initial version
This commit is contained in:
149
kb/patterns/application-patterns.yaml
Normal file
149
kb/patterns/application-patterns.yaml
Normal file
@@ -0,0 +1,149 @@
|
||||
# Application Patterns Library
|
||||
# Proven application-level architecture patterns for common workload types
|
||||
# Referenced during DESIGN/Future to select the right application architecture
|
||||
|
||||
patterns:
|
||||
|
||||
# --- Web Application Patterns ---
|
||||
- id: app_web_traditional
|
||||
name: "Traditional Web Application (3-Tier)"
|
||||
description: "Classic presentation → application → database architecture on OCI"
|
||||
applicable_when:
|
||||
- "Java/J2EE, .NET, PHP, or Python web application"
|
||||
- "WebLogic, Tomcat, or similar app server"
|
||||
- "Stateful sessions or shared filesystem dependencies"
|
||||
oci_architecture:
|
||||
presentation_tier: "Load Balancer (public) → WAF"
|
||||
application_tier: "Compute instances (VM.Standard.E4.Flex) in Instance Pool with auto-scaling"
|
||||
database_tier: "ADB-S or DBCS depending on feature requirements"
|
||||
networking: "Public subnet (LB) → Private subnet (app) → Private subnet (DB)"
|
||||
technology_patterns: [compute_scaling, database_ha_adb_s, networking_basic, security_baseline]
|
||||
considerations:
|
||||
- "WebLogic clustering needs shared storage (FSS) or session replication"
|
||||
- "Consider OKE if team has container skills and wants to modernize"
|
||||
|
||||
- id: app_web_cloud_native
|
||||
name: "Cloud-Native Web Application"
|
||||
description: "Containerized microservices on OKE with managed services"
|
||||
applicable_when:
|
||||
- "New application or major refactoring opportunity"
|
||||
- "Team has Kubernetes experience"
|
||||
- "Need rapid scaling and deployment"
|
||||
oci_architecture:
|
||||
presentation_tier: "Load Balancer → API Gateway"
|
||||
application_tier: "OKE (managed K8s) with HPA auto-scaling"
|
||||
database_tier: "ADB-S (OLTP) + autonomous JSON for microservice data"
|
||||
messaging: "OCI Streaming (Kafka-compatible) for event-driven"
|
||||
technology_patterns: [compute_scaling, database_ha_adb_s, networking_hub_spoke]
|
||||
|
||||
# --- Batch Processing Patterns ---
|
||||
- id: app_batch_processing
|
||||
name: "Batch / ETL Processing"
|
||||
description: "Scheduled data processing, reporting, or ETL workloads"
|
||||
applicable_when:
|
||||
- "Nightly batch jobs, report generation, data warehousing"
|
||||
- "Variable compute needs (high during batch windows)"
|
||||
oci_architecture:
|
||||
compute: "Preemptible instances or Functions for cost optimization"
|
||||
orchestration: "Resource Scheduler or cron-based"
|
||||
database: "ADB-S with auto-scaling (scale up during batch, scale down after)"
|
||||
storage: "Object Storage for staging data"
|
||||
technology_patterns: [database_ha_adb_s, compute_scaling]
|
||||
considerations:
|
||||
- "ADB-S auto-scaling takes 2-3 min to activate — pre-scale for predictable batch windows"
|
||||
|
||||
# --- Analytics Patterns ---
|
||||
- id: app_analytics_lakehouse
|
||||
name: "Analytics / Lakehouse"
|
||||
description: "Data warehouse and analytics platform on OCI"
|
||||
applicable_when:
|
||||
- "Business intelligence, reporting, or advanced analytics"
|
||||
- "Data from multiple sources needs consolidation"
|
||||
- "Self-service analytics for business users"
|
||||
oci_architecture:
|
||||
ingestion: "GoldenGate or OCI Data Integration for CDC"
|
||||
storage: "Object Storage (data lake) + ADB-DW (warehouse)"
|
||||
analytics: "Oracle Analytics Cloud (OAC)"
|
||||
governance: "Data Catalog for metadata management"
|
||||
technology_patterns: [database_ha_adb_s]
|
||||
|
||||
# --- Hybrid Patterns ---
|
||||
- id: app_hybrid_cloud
|
||||
name: "Hybrid Cloud (On-Prem + OCI)"
|
||||
description: "Application split across on-prem and OCI with connectivity"
|
||||
applicable_when:
|
||||
- "Cannot migrate everything at once"
|
||||
- "Some workloads must stay on-prem (data gravity, regulation)"
|
||||
- "Want to extend capacity to cloud"
|
||||
oci_architecture:
|
||||
connectivity: "FastConnect (primary) + IPSec VPN (backup)"
|
||||
networking: "Hub-spoke VCN with DRG"
|
||||
data_sync: "GoldenGate for bidirectional replication"
|
||||
dns: "OCI DNS with split-horizon"
|
||||
technology_patterns: [networking_hub_spoke, database_ha_adb_s]
|
||||
considerations:
|
||||
- "Latency between on-prem and OCI affects application performance"
|
||||
- "FastConnect provisioning takes 2-4 weeks"
|
||||
- "Consider data gravity — move compute to where data lives"
|
||||
|
||||
# --- Migration Patterns ---
|
||||
- id: app_lift_and_shift
|
||||
name: "Lift and Shift Migration"
|
||||
description: "Move existing workloads to OCI with minimal changes"
|
||||
applicable_when:
|
||||
- "Timeline pressure (hardware EOL, contract expiry)"
|
||||
- "Application is stable and not being modernized"
|
||||
- "Want to get to cloud quickly, optimize later"
|
||||
oci_architecture:
|
||||
compute: "VM shapes matching current specs (use sizing ratios from kb/sizing/)"
|
||||
database: "DBCS if feature compatibility requires, ADB-S if possible"
|
||||
storage: "Block Volume (replacing SAN), FSS (replacing NFS)"
|
||||
technology_patterns: [networking_basic, security_baseline]
|
||||
considerations:
|
||||
- "May not realize full cloud benefits initially"
|
||||
- "Plan a Phase 2 optimization after stabilization"
|
||||
|
||||
- id: app_replatform
|
||||
name: "Re-Platform (Lift, Tinker, Shift)"
|
||||
description: "Migrate with targeted changes to leverage managed services"
|
||||
applicable_when:
|
||||
- "Want cloud benefits without full re-architecture"
|
||||
- "Can accept minor application changes"
|
||||
- "Database can move to managed service (ADB-S, MySQL HeatWave)"
|
||||
oci_architecture:
|
||||
compute: "OKE or Compute with auto-scaling"
|
||||
database: "ADB-S (autonomous) vs DBCS (managed)"
|
||||
storage: "Object Storage replacing file-based integrations"
|
||||
technology_patterns: [database_ha_adb_s, compute_scaling]
|
||||
considerations:
|
||||
- "Test application compatibility with ADB-S restrictions early"
|
||||
- "Connection string changes may require app config updates"
|
||||
|
||||
# --- Disaster Recovery Patterns ---
|
||||
- id: app_dr_active_passive
|
||||
name: "Active-Passive DR"
|
||||
description: "Primary region active, standby region for failover"
|
||||
applicable_when:
|
||||
- "RTO 1-4 hours, RPO < 1 hour"
|
||||
- "Cost-conscious — don't want to run full duplicate"
|
||||
oci_architecture:
|
||||
primary: "Full deployment in primary region"
|
||||
standby: "Dormant compute (scaled down) + DB replica (Data Guard)"
|
||||
failover: "DNS switchover + compute scale-up"
|
||||
technology_patterns: [database_dr_cross_region, networking_hub_spoke]
|
||||
|
||||
- id: app_dr_active_active
|
||||
name: "Active-Active Multi-Region"
|
||||
description: "Both regions serve traffic, mutual failover"
|
||||
applicable_when:
|
||||
- "RTO < 15 min, RPO ~ 0"
|
||||
- "Geo-distributed users"
|
||||
- "Budget supports dual infrastructure"
|
||||
oci_architecture:
|
||||
both_regions: "Full deployment with load balancing"
|
||||
database: "ADB-S with Autonomous Data Guard (bidirectional)"
|
||||
traffic: "OCI Traffic Management for geo-steering"
|
||||
technology_patterns: [database_dr_cross_region, database_ha_adb_s]
|
||||
considerations:
|
||||
- "Application must handle eventual consistency for cross-region writes"
|
||||
- "Significantly higher cost (nearly 2x)"
|
||||
107
kb/patterns/architecture-principles.yaml
Normal file
107
kb/patterns/architecture-principles.yaml
Normal file
@@ -0,0 +1,107 @@
|
||||
---
|
||||
last_verified: 2026-03-16
|
||||
pattern:
|
||||
id: architecture-principles
|
||||
name: "Architecture Principles (ECAL)"
|
||||
category: governance
|
||||
---
|
||||
|
||||
description: >
|
||||
Formalized decision-making principles aligned with Oracle's ECAL framework.
|
||||
The skill selects applicable principles based on the workload profile and
|
||||
presents them in the proposal as the governance framework for the architecture.
|
||||
|
||||
principles:
|
||||
|
||||
design:
|
||||
- id: "D-01"
|
||||
name: "Operational Simplicity"
|
||||
principle: "Keep architecture simple. If still complex, simplify again."
|
||||
rationale: "Complex solutions tend to be inflexible, non-agile, and operationally fragile."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "D-02"
|
||||
name: "Application First (SaaS > PaaS > IaaS)"
|
||||
principle: "Always consider application services first, platform services second, infrastructure services as last resort."
|
||||
rationale: "Higher-level services reduce operational burden and accelerate delivery."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "D-03"
|
||||
name: "Use-Case Fit"
|
||||
principle: "Map workloads into applicable use-cases. Architectural simplicity and operational success come from re-use."
|
||||
rationale: "Custom architectures are expensive to build and maintain. Reference architectures exist for a reason."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "D-04"
|
||||
name: "Hybrid-Ready"
|
||||
principle: "Solution should run in hybrid mode, accounting for network bandwidth and latency."
|
||||
rationale: "Most enterprise migrations have a hybrid phase. Architecture must work during transition."
|
||||
applies_when: "on-prem exists or migration is phased"
|
||||
|
||||
- id: "D-05"
|
||||
name: "HA for Business Continuity"
|
||||
principle: "Architect for availability, prepare for disaster, leverage cloud's built-in resilience."
|
||||
rationale: "HA is cheaper to build in from day 1 than to retrofit."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "D-06"
|
||||
name: "Compliance by Design"
|
||||
principle: "Consider required compliance requirements and existing policies from the initial design phase."
|
||||
rationale: "Retrofitting compliance is orders of magnitude more expensive than designing for it."
|
||||
applies_when: "compliance requirements identified (PCI, HIPAA, banking, GDPR)"
|
||||
|
||||
deployment:
|
||||
- id: "P-01"
|
||||
name: "Automation First"
|
||||
principle: "Strive to automate production processes from the beginning — infrastructure as code, seeded features."
|
||||
rationale: "Manual processes don't scale, are error-prone, and create key-person dependencies."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "P-02"
|
||||
name: "Environment Separation"
|
||||
principle: "Production always separated from test and dev. Clear lifecycle policy."
|
||||
rationale: "Prevents accidental data exposure and configuration drift."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "P-03"
|
||||
name: "API-Centric Integration"
|
||||
principle: "Prefer integration via REST APIs over lower-level network protocols."
|
||||
rationale: "APIs are versionable, documentable, and testable. Direct DB links are fragile."
|
||||
applies_when: "integration points exist"
|
||||
|
||||
- id: "P-04"
|
||||
name: "Data Security at Rest and In Transit"
|
||||
principle: "Encrypt data at rest (TDE) and in transit (SQL*Net encryption). Key management from day 1."
|
||||
rationale: "Encryption is a baseline, not an option. Key management complexity grows with scale."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "P-05"
|
||||
name: "Unified Identity Management"
|
||||
principle: "All users managed in central identity system. SSO. Federation where applicable."
|
||||
rationale: "Distributed identity is a security liability."
|
||||
applies_when: "always"
|
||||
|
||||
service:
|
||||
- id: "S-01"
|
||||
name: "Cloud Monitoring & Management"
|
||||
principle: "Map management and monitoring requirements explicitly. Use cloud-native tools first."
|
||||
rationale: "Observability gaps become operational crises during incidents."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "S-02"
|
||||
name: "Issue & Incident Management"
|
||||
principle: "Design for service. Adopt incident management with clear ownership, governance, and SLAs."
|
||||
rationale: "Without defined escalation paths, incidents become crises."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "S-03"
|
||||
name: "Solution Lifecycle"
|
||||
principle: "Map governance for cloud solution lifecycle. Apply ITIL/ITSM frameworks. Readiness for continuous change."
|
||||
rationale: "Cloud evolves constantly. The architecture must evolve with it."
|
||||
applies_when: "always"
|
||||
|
||||
- id: "S-04"
|
||||
name: "Cloud Onboarding"
|
||||
principle: "Setup PoC environment first. Early Customer Success Management involvement."
|
||||
rationale: "Hands-on validation before commitment reduces risk and builds confidence."
|
||||
applies_when: "customer is new to OCI"
|
||||
217
kb/patterns/business-drivers.yaml
Normal file
217
kb/patterns/business-drivers.yaml
Normal file
@@ -0,0 +1,217 @@
|
||||
---
|
||||
last_verified: 2026-03-18
|
||||
pattern:
|
||||
id: business-drivers
|
||||
name: "Business Drivers Framework"
|
||||
category: define
|
||||
---
|
||||
|
||||
description: >
|
||||
Categorizes customer business drivers into four pillars (Strategic,
|
||||
Financial, Business Ops, IT Ops) and maps them to cloud value
|
||||
propositions. Used during DEFINE phase to structure the Value Story
|
||||
and during CONFIRM to frame the Solution Proposal. Source: ECAL 3.1.
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# The Four Pillars
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
pillars:
|
||||
|
||||
strategic:
|
||||
label: "Strategic"
|
||||
headline: "Business Transformation to Cloud"
|
||||
description: >
|
||||
Long-term strategic positioning. Cloud as enabler for business
|
||||
model evolution, M&A, market expansion, or competitive defense.
|
||||
common_drivers:
|
||||
- "Cloud-first / cloud-native strategy mandated by CxO"
|
||||
- "Digital transformation initiative"
|
||||
- "Merger or acquisition requiring platform consolidation"
|
||||
- "Geographic expansion requiring global infrastructure"
|
||||
- "Competitive pressure from cloud-native disruptors"
|
||||
- "Board/investor mandate for technology modernization"
|
||||
- "Innovation enablement (AI/ML, IoT, blockchain)"
|
||||
value_propositions:
|
||||
- "Cloud-based solution with enterprise features"
|
||||
- "On-premise security with cloud economics (C@C, dedicated region)"
|
||||
- "Customer-defined security model"
|
||||
- "Data sovereignty and residency guarantees"
|
||||
- "Multi-cloud and hybrid flexibility"
|
||||
|
||||
financial:
|
||||
label: "Financial"
|
||||
headline: "Cost Optimization"
|
||||
description: >
|
||||
Direct financial impact. CAPEX→OPEX shift, license optimization,
|
||||
support cost reduction, consumption-based pricing.
|
||||
common_drivers:
|
||||
- "Reduce total cost of ownership (TCO)"
|
||||
- "Shift from CAPEX to OPEX model"
|
||||
- "Optimize Oracle licensing (ULA wind-down, BYOL)"
|
||||
- "Reduce data center costs (power, cooling, space, staff)"
|
||||
- "Support rebate / simplified licensing"
|
||||
- "Avoid hardware refresh cycle"
|
||||
- "Consumption-based pricing alignment with business cycles"
|
||||
value_propositions:
|
||||
- "Subscription and consumption-based commercials"
|
||||
- "Simplified licensing (BYOL, universal credits)"
|
||||
- "PAYG flexibility for variable workloads"
|
||||
- "Support cost reduction via managed services"
|
||||
- "Elimination of hardware refresh capex"
|
||||
quantification_tips:
|
||||
- "Compare 3-year TCO: current state vs. OCI (include staff, power, space)"
|
||||
- "Factor in support rebate for moving to OCI"
|
||||
- "Account for BYOL savings (if eligible)"
|
||||
- "Include non-prod savings (auto-scaling, auto-stop)"
|
||||
|
||||
business_ops:
|
||||
label: "Business Operations"
|
||||
headline: "Faster Time to Market"
|
||||
description: >
|
||||
Business agility and speed. Faster development cycles, quicker
|
||||
deployment of new capabilities, reduced time-to-value.
|
||||
common_drivers:
|
||||
- "Faster development and deployment of new applications"
|
||||
- "Reduce release cycle from months to weeks"
|
||||
- "Enable self-service provisioning for developers"
|
||||
- "Data platform for analytics and decision-making"
|
||||
- "Support rapid experimentation and A/B testing"
|
||||
- "Enable mobile/digital channels faster"
|
||||
- "Partner and ecosystem integration"
|
||||
value_propositions:
|
||||
- "Faster development of customer-facing and internal apps"
|
||||
- "Data platform implementation (lakehouse, analytics)"
|
||||
- "Self-service database provisioning"
|
||||
- "CI/CD and DevOps enablement"
|
||||
- "Integration with partner ecosystems"
|
||||
|
||||
it_ops:
|
||||
label: "IT Operations"
|
||||
headline: "Operational Efficiency"
|
||||
description: >
|
||||
IT team productivity and operational excellence. Reduce toil,
|
||||
improve reliability, automate operations.
|
||||
common_drivers:
|
||||
- "Reduce DBA / sysadmin toil (patching, backups, monitoring)"
|
||||
- "Improve availability and reduce unplanned downtime"
|
||||
- "Standardize operations across environments"
|
||||
- "Automate provisioning and lifecycle management"
|
||||
- "Improve disaster recovery posture"
|
||||
- "Address skill gaps (hard to hire Oracle DBAs)"
|
||||
- "Consolidate tooling and reduce tool sprawl"
|
||||
- "Performance improvement without hardware throw"
|
||||
value_propositions:
|
||||
- "Oracle Managed Cloud environment"
|
||||
- "Autonomous operations (ADB self-tuning, self-patching)"
|
||||
- "Data platform implementation and consolidation"
|
||||
- "Performance improvement via Exadata architecture"
|
||||
- "Unified monitoring and management (OCI native tools)"
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# Mapping: Business Driver → Hypothesis Family
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# Use this to quickly map a customer's stated driver to a
|
||||
# hypothesis family for the Value Story
|
||||
|
||||
hypothesis_families:
|
||||
|
||||
db_consolidation:
|
||||
triggers:
|
||||
- "Too many databases across too many platforms"
|
||||
- "Hardware refresh coming due"
|
||||
- "DBA team stretched thin"
|
||||
- "License compliance concerns"
|
||||
use_cases:
|
||||
- "Consolidation of N databases to shared platform"
|
||||
- "Transform to fully managed operations"
|
||||
- "Improved elasticity and cost control"
|
||||
- "Standardized backup, HA, and DR"
|
||||
typical_services:
|
||||
- "ADB-S or ADB-D (for consolidation)"
|
||||
- "ExaCS or ExaCC (for large scale)"
|
||||
- "OEM for fleet management"
|
||||
pillar_alignment: ["financial", "it_ops"]
|
||||
|
||||
cloud_migration:
|
||||
triggers:
|
||||
- "Data center lease expiring"
|
||||
- "Cloud-first mandate"
|
||||
- "Competitive pressure"
|
||||
- "EOL hardware or software"
|
||||
use_cases:
|
||||
- "Lift-and-shift existing Oracle workloads"
|
||||
- "Re-platform to managed services"
|
||||
- "Hybrid cloud (keep some on-prem)"
|
||||
typical_services:
|
||||
- "OCI Compute (VM/BM)"
|
||||
- "ExaCS (for Oracle DB workloads)"
|
||||
- "ADB-S (for re-platform)"
|
||||
- "FastConnect + VPN"
|
||||
pillar_alignment: ["strategic", "financial"]
|
||||
|
||||
modernization:
|
||||
triggers:
|
||||
- "Legacy app can't support new business requirements"
|
||||
- "Technical debt is slowing delivery"
|
||||
- "Need for microservices or API-first"
|
||||
- "AI/ML capabilities required"
|
||||
use_cases:
|
||||
- "Re-architect legacy apps to cloud-native"
|
||||
- "Add AI/ML capabilities to existing workflows"
|
||||
- "Microservices decomposition"
|
||||
- "APEX rapid app development"
|
||||
typical_services:
|
||||
- "OKE (Kubernetes)"
|
||||
- "ADB-S + APEX"
|
||||
- "OCI AI Services"
|
||||
- "API Gateway + Functions"
|
||||
pillar_alignment: ["business_ops", "strategic"]
|
||||
|
||||
dr_and_resilience:
|
||||
triggers:
|
||||
- "Recent outage or near-miss"
|
||||
- "Audit finding on DR gaps"
|
||||
- "Insurance or compliance requirement"
|
||||
- "Business continuity plan update"
|
||||
use_cases:
|
||||
- "Cross-region DR for critical workloads"
|
||||
- "Active-active for zero RPO"
|
||||
- "Pilot light DR for cost optimization"
|
||||
typical_services:
|
||||
- "Cross-region ADG"
|
||||
- "Full Stack DR"
|
||||
- "Object Storage for backups"
|
||||
pillar_alignment: ["it_ops", "strategic"]
|
||||
|
||||
compliance_driven:
|
||||
triggers:
|
||||
- "New regulation (DORA, NIS2, GDPR enforcement)"
|
||||
- "Audit finding requiring remediation"
|
||||
- "Data sovereignty requirement"
|
||||
- "Industry-specific mandate (banking, healthcare)"
|
||||
use_cases:
|
||||
- "Data residency with OCI regions or dedicated region"
|
||||
- "Encryption and key management (customer-managed keys)"
|
||||
- "Access controls and audit trail"
|
||||
- "Isolated compute (C@C, dedicated region)"
|
||||
typical_services:
|
||||
- "OCI Vault (KMS)"
|
||||
- "Data Safe"
|
||||
- "Cloud Guard"
|
||||
- "ExaCC or Dedicated Region"
|
||||
pillar_alignment: ["strategic", "it_ops"]
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# Usage in the skill
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
skill_usage:
|
||||
define_phase:
|
||||
- "Parse discovery notes to identify which pillar(s) are dominant"
|
||||
- "Use pillar alignment to select the right hypothesis family"
|
||||
- "Structure the Value Story around the dominant 1-2 pillars"
|
||||
- "Use value_propositions as talking points for the proposal"
|
||||
confirm_phase:
|
||||
- "Frame the Solution Proposal business case around the identified pillars"
|
||||
- "Use quantification_tips for the financial pillar"
|
||||
- "Map each architecture decision back to the business driver"
|
||||
128
kb/patterns/business-patterns.yaml
Normal file
128
kb/patterns/business-patterns.yaml
Normal file
@@ -0,0 +1,128 @@
|
||||
# Business Patterns Library
|
||||
# Proven business-level patterns that map customer drivers to OCI solution strategies
|
||||
# Referenced during DEFINE/Ideate to formulate value hypotheses
|
||||
|
||||
patterns:
|
||||
|
||||
# --- Cost Optimization Patterns ---
|
||||
- id: biz_cost_reduction_db
|
||||
name: "Database Cost Reduction"
|
||||
business_driver: cost_reduction
|
||||
hypothesis_template: "Migrate {n} Oracle databases from {current_platform} to ADB-S, reducing total DB cost by {pct}% through autonomous operations and BYOL/ULA leverage"
|
||||
applicable_when:
|
||||
- "Customer runs Oracle databases on-prem or in AWS/Azure"
|
||||
- "Existing ULA or BYOL licenses available"
|
||||
- "DBA team spends >50% time on maintenance tasks"
|
||||
typical_outcome:
|
||||
cost_savings: "40-70% vs on-prem, 30-50% vs AWS RDS Oracle"
|
||||
operational_savings: "50-80% reduction in DBA administrative effort"
|
||||
evidence:
|
||||
- "ADB-S automates patching, tuning, backups"
|
||||
- "BYOL cost advantage vs AWS License Included"
|
||||
technology_patterns: [database_ha_adb_s, database_dr_cross_region]
|
||||
risks: ["Feature compatibility gaps", "Migration complexity for customized DBs"]
|
||||
|
||||
- id: biz_cost_reduction_compute
|
||||
name: "Compute Cost Optimization"
|
||||
business_driver: cost_reduction
|
||||
hypothesis_template: "Right-size and modernize {n} compute workloads to OCI Flex shapes with auto-scaling, reducing compute spend by {pct}%"
|
||||
applicable_when:
|
||||
- "Over-provisioned VMs on-prem or in another cloud"
|
||||
- "Variable workload patterns with steady-state over-provisioning"
|
||||
typical_outcome:
|
||||
cost_savings: "30-50% through right-sizing + auto-scaling"
|
||||
technology_patterns: [compute_scaling]
|
||||
|
||||
# --- Modernization Patterns ---
|
||||
- id: biz_app_modernization
|
||||
name: "Application Modernization"
|
||||
business_driver: modernization
|
||||
hypothesis_template: "Modernize {app_name} from {current_stack} to cloud-native on OKE, improving deployment frequency from {current_freq} to {target_freq}"
|
||||
applicable_when:
|
||||
- "Monolithic application limiting agility"
|
||||
- "Slow deployment cycles (monthly or longer)"
|
||||
- "Team has or is building container/K8s skills"
|
||||
typical_outcome:
|
||||
deployment_frequency: "From monthly to daily/weekly"
|
||||
scalability: "Horizontal auto-scaling vs vertical only"
|
||||
technology_patterns: [compute_scaling]
|
||||
risks: ["Requires significant app refactoring", "Team skill gap"]
|
||||
|
||||
- id: biz_db_modernization
|
||||
name: "Database Modernization (non-Oracle)"
|
||||
business_driver: modernization
|
||||
hypothesis_template: "Migrate {db_engine} to OCI-managed {target_service}, eliminating operational overhead while maintaining application compatibility"
|
||||
applicable_when:
|
||||
- "Running self-managed MySQL, PostgreSQL, or MongoDB"
|
||||
- "Want to reduce operational burden without app rewrite"
|
||||
typical_outcome:
|
||||
operational_savings: "Automated backups, patching, HA"
|
||||
technology_patterns: [database_ha_adb_s]
|
||||
|
||||
# --- Compliance Patterns ---
|
||||
- id: biz_compliance_driven
|
||||
name: "Compliance-Driven Migration"
|
||||
business_driver: compliance
|
||||
hypothesis_template: "Migrate {scope} to OCI to meet {compliance_framework} requirements by {deadline}, leveraging OCI's built-in compliance controls"
|
||||
applicable_when:
|
||||
- "Upcoming compliance audit or certification deadline"
|
||||
- "Current infrastructure doesn't meet regulatory requirements"
|
||||
- "Data residency or sovereignty requirements"
|
||||
typical_outcome:
|
||||
compliance: "Certification-ready infrastructure"
|
||||
timeline: "Typically 8-16 weeks for standard compliance scope"
|
||||
technology_patterns: [security_baseline, compliance_pci]
|
||||
risks: ["Compliance scope creep", "Shared responsibility model gaps"]
|
||||
|
||||
# --- Hardware EOL / Contract Expiry Patterns ---
|
||||
- id: biz_hardware_eol
|
||||
name: "Hardware End-of-Life Migration"
|
||||
business_driver: hardware_eol
|
||||
hypothesis_template: "Migrate {n} workloads from EOL {hardware} to OCI before {eol_date}, avoiding {cost} hardware refresh while gaining cloud elasticity"
|
||||
applicable_when:
|
||||
- "On-prem hardware approaching end of support"
|
||||
- "Capital expenditure avoidance is a driver"
|
||||
- "Timeline is fixed by hardware support dates"
|
||||
typical_outcome:
|
||||
capex_avoidance: "Avoid $X hardware refresh"
|
||||
opex_model: "Shift to predictable OpEx"
|
||||
technology_patterns: [database_ha_adb_s, compute_scaling, networking_basic]
|
||||
|
||||
- id: biz_contract_expiry
|
||||
name: "Cloud Contract Expiry / Repatriation"
|
||||
business_driver: contract_expiry
|
||||
hypothesis_template: "Migrate {n} workloads from {incumbent_cloud} to OCI before contract renewal, reducing cloud spend by {pct}% with better Oracle licensing economics"
|
||||
applicable_when:
|
||||
- "AWS/Azure contract up for renewal"
|
||||
- "Running Oracle workloads on non-Oracle cloud"
|
||||
- "Significant Oracle license cost on AWS/Azure"
|
||||
typical_outcome:
|
||||
cost_savings: "30-60% for Oracle DB workloads (BYOL advantage)"
|
||||
technology_patterns: [database_ha_adb_s, networking_hub_spoke]
|
||||
|
||||
# --- Performance Patterns ---
|
||||
- id: biz_performance_improvement
|
||||
name: "Performance Improvement"
|
||||
business_driver: performance
|
||||
hypothesis_template: "Migrate {workload} to OCI {target_service} to achieve {target_metric}, resolving current {pain_point}"
|
||||
applicable_when:
|
||||
- "Current platform cannot meet performance SLAs"
|
||||
- "Latency or throughput is a business-impacting issue"
|
||||
- "Exadata-class performance needed without Exadata cost"
|
||||
typical_outcome:
|
||||
performance: "2-5x improvement typical with ADB-S/ExaCS"
|
||||
technology_patterns: [database_ha_adb_s]
|
||||
|
||||
# --- Consolidation Patterns ---
|
||||
- id: biz_consolidation
|
||||
name: "Database Consolidation"
|
||||
business_driver: consolidation
|
||||
hypothesis_template: "Consolidate {n} Oracle databases into {target_n} ADB-S instances, reducing management complexity and licensing footprint"
|
||||
applicable_when:
|
||||
- "Many small Oracle databases (sprawl)"
|
||||
- "Under-utilized database instances"
|
||||
- "License optimization opportunity"
|
||||
typical_outcome:
|
||||
license_reduction: "40-60% fewer required OCPUs"
|
||||
operational_reduction: "Manage N instead of N*10 instances"
|
||||
technology_patterns: [database_ha_adb_s]
|
||||
94
kb/patterns/compliance-pci/pattern.yaml
Normal file
94
kb/patterns/compliance-pci/pattern.yaml
Normal file
@@ -0,0 +1,94 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: PCI-DSS Compliance Overlay
|
||||
category: compliance
|
||||
---
|
||||
|
||||
description: |
|
||||
Additional security controls required for PCI-DSS compliance on OCI.
|
||||
Builds on top of the security-baseline pattern.
|
||||
|
||||
pci_scope_definition:
|
||||
cardholder_data_environment:
|
||||
- "Databases storing PAN (Primary Account Number)"
|
||||
- "Application servers processing card data"
|
||||
- "Network segments carrying card data"
|
||||
out_of_scope:
|
||||
- "Reporting databases (if no PAN)"
|
||||
- "Development environments (if no real card data)"
|
||||
- "Management/monitoring infrastructure"
|
||||
recommendation: |
|
||||
Minimize PCI scope aggressively. Use tokenization to remove PAN
|
||||
from most systems. Only the tokenization service and payment
|
||||
gateway should be in scope.
