About This Architecture

OCI VCN with core-distribution-access three-layer architecture spans DMZ, app, SFTP, data, integration, and observability subnets across 10.0.0.0/16 in us-ashburn-1 region. Internet traffic flows through Internet Gateway, WAF/DDoS protection, and OCI Public Load Balancer to Ubuntu app servers running Docker, React, and Spring Boot, which connect to PostgreSQL DB, Redis cache, and OCI API Gateway for external integrations. Bastion Service provides secure admin access; SFTP instances handle Oracle HCM data transfers; PostgreSQL, Object Storage, and File Storage comprise the data tier with encryption via Vault and monitoring via Data Safe. OCI Monitoring, Logging, Log Analytics, APM, and Flow Logs provide full observability across all tiers and NSGs. Fork this diagram on Diagrams.so to customize subnets, add additional regions, or adapt security policies for your production workload. This architecture demonstrates OCI best practices for defense-in-depth, least-privilege access, and comprehensive audit trails.

People also ask

How do I design a secure, multi-tier OCI VCN architecture with proper network segmentation and observability?

This diagram shows a production OCI VCN using core-distribution-access layering: the core tier includes PostgreSQL, Redis, and storage; the distribution tier routes traffic via API Gateway and Integration Service; the access tier provides Internet Gateway, WAF/DDoS, load balancer, and Bastion Service for secure admin access. All tiers are monitored via OCI Monitoring, Logging, and APM.