Learn more about Construction Specialties' journey to Oracle Cloud:

In a private subnet within its virtual cloud network (VCN) on Oracle Cloud Infrastructure, Construction Specialties provides some 300 product owners, sales reps, and IT teams with role-based access to private folders, which are authenticated using Oracle Cloud Infrastructure Identity and Access Management (IAM).

Using the native ODBC and JDBC transformations in Oracle Data Integrator (ODI), the company's product and sales data including bookings, orders, invoices, inventory, backlog, and quotes data are pulled from multiple Oracle SaaS applications, AS/400 ERP, Salesforce CPQ, databases, and spreadsheets and then loaded into an Oracle Autonomous Data Warehouse. More than 250 reports are now being migrated from various spreadsheets, SSRS, iDashboards, and Power BI to Oracle Analytics Cloud, and new dashboards are currently being created. After being trained on Oracle's BI RPD visualization techniques, users are able to instantly run visualizations and reports in Oracle Analytics Cloud (and Oracle Analytics Cloud Mobile), accessing metadata, logical schemas, physical schemas, physical-to-logical mappings, and other constructs on demand.

While all of the company's systems are split between production, user acceptance testing, and development, only database administrators (DBAs) are allowed to run ad hoc queries. The system is currently sized for up to 10 concurrent users. As more users are migrated to Oracle Analytics Cloud (OAC), Construction Specialties plans to provision four to six additional CPUs.

In addition to the default security available in Oracle Autonomous Data Warehouse and Oracle Analytics Cloud, Construction Specialties also uses Oracle IAM to authenticate all internal users of the Oracle Cloud Infrastructure environment. Users authenticate to the system through Okta which is a third-party identity provider that is integrated with IAM to provide Single Sign-On (SSO).

The following diagram illustrates this reference architecture.

Description of the illustration construction-specialties-oci.png

construction-specialties-oci-oracle.zip

The architecture has the following components:

• Tenancy

  A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for Oracle Cloud Infrastructure. You can create, organize, and administer your resources in Oracle Cloud within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.

• Region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Identity and access management (IAM)

  Oracle Cloud Infrastructure Identity and Access Management (IAM) enables you to control who can access your resources in Oracle Cloud Infrastructure and the operations that they can perform on those resources.

• Policy

  An Oracle Cloud Infrastructure Identity and Access Management policy specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy.

• Audit

  The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Oracle Cloud Infrastructure Audit.

• Logging
  Logging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:

  • Audit logs: Logs related to events emitted by the Audit service.
  • Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
  • Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.
• Cloud Guard

  You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.

• Availability domain

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

• Virtual cloud network (VCN) and subnets

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Security list

  For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

• Route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

• Site-to-Site VPN

  Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• Service gateway

  The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

• Autonomous Data Warehouse

  Oracle Autonomous Data Warehouse is a self-driving, self-securing, self-repairing database service that is optimized for data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

• Analytics

  Oracle Analytics Cloud is a scalable and secure public cloud service that empowers business analysts with modern, AI-powered, self-service analytics capabilities for data preparation, visualization, enterprise reporting, augmented analysis, and natural language processing and generation. With Oracle Analytics Cloud, you also get flexible service management capabilities, including fast setup, easy scaling and patching, and automated lifecycle management.

• Object storage

  Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

Want to show off what you built on Oracle Cloud Infrastructure? Care to share your lessons learned, best practices, and reference architectures with our global community of cloud architects? Let us help you get started.

1. Download the template (PPTX)

   Illustrate your own reference architecture by dragging and dropping the icons into the sample wireframe.

2. Watch the architecture tutorial

   Get step by step instructions on how to create a reference architecture.

3. Submit your diagram

   Send us an email with your diagram. Our cloud architects will review your diagram and contact you to discuss your architecture.

Learn more about the features of this architecture.

• Best practices framework for Oracle Cloud Infrastructure

• Oracle Cloud Infrastructure Documentation

• Authors: Sasha Banks-Louie, Jay Lakumb, Bibek Guragain, Chris Wells
• Contributor: Robert Lies