Merge pull request #869 from oracle-devrel/sdd-update-february

SDD v2.4 update

Author: velrajkuppu

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/primavera-solution-definition/README.md

@@ -2,7 +2,7 @@
 
 This repository contains an in-depth guide for Oracle Primavera migration projects. It offers a high-level solution definition for migrating or establishing Primavera Workloads on Oracle Cloud Infrastructure (OCI). With a comprehensive representation of the current state, prospective state, potential project scope, and anticipated timeline, this document aims to provide a precise understanding of the project's scope and intention to all participating entities.
 
-Reviewed: 20.11.2023
+Reviewed: 27.2.2024
 
 # When to use this asset?
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/primavera-solution-definition/files/primavera-solution-definition.docx

@@ -24,7 +24,7 @@ Version     | Author          | Date                    | Comment
 :---        |:---             |:---                     |:---
 0.1         | Name            | June 12th, 2023     | Updates to network design
 1.0         | Name            | June 13th, 2023     | Updates to HA design
-2.2         | Name            | October 25th, 2023     | Updates to Annex
+2.4         | Name            | February 26th, 2024     | Added the network firewall in the requirment, the solution considerations and in the Annex.
 
 ## Team
 
@@ -309,6 +309,19 @@ At the time of this document creation, no Security requirements have been specif
 
 *Capture the Non-Functional Requirements for networking-related topics. You can use the networking questions in the [Annex](#networking-requirement-considerations)*
 
+*As businesses increasingly rely on Cloud Infrastructure to store, process, and transmit sensitive data, the need for comprehensive security solutions has never been more important. Potential customers evaluating network security solutions typically prioritize the following requirements: Some of the broader category considerations are below.*
+
+- *Data Protection: Safeguarding sensitive information against unauthorized access, theft, or modification is a primary concern for any organization and industry today.*
+    - *Threat Prevention: Advanced capabilities like IDPS and malware detection for blocking threats.*
+    - *Data Loss Prevention (DLP): Monitoring and controlling sensitive data transmission.*
+    - *Encryption and Decryption: Inspecting encrypted traffic without compromising privacy.*
+- *Threat Prevention: Proactively identifying and mitigating security threats is essential for maintaining the integrity of network infrastructure. *
+    - *Intrusion Detection and Prevention: Monitoring for suspicious or malicious activity.*
+    - *Application Control: Granular control over specific applications or services.*
+    - *URL Filtering: Controlling access to permitted URLs.*
+- *Security compliance: Does your organization have network security requirements based on industry or organization compliance? For example - SAMA (Saudi Arabia Monetary Authority), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), SWIFT, etc.*
+
+
 *Example:*
 
 At the time of this document creation, no Networking requirements have been specified.
@@ -571,8 +584,7 @@ Please see our security guidelines in the [Annex](#security-guidelines).
 
 *Reference:*
 
-*A list of possible Oracle solutions can be found in the [Annex](#networking-solutions).*
-
+*If your customers have any or one of the needs described in the guide of the [Network Requirements](#networking-requirements), then the OCI Network Firewall (OCI NFW) is the cloud native solution that provides all of it. It is based on the industry-leading Nextgen firewall solution by Palo Alto (VM-Series). Refer to the Annex for more best practices around deployment models.*
 
 ### Operations (Optional)
 
@@ -660,7 +672,7 @@ Oracle Cloud Infrastructure (OCI) is designed to protect customer workloads with
 
 Cloud computing is fundamentally different from traditionally on-premises computing. In the traditional model, organizations are typically in full control of their technology infrastructure located on-premises (e.g., physical control of the hardware, and full control over the technology stack in production). In the cloud, organizations leverage resources and practices that are under the control of the cloud service provider, while still retaining some control and responsibility over other components of their IT solution. As a result, managing security and privacy in the cloud is often a shared responsibility between the cloud customer and the cloud service provider. The distribution of responsibilities between the cloud service provider and customer also varies based on the nature of the cloud service (IaaS, PaaS, SaaS).
 
