Use a Cross Tenancy Autonomous Data Guard Standby Database

You can add a cross tenancy Autonomous Data Guard standby database. This creates an Autonomous Data Guard standby that resides in a different tenancy. The cross tenancy standby can be in the same region (local) or in a different region (cross-region).

• About Cross Tenancy Autonomous Data Guard
  When you add a cross tenancy Autonomous Data Guard standby, Autonomous Database provisions a standby database in a remote tenancy.
• Prerequisites to Create a Cross Tenancy Autonomous Data Guard Standby
  Describes prerequisites for creating a cross tenancy Autonomous Data Guard standby.
• Add a Cross Tenancy Autonomous Data Guard Standby
  Shows the steps to create a cross tenancy Autonomous Data Guard standby. This covers creating a cross tenancy standby when the source database and the standby database are in the same region (local) and when the source database and the standby database are in different regions (cross-region).
• Switchover, Failover, or Create a Snapshot Standby with a Cross Tenancy Autonomous Data Guard Standby
  Describes the procedure to switchover, failover, or create a snapshot standby with a cross tenancy standby.
• Terminate a Cross Tenancy Autonomous Data Guard Standby
  Shows the steps to terminate a cross tenancy standby.

About Cross Tenancy Autonomous Data Guard

When you add a cross tenancy Autonomous Data Guard standby, Autonomous Database provisions a standby database in a remote tenancy.

With a cross tenancy Autonomous Data Guard standby you can failover or switchover to a standby database in a different tenancy (or create a snapshot standby in a different tenancy). This feature also allows you to easily use an Autonomous Data Guard standby to migrate a database to a different tenancy.

Note the following for adding a cross tenancy Autonomous Data Guard standby:

• You can only create a cross tenancy Autonomous Data Guard standby using the CLI or the Autonomous Database REST APIs. This option is not available using the Oracle Cloud Infrastructure Console.

• Some of the features available when you enable an Autonomous Data Guard standby in the same tenancy, such as the automatic failover options, are not available with a cross tenancy Autonomous Data Guard standby.

  There are no automatic failover options for a cross tenancy Autonomous Data Guard standby and you can only use manual failover to failover to a cross tenancy standby.

• You can enable a cross tenancy Autonomous Database standby with either the ECPU or OCPU compute model. The standby database uses the same compute model as the primary database.

• A cross tenancy Autonomous Data Guard standby can be in the same region (local) or in a different region (cross-region).

• Only a single cross tenancy Autonomous Data Guard standby can be enabled, either local or cross-region. You cannot enable both a cross tenancy local and a cross tenancy cross-region Autonomous Data Guard standby.

  • In addition to a single cross tenancy Autonomous Data Guard standby, you can have one local or cross-region disaster recovery peer (either Autonomous Data Guard or Backup-Based Disaster Recovery).

• Customer-Managed Encryption Keys are not supported with a Cross Tenancy Autonomous Data Guard standby.

Prerequisites to Create a Cross Tenancy Autonomous Data Guard Standby

Describes prerequisites for creating a cross tenancy Autonomous Data Guard standby.

You must define OCI Identity and Access Management policies to authorize creating an Autonomous Data Guard standby in a different tenancy.

The OCI Identity and Access Management groups and policies you add support the following:

• A member of a group in the source tenancy allows a group in the destination tenancy to access (read) the source Autonomous Database instance on the source tenancy.

  You do not need to allow other actions on the source Autonomous Database instance (for example, start, stop terminate, or any write operations).

• A member of a group in the destination tenancy is allowed to read Autonomous Databases in the source tenancy.

  On the destination tenancy you also add a policy that allows a group to manage the Autonomous Databases in a compartment in the remote (destination) tenancy. For example, this policy allows the group to create the standby database.

1. Create a group on the remote tenancy that contains the user that will be allowed to add the Autonomous Data Guard standby.
   1. On the remote tenancy, in the Oracle Cloud Infrastructure Console click Identity & Security.
   2. Under Identity click Domains and select an identity domain (or create a new identity domain).
   3. Under Identity domain, click Groups.
   4. To add a group, click Create group.
   5. On the Create group page, enter a Name and a Description.

