Part 4 - Oracle Utilities in the Cloud: Architectural Priorities for a Successful Cloud Migration

A major cloud transformation for Oracle Utilities is a big move—financially, strategically, and operationally. Whether you're starting fresh or migrating existing applications, your architecture choices early on can make or break long-term success. In this multi-part series, I’ll walk through several critical areas you should focus on when standing up Oracle Utilities applications in Oracle Cloud Infrastructure (OCI).

In Part 3, we focused on getting to the cloud—securely and redundantly. Now it’s time to talk about what happens inside your cloud footprint. This time we'll hit on the decisions you’ll need to make around networking design, integration strategies, the Oracle Services Network (OSN), and the cost realities of data egress. Let’s do this.

Links to previous parts if you want to revisit:

• Part 1 - Tenancy Organization
• Part 2 - Rethinking IAM in Oracle Cloud and What You Need to Know
• Part 3 - Networking and Connectivity: Getting to the Cloud (and Staying There)

Designing for Performance and Cost in Oracle Cloud Networking

Once connectivity is established, the next layer is your Virtual Cloud Network (VCN). This is where your OUCS applications will live and how they’ll integrate with both OCI services and on-premises systems.

OCI networking follows standard principles: you’ll use gateways, load balancers, firewalls, proxies, route tables, security lists, pre-authenticated requests, and more. What you choose (and when) depends on four foundational questions:

1. Which connectivity option will be used?
2. What integration methods will be needed?
3. When should different integration patterns apply?
4. How will business users access the application?

These questions may seem simple—but when the answer to all of them is “yes,” things can get complex quickly. Multiple tenancies, multiple VCNs, multiple regions… it adds up fast.

In the simplest deployment, you’ll need:

• Service Gateway for inbound traffic to OUCS
• Reverse Proxy for outbound traffic to on-premises

This is because OUCS uses a public IP, which needs to be proxied to reach your private network. Every other network decision builds from this core pattern.

Oracle Services Network (OSN)

OSN is a logical network that hosts all OCI services. When your VCN uses a Service Gateway, services like Object Storage and Autonomous Database become accessible without sending traffic over the public internet. Some services don’t require additional configuration, but you may still need to specify a VCN or subnet at provisioning. Three OCI services that are critical in most OUCS deployments:

1. Oracle Integration Cloud (OIC) – Primary middleware for cloud integrations (officially it's called, Oracle Integration 3). OUCS applications can expose integration endpoints called, Inbound Web Services (IWS). You or your integrator may be tempted to interface directly with IWS by some source applications. I advise you not to do this. Instead, use OIC and leverage important features such as error handling and dynamic scaling.
2. Object Storage – Versatile, durable, and deeply integrated with OUCS. This is your data hub for everything that is not an API call. AMI headend files are stored here, Generalized Data Export (GDE) files are dropped here, as are Managed File Transfer reads and writes. You configure Buckets in Object Storage - in a compartment - and can control access, encrypt, version control, and archive among other options.
3. Autonomous Database – Quietly essential and massively underutilized. When migrating to OUCS, you will lose direct database access. For sure, there is the SQL Developer Web interface for ad hoc querying, but it doesn't come close to the full experience you really want. For more reasons that warrant a dedicated article, I'll simply say this… for numerous reasons you will want to extract data from your cloud SaaS application and store it in a database where you can have complete control. I've also been told that Golden Gate, compatible with OUCS, is readying for a GA release. Autonomous Database + Golden Gate. You can thank me later.

That wraps up a brief summary on the OSN services you will absolutely find value in provisioning for OUCS—except for the one thing these three all have in common - they’re major drivers of data egress charges.

Data Egress: The Hidden Cost Trap

Oracle calls it, data leaving the network, a deceptively simple definition but that's what data egress essentially is. And, it's charges catch teams off guard more than any other cost factor. Common scenarios like these all trigger outbound data transfer costs:

• Security teams pulling logs from Object Storage
• Users analyzing interval meter data
• APIs retrieving data from OCI to on-prem

Even with 10 TB of free data egress per month, it's easy to burn through that if you don’t monitor usage. Rules of Thumb (but double-check Oracle docs because things can change):

• Incurs a Charge: Data transfer between regions
• Incurs a Charge: Data transfer from OCI to the internet
• Incurs a Charge: VPN Connect traffic to on-prem
• Free: Data transfer between availability domains
• Free: OSN-to-OUCS traffic within the same region
• Free: FastConnect with private peering makes all traffic to on-premises free
• Data ingress is always free

Architect with this in mind. Monitor traffic. Set budgets and alerts. Use observability tools to stay ahead of surprises.

Final Thoughts and Advice

It’s impossible to cover all best practices for OCI networking in a single article—but you don’t have to start from scratch. Ben Woltz , Principal Cloud Architect at Oracle, has written some excellent advice I highly recommend:

🔗 Solution Playbook: Learn about network deployments on OCI

🔗 Part One – OCI Network Design, VCN, and Subnets

🔗 Part Two – OCI Network Security

🔗 Part Three – OCI Network Connectivity

🔗 Part Four – OCI Network Monitoring, Observability, and Management

Likewise, for all other topics touched upon in this series, I only scratched the surface. I invite you to begin your own journey, and a good place to start is right here.

If you would like to see more here, share in the comments what topics interest you and I'll see what I can do. Thanks for following along!