|
||||
|
||||
controls:
|
||||
network_segmentation:
|
||||
pci_req: "Requirement 1: Network segmentation"
|
||||
implementation:
|
||||
- "Dedicated VCN for CDE (Cardholder Data Environment)"
|
||||
- "NSGs restricting traffic to/from CDE"
|
||||
- "Network Firewall for traffic inspection between CDE and non-CDE"
|
||||
- "No internet-facing services in CDE subnet"
|
||||
- "Document all network flows in and out of CDE"
|
||||
|
||||
encryption:
|
||||
pci_req: "Requirement 3 & 4: Protect stored and transmitted data"
|
||||
implementation:
|
||||
- "TDE with customer-managed keys (OCI Vault) for databases"
|
||||
- "TLS 1.2+ for all data in transit"
|
||||
- "Column-level encryption for PAN if stored"
|
||||
- "Key rotation per PCI requirements (annual minimum)"
|
||||
- "Data masking for non-production environments (Data Safe)"
|
||||
|
||||
access_control:
|
||||
pci_req: "Requirement 7 & 8: Access control"
|
||||
implementation:
|
||||
- "Dedicated compartment for CDE resources"
|
||||
- "IAM policies restricting CDE access to authorized personnel"
|
||||
- "MFA required for all CDE access"
|
||||
- "Privileged access management with session recording"
|
||||
- "Quarterly access reviews"
|
||||
|
||||
monitoring:
|
||||
pci_req: "Requirement 10: Logging and monitoring"
|
||||
implementation:
|
||||
- "Centralized logging (OCI Logging + SIEM integration)"
|
||||
- "Audit trail for all CDE access (OCI Audit)"
|
||||
- "Real-time alerting for security events (Cloud Guard)"
|
||||
- "Log retention minimum 12 months (1 year online, archive older)"
|
||||
- "Daily log review process"
|
||||
|
||||
vulnerability_management:
|
||||
pci_req: "Requirement 5 & 6: Vulnerability management"
|
||||
implementation:
|
||||
- "Vulnerability Scanning service for compute instances"
|
||||
- "Data Safe security assessments for databases"
|
||||
- "Automated patching via OS Management"
|
||||
- "Web Application Firewall (WAF) for public endpoints"
|
||||
- "Quarterly vulnerability scans, annual penetration tests"
|
||||
|
||||
dr_for_pci:
|
||||
pci_req: "Requirement 12: DR and business continuity"
|
||||
implementation:
|
||||
- "Cross-region DR for CDE (same PCI controls in DR region)"
|
||||
- "DR region must also be PCI-compliant"
|
||||
- "Annual DR drill with PCI scope validation"
|
||||
|
||||
oci_pci_services:
|
||||
- service: "OCI Vault"
|
||||
role: "Customer-managed encryption keys"
|
||||
- service: "Data Safe"
|
||||
role: "Database security assessment, data masking, audit"
|
||||
- service: "Cloud Guard"
|
||||
role: "Threat detection, security posture management"
|
||||
- service: "WAF"
|
||||
role: "Web application firewall for public endpoints"
|
||||
- service: "Bastion"
|
||||
role: "Secure access to CDE without public IPs"
|
||||
- service: "Network Firewall"
|
||||
role: "Traffic inspection between CDE and non-CDE"
|
||||
- service: "Vulnerability Scanning"
|
||||
role: "Automated vulnerability detection"
|
||||
- service: "OS Management"
|
||||
role: "Automated patching"
|
||||
72
kb/patterns/compute-scaling/pattern.yaml
Normal file
72
kb/patterns/compute-scaling/pattern.yaml
Normal file
@@ -0,0 +1,72 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: Compute Scaling
|
||||
category: compute
|
||||
---
|
||||
|
||||
description: |
|
||||
Auto-scaling and load balancing patterns for OCI compute workloads.
|
||||
|
||||
patterns:
|
||||
instance_pool_autoscaling:
|
||||
name: "Instance Pool Auto-Scaling"
|
||||
components:
|
||||
- "Instance Pool with instance configuration"
|
||||
- "Auto-scaling policy (metric-based or schedule-based)"
|
||||
- "Load Balancer (flexible or network)"
|
||||
scaling_metrics:
|
||||
- "CPU utilization"
|
||||
- "Memory utilization"
|
||||
- "Custom metrics via Monitoring service"
|
||||
scaling_speed: "New instances in 2-5 minutes"
|
||||
when_to_use:
|
||||
- "Stateless applications"
|
||||
- "Web/API tiers"
|
||||
- "Batch processing with variable load"
|
||||
|
||||
oke_horizontal_pod_autoscaling:
|
||||
name: "OKE Horizontal Pod Autoscaler"
|
||||
components:
|
||||
- "OKE cluster with managed nodes"
|
||||
- "HPA resource definitions"
|
||||
- "Cluster Autoscaler for node scaling"
|
||||
scaling_metrics:
|
||||
- "CPU utilization"
|
||||
- "Memory utilization"
|
||||
- "Custom metrics"
|
||||
scaling_speed: "Pods: seconds, Nodes: 5-10 minutes"
|
||||
when_to_use:
|
||||
- "Containerized microservices"
|
||||
- "Applications already on Kubernetes"
|
||||
|
||||
oke_virtual_nodes:
|
||||
name: "OKE Virtual Nodes (Serverless)"
|
||||
components:
|
||||
- "OKE cluster with virtual node pool"
|
||||
- "No node management required"
|
||||
scaling_speed: "Seconds (no node provisioning)"
|
||||
when_to_use:
|
||||
- "Burst workloads"
|
||||
- "Event-driven container workloads"
|
||||
- "Teams that don't want to manage nodes"
|
||||
|
||||
load_balancing:
|
||||
flexible_lb:
|
||||
type: "Layer 7 (HTTP/HTTPS)"
|
||||
features:
|
||||
- "SSL termination"
|
||||
- "Path-based routing"
|
||||
- "Session persistence"
|
||||
- "Health checks"
|
||||
- "WAF integration"
|
||||
bandwidth: "10 Mbps to 8 Gbps"
|
||||
use_for: "Web applications, API endpoints"
|
||||
|
||||
network_lb:
|
||||
type: "Layer 4 (TCP/UDP)"
|
||||
features:
|
||||
- "Ultra-low latency"
|
||||
- "Preserves source IP"
|
||||
- "Health checks"
|
||||
bandwidth: "Up to line rate"
|
||||
use_for: "Database connections, non-HTTP protocols, high-throughput"
|
||||
90
kb/patterns/database-dr-cross-region.yaml
Normal file
90
kb/patterns/database-dr-cross-region.yaml
Normal file
@@ -0,0 +1,90 @@
|
||||
# Pattern: Cross-Region Database DR
|
||||
# Composable architecture block for cross-region disaster recovery
|
||||
|
||||
pattern:
|
||||
name: "Cross-Region Database DR"
|
||||
id: database_dr_cross_region
|
||||
category: database-dr
|
||||
|
||||
description: |
|
||||
Cross-region disaster recovery using Autonomous Data Guard or Active Data Guard to
|
||||
maintain an asynchronous standby database in a remote OCI region. Provides protection
|
||||
against full-region outages with RPO measured in seconds and RTO in minutes. Applicable
|
||||
to ADB-S, DBCS, and ExaCS deployments.
|
||||
|
||||
variants:
|
||||
- id: adb_s_cross_region
|
||||
name: "ADB-S Cross-Region Autonomous Data Guard"
|
||||
topology: "ADB-S primary in Region A, Autonomous Data Guard standby in Region B"
|
||||
rpo: "Seconds (asynchronous replication)"
|
||||
rto: "< 15 minutes (automated switchover/failover)"
|
||||
use_when:
|
||||
- "ADB-S workload requires regional DR"
|
||||
- "RPO of seconds is acceptable"
|
||||
- "Fully managed DR with minimal operational overhead"
|
||||
|
||||
- id: dbcs_cross_region
|
||||
name: "DBCS Cross-Region Active Data Guard"
|
||||
topology: "DBCS primary in Region A, ADG standby in Region B"
|
||||
rpo: "Seconds to minutes (asynchronous)"
|
||||
rto: "Minutes to 1 hour depending on automation"
|
||||
use_when:
|
||||
- "DBCS workload requires regional DR"
|
||||
- "Custom database configuration needed"
|
||||
- "Manual or scripted failover acceptable"
|
||||
|
||||
- id: exacs_cross_region
|
||||
name: "ExaCS Cross-Region Active Data Guard"
|
||||
topology: "ExaCS primary in Region A, ADG standby in Region B"
|
||||
rpo: "Seconds to minutes (asynchronous)"
|
||||
rto: "Minutes to 1 hour depending on automation"
|
||||
use_when:
|
||||
- "ExaCS workload requires regional DR"
|
||||
- "High-performance database with regional protection"
|
||||
- "Consolidated databases on Exadata with cross-region standby"
|
||||
|
||||
preconditions:
|
||||
- "Primary database provisioned and operational"
|
||||
- "DR region selected with matching service availability"
|
||||
- "Network connectivity between regions (remote VCN peering via DRG or dedicated infrastructure)"
|
||||
- "Sufficient quota in DR region for standby compute and storage"
|
||||
- "For DBCS/ExaCS: Active Data Guard license (EE-HP or EE-EP, or BYOL with ADG option)"
|
||||
|
||||
implied_services:
|
||||
- service: dns_traffic_management
|
||||
reason: "Automated DNS failover to redirect application traffic to DR region"
|
||||
- service: oci_notifications
|
||||
reason: "Alerting on replication lag, failover events, and switchover status"
|
||||
- service: monitoring
|
||||
reason: "Track replication lag, standby apply rate, and DR readiness"
|
||||
|
||||
conflicts:
|
||||
- pattern: "sync_data_guard_cross_region"
|
||||
reason: "Synchronous Data Guard is not supported cross-region due to latency; only asynchronous replication is available"
|
||||
|
||||
gotchas:
|
||||
- "Cross-region Active/Autonomous Data Guard is asynchronous only — RPO is always > 0"
|
||||
- "Cross-region data transfer costs apply for redo log transport between regions"
|
||||
- "Switchover is planned (zero data loss, brief outage) vs. failover is unplanned (potential data loss up to RPO)"
|
||||
- "After failover, old primary must be reinstated or re-created — not automatic for DBCS/ExaCS"
|
||||
- "Application connection strings must be updated or use DNS-based failover"
|
||||
- "ADB-S cross-region DR requires both regions to support ADB-S"
|
||||
- "DR readiness should be validated with periodic switchover drills"
|
||||
|
||||
cost_impact:
|
||||
- "Full standby compute and storage cost in DR region (same as primary)"
|
||||
- "Cross-region network egress charges for redo transport"
|
||||
- "For ADB-S: standby OCPU/ECPU billed at same rate as primary"
|
||||
- "DNS Traffic Management: per-zone and per-query charges"
|
||||
- "Consider reserved capacity in DR region for cost optimization"
|
||||
|
||||
sizing_rules:
|
||||
- "Standby must be same shape and size as primary to ensure failover performance"
|
||||
- "Network bandwidth: estimate redo generation rate (typically 10-50 Mbps per 10K TPS)"
|
||||
- "Storage in DR region must match primary storage allocation"
|
||||
- "For ExaCS: same Exadata infrastructure shape required in DR region"
|
||||
|
||||
references:
|
||||
- "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-data-guard.html"
|
||||
- "https://docs.oracle.com/en/cloud/paas/base-database/index.html"
|
||||
- "https://docs.oracle.com/en/database/oracle/oracle-database/19/sbydb/"
|
||||
97
kb/patterns/database-dr/pattern.yaml
Normal file
97
kb/patterns/database-dr/pattern.yaml
Normal file
@@ -0,0 +1,97 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: Database Disaster Recovery
|
||||
category: database
|
||||
---
|
||||
|
||||
description: |
|
||||
DR patterns for Oracle databases on OCI. Covers active-passive,
|
||||
active-active, and pilot light approaches.
|
||||
|
||||
tiers:
|
||||
tier_1_mission_critical:
|
||||
name: "Mission Critical"
|
||||
rto: "<15 minutes"
|
||||
rpo: "<1 minute"
|
||||
pattern: "Active-passive with automatic failover"
|
||||
implementation:
|
||||
adb_s: "Cross-region ADG with auto-failover"
|
||||
exacs: "Cross-region Data Guard with FSFO + Observer"
|
||||
cost_multiplier: "2x (full standby)"
|
||||
testing: "Quarterly automated DR drill"
|
||||
|
||||
tier_2_business_critical:
|
||||
name: "Business Critical"
|
||||
rto: "<1 hour"
|
||||
rpo: "<15 minutes"
|
||||
pattern: "Active-passive with manual failover"
|
||||
implementation:
|
||||
adb_s: "Cross-region ADG with manual switchover"
|
||||
exacs: "Cross-region Data Guard without FSFO"
|
||||
cost_multiplier: "2x (full standby) or 1.5x (scaled-down standby)"
|
||||
testing: "Semi-annual DR drill"
|
||||
|
||||
tier_3_standard:
|
||||
name: "Standard"
|
||||
rto: "<4 hours"
|
||||
rpo: "<1 hour"
|
||||
pattern: "Pilot light or backup-restore"
|
||||
implementation:
|
||||
adb_s: "Cross-region backup with restore-on-demand"
|
||||
exacs: "RMAN backups to Object Storage, cross-region replicated"
|
||||
cost_multiplier: "1.1x (backup storage only)"
|
||||
testing: "Annual DR drill"
|
||||
|
||||
dr_regions:
|
||||
recommended_pairs:
|
||||
- primary: "US East (Ashburn)"
|
||||
dr: "US West (Phoenix)"
|
||||
latency_ms: "~60"
|
||||
- primary: "UK South (London)"
|
||||
dr: "Germany Central (Frankfurt)"
|
||||
latency_ms: "~15"
|
||||
- primary: "Japan East (Tokyo)"
|
||||
dr: "Japan Central (Osaka)"
|
||||
latency_ms: "~10"
|
||||
- primary: "Brazil East (Sao Paulo)"
|
||||
dr: "Brazil Southeast (Vinhedo)"
|
||||
latency_ms: "~5"
|
||||
|
||||
migration_cutover:
|
||||
zero_downtime:
|
||||
tools: ["ZDM with GoldenGate", "Data Guard switchover"]
|
||||
prerequisites:
|
||||
- "GoldenGate configured and replicating"
|
||||
- "Application connection strings use TNS aliases"
|
||||
- "DNS TTL reduced before cutover"
|
||||
steps:
|
||||
- "Verify replication lag is zero"
|
||||
- "Stop writes to source"
|
||||
- "Verify final sync"
|
||||
- "Switch application connection strings"
|
||||
- "Validate application functionality"
|
||||
- "Decommission source (after bake period)"
|
||||
|
||||
planned_downtime:
|
||||
tools: ["Data Pump", "RMAN restore", "ZDM physical"]
|
||||
typical_downtime: "2-8 hours depending on database size"
|
||||
steps:
|
||||
- "Announce maintenance window"
|
||||
- "Take final backup/export"
|
||||
- "Restore/import to target"
|
||||
- "Switch application connections"
|
||||
- "Validate"
|
||||
|
||||
gotchas:
|
||||
- id: DR-001
|
||||
issue: "Cross-region ADG network latency affects commit performance"
|
||||
impact: "Synchronous mode adds latency to every commit"
|
||||
recommendation: "Use asynchronous for cross-region (default), accept seconds of RPO"
|
||||
- id: DR-002
|
||||
issue: "DR standby compute may not be available during regional disaster"
|
||||
impact: "If DR region is also impacted, compute capacity may be limited"
|
||||
recommendation: "Use capacity reservations in DR region for critical workloads"
|
||||
- id: DR-003
|
||||
issue: "Application tier DR often forgotten"
|
||||
impact: "Database fails over but app tier is not available"
|
||||
recommendation: "Include app tier in DR plan — Terraform for on-demand provisioning"
|
||||
71
kb/patterns/database-ha-adb-s.yaml
Normal file
71
kb/patterns/database-ha-adb-s.yaml
Normal file
@@ -0,0 +1,71 @@
|
||||
# Pattern: ADB-S High Availability
|
||||
# Composable architecture block for Autonomous Database Serverless HA
|
||||
|
||||
pattern:
|
||||
name: "ADB-S High Availability"
|
||||
id: database_ha_adb_s
|
||||
category: database-ha
|
||||
|
||||
description: |
|
||||
Autonomous Database Serverless (ADB-S) provides built-in high availability through
|
||||
Transparent Application Continuity (TAC) and automated failover. TAC replays in-flight
|
||||
transactions transparently after infrastructure failures, masking outages from applications.
|
||||
For additional protection, Autonomous Data Guard provides a same-region standby with
|
||||
synchronous replication for zero data loss.
