Certified Oracle Cloud Infrastructure (OCI) Consultants
Let Certified OCI Architect John Watson and his team assist you with your OCI Build and Configuration. John has built numerous Oracle Database and APEX environments on OCI and supports as many. SkillBuilders can design, provision, mentor and if needed, support your OCI environment.
Pharma/Biotech Marketing Firm – OCI Environment Provisioning, Oracle Database and APEX Stack Configuration, Plan and Support Production Go-Live
The assignment, delivered on-time and on-budget in Q1 of 2021, was to construct a secure, scalable, production-ready Oracle APEX environment in the Oracle Cloud (OCI), install an existing APEX app and coordinate a go-live.
Unlike the existing POC environment, the new OCI environment, and the APEX stack, needed to be a robust, scalable, and secure environment, configured using best practices for internet facing web applications. Security was a particular concern given the nature of the data being processed.
The existing application (an APEX user interface with connections to various external systems) was running fine with one compute node for the web tier and a second compute node running the database. Public access was through a load balancing router, with both compute nodes on a public subnet. This architecture was functional, but it lacked fault tolerance and is vulnerable to attack (DDOS and others).
SkillBuilders replaced it with the following architecture:
VM1 and VM2 are compute nodes on a private subnet running identical web tiers. This gives redundancy, not only for failure but more importantly so that reconfigurations can be done with zero downtime. VM3, also on the private subnet, is a compute node running the database. Calls to external systems from the application and the database go out through a NAT gateway (not shown in the graphic). The load balancing router is on a public subnet, configured to monitor the two web tier servers and spread requests across them. Also on the public subnet is another compute note, configured as an OpenVPN server. This provides access for developers and administrators to the nodes on the private subnet with ssh and SQL*Net. Within the virtual cloud network, all traffic is controlled with point-to-point routing, port filtering, and of course firewalls on each node. The final touch for security is the Web Application Firewall, which is where we deployed the web site’s digital certificate. The only downtime during the deployment was relocating the database to VM3. The source database was in fact a PDB, so we accomplished this with a network clone operation, complicated somewhat by the fact that the old environment was OCI “classic”.
This environment has now been running in production for several months with zero downtime.