Connection Patterns for Hybrid Integrations
Use the connectivity agent in any of the following patterns to set up a connection between an application on your private (or on-premises) network and Oracle Integration.
Note:
You are responsible for configuring your own network routing rules. If you don't know how to configure these rules, contact your network team for assistance.You can set up a connection over the public internet or select to configure an exclusive connection using FastConnect, which provides a faster, more reliable networking experience compared to the internet. You'll use the connectivity agent to communicate with Oracle Integration irrespective of the connection pattern you select; employing FastConnect only ensures that the traffic between your private (on-premises) network and Oracle Integration doesn't go over the public internet and remains private.
Public Internet Pattern
Install the connectivity agent on your private (on-premises) network. The inbound and outbound traffic to Oracle Integration goes over the public internet. For the outbound traffic from Oracle Integration, the connectivity agent initiates a secure connection to Oracle Integration, retrieves the request, and then invokes the required API in the on-premises application.
When you employ the connectivity agent, you don't have to open firewalls to access applications on your private network. In addition, all messages between the private network and Oracle Integration are encrypted.
To install and configure the connectivity agent, see Manage the Agent Group and the On-Premises Connectivity Agent.
Description of the illustration connectivity_agent_internet.png
Oracle Cloud Infrastructure Only - Virtual Cloud Network Pattern
Install the connectivity agent in your Virtual Cloud Network (VCN) within Oracle Cloud Infrastructure, and configure a service gateway to route the traffic from the VCN to Oracle Integration.
Use this pattern if you have applications, such as Oracle E-Business Suite, running in a private subnet within Oracle Cloud Infrastructure. In this case, all traffic is routed locally and the public internet is not involved.
While not strictly required, it is highly recommended that all access from the VCN go through the service gateway. Service gateways primarily ensure that access to Oracle-hosted services is routed over the internal network. Users are not charged for service gateways. Service gateways only work within a region, and not across regions. For access across regions, traffic is still routed through a NAT gateway.
A service gateway is a common configuration for users that have implemented FastConnect or VPN/IPsec private peering to route traffic to Oracle Integration (ingress), including the connectivity agent in a private subnet.
For details on configuring a service gateway, see FastConnect and VPN with Oracle Integration Cloud (OIC).
FastConnect Public Peering Pattern
Install the connectivity agent on your private (on-premises) network, and set up an exclusive connection between your network and Oracle Integration using a FastConnect public peering link. The inbound and outbound traffic to Oracle Integration goes through the FastConnect link.
This connection pattern provides a faster and more reliable networking experience compared to the public internet pattern.
-
Subscribe to FastConnect with the public peering option. Currently, Oracle Integration directly supports only public peering with FastConnect. If you want to use the private peering option, you'll need to additionally use a VCN and a service gateway. See the FastConnect Private Peering Patterns.
For detailed information on requirements and best practices for setting up an Oracle Cloud Infrastructure FastConnect, see FastConnect.
-
Configure your private (on-premises) network to route traffic through FastConnect.
The FastConnect link contains the public IP addresses of Oracle Integration.
-
Finally, configure the connectivity agent to handle the outbound traffic from Oracle Integration to the on-premises application.
The connectivity agent also acts as a client to FastConnect and uses public peering.
Note:
With FastConnect public peering, you must deploy the connectivity agent in your private or on-premises data center.
Description of the illustration fastconnect_public_peering.png
FastConnect Private Peering Patterns
In addition to providing fast and reliable connectivity, the FastConnect private peering patterns provide additional security to prevent traffic analysis.
Note:
The private peering patterns also apply to Virtual Private Networks (VPN) and are identical except that the FastConnect private peering link is replaced with a VPN.Connectivity Agent Deployed in Private or On-Premises Network
Install the connectivity agent in your private (on-premises) network, and set up a private connection between your network and VCN using FastConnect private peering or VPN. In addition, configure a service gateway to route the traffic from the VCN to Oracle Integration.
To use FastConnect, you must first subscribe to FastConnect with the private peering option. See FastConnect. The FastConnect link contains the private IP addresses of the VCN.
If you want to use VPN, see VPN Connect.
To configure a service gateway, see FastConnect and VPN with Oracle Integration Cloud (OIC).
Connectivity Agent Deployed in a VCN
Install the connectivity agent in your VCN within Oracle Cloud Infrastructure, and set up a private connection between your network and the connectivity agent using FastConnect private peering or VPN. In addition, configure a service gateway to route the traffic from the VCN to Oracle Integration.
You can use this pattern if you have limited capacity or resource constraints on your data center.
For details on configuring a service gateway, see FastConnect and VPN with Oracle Integration Cloud (OIC).
Note:
The connectivity agent deployed in a VCN can also be used to access resources deployed in an Oracle Cloud Infrastructure VCN.