OCI Network and Connectivity Architecture Components

OCI Network and Connectivity Architecture

Key considerations

  • Provide secure, high-speed connectivity between cloud resources and users and/or systems that require access
  • Maintain your security posture when running your business-critical EBS and adjacent apps in Oracle Cloud utilizing:
    • Cloud-native security
    • 3rd party security vendors such as Fortinet and Check Point Software Technologies

The primary objectives for the networking and connectivity architecture is to provide secure, high-speed connectivity between your cloud resources and any users and/or systems that would need to access those resources.

Additionally, it illustrates mechanisms by which you can design a network topology that best meets your needs, with the ability to isolate resources between bastion host, application tiers, database tiers and load balancing for security and management purposes.

For migrating EBS and database to OCI there are various networking options to choose, which you can read in this blog.

The below blog highlights design architecture for EBS running on OCI between the servers.

Cloud Network Design Models

When designing and implementing your network, the connectivity architecture is based on your requirements, and will typically fall into one of two general topologies:

  1. Distributed, which we’ll explore below under the context of a single availability domain. This architecture consists of a virtual cloud network (VCN) with the bastion, load balancer, application, and database hosts placed in separate subnets of VCN in a single AD
  2. Hub-and-spoke, which incorporates virtual security appliances. A hub-and-spoke network, often called star network, has a central component that’s connected to multiple networks around it.

Cloud Network Design Models

Accelerate EBS to OCI Case Study

Benefits this architecture can provide:

  • Isolation from other customers and your other cloud workloads
  • Network-level isolation between web/application tiers and database tiers
  • Monitoring and management access to all application and database tiers
  • Private / dedicated access from corporate campus(es) to the application via private network links
  • Ensuring low latency between cloud environment and your data center
  • Secure network access to the application via encrypted links over the public internet
  • Private network connectivity to other systems or services hosted on Oracle Cloud Infrastructure
  • Load-balancing across multiple application nodes for performance and availability

Networking & Connectivity Reference Architecture (General)

Reference Network and Connectivity Architecture

Note: Reach out to our experts for guidance on the below architectures customized to your organization:

Distributed: Network connectivity reference architecture

Distributed: Network security reference architecture

Hub-and-spoke: Fortinet Security Fabric network topology

Hub-and-spoke: Check Point CloudGuard network
topology

Virtual Cloud Network (1): Provides isolation for EBS from any other workload on Oracle Cloud. Subdivide using subnets and apply security rules to isolate and control access to resources.

Bastion host (2): The bastion host is an optional component that can be used as a jump server to access instances in a private subnet. You can also access the instances in a private subnet by using dynamic SSH tunneling.

Internal firewalls (3): A security list provides a virtual firewall for each tier, with ingress and egress rules that specify the types of traffic allowed in and out.

FastConnect: Multiple partners across the world offer dedicated network connections between customer premises and Oracle datacenters. This allows customers to access their EBS implementation as if it was running in their own datacenter.

IPSec VPN (4): For lower cost, but still secure access over existing Public Internet connections, customers may connect through the Dynamic Routing Gateway (DRG).

Load balancing (5): Pre-configured, redundant load-balancers are available on private and public subnets to balance traffic within the implementation and from external connections, respectively.

Other Key considerations for Designing an Oracle Cloud Architecture

Ensuring a successful EBS migration requires careful planning for designing the most appropriate design architecture. Below are the other considerations to learn before proceeding with your EBS to OCI Migration.

Fundamentals of a successful EBS migration

Applying best practices and reference architectures across OCI solutions

Talk to Our Migration Experts