Founded in 1915 as a carrot farm in Grant, Michigan, Bolthouse Farms has grown into a vertically integrated commercial agriculture company, specializing in packaged carrots, and superfood salad dressings, smoothies, and juices. While the superfood market is fast-approaching $250 billion globally, fickle consumers might clamor for certain superfoods in one moment and then reject them in the next.
Figure 1: Bolthouse Farms has built a health conscious legacy founded on carrots, expanding to drinks, dressings and beyond.
Goals for cloud migration
To generate management reports at the close of each month, six to eight people spent four hours running business object queries on their operational data store, which was connected to their JD Edwards (JDE) enterprise resource planning (ERP) system. Then they pasted the query results into multiple spreadsheets and pivot tables for manufacturing, financials, and P&L. It took this process to create the monthly business review (MBR) report.
Instead, Bolthouse Farms was looking to spend those hours on valuable analyses to support business growth and the innovation for which the company is known. They didn’t want to change the whole process, but instead replace the manual, time-consuming spreadsheet-wrangling process with an automated, fast, secure solution. They also didn’t want to spend a lot of time or money or hire more in-house resources to do it.
Why Bolthouse Farms chose Oracle
Surging demand for its brand of sustainably farmed carrots and superfood beverages prompted Bolthouse Farms to migrate its on-premises ERP applications to Oracle Cloud Infrastructure (OCI).
To protect itself from sudden shifts in consumer preferences, Bolthouse Farms needed an applications infrastructure that could respond in an instant to market changes. By upgrading its JDE suite and migrating it from an on-premises AS/400 to OCI, Bolthouse’s IT teams were able to eliminate their manual maintenance processes, replicate their environment in a geodisaster recovery site, and reduce the time it took to complete a full restoration of the system to less than 30 minutes, down from two hours.
Bolthouse Farms JDE on OCI has the following highlights:
- JDE application update, replatform, and migrate to Oracle Database Cloud service
- Oracle Autonomous Data Warehouse and Oracle Analytics Cloud enabled line-of-business quick response to market shift
- High-availability, multiple fault domain architecture
- Redundant network connections to OCI
- SSO with on-premises Lightweight Directory Access Protocol (LDAP)
- Cost-effective geo disaster recovery, recovery time objective (RTO), and recovery point objective (RPO)
- Improved security posture:
- Control connections into ERP
- Security patching frequency (applying on quarterly basis)
“Choosing Oracle Cloud Infrastructure was an easy decision,” said John Monczewski, head of data and analytics at Bolthouse Farms. “Our trusted Partner Peloton proved the value with the first project, almost as a test, then simply scaled the different services to tackle the next project and the next one. Oracle has a very comprehensive range of services that allow us to continue to expand.”
Suite of Oracle products used
OCI includes all the services needed to migrate, build, and run IT in the cloud, from existing enterprise workloads to new cloud native applications and data platforms. Bolthouse Farms used the following OCI services and technologies:
Tenancy: A tenancy is a secure and isolated partition that Oracle sets up within OCI when you sign up for OCI. You can create, organize, and administer your resources in OCI within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
Region: An OCI region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
Oracle services network: The Oracle services network is a conceptual network in OCI that is reserved for Oracle services. These services have public IP addresses that you can reach over the internet. Hosts outside OCI can access the OSN privately by using OCI FastConnect or VPN Connect. Hosts in your virtual cloud networks (VCNs) can access the OSN privately through a service gateway.
Monitoring: OCI Monitoring actively and passively monitors your cloud resources using metrics to monitor resources and alarms to notify you when these metrics meet alarm-specified triggers.
Logging: Logging is a highly scalable and fully managed service that provides access to the following types of logs from your resources in the cloud:
- Audit logs: Logs related to events emitted by the Audit service.
- Service logs: Logs emitted by individual services such as API Gateway, Events, Functions, Load Balancing, Object Storage, and VCN flow logs.
- Custom logs: Logs that contain diagnostic information from custom applications, other cloud providers, or an on-premises environment.