-# Additional Resources
+## Additional Resources
 - [Oracle Cloud Compliance](https://www.oracle.com/corporate/cloud-compliance/) – Oracle is committed to helping customers operate globally in a fast-changing business environment and address the challenges of an ever more complex regulatory environment. This site is a primary reference for customers on Shared Management Model with Attestations and Advisories.
 - [Oracle Security Practices](https://www.oracle.com/corporate/security-practices/) – Oracle’s security practices are multidimensional, encompassing how the company develops and manages enterprise systems, and cloud and on-premises products and services.
 - [Oracle Cloud Security Practices](https://www.oracle.com/corporate/security-practices/cloud/) documents.
@@ -709,8 +721,20 @@ The below questions help to identify networking requirements.
 
 ## Security and Access Control
 
+<!--
 - Are you familiar with the concept of Next-Generation Firewalls (NGFW) and their benefits over traditional firewalls?
 - Have you considered the importance of protecting your web applications from potential cyber threats using a Web Application Firewall (WAF)?
+-->
+
+- Some of the below questions help you to adopt the right sizing and deployment model of the network firewall.
+    - Does the customer need to protect traffic from VCN to VCN? 
+    - Does the customer need to protect traffic from subnet to subnet in the same VCN?
+    - When deploying an OCI Network Firewall in a dedicated HUB or secure VCN, do you want to protect inter-VCN traffic and/or inter-subnet traffic from within the same VCN?
+    - Does the customer need to protect incoming or egressing traffic to the internet?
+    - Does the customer need to protect internal traffic (including on-premises via IPSEC/FC)?
+    - Is the network performance critical? 
+    - Does the customer have any requirement on network isolation (i.e., internet traffic never traverses or is mixed with internal traffic)? 
+- Have you considered the importance of protecting your web applications from potential cyber threats using a Web Application Firewall (WAF)?
 
 ## Monitoring and Troubleshooting
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/construction-engineering/primavera-solution-definition/files/primavera-solution-definition.md

@@ -2,7 +2,7 @@
 
 This repository contains an in-depth guide for Oracle Flexcube migration projects. It offers a high-level solution definition for migrating or establishing Flexcube Workloads on Oracle Cloud Infrastructure (OCI). With a comprehensive representation of the current state, prospective state, potential project scope, and anticipated timeline, this document aims to provide a precise understanding of the project's scope and intention to all participating entities.
 
-Reviewed: 20.11.2023
+Reviewed: 27.2.2024
 
 # When to use this asset?
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/financial-services/flexcube-solution-definition/README.md

@@ -18,7 +18,8 @@ Version     | Author          | Date                    | Comment
 :---        |:---             |:---                     |:---
 0.1         | Name            | June 12th, 2023     | Updates to network design
 1.0         | Name            | June 13th, 2023     | Updates to HA design
-2.2         | Name            | October 25th, 2023     | Updates to Annex
+2.4         | Name            | February 26th, 2024     | Added the network firewall in the requirement, the solution considerations and in the Annex.
+
 
 ## Team
 
@@ -355,10 +356,22 @@ At the time of this document creation, no Security requirements have been specif
 
 *Capture the Non-Functional Requirements for networking-related topics. You can use the networking questions in the [Annex](#networking-requirement-considerations)*
 
+*As businesses increasingly rely on Cloud Infrastructure to store, process, and transmit sensitive data, the need for comprehensive security solutions has never been more important. Potential customers evaluating network security solutions typically prioritize the following requirements: Some of the broader category considerations are below.*
+
+- *Data Protection: Safeguarding sensitive information against unauthorized access, theft, or modification is a primary concern for any organization and industry today.*
+    - *Threat Prevention: Advanced capabilities like IDPS and malware detection for blocking threats.*
+    - *Data Loss Prevention (DLP): Monitoring and controlling sensitive data transmission.*
+    - *Encryption and Decryption: Inspecting encrypted traffic without compromising privacy.*
+- *Threat Prevention: Proactively identifying and mitigating security threats is essential for maintaining the integrity of network infrastructure. *
+    - *Intrusion Detection and Prevention: Monitoring for suspicious or malicious activity.*
+    - *Application Control: Granular control over specific applications or services.*
+    - *URL Filtering: Controlling access to permitted URLs.*
+- *Security compliance: Does your organization have network security requirements based on industry or organization compliance? For example - SAMA (Saudi Arabia Monetary Authority), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), SWIFT, etc.*
+
+
 *Example:*
 
 At the time of this document creation, no Networking requirements have been specified.
-
 ### Integration and Interfaces (Optional)
 
 *Guide:*
@@ -615,7 +628,7 @@ Please see our security guidelines in the [Annex](#security-guidelines).
 
 *Reference:*
 
-*A list of possible Oracle solutions can be found in the [Annex](#networking-solutions).*
+*If your customers have any or one of the needs described in the guide of the [Network Requirements](#networking-requirements), then the OCI Network Firewall (OCI NFW) is the cloud native solution that provides all of it. It is based on the industry-leading Nextgen firewall solution by Palo Alto (VM-Series). Refer to the Annex for more best practices around deployment models.*
 
 
 ### Operations (Optional)
@@ -741,7 +754,7 @@ Oracle Cloud Infrastructure (OCI) is designed to protect customer workloads with
 
 Cloud computing is fundamentally different from traditionally on-premises computing. In the traditional model, organizations are typically in full control of their technology infrastructure located on-premises (e.g., physical control of the hardware, and full control over the technology stack in production). In the cloud, organizations leverage resources and practices that are under the control of the cloud service provider, while still retaining some control and responsibility over other components of their IT solution. As a result, managing security and privacy in the cloud is often a shared responsibility between the cloud customer and the cloud service provider. The distribution of responsibilities between the cloud service provider and customer also varies based on the nature of the cloud service (IaaS, PaaS, SaaS).
 
-# Additional Resources
+## Additional Resources
 - [Oracle Cloud Compliance](https://www.oracle.com/corporate/cloud-compliance/) – Oracle is committed to helping customers operate globally in a fast-changing business environment and address the challenges of an ever more complex regulatory environment. This site is a primary reference for customers on Shared Management Model with Attestations and Advisories.
 - [Oracle Security Practices](https://www.oracle.com/corporate/security-practices/) – Oracle’s security practices are multidimensional, encompassing how the company develops and manages enterprise systems, and cloud and on-premises products and services.
 - [Oracle Cloud Security Practices](https://www.oracle.com/corporate/security-practices/cloud/) documents.
@@ -790,8 +803,21 @@ The below questions help to identify networking requirements.
 
 ## Security and Access Control
 
+<!--
 - Are you familiar with the concept of Next-Generation Firewalls (NGFW) and their benefits over traditional firewalls?
 - Have you considered the importance of protecting your web applications from potential cyber threats using a Web Application Firewall (WAF)?
+-->
+
+- Some of the below questions help you to adopt the right sizing and deployment model of the network firewall.
+    - Does the customer need to protect traffic from VCN to VCN? 
+    - Does the customer need to protect traffic from subnet to subnet in the same VCN?
+    - When deploying an OCI Network Firewall in a dedicated HUB or secure VCN, do you want to protect inter-VCN traffic and/or inter-subnet traffic from within the same VCN?
+    - Does the customer need to protect incoming or egressing traffic to the internet?
+    - Does the customer need to protect internal traffic (including on-premises via IPSEC/FC)?
+    - Is the network performance critical? 
+    - Does the customer have any requirement on network isolation (i.e., internet traffic never traverses or is mixed with internal traffic)? 
+- Have you considered the importance of protecting your web applications from potential cyber threats using a Web Application Firewall (WAF)?
+
 
 ## Monitoring and Troubleshooting
 

cloud-architecture/oracle-apps-hyperion-siebel-gbu/gbu/financial-services/flexcube-solution-definition/files/flexcube-solution-definition.docx

@@ -10,7 +10,7 @@ This document serves as an integral asset for individuals and organizations seek
 
 Use this document as a starting point for the solution definition of your Essbase implementation project. This asset includes example architecture diagrams for DrawIO in the file essbase-architecture-diagrams-example.drawio.
 
-Reviewed: 7.2.2024
+Reviewed: 27.2.2024
 
 ## Conclusion
 The Essbase Workload Solution Definition is expected to serve as a definitive guide to the project. All participants are encouraged to provide feedback, raise queries, and make contributions to enhance the overall project's success.