      For example, enter the Name: CrossTenancyStandbyGroup.

   6. On the Create group page, click Create.
   7. Click Create to save the group.
   8. On the Group page, click Assign user to groups and select the users you want to add to the group.
   9. Click Add.
   10. On the Group page, from the Group information tab copy the OCID for use in Step 2.
2. On the source tenancy, define OCI Identity and Access Management policies for the source Autonomous Database instance.
   1. On the source tenancy, in the Oracle Cloud Infrastructure Console click Identity & Security.
   2. Under Identity, click Policies.
   3. To write a policy, click Create Policy.
   4. On the Create Policy page enter a Name and a Description.
   5. On the Create Policy page, select Show manual editor.
   6. In the policy builder, add policies so that the group in the destination tenancy is allowed to create a standby using an Autonomous Database instance on the source tenancy as the source.

      For example, define the following generic policies:

      define tenancy RemoteTenancy as ocid1.tenancy.oc1..unique_id
      define group GroupThatExistsInRemoteTenancy as ocid1.group.region1..unique_id
      admit group GroupThatExistsInRemoteTenancy of tenancy RemoteTenancy to read autonomous-databases
        in compartment id ocid1.compartment.region..unique_id

      This policy specifies the following:

      • Line 1: the OCID is the OCID of the remote tenancy. This is the tenancy where you are going to create the standby.

      • Line 2: the OCID is the OCID of the group to which the user who will create the standby belongs. This is the OCID for the group you created in Step 1.

      • Line 3: The OCID is the OCID of the compartment where the source database resides.

      Policies on Primary (Source) Tenancy To Add a Cross Tenancy Standby

      define tenancy RemoteTenancy as ocid1.tenancy.oc1..aaa_example_rcyx2a
      define group CrossTenancyStandbyGroup as ocid1.group.oc1..aaa_example_6vctn6xsaq
      admit group CrossTenancyStandbyGroup of tenancy RemoteTenancy to read autonomous-databases
         in compartment id ocid1.compartment.oc1..aaaaaaaabexample6q

      This policy specifies the CrossTenancyStandbyGroup group of the RemoteTenancy can read from Autonomous Databases in the specified compartment (on the source tenancy). To create a cross tenancy standby, the policy only needs to allow read on the source Autonomous Database instance.

   7. Click Create to save the policy.
3. Define policies for the remote tenancy.
   1. On the destination tenancy, in the Oracle Cloud Infrastructure Console click Identity & Security.
   2. Under Identity, click Policies.
   3. To write a policy, click Create Policy.
   4. On the Create Policy page enter a Name and a Description.
   5. On the Create Policy page, select Show manual editor.
   6. In the policy builder, add policies so that a group is endorsed to manage Autonomous Databases on the source tenancy.

      For example:

      Define tenancy PrimaryTenancy as ocid1.tenancy.oc1..aaaaaaaabexampleyx2a
      Endorse group CrossTenancyStandbyGroup to read autonomous-databases in tenancy PrimaryTenancy
      Allow group CrossTenancyStandbyGroup to manage autonomous-databases in tenancy

      This policy specifies the following:

      • Line 1: The OCID is the primary tenancy OCID. This is the tenancy where the primary Autonomous Database instance resides.

      • Line 2: Specifies that the CrossTenancyStandbyGroup group is endorsed in their own tenancy to read the source Autonomous Database in the primary tenancy.

      • Line 3: Specifies that the CrossTenancyStandbyGroup group is allowed to create/manage an Autonomous Database in the specified Tenancy (the tenancy where the Standby is going to be created).

Note:

If these polices are revoked, creating a cross tenancy Autonomous Data Guard Standby is no longer allowed.

See Getting Started with Policies for more information.

Add a Cross Tenancy Autonomous Data Guard Standby

Shows the steps to create a cross tenancy Autonomous Data Guard standby. This covers creating a cross tenancy standby when the source database and the standby database are in the same region (local) and when the source database and the standby database are in different regions (cross-region).

You can only create a cross tenancy Autonomous Data Guard standby using the CLI or the Autonomous Database REST APIs. This option is not available using the Oracle Cloud Infrastructure Console.

