Why Database Developers Need to Know OCI Infrastructure
When you deploy an APEX application or ORDS instance on OCI, you need basic infrastructure knowledge: how to provision a compute instance, configure network security, and connect components together. You do not need to be a cloud architect, but understanding these fundamentals prevents deployment delays and security issues.
Virtual Cloud Network (VCN)
A VCN is your private network in OCI. It contains subnets (public or private), route tables, and security lists. For a typical APEX deployment: create a VCN with a public subnet for the ORDS web server (or load balancer) and a private subnet for the Autonomous Database. The database is not accessible from the internet; only the ORDS instance in the same VCN can reach it.
Security Lists and Network Security Groups
Security lists act as virtual firewalls for your subnets. For an ORDS deployment, allow inbound traffic on port 443 (HTTPS) from the internet to the public subnet, and allow traffic on port 1522 from the ORDS subnet to the database subnet. Block everything else by default:
Ingress Rules (Public Subnet):
Source: 0.0.0.0/0, Port: 443, Protocol: TCP -- HTTPS from internet
Ingress Rules (Private Subnet):
Source: 10.0.1.0/24, Port: 1522, Protocol: TCP -- DB access from ORDS subnet onlyCompute Instances for ORDS
If you are running ORDS on a compute instance (rather than using the managed ORDS in Autonomous Database), provision a VM with Oracle Linux, install Java, deploy ORDS, and configure it to connect to your database. Choose the shape (CPU and memory) based on expected API traffic. For development, a VM.Standard.E4.Flex with 1 OCPU and 8 GB RAM is sufficient. For production with moderate traffic, 2 to 4 OCPUs.
Load Balancers
For production deployments, place an OCI Load Balancer in front of your ORDS instances. The load balancer handles SSL termination, distributes traffic across multiple ORDS instances for high availability, and provides health checks that automatically route traffic away from failed instances. Configure the load balancer with an SSL certificate from OCI Certificates or Let’s Encrypt.
Managed Services vs Self-Managed
Whenever possible, use managed services: Autonomous Database (managed database), APEX on Autonomous (managed APEX and ORDS), OCI API Gateway (managed API proxy). Managed services eliminate patching, scaling, and high-availability configuration. Only provision your own compute instances when you need specific software that is not available as a managed service.