diff --git a/docs/terraform.md b/docs/terraform.md
index cb8a8280b..08134a71f 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -20,7 +20,14 @@ This setup supports the deployment of the following configurations:
 This approach is particularly suitable for deploying and configuring:
 
 - Oracle databases on RHEL or Oracle Linux
-- High-availability configurations for database and application clusters
+- Two-node Oracle Data Guard deployments, where:
+
+   The user provides:
+
+   * zone1 and subnetwork1 for the primary node
+   * zone2 and subnetwork2 for the standby node
+
+   Only 2-node Data Guard setups are currently supported.
 
 ---
 
@@ -43,6 +50,22 @@ This infrastructure is modular and customizable, allowing you to tailor it to sp
 
 ---
 
+## Instance naming convention
+For single-instance deployments, the VM will be named using the pattern:
+"<instance_name>-1".
+Example: If instance_name = "oracle-db", the resulting VM will be oracle-db-1.
+
+For multi-node Oracle Data Guard deployments:
+
+* Primary node: "<instance_name>-1"
+* Standby node: "<instance_name>-2"
+
+Example: If instance_name = "oracle-db", the primary VM will be oracle-db-1 and the standby VM will be oracle-db-2.
+
+
+---
+
+
 ## Pre-requisites
 
 To use this Terraform and Ansible integration, ensure you have the following tools installed:
diff --git a/roles/workload-agent/tasks/metric_collection.yml b/roles/workload-agent/tasks/create_db_user.yml
similarity index 85%
rename from roles/workload-agent/tasks/metric_collection.yml
rename to roles/workload-agent/tasks/create_db_user.yml
index 12fa28b40..ea3f95e4f 100644
--- a/roles/workload-agent/tasks/metric_collection.yml
+++ b/roles/workload-agent/tasks/create_db_user.yml
@@ -46,13 +46,3 @@
     PATH: "{{ oracle_home }}/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin"
   no_log: true
   tags: workload-agent
-
-- name: Copy workload-agent's configuration file to the database VM
-  template:
-    src: "configuration.json.j2"
-    dest: "/etc/google-cloud-workload-agent/configuration.json"
-    owner: root
-    group: root
-    mode: u=rw,go=r
-  notify: Restart workload-agent
-  tags: workload-agent
diff --git a/roles/workload-agent/tasks/main.yml b/roles/workload-agent/tasks/main.yml
index 21054c829..5ee85ebdb 100644
--- a/roles/workload-agent/tasks/main.yml
+++ b/roles/workload-agent/tasks/main.yml
@@ -18,9 +18,23 @@
     file: install.yml
   tags: workload-agent
 
-- name: Configure Google Cloud Agent for Compute Workloads to collect Oracle metrics and send them to Google Cloud Monitoring
+- name: Create a database user for the Google Cloud Agent for Compute Workloads to collect Oracle metrics
   include_tasks:
-    file: metric_collection.yml
+    file: create_db_user.yml
+  # Run for single-instance setup or for the primary in multi-node Data Guard setup.
+  # For standby setup, install-oracle.sh generates the [primary] group in the inventory file.
   when:
     - oracle_metrics_secret | length > 0
+    - "groups['primary'] is not defined"
+
+- name: Copy workload-agent's configuration file to the database VM
+  template:
+    src: "configuration.json.j2"
+    dest: "/etc/google-cloud-workload-agent/configuration.json"
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  when:
+    - oracle_metrics_secret | length > 0
+  notify: Restart workload-agent
   tags: workload-agent
diff --git a/terraform/main.tf b/terraform/main.tf
index f9d97f83f..89bd43032 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -16,7 +16,6 @@ locals {
   fs_disks = [
     {
       auto_delete  = true
-      boot         = false
       device_name  = "oracle_home"
       disk_size_gb = var.oracle_home_disk.size_gb
       disk_type    = var.oracle_home_disk.type
@@ -26,7 +25,6 @@ locals {
   asm_disks = [
     {
       auto_delete  = true
-      boot         = false
       device_name  = "data"
       disk_size_gb = var.data_disk.size_gb
       disk_type    = var.data_disk.type
@@ -34,7 +32,6 @@ locals {
     },
     {
       auto_delete  = true
-      boot         = false
       device_name  = "reco"
       disk_size_gb = var.reco_disk.size_gb
       disk_type    = var.reco_disk.type
@@ -42,7 +39,6 @@ locals {
     },
     {
       auto_delete  = true
-      boot         = false
       device_name  = "swap"
       disk_size_gb = var.swap_disk_size_gb
       disk_type    = var.swap_disk_type
@@ -79,70 +75,149 @@ locals {
   additional_disks = concat(local.fs_disks, local.asm_disks)
 
