The primary objectives for the networking and connectivity architecture is to provide secure, high-speed connectivity between your cloud resources and any users and/or systems that would need to access those resources.
Additionally, it illustrates mechanisms by which you can design a network topology that best meets your needs, with the ability to isolate resources between bastion host, application tiers, database tiers and load balancing for security and management purposes.
For migrating EBS and database to OCI there are various networking options to choose, which you can read in this blog.
The below blog highlights design architecture for EBS running on OCI between the servers.
Cloud Network Design Models
When designing and implementing your network, the connectivity architecture is based on your requirements, and will typically fall into one of two general topologies:
- Distributed, which we’ll explore below under the context of a single availability domain. This architecture consists of a virtual cloud network (VCN) with the bastion, load balancer, application, and database hosts placed in separate subnets of VCN in a single AD
- Hub-and-spoke, which incorporates virtual security appliances. A hub-and-spoke network, often called star network, has a central component that’s connected to multiple networks around it.
Benefits this architecture can provide:
- Isolation from other customers and your other cloud workloads
- Network-level isolation between web/application tiers and database tiers
- Monitoring and management access to all application and database tiers
- Private / dedicated access from corporate campus(es) to the application via private network links
- Ensuring low latency between cloud environment and your data center
- Secure network access to the application via encrypted links over the public internet
- Private network connectivity to other systems or services hosted on Oracle Cloud Infrastructure
- Load-balancing across multiple application nodes for performance and availability
Networking & Connectivity Reference Architecture (General)
Note: Reach out to our experts for guidance on the below architectures customized to your organization:
|Distributed: Network connectivity reference architecture|
Distributed: Network security reference architecture
|Hub-and-spoke: Fortinet Security Fabric network topology|
Hub-and-spoke: Check Point CloudGuard network
Virtual Cloud Network (1): Provides isolation for EBS from any other workload on Oracle Cloud. Subdivide using subnets and apply security rules to isolate and control access to resources.
Bastion host (2): The bastion host is an optional component that can be used as a jump server to access instances in a private subnet. You can also access the instances in a private subnet by using dynamic SSH tunneling.
Internal firewalls (3): A security list provides a virtual firewall for each tier, with ingress and egress rules that specify the types of traffic allowed in and out.
FastConnect: Multiple partners across the world offer dedicated network connections between customer premises and Oracle datacenters. This allows customers to access their EBS implementation as if it was running in their own datacenter.
IPSec VPN (4): For lower cost, but still secure access over existing Public Internet connections, customers may connect through the Dynamic Routing Gateway (DRG).
Load balancing (5): Pre-configured, redundant load-balancers are available on private and public subnets to balance traffic within the implementation and from external connections, respectively.
Other Key considerations for Designing an Oracle Cloud Architecture
Ensuring a successful EBS migration requires careful planning for designing the most appropriate design architecture. Below are the other considerations to learn before proceeding with your EBS to OCI Migration.