A service gateway enables resources within your VCN to privately access particular Oracle services without exposing the data to the public internet. The resources in the VCN can reside in a private subnet and only use private IP addresses. The traffic from the VCN to the desired Oracle service travels over Oracle’s internal network and never goes over the public internet.
The following simple diagram shows a VCN with both a public subnet and a private subnet.
This VCN has three gateways:
- An internet gateway: To give the public subnet direct access to public endpoints on the internet. Connections can originate from the subnet or the internet. Resources in the public subnet need public IP addresses.
- A service gateway enables the private subnet to securely access supported Oracle services within the region, with connections originating only from the subnet.
- A NAT gateway: To give the private subnet private access to public internet endpoints. Connections can only start from the subnet.
You have the ability to manage routing within your VCN at the subnet level, allowing you to designate which subnets utilize each gateway. As illustrated in the diagram, non-local traffic from the route table of the public subnet (Callout 1) is directed through the internet gateway.
Similarly, the route table for the private subnet (Callout 2) directs traffic intended for Oracle services through the service gateway, while routing all other traffic to the NAT gateway.
What is Cloud Networking?
Cloud networking, also known as virtual cloud networking (VCN), is the modern development of a company’s network. Traditionally, the company network connects databases, computers, devices, and more into one central hub for transferring information and data. In this model, hardware inside a data center stores everything, with all management, resources, and services monitored and maintained by on-site IT staff.
With cloud networking, the same ideas are applied but moved into the cloud. Services, features, management, and other logistics are located in the cloud, either in a private cloud network or with a third-party public cloud provider.
This provides several advantages only possible through virtual cloud networking:
- Easier and faster ability to scale
- More robust security
- More options to maintain availability
- Integration of cloud-based capabilities
Cloud networking clearly leads enterprises into the future for their data. Sometimes, a hybrid solution offers the best of both worlds by keeping some data on-site based on specific needs while utilizing virtual cloud networking’s many benefits.
Fundamentals of Cloud Networking
To grasp cloud networking, we must examine the various network configurations underneath. Traditionally, IT departments isolated servers in silos for specific data and management. This evolved into virtualization, allowing multiple operating systems and applications to exist in partitions on the same physical server, with resources scaling between partitions as needed.
In a cloud network, these elements move to the cloud, powered by servers that scale resources without a single virtual machine’s limits.
Thus, cloud networking represents the most advanced, efficient enterprise approach, even excluding its improved security and management. For IT departments, reaching this goal requires evaluating their current setup, plans, and capabilities.
Some critical factors include:
- Scalable Cloud Networks: Scalability must be addressed throughout as shifting resources and collaboration/testing generate demand. A cloud network strategy needs planned scalability for smooth budgeting and operation.
- Reliable VCN: With internal and external connections, decisions on a cloud network’s configuration should consider overall reliability, including failover and automation for proactive/reactive repair.
- Other Cloud Connections: Will the cloud network be the sole resource or part of a hybrid setup with some local data storage? Whatever works best, this decision must be considered, including gradual migration plans to full cloud.
The paraphrased text follows the original’s structure and meaning while using my own words.
What are the benefits of Cloud Networking?
The business world is transitioning to cloud networking to access more powerful resources and connectivity. What is driving this change? In most cases, the ongoing progress of technology has made virtual cloud networking simply the smarter option: more secure, easier to use, more robust, and ultimately more efficient for both resources and costs.
Additionally, it provides access to further capabilities typically not available with traditional networking. Cloud networking offers several advantages such as:
- Cloud security: With cloud networking, security can be managed and automated at a scale not possible on a conventional enterprise network. Configuration updates, deployment, and automated monitoring are all feasible by putting the network in the cloud. And by leveraging major cloud providers, security is delivered by organizations dedicated to data protection rather than an IT staff balancing security, availability, and logistics.
- Cloud management: In a cloud setting, management becomes both simpler and more robust. Cloud management allows configuring, patching, and updating with anywhere, anytime access. Advanced features like flexible IP assignments enable additional capabilities only viable through cloud network administration.
- Flexible cloud: Because virtual cloud networking generates a unified and synchronized enterprise, network managers gain flexibility over both broad initiatives and finer details. Issues like permissions, visibility, collaborative access, and the ability to expand existing networks become part of a simplified management experience, providing ease of use for both the IT staff and end users.
- Scalable cloud: Virtual cloud networking offers scalability in a way that is simply not possible locally. With a cloud network, resources can easily be activated or disabled based on current resource demands.
- Total cost of ownership: On-demand provisioning is a built-in feature of virtual cloud networking, leading to a decrease in the overall cost of ownership. Hardware acquisition, configuration, and maintenance is minimized because a pay-as-you-use model no longer requires excess capacity for resource spikes. Instead, IT budgets can be planned and used on an as-needed basis, including planning for variables like critical stages during development (testing, troubleshooting, etc.) and scaling end-user applications as revenue-generating processes require.
Cloud networking services provide various benefits for enterprises. A virtual cloud network can extend existing on-premises networks by enabling encrypted communication and consolidated resource access through a virtual private network (VPN). This allows enterprises to leverage their current infrastructure while gaining the advantages of the cloud.