   project_id = var.project_id
+
+  is_multi_instance = (
+    var.zone1 != "" && var.zone2 != "" && var.subnetwork1 != "" && var.subnetwork2 != ""
+  )
+
+  instances = local.is_multi_instance ? {
+    "${var.instance_name}-1" = {
+      zone = var.zone1
+      subnetwork = var.subnetwork1
+      role = "primary"
+    }
+    "${var.instance_name}-2" = {
+      zone = var.zone2
+      subnetwork = var.subnetwork2
+      role = "standby"
+    }
+  } : {
+    "${var.instance_name}-1" = {
+      zone = var.zone1
+      subnetwork = var.subnetwork1
+      role = "primary"
+    }
+  }
 }
 
-module "instance_template" {
-  source  = "terraform-google-modules/vm/google//modules/instance_template"
-  version = "~> 13.0"
-
-  name_prefix        = format("%s-template", var.instance_name)
-  region             = var.region
-  project_id         = local.project_id
-  network            = coalesce(var.network, var.subnetwork)
-  subnetwork         = coalesce(var.subnetwork, var.network)
-  subnetwork_project = local.project_id
-  service_account = {
-    email  = var.vm_service_account
-    scopes = ["https://www.googleapis.com/auth/cloud-platform"]
+data "google_compute_image" "os_image" {
+  family  = var.source_image_family
+  project = var.source_image_project
+}
+
+resource "time_static" "template_suffix" {}
+
+locals {
+  template_suffix = formatdate("YYYYMMDDhhmmss", time_static.template_suffix.rfc3339)
+}
+
+resource "google_compute_instance_template" "default" {
+  name         = "${var.instance_name}-${local.template_suffix}"
+  project      = var.project_id
+  machine_type = var.machine_type
+
+  network_interface {
+    # gets overridden during instance creation
+    subnetwork = var.subnetwork1
+  }
+  disk {
+    boot = true
+    auto_delete = true
+    source_image = data.google_compute_image.os_image.self_link
+    disk_type = var.boot_disk_type
+    disk_size_gb  = var.boot_disk_size_gb
   }
 
-  machine_type         = var.machine_type
-  source_image_family  = var.source_image_family
-  source_image_project = var.source_image_project
-  disk_size_gb         = var.boot_disk_size_gb
-  disk_type            = var.boot_disk_type
-  auto_delete          = true
+  dynamic "disk" {
+    for_each = local.additional_disks
+    content {
+      boot = false
+      auto_delete = disk.value.auto_delete
+      device_name = disk.value.device_name
+      disk_size_gb = disk.value.disk_size_gb
+      disk_type = disk.value.disk_type
+      labels = disk.value.disk_labels
+    }
+  }
 
+  service_account {
+    email  = var.vm_service_account
+    scopes = ["cloud-platform"]
+  }
 
   metadata = {
     metadata_startup_script = var.metadata_startup_script
     enable-oslogin          = "TRUE"
   }
 
-  additional_disks = local.additional_disks
-
   tags = var.network_tags
 }
 
-module "compute_instance" {
-  source  = "terraform-google-modules/vm/google//modules/compute_instance"
-  version = "~> 13.0"
-
-  region              = var.region
-  zone                = var.zone
-  network            = coalesce(var.network, var.subnetwork)
-  subnetwork         = coalesce(var.subnetwork, var.network)
-  subnetwork_project  = local.project_id
-  hostname            = var.instance_name
-  instance_template   = module.instance_template.self_link
-  deletion_protection = false
-
-  access_config = var.assign_public_ip ? [{
-    nat_ip       = null
-    network_tier = "PREMIUM"
-  }] : []
+resource "google_compute_instance_from_template" "database_vm" {
+  for_each = local.instances
+
+  name = each.key
+  zone = each.value.zone
+  project = var.project_id
+  source_instance_template = google_compute_instance_template.default.self_link
+
+  network_interface {
+    subnetwork = each.value.subnetwork
+
+    dynamic "access_config" {
+      for_each = var.assign_public_ip ? [1] : []
+      content {}
+    }
+  }
+
 }
 
