When you need to integrate a service or application running on a private network (e.g., Amazon Web Services VPC, Azure VNET, Google Cloud VPC) or an on-premises private network with a SaaS or on-premises enterprise application, you can use Oracle Integration Cloud Services (OIC) and Connect** to establish a private endpoint connection. This architecture provides the required connectivity between a multi-cloud private network and Oracle's cloud services or applications without the need to go over the public internet as part of their outbound integration from Oracle Integration Cloud Services. This reference architecture shows how to connect from OSN's Oracle Autonomous Transaction Processing Database-Shared Database (ATP-S) to a service or application running on a virtual private cloud (VPC) running on an AWS private network through Oracle Integration Cloud without the need for traffic routing over the public internet. This scenario uses an OIC connection** to communicate with an AWS private service or application. The OIC connection** is installed on the Oracle Cloud Infrastructure compute instance and is located on a private subnet of the VCN. **Communicates with the OIC integration through a service gateway on one side, and with a service or application running on an AWS private network through a Dynamic Routing Gateway (DRG) and FastConnect private peering or VPN on the other side. The following diagram illustrates this reference architecture. 
This schema consists of the following components:GeographyAn Oracle Cloud Infrastructure geography is a local geographic region that contains one or more data centers, known as an availability domain. Regions are independent of each other, and they may be far apart from each other (across countries or even continents).
PartitioningA partition is a cross-region logical partition within an Oracle Cloud Infrastructure tenant. Use partitions to organize your resources in Oracle Cloud, control access to resources, and set usage quotas. To control access to resources in a given partition, you need to define policies that specify who can access those resources and what they can do.
Availability domainsAn availability domain is an independent, autonomous data center within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don't share infrastructure, such as power or cooling systems, or internal availability domain networks. As a result, the failure of one availability domain is unlikely to affect other availability domains in that region.
Virtual Cloud Networks (VCNs) and SubnetsA VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks, and you can change them after you have created the VCN. You can divide a VCN into subnets, which can cover a region or an availability domain. Each subnet includes a series of addresses that do not overlap with other subnets in the VCN. You can change the size of the subnet after it is created. Subnets can be public or private.
Safe listsFor each subnet, you can create security rules that specify the traffic, destination, and type of traffic that must be allowed in and out of the subnet.
Services GatewayThe Services Gateway provides access from the VCN to other services, such as Oracle Cloud Infrastructure Object Storage. Traffic from the VCN to the Oracle service travels through the Oracle network infrastructure and does not traverse the Internet.
fastconnectOracle Cloud Infrastructure FastConnect provides an easy way to create a private, private connection between your data center and Oracle Cloud Infrastructure. Compared to internet-based connections, FastConnect offers higher bandwidth options and a more reliable network experience.
Private peering connectionsExtend existing infrastructure by using private IP addresses.
vpnConnectionsOracle Cloud Infrastructure VPN Connect is an IPsec VPN that enables you to create an encrypted connection between Oracle Cloud and your private IT infrastructure over the public internet.
Dynamic Routing Gateway (DRG).A virtual router added to a VCN provides a path for private network traffic between your VCN and other cloud VPCs or on-premises networks.
Autonomous DatabaseOracle Cloud Infrastructure Autonomous Database is a fully managed, preconfigured database environment that you can use for transaction processing and data warehousing workloads. You don't need to configure or manage any hardware, and you don't need to install any software. Oracle Cloud Infrastructure is responsible for creating databases, as well as backing up, patching, upgrading, and tuning databases.
Autonomous transaction processingOracle Autonomous Transaction Processing is a self-driving, self-protecting, self-healing database service optimized for transaction processing workloads. You don't need to configure or manage any hardware, and you don't need to install any software. Oracle Cloud Infrastructure is responsible for creating databases, as well as backing up, patching, upgrading, and tuning databases.
Oracle Integration Cloud (OIC).With Oracle Integration Cloud, you can integrate cloud and on-premises applications, automate business processes, gain insight into your business processes, develop visual applications, use SFTP-compliant file servers to store and retrieve files, and exchange business documents with B2B trading partners—all in one place.
oCI connectionConnectionsWith Connectivity**, you can create hybrid integrations and exchange messages between applications in your private or on-premises network and Oracle Integration Cloud.
BackboneA private, secure network for interconnecting Oracle IaaS and PaaS services with Oracle SaaS running in the same or any other OCI region.
Customer Field Equipment (CPE).An object that represents a network asset that is located in a local network and has a VPN connection. Most perimeter firewalls act as CPEs, but individual devices, such as appliances or servers, can also be CPEs.
awsVirtual Private Cloud(Amazon Web Services.)vpcAllows you to launch AWS resources into a virtual network that you define. This virtual network is very similar to a traditional network that you operate in your own data center, while having the benefits of using AWS's scalable infrastructure.
The following recommendations can be used as a starting point when establishing a multi-cloud private network connection through Oracle Integration Cloud. Your needs may differ from the architecture described here. vcnWhen you create a VCN, determine the number of CIDR blocks and the size of each block based on the number of resources you plan to connect to the VCN subnet. Use.
CIDR blocks within a standard private IP address space. Select a CIDR block that does not overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) so that you can set up a private connection.
Once the VCN is created, you can change, add, and remove its CIDR blocks.
When designing your subnets, consider your traffic flow and security needs. Connect all resources within a specific layer or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
Restrict access to OIC instancesRestrict network access to your Oracle Integration instance by configuring an allowlist (formerly known as a whitelist). Only users from specific IP addresses, classless inter-domain routing (CIDR) blocks, and virtual cloud networks can access Oracle Integration Instances.
ConnectivityWhen you deploy resources to Oracle Cloud Infrastructure, you may start small with a single connection to your on-premises network. This single connection can be achieved via FastConnect or IPsec VPN. To plan for redundancy, consider the redundancy of all components (hardware devices, facilities, circuitry, and power) between your on-premises network and Oracle Cloud Infrastructure. Diversity should also be taken into account to ensure that facilities are not shared between paths.
Use connections in a high-availability environment**You can use connectivity in an Oracle integrated high-availability environment**. You'll need to install two separate connections** on different hosts. These connections can be scaled out, bringing all the benefits to running multiple for a group. This will increase performance and extend the benefits of failover.
When deploying this reference architecture, consider the following points. ScalabilityWhen you create a cloud integration instance, the administrator specifies the number of message packs that each instance plans to use.
Resource constraintsConsider the best practices, service limits, and departmental quotas that apply to your tenant.
SecurityUse OCI identity and access management (IAM) policies to control who can access your cloud resources and what actions can be performed. To protect database passwords or any other secrets, consider using an OCI vault service.
Performance vs. costOCI offers computational shapes that meet the needs of a wide range of applications and use cases. Carefully select the shape of the compute instance. Choose a shape that provides the best performance for your load at the lowest cost. If you need more performance, memory, or network bandwidth, you can switch to a larger form factor.
AvailabilityDepending on your deployment requirements and region, consider using a high-availability option. Options include distributing resources across multiple availability domains in a region and fault domains within an availability domain.
Fault domains provide optimal resiliency for workloads deployed within a single availability domain. For high availability at the application layer, application servers are deployed in different fault domains and client traffic is distributed using load balancers.
Monitoring & AlertingSet up monitoring and alerting for CPU and memory usage for nodes to scale up or down as needed.
You can deploy this reference architecture on Oracle Cloud Infrastructure by following these steps: Log in to the Oracle Cloud Infrastructure console with your Oracle Cloud credentials.
Set up the required network infrastructure as shown in the architecture diagram; This includes these components: VCNs, Subnets, DRGs, Security Lists, Route Tables, Services Gateways, FastConnect VPN, and CPE.
Configure OIC and Oracle Autonomous Transaction Processing - Shared Instance.
After the OIC instance is configured, install the OIC connection.
Go to the OIC console and create a **group.
Follow the instructions and run the Connect installer.
Go to the Oracle Cloud Infrastructure console and select a compute shape with at least 8GB of RAM to install the connection**. For more details, please refer to the link in the "Learn More" topic.
If necessary, restrict network access to your OIC instance by configuring an allowlist (formerly a whitelist).
As an Oracle Premier Partner, Agilewing is redefining the way enterprises experience Oracle Cloud Services. With its streamlined account opening process and best-in-class technical support, Agilewing transforms the complex process of account opening and operation into an easy, intuitive experience. With our one-stop shop, you can quickly get up and running with the full range of Oracle Cloud services, so you can seamlessly integrate into the cloud. Agilewing's AgileCDN service, combined with OCI's cloud-based services, provides a best-in-class global content acceleration solution. A strong network of more than 2,800 global POP nodes and 7,000 direct connection points ensures efficient and stable operation no matter where your business expands to the world. Leveraging the advanced technology of Oracle Cloud, Agilewing is committed to simplifying the process of cloud service building, cloud migration, and business going global. "Our partnership model provides customers with cost-effective solutions that allow them to focus more on their core business while enjoying the high performance and security of Oracle Cloud." Oracle Cloud Service, as a promising field, opens the door to new opportunities for enterprises with its high performance, security, and globally consistent service standards. Through Agilewing's professional services, both individual users and enterprises can easily enter this new era full of technological innovation and high performance. Let Agilewing start exploring Oracle Cloud Services and open the door to a whole new world today.