First, perform the prerequisite steps to define the OCI Identity and Access Management policies to authorize cross tenancy Autonomous Data Guard.

See Prerequisites to Create a Cross Tenancy Autonomous Data Guard Standby for details.

To create a local (same region) cross tenancy Autonomous Data Guard standby:

The API call to create the standby is sent to the different tenancy in the local region.

1. Copy the OCID of the Primary database (on the primary's Tenancy).
2. Access the tenancy where you want to create the standby, the remote tenancy, and use the CLI or the REST API to create the standby database.

   For example, with the CLI:

   oci db autonomous-database create-cross-tenancy-disaster-recovery-details 
   --compartment-id ocid1.tenancy.oc1..fcue4_example --source-id ocid1.autonomousdatabase.oc1.ap-mumbai-1.anrgexamples3q  --disaster-recovery-type ADG

   See update for more information.

   See UpdateAutonomousDatabase for more information.

To create a remote (cross-region) cross tenancy Autonomous Data Guard standby:

The API call to create the standby runs in the different tenancy in the source region.

1. Copy the OCID of the Primary database (on the primary's Tenancy).

2. Access the tenancy where you want to create the standby, the remote tenancy in the remote region, and use the CLI or the REST API to create the standby database.

   For example, with the CLI:

   oci db autonomous-database create-adb-cross-region-data-guard-details
    --compartment-id ocid1.tenancy.oc1..fcue4_example --source-id ocid1.autonomousdatabase.oc1.ap-mumbai-1.anrg6example2vws3q --disaster-recovery-type ADG

   See update for more information.

   See UpdateAutonomousDatabase for more information.

Notes for adding a cross tenancy standby database:

• Autonomous Database generates the Enable cross-region disaster recovery work request. To view the request, under Resources click Work requests.

• After you add a cross tenancy standby database either local or cross-region, the wallet and connection string from the primary database will contain only the hostname of the primary database, and the wallet and connection string from the remote tenancy database will contain only the hostname of the remote tenancy database. This applies for both instance and regional wallets.

  See Cross-Region Disaster Recovery Connection Strings and Wallets for more information.

• While you add a standby database and the Lifecycle State shows Updating, the following actions are disabled for the primary database:

  • Move Resource. See Move an Autonomous Database to a Different Compartment for information on moving an instance.

  • Stop. See Stop Autonomous Database for information on stopping an instance.

  • Restart. See Restart Autonomous Database for information on restarting an instance.

  • Restore. See Restore and Recover your Autonomous Database for information on restoring.

• See Cross-Region Autonomous Data Guard Notes and Notes for Customer-Managed Keys with Autonomous Data Guard for information on using customer-managed keys and for additional notes for using Autonomous Data Guard with the standby in a different tenancy.

Switchover, Failover, or Create a Snapshot Standby with a Cross Tenancy Autonomous Data Guard Standby

Describes the procedure to switchover, failover, or create a snapshot standby with a cross tenancy standby.

• Switchover: The steps to perform a switchover to a cross tenancy standby are the same whether the standby is local (same region) or in a different region (cross-region). You follow the same steps as for a switchover to a same tenancy cross-region standby. See Perform a Switchover to a Cross-Region Standby for more information.

• Failover: The steps to perform a failover to a cross tenancy standby are the same whether the standby is local (same region) or in a different region (cross-region). You follow the same steps as for a manual failover to a same tenancy cross-region standby. See Perform Manual Failover to a Cross-Region Standby Database for more information.

• Create a Snapshot Standby: The steps to create a snapshot standby with a cross tenancy standby are the same whether the cross tenancy standby is local (same region) or in a different region (cross-region). You follow the same steps as with a same tenancy cross-region standby. See Convert Cross-Region Disaster Recovery Peer to a Snapshot Standby for more information.

Terminate a Cross Tenancy Autonomous Data Guard Standby

Shows the steps to terminate a cross tenancy standby.

The steps to terminate either a same region or a cross-region cross tenancy standby are the same as those to terminate a cross-region same-tenancy standby. See Terminate a Cross-Region Standby Database for more information.