 resource "random_id" "suffix" {
   byte_length = 4
 }
 
+locals {
+  database_vm_nodes = [
+    for vm in google_compute_instance_from_template.database_vm : {
+      name = vm.name
+      zone = vm.zone
+      ip = vm.network_interface[0].network_ip
+      role = local.instances[vm.name].role
+    }
+  ]
+}
+
+locals {
+  common_flags = join(" ", compact([
+    length(local.asm_disk_config) > 0 ? "--ora-asm-disks-json '${jsonencode(local.asm_disk_config)}'" : "",
+    length(local.data_mounts_config) > 0 ? "--ora-data-mounts-json '${jsonencode(local.data_mounts_config)}'" : "",
+    "--swap-blk-device /dev/disk/by-id/google-swap",
+    var.ora_swlib_bucket != "" ? "--ora-swlib-bucket ${var.ora_swlib_bucket}" : "",
+    var.ora_version != "" ? "--ora-version ${var.ora_version}" : "",
+    var.ora_backup_dest != "" ? "--backup-dest ${var.ora_backup_dest}" : "",
+    var.ora_db_name != "" ? "--ora-db-name ${var.ora_db_name}" : "",
+    var.ora_db_container != "" ? "--ora-db-container ${var.ora_db_container}" : "",
+    var.ntp_pref != "" ? "--ntp-pref ${var.ntp_pref}" : "",
+    var.ora_release != "" ? "--ora-release ${var.ora_release}" : "",
+    var.ora_edition != "" ? "--ora-edition ${var.ora_edition}" : "",
+    var.ora_listener_port != "" ? "--ora-listener-port ${var.ora_listener_port}" : "",
+    var.ora_redo_log_size != "" ? "--ora-redo-log-size ${var.ora_redo_log_size}" : "",
+    var.db_password_secret != "" ? "--db-password-secret ${var.db_password_secret}" : "",
+    var.oracle_metrics_secret != "" ? "--oracle-metrics-secret ${var.oracle_metrics_secret}" : "",
+    var.install_workload_agent ? "--install-workload-agent" : "",
+    var.skip_database_config ? "--skip-database-config" : "",
+    var.ora_pga_target_mb != "" ? "--ora-pga-target-mb ${var.ora_pga_target_mb}" : "",
+    var.ora_sga_target_mb != "" ? "--ora-sga-target-mb ${var.ora_pga_target_mb}": "",
+    var.data_guard_protection_mode != "" ? "--data-guard-protection-mode '${var.data_guard_protection_mode}'": ""
+  ]))
+}
+
 resource "google_compute_instance" "control_node" {
   project      = var.project_id
   name         = "${var.control_node_name_prefix}-${random_id.suffix.hex}"
   machine_type = var.control_node_machine_type
-  zone         = var.zone
-
+  zone         = var.zone1
+  
   scheduling {
     max_run_duration {
       seconds = 604800
@@ -157,8 +232,7 @@ resource "google_compute_instance" "control_node" {
   }
 
   network_interface {
-    network            = coalesce(var.network, var.subnetwork)
-    subnetwork         = coalesce(var.subnetwork, var.network)
+    subnetwork         = var.subnetwork1
     subnetwork_project = local.project_id
 
     dynamic "access_config" {
@@ -174,37 +248,16 @@ resource "google_compute_instance" "control_node" {
 
