forked from diegoecab/oci-deal-accelerator
Diagram generation: ref-arch-driven procedure + spec validator + KB enrichment
The diagram path now follows a documented standard procedure (lookup the closest Oracle Architecture Center reference → confirm components → author absolute_layout → spec validator → render → visually verify) and ships persistent guardrails so layout regressions can't recur. Persistent procedure changes (apply to all users, all sessions): - tools/diagram_spec_validator.py — geometry checks (CONTAINER_TOO_THIN, CONTAINER_PADDING_VIOLATION, LABEL_OVERFLOW_PARENT) run BEFORE either renderer (drawio + PPTX). Catches the subnet-collapse / label-overflow bugs that the post-render drawio validator missed. - tools/oci_diagram_gen.py + tools/oci_pptx_diagram_gen.py — call the spec validator before emitting any output. Adds mysql / mysql_heatwave type aliases. - tools/archcenter_pattern_lookup.py — scores against cached page descriptions (not just the 1-line summary), supports --queries for multi-fragment composition, and applies synonym expansion via kb/architecture-center/synonyms.yaml so "LB HA cross AD" matches "load balancer high availability availability domain". - kb/architecture-center/synonyms.yaml — canonical synonym table (load balancer, autonomous database, data guard, …) used by the lookup scorer. KB enrichment: - tools/archcenter_description_fetcher.py + 121 cached _description.md under kb/diagram/assets/archcenter-refs/<slug>/. Removes the runtime dependency on docs.oracle.com when authoring specs and feeds the pattern-lookup scorer. - 110+ cached .drawio / .svg / .png references for offline reuse, plus the OCI Toolkit v24.2 import (kb/diagram/assets/oci-toolkit-drawio). Documentation: - docs/skill/output-formats.md — new "Standard diagram-generation procedure (MANDATORY)" + geometry rules + the new validator entry. - SKILL.md option 2 — references the mandatory procedure. - README.md — describes the spec validator, archcenter_pattern_lookup and description fetcher, and updates the KB-health table. Tooling that backs the procedure (cumulative across recent sessions): tools/archcenter_case_runner.py, archcenter_batch_driver.py, archcenter_zip_downloader.py, drawio_visual_validator.py, drawio_fidelity_eval.py, harvest_drawio_icon.py, import_oci_library.py, oci_pptx_diagram_gen.py, oci_pptx_render.py, refresh_pptx_icon_index.py. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,214 @@
|
||||
# Build a secure multicloud architecture for Oracle Database@Azure
|
||||
|
||||
- Source: https://docs.oracle.com/en/solutions/secure-db-azure/index.html
|
||||
- Date: 2025-07
|
||||
- Type: reference-architecture
|
||||
- Services: exacs, adb-s, vault, data-safe, cloud-guard, azure
|
||||
- Tags: database, multicloud, azure, security
|
||||
|
||||
## Summary (catalog)
|
||||
|
||||
Security architecture for Database@Azure. Covers data encryption with OCI Vault, database activity monitoring with Data Safe, threat detection with Cloud Guard, and network security with NSGs.
|
||||
|
||||
## Architecture (fetched from source)
|
||||
|
||||
About Building a Secure Multicloud Architecture for Oracle Database@Azure
|
||||
|
||||
|
||||
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
-
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
-
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
-
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Previous
|
||||
Next
|
||||
JavaScript must be enabled to correctly display this content
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
About Building a Secure Multicloud
|
||||
Architecture for Oracle Database@Azure
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
You want to ensure that your data is always protected from accidental or
|
||||
malicious exposure, regardless of where your database is being deployed.
|
||||
|
||||
|
||||
Successfully securing this data requires an understanding of the various attack
|
||||
vectors, as well as the tools and services available to you on the relevant
|
||||
cloud platform.
|
||||
|
||||
|
||||
Whether you run Oracle databases on Oracle Cloud
|
||||
Infrastructure or other cloud service providers such as Microsoft Azure, Google Cloud
|
||||
Platform, Amazon Web Services, Oracle provides a robust set of security
|
||||
tools that allow administrators to prevent, detect and respond to security
|
||||
threats, both inside and outside of your organization.
|
||||
|
||||
|
||||
|
||||
Oracle Autonomous Database Serverless @ Azure includes access to many security features and options.
|
||||
|
||||
|
||||
|
||||
All Oracle Autonomous Database Serverless databases are encrypted by default using Transparent Data Encryption
|
||||
(TDE). This safeguards your data at rest in the database and prevents bypass
|
||||
attacks on this data such as attempts to access the data by using the
|
||||
underlying file system without any attempt to authenticate or have the
|
||||
necessary database privileges to access the data.
|
||||
|
||||
|
||||
|
||||
Encryption keys should be stored and managed separately from the
|
||||
database. With Oracle Autonomous Database Serverless @ Azure, this can be achieved by integrating your database with Azure Key
|
||||
Vault.
|
||||
|
||||
|
||||
|
||||
Oracle Database Vault implements powerful security controls for your database. These unique
|
||||
security controls restrict access to application data by privileged database
|
||||
users, reducing the risk of insider and outside threats and addressing
|
||||
common compliance requirements.
|
||||
|
||||
|
||||
|
||||
Oracle Data Safe , which is included with Autonomous Database , provides a unified control center that helps you manage the day-to-day
|
||||
security and compliance requirements of Oracle databases. Oracle Data Safe helps you to evaluate security controls, assess user security, monitor
|
||||
user activity, mitigate risk from compromised accounts, and address data
|
||||
security compliance requirements for your database. Oracle Data Safe does this by employing:
|
||||
|
||||
|
||||
- Security assessment
|
||||
|
||||
- User assessment
|
||||
|
||||
- Activity auditing
|
||||
|
||||
- Sensitive data discovery
|
||||
|
||||
- Data masking
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
A final consideration is to centralize database user authentication
|
||||
and authorization by integrating your database with Entra ID.
|
||||
|
||||
|
||||
The remainder of this playbook will show how each of these available
|
||||
features and services helps you to be confident that your data is adequately
|
||||
secured in a public cloud platform.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Replay the Webinar
|
||||
|
||||
|
||||
|
||||
|
||||
Replay the webinar about building a secure multicloud architecture for Oracle Database@Azure :
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Title and Copyright Information
|
||||
|
||||
|
||||
|
||||
|
||||
Build a secure multicloud architecture for Oracle Database@Azure
|
||||
|
||||
|
||||
G36548-01
|
||||
|
||||
|
||||
June 2025
|
||||
|
||||
|
||||
Copyright © 2025,
|
||||
|
||||
Oracle and/or its affiliates.
|
||||
Reference in New Issue
Block a user