Additionally, cloud networks have the capabilities to automate network security at scale. This includes automating tasks like patching, policy enforcement, and utilizing AI/ML to predict and preemptively resolve issues before they escalate. The agility of cloud networks enables robust security automation not feasible with on-premises networks.
Examples of cloud networking services applications
Cloud networks can also implement hub-and-spoke topologies to efficiently inspect traffic, manage resources, and isolate customers. This allows tailored management and compliance for different users’ needs.
Furthermore, the flexibility of cloud networks allows easy adaptation as requirements change across the development lifecycle. Different stages like development, testing, deployment, and maintenance can be segregated into distinct environments with appropriate resource levels. This agility ensures optimal support as needs shift during the application lifecycle.
In summary, cloud networking provides key benefits like extending on-premises infrastructure, enabling security automation, efficiently managing resources, and flexibility across application development stages. Cloud networking expands enterprises’ capabilities while leveraging existing systems.
What does VCN stand for in OCI?
A Virtual Cloud Network (VCN) in OCI is the fundamental building block that allows OCI services to be accessible over the internet or private networks.
A VCN is a software-defined version of a traditional physical network, including subnets, route tables, and gateways. A VCN resides within a single region but can span multiple availability domains.
Subnets:
A subnet is a smaller network carved out of a larger VCN. A subnet can be availability domain specific or regional. Multiple subnets can exist in an availability domain.
There are two subnet types:
– Public subnet: Public-facing resources like compute instances and load balancers reside here.
– Private subnet: Highly secured resources like databases reside here.
Route Tables:
VCNs utilize virtual route tables to guide traffic outside of the VCN, such as to the internet, on-premises networks, or peered VCNs. Route rules determine how traffic from a subnet is directed through gateways to reach other networks.
Security Lists:
A security list is a set of firewall rules applied to all compute instances in a subnet. Rules specify allowed incoming (ingress) and outgoing (egress) traffic. Rules are established on the subnet level, rather than the instance level.
Network Security Groups:
NSGs provide a virtual firewall for cloud resources with the same security needs. NSGs are another way to implement security rules.
Gateways:
VCNs have 5 gateway types:
1. Internet Gateway (IG): Provides external connectivity to/from the internet.
2. NAT Gateway: Allows private resources to access the internet while preventing incoming internet traffic.
3. Service Gateway: Allows access to public OCI services without an IG or NAT.
4. Dynamic Routing Gateway (DRG): Provides a hub for connecting across regions or to on-premises networks.
5. Local Peering Gateway (LPG): Enables VCNs to communicate within a region.
Load Balancers:
Distribute incoming traffic to multiple backend servers. Improve resource utilization, scaling, and high availability. Can be public or private.
On-Premises Connectivity:
DRGs connect VCNs to on-premises data centers via VPN or direct physical connections.
VCN Peering:
Enables VCNs to communicate as if they are in the same network. Can be local (within region) or remote (across regions).
Transit Routing:
Access resources in multiple VCNs across regions using a single hub VCN. Local VCNs connect to the hub VCN.
Azure and OCI Interconnect:
Allows enterprises to run workloads across both clouds. Uses express route and fast connect.
Read Also: What Is The Benefit Of Implementing A Transformation Cloud That Is Based On Open Infrastructure?
Case Study: Networking in EBS R12 on OCI
This case study explores deploying Oracle EBS R12 on OCI in a single region using typical three-tier architecture.
The first tier is the client tier, with EBS client installed on desktops or laptops.
The second tier is the application tier, where EBS R12 compute instances are deployed as application servers.
The third tier is the database tier, which could be a VM database, bare metal database, Exadata, or database on compute.
The network components used are:
- A Virtual Cloud Network (VCN) hosting the application and database tiers.
- Inside the VCN there are three subnets – one public subnet for the bastion host and two private subnets, one for the application tier and one for the database tier.
- An Internet Gateway enables internet connectivity from the public subnet.
- A Service Gateway provides access to OCI object storage and other services.
- A Dynamic Routing Gateway enables private connectivity from an on-premises data center to the EBS application.
To deploy Oracle EBS R12 on OCI, these network resources need to be created:
- A VCN to host the database and application tiers. An existing VCN can be used or a new one created.
- Subnets inside the VCN – one for the bastion server, one for the application tier compute instances, one for the database tier, and one for primary and secondary load balancers.
- An Internet Gateway for internet connectivity.
- Route tables targeting the Internet Gateway – one each for compute instances, database, and load balancer.
- Security lists acting as firewalls – one each for compute instances, database, and load balancer.
Conclusion
In Oracle Cloud Infrastructure (OCI), a route table consists of regulations that control the routing of network packets out of a subnet. Each rule specifies a destination and the next hop, with the destination usually being a CIDR block and the next hop typically being a Network Address Translation (NAT) gateway, Internet gateway, or another network component capable of forwarding traffic.
I’m Krishanth Sam, and I have 2 years of experience in digital marketing. Here, I’m sharing about Artificial Intelligence. You are get some of information about this interesting field here. Also, I will helps you to learn the Artificial Intelligence, deep learning, and machine learning.