   metadata_startup_script = templatefile("${path.module}/scripts/setup.sh.tpl", {
     gcs_source = var.gcs_source
-    instance_name = module.compute_instance.instances_details[0].name
-    instance_zone = module.compute_instance.instances_details[0].zone
-    ip_addr = module.compute_instance.instances_details[0].network_interface[0].network_ip
-    asm_disk_config = jsonencode(local.asm_disk_config)
-    data_mounts_config = jsonencode(local.data_mounts_config)
-    swap_blk_device = "/dev/disk/by-id/google-swap"
-    ora_swlib_bucket = var.ora_swlib_bucket
-    ora_version = var.ora_version
-    ora_backup_dest = var.ora_backup_dest
-    ora_db_name = var.ora_db_name
-    ora_db_container = var.ora_db_container
-    ntp_pref = var.ntp_pref
-    ora_release = var.ora_release
-    ora_edition = var.ora_edition
-    ora_listener_port = var.ora_listener_port
-    ora_redo_log_size = var.ora_redo_log_size
-    db_password_secret = var.db_password_secret
-    install_workload_agent = var.install_workload_agent
-    oracle_metrics_secret = var.oracle_metrics_secret
-    skip_database_config = var.skip_database_config
-    ora_pga_target_mb = var.ora_pga_target_mb
-    ora_sga_target_mb = var.ora_sga_target_mb
+    database_vm_nodes_json = jsonencode(local.database_vm_nodes)
+    common_flags = local.common_flags
     deployment_name = var.deployment_name
-    data_guard_protection_mode = var.data_guard_protection_mode
   })
 
   metadata = {
     enable-oslogin = "TRUE"
   }
 
-  depends_on = [module.compute_instance]
+  depends_on = [google_compute_instance_from_template.database_vm]
 }
 
 output "control_node_log_url" {
@@ -212,3 +265,7 @@ output "control_node_log_url" {
   value       = "https://console.cloud.google.com/logs/query;query=resource.labels.instance_id%3D${urlencode(google_compute_instance.control_node.instance_id)};duration=P30D?project=${urlencode(var.project_id)}"
 }
 
+output "database_vm_names" {
+  description = "Names of the created database VMs from instance templates"
+  value       = [for vm in google_compute_instance_from_template.database_vm : vm.name]
+}
diff --git a/terraform/scripts/setup.sh.tpl b/terraform/scripts/setup.sh.tpl
index 6fbde4025..bb8226062 100644
--- a/terraform/scripts/setup.sh.tpl
+++ b/terraform/scripts/setup.sh.tpl
@@ -1,7 +1,5 @@
 #!/bin/bash
 
-set -Eeuo pipefail
-
 control_node_name="$(curl -s http://metadata.google.internal/computeMetadata/v1/instance/name -H 'Metadata-Flavor: Google')"
 # The zone value from the metadata server is in the format 'projects/PROJECT_NUMBER/zones/ZONE'.
 # extracting the last part
@@ -47,6 +45,31 @@ EOF
   done
 }
 
+send_ansible_completion_status() {
+  exit_code=$1
+  if [[ $exit_code -eq 0 ]]; then
+    state="ansible_completed_success"
+  else
+    state="ansible_completed_failure"
+  fi
+
+  timestamp=$(date --rfc-3339=seconds)
+  payload=$(cat <<EOF
+{
+  "state": "$state",
+  "event_type": "ANSIBLE_RUNNER_SCRIPT_END",
+  "timestamp": "$timestamp",
+  "deployment_name": "${deployment_name}",
+  "instanceName": "$control_node_name",
+  "zone": "$control_node_zone"
+}
+EOF
+  )
+echo "Sending a signal to Cloud Logging to indicate Ansible completion status"
+echo "JSON payload to be sent: $payload"
+gcloud logging write "$CLOUD_LOG_NAME" "$payload" --payload-type=json
+}
+
 send_heartbeat &
 heartbeat_pid=$!
 
@@ -58,20 +81,6 @@ DEST_DIR="/oracle-toolkit"
 apt-get update
 apt-get install -y ansible python3-jmespath unzip python3-google-auth
 
-echo "Triggering SSH key creation via OS Login by running a one-time gcloud compute ssh command."
-echo "This ensures that a persistent SSH key pair is created and associated with your Google Account."
-echo "The private auto-generated ssh key (~/.ssh/google_compute_engine) will be used by Ansible to connect to the VM and run playbooks remotely."
-echo "Command:"
-echo "gcloud compute ssh '${instance_name}' --zone='${instance_zone}' --internal-ip --quiet --command whoami"
-
-timeout 2m bash -c 'until gcloud compute ssh "${instance_name}" --zone="${instance_zone}" --internal-ip --quiet --command whoami; do
-  echo "Waiting for SSH to become available on '${instance_name}'..."
-  sleep 5
-done' || {
-  echo "ERROR: Timed out waiting for SSH"
-  exit 1
-}
-
 control_node_sa="$(curl -s http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email -H 'Metadata-Flavor: Google')"
 echo "Downloading '${gcs_source}' to /tmp"
 if ! gsutil cp "${gcs_source}" /tmp/; then
@@ -83,10 +92,17 @@ mkdir -p "$DEST_DIR"
 echo "Extracting files from '$zip_file' to '$DEST_DIR'"
 unzip -o "/tmp/$zip_file" -d "$DEST_DIR"
 