Availability domain: Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
Fault domain: A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
Compartment: Compartments are crossregion logical partitions within an OCI tenancy. Use compartments to organize your resources in OCI, control access to the resources, and set usage quotas. To control access to the resources in a compartment, you define policies that specify who can access the resources and what actions they can perform.
OCI Identity and Access Management (IAM): OCI IAM provides an innovative, fully integrated service that delivers all the core identity and access management capabilities through a multitenant cloud platform.
Security zone: Security zones ensure Oracle’s security best practices from the start by enforcing policies, such as encrypting data and preventing public access to networks for an entire compartment. A security zone is associated with a compartment of the same name and includes security zone policies or a recipe that applies to the compartment and its subcompartments. You can’t add or move a standard compartment to a security zone compartment.
Policy: An OCI IAM policy specifies who can access which resources and how. Access is granted at the group and compartment level, which means that you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy.
Virtual cloud network (VCN) and subnets: A VCN is a customizable, software-defined network that you set up in an OCI region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple nonoverlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which you can scope to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don’t overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
Security list: For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
Route table: Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
Site-to-Site VPN: Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in OCI. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
FastConnect: OCI FastConnect provides an easy way to create a dedicated, private connection between your data center OCI. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.
Service gateway: The service gateway provides access from a VCN to other services, such as OCI Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
Dynamic routing gateway (DRG): The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another OCI region, an on-premises network, or a network in another cloud provider.
Remote peering: Remote peering allows the VCNs’ resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network. Remote peering eliminates the need for an internet gateway and public IP addresses for the instances that need to communicate with another VCN in a different region.
Local peering gateway (LPG): An LPG enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.
Load balancer: The OCI Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
OCI Compute: The OCI Compute service enables you to provision and manage Compute hosts in the cloud. You can launch Compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a Compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
Object Storage: Object Storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. You can safely and securely store and then retrieve data directly from the internet or from within the cloud platform. You can seamlessly scale storage without experiencing any degradation in performance or service reliability. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.
Application server: Application servers use a secondary peer that, like the database, takes over processing in the event of a disaster. Application servers use configuration and metadata that is stored both in the database and the file system. Application server clustering provides protection in the scope of a single region, but ongoing modifications and new deployments must be replicated to the secondary location on an ongoing basis for a consistent disaster recovery.
Autonomous Data Warehouse: Oracle Autonomous Data Warehouse is a selfdriving, selfsecuring, selfrepairing database service that’s optimized for data warehousing workloads. You don’t need to configure or manage any hardware or install any software. OCI handles creating the database and backing up, patching, upgrading, and tuning the database.
Database Cloud Service: Oracle Database Cloud Service is a fully managed database service that lets developers quickly develop and deploy secure, cloud native applications. Oracle automates all tasks, such as backup and recovery, database and operating system patching, updates, and data encryption.
Data Guard: Oracle Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to remain available without interruption. Oracle Data Guard maintains these standby databases as copies of the production database. Then, if the production database becomes unavailable because of a planned or an unplanned outage, Oracle Data Guard can switch any standby database to the production role, minimizing the downtime associated with the outage.
Instance configuration: An instance configuration is a template that defines the settings to use when creating Compute instances, including details such as the base image, shape, and metadata. You can also specify the associated resources for the instance, such as block volume attachments and the network configuration.
Instance pool: An instance pool is a group of instances within a region created from the same instance configuration and managed as a group.
Data integration: OCI Data Integration is a fully managed, serverless, cloud-native service that extracts, loads, transforms, cleanses, and reshapes data from a variety of data sources into target Oracle Cloud Infrastructure services, such as Autonomous Data Warehouse and OCI Object Storage. Extract transform load (ETL) uses fully managed scale-out processing on Spark, and extract load transform (ELT) uses full SQL push-down capabilities of the Autonomous Data Warehouse in order to minimize data movement and to improve the time to value for newly ingested data. Users design data integration processes using an intuitive, codeless user interface that optimizes integration flows to generate the most efficient engine and orchestration, automatically allocating and scaling the execution environment. OCI Data Integration provides interactive exploration and data preparation and helps data engineers protect against schema drift by defining rules to handle schema changes.
