Technology Implementation
The technology implementation pillar focuses on transforming your governance and security model into a cloud environment that is deployed to meet to your organization's needs.
You technically implement your organization's goals by deploying a landing zone. A landing zone is a cloud environment that is built from an automated template. The landing zone serves as the foundation for your cloud deployment.
How Do I Decide Which Landing Zone to Use?
Oracle Cloud Infrastructure (OCI) provides multiple landing zone implementations that you can choose from.
- Oracle Enterprise Landing Zone (OELZ) v1: Comprehensive version of the landing zone. This reference architecture provides an enterprise-scale architecture and deployment that includes designs for governance, security segmentation, and separation of duties. Deploy multiple workloads with separate networks for isolation and access, add private connectivity to your environment from on-premises locations by using OCI Fast Connect or Site-to-Site VPN, and optionally federate with Microsoft Active Directory.
- Oracle Enterprise Landing Zone (OELZ) v2: New version of the landing zone. This reference architecture helps you achieve greater agility, scalability, and security in your cloud environments. One of the key features of OELZ v2 is its modular architecture, which lets you scale your cloud infrastructure quickly and easily. The architecture also includes best practices for security and compliance, helping you maintain a high level of security and meet regulatory requirements.
- Oracle Enterprise Landing Zone (OELZ) v1 - Lite: Quickstart version of the landing zone. This reference architecture provides a basic template for deployment that lets you specify preconfigured security settings for audit logs and protocols for the OCI Bastion service.
- Oracle Cloud Native Secure Cloud Computing Architecture (SCCA) Landing Zone: The Oracle Cloud Native SCCA Landing Zone deploys a secure architecture that supports Defense Information Systems Agency (DISA) SCCA requirements. This reference architecture provides baseline configurations, rules, and the terraform templates that meet DISA Impact Level 2, 4, and 5 accreditation requirements.
- Self-Service Landing Zone: Reference architecture that provides a Terraform-based landing zone template meeting security guidance prescribed in Deploy a secure landing zone that meets the CIS Foundations Benchmark for Oracle Cloud.
Adding the Workload Expansion Module to Your Landing Zone
Once you have implemented your landing zone, you can add the Workload Expansion Module to provision a 3-tier application.
The Workload Expansion Module will deploy the following resources:
- Compartment
- Network (Spoke)
- Logging
- Monitoring
- Policies and workload group
- 1 VCN and 3 subnets (Web, App, and DB)
Under this module, you can have a separate admin that manages only the resources for this workload, and not the ones in other compartments. The separation of this workload module makes it easy to monitor, manage resources, and control access and connectivity within the compartment, in addition to making it a more secure zone.
Use Cases:
- Deploy an empty workload in your landing zone.
- Deploy a 3-tier application in a separate compartment within any environment of your landing zone.
For information about how to deploy the workload expansion, see Oracle Enterprise Landing Zone (OELZ) v2 Workload Expansion Implementation.
Deploying in OCI Using Expert Guidance from Oracle Architecture Center
After you create the landing zone, you can migrate existing on-premises data center solutions or create new cloud native solutions that address your business goals. This process can be a challenging task. The Oracle Architecture Center simplifies complex implementations by providing vetted design patterns, reference architectures, solution playbooks, and deployment code.
Design, develop, and implement your cloud, hybrid, and on-premises workloads with guidance from Oracle architects, developers, and other experts versed in Oracle technologies and solutions.
Designing for Extreme Reliability, High Availability, and Disaster Recovery
When you design your technology implementation, consider adding high availability (HA) to your systems to ensure that they have the maximum potential for uptime and accessibility. Also consider using a well-architected disaster recovery (DR) plan to recover quickly from disasters and continue to provide services to your users. Use the following principles for high availability and disaster recovery to design a cloud architecture for extreme reliability: