Use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure proactively. Oracle Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.
For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, Oracle Cloud Infrastructure validates the operations against the policies in the security-zone recipe, and denies operations that violate any of the policies.
- Disaster Recovery
The DR Oracle Exadata Database Service on Cloud@Customer database is synchronized with production using Oracle Data Guard. The Oracle Exadata Database Service on Cloud@Customer standby database is a transactionally consistent copy of the primary database. Oracle Data Guard automatically maintains synchronization between the databases by transmitting and applying redo data from the primary database to the standby. In the event of a disaster in the primary region, Oracle Data Guard automatically fails over to the standby database in the secondary region. You can choose between synchronous or asynchronous data transport to the DR site, optimizing for performance or zero data loss. Oracle Data Guard also provides continuous data corruption prevention. Active Data Guard enables you to utilize active database copies for upgrades, migrations, and to offload reporting queries and backups to a remote standby.
Considerations
Review the following consideration when deploying this end-to-end application stack architecture.
- Availability
Oracle Exadata Database Service on Cloud@Customer provides built-in Oracle best practices features. Deploy your database for the best performance, availability, and security using cloud automation, and your system will be optimally configured to provide the highest service levels. It automatically deploys Oracle RAC to provide a scalable, highly available database tuned to run on the Oracle Exadata Database Service cloud platform. Oracle RAC protects from unplanned failures by spreading work across multiple database instances. In addition, it eliminates downtime for maintenance activities by automatically migrating work off the servers about to undergo maintenance to others that remain online.
Oracle Data Guard provides real-time disaster protection. Should you lose your primary database or data center, you can fail your workload over to a standby site maintained automatically by Oracle Data Guard. Oracle Exadata Database Service on Cloud@Customer makes it simple to enable Oracle Data Guard with a single API call or few clicks of the mouse in the UI using cloud automation. Likewise, the automation supports critical use cases like switching your primary database to your DR site, switching back, and re-instating your primary database after a failover.
Oracle Exadata Database Service on Cloud@Customer supports all the Oracle Maximum Availability (MAA) technologies, which form the high-availability blueprint for Oracle databases in the cloud.