-ssh_user="$(gcloud compute os-login describe-profile --format='value(posixAccounts[0].username)')"
-if [[ -z "$ssh_user" ]]; then
-  echo "ERROR: Failed to extract the POSIX username. This may be due to OS Login not being enabled or missing IAM permissions."
-  exit 1
+num_nodes="$(echo '${database_vm_nodes_json}' | jq "length")"
+echo "num_nodes=$num_nodes"
+
+primary_ip=""
+if [[ "$num_nodes" -gt 1 ]]; then
+  primary_ip="$(echo '${database_vm_nodes_json}' | jq -r '.[] | select(.role == "primary") | .ip')"
+  if [[ -z "$primary_ip" ]]; then
+    echo "ERROR: Could not find a primary node with role 'primary'."
+    exit 1
+  fi
+  echo "PRIMARY_IP: $primary_ip"
 fi
 
 cd "$DEST_DIR"
@@ -104,49 +120,82 @@ EOF
 
 export DEPLOYMENT_NAME="${deployment_name}"
 
-bash install-oracle.sh \
---instance-ssh-user "$ssh_user" \
---instance-ssh-key /root/.ssh/google_compute_engine \
-%{ if ip_addr != "" }--instance-ip-addr "${ip_addr}" %{ endif } \
-%{ if asm_disk_config != "" }--ora-asm-disks-json '${asm_disk_config}' %{ endif } \
-%{ if data_mounts_config != "" }--ora-data-mounts-json '${data_mounts_config}' %{ endif } \
-%{ if swap_blk_device != "" }--swap-blk-device "${swap_blk_device}" %{ endif } \
-%{ if ora_swlib_bucket != "" }--ora-swlib-bucket "${ora_swlib_bucket}" %{ endif } \
-%{ if ora_version != "" }--ora-version "${ora_version}" %{ endif } \
-%{ if ora_backup_dest != "" }--backup-dest "${ora_backup_dest}" %{ endif } \
-%{ if ora_db_name != "" }--ora-db-name "${ora_db_name}" %{ endif } \
-%{ if ora_db_container != "" }--ora-db-container "${ora_db_container}" %{ endif } \
-%{ if ntp_pref != "" }--ntp-pref "${ntp_pref}" %{ endif } \
-%{ if ora_release != "" }--ora-release "${ora_release}" %{ endif } \
-%{ if ora_edition != "" }--ora-edition "${ora_edition}" %{ endif } \
-%{ if ora_listener_port != "" }--ora-listener-port "${ora_listener_port}" %{ endif } \
-%{ if ora_redo_log_size != "" }--ora-redo-log-size "${ora_redo_log_size}" %{ endif } \
-%{ if skip_database_config }--skip-database-config %{ endif } \
-%{ if ora_pga_target_mb != ""}--ora-pga-target-mb "${ora_pga_target_mb}" %{ endif } \
-%{ if ora_sga_target_mb != ""}--ora-sga-target-mb "${ora_sga_target_mb}" %{ endif } \
-%{ if install_workload_agent }--install-workload-agent %{ endif } \
-%{ if oracle_metrics_secret != "" }--oracle-metrics-secret "${oracle_metrics_secret}" %{ endif } \
-%{ if data_guard_protection_mode != "" }--data-guard-protection-mode "${data_guard_protection_mode}" %{ endif }
-
-if [[ $? -eq 0 ]]; then
-  state="ansible_completed_success"
-else
-  state="ansible_completed_failure"
-fi
+ssh_user=""
+for node in $(echo '${database_vm_nodes_json}' | jq -c '.[] | select(.role == "primary")'); do
+  node_name="$(echo "$node" | jq -r '.name')"
+  node_ip="$(echo "$node" | jq -r '.ip')"
+  node_zone="$(echo "$node" | jq -r '.zone')"
+
+  echo "Triggering SSH key creation via OS Login by running a one-time gcloud compute ssh command."
+  echo "This ensures that a persistent SSH key pair is created and associated with your Google Account."
+  echo "The private auto-generated ssh key (~/.ssh/google_compute_engine) will be used by Ansible to connect to the VM and run playbooks remotely."
+  echo "Command:"
+  echo "gcloud compute ssh '$node_name' --zone='$node_zone' --internal-ip --quiet --command whoami"
+
+  timeout 2m bash -c "until gcloud compute ssh \"$node_name\" --zone=\"$node_zone\" --internal-ip --quiet --command whoami; do
+    echo \"Waiting for SSH to become available on '$node_name'...\"
+    sleep 5
+  done" || {
+    echo "ERROR: Timed out waiting for SSH"
+    exit 1
+  }
+
+  ssh_user="$(gcloud compute os-login describe-profile --format='value(posixAccounts[0].username)')"
+  if [[ -z "$ssh_user" ]]; then
+    echo "ERROR: Failed to extract the POSIX username. This may be due to OS Login not being enabled or missing IAM permissions."
+    exit 1
+  fi
 
