Back

OCI and AWS Cloud Case Studies

Pharma/Biotech Marketing Firm

Oracle Cloud Infrastructure (OCI) Environment Provisioning, Oracle Database and APEX Stack Configuration, Production Go-Live

The assignment, delivered on-time and on-budget in Q1 of 2021, was to construct a secure, scalable, production-ready Oracle APEX environment in the Oracle Cloud (OCI), install an existing APEX app and coordinate a go-live.

Unlike the existing POC environment, the new OCI environment, and the APEX stack, needed to be a robust, scalable, and secure environment, configured using best practices for internet facing web applications. Security was a particular concern given the nature of the data being processed.

The existing application (an APEX user interface with connections to various external systems) was running fine with one compute node for the web tier and a second compute node running the database. Public access was through a load balancing router, with both compute nodes on a public subnet. This architecture was functional, but it lacked fault tolerance and is vulnerable to attack (DDOS and others).

SkillBuilders replaced it with the following architecture:

OCI APEX Architecture

VM1 and VM2 are compute nodes on a private subnet running identical web tiers. This gives redundancy, not only for failure but more importantly so that reconfigurations can be done with zero downtime. VM3, also on the private subnet, is a compute node running the database. Calls to external systems from the application and the database go out through a NAT gateway (not shown in the graphic). The load balancing router is on a public subnet, configured to monitor the two web tier servers and spread requests across them. Also on the public subnet is another compute note, configured as an OpenVPN server. This provides access for developers and administrators to the nodes on the private subnet with ssh and SQL*Net. Within the virtual cloud network, all traffic is controlled with point-to-point routing, port filtering, and of course firewalls on each node. The final touch for security is the Web Application Firewall, which is where we deployed the web site’s digital certificate. The only downtime during the deployment was relocating the database to VM3. The source database was in fact a PDB, so we accomplished this with a network clone operation, complicated somewhat by the fact that the old environment was OCI “classic”.
This environment has now been running in production for several months with zero downtime.

Client: Ecosense Lighting (formerly Soraa)

Ecosense is an LED technology company. Recognized by the likes of Red Dot for innovation and design, as well as Inc. 500 and Deloitte Technology Fast 500 for consistently making their fastest growing companies lists, we serve a creative class of artists and designers and have been fortunate to light the most coveted spaces on earth.

Project: Design and Implement Secure Channels for Hybrid Database Connections in AWS for 24×7 Multi-State Communications

Starting point: SkillBuilders had previously designed and implemented an Oracle APEX stack on Amazon AWS for the company’s internet-facing APEX applications. The company also has critical information in Microsoft SQLServer Databases.

Now we were tasked with constructing secure communication channels for Oracle and SQLServer connections between the company’s headquarters and three remote locations.

 

Our team configured a VPN Tunnel between three of the customer’s remote facilities and the AWS subnet where SkillBuilders had previously deployed their Web Tier and DB machines in a private Virtual Private Cloud (VPC). The environment consisted of a Customer Gateway which describes the onsite router (in this case Cisco), its external ip, software & version, and their LAN subnet; this is then connected to an AWS Virtual Private Gateway which describes the AWS LAN, which are connected with a “Site-to-Site VPC Connection”.

 

These VPN Tunnels provide fully encrypted, 24×7, two-way traffic, including sqlnet & odbc connections between Oracle and Microsoft SQLServer Databases.