Before upgrading its JD Edwards applications and moving those ERP apps onto OCI, Bolthouse Farms IT teams weren’t able to easily apply security patches or to upgrade the company’s operating systems.
In the on-premises environment, IT teams were unable to easily automate demand planning, supply planning, order management, and production scheduling capabilities for the company’s business users. The on-premises infrastructure also lacked a fully redundant disaster recovery plan.
Today, Bolthouse Farms users access the company’s virtual cloud network (VCN) using a dedicated high-bandwidth connection through Oracle FastConnect, which can be scaled up or down, depending on ever-changing traffic and data transfer requirements. Users can also access the company’s VCN through a virtual private network (VPN) as a lower cost backup option and to achieve network high availability.
Users connect using FastConnect or site-to-site VPN. They’re then routed by using a DRG and are then authenticated to the system through a third-party JDE single sign-on (SSO) server, which is integrated with on-premises active directory using LDAP. In a private subnet, Bolthouse runs two JDE application server pools to handle user requests coming into the Oracle load balancer. In a second private subnet, the company runs a JDE midtier server pool for batch and logic instances. In a third private subnet, Bolthouse runs single instance Oracle Database Cloud Service sized to 8 OCPUs to optimize performance based on automatic workload repository (AWR) report requirements. To ensure its ERP data is always accessible, Bolthouse uses high availability Java application server (JAS) instances in each JDE server. If a physical event takes out a server, each fault domain provides redundancy. To provide more protection for its data, Bolthouse uses rman for online database backups, which are sent to Object Storage buckets.
In a separate VCN, Bolthouse Farms runs Oracle Autonomous Data Warehouse, which replicates financial, sales, foundation master data from the JDE servers, and management KPIs from Oracle Essbase using Oracle GoldenGate Cloud. Oracle Analytics Cloud also runs in this VCN, accessing data in Autonomous Data Warehouse and enabling users to build executive dashboards, run visualizations, and generate reports.
Administrators authenticate to the system through a third-party identity provider, which is integrated with OCI IAM to provide SSO. To monitor its application and database environment, Bolthouse Farms uses JDE Server Manager for its ERP applications, Oracle Enterprise Manager Cloud Control for OCI, and a third-party tool for database monitoring.
For geographic separation, Bolthouse Farms set up a disaster recovery site as a warm standby in the Ashburn region, which is a scaled-down version of the full production environment in the Phoenix region. One JDE application server and one JDE midtier server are deployed in the disaster recovery site and synchronized with the primary site by using rsync. For real-time replication of the database tier within its disaster recovery site, Bolthouse Farms uses Oracle Data Guard.
Figure 2: The architecture for Bolthouse Farm’s deployment.
Partner Peloton Consulting Group, Oracle, and a determined team at Bolthouse Farms took on the analytics project. They replaced the query-Excel-pivot manual process with a data extract into Oracle Essbase on OCI. Instead of a complex, manual, four-hour team effort that could be done at best four times a month, the now-automated and secure process can extract, load, and calculate in 22 minutes, nightly, or at will. Because the Essbase Marketplace offering provides an entitlement for all users to the Oracle SmartView for Office application, the Excel user experience is not only continued but enhanced.
After Peloton finished that initial rebuild of the reporting package with Essbase and SmartView, it also built out a series of Oracle Analytics Cloud dashboards connected both to Essbase and to the ERP system, to complement the reporting.
For future deployments, Bolthouse Farms is looking for the following goals:
- Expand Oracle Analytics Cloud for operational reporting by extracting publicly available data for supply chain analysis, and making these reports available from Oracle Analytics Cloud Mobile
- Move advanced warehousing and transportation management to OCI
- Implement Oracle Essbase budgeting and forecasting in OCI
- Expand ERP to sales and operations planning (S&OP) services for demand and production scheduling in OCI
For more information on Bolthouse Farms and Oracle Cloud Infrastructure, see the following resources: