Authored by Kellsey Ruppel, principal product marketing director at Oracle. and Yianni Voyiatzis, cloud account manager at Oracle.
The authors want to thank Sundu Rathinam, CEO at ChainSys, for his contributions.
Figure 1: ChainSys helps their clients centralize data across on-premises and cloud environments.
Decision paralysis because of unreliable data and a lack of analytics tools caused avoidable delays in making critical decisions that cost businesses an average of $1.4 million in profit in 2021. To help companies gain confidence in their data and make more accurate decisions faster, ChainSys runs its Smart Data Platform on Oracle Cloud Infrastructure (OCI), enabling companies to migrate, integrate, catalog, and analyze their enterprise application data on demand. Founded in 1998 in Grand Ledge, MI, ChainSys helps its clients to centralize data across on-premises and cloud environments by unifying discrete data models and object sets, collecting data from machines, sensors, and other devices, and then providing real-time analytics.
ChainSys Smart Data Platform overview
ChainSys’ Smart Data Platform helps its clients to cleanse their data stored in data lakes, apply data governance models, and create data catalogs, making the data easily searchable, while maintaining the data's lineage, entity relationships, business glossaries, compliance, and virtualization capabilities.
ChainSys offers the following core products :
- dataZap for data movement: Performs data migration, data integration, and data reconciliation
- dataZen for data quality: Enables data quality management, master data management, and data governance
- dataZense for data analytics: Data analytics, data visualization, and data cataloging
The ChainSys architecture is a multitenant architecture that supports cloud and hybrid cloud deployments in a customer's tenancy. The ChainSys deployment on OCI includes the following highlights:
- PostgreSQL databases are used for data movement and are partitioned into separate schemas for each customer.
- Virtual machines (VMs) in the application (APP) subnet perform data integration, migration, extract transform load (ETL), reporting, visualization and dashboarding, caching, and scheduling.
Suite of Oracle products used
OCI includes all the services needed to migrate, build, and run IT in the cloud, from existing enterprise workloads to new cloud native applications and data platforms. ChainSys used the following OCI services and technologies:
- Tenancy: A tenancy is a secure and isolated partition that Oracle sets up within Oracle Cloud when you sign up for OCI. You can create, organize, and administer your resources in OCI within your tenancy. A tenancy is synonymous with a company or organization. Usually, a company will have a single tenancy and reflect its organizational structure within that tenancy. A single tenancy is usually associated with a single subscription, and a single subscription usually only has one tenancy.
- Region: An OCI region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Compartment: Compartments are cross-region logical partitions within an OCI tenancy. Use compartments to organize your resources in OCI, control access to the resources, and set usage quotas. To control access to the resources in a compartment, you define policies that specify who can access the resources and what actions they can perform.
- Availability domain: Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domain: A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you distribute resources across multiple fault domains, your applications can tolerate physical server failure, system maintenance, and power failures inside a fault domain.
- Virtual cloud network (VCN) and subnets: A VCN is a customizable, software-defined network that you set up in an OCI region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Security list: For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Route table: Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.
- Site-to-Site VPN: Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in OCI. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.
- Dynamic routing gateway (DRG): The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Load balancer: The OCI Load Balancing service provides automated traffic distribution from a single entry point to multiple servers in the back end.
- OCI Compute: The OCI Compute service enables you to provision and manage compute hosts in the cloud. You can launch compute instances with shapes that meet your resource requirements for CPU, memory, network bandwidth, and storage. After creating a compute instance, you can access it securely, restart it, attach and detach volumes, and terminate it when you no longer need it.
The ChainSys architecture spreads functions and roles across multiple VM instances. For each customer, ChainSys creates a unique, load balanced URL hosted on the web node instances. From a user perspective, this setup allows customers to access the the ChainSys Smart Data Platform to begin managing their data. In the DMZ subnet, more VMs allow for data redirection (collaborator) and API exposure (publisher). These VMs interact with the external systems and internal systems in the application (APP) subnet. After the collaborator or publisher determines where to redirect the data, VMs in the application subnet perform data integration, migration, extract transform load (ETL), reporting, visualization and dash-boarding, caching, and scheduling.
In this architecture, PostgreSQL databases are used for data movement. For a multitenancy deployment, each database is partitioned into separate schemas for each customer. The databases are configured in an active-standby configuration. If system integrations are required, VPNs with IPSec tunnels are created during configuration to provide for secure connections from source systems to target systems. The source and target systems can include on-premises systems, private clouds, and public clouds.
Using OCI Monitoring, Logging, Alarms, and Events, Chainsys can monitor the environment performance, health, and status to ensure that the systems are functioning properly and that they can proactively remedy any issues that may arise.
Figure 2: The architecture for ChainSys’ deployment.
The ChainSys deployment, including initial research and development took five months to complete. Since migrating to OCI, they have achieved optimal performance, experienced cost and time savings, and enhanced security. Performance increased 30%, and ChainSys estimates a cost savings of 50% per year and a time savings of 15–20 hours a month. OCI helps ChainSys to better serve their customers by running their applications continuously. Disaster recovery and high availability services help ensure no downtime, and ChainSys can scale up or down the resources easily with OCI.
While remaining true to its architectural principles, ChainSys is looking to further enhance its OCI implementation. In a future state architecture, ChainSys plans to take advantage of OCI Web Application Firewall (WAF), which would allow ChainSys customers to access the Smart Data Platform with greater security and without having to maintain independent IPSec tunnels. The WAF provides both network-level and application-level security to help protect web applications from cyberattacks and from other threats.
ChainSys customers have the option of using Oracle Autonomous Database to store meta, datamart, and couch databases. ChainSys also plans to add Oracle Cloud Infrastructure Data Science, Oracle Analytics Cloud (OAC), and OCI AI to the platform.
To provide a layer of security, ChainSys is looking to deploy OCI Security Zones. OCI Security Zones allow ChainSys to maintain a security posture and to prevent misconfigurations.
For more information on ChainSys application and Oracle Cloud Infrastructure, see the following resources: