Learn more about 3i Infotech's journey to Oracle Cloud:

To deploy its NuRe Desk platform on Oracle Cloud Infrastructure (OCI), 3i Infotech built a three-tier architecture, consisting of two Linux gateway web servers, two Microsoft Windows broker servers, and two Microsoft Windows remote desktop servers, all running in a private subnet on virtual machines in OCI.

Users access the NuRe Desk platform either by using a virtual private network (VPN) or a public web browser and transport layer security (TLS) certificates, also known as secure sockets layers (SSLs). After entering into a public subnet on 3i Infotech's virtual cloud network (VCN), users are authenticated by a Microsoft Windows Active Directory from their own VPN, or through an integrated read-only domain controller. Once authenticated, users are then routed through an Oracle Flexible Network Load Balancer to the private subnet where they can start their remote desktop sessions.

While the first two tiers provide authenticated users with high availability and failover protection for their remote desktop sessions, the third tier serves as a dedicated desktop setup including hypervisors to make certain that resources, such as memory and compute are readily available on demand. Each tier in the private subnet is also protected by Oracle Identity and Access Management, which provides an additional layer of user authentication.

Whether 3i Infotech's customers are using a session-based host or a dedicated desktop, users can choose from multiple storage options to store their workloads on OCI. For example, users can share documents with other users in file storage, archive file folders in object storage, and store data drives in block storage.

3i-infotech-oci-oracle.zip

The architecture has the following components:

• Region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Compartment

  Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

• Identity and access management (IAM)

  Oracle Cloud Infrastructure Identity and Access Management (IAM) enables you to control who can access your resources in Oracle Cloud Infrastructure and the operations that they can perform on those resources.

• Availability domain

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

• Fault domain

  A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.

• Virtual cloud network (VCN) and subnets

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Security list

  For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

• Site-to-Site VPN

  Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• Network address translation (NAT) gateway

  A NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

• Internet gateway

  The internet gateway allows traffic between the public subnets in a VCN and the public internet.

• Virtual Machine

  The Oracle Cloud Infrastructure Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.

• Load balancer

  The Oracle Cloud Infrastructure Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.

• File storage

  The Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in a VCN. You can also access a file system from outside the VCN by using Oracle Cloud Infrastructure FastConnect and IPSec VPN.

• Object storage

  Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

• Block volume

  With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

1. Download the template (PPTX)

   Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

2. Watch the architecture tutorial

   Get step by step instructions on how to create a reference architecture.

3. Submit your diagram

   Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.

Learn more about the features of this architecture.

• Best practices framework for Oracle Cloud Infrastructure
• Oracle Cloud Infrastructure documentation

• Authors: Sasha Banks-Louie, Moe Khan, Hassan Ajan
• Contributor: Robert Lies