Diagram generation: ref-arch-driven procedure + spec validator + KB enrichment

The diagram path now follows a documented standard procedure (lookup
the closest Oracle Architecture Center reference → confirm components
→ author absolute_layout → spec validator → render → visually verify)
and ships persistent guardrails so layout regressions can't recur.

Persistent procedure changes (apply to all users, all sessions):
- tools/diagram_spec_validator.py — geometry checks (CONTAINER_TOO_THIN,
  CONTAINER_PADDING_VIOLATION, LABEL_OVERFLOW_PARENT) run BEFORE either
  renderer (drawio + PPTX). Catches the subnet-collapse / label-overflow
  bugs that the post-render drawio validator missed.
- tools/oci_diagram_gen.py + tools/oci_pptx_diagram_gen.py — call the
  spec validator before emitting any output. Adds mysql / mysql_heatwave
  type aliases.
- tools/archcenter_pattern_lookup.py — scores against cached page
  descriptions (not just the 1-line summary), supports --queries for
  multi-fragment composition, and applies synonym expansion via
  kb/architecture-center/synonyms.yaml so "LB HA cross AD" matches
  "load balancer high availability availability domain".
- kb/architecture-center/synonyms.yaml — canonical synonym table
  (load balancer, autonomous database, data guard, …) used by the
  lookup scorer.

KB enrichment:
- tools/archcenter_description_fetcher.py + 121 cached _description.md
  under kb/diagram/assets/archcenter-refs/<slug>/. Removes the runtime
  dependency on docs.oracle.com when authoring specs and feeds the
  pattern-lookup scorer.
- 110+ cached .drawio / .svg / .png references for offline reuse,
  plus the OCI Toolkit v24.2 import (kb/diagram/assets/oci-toolkit-drawio).

Documentation:
- docs/skill/output-formats.md — new "Standard diagram-generation
  procedure (MANDATORY)" + geometry rules + the new validator entry.
- SKILL.md option 2 — references the mandatory procedure.
- README.md — describes the spec validator, archcenter_pattern_lookup
  and description fetcher, and updates the KB-health table.

Tooling that backs the procedure (cumulative across recent sessions):
tools/archcenter_case_runner.py, archcenter_batch_driver.py,
archcenter_zip_downloader.py, drawio_visual_validator.py,
drawio_fidelity_eval.py, harvest_drawio_icon.py, import_oci_library.py,
oci_pptx_diagram_gen.py, oci_pptx_render.py, refresh_pptx_icon_index.py.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
root
2026-04-25 21:15:21 -03:00
parent 2491c38d4b
commit b30a4f0d32
635 changed files with 365317 additions and 1014 deletions

View File

@@ -0,0 +1,214 @@
# Build a secure multicloud architecture for Oracle Database@Azure
- Source: https://docs.oracle.com/en/solutions/secure-db-azure/index.html
- Date: 2025-07
- Type: reference-architecture
- Services: exacs, adb-s, vault, data-safe, cloud-guard, azure
- Tags: database, multicloud, azure, security
## Summary (catalog)
Security architecture for Database@Azure. Covers data encryption with OCI Vault, database activity monitoring with Data Safe, threat detection with Cloud Guard, and network security with NSGs.
## Architecture (fetched from source)
About Building a Secure Multicloud Architecture for Oracle Database@Azure
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Previous
Next
JavaScript must be enabled to correctly display this content
About Building a Secure Multicloud
Architecture for Oracle Database@Azure
You want to ensure that your data is always protected from accidental or
malicious exposure, regardless of where your database is being deployed.
Successfully securing this data requires an understanding of the various attack
vectors, as well as the tools and services available to you on the relevant
cloud platform.
Whether you run Oracle databases on Oracle Cloud
Infrastructure or other cloud service providers such as Microsoft Azure, Google Cloud
Platform, Amazon Web Services, Oracle provides a robust set of security
tools that allow administrators to prevent, detect and respond to security
threats, both inside and outside of your organization.
Oracle Autonomous Database Serverless @ Azure includes access to many security features and options.
All Oracle Autonomous Database Serverless databases are encrypted by default using Transparent Data Encryption
(TDE). This safeguards your data at rest in the database and prevents bypass
attacks on this data such as attempts to access the data by using the
underlying file system without any attempt to authenticate or have the
necessary database privileges to access the data.
Encryption keys should be stored and managed separately from the
database. With Oracle Autonomous Database Serverless @ Azure, this can be achieved by integrating your database with Azure Key
Vault.
Oracle Database Vault implements powerful security controls for your database. These unique
security controls restrict access to application data by privileged database
users, reducing the risk of insider and outside threats and addressing
common compliance requirements.
Oracle Data Safe , which is included with Autonomous Database , provides a unified control center that helps you manage the day-to-day
security and compliance requirements of Oracle databases. Oracle Data Safe helps you to evaluate security controls, assess user security, monitor
user activity, mitigate risk from compromised accounts, and address data
security compliance requirements for your database. Oracle Data Safe does this by employing:
- Security assessment
- User assessment
- Activity auditing
- Sensitive data discovery
- Data masking
A final consideration is to centralize database user authentication
and authorization by integrating your database with Entra ID.
The remainder of this playbook will show how each of these available
features and services helps you to be confident that your data is adequately
secured in a public cloud platform.
Replay the Webinar
Replay the webinar about building a secure multicloud architecture for Oracle Database@Azure :
Title and Copyright Information
Build a secure multicloud architecture for Oracle Database@Azure
G36548-01
June 2025
Copyright © 2025,
Oracle and/or its affiliates.