In this reference architecture, the production database is deployed in OCI US-East (Ashburn) and applications are deployed in AWS US-East (N.Virginia) and GCP US-East (Ashburn). Dedicated connectivity utilizing OCI FastConnect was essential. Equinix, an OCI FastConnect partner, was engaged to cross connect OCI workloads to AWS and GCP in the same region.

In this example, the customer used Equinix Fabric to connect OCI FastConnect to AWS Direct Connect and Google Interconnect directly. Network latency tested at 2-4 ms between OCI and AWS, and between OCI and GCP in Ashburn.

A similar multicloud connection can be setup by any OCI FastConnect provider that serves the data center location, such as Megaport, AT&T, Lumen, NTT, Verizon, or any meetme floor with a telecom exchange provider.

This solution is applicable for a hybrid cloud scenario where the customer data center is co-located with the OCI data center or within 30-40 miles of the vicinity.

Multicloud Split-Stack architecture

The Production database is deployed on OCI in Autonomous Database for transactional processing. OCI GoldenGate replication is staged in a separate subnet to be used on demand between sites. Customer IT accesses the OCI resources via Bastion Service through the private VPN or FastConnect to OCI.

AWS hosts the AWS EC2, RDS Oracle databases, and PowerBuilder Apps connecting to the database with AWS DirectConnect through OCI Fastconnect partner to OCI.

GCP hosts the .NET, Go-Lang and other open source applications connecting to the database with Google Interconnect through OCI Fastconnect partner to OCI.

The Disaster Recovery (DR) is implemented using Autonomous Data Guard to sync up the database in a different region where multiple cloud providers have data centers located in close proximity, such as OCI US-West (San Jose) and AWS US-West (N. California). For the DR implementation, you can host the AWS EC2, RDS Oracle databases, and PowerBuilder Apps on AWS and connect to the database with AWS DirectConnect through OCI FastConnect partner to OCI .

The following architecture topology diagram illustrates the multicloud architecture:

Description of the illustration oci-aws-gcp-split-stack.png

oci-aws-gcp-split-stack-oracle.zip

Cloud migration from AWS to OCI

The zero downtime migration is achieved using OCI GoldenGate bidirectional replication. OCI GoldenGate enables the active-active database setup, where there are two systems with identical sets of data that can be changed by application users on either system. OCI GoldenGate replicates transactional data changes from one database to the other to keep both sets of data current.

The following diagram illustrates the cloud migration from AWS to OCI.

Description of the illustration aws-oci-cloud-migration-arch.png

aws-oci-cloud-migration-arch-oracle.zip

The architecture has the following components:

• Oracle Autonomous Transaction Processing

  Oracle Autonomous Transaction Processing is a self-driving, self-securing, self-repairing database service that is optimized for transaction processing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.

• Oracle Cloud Infrastructure GoldenGate

  OCI GoldenGate is a fully managed, native cloud service that moves data in real-time, at scale. OCI GoldenGate processes data as it moves from one or more data management systems to target databases. OCI GoldenGate provides bidirectional and unidirectional data replication. An active-active replication is used for high availability and zero downtime migration.

• Bastion service

  Oracle Cloud Infrastructure Bastion provides restricted and time-limited secure access to resources that don't have public endpoints and that require strict resource access controls, such as bare metal and virtual machines, Oracle MySQL Database Service, Autonomous Transaction Processing (ATP), Oracle Container Engine for Kubernetes (OKE), and any other resource that allows Secure Shell Protocol (SSH) access. With Oracle Cloud Infrastructure Bastion service, you can enable access to private hosts without deploying and maintaining a jump host. In addition, you gain improved security posture with identity-based permissions and a centralized, audited, and time-bound SSH session. Oracle Cloud Infrastructure Bastion removes the need for a public IP for bastion access, eliminating the hassle and potential attack surface when providing remote access.

• FastConnect

  Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

• Object storage

  Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• Amazon Web Services (AWS) components

  AWS Cloud hosts the AWS EC2 and RDS Oracle databases along with PowerBuilder Apps with AWS Direct Connect. For more information, see the AWS documentation.

• Google Cloud Platform (GCP) components

  GCP hosts the .NET, Go-Lang and other open source applications connecting to the database with Google Interconnect. For more information, see the GCP documentation.

• Region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Availability domains

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

• Virtual cloud network (VCN) and subnets

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Security list

  For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

• Route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

• Cloud Guard

  You can use Oracle Cloud Guard to monitor and maintain the security of your resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.

• VCN

  Select CIDR blocks that don't overlap with any other network (in OCI or another cloud provider) to which you intend to set up private connections.

• Choice of interconnection location

  This architecture requires one or more geographic locations for its components: the OCI region and associated OCI FastConnect edge node, the AWS region and associated AWS Direct Connect edge node, and the GCP region and associated Google Interconnect edge node. To achieve the optimal end-to-end latency, we recommend that you select a metro that has each of these architectural elements in close proximity.

When implementing a split-stack deployment, consider these options.

• Performance
  Test and tune application queries in ATP-S to prevent any change in query plans due to the introduction of Exadata storage.

  • For the customer use case in this reference architecture, the performance of overall application queries improved by a factor of 5-20x.
  Network latency is key for performance. Check and measure the network latency as part of application performance testing.

  • Network latency between applications and database hosted in different cloud data centers must be less than 10 ms. To achieve the optimal end-to-end performance, we recommend that you select a metro that has the applications and database cloud data centers in close proximity.
  • For the customer use case in this reference architecture, network latency induced for the multicloud deployment was between 2-4 ms in OCI US-East.
• Cost

  The Auto Scaling of Oracle CPU (OCPU) in Oracle Autonomous Transaction Processing enables handling of peak workloads when required and also reduces license costs to a great extent as a result. The other factors of backup and automation within Oracle Autonomous Transaction Processing are helpful for DBAs to focus on actual issues.

• Security

  The multicloud interconnection shown in this architecture is based on a private connection, which is more secure than the public internet.

Review these additional resources to learn more about the features of this reference architecture.

• Best practices framework for Oracle Cloud Infrastructure
• Best practices for hybrid and multicloud OCI networking design
• Implement a multicloud PeopleSoft deployment on Oracle Cloud and Microsoft Azure
• Enable a split-stack architecture spanning Oracle Cloud and other providers using Equinix
• Enable a split-stack architecture spanning Oracle Cloud and other providers using Megaport
• Enable multicloud high availability and data protection across OCI and AWS with Colt

• Author: Vinit Menon
• Contributors: Raghavendra S, Wei Han