|
||||
|
||||
variants:
|
||||
- id: local_ha
|
||||
name: "Built-in Local HA (TAC)"
|
||||
topology: "Same-region, ADB-S infrastructure-managed failover"
|
||||
rpo: "0"
|
||||
rto: "~0 perceived (transparent replay via TAC)"
|
||||
use_when:
|
||||
- "Standard HA for ADB-S workloads"
|
||||
- "Application can tolerate brief transparent replay"
|
||||
- "No separate standby database required"
|
||||
|
||||
- id: local_standby
|
||||
name: "Same-Region Autonomous Data Guard Standby"
|
||||
topology: "Primary + Standby in same region via Autonomous Data Guard"
|
||||
rpo: "0 (synchronous replication)"
|
||||
rto: "< 30 seconds (automatic switchover)"
|
||||
use_when:
|
||||
- "Zero RPO mandatory"
|
||||
- "Protection against full AD or FD failure"
|
||||
- "Read-only offload to standby needed"
|
||||
|
||||
preconditions:
|
||||
- "ADB-S instance provisioned (Shared infrastructure)"
|
||||
- "Private endpoint recommended for production workloads"
|
||||
- "VCN with Service Gateway for secure OCI service access"
|
||||
- "Wallet or mTLS connectivity configured for clients"
|
||||
|
||||
implied_services:
|
||||
- service: service_gateway
|
||||
reason: "Secure access to OCI services without internet traversal"
|
||||
- service: oci_vault
|
||||
reason: "Customer-managed encryption keys for TDE"
|
||||
- service: data_safe
|
||||
reason: "Database security posture management, auditing, and masking"
|
||||
|
||||
gotchas:
|
||||
- "TAC replay does not cover all operations — UTL_HTTP calls, DBMS_PIPE, NOCACHE sequences, and external interactions are not replayed"
|
||||
- "Auto-scaling takes 2-3 minutes to add OCPUs; plan base capacity for burst tolerance"
|
||||
- "Autonomous Data Guard standby is read-only; cannot run DML on standby"
|
||||
- "Switchover requires brief downtime; failover is automatic on primary failure"
|
||||
- "TAC requires JDBC Thin driver 18c+ or ODP.NET with TAC enabled in connection string"
|
||||
|
||||
cost_impact:
|
||||
- "Built-in local HA (TAC): no additional cost, included in ADB-S"
|
||||
- "Autonomous Data Guard standby: billed at same compute (OCPU/ECPU) rate as primary"
|
||||
- "Standby storage is additional and billed at standard ADB-S storage rates"
|
||||
- "Auto-scaling can increase OCPU cost up to 3x base during peaks"
|
||||
|
||||
sizing_rules:
|
||||
- "Standby must be same shape and OCPU/ECPU count as primary for seamless failover"
|
||||
- "Storage on standby mirrors primary automatically"
|
||||
- "Base OCPU count should handle normal workload without relying on auto-scaling for HA events"
|
||||
|
||||
references:
|
||||
- "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-data-guard.html"
|
||||
- "https://docs.oracle.com/en/cloud/paas/autonomous-database/serverless/adbsb/application-continuity-autonomous.html"
|
||||
76
kb/patterns/database-ha/active-data-guard.yaml
Normal file
76
kb/patterns/database-ha/active-data-guard.yaml
Normal file
@@ -0,0 +1,76 @@
|
||||
# Pattern: Active Data Guard HA/DR
|
||||
# Composable architecture block for Oracle Database high availability
|
||||
|
||||
pattern:
|
||||
name: "Active Data Guard"
|
||||
id: active_data_guard
|
||||
category: database-ha
|
||||
applies_to: [adb_s, adb_d, dbcs, exacs]
|
||||
|
||||
description: |
|
||||
Oracle Active Data Guard provides real-time data protection with a standby database
|
||||
that can be used for read-only queries, reporting, and backups while maintaining
|
||||
synchronous or asynchronous replication from the primary.
|
||||
|
||||
variants:
|
||||
- id: adg_same_region
|
||||
name: "Same-Region ADG (HA)"
|
||||
topology: "Primary + Standby in same region, different ADs or FDs"
|
||||
rpo: "0 (synchronous)"
|
||||
rto: "< 30 seconds (automatic failover with FSFO)"
|
||||
use_when:
|
||||
- "99.99% SLA requirement"
|
||||
- "Zero RPO mandatory"
|
||||
- "Read-only offload needed"
|
||||
|
||||
- id: adg_cross_region
|
||||
name: "Cross-Region ADG (DR)"
|
||||
topology: "Primary in Region A, Standby in Region B"
|
||||
rpo: "> 0 (asynchronous, typically seconds to minutes)"
|
||||
rto: "Minutes to 1 hour depending on automation"
|
||||
use_when:
|
||||
- "Regional disaster recovery required"
|
||||
- "RPO of seconds acceptable"
|
||||
- "Regulatory requirement for geo-separation"
|
||||
|
||||
- id: adg_hybrid
|
||||
name: "Same-Region HA + Cross-Region DR"
|
||||
topology: "Primary + Local Standby (sync) + Remote Standby (async)"
|
||||
rpo: "0 local, seconds remote"
|
||||
rto: "< 30s local, minutes remote"
|
||||
use_when:
|
||||
- "Maximum protection: HA + DR"
|
||||
- "Mission-critical workloads"
|
||||
|
||||
preconditions:
|
||||
- "Oracle Database Enterprise Edition with Active Data Guard option"
|
||||
- "BYOL: customer must have ADG license or ULA"
|
||||
- "License Included: ADG included with ADB-S, ExaCS EE-HP/EE-EP"
|
||||
- "For ADB-S: Autonomous Data Guard (managed, no manual config)"
|
||||
|
||||
implied_services:
|
||||
- service: data_guard
|
||||
- service: dns_traffic_management
|
||||
reason: "DNS failover for application connection string update"
|
||||
when: "cross_region"
|
||||
- service: oci_notifications
|
||||
reason: "Alert on failover events"
|
||||
|
||||
conflicts:
|
||||
- pattern: "backup_restore_only"
|
||||
reason: "ADG provides real-time replication; backup-restore is a subset"
|
||||
|
||||
cost_impact:
|
||||
- "Standby database incurs full compute + storage cost"
|
||||
- "For ADB-S: standby OCPUs billed at same rate"
|
||||
- "Cross-region: additional network egress for redo transport"
|
||||
- "BYOL: ADG license required (included in EE-EP)"
|
||||
|
||||
sizing_rules:
|
||||
- "Standby must be same shape/OCPU as primary for failover"
|
||||
- "For read-only offload: standby can handle ~80% of primary read capacity"
|
||||
- "Network bandwidth for redo: estimate 10-50 Mbps per 10K TPS (varies by workload)"
|
||||
|
||||
references:
|
||||
- "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-data-guard.html"
|
||||
- "https://docs.oracle.com/en/database/oracle/oracle-database/19/sbydb/"
|
||||
87
kb/patterns/database-ha/pattern.yaml
Normal file
87
kb/patterns/database-ha/pattern.yaml
Normal file
@@ -0,0 +1,87 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: Database High Availability
|
||||
category: database
|
||||
---
|
||||
|
||||
description: |
|
||||
Patterns for achieving high availability for Oracle databases on OCI.
|
||||
Covers ADB-S, ADB-D, ExaCS, and DBCS configurations.
|
||||
|
||||
patterns:
|
||||
adb_s_ha:
|
||||
name: "ADB-S Built-in HA"
|
||||
availability: "99.95% SLA"
|
||||
rto: "<30 seconds"
|
||||
rpo: "0 (synchronous)"
|
||||
components:
|
||||
- "ADB-S with Autonomous Data Guard (same-region)"
|
||||
- "Automatic failover enabled"
|
||||
- "No additional configuration needed"
|
||||
cost_impact: "2x OCPU cost (standby billed at same rate)"
|
||||
when_to_use:
|
||||
- "Standard HA requirement"
|
||||
- "Same-region protection sufficient"
|
||||
notes:
|
||||
- "Standby is provisioned automatically when ADG is enabled"
|
||||
- "Failover is transparent to applications using recommended connection strings"
|
||||
- "Switchover for planned maintenance is automatic"
|
||||
|
||||
adb_s_cross_region:
|
||||
name: "ADB-S Cross-Region ADG"
|
||||
availability: "99.95% SLA per region, survives region failure"
|
||||
rto: "<5 minutes (automatic), <30 minutes (manual)"
|
||||
rpo: "Seconds (asynchronous replication)"
|
||||
components:
|
||||
- "ADB-S primary in Region 1"
|
||||
- "ADB-S standby in Region 2 (cross-region ADG)"
|
||||
- "Optional: Refreshable clone in Region 2 for reporting"
|
||||
cost_impact: "2x OCPU + inter-region data transfer"
|
||||
when_to_use:
|
||||
- "Compliance requires geo-redundant DR"
|
||||
- "RTO < 30 minutes for region failure"
|
||||
- "Business-critical workloads"
|
||||
notes:
|
||||
- "Cross-region ADG is asynchronous — RPO is not zero"
|
||||
- "Automatic failover requires ADG Auto-Failover configuration"
|
||||
- "Test failover quarterly"
|
||||
|
||||
exacs_rac_ha:
|
||||
name: "ExaCS RAC High Availability"
|
||||
availability: "99.95%+ (RAC + Data Guard)"
|
||||
rto: "<60 seconds (RAC failover)"
|
||||
rpo: "0 (synchronous within RAC)"
|
||||
components:
|
||||
- "ExaCS with multi-node RAC"
|
||||
- "Data Guard to standby ExaCS (same or cross-region)"
|
||||
- "Fast-Start Failover (FSFO) with Observer"
|
||||
cost_impact: "2x infrastructure for Data Guard standby"
|
||||
when_to_use:
|
||||
- "Application requires RAC"
|
||||
- "Sub-minute RTO required"
|
||||
- "High-throughput OLTP workloads"
|
||||
|
||||
dbcs_ha:
|
||||
name: "DBCS 2-Node RAC + Data Guard"
|
||||
availability: "99.95%"
|
||||
rto: "<60 seconds (RAC), <5 minutes (Data Guard)"
|
||||
rpo: "0 (synchronous within region)"
|
||||
components:
|
||||
- "DBCS 2-node RAC (primary)"
|
||||
- "DBCS Data Guard standby"
|
||||
cost_impact: "3x compute (2 RAC + 1 DG standby)"
|
||||
when_to_use:
|
||||
- "Moderate workloads needing HA"
|
||||
- "Budget doesn't allow Exadata"
|
||||
|
||||
decision_tree: |
|
||||
Need HA for Oracle Database?
|
||||
├── Using ADB-S?
|
||||
│ ├── Same-region sufficient → Enable ADG (built-in)
|
||||
│ └── Cross-region required → Cross-region ADG
|
||||
├── Using ExaCS?
|
||||
│ ├── RAC for local HA
|
||||
│ └── Data Guard for DR (same or cross-region)
|
||||
└── Using DBCS?
|
||||
├── 2-node RAC for local HA
|
||||
└── Data Guard for DR
|
||||
678
kb/patterns/ecal-artefacts-catalog.yaml
Normal file
678
kb/patterns/ecal-artefacts-catalog.yaml
Normal file
@@ -0,0 +1,678 @@
|
||||
---
|
||||
last_verified: 2026-03-18
|
||||
pattern:
|
||||
id: ecal-artefacts-catalog
|
||||
name: "ECAL 3.1 Artefacts Catalog"
|
||||
category: governance
|
||||
---
|
||||
|
||||
description: >
|
||||
Complete catalog of ECAL 3.1 artefacts across all 9 steps.
|
||||
Each entry has: description, purpose, ECAL role, and whether
|
||||
the OCI Deal Accelerator skill can generate it. Source: ECAL 3.1
|
||||
Practitioners Guides (01-09).
