Files
oci-deal-accelerator/kb/diagram/assets/archcenter-refs/secure-db-azure/_description.md
root b30a4f0d32 Diagram generation: ref-arch-driven procedure + spec validator + KB enrichment
The diagram path now follows a documented standard procedure (lookup
the closest Oracle Architecture Center reference → confirm components
→ author absolute_layout → spec validator → render → visually verify)
and ships persistent guardrails so layout regressions can't recur.

Persistent procedure changes (apply to all users, all sessions):
- tools/diagram_spec_validator.py — geometry checks (CONTAINER_TOO_THIN,
  CONTAINER_PADDING_VIOLATION, LABEL_OVERFLOW_PARENT) run BEFORE either
  renderer (drawio + PPTX). Catches the subnet-collapse / label-overflow
  bugs that the post-render drawio validator missed.
- tools/oci_diagram_gen.py + tools/oci_pptx_diagram_gen.py — call the
  spec validator before emitting any output. Adds mysql / mysql_heatwave
  type aliases.
- tools/archcenter_pattern_lookup.py — scores against cached page
  descriptions (not just the 1-line summary), supports --queries for
  multi-fragment composition, and applies synonym expansion via
  kb/architecture-center/synonyms.yaml so "LB HA cross AD" matches
  "load balancer high availability availability domain".
- kb/architecture-center/synonyms.yaml — canonical synonym table
  (load balancer, autonomous database, data guard, …) used by the
  lookup scorer.

KB enrichment:
- tools/archcenter_description_fetcher.py + 121 cached _description.md
  under kb/diagram/assets/archcenter-refs/<slug>/. Removes the runtime
  dependency on docs.oracle.com when authoring specs and feeds the
  pattern-lookup scorer.
- 110+ cached .drawio / .svg / .png references for offline reuse,
  plus the OCI Toolkit v24.2 import (kb/diagram/assets/oci-toolkit-drawio).

Documentation:
- docs/skill/output-formats.md — new "Standard diagram-generation
  procedure (MANDATORY)" + geometry rules + the new validator entry.
- SKILL.md option 2 — references the mandatory procedure.
- README.md — describes the spec validator, archcenter_pattern_lookup
  and description fetcher, and updates the KB-health table.

Tooling that backs the procedure (cumulative across recent sessions):
tools/archcenter_case_runner.py, archcenter_batch_driver.py,
archcenter_zip_downloader.py, drawio_visual_validator.py,
drawio_fidelity_eval.py, harvest_drawio_icon.py, import_oci_library.py,
oci_pptx_diagram_gen.py, oci_pptx_render.py, refresh_pptx_icon_index.py.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 21:15:21 -03:00

3.8 KiB

Build a secure multicloud architecture for Oracle Database@Azure

Summary (catalog)

Security architecture for Database@Azure. Covers data encryption with OCI Vault, database activity monitoring with Data Safe, threat detection with Cloud Guard, and network security with NSGs.

Architecture (fetched from source)

About Building a Secure Multicloud Architecture for Oracle Database@Azure

Previous Next JavaScript must be enabled to correctly display this content

About Building a Secure Multicloud Architecture for Oracle Database@Azure

You want to ensure that your data is always protected from accidental or malicious exposure, regardless of where your database is being deployed.

Successfully securing this data requires an understanding of the various attack vectors, as well as the tools and services available to you on the relevant cloud platform.

Whether you run Oracle databases on Oracle Cloud Infrastructure or other cloud service providers such as Microsoft Azure, Google Cloud Platform, Amazon Web Services, Oracle provides a robust set of security tools that allow administrators to prevent, detect and respond to security threats, both inside and outside of your organization.

Oracle Autonomous Database Serverless @ Azure includes access to many security features and options.

All Oracle Autonomous Database Serverless databases are encrypted by default using Transparent Data Encryption (TDE). This safeguards your data at rest in the database and prevents bypass attacks on this data such as attempts to access the data by using the underlying file system without any attempt to authenticate or have the necessary database privileges to access the data.

Encryption keys should be stored and managed separately from the database. With Oracle Autonomous Database Serverless @ Azure, this can be achieved by integrating your database with Azure Key Vault.

Oracle Database Vault implements powerful security controls for your database. These unique security controls restrict access to application data by privileged database users, reducing the risk of insider and outside threats and addressing common compliance requirements.

Oracle Data Safe , which is included with Autonomous Database , provides a unified control center that helps you manage the day-to-day security and compliance requirements of Oracle databases. Oracle Data Safe helps you to evaluate security controls, assess user security, monitor user activity, mitigate risk from compromised accounts, and address data security compliance requirements for your database. Oracle Data Safe does this by employing:

  • Security assessment

  • User assessment

  • Activity auditing

  • Sensitive data discovery

  • Data masking

A final consideration is to centralize database user authentication and authorization by integrating your database with Entra ID.

The remainder of this playbook will show how each of these available features and services helps you to be confident that your data is adequately secured in a public cloud platform.

Replay the Webinar

Replay the webinar about building a secure multicloud architecture for Oracle Database@Azure :

Title and Copyright Information

Build a secure multicloud architecture for Oracle Database@Azure

G36548-01

June 2025

Copyright © 2025,

Oracle and/or its affiliates.