Oracle Database Appliance – let’s backup to the Oracle Cloud Infrastructure Object Storage

This blog post describes the setup for an Oracle Database Appliance ODA database backup by RMAN to the Oracle Cloud Infrastructure. Basically there are three destinations for backup and recovery possible:

• Oracle Fast Recovery Area (FRA) disk – the Internal FRA
• Network File System (NFS) location – external FRA
• Oracle Cloud Infrastructure Object Storage – Oracle Object Storage

When using backup to the Oracle Cloud Infrastructure Object Storage, the Oracle Database Backup Cloud Service module (opc_installer.jar) is configured in the background. A configuration can be created by the ODA browser interface or by command line tool odacli – what I prefer. When you have already worked with the Oracle Database Backup Service and the OPC module, the setup will be familiar for you.

Prerequisites

  • OCI user with an Authentication Token
  • IAM policy for the usage of the Object Storage
  • Oracle Database Appliance access to Oracle Cloud Infrastructure Object Storage direct or via proxy
  • ODA Object Storage Credentials
  • ODA Backup Policy
  • ODA Database modify Backup Policy

And finally, execute an RMAN backup.

My Setup

  • Oracle Database Appliance X7-2S
  • Oracle Database Appliance release 19.13
  • Oracle Enterprise Edition database release 19.13

OCI user with an Authentication Token

A user called oda-box-01-backup and a group grp-oda-box-01-backup is created. The group is required later for the IAM policy. In Identity – User – User Details, create an Auth Token. Record the generated token, It will not be shown again.

IAM Policy

We need two policies for the user group to use the Oracle Cloud Infrastructure Object Storage for backup operations.

Oracle Database Appliance access to Oracle Cloud Infrastructure Object Storage direct or via proxy

Verify the internet connection to the Object Storage endpoints. For example for endpoint in OCI Switzerland:

Oracle Database Appliance Object Storage Credentials

The password is the user Auth Token created above. In this case, we use the region Zurich as target.

Parameters:

  • -e: endpoint in format swiftobjectstorage.region.oraclecloud.com/v1
  • -n: name for the credential
  • -t: Object Storage namespace – attention, take a look in your tenancy details, it can be differ from the tenancy name
  • -u: OCI user

Screenshot from the ODA Browser Interface

 

Oracle Database Appliance Backup Policy

Based on the credential, the backup policy can be created. Here we use the OCI Object Storage backup dboda01-backup.

Parameters:

  • -n: name for the policy
  • -d: target Objectstore
  • -w: retention time in days
  • -o: the credential id – gather it from odacli list-objectstoreswifts
  • -c: OCI Object Storage bucket name
  • -cr: a RMAN crosscheck is executed

Screenshot from the ODA Browser Interface

Errors:

According the documentation, maximum allowed retention period is 30 days – error when defined to long:

Wrong bucket or missing IAM policy:

Background Information

Here you find the OCI Object Storage configuration from the OPC module:

ODA Database modify Backup Policy

When credentials and the backup policy is set, the policy can be added to the database. As the RMAN backup target is Oracle Cloud Infrastructure, the backup has to be encrypted before upload.

Parameters:

  • -i: database id – gather it from odacli list-databases
  • -bi: backup policy id – gather it from odacli list-backupconfigs
  • -bp: an encryption password is required

Pain point: If you have a two-location backup strategy with on-prem and cloud, only one policy can be activated per database. In this case, use the ODA for the first selection, and a script or you use my favourite Oracle backup framework: our Trivadis db* backup tool.

Screenshot from the ODA Browser Interface

ODA execute RMAN Backup

This can be done by CLI or ODA browser interface.

Parameters:

  • -i: database id – gather it from odacli list-databases
  • -bt: backup type – {Regular-L0|Regular-L1|Longterm|archivelog}
  • -t: tag

Screenshot from the ODA Browser Interface

 

Verify the available Backup Files in Oracle Cloud Infrastructure Object Storage Bucket

Feature: Create a Database from Object Storage Backup

When you have stored the backup report locally as JSON (Save Backup Report), then you can use this information to create a new Oracle database clone from backup. One of my favourite actions 🙂

Set RMAN decryption password and define parameters for the new database.

Job Details

And some minutes later…

Licensing

After a short exchange with My Oracle Support – thanks to Bernard for clarification – there is a Special License Right for this use case available:

Oracle Database Backup Cloud Service includes use of the following two features from the Oracle Advanced Security option or the Oracle Advanced Compression option at no additional cost:

  • RMAN backup encryption
  • All RMAN backup compression algorithms

To use additional features of the Oracle Advanced Security option or the Oracle Advanced Compression option, you must license those options separately. In addition, the Oracle Advanced Security option must be separately licensed when performing RMAN encrypted backups directly to disk.

Link: Licensing Information (oracle.com)

Summary

Easy to configure, easy to handle – this are the key values of an Oracle Engineered System like the Oracle Database Appliance. The cloud as a backup target is never a bad solution, it depends on your requirements like your company’s backup strategy, internet connection and important things like RPO/RTO. Next step after the policy apply: verify and, if required, modify the backup schedule.

To have only one policy active at once is not really funny, but there are other solutions for a DBA to support two or more backup destinations like scripts, frameworks – or why not to change the policy by REST API endpoint /databases/modifyDb temporarily?

Have fun with backup to Oracle Cloud Infrastructure Object Storage!

Links: