Architecture
Learn about Oracle Database@Azure control plane Architecture.
Infrastructure used in the Oracle multicloud Database Services is deployed within isolated, secure areas of the Azure data center in an availability zone within the region. The Oracle Database@Azure infrastructure located in the Azure data center is called the Child Site in the multicloud architecture. All the Oracle hardware is operated and managed by Oracle Cloud Infrastructure (OCI) personnel only.
For each supported region, the child site is connected to an OCI Parent Site containing the Oracle Database@Azure control plane, which is in an OCI regional data center in the same geographical area. For example, the child site in the Azure East US (Virginia) region is paired with the parent site in the OCI US East (Ashburn) region.
The child site is considered an extension of the OCI parent site, therefore having the same security, management, resiliency and performance profile of an OCI region. OCI parent sites are strategically placed within the same country and in close proximity to their corresponding child site, ensuring the data sovereignty, data residency, and low latency that users require. OCI control plane is engineered to provide robust management capabilities, prioritizing high availability, resiliency, and stringent security.
The OCI control plane is designed around High Availability (HA), Resiliency, and Security. The OCI control plane and Oracle's best in class Database services ensure a high performance and secure multicloud environment, giving you centralized control and operational confidence.
Architecture
The following diagram shows the Oracle Database@Azure multicloud control plane architecture.
High Availability (HA)
OCI control plane uses the following key elements to ensure high availability:
- Regional Distribution: OCI's global network of regions, with the advantage of fault-isolated availability domains (ADs), underpins Oracle multicloud's HA strategy. Control plane services are deployed across the ADs within a region, ensuring that a localized outage doesn't impact the entire control plane. For single AD regions, the control plane designed to be highly available in 3 fault domains (FD) constructs. For multicloud, this means the OCI control plane, which manages Oracle Database@Azure within the Azure region, is itself highly available within OCI.
- Active-Active Architectures: Critical control plane services leverage active-active configurations, distributing traffic and operations across redundant instances. This design eliminates the need for switchover in case of an instance failure.
- Statelessness and Scalability: Control plane components are designed to be stateless where possible, enabling easy scaling and efficient recovery from failures. Load balancers distribute requests across available instances, automatically removing unhealthy ones.
- Automated Remediation: OCI uses automated systems for health checks, monitoring, and self-healing. These systems detect anomalies and start corrective actions (for example, restarting failed processes and provisioning new instances) that are critical to continuous availability.
Resiliency
Resiliency in the OCI control plane for multicloud extends beyond simple failover to withstand various disruptions:
- Fault Isolation: Oracle Database@Azure architectural design emphasizes fault isolation, ensuring that a failure in one component or even an entire OCI Availability domain (AD) doesn't cascade and affect other parts of the control plane. This is crucial when managing resources in clouds, because the OCI control plane must remain operational despite any issues within the managed cloud environments.
- Data Durability and Backup: Critical control plane data, such as configuration states, audit logs, and metadata, is stored with high durability. Regular backups and disaster recovery procedures are in place to recover from catastrophic events.
- Rate Limiting and Throttling: To prevent abuse or disruptions caused by processes unexpectedly consuming resources, the OCI control plane implements rate limiting and throttling mechanisms. This ensures stability and protects against malicious attacks or misconfigured automation.
- Progressive Rollouts: The control plane's updates and new features are progressively rolled out. This minimizes the regression risks and ensures a quick rollback if issues are detected, preserving the control plane's stability and ability to manage the multicloud environment.
Security
Security is paramount for the OCI control plane as it acts as a central management point for multicloud resources. OCI uses the following design principles to ensure security:
- Least Privilege Access: The OCI Identity and Access Management (IAM) service is a key component of Oracle Database@Azure security, enforcing the principle of least privilege. Granular policies dictate who can access what resources and actions, and are ephemeral to ensure access is temporary.
- Network Segmentation and Isolation: The control plane leverages strong network segmentation, isolating critical services from public exposure and implementing stringent firewall rules. This limits the attack surface and prevents unauthorized access.
- Encryption at Rest and In Transit: All data, including sensitive control plane metadata and API traffic, is encrypted both at rest and in transit using industry-standard encryption protocols. This protects data confidentiality and integrity.
- Continuous Monitoring and Auditing: OCI uses comprehensive logging and monitoring solutions to track all control plane activities.
- Vulnerability Management and Patching: A rigorous vulnerability management program, including regular security assessments, penetration testing, and timely patching, is in place to address potential security weaknesses proactively.
- Secure API Gateways: All external interactions with the OCI control plane occur through secure API gateways, which enforce authentication, authorization, and provide protection against common web vulnerabilities.