|
||||
|
||||
# auto_generate: skill produces this artefact
|
||||
# assist: skill provides partial content or structure
|
||||
# reference: skill references this but customer/team produces it
|
||||
# out_of_scope: purely delivery/commercial, skill doesn't touch
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DEFINE PHASE
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
define:
|
||||
ideate:
|
||||
- id: "DEF-01"
|
||||
name: "Customer Profile"
|
||||
what: "Strategic business goals, Oracle footprint, industry analysis, competitor positioning"
|
||||
why: "Understand what drives the customer so the PoV resonates with their strategic goals"
|
||||
how: "Account team intel, annual reports, web research, Business Model Canvas"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can research public info and structure into profile template"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEF-02"
|
||||
name: "Strategy Map"
|
||||
what: "Customer goals → strategies → capabilities → enablers mapping"
|
||||
why: "Links Oracle products to business strategy. Arguably most important ECAL artefact"
|
||||
how: "Leverage Customer Profile, annual reports, Value Navigator"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can draft from discovery notes; needs customer validation"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEF-03"
|
||||
name: "Point of View (PoV)"
|
||||
what: "Hypothesis about customer need, business benefit, SMART-evaluated"
|
||||
why: "Go to customer with validated ideas that have significant business value"
|
||||
how: "Review Pattern Library, Sales Central, quantify with Business Case"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates as 'value hypothesis' in value-story.yaml"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEF-04"
|
||||
name: "Ideation Workshop"
|
||||
what: "Design Thinking workshop to formulate and validate PoV"
|
||||
why: "Ensure no bias, everyone thinking about customer needs"
|
||||
how: "Brainstorming, group discussion, NEXT/V2V methodology"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Skill can generate agenda and talking points"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEF-05"
|
||||
name: "Business Case"
|
||||
what: "Executive summary, drivers, recommended solution, benefits, timeline, risks"
|
||||
why: "Communicate business value of cloud adoption"
|
||||
how: "Use Value Navigator, work with customer on the model"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via business-case.yaml template + deck"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEF-06"
|
||||
name: "Value Story"
|
||||
what: "Compelling vision of the PoV and why customer should adopt it"
|
||||
why: "Continue discussion with customer, tailor the PoV"
|
||||
how: "External Ideation template, PowerPoint, demo, mockup"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via value-story.yaml template"
|
||||
customer_facing: true
|
||||
|
||||
validate:
|
||||
- id: "DEF-07"
|
||||
name: "Value Story Delivery"
|
||||
what: "Half-day workshop presenting the Value Story to customer"
|
||||
why: "Validate ideas with customer, do discovery through engagement"
|
||||
how: "Presentations, whiteboards, exercises — be creative"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can generate workshop deck and discussion guide"
|
||||
customer_facing: true
|
||||
|
||||
plan:
|
||||
- id: "DEF-08"
|
||||
name: "Joint Engagement Plan (JEP)"
|
||||
what: "Outline plan for Design phase: activities, resources, timeline, scope"
|
||||
why: "Customer must commit resources; cannot design in isolation"
|
||||
how: "Use ECAL template, be clear on scope and outcomes"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via joint-engagement-plan.yaml template"
|
||||
customer_facing: true
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DESIGN PHASE — CURRENT STEP
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
design:
|
||||
current:
|
||||
identify_constraints:
|
||||
- id: "DES-01"
|
||||
name: "Business Constraints"
|
||||
what: "Time, funding, legal, compliance, resource, technology constraints"
|
||||
why: "Constraints impact Future State Architecture, Roadmap, and Proposal"
|
||||
how: "Collect from customer via workshops or Constraints Questionnaire"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill captures in workload-profile.yaml constraints section"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DES-02"
|
||||
name: "Security Constraints"
|
||||
what: "Security requirements, GDPR, regulatory needs"
|
||||
why: "Security is major concern in cloud adoption"
|
||||
how: "Security checklist, assess need for Oracle Security team"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill flags compliance requirements from discovery notes"
|
||||
customer_facing: true
|
||||
|
||||
capture_current_state:
|
||||
- id: "DES-03"
|
||||
name: "Current State Process & Capability Map"
|
||||
what: "Business processes/capabilities currently in scope, single-slide view"
|
||||
why: "Shows Oracle understands customer business needs"
|
||||
how: "Cloud Notation Business Architecture, neutral language (no Oracle buzzwords)"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Business architecture — needs customer input"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-04"
|
||||
name: "Discovery Questionnaire"
|
||||
what: "Structured collection of customer IT landscape"
|
||||
why: "Build/understand current state, validate hypotheses"
|
||||
how: "Send template to customer or fill collaboratively"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via templates/discovery-questionnaire.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-05"
|
||||
name: "Current State Apps & Tech Portfolio"
|
||||
what: "Systems, assets, integrations, strategy per application"
|
||||
why: "Understand environment, build Current State Architecture"
|
||||
how: "Portfolio Assessment Workbook — Systems, Assets, Integrations tabs"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill structures from discovery questionnaire responses"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-06"
|
||||
name: "Security Baseline & Guidance"
|
||||
what: "Current security posture and requirements"
|
||||
why: "Baseline for designing security in future state"
|
||||
how: "Security team assessment"
|
||||
skill_support: "reference"
|
||||
skill_notes: "References kb/well-architected/security.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-07"
|
||||
name: "Operational RACI (Current)"
|
||||
what: "How customer currently runs operations — services, SLAs, responsibilities"
|
||||
why: "Understand current ops model to design future ops that fit"
|
||||
how: "Request operational definitions, frameworks (ITIL), service levels"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill maps to operational-raci.yaml models"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DES-08"
|
||||
name: "Prioritization Matrix"
|
||||
what: "Applications scored by criticality, fit, potential, risk"
|
||||
why: "Focus on highest-value, lowest-risk initiatives first"
|
||||
how: "Score each app on 5 criteria, weighted calculation"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates from discovery-questionnaire.yaml prioritization section"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-09"
|
||||
name: "Current State Architecture"
|
||||
what: "Architecture diagrams of current environment in scope"
|
||||
why: "Baseline for Future State Architecture"
|
||||
how: "Receive from customer or draw using Cloud Notation"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can generate .drawio from description"
|
||||
customer_facing: true
|
||||
|
||||
future:
|
||||
solution_design:
|
||||
- id: "DES-10"
|
||||
name: "Future State Process & Capability Map"
|
||||
what: "Business capabilities covered by proposed solution"
|
||||
why: "Shows Oracle understands and addresses customer needs"
|
||||
how: "Map capabilities to Oracle products, use Cloud Notation"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Business architecture — needs customer validation"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-11"
|
||||
name: "Future State Apps & Tech Portfolio"
|
||||
what: "Oracle/3rd party products mapped to business capabilities"
|
||||
why: "Bridges capability map to architecture"
|
||||
how: "List capabilities per product, show integration relationships"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can map from service selection"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-12"
|
||||
name: "Future State Architecture"
|
||||
what: "Application + Technology architecture diagrams"
|
||||
why: "Communicates solution vision internally and to customer"
|
||||
how: "Cloud Notation, review with ECAL team, iterate"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates .drawio via oci_diagram_gen.py"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-13"
|
||||
name: "Solution Roadmap"
|
||||
what: "Phased implementation plan by value/risk"
|
||||
why: "Complex solutions can't be delivered in one step"
|
||||
how: "Divide by criteria (org, region, risk), prioritize high-value/low-risk"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill includes roadmap slide in deck"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-14"
|
||||
name: "Extension Catalog"
|
||||
what: "Custom extensions beyond OOTB Oracle products"
|
||||
why: "Highlights gaps requiring custom development"
|
||||
how: "Identify missing capabilities, clarify implementation"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Customer-specific; skill flags potential gaps"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-15"
|
||||
name: "Integration Catalog"
|
||||
what: "All non-OOTB integrations with data flows, volumes, frequency"
|
||||
why: "Communicate integration effort and responsibility"
|
||||
how: "Map all inter-component data flows, include volumes"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can list integrations from architecture"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-16"
|
||||
name: "Information & BI Model"
|
||||
what: "Data flows, MDM, analytics architecture"
|
||||
why: "Document where data resides and how it's managed"
|
||||
how: "Data Ecosystem reference architecture, Cloud Notation"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Reference patterns in kb/patterns/"
|
||||
customer_facing: true
|
||||
|
||||
deployment_design:
|
||||
- id: "DES-17"
|
||||
name: "Datacentre Design"
|
||||
what: "Which services run in which region/DC for each environment"
|
||||
why: "Data locality, regulatory compliance, HA strategy"
|
||||
how: "Map components to OCI regions, include on-prem/multi-cloud"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill includes region mapping in architecture"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-18"
|
||||
name: "Lifecycle Management Design"
|
||||
what: "CI/CD, dev-to-prod automation, IaC approach"
|
||||
why: "Automation is critical for cloud operational success"
|
||||
how: "OCI DevOps, Terraform, Resource Manager"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill recommends IaC approach in deployment design"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-19"
|
||||
name: "Network Design"
|
||||
what: "Connectivity between DCs, within DCs, to users"
|
||||
why: "Well-defined networking is critical for solution success"
|
||||
how: "Cloud Notation, show gateways, protocols, public/private"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill includes networking in .drawio diagrams"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-20"
|
||||
name: "Identity & Access Design"
|
||||
what: "How users access the system, authentication, authorization"
|
||||
why: "IAM is critical non-functional requirement"
|
||||
how: "End-to-end identity across proposed and existing systems"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill recommends IAM approach from patterns"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-21"
|
||||
name: "Environment Catalog"
|
||||
what: "List of all environments: prod, dev, test, DR with sizing"
|
||||
why: "Understand total solution size for accurate BoM"
|
||||
how: "Discuss with team and customer, use environment-catalogue.yaml"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates from kb/patterns/environment-catalogue.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-22"
|
||||
name: "Recovery Model"
|
||||
what: "HA/DR architecture for different failure scenarios"
|
||||
why: "Customers need to understand business continuity"
|
||||
how: "Map RTO/RPO requirements to HA/DR patterns"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates from service-tiering.yaml + HA/DR patterns"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-23"
|
||||
name: "Management Design"
|
||||
what: "Monitoring tools, alerting, operations management"
|
||||
why: "Operational readiness is critical for customer confidence"
|
||||
how: "Map to OCI native tools or customer's existing tools"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill recommends monitoring stack in operations model"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-24"
|
||||
name: "Data Locality & Data Security"
|
||||
what: "Where controlled data resides, encryption, key management"
|
||||
why: "Data security is highest customer concern"
|
||||
how: "Map data locations, encryption methods, key management"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill flags data residency and encryption in architecture"
|
||||
customer_facing: true
|
||||
|
||||
transition_design:
|
||||
- id: "DES-25"
|
||||
name: "Implementation Plan"
|
||||
what: "Prioritized implementation/migration of capabilities"
|
||||
why: "Most organizations can't change architecture in one phase"
|
||||
how: "Implementation partner responsibility; SA validates compatibility"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill generates high-level migration plan slides"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-26"
|
||||
name: "Implementation RACI"
|
||||
what: "Who does what during implementation"
|
||||
why: "Clear roles prevent rework and delays"
|
||||
how: "High-level tasks with R/A/C/I per role"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill can draft from engagement-raci.yaml adopt section"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-27"
|
||||
name: "Provisioning Plan / Map"
|
||||
what: "How each component gets provisioned and brought into service"
|
||||
why: "Basis for actual provisioning of services"
|
||||
how: "Map BoM components to provisioning steps"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Delivery partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-28"
|
||||
name: "Adoption Plan"
|
||||
what: "How customer adopts the cloud service post-provisioning"
|
||||
why: "Ensure availability of resources and service levels"
|
||||
how: "Cloud Adoption Services (CAS), business readiness"
|
||||
skill_support: "reference"
|
||||
skill_notes: "CAS/delivery partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
service_design:
|
||||
- id: "DES-29"
|
||||
name: "Operational Services RACI"
|
||||
what: "Runtime responsibilities for operating/supporting the solution"
|
||||
why: "Clear ops responsibilities prevent go-live surprises"
|
||||
how: "Map to operational-raci.yaml models (fully/co/self managed)"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates from kb/patterns/operational-raci.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-30"
|
||||
name: "Operational Services Design"
|
||||
what: "9 categories of operational service model for running the solution"
|
||||
why: "Customer needs to know best practices for operating in cloud"
|
||||
how: "Use 9 Enduring Capabilities framework"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill generates operations model from template"
|
||||
customer_facing: true
|
||||
|
||||
demo_poc:
|
||||
- id: "DES-31"
|
||||
name: "PoC Joint Execution Plan"
|
||||
what: "Scope, approach, timeline, success criteria for PoC"
|
||||
why: "Structured PoC with bilateral commitment"
|
||||
how: "Define scope, test architectures, use cases, ground rules"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Customer-specific; skill can outline structure"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-32"
|
||||
name: "Demo / PoC Delivery"
|
||||
what: "Execution of demo or proof of concept"
|
||||
why: "Prove technical feasibility or address customer concerns"
|
||||
how: "Demo Central, Cloud Trials, custom PoC"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Execution activity, not a document"
|
||||
customer_facing: true
|
||||
|
||||
bom_sizing:
|
||||
- id: "DES-33"
|
||||
name: "Architecture Review"
|
||||
what: "Team review of all architecture artefacts before BoM"
|
||||
why: "Ensure team alignment on proposed solution"
|
||||
how: "Review meeting with complete account team"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill runs WA validation via validate-architecture.py"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DES-34"
|
||||
name: "Bill of Materials & Sizing"
|
||||
what: "All pricing and sizing for each solution component"
|
||||
why: "Summarizes all software/hardware/service costs"
|
||||
how: "Map from Future State Architecture + sizing model"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates cost estimate from kb/pricing/ + kb/sizing/"
|
||||
customer_facing: true
|
||||
|
||||
confirm:
|
||||
- id: "DES-35"
|
||||
name: "Solution Proposal"
|
||||
what: "High-impact customer presentation of the proposed solution"
|
||||
why: "Enable customer to decide whether to proceed to Deliver"
|
||||
how: "Collect all designs, simplify, merge with business drivers"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates .pptx deck via oci_deck_gen.py"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-36"
|
||||
name: "Partner / Services Proposal"
|
||||
what: "Implementation + operational services cost estimate"
|
||||
why: "Complete solution = products + implementation + operations"
|
||||
how: "Work with OC/ACS/partners based on Design artefacts"
|
||||
skill_support: "reference"
|
||||
skill_notes: "OC/ACS/partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-37"
|
||||
name: "RFx Response"
|
||||
what: "Formal response to customer RFI/RFQ/RFP"
|
||||
why: "Formal stage in customer buying cycle"
|
||||
how: "Qualify, plan, manage response, QA, submit"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Sales/BD responsibility; skill provides technical content"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DES-38"
|
||||
name: "Commercial Agreement"
|
||||
what: "Commercial terms: cloud credits, BYOL, ELA, pricing"
|
||||
why: "Customer needs to understand costs to proceed"
|
||||
how: "Sales/CSM use BoM to produce commercial terms"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Sales responsibility"
|
||||
customer_facing: true
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DELIVER PHASE
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
deliver:
|
||||
adopt:
|
||||
establish_governance:
|
||||
- id: "DEL-01"
|
||||
name: "Architecture Governance"
|
||||
what: "Compliance review process for projects vs. enterprise architecture"
|
||||
why: "Ensure original vision is realized during implementation"
|
||||
how: "Regular meetings, architecture compliance checklists"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Implementation team responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-02"
|
||||
name: "Operating Model"
|
||||
what: "How existing processes/tools change for the new solution"
|
||||
why: "Without agreed model, risk of project failure"
|
||||
how: "Assess org capabilities using Operational Service RACI/Design"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via templates/operations-model.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-03"
|
||||
name: "Business Transition Plan"
|
||||
what: "Managing business change and readiness for go-live"
|
||||
why: "Business must change processes/org to realize value"
|
||||
how: "Analysis of business strategy, process standardization"
|
||||
skill_support: "reference"
|
||||
skill_notes: "CAS/delivery partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-04"
|
||||
name: "Training & Communication Plan"
|
||||
what: "End-user training strategy and project communication"
|
||||
why: "Effective communication is difference between success and failure"
|
||||
how: "Review Adoption Plan, determine training delivery method"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Delivery partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
manage_project:
|
||||
- id: "DEL-05"
|
||||
name: "Project Governance"
|
||||
what: "Oversight framework: steering committee, change control, escalation"
|
||||
why: "Key elements that make a project successful"
|
||||
how: "Define governance structure, reporting, risk management"
|
||||
skill_support: "reference"
|
||||
skill_notes: "PM responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-06"
|
||||
name: "Project Plan"
|
||||
what: "Detailed steps with timelines for deployment"
|
||||
why: "Identify critical path, stick to timelines"
|
||||
how: "Detailed iteration of high-level Implementation Plan"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Implementation partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-07"
|
||||
name: "Project Delivery"
|
||||
what: "Execute the project per plan and governance"
|
||||
why: "Correctly mobilising prevents delays"
|
||||
how: "Onboard team, enable, kick off, deliver"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Execution activity"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-08"
|
||||
name: "Signoff & Close"
|
||||
what: "Validate and sign off all elements of solution"
|
||||
why: "Formal confirmation before moving to production"
|
||||
how: "Confirm configs, integrations, data migrations complete"
|
||||
skill_support: "reference"
|
||||
skill_notes: "PM responsibility"
|
||||
customer_facing: true
|
||||
|
||||
customer_adoption:
|
||||
- id: "DEL-09"
|
||||
name: "Contracts & Policy Review"
|
||||
what: "Review all agreements associated with the project"
|
||||
why: "Incomplete understanding puts project at risk"
|
||||
how: "Review with customer, note risks"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Legal/commercial responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-10"
|
||||
name: "Readiness Assessment"
|
||||
what: "Ensure project team has right skills and assets"
|
||||
why: "Lack of tools/docs/processes becomes obstacle"
|
||||
how: "Review requirements, define readiness assets"
|
||||
skill_support: "reference"
|
||||
skill_notes: "PM responsibility"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-11"
|
||||
name: "Configuration & Customization"
|
||||
what: "Build the solution: configs, customizations, integrations"
|
||||
why: "Build per agreed architecture and deployment design"
|
||||
how: "Delivery partner method (e.g., TCM)"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Delivery team execution"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-12"
|
||||
name: "Security Build"
|
||||
what: "Final review and build of security configuration"
|
||||
why: "Confirm solution built per Identity & Access Design"
|
||||
how: "Delivery partner method"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Delivery team execution"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-13"
|
||||
name: "Data Migration"
|
||||
what: "Extract, load, validate data from source to target"
|
||||
why: "Confirm data migrates correctly and safely"
|
||||
how: "DMS, GoldenGate, Data Pump, RMAN, ZDM"
|
||||
skill_support: "assist"
|
||||
skill_notes: "Skill recommends migration tools in architecture"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-14"
|
||||
name: "Validation & Testing"
|
||||
what: "Business process validation and technical testing"
|
||||
why: "Confirm solution ready for production"
|
||||
how: "Process playback, final validation, sign-off"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Delivery team + customer execution"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-15"
|
||||
name: "Business Enablement"
|
||||
what: "End-user training delivery"
|
||||
why: "Users must be effective with new solution"
|
||||
how: "Per Training Plan, Oracle University"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Training team responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-16"
|
||||
name: "Go-Live & Hypercare"
|
||||
what: "Cutover to production + intensive post-go-live support"
|
||||
why: "Reduce risk and provide better customer experience"
|
||||
how: "Support, data integrity, availability monitoring"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates go-live-checklist.yaml"
|
||||
customer_facing: true
|
||||
|
||||
operate:
|
||||
- id: "DEL-17"
|
||||
name: "Cloud Operating Framework"
|
||||
what: "Detailed 52-week operational plan based on Operating Model"
|
||||
why: "Cloud operations very different from on-premise"
|
||||
how: "Create plan covering all 9 operational capability areas"
|
||||
skill_support: "reference"
|
||||
skill_notes: "ACS/delivery partner responsibility"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-18"
|
||||
name: "OCI Operationalization Framework"
|
||||
what: "5-milestone methodology for deploying workloads to OCI"
|
||||
why: "Blueprint for operationalizing OCI quickly"
|
||||
how: "Preparation → Conceptual Arch → Physical Arch → Operations → Workloads"
|
||||
skill_support: "reference"
|
||||
skill_notes: "NAC framework; skill aligns architecture with milestones"
|
||||
customer_facing: true
|
||||
|
||||
improve:
|
||||
- id: "DEL-19"
|
||||
name: "Retrospective"
|
||||
what: "Team review: what worked, what didn't, what to improve"
|
||||
why: "Key ECAL principle: learn fast, capture feedback"
|
||||
how: "3-4 hour meeting, inspect → identify → output actions"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via templates/lessons-learned.yaml"
|
||||
customer_facing: false
|
||||
|
||||
- id: "DEL-20"
|
||||
name: "Value Realization"
|
||||
what: "Post-implementation review against Business Case metrics"
|
||||
why: "Validate if benefits were actually realized"
|
||||
how: "Formal or informal review of adoption, impact, benefits"
|
||||
skill_support: "auto_generate"
|
||||
skill_notes: "Skill generates via templates/success-criteria.yaml"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-21"
|
||||
name: "Customer Success Story"
|
||||
what: "Single-slide summary: who, challenge, approach, value"
|
||||
why: "Share success with wider community and other customers"
|
||||
how: "Collect from Business Case, build storyline with customer"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Account team responsibility; skill can structure"
|
||||
customer_facing: true
|
||||
|
||||
- id: "DEL-22"
|
||||
name: "Improvement Actions"
|
||||
what: "Consolidated improvement plan from operations insights"
|
||||
why: "Continuous improvement, may lead back to new DEFINE cycle"
|
||||
how: "Consolidate actions, discuss with customer PM, track"
|
||||
skill_support: "reference"
|
||||
skill_notes: "Feeds back into DEFINE for next engagement"
|
||||
customer_facing: true
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# SUMMARY STATS
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
summary:
|
||||
total_artefacts: 60
|
||||
auto_generate: 16 # skill produces complete artefact
|
||||
assist: 14 # skill provides partial content
|
||||
reference: 30 # skill references but team produces
|
||||
define_phase: 8
|
||||
design_phase: 38
|
||||
deliver_phase: 22
|
||||
916
kb/patterns/engagement-raci.yaml
Normal file
916
kb/patterns/engagement-raci.yaml
Normal file
@@ -0,0 +1,916 @@
|
||||
---
|
||||
last_verified: 2026-03-18
|
||||
pattern:
|
||||
id: engagement-raci
|
||||
name: "ECAL Engagement RACI"
|
||||
category: governance
|
||||
---
|
||||
|
||||
description: >
|
||||
Defines who is Responsible, Accountable, Consulted, and Informed for each
|
||||
ECAL artefact during the engagement lifecycle. This is the PROCESS RACI
|
||||
(who does what during pre-sales), not the operational RACI (who runs
|
||||
the solution post-go-live). Source: ECAL 3.1 Practitioners Guides.
