47 lines
1.7 KiB
Markdown
Executable File
47 lines
1.7 KiB
Markdown
Executable File
# Lab Architecture
|
|
|
|
## Objective
|
|
|
|
Create a secure and repeatable OCI foundation to demonstrate Oracle Deep Data Security for AI, analytics, and enterprise application workloads.
|
|
|
|
## Logical Design
|
|
|
|
```mermaid
|
|
flowchart LR
|
|
User["End User / Analyst"] --> App["Application or AI Agent"]
|
|
App --> PE["Database Private Endpoint"]
|
|
BI["BI Tool / SQL Client"] --> PE
|
|
PE --> ADB["Oracle AI Database / Autonomous Database"]
|
|
ADB --> Policies["Deep Data Security Data Grants"]
|
|
ADB --> Audit["Unified Audit / Evidence"]
|
|
KMS["OCI Vault / Optional KMS"] --> ADB
|
|
Admin["DBA Operations"] --> Bastion["Optional Bastion"]
|
|
Bastion --> PE
|
|
```
|
|
|
|
## Components
|
|
|
|
| Layer | Component | Purpose |
|
|
| --- | --- | --- |
|
|
| Network | VCN, private subnet, NSGs | Isolate database and application flows. |
|
|
| Database | Private Autonomous Database | Run lab schemas, policies, and tests. |
|
|
| Security | Deep Data Security | Enforce authorization by user, role, and context. |
|
|
| Keys | Optional OCI Vault | Enable customer-managed keys when required. |
|
|
| Operations | Optional compute bastion | Controlled administrative access when required. |
|
|
| Evidence | SQL output, logs, screenshots | Support technical validation and demos. |
|
|
|
|
## Security Principles
|
|
|
|
- No public database exposure.
|
|
- Access through private subnet and NSG rules.
|
|
- mTLS required.
|
|
- Secrets kept out of Git.
|
|
- Minimum privileges for OCI resources.
|
|
- Data policies versioned as SQL.
|
|
- Preventive controls first; auditing for evidence and investigation.
|
|
|
|
## What Terraform Does Not Configure
|
|
|
|
Terraform provisions infrastructure. Fine-grained configuration such as users, data roles, data grants, and test data stays under `scenarios/` so each lab can be installed and reset without recreating the OCI environment.
|
|
|