In this blog post, we shed light into the finer details of the service’s architecture and building blocks, including its deep integration into the Azure stack.
Since 2019, we have partnered with Microsoft to deliver the OCI-Azure Interconnect, which offers secure, private interconnections with sub-2 millisecond latency, in 11 global regions to date. This high-performance network foundation enables customers to build multicloud applications, with components straddling two clouds – OCI and Azure. However, the flexibliity to connect any resource in either cloud requires customers to configure and manage the connections between the cloud environments, DNS entries, and more, to run workloads across Azure and OCI.
The new ODSA service builds on the foundation of OCI-Azure Interconnect to simplify setup, management, and connectivity of application components in Azure to databases running in OCI. With ODSA, Azure teams can treat databases running on OCI like an Azure resource. In just a few clicks, users can connect their Azure subscriptions to their OCI tenancy. The service automatically configures everything required to link the two cloud environments and federates Azure active directory identities, making it seamless for Azure users to use the service. It provides an Azure like user interface and API experience for provisioning and managing Oracle database services on OCI. ODSA also sends metrics, logs, and events for the OCI databases you create using the service to Azure tooling for unified telemetry and monitoring in Azure environments. In addition, the service also simplifies customer support with a collaborative support model to offer a seamless issue resolution process that can be initiated with either Microsoft or Oracle.
Figure 1 – Oracle Database Service for Azure Home Page
Let’s take a deeper look into how we built this service, including its architecture.
Architecture
When you configure ODSA, the service deploys an Oracle Enterprise application in your Azure tenancy. This application enables you to provision Oracle databases for your Azure environment and manages connectivity to resources in your Azure tenancy. The service also creates custom roles in the application and custom groups in your tenant’s Azure Active Directory. You’ll assign roles or group membership to enable existing Azure users to use ODSA. With that in place, the service builds a mapping between one or more Azure subscriptions to your OCI tenancy.
As you can see from figure 2 below, ODSA builds a private tunnel between your Azure and OCI tenants. The service also configures DNS on both sides of the pipe to enable bi-directional communication between applications in your Azure tenant and database resources in OCI.
Figure 2 – Oracle Database Service for Azure Architecture
Oracle Cloud Infrastructure Integration
At launch, the service supports creation and management of the following Oracle Cloud Database Service offerings: Autonomous Database, Exadata Database, and Base Database. We aim to add support for other Oracle Cloud Database Service offerings such as MySQL Heatwave, in due course.
For each database product, ODSA supports the common administration and application access capabilities:
◉ Create, read, update, delete, list (CRUDL)
◉ Clone database
◉ Database backup (automatic and manual)
◉ Database restore (restore to existing database for now)
◉ Generate Azure connection string
◉ Display database metrics
ODSA allows only authorized users to manage database resources created in ODSA. These database resources you create using ODSA, reside in OCI alongside any other resources you may have deployed in OCI. As mentioned previously, ODSA federates Azure active directory identities, so users log into ODSA using their Azure credentials. The identity federation is at a custom group level, ensuring only a subset of identities you desire are federated over to OCI. Recognizing that Azure administrators may want to control what authorized users can do in each environment (ODSA Portal and OCI Console), ODSA creates a robust set of custom roles for fine grained access in your Azure Active Directory. Administrators can set up access control down to the type of database product (Autonomous Database, Exadata Database etc.) giving customers maximum flexibility over how their environments work. ODSA also created a Read-Only role for organizations that require audit access to the Oracle environment.
Azure tools integration
For each database provisioned using ODSA, the service delivers OCI database metrics, events, and logs to tools such as Azure Application Insights, Azure Event Grid, and Azure Log Analytics. This enables Azure users to view OCI databases alongside the rest of your Azure data, for unified telemetry and monitoring. Additionally, ODSA also creates a custom dashboard that provides Azure developers with all the details they need about the Oracle database such as resource details, and connection strings for their applications.
Figure 3 – Azure Custom Dashboard for Oracle Database
The custom dashboard also displays graphs for each of the standard Oracle database metrics for the resource, giving developers and administrators a quick view of all metrics in one place.
Figure 4 – Azure Custom Dashboard Metrics for Oracle Database
Source: oracle.com
0 comments:
Post a Comment