|
||||
|
||||
roles:
|
||||
EA: "Enterprise Architect"
|
||||
SE: "Solution Engineer"
|
||||
BA: "Business Architect"
|
||||
CS: "Customer Success"
|
||||
DA: "Deployment Architect"
|
||||
VC: "Value Consulting"
|
||||
Sales: "Sales"
|
||||
MS: "Managed Services"
|
||||
CloudOps: "Cloud Operations"
|
||||
Customer: "Customer"
|
||||
|
||||
raci_definitions:
|
||||
R: "Responsible — executes and delivers the artefact"
|
||||
A: "Accountable — signs off, owns the outcome (max one per artefact)"
|
||||
C: "Consulted — contributes expertise, reviewed before completion"
|
||||
I: "Informed — notified of the result"
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DEFINE PHASE
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
define:
|
||||
|
||||
ideate:
|
||||
step_purpose: >
|
||||
Understand the customer situation and propose a potential solution
|
||||
(value story) that resonates with their business drivers.
|
||||
artefacts:
|
||||
- name: "Customer Profile"
|
||||
EA: "A/R"
|
||||
SE: "R"
|
||||
BA: "C"
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "I"
|
||||
- name: "Strategy Map"
|
||||
EA: "C"
|
||||
SE: "R/A"
|
||||
BA: "I"
|
||||
CS: "I"
|
||||
DA: "I"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: ""
|
||||
- name: "Point of View"
|
||||
EA: "A/R"
|
||||
SE: "R"
|
||||
BA: "C"
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: ""
|
||||
- name: "Ideation Workshop"
|
||||
EA: "C"
|
||||
SE: "A/R"
|
||||
BA: "C"
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "R"
|
||||
- name: "Business Case"
|
||||
# Roles filled during Ideate are minimal; revisited in Confirm
|
||||
EA: ""
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: ""
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: ""
|
||||
Customer: ""
|
||||
- name: "Value Story"
|
||||
EA: "A/R"
|
||||
SE: "R"
|
||||
BA: "C"
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: ""
|
||||
|
||||
validate:
|
||||
step_purpose: >
|
||||
Present the Point of View to the customer and validate the ideas.
|
||||
Assess impact and customer willingness to investigate a solution.
|
||||
artefacts:
|
||||
- name: "Value Story Delivery"
|
||||
EA: "A/R"
|
||||
SE: "R"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "R"
|
||||
Customer: "R"
|
||||
|
||||
plan:
|
||||
step_purpose: >
|
||||
Once the PoV is validated, plan the Design phase activities,
|
||||
resources, and timeline as a joint plan with the customer.
|
||||
artefacts:
|
||||
- name: "Joint Engagement Plan"
|
||||
EA: "A/R"
|
||||
SE: "C"
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "R"
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DESIGN PHASE
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
design:
|
||||
|
||||
current:
|
||||
step_purpose: >
|
||||
Understand the customer's context: current architecture, business
|
||||
processes, constraints, and priorities relevant to the engagement.
|
||||
artefacts:
|
||||
- name: "Business Constraints"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "I"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Security Constraints"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "C"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Current State Process & Capability Map"
|
||||
EA: "R/A"
|
||||
SE: "R"
|
||||
BA: "C"
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: "C"
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "R/C"
|
||||
- name: "Discovery Questionnaire"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "R"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "R/C"
|
||||
- name: "Current State Apps & Tech Portfolio"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "I"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "R/C"
|
||||
- name: "Operational RACI (Current)"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: "C"
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: "C"
|
||||
MS: ""
|
||||
CloudOps: ""
|
||||
Customer: "R/C"
|
||||
- name: "Prioritization Matrix"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "I"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Current State Architecture"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "I"
|
||||
Sales: "C"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: ""
|
||||
|
||||
future:
|
||||
step_purpose: >
|
||||
Create the overall solution: architecture, deployment design,
|
||||
transition plan, service design, sizing, and BoM.
|
||||
|
||||
solution_design:
|
||||
- name: "Future State Process & Capability Map"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Future State Apps & Tech Portfolio"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Future State Architecture"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Solution Roadmap"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Extension Catalog"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Integration Catalog"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Information & BI Model"
|
||||
EA: "R/A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
|
||||
deployment_design:
|
||||
- name: "Deployment Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: "I"
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Datacentre Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Lifecycle Management Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Network Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Identity & Access Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Environment Catalog"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Recovery Model"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Management Design"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Data Locality & Data Security"
|
||||
EA: "R/A"
|
||||
SE: ""
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
|
||||
transition_design:
|
||||
- name: "Implementation Plan"
|
||||
EA: "A"
|
||||
SE: "C"
|
||||
BA: ""
|
||||
CS: "I"
|
||||
DA: "R/C"
|
||||
VC: ""
|
||||
Sales: "C"
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Implementation RACI"
|
||||
EA: "A"
|
||||
SE: "C"
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: "R"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Provisioning Plan / Map"
|
||||
EA: "A"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "R"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Adoption Plan"
|
||||
EA: "A"
|
||||
SE: "C"
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: "R"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
|
||||
service_design:
|
||||
- name: "Operational Services RACI"
|
||||
EA: "A"
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: ""
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
- name: "Operational Services Design"
|
||||
EA: "A"
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: ""
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "C"
|
||||
CloudOps: "I"
|
||||
Customer: "C"
|
||||
|
||||
demo_poc:
|
||||
- name: "PoC Joint Execution Plan"
|
||||
EA: "A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "I"
|
||||
- name: "Demo / PoC Delivery"
|
||||
EA: "A"
|
||||
SE: ""
|
||||
BA: "R"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "I"
|
||||
|
||||
bom_sizing:
|
||||
- name: "Architecture Review"
|
||||
EA: "C/I"
|
||||
SE: ""
|
||||
BA: "C/R"
|
||||
CS: ""
|
||||
DA: "C/I"
|
||||
VC: ""
|
||||
Sales: "C/I"
|
||||
MS: ""
|
||||
CloudOps: "R/A"
|
||||
Customer: ""
|
||||
- name: "Bill of Materials & Sizing"
|
||||
EA: "C/I"
|
||||
SE: ""
|
||||
BA: "C/R"
|
||||
CS: ""
|
||||
DA: "C/I"
|
||||
VC: ""
|
||||
Sales: "C/I"
|
||||
MS: ""
|
||||
CloudOps: "R/A"
|
||||
Customer: ""
|
||||
|
||||
confirm:
|
||||
step_purpose: >
|
||||
Assemble design work into a high-impact Solution Proposal that
|
||||
enables the customer to validate and decide to proceed.
|
||||
artefacts:
|
||||
- name: "Solution Proposal"
|
||||
EA: "A/R"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: "C"
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "I"
|
||||
- name: "Partner / Services Proposal"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: "A/R"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "C"
|
||||
- name: "RFx Response"
|
||||
EA: "C"
|
||||
SE: "C"
|
||||
BA: "A/R/C"
|
||||
CS: "I"
|
||||
DA: ""
|
||||
VC: ""
|
||||
Sales: ""
|
||||
MS: ""
|
||||
CloudOps: "C"
|
||||
Customer: "I"
|
||||
- name: "Commercial Agreement"
|
||||
EA: "C"
|
||||
SE: "C"
|
||||
BA: "C"
|
||||
CS: ""
|
||||
DA: "C"
|
||||
VC: ""
|
||||
Sales: "C"
|
||||
MS: ""
|
||||
CloudOps: "A/R"
|
||||
Customer: "R"
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# DELIVER PHASE
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
deliver:
|
||||
|
||||
adopt:
|
||||
step_purpose: >
|
||||
Transition from proposed architecture to implementation.
|
||||
Pre-sales → delivery handover without rework.
|
||||
|
||||
establish_governance:
|
||||
- name: "Architecture Governance"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Operating Model"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Business Transition Plan"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Training & Communication Plan"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
|
||||
manage_project:
|
||||
- name: "Project Governance"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Project Plan"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Project Delivery"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Signoff & Close"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
|
||||
customer_adoption:
|
||||
- name: "Contracts & Policy Review"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Readiness Assessment"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Configuration & Customization"
|
||||
EA: "A/R"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Security Build"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Data Migration"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Validation & Testing"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Business Enablement"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
- name: "Go-Live & Hypercare"
|
||||
EA: "C"
|
||||
SE: ""
|
||||
BA: "I"
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: "R/C/I"
|
||||
Sales: "R"
|
||||
MS: "I"
|
||||
CloudOps: ""
|
||||
Customer: "R"
|
||||
|
||||
operate:
|
||||
step_purpose: >
|
||||
Solution is live. Operational capabilities from the Operating Model
|
||||
are performed to retain vitality. Business outcome reporting active.
|
||||
artefacts:
|
||||
- name: "Cloud Operating Framework"
|
||||
EA: ""
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: "I"
|
||||
DA: "R"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "R"
|
||||
CloudOps: ""
|
||||
Customer: "R/A"
|
||||
- name: "OCI Operationalization Framework"
|
||||
EA: ""
|
||||
SE: ""
|
||||
BA: ""
|
||||
CS: ""
|
||||
DA: "R/A"
|
||||
VC: ""
|
||||
Sales: "R/C"
|
||||
MS: ""
|
||||
CloudOps: ""
|
||||
Customer: "C/I"
|
||||
|
||||
improve:
|
||||
step_purpose: >
|
||||
Capture learnings, validate value delivery, identify next
|
||||
hypothesis to tackle. Feed improvements back into ECAL.
|
||||
artefacts:
|
||||
- name: "Retrospective"
|
||||
EA: "C/I"
|
||||
SE: "C/I"
|
||||
BA: ""
|
||||
CS: "R"
|
||||
DA: "R/A"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "R"
|
||||
CloudOps: ""
|
||||
Customer: "C"
|
||||
- name: "Value Realization"
|
||||
EA: "C/I"
|
||||
SE: "C/I"
|
||||
BA: ""
|
||||
CS: "R"
|
||||
DA: "R/A"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "R"
|
||||
CloudOps: ""
|
||||
Customer: "C"
|
||||
- name: "Customer Success Story"
|
||||
EA: "C/I"
|
||||
SE: "C/I"
|
||||
BA: ""
|
||||
CS: "R"
|
||||
DA: "R/A"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "R"
|
||||
CloudOps: ""
|
||||
Customer: "C"
|
||||
- name: "Improvement Actions"
|
||||
EA: "C/I"
|
||||
SE: "C/I"
|
||||
BA: ""
|
||||
CS: "R/A"
|
||||
DA: "R"
|
||||
VC: ""
|
||||
Sales: "R"
|
||||
MS: "R"
|
||||
CloudOps: ""
|
||||
Customer: "C"
|
||||
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
# LESSONS LEARNED PER STEP (from ECAL Practitioners Guides)
|
||||
# ═══════════════════════════════════════════════════════════════
|
||||
|
||||
lessons_learned:
|
||||
|
||||
define:
|
||||
- "Listen to the customer and also to each other"
|
||||
- "Don't defend your Point of View to the customer, listen for ideas"
|
||||
- "Understand what the customer is saying"
|
||||
- "Make Point of View SMART: Specific, Measurable, Attainable, Relevant, Time-based"
|
||||
- "Think carefully about whether it's right to proceed"
|
||||
- "Do you have a senior customer sponsor that will support you?"
|
||||
|
||||
current:
|
||||
- "Frame the problem — don't gather requirements"
|
||||
- "Capture current state in terms of people, process and technology"
|
||||
- "Be collaborative with the customer and share everything"
|
||||
- "Use whatever works — try top down and bottom up"
|
||||
- "Understand the business context, business drivers and desired outcomes"
|
||||
- "Be very clear about the scope — which systems are in and out"
|
||||
|
||||
future:
|
||||
- "Always look for a quick win for the customer"
|
||||
- "The operational model is just as important as the architecture"
|
||||
- "Don't forget non-production environments"
|
||||
- "Security and data locality must be understood early, don't leave it too late"
|
||||
|
||||
confirm:
|
||||
- "Propositions must be SMART in a customer context"
|
||||
- "Ensure you have evidence to support all positions"
|
||||
- "The Roadmap must be achievable"
|
||||
- "Think about the person you are presenting to — what does it mean for them"
|
||||
- "Quality of the presentation is very important — it must look professional"
|
||||
|
||||
adopt:
|
||||
- "Look for a Minimum Viable Product (or service) that delivers real customer benefits early"
|
||||
- "Incremental delivery phases should maximize customer value per the roadmap"
|
||||
- "Always consider how to help the customer with adoption and ownership"
|
||||
- "Architecture artifacts are constantly refined as more is learned during Deliver"
|
||||
|
||||
improve:
|
||||
- "Leverage any opportunity to capture a successful outcome as a customer story"
|
||||
- "Look back at every project for opportunities to improve"
|
||||
- "Keep in touch with the customer and track how the project is going"
|
||||
- "Share your learning with your team"
|
||||
- "Feed back suggested improvements to the ECAL process"
|
||||
48
kb/patterns/environment-catalogue.yaml
Normal file
48
kb/patterns/environment-catalogue.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
---
|
||||
last_verified: 2026-03-16
|
||||
pattern:
|
||||
id: environment-catalogue
|
||||
name: "Environment Catalogue"
|
||||
category: operations
|
||||
---
|
||||
|
||||
description: >
|
||||
Defines the standard environments for each workload tier. The skill
|
||||
generates the catalogue from the workload profile by expanding each
|
||||
database into its required environments based on tier.
