Leverage OCI-Managed Redis and PostgreSQL for Your E-Commerce Application
Solve your e-commerce application challenges related to speed, real-time data synchronization, data integrity, scalability, cache-database synchronization, and comprehensive transaction processing and analysis with OCI-managed Redis and PostgreSQL.
This reference architecture illustrates a modern, cloud-native application setup using Oracle Cloud Infrastructure (OCI) that leverages both Redis for caching and PostgreSQL for transactional data. The architecture demonstrates how organizations can build scalable and efficient applications by utilizing Redis as an in-memory data store to enhance performance and PostgreSQL as a robust, versatile database for handling a wide range of data workloads.
Such a dual-database approach is common in the industry, allowing for high-speed data retrieval through Redis, while ensuring data persistence and complex query handling with PostgreSQL. This setup is augmented by OCI's comprehensive suite of services that simplify management, enhance security, and improve productivity. This is a typical architecture for an e-commerce session and inventory management.
In an e-commerce application, Redis is utilized for its speedy data handling to manage user sessions and provides real-time inventory updates. User sessions, including shopping cart data, are stored in Redis for quick access during the shopping experience. Concurrently, Redis serves as a dynamic cache for inventory levels, which are adjusted instantly as customers add or remove items from their carts to ensure accurate stock information is presented. PostgreSQL underpins this setup by holding the definitive inventory records. It processes transactions and order details, ensuring data consistency and integrity. When a purchase is made, the inventory cache in Redis is synchronized, and the transaction is permanently logged in PostgreSQL, facilitating order processing and historical data analysis.
Architecture
This architecture design is well-suited for applications requiring fast data access and complex transactions, such as e-commerce platforms.
The architecture includes an autoscaling front end to manage load dynamically, a bastion host for secure access, and integrated monitoring to maintain performance and availability. The scaling capabilities made available by the cloud, combined with OCI fully managed services, make this architecture ideal for an e-commerce site.
The following diagram illustrates this reference architecture.
oci-redis-postgresql-diagram-oracle.zip
The architecture has the following components:
- Bastion service
Oracle Cloud Infrastructure Bastion provides restricted and time-limited secure access to resources that don't have public endpoints and that require strict resource access controls, such as bare metal and virtual machines, Oracle MySQL Database Service, Autonomous Transaction Processing (ATP), Oracle Container Engine for Kubernetes (OKE), and any other resource that allows Secure Shell Protocol (SSH) access. With Oracle Cloud Infrastructure Bastion service, you can enable access to private hosts without deploying and maintaining a jump host. In addition, you gain improved security posture with identity-based permissions and a centralized, audited, and time-bound SSH session. Oracle Cloud Infrastructure Bastion removes the need for a public IP for bastion access, eliminating the hassle and potential attack surface when providing remote access.
- PostgreSQL service
Oracle Cloud Infrastructure Database with PostgreSQL is a managed PostgreSQL service that frees up your team from routine tasks, such as patching and backups. Its standout feature is OCI Database optimized storage, which boosts system resilience and performance. Additionally, this architecture allows for independent scalability of compute and storage. OCI Database with PostgreSQL also provides enhanced data security with end-to-end encryption.
- Cache with Redis
Oracle Cloud Infrastructure Cache with Redis is a comprehensive, managed-in-memory caching solution built on the foundation of open source Redis. This fully managed service accelerates data reads and writes, significantly enhancing application response times and database performance to provide an improved customer experience.
Recommendations
- VCN
When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.
Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.
After you create a VCN, you can change, add, and remove its CIDR blocks.
When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.
- Cloud Guard
Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public.
Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations.
You can also use the Managed List feature to apply certain configurations to detectors.
- Security Zones
For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, Oracle Cloud Infrastructure validates the operations against the policies in the security-zone recipe, and denies operations that violate any of the policies.