-timestamp=$(date --rfc-3339=seconds)
-payload=$(cat <<EOF
-{
-  "state": "$state",
-  "event_type": "ANSIBLE_RUNNER_SCRIPT_END",
-  "timestamp": "$timestamp",
-  "deployment_name": "${deployment_name}",
-  "instanceName": "$control_node_name",
-  "zone": "$control_node_zone"
-}
-EOF
-)
+    echo "Configuring PRIMARY node: $node_name, IP: $node_ip, Zone: $node_zone"
+    bash install-oracle.sh \
+    --cluster-type NONE \
+    --instance-ip-addr "$node_ip" \
+    --instance-ssh-user "$ssh_user" \
+    --instance-ssh-key /root/.ssh/google_compute_engine \
+    ${common_flags}
+    
+    exit_code=$?
+
+    if [[ $exit_code -ne 0 ]]; then
+      echo "Error: Primary setup failed for $node_name. Exiting."
+      send_ansible_completion_status $exit_code
+      exit $exit_code
+    fi
+done
+
+
+if [[ "$num_nodes" -gt 1 ]]; then
+  for node in $(echo '${database_vm_nodes_json}' | jq -c '.[] | select(.role == "standby")'); do
+    node_name="$(echo "$node" | jq -r '.name')"
+    node_ip="$(echo "$node" | jq -r '.ip')"
+    node_zone="$(echo "$node" | jq -r '.zone')"
+
+    echo "Verifying primary node is reachable at $primary_ip..."
+
+    if ping -c 3 "$primary_ip"; then
+      echo "Primary node is reachable. Proceeding with standby setup."
+    else
+      echo "Error: Primary node $primary_ip is not reachable. Cannot continue with standby setup."
+      send_ansible_completion_status 1
+      exit 1
+    fi
+
+    echo "Configuring STANDBY node: $node_name, IP: $node_ip, Zone: $node_zone"
+    bash install-oracle.sh \
+    --cluster-type DG \
+    --primary-ip-addr "$primary_ip" \
+    --instance-ip-addr "$node_ip" \
+    --instance-ssh-user "$ssh_user" \
+    --instance-ssh-key /root/.ssh/google_compute_engine \
+    ${common_flags}
+
+    exit_code=$?
+    if [[ $exit_code -ne 0 ]]; then
+      echo "Error: Standby setup failed for $node_name. Exiting."
+      send_ansible_completion_status $exit_code
+      exit $exit_code
+    fi
+  done
+fi
 
-echo "Sending a signal to Cloud Logging to indicate Ansible completion status"
-echo "JSON payload to be sent: $payload"
-gcloud logging write "$CLOUD_LOG_NAME" "$payload" --payload-type=json
+send_ansible_completion_status 0
diff --git a/terraform/terraform.tfvars.example b/terraform/terraform.tfvars.example
index 6bdde6850..cc540b9d6 100644
--- a/terraform/terraform.tfvars.example
+++ b/terraform/terraform.tfvars.example
@@ -16,14 +16,18 @@
 # General settings
 gcs_source                   = "gs://your-gcs-bucket/oracle-toolkit.zip"
 ora_swlib_bucket             = "gs://your-oracle-software-bucket"
-region                       = "us-central1"
-zone                         = "us-central1-b"
 project_id                   = "your-project-id"
-network                      = "default"
-subnetwork                   = "default"
 vm_service_account           = "your-vm-service-account@your-project-id.iam.gserviceaccount.com"
 control_node_service_account = "your-control-node-service-account@your-project-id.iam.gserviceaccount.com"
 
+# Primary node for the Single-instance deployment
+zone1 = "us-central1-b"
+subnetwork1 = "projects/your-project/regions/us-central1/subnetworks/default"
+
+# Standby node for the Multi-instance Data Guard deployment
+zone2 = "us-central1-c"
+subnetwork2 = "projects/your-project/regions/us-central1/subnetworks/default"
+
 # Instance settings
 instance_name        = "orcl"
 source_image_family  = "oracle-linux-8"
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 3bdcf9a52..01d2b8f76 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -200,12 +200,6 @@ variable "project_id" {
   type        = string
 }
 
-variable "region" {
-  description = "The GCP region where the instance and related resources will be deployed (e.g., us-central1)."
-  type        = string
-  default     = "us-central1"
-}
-
 variable "vm_service_account" {
   description = "The service account used for managing compute instance permissions."
   type        = string
@@ -238,24 +232,6 @@ variable "source_image_project" {
   default     = "oracle-linux-cloud"
 }
 
-variable "network" {
-  description = "The name of the GCP network to which the instance will be attached."
-  type        = string
-  default     = "default"
-}
-
-variable "subnetwork" {
-  description = "The name of the GCP subnetwork to which the instance will be attached; customize if using custom subnet creation mode."
-  type        = string
-  default     = ""
-}
-
-variable "zone" {
-  description = "The specific availability zone within the selected GCP region (e.g., us-central1-b)."
-  type        = string
-  default     = "us-central1-b"
-}
-
 variable "assign_public_ip" {
   description = "Whether to assign a public IP address to the control node VM. Set to false if the environment already has internet access via a Cloud NAT."
   type        = bool
@@ -305,6 +281,38 @@ variable "skip_database_config" {
   default     = false
 }
 
+variable "zone1" {
+  description = "The GCP zone for deploying the instance in single-instance deployments, or for the primary node in multi-instance Data Guard deployments."
+  type        = string
+  default     = "us-central1-b"
+}
+
+variable "zone2" {
+  description = "The GCP zone for deploying the secondary node in a multi-instance Data Guard deployment."
+  type        = string
+  default     = ""
+}
+
+variable "subnetwork1" {
+  description = "The Resource URI of the GCP subnetwork to attach the instance to. Used for single-instance deployments and for the primary node in multi-instance Data Guard deployments."
+  type        = string
+  validation {
+    condition = var.subnetwork1 == "" || can(regex("^projects/([a-z0-9-]+)/regions/([a-z0-9-]+)/subnetworks/([a-z0-9-]+)$", var.subnetwork1))
+    error_message = "Must be in the format: 'projects/<PROJECT_ID>/regions/<REGION>/subnetworks/<SUBNETWORK_NAME>'."
+  }
+  default     = ""
+}
+
+variable "subnetwork2" {
+  description = "The Resource URI of the GCP subnetwork to attach the secondary node to in a multi-instance Data Guard deployment."
+  type        = string
+  validation {
+    condition = var.subnetwork2 == "" || can(regex("^projects/([a-z0-9-]+)/regions/([a-z0-9-]+)/subnetworks/([a-z0-9-]+)$", var.subnetwork2))
+    error_message = "Must be in the format: 'projects/<PROJECT_ID>/regions/<REGION>/subnetworks/<SUBNETWORK_NAME>'."
+  }
+  default     = ""
+}
+
 variable "ora_pga_target_mb" {
   description = "Oracle session private memory aggregate target, in MB."
   type        = number
diff --git a/terraform/versions.tf b/terraform/versions.tf
index 76c040ab0..c5a604987 100644
--- a/terraform/versions.tf
+++ b/terraform/versions.tf
@@ -23,5 +23,9 @@ terraform {
       source  = "hashicorp/random"
       version = "~> 3.7.2"
     }
+    time = {
+      source  = "hashicorp/time"
+      version = "~> 0.9"
+    }
   }
 }