|
||||
|
||||
environment_templates:
|
||||
|
||||
platinum:
|
||||
environments:
|
||||
- { env: "Production", sizing: "full", isolation: "dedicated CDB, dedicated infra", ha: "RAC + ADG sync" }
|
||||
- { env: "Pre-Production", sizing: "75% of prod", isolation: "dedicated CDB", ha: "optional RAC" }
|
||||
- { env: "Dev/Test", sizing: "25% of prod", isolation: "shared CDB OK", ha: "none" }
|
||||
- { env: "DR", sizing: "100% of prod", isolation: "same as prod", ha: "sync ADG or GG active-active" }
|
||||
|
||||
gold:
|
||||
environments:
|
||||
- { env: "Production", sizing: "full", isolation: "dedicated CDB, private endpoint", ha: "TAC + ADG local" }
|
||||
- { env: "Pre-Production", sizing: "50% of prod", isolation: "refreshable clone OK", ha: "none" }
|
||||
- { env: "Dev/Test", sizing: "25% of prod", isolation: "full clone, auto-stop nights", ha: "none" }
|
||||
- { env: "DR", sizing: "100% of prod", isolation: "cross-region ADG", ha: "async ADG" }
|
||||
|
||||
silver:
|
||||
environments:
|
||||
- { env: "Production", sizing: "full", isolation: "shared CDB OK", ha: "single instance" }
|
||||
- { env: "Pre-Production", sizing: "50% of prod", isolation: "refreshable clone", ha: "none" }
|
||||
- { env: "Dev/Test", sizing: "25% of prod", isolation: "full clone, auto-stop", ha: "none" }
|
||||
- { env: "DR", sizing: "N/A", isolation: "backup to Object Storage", ha: "restore from backup" }
|
||||
|
||||
bronze:
|
||||
environments:
|
||||
- { env: "Production", sizing: "full", isolation: "shared CDB, oversubscribed OK", ha: "none" }
|
||||
- { env: "Dev/Test", sizing: "same as prod", isolation: "shared CDB", ha: "none" }
|
||||
- { env: "DR", sizing: "N/A", isolation: "DB export only", ha: "restore from export" }
|
||||
|
||||
cost_optimization_rules:
|
||||
- "Pre-Prod: use Refreshable Clones when read-only testing is sufficient"
|
||||
- "Dev/Test: auto-stop weeknights (7PM-7AM) + weekends = ~65% savings"
|
||||
- "Dev/Test: use minimum OCPU (1-2), no auto-scaling"
|
||||
- "DR standby: consider pilot light (Terraform on-demand) for Silver/Bronze"
|
||||
- "Bronze DR: DB export to Object Storage is cheapest, no standby OCPU"
|
||||
98
kb/patterns/networking-basic.yaml
Normal file
98
kb/patterns/networking-basic.yaml
Normal file
@@ -0,0 +1,98 @@
|
||||
# Pattern: Basic VCN Networking
|
||||
# Composable architecture block for single-VCN 3-tier network layout
|
||||
|
||||
pattern:
|
||||
name: "Basic VCN Networking"
|
||||
id: networking_basic
|
||||
category: networking
|
||||
|
||||
description: |
|
||||
Single VCN with a 3-tier subnet layout providing public, application, and data
|
||||
tiers. Suitable for standalone workloads, small-to-medium deployments, and as a
|
||||
starting point before evolving to hub-spoke topology. Public subnet hosts load
|
||||
balancers and bastion, private app subnet hosts compute/containers, and private
|
||||
data subnet hosts databases and storage.
|
||||
|
||||
topology:
|
||||
vcn:
|
||||
cidr: "10.0.0.0/16"
|
||||
dns_label: "vcnmain"
|
||||
subnets:
|
||||
- name: "Public Subnet"
|
||||
cidr: "10.0.0.0/24"
|
||||
type: public
|
||||
purpose: "Load balancers, bastion host, WAF endpoints"
|
||||
usable_ips: 251
|
||||
- name: "App Private Subnet"
|
||||
cidr: "10.0.1.0/24"
|
||||
type: private
|
||||
purpose: "Compute instances, OKE worker nodes, application servers"
|
||||
usable_ips: 251
|
||||
- name: "Data Private Subnet"
|
||||
cidr: "10.0.2.0/24"
|
||||
type: private
|
||||
purpose: "Databases (ADB-S, DBCS), file storage, object storage private endpoints"
|
||||
usable_ips: 251
|
||||
|
||||
components:
|
||||
- name: "VCN"
|
||||
purpose: "Virtual Cloud Network — isolated network boundary"
|
||||
- name: "Public Subnet"
|
||||
purpose: "Internet-facing resources (LBaaS, Bastion)"
|
||||
- name: "App Private Subnet"
|
||||
purpose: "Application tier — no direct internet access"
|
||||
- name: "Data Private Subnet"
|
||||
purpose: "Database tier — no direct internet access"
|
||||
- name: "Internet Gateway (IGW)"
|
||||
purpose: "Inbound and outbound internet access for public subnet"
|
||||
- name: "NAT Gateway"
|
||||
purpose: "Outbound-only internet access for private subnets (patches, APIs)"
|
||||
- name: "Service Gateway"
|
||||
purpose: "Private access to OCI services (Object Storage, ADB-S) without internet"
|
||||
- name: "Route Tables"
|
||||
purpose: "Per-subnet routing rules for IGW, NAT GW, and Service GW"
|
||||
- name: "Network Security Groups (NSGs)"
|
||||
purpose: "Stateful firewall rules applied per VNIC for fine-grained access control"
|
||||
|
||||
preconditions:
|
||||
- "Compartment created for the workload"
|
||||
- "CIDR ranges planned and non-overlapping with other VCNs or on-premises networks"
|
||||
- "Region and availability domain selected"
|
||||
|
||||
implied_services:
|
||||
- service: igw
|
||||
reason: "Internet access for public subnet resources"
|
||||
- service: nat_gateway
|
||||
reason: "Outbound internet for private subnets without exposing inbound"
|
||||
- service: service_gateway
|
||||
reason: "Private connectivity to OCI services (Object Storage, Autonomous DB)"
|
||||
|
||||
design_rules:
|
||||
- "Place application and database resources in private subnets — never expose directly to internet"
|
||||
- "Use Network Security Groups (NSGs) instead of Security Lists for per-resource granularity"
|
||||
- "Use Service Gateway for all OCI service access to avoid internet routing and egress costs"
|
||||
- "Assign one route table per subnet for clarity and maintainability"
|
||||
- "Use DNS hostnames within the VCN for service discovery"
|
||||
- "Enable VCN Flow Logs on all subnets for security auditing"
|
||||
- "Place load balancers in the public subnet; backends in the app private subnet"
|
||||
|
||||
gotchas:
|
||||
- "VCN CIDR blocks are immutable after creation — plan address space carefully before provisioning"
|
||||
- "NSG rules are limited to 120 rules per NSG (60 ingress + 60 egress by default)"
|
||||
- "Security Lists are stateful by default but have a 5-tuple limit; prefer NSGs for complex rule sets"
|
||||
- "NAT Gateway is regional and supports up to 20 Gbps; may need multiple for high-throughput workloads"
|
||||
- "Service Gateway only routes to OCI services — not a general-purpose private link"
|
||||
- "Subnet size cannot be changed after creation; plan for growth"
|
||||
- "Default security list allows all egress; tighten for production"
|
||||
|
||||
cost_impact:
|
||||
- "VCN: free (no charge for the VCN itself)"
|
||||
- "Subnets: free"
|
||||
- "Internet Gateway: free"
|
||||
- "NAT Gateway: per-hour charge + per-GB data processing"
|
||||
- "Service Gateway: free"
|
||||
- "VCN Flow Logs: charged via Logging service ingestion rates"
|
||||
|
||||
references:
|
||||
- "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/overview.htm"
|
||||
- "https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/bestpractices.htm"
|
||||
86
kb/patterns/networking-hub-spoke/hub-spoke-drg.yaml
Normal file
86
kb/patterns/networking-hub-spoke/hub-spoke-drg.yaml
Normal file
@@ -0,0 +1,86 @@
|
||||
# Pattern: Hub-Spoke Network Topology via DRG
|
||||
# Composable architecture block for enterprise networking
|
||||
|
||||
pattern:
|
||||
name: "Hub-Spoke Network via DRG"
|
||||
id: hub_spoke_drg
|
||||
category: networking
|
||||
|
||||
description: |
|
||||
Hub-spoke topology using OCI Dynamic Routing Gateway (DRG) v2 as the central
|
||||
routing hub. Spoke VCNs attach to the DRG for inter-VCN routing, on-premises
|
||||
connectivity (FastConnect/VPN), and centralized security inspection.
|
||||
|
||||
topology:
|
||||
hub:
|
||||
components:
|
||||
- "DRG (Dynamic Routing Gateway) — central router"
|
||||
- "Hub VCN (optional) — for shared services, Network Firewall, Bastion"
|
||||
- "Service Gateway — OCI service access without internet"
|
||||
- "NAT Gateway — outbound internet for private subnets"
|
||||
- "Network Firewall (optional) — deep packet inspection, IDS/IPS"
|
||||
spokes:
|
||||
components:
|
||||
- "Spoke VCN per workload/environment"
|
||||
- "VCN attachment to DRG"
|
||||
- "Route table on DRG attachment for traffic steering"
|
||||
|
||||
use_when:
|
||||
- "Multiple workloads or environments needing isolation"
|
||||
- "On-premises connectivity via FastConnect or VPN"
|
||||
- "Centralized security inspection required"
|
||||
- "Shared services (Bastion, DNS, NTP) across workloads"
|
||||
- "Enterprise landing zone deployment"
|
||||
|
||||
when_not_to_use:
|
||||
- "Single VCN deployment (no need for hub-spoke complexity)"
|
||||
- "< 3 VCNs and no on-prem connectivity"
|
||||
- "POC or dev-only environment"
|
||||
|
||||
preconditions:
|
||||
- "DRG v2 (default in all regions)"
|
||||
- "Non-overlapping CIDR ranges across VCNs"
|
||||
- "Sufficient IP address planning"
|
||||
|
||||
implied_services:
|
||||
- service: drg
|
||||
reason: "Central routing hub"
|
||||
- service: vcn
|
||||
reason: "Hub and spoke VCNs"
|
||||
- service: service_gateway
|
||||
reason: "OCI service access"
|
||||
- service: nat_gateway
|
||||
reason: "Outbound internet for private subnets"
|
||||
- service: route_tables
|
||||
reason: "Traffic steering via DRG attachments"
|
||||
|
||||
optional_services:
|
||||
- service: network_firewall
|
||||
when: "Deep packet inspection, IDS/IPS required"
|
||||
placement: "Hub VCN, inline between DRG and spokes"
|
||||
- service: fastconnect
|
||||
when: "On-premises connectivity"
|
||||
- service: vpn
|
||||
when: "Backup connectivity or lower-cost option"
|
||||
|
||||
conflicts:
|
||||
- pattern: "local_peering"
|
||||
reason: "DRG replaces local peering for inter-VCN routing. Don't mix both."
|
||||
|
||||
cidr_guidance:
|
||||
- "Use /16 per VCN for growth headroom"
|
||||
- "Use /24 per subnet (251 usable IPs)"
|
||||
- "Reserve /8 or /12 supernet for all OCI CIDRs"
|
||||
- "Avoid overlapping with on-prem ranges"
|
||||
- "Example: 10.0.0.0/16 (hub), 10.1.0.0/16 (spoke 1), 10.2.0.0/16 (spoke 2)"
|
||||
|
||||
cost_impact:
|
||||
- "DRG: free (no charge for the gateway itself)"
|
||||
- "VCN peering via DRG: no data transfer charges within same region"
|
||||
- "Cross-region via DRG: data transfer charges apply"
|
||||
- "Network Firewall: per-hour + per-GB processing"
|
||||
- "FastConnect: port fee + data transfer (inbound free)"
|
||||
|
||||
references:
|
||||
- "https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingDRGs.htm"
|
||||
- "https://docs.oracle.com/en/solutions/hub-spoke-network-drg/"
|
||||
72
kb/patterns/networking-hub-spoke/pattern.yaml
Normal file
72
kb/patterns/networking-hub-spoke/pattern.yaml
Normal file
@@ -0,0 +1,72 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: Hub-and-Spoke Networking
|
||||
category: networking
|
||||
---
|
||||
|
||||
description: |
|
||||
Hub-and-spoke VCN topology for enterprise OCI deployments.
|
||||
Centralizes shared services (firewalls, DNS, connectivity) in a hub VCN
|
||||
with spoke VCNs for workloads.
|
||||
|
||||
architecture:
|
||||
hub_vcn:
|
||||
purpose: "Shared services, connectivity, security inspection"
|
||||
components:
|
||||
- "DRG (Dynamic Routing Gateway)"
|
||||
- "Network Firewall (optional)"
|
||||
- "DNS resolver"
|
||||
- "FastConnect / VPN termination"
|
||||
- "Bastion service"
|
||||
- "Management subnet"
|
||||
cidr_example: "10.0.0.0/16"
|
||||
|
||||
spoke_vcns:
|
||||
purpose: "Workload isolation"
|
||||
examples:
|
||||
- name: "Production"
|
||||
cidr: "10.1.0.0/16"
|
||||
subnets:
|
||||
- "Public subnet (LB): 10.1.0.0/24"
|
||||
- "Private subnet (App): 10.1.1.0/24"
|
||||
- "Private subnet (DB): 10.1.2.0/24"
|
||||
- name: "Non-Production"
|
||||
cidr: "10.2.0.0/16"
|
||||
- name: "DMZ"
|
||||
cidr: "10.3.0.0/16"
|
||||
|
||||
connectivity:
|
||||
hub_to_spoke: "VCN attachments via DRG"
|
||||
spoke_to_spoke: "Transit routing through DRG (no direct peering needed)"
|
||||
on_prem: "FastConnect or VPN to DRG in hub"
|
||||
|
||||
when_to_use:
|
||||
- "Multiple environments (prod, non-prod, DMZ)"
|
||||
- "Centralized connectivity to on-prem"
|
||||
- "Security inspection required between workloads"
|
||||
- "Shared services (DNS, NTP, monitoring) across workloads"
|
||||
|
||||
when_NOT_to_use:
|
||||
- "Single-VCN deployments"
|
||||
- "Simple architectures with 1-2 workloads"
|
||||
|
||||
ip_planning:
|
||||
recommendation: |
|
||||
Plan CIDR ranges before deployment. Overlapping CIDRs prevent peering.
|
||||
Use /16 for VCNs, /24 for subnets. Reserve ranges for future growth.
|
||||
example_scheme:
|
||||
hub: "10.0.0.0/16"
|
||||
production: "10.1.0.0/16"
|
||||
non_production: "10.2.0.0/16"
|
||||
dmz: "10.3.0.0/16"
|
||||
dr_region: "10.128.0.0/9"
|
||||
|
||||
gotchas:
|
||||
- id: HUB-001
|
||||
issue: "DRG route table limits"
|
||||
impact: "Max 200 route rules per DRG route table"
|
||||
recommendation: "Aggregate routes where possible, plan for scale"
|
||||
- id: HUB-002
|
||||
issue: "Network Firewall throughput"
|
||||
impact: "Inspect all traffic adds latency and cost"
|
||||
recommendation: "Only inspect north-south and selected east-west traffic"
|
||||
70
kb/patterns/operational-raci.yaml
Normal file
70
kb/patterns/operational-raci.yaml
Normal file
@@ -0,0 +1,70 @@
|
||||
---
|
||||
last_verified: 2026-03-16
|
||||
pattern:
|
||||
id: operational-raci
|
||||
name: "Operational RACI Matrix"
|
||||
category: operations
|
||||
---
|
||||
|
||||
description: >
|
||||
Defines responsibilities across customer and Oracle/partner teams for
|
||||
ongoing operations. R=Responsible (does the work), A=Accountable (owns
|
||||
the outcome), C=Consulted, I=Informed. Generated from the engagement
|
||||
model (fully managed, co-managed, or self-managed).
|
||||
|
||||
# Three operational models — the skill selects based on discovery
|
||||
models:
|
||||
|
||||
fully_managed:
|
||||
description: "Oracle/partner manages everything. Customer consumes DB as a service."
