The diagram path now follows a documented standard procedure (lookup the closest Oracle Architecture Center reference → confirm components → author absolute_layout → spec validator → render → visually verify) and ships persistent guardrails so layout regressions can't recur. Persistent procedure changes (apply to all users, all sessions): - tools/diagram_spec_validator.py — geometry checks (CONTAINER_TOO_THIN, CONTAINER_PADDING_VIOLATION, LABEL_OVERFLOW_PARENT) run BEFORE either renderer (drawio + PPTX). Catches the subnet-collapse / label-overflow bugs that the post-render drawio validator missed. - tools/oci_diagram_gen.py + tools/oci_pptx_diagram_gen.py — call the spec validator before emitting any output. Adds mysql / mysql_heatwave type aliases. - tools/archcenter_pattern_lookup.py — scores against cached page descriptions (not just the 1-line summary), supports --queries for multi-fragment composition, and applies synonym expansion via kb/architecture-center/synonyms.yaml so "LB HA cross AD" matches "load balancer high availability availability domain". - kb/architecture-center/synonyms.yaml — canonical synonym table (load balancer, autonomous database, data guard, …) used by the lookup scorer. KB enrichment: - tools/archcenter_description_fetcher.py + 121 cached _description.md under kb/diagram/assets/archcenter-refs/<slug>/. Removes the runtime dependency on docs.oracle.com when authoring specs and feeds the pattern-lookup scorer. - 110+ cached .drawio / .svg / .png references for offline reuse, plus the OCI Toolkit v24.2 import (kb/diagram/assets/oci-toolkit-drawio). Documentation: - docs/skill/output-formats.md — new "Standard diagram-generation procedure (MANDATORY)" + geometry rules + the new validator entry. - SKILL.md option 2 — references the mandatory procedure. - README.md — describes the spec validator, archcenter_pattern_lookup and description fetcher, and updates the KB-health table. Tooling that backs the procedure (cumulative across recent sessions): tools/archcenter_case_runner.py, archcenter_batch_driver.py, archcenter_zip_downloader.py, drawio_visual_validator.py, drawio_fidelity_eval.py, harvest_drawio_icon.py, import_oci_library.py, oci_pptx_diagram_gen.py, oci_pptx_render.py, refresh_pptx_icon_index.py. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.9 KiB
Incorporate Cyber-Resilience Capabilities Into Your OCI Tenancy
- Source: https://docs.oracle.com/en/solutions/oci-tenancy-cyber-resilience-architecture/index.html
- Date: 2025-08
- Type: reference-architecture
- Services: cloud-guard, vault, data-safe
- Tags: security
Summary (catalog)
Cyber-resilience architecture for OCI tenancies. Immutable backups, isolated recovery environments, threat detection with Cloud Guard, and database activity monitoring with Data Safe.
Architecture (fetched from source)
Learn About Cyber Resilient Architectures that Protect Data from Ransomware
Previous Next JavaScript must be enabled to correctly display this content
Learn About Cyber Resilient Architectures that Protect Data from Ransomware
Ransomware attacks are among the most egregious cybercrimes facing businesses today. They can disrupt operations, damage your reputation, and lead to escalating recovery and remediation costs.
Ransomware is an advanced form of malware that uses complex algorithms to encrypt your data and lock you out of your systems. Threat actors demand a ransom—usually in cryptocurrency to protect their identity—in exchange for a decryption key to restore access.
Modern ransomware attacks often use a double extortion method: not only is your data encrypted, but it is also exfiltrated, with attackers threatening to publicly release it if you do not pay.
In this solution playbook, you learn about Cybersecurity measures to "Protect and Detect" your environment, and Cyber Resilience strategies to "Respond and Recover" your data from ransomware.
About the NIST Cybersecurity Framework
The NIST cybersecurity framework which calls out defensive best practices centered around the security continuum and the CIA (Confidentiality, Integrity, and Availability) Triad, and is best described using the following:
-
Protect : Prevent a threat to either data confidentiality, integrity, or availability.
-
Detect : Detect anomalous activity that may be construed as evidence of attempted and/or successful malicious activity.
-
Respond : Address, deter, and counteract a successful compromise.
-
Recover : Assume that the compromise has occurred and use mechanisms to restore an environment to a known good state.
About the Cyber Triad
In the early days of cybersecurity, the focus was primarily on preventing attackers from entering networks. However, as threats became more sophisticated with the rise of advanced viruses and malware, it became clear that prevention alone was not enough. In addition to prevention strategies, detection techniques were introduced to identify and flag attackers that breached the firewall.
Today's antivirus and malware solutions can't keep up. Attackers increasingly make their way into the internal networks where they sit dormant, move laterally, and orchestrate sophisticated ransomware attacks.
Description of the illustration oci-cyber-triad-venn-diagram.png
To avoid being a victim of extortion, supply chain disruptions, and operational shutdowns that often accompany ransomware breaches, Oracle recommends that your cloud architecture addresses the cyber triad:
-
Cybersecurity
-
Cyber resilience
-
Disaster recovery
By considering all three aspects of the cyber triad, your organization will be well positioned to recover from ransomware while meeting your organization's RTO (Recovery Time Objective) and RPO (Recovery Point Objective) requirements.
While enhancing your OCI environment security, retain focus on the core security fundamentals and disaster recovery methods to ensure availability of your workloads. For example, if you replicate data that has been compromised, your recovery site will be affected in the same way as your primary site and does not address the problem of preventing deletion, encryption or modification by threat actors.
Designing a cyber resilient architecture protects your backups and ensures that you determine if a threat actor modified, deleted, or tampered with the data before restoring it.
Bringing together the cyber triad, traditional security measures, and disaster recovery helps you ensure cyber resilience and better prepare your organization to recover from ransomware.
Note: High availability and disaster recovery are important parts of your architecture, but they are outside the scope of this solution playbook.
Ask the Architect
Replay the Ask the Architect episode:
The following lists the various points (mins:secs) in the video where these topics begin:
-
00:00 - Opening
-
02:54 - Introducing the Cyber Triad
-
10:00 - Enclaves and Cyber Resilient Architecture (CRA)
-
17:31 - Understanding Cybersecurity Pillar
-
25:00 - Understanding Cyber Resilience - Concepts and Controls
-
38:15 - Oracle Database Zero Data Loss Autonomous Recovery Service - details and demo
-
44:26 - Demo of the CRA Terraform stack for Unstructured Data
-
49:34 - Summary
Before You Begin
Before you can begin setting up cybersecurity, deploy the foundational Core Landing Zone using the Deploy a secure landing zone that meets the CIS OCI Foundations Benchmark reference architecture.
Review these related resources:
-
OCI IAM
Overview of security best practices in OCI tenancy blog
Oracle Database Cloud Best Practices
OCI Zero-Trust Security Model site
OCI Core Landing Zone documentation
Title and Copyright Information
Incorporate cyber resilience capabilities into your OCI tenancy
F85043-05
August 2025
Copyright © 2023,2025,
Oracle and/or its affiliates.