Clone a DB System

This article explains how to clone a virtual machine DB system.

Cloning creates a copy of a source DB system as it exists at the time of the cloning operation, including the storage configuration software and database volumes. When creating a clone, you can specify a new SSH key and ADMIN password.


  • Cloning is supported for both single-instance and RAC virtual machine DB systems.
  • Cloning is not supported for bare metal DB systems.
  • To clone a virtual machine DB system that has a Data Guard association, initiate the operation from the primary DB system. The clone operation does not clone Data Guard associations themselves, or Data Guard connections.
  • When cloning a virtual machine DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database. For information on using customer-managed keys, see Database Encryption Keys.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.

For administrators: The policy in Let database admins manage Oracle Cloud database systems lets the specified group do everything with databases and related Database resources.

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for databases, see Details for the Database Service.

Limitations and Considerations

  • When cloning a virtual machine DB system that uses Real Application Clusters (RAC), a new Oracle Grid Infrastructure (GI) configuration is created. The new GI is required to avoid conflicts with the source DB system. Therefore, the clone DB system does not include the following from the source system: manually added clusterware resources, database application services, customized settings from the source database such as environment variables, manually-added application IP addresses (application virtual IPs), additional listener ports (such as those configured for Transport Layer Security or other purposes), or any other resource or customization that is not present after the creation of a new DB system.
  • Cloning a RAC DB system takes longer than cloning a single instance DB system due to the time needed to create a new GI stack. Expect a RAC virtual machine DB system cloning operation to take at least an hour.
  • For virtual machine DB systems using Oracle Automatic Storage Management (ASM), the Oracle Grid Infrastructure software must be 19.9 or later. This does not affect the minimum Oracle Database software version, which must be 11.2 or higher.
  • Cloning is not currently supported for virtual machine DB systems using Oracle Database 21c with Oracle Automatic Storage Management.
  • You can't clone a virtual machine DB system in a security zone to create a virtual machine DB system that isn't in a security zone. See the Security Zone policies topic for a full list of policies that affect Database service resources.

For more information, see Oracle Automatic Storage Management and Security Zone Policies.

Using the Console to Clone a Virtual Machine DB System

  1. Open the navigation menu. Click Oracle Database, then click Bare Metal, VM, and Exadata.
  2. Choose the compartment where the source DB system is located.
  3. In the list of DB systems, find the virtual machine DB system you want to clone and click its highlighted name.
  4. On the DB System Details page of your source DB system, click Clone.
  5. Select a compartment: By default, the DB system is created in your current compartment and you can use the network resources in that compartment.
  6. Display name:A non-unique, display name for the DB system. An Oracle Cloud Identifier (OCID) uniquely identifies the DB system. Avoid entering confidential information.
  7. Add SSH key: Add the public key portion of each key pair you want to use for SSH access to the Exadata system. Select on of the following options:
    • Generate SSH key pair: Use this option to create a new SSH key pair. Click both Save Private Key and Save Public Key when using this option. The private key is downloaded to your local machine, and should be stored in a safe location. You cannot download another copy of the private key generated during this operation after completing the operation.
    • Upload SSH key files: Select this option to browse or drag and drop .pub files.
    • Paste SSH keys: Select this option to paste in individual public keys. To paste multiple keys, click + Another SSH Key, and supply a single key for each entry.

    The clone uses the SSH keys specified during the cloning operation. The source DB system continues to use the SSH keys that were in place before the cloning operation.

  8. Choose a license type: The type of license you want to use for the DB system. Your choice affects metering for billing.
    • License Included means the cost of this Oracle Cloud InfrastructureDatabase service resource will include both the Oracle Database software licenses and the service.
    • Bring Your Own License (BYOL) means you will use your organization's Oracle Database software licenses for this Oracle Cloud Infrastructure Database service resource. For more information, see Bring Your Own License.

    This license selection only applies to the clone, and does not affect the source DB system.
  9. Specify the network information:
    • Virtual cloud network: The VCN in which to create the DB system. Click Change Compartment to select a VCN in a different compartment. The clone can use a different VCN and subnet from the source DB system.
    • Client Subnet: The subnet to which the DB system attaches. For 1- and 2-node RAC DB systems: Do not use a subnet that overlaps with, which is used by the Oracle Clusterware private interconnect on the database instance. Specifying an overlapping subnet causes the private interconnect to malfunction.

      Click Change Compartment to select a subnet in a different compartment.

    • Network Security Groups: Optionally, you can specify one or more network security groups (NSGs) for your DB system. NSGs function as virtual firewalls, allowing you to apply a set of ingress and egress security rules to your DB system. A maximum of five NSGs can be specified.

      If you choose a subnet with a security list, the security rules for the DB system are a union of the rules in the security list and the NSGs.

      For more information, see Security Rules, Network Security Groups, Security Lists, and VCN and Subnets.

    • Hostname prefix: Your choice of host name for the bare metal or virtual machine DB system. The host name must begin with an alphabetic character, and can contain only alphanumeric characters and hyphens (-). The maximum number of characters allowed for bare metal and virtual machine DB systems is 16.


      The host name must be unique within the subnet. If the host name is not unique, the DB system fails to provision. If the clone is created in a different subnet from the source, the same host name can be used for both the clone and the source DB system.
    • Host domain name: The domain name for the DB system. If the selected subnet uses the Oracle-provided Internet and VCN Resolver for DNS name resolution, then this field displays the domain name for the subnet and it can't be changed. Otherwise, you can provide your choice of a domain name. Hyphens (-) are not permitted.
    • Host and domain URL: Combines the host and domain names to display the fully qualified domain name (FQDN) for the database. The maximum length is 64 characters.
    • Private IP address:Not applicable for RAC systems. Optionally, for single-instance DB systems, you can define the IP address of the clone. This option is useful in development contexts where you create and delete clones of the same source DB system over and over. A defined IP address allows each new iteration of the clone to use the same IP address. If you specify an IP address that is in use within the subnet, the cloning operation fails with an error message regarding the invalid IP address.
  10. Provide information for the initial database of the clone:
    • Database name: The name for the database. The database name must begin with an alphabetic character and can contain a maximum of eight alphanumeric characters. Special characters are not permitted. You can use the same database name that is used in the source DB system.
    • Password: A strong password for the SYS user. The password must be from 9 to 30 characters and contain at least two of each of the following types of characters: uppercase, lowercase, numeric, and special. The special characters must be _, #, or -. The password must not contain the username (SYS or SYSTEM) or the word "oracle" either in forward or reversed order and regardless of casing. The password is used for the SYS and SYSTEM administrator accounts.


      The TDE wallet password is inherited from the source DB system for databases using Oracle-managed encryption keys. When cloning a virtual machine DB system that uses customer-managed encryption keys, the cloned database will be configured to use the same key version as the source database. For more information, see Database Encryption Keys.
    • Confirm password: Reenter the password you specified.
  11. Clicking Show Advanced Options allows you to configure the following for single-instance DB systems:
    • Tags: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator. For more information about tagging, see Resource Tags.
  12. Click Clone DB System.

Use the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the LaunchDbSystem API operation to clone virtual machine DB systems.

For the complete list of APIs for the Database service, see Database Service API.