Home Projects Architecture Case Studies OCI
Coming Soon OCI OCI Architect

FastConnect Hybrid Connectivity

PRJ-OCI-NET-095

Dedicated private connectivity

~8 min read Beginner
Status Coming Soon
Last Updated Jan 16, 2026
Completion 0%
Status: Coming Soon· Last Updated: Jan 16, 2026· Completion: 0%· ~8 min read· Beginner
Download Guide Watch Tutorial View Architecture Download Architecture

Implementation Guide

Comprehensive step-by-step deployment guide

Download Implementation Guide

Estimated Monthly Cost

~$20/mo on minimal config
ComputeStorageMonitoring
Business ContextHigh latency and inconsistent performance for on-premises applications accessing…

The Problem

  • High latency and inconsistent performance for on-premises applications accessing OCI resources over the public internet.
  • Security concerns and data exfiltration risks when sensitive data traverses public networks between on-premises and OCI.
  • Limited bandwidth and unreliable connectivity impacting large data transfers and disaster recovery initiatives between hybrid environments.

The Solution

  • Establishes dedicated, high-bandwidth network connections between on-premises data centers and OCI using OCI FastConnect.
  • Secures network traffic over IPsec VPN tunnels for less critical workloads or as a backup using OCI Site-to-Site VPN.
  • Centralizes and manages network connectivity for virtual cloud networks (VCNs) and on-premises networks via a single Dynamic Routing Gateway (DRG).

Business Value

  • Reduces network latency for critical hybrid applications by up to 70%, improving user experience and application responsiveness.
  • Increases data transfer speeds for large datasets by 5x, accelerating backup, recovery, and analytics processes.
  • Achieves 99.95% network availability for hybrid cloud connectivity, minimizing downtime for business-critical operations.
  • Lowers data egress costs from OCI to on-premises by 30% compared to public internet transfers.

Risk Mitigation

  • Mitigates data breach risks by isolating hybrid cloud traffic from the public internet.
  • Reduces operational disruptions due to unreliable public network performance.
  • Addresses compliance violations related to data sovereignty and secure data transit.
  • Prevents vendor lock-in by providing flexible hybrid cloud networking options.
GRC MappingISO 27001: Information Security Management System for securing hybrid cloud conn…

Compliance Frameworks

  • ISO 27001: Information Security Management System for securing hybrid cloud connections.
  • NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations, applicable to network security.
  • PCI DSS: Payment Card Industry Data Security Standard, for secure transmission of payment data over hybrid links.
  • SOC 2 Type II: Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy of data handled via hybrid connectivity.

Security Controls Implemented

  • Network Segmentation: Achieved by isolating FastConnect and Site-to-Site VPN traffic from public internet within OCI VCNs.
  • Encryption in Transit: Implemented via IPsec tunnels for OCI Site-to-Site VPN and MACsec for FastConnect where supported.
  • Access Control: Configured on DRG and associated route tables to restrict traffic flow between on-premises and OCI.
  • Logging and Monitoring: Enabled for OCI FastConnect and Site-to-Site VPN connections to detect anomalous network activity.
  • Redundancy and Failover: Provided by configuring multiple FastConnect circuits or using Site-to-Site VPN as a backup.

Audit Evidence

  • FastConnect circuit configuration reports and bandwidth utilization logs.
  • Site-to-Site VPN tunnel status and IPsec security association logs.
  • DRG route table configurations and network flow logs.
  • Network architecture diagrams detailing hybrid connectivity design.

Regulatory Alignment

  • GDPR (Article 32): Security of processing, ensuring confidentiality and integrity of personal data during transit.
  • HIPAA (45 CFR Part 164.312): Technical safeguards for electronic protected health information (ePHI) in transit.
  • CCPA (Section 1798.150): Reasonable security procedures and practices to protect consumer personal information.
  • SOX (Section 302): Internal controls over financial reporting, ensuring secure data transfer for financial systems.

Video tutorial coming soon!

Subscribe to our YouTube channel to get notified when this tutorial is published.

Subscribe on YouTube

Architecture Diagram

PRJ-OCI-NET-095 Architecture

Technology Stack

FastConnect
Site-to-Site VPN
DRG
Hybrid

Complete Documentation

Prerequisites

OCI Administrator policy
OCI CLI configured
Terraform >= 1.5 (optional)
OCI tenancy with credits
API key pair generated
1

Clone & Configure

Clone the repository and configure OCI CLI with your tenancy OCID, user OCID, and API key.

oci setup config
2

Review Policies

Review and create the required OCI IAM policies for the deployment compartment.

oci iam policy list --compartment-id
3

Initialize Infrastructure

Run Terraform init and plan to preview the OCI resource changes before applying.

terraform init && terraform plan -out=tfplan
4

Deploy Resources

Apply the Terraform plan to provision all OCI resources in your target compartment.

terraform apply tfplan
5

Verify & Monitor

Verify the deployment in the OCI Console and check the Monitoring service for any alarms.

oci monitoring alarm list --compartment-id

Deployment Guide

Step-by-step instructions to deploy this project

Download Guide

Architecture Diagram

Visual representation of the system architecture

Download Architecture

Source Code

Complete source code and configuration files

View on GitHub

Video Tutorial

Watch the complete walkthrough video

Watch Now