|
||||
trigger: "Customer says 'DBA-less', 'no DBA team', 'fully managed', or team_skills is low"
|
||||
raci:
|
||||
- { activity: "DB provisioning", customer: "I", oracle: "R/A" }
|
||||
- { activity: "DB patching & upgrades", customer: "I", oracle: "R/A" }
|
||||
- { activity: "Backup & recovery", customer: "I", oracle: "R/A" }
|
||||
- { activity: "Performance monitoring", customer: "I", oracle: "R/A" }
|
||||
- { activity: "Performance tuning", customer: "C", oracle: "R/A" }
|
||||
- { activity: "Security configuration", customer: "A", oracle: "R" }
|
||||
- { activity: "Access control (IAM)", customer: "R/A", oracle: "C" }
|
||||
- { activity: "Data Safe / audit review", customer: "A", oracle: "R" }
|
||||
- { activity: "Incident response (DB)", customer: "I", oracle: "R/A" }
|
||||
- { activity: "Incident response (app)", customer: "R/A", oracle: "C" }
|
||||
- { activity: "Capacity planning", customer: "C", oracle: "R/A" }
|
||||
- { activity: "DR testing", customer: "A", oracle: "R" }
|
||||
- { activity: "Schema changes", customer: "R/A", oracle: "I" }
|
||||
- { activity: "App deployment", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Network changes", customer: "R/A", oracle: "C" }
|
||||
- { activity: "Cost optimization review", customer: "A", oracle: "R" }
|
||||
- { activity: "Oracle SR escalation", customer: "C", oracle: "R/A" }
|
||||
- { activity: "Compliance reporting", customer: "A", oracle: "R" }
|
||||
|
||||
co_managed:
|
||||
description: "Customer has DBAs but wants Oracle/partner for complex ops."
|
||||
trigger: "Customer says 'we have DBAs but no cloud experience', or team exists but is small"
|
||||
raci:
|
||||
- { activity: "DB provisioning", customer: "R", oracle: "C" }
|
||||
- { activity: "DB patching & upgrades", customer: "R", oracle: "C" }
|
||||
- { activity: "Backup & recovery", customer: "R/A", oracle: "C" }
|
||||
- { activity: "Performance monitoring", customer: "R", oracle: "I" }
|
||||
- { activity: "Performance tuning", customer: "R", oracle: "C" }
|
||||
- { activity: "Security configuration", customer: "R/A", oracle: "C" }
|
||||
- { activity: "Access control (IAM)", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Incident response (DB)", customer: "R", oracle: "C" }
|
||||
- { activity: "Incident response (app)", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Capacity planning", customer: "R", oracle: "C" }
|
||||
- { activity: "DR testing", customer: "R", oracle: "C" }
|
||||
- { activity: "Schema changes", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Oracle SR escalation", customer: "R", oracle: "C" }
|
||||
|
||||
self_managed:
|
||||
description: "Customer manages everything. Oracle provides platform only."
|
||||
trigger: "Customer has strong DBA team with cloud experience, or explicitly says 'we manage'"
|
||||
raci:
|
||||
- { activity: "DB provisioning", customer: "R/A", oracle: "I" }
|
||||
- { activity: "DB patching & upgrades", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Backup & recovery", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Performance monitoring", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Security configuration", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Incident response", customer: "R/A", oracle: "I" }
|
||||
- { activity: "DR testing", customer: "R/A", oracle: "I" }
|
||||
- { activity: "Oracle SR escalation", customer: "R/A", oracle: "C" }
|
||||
64
kb/patterns/security-baseline/cis-baseline.yaml
Normal file
64
kb/patterns/security-baseline/cis-baseline.yaml
Normal file
@@ -0,0 +1,64 @@
|
||||
# Pattern: CIS Security Baseline
|
||||
# Composable architecture block for security foundation
|
||||
|
||||
pattern:
|
||||
name: "CIS OCI Security Baseline"
|
||||
id: cis_baseline
|
||||
category: security
|
||||
|
||||
description: |
|
||||
Security baseline aligned with CIS Oracle Cloud Infrastructure Foundations
|
||||
Benchmark. Provides IAM, network, encryption, monitoring, and governance
|
||||
controls as a foundation for all OCI deployments.
|
||||
|
||||
always_include: true
|
||||
applies_to: "all_workloads"
|
||||
|
||||
controls:
|
||||
identity:
|
||||
- "Least-privilege IAM policies per compartment"
|
||||
- "MFA for all human users"
|
||||
- "Break-glass admin account (not used for daily ops)"
|
||||
- "Instance principals for service-to-service auth"
|
||||
- "Federation with customer IdP (AD, Okta, SAML)"
|
||||
- "No API keys stored in code or config files"
|
||||
|
||||
compartments:
|
||||
- "Hierarchical compartment structure by workload/environment"
|
||||
- "Network, Security, AppDev, Database compartments at minimum"
|
||||
- "Defined tags for cost tracking, environment, owner"
|
||||
|
||||
networking:
|
||||
- "NSGs preferred over Security Lists"
|
||||
- "No SSH from 0.0.0.0/0 — use Bastion Service"
|
||||
- "Service Gateway for OCI service access"
|
||||
- "VCN Flow Logs enabled"
|
||||
- "WAF on all internet-facing endpoints"
|
||||
|
||||
encryption:
|
||||
- "OCI Vault for customer-managed keys"
|
||||
- "TDE with customer-managed keys for databases"
|
||||
- "Encryption at rest for all storage services"
|
||||
- "TLS on all load balancers"
|
||||
|
||||
monitoring:
|
||||
- "Cloud Guard enabled with detector recipes"
|
||||
- "OCI Audit with 365-day retention"
|
||||
- "Vulnerability Scanning for compute instances"
|
||||
- "Security Zones for production compartments"
|
||||
|
||||
governance:
|
||||
- "Budgets and cost alerts per compartment"
|
||||
- "Notification topics for security events"
|
||||
- "Tagging enforcement via tag defaults"
|
||||
|
||||
implied_services:
|
||||
- cloud_guard
|
||||
- oci_vault
|
||||
- bastion
|
||||
- vulnerability_scanning
|
||||
- notifications
|
||||
|
||||
references:
|
||||
- "https://www.cisecurity.org/benchmark/oracle_cloud"
|
||||
- "https://github.com/oracle-quickstart/oci-cis-landingzone-quickstart"
|
||||
96
kb/patterns/security-baseline/pattern.yaml
Normal file
96
kb/patterns/security-baseline/pattern.yaml
Normal file
@@ -0,0 +1,96 @@
|
||||
---
|
||||
last_verified: 2026-03-14
|
||||
pattern: Security Baseline
|
||||
category: security
|
||||
---
|
||||
|
||||
description: |
|
||||
Minimum security configuration for any OCI deployment. Covers IAM,
|
||||
networking, encryption, monitoring, and compliance foundations.
|
||||
|
||||
layers:
|
||||
identity:
|
||||
name: "Identity & Access Management"
|
||||
requirements:
|
||||
- item: "MFA for all users"
|
||||
implementation: "Enable MFA in IAM, enforce via policy"
|
||||
priority: critical
|
||||
- item: "Least-privilege policies"
|
||||
implementation: "Use compartments + IAM policies, avoid broad allow statements"
|
||||
priority: critical
|
||||
- item: "No API keys for production"
|
||||
implementation: "Use instance principals or resource principals"
|
||||
priority: high
|
||||
- item: "Federated identity"
|
||||
implementation: "SAML/OIDC federation with corporate IdP"
|
||||
priority: high
|
||||
- item: "Break-glass procedure"
|
||||
implementation: "Documented emergency access with MFA-protected tenancy admin"
|
||||
priority: high
|
||||
|
||||
network:
|
||||
name: "Network Security"
|
||||
requirements:
|
||||
- item: "Private subnets for all workloads"
|
||||
implementation: "Only load balancers and bastion in public subnets"
|
||||
priority: critical
|
||||
- item: "NSGs over security lists"
|
||||
implementation: "Granular VNIC-level firewall rules"
|
||||
priority: high
|
||||
- item: "Service Gateway for OCI services"
|
||||
implementation: "Private path to Object Storage, ADB, etc."
|
||||
priority: high
|
||||
- item: "WAF for public-facing applications"
|
||||
implementation: "OCI WAF with OWASP rule sets"
|
||||
priority: high
|
||||
- item: "No public IPs on databases"
|
||||
implementation: "Use private endpoints, Bastion for admin access"
|
||||
priority: critical
|
||||
|
||||
encryption:
|
||||
name: "Encryption"
|
||||
requirements:
|
||||
- item: "Encryption at rest (default)"
|
||||
implementation: "OCI encrypts all data at rest by default (Oracle-managed keys)"
|
||||
priority: critical
|
||||
- item: "Customer-managed keys for sensitive data"
|
||||
implementation: "OCI Vault with HSM-backed keys"
|
||||
priority: high
|
||||
- item: "TLS 1.2+ for all connections"
|
||||
implementation: "Enforce in load balancer, database, API configurations"
|
||||
priority: critical
|
||||
- item: "TDE for databases"
|
||||
implementation: "Enabled by default on ADB, configure on DBCS/ExaCS"
|
||||
priority: critical
|
||||
|
||||
monitoring:
|
||||
name: "Monitoring & Audit"
|
||||
requirements:
|
||||
- item: "Audit logging enabled"
|
||||
implementation: "OCI Audit service (enabled by default, 365-day retention)"
|
||||
priority: critical
|
||||
- item: "Cloud Guard enabled"
|
||||
implementation: "Detect misconfigurations and threats"
|
||||
priority: high
|
||||
- item: "VCN Flow Logs"
|
||||
implementation: "Enable on critical subnets for network forensics"
|
||||
priority: medium
|
||||
- item: "Alarms for security events"
|
||||
implementation: "Monitoring alarms + Notifications for critical events"
|
||||
priority: high
|
||||
- item: "Data Safe for databases"
|
||||
implementation: "Security assessment, user assessment, data masking"
|
||||
priority: high
|
||||
|
||||
compute:
|
||||
name: "Compute Security"
|
||||
requirements:
|
||||
- item: "OS Management for patching"
|
||||
implementation: "OCI OS Management service for automated patching"
|
||||
priority: high
|
||||
- item: "Bastion service for SSH"
|
||||
implementation: "No direct SSH from internet, use OCI Bastion"
|
||||
priority: critical
|
||||
- item: "Instance metadata v2"
|
||||
implementation: "Disable v1 to prevent SSRF attacks"
|
||||
priority: high
|
||||
106
kb/patterns/service-tiering.yaml
Normal file
106
kb/patterns/service-tiering.yaml
Normal file
@@ -0,0 +1,106 @@
|
||||
---
|
||||
last_verified: 2026-03-16
|
||||
pattern:
|
||||
id: service-tiering
|
||||
name: "Database Service Tiering Model"
|
||||
category: operations
|
||||
---
|
||||
|
||||
description: >
|
||||
Maps customer workloads to standardized service tiers based on business
|
||||
criticality, availability requirements, and compliance needs. Each tier
|
||||
defines the HA/DR topology, support model, backup strategy, and operational
|
||||
responsibilities. Derived from Oracle's ECAL transformational framework.
|
||||
|
||||
tiers:
|
||||
|
||||
platinum:
|
||||
label: "Platinum"
|
||||
description: "Mission-critical, zero tolerance for downtime"
|
||||
example_workloads: ["Core banking", "Payment processing", "Trading systems", "Telco network"]
|
||||
sla:
|
||||
uptime: "99.999%"
|
||||
rto: "0 (near-zero with TAC + RAC)"
|
||||
rpo: "0 (synchronous replication)"
|
||||
planned_downtime: "0 (even for upgrades — edition-based redefinition)"
|
||||
support: "24x7, 10 min response"
|
||||
architecture:
|
||||
ha: "RAC (multi-node) + TAC/AC"
|
||||
dr: "Synchronous ADG + GoldenGate active-active (optional)"
|
||||
backup: "ZDLRA or Autonomous Recovery Service, continuous"
|
||||
isolation: "Full physical isolation — dedicated CDB, dedicated infrastructure"
|
||||
encryption: "TDE + DB Vault + Key Vault + SQL*Net encryption"
|
||||
oci_mapping:
|
||||
primary: "ExaCS or ADB-D (for RAC + full control)"
|
||||
alternative: "ADB-S only if application is TAC-compatible and RPO=0 is met by local ADG"
|
||||
cost_impact: "Highest — dedicated infra, dual-site, 24x7 support"
|
||||
|
||||
gold:
|
||||
label: "Gold"
|
||||
description: "Business-critical, tolerable brief outage"
|
||||
example_workloads: ["CRM", "ERP", "eCommerce", "Risk analytics"]
|
||||
sla:
|
||||
uptime: "99.99%"
|
||||
rto: "1-4 hours"
|
||||
rpo: "5-15 minutes"
|
||||
planned_downtime: "4x 4hr/year maintenance windows"
|
||||
support: "24x7, 4 hour response"
|
||||
architecture:
|
||||
ha: "TAC + local ADG (auto-failover)"
|
||||
dr: "Asynchronous cross-region ADG"
|
||||
backup: "Autonomous Recovery Service, incremental forever"
|
||||
isolation: "Dedicated CDB (dedicated home), instance caged (not oversubscribed)"
|
||||
encryption: "TDE + Key Vault"
|
||||
oci_mapping:
|
||||
primary: "ADB-S Serverless (with TAC + ADG)"
|
||||
alternative: "ExaCS if RAC explicitly needed or >128 OCPU sustained"
|
||||
cost_impact: "High — primary + standby OCPU cost, cross-region DR"
|
||||
|
||||
silver:
|
||||
label: "Silver"
|
||||
description: "Important but recoverable from backup"
|
||||
example_workloads: ["HR systems", "Financials", "Internal portals", "Reporting"]
|
||||
sla:
|
||||
uptime: "99.5%"
|
||||
rto: "1 day"
|
||||
rpo: "1 day"
|
||||
planned_downtime: "4x 4hr/year maintenance windows"
|
||||
support: "24x7, 8 hour response"
|
||||
architecture:
|
||||
ha: "Single instance or RAC optional"
|
||||
dr: "Offsite backup only — no real-time replication"
|
||||
backup: "Automated daily backup, 30-day retention"
|
||||
isolation: "Shared CDB (shared binaries) acceptable"
|
||||
encryption: "TDE recommended, DB Vault optional"
|
||||
oci_mapping:
|
||||
primary: "ADB-S Serverless (no ADG needed)"
|
||||
alternative: "Base DB Service for legacy compatibility"
|
||||
cost_impact: "Medium — no standby cost, shared infrastructure"
|
||||
|
||||
bronze:
|
||||
label: "Bronze"
|
||||
description: "Non-critical, best-effort recovery"
|
||||
example_workloads: ["Dev/Test", "Room booking", "Internal tools", "Sandbox"]
|
||||
sla:
|
||||
uptime: "98%"
|
||||
rto: "Best effort"
|
||||
rpo: "Best effort"
|
||||
planned_downtime: "Flexible"
|
||||
support: "Business hours, 2 day response"
|
||||
architecture:
|
||||
ha: "None — single instance"
|
||||
dr: "Database export or backup to Object Storage"
|
||||
backup: "Weekly backup, 7-day retention"
|
||||
isolation: "Shared CDB, oversubscribed OK"
|
||||
encryption: "TDE optional"
|
||||
oci_mapping:
|
||||
primary: "ADB-S Serverless (minimum OCPU, auto-scaling off)"
|
||||
alternative: "VM DB Standard Edition for cost"
|
||||
cost_impact: "Lowest — minimal resources, no redundancy"
|
||||
|
||||
auto_assignment_rules:
|
||||
- "If customer says '99.99%' or 'zero downtime' → Platinum or Gold (ask which)"
|
||||
- "If customer says 'PCI' or 'banking regulations' → minimum Gold"
|
||||
- "If workload type is 'dev/test' → Bronze unless explicitly stated otherwise"
|
||||
- "If customer says 'reporting' or 'read-only' → Silver unless SLA says otherwise"
|
||||
- "If no SLA stated → assign Silver and flag for confirmation"
|
||||
Reference in New Issue
Block a user