Creating a Hybrid DR Deployment

This topic does not apply to Oracle Cloud Infrastructure or to Oracle Cloud at Customer.

You can create a Hybrid Disaster Recovery (DR) Oracle Database Classic Cloud Service database deployment with a primary database on your own host system and a standby database in the cloud.

You can use the Oracle Database Classic Cloud Service creation wizard to create the Hybrid DR deployment which uses Oracle Data Guard.

See Using Oracle Data Guard in Database Classic Cloud Service for general information about using Oracle Data Guard in Oracle Database Classic Cloud Service.

The on-premises database on your own system will be the primary database in the Hybrid DR deployment, which uses Oracle Data Guard. Your system and the primary database must meet certain requirements as follows:

The owner of the Oracle Database software (dbowner) must be the oracle user.
The database must be at version 11.2.0.4.0 or version 12.1.0.2.0 with the latest PSU (patch set update) applied.
The database must use a file system as its storage method for database files. Oracle Automatic Storage Management (ASM) is not supported.
The database cannot be an Oracle Real Application Clusters (RAC) database.
The database must be smaller than 2 TB (1.2 TB if you plan to back up the database to both cloud and local storage when the database on the compute node is in the primary role).
If it is an Oracle 12c database, it must be a multitenant container database (CDB). Database Classic Cloud Service does not support non-CDB Oracle 12c databases.
All pluggable databases (PDBs) in the Oracle 12c multitenant environment must be open in read/write mode.
The database must be in ARCHIVELOG mode. See “Changing the Database Archiving Mode” in Oracle Database Administrator’s Guide for Release 12.1 or Release 11.2.
The tablespaces of the database must be encrypted using Transparent Data Encryption (TDE), a feature of Oracle Advanced Security. See "Configuring Transparent Data Encryption" in Oracle Database Advanced Security Guide for Release 12.1 or "Securing Stored Data Using Transparent Data Encryption" in Oracle Database Advanced Security Administrator's Guide for Release 11.2
The database on your own system cannot be part of another Oracle Data Guard configuration.
Enable Oracle Flashback Database for easy reinstatement of the primary database after a failover operation. See “Using Flashback Database” in Oracle Database Backup and Recovery User’s Guide for Release 12.1 or Release 11.2 .
Enable FORCE LOGGING mode to prevent the loss of data when statements in NOLOGGING mode are executed on the primary database. See “Specifying FORCE LOGGING Mode” in Oracle Database Administrator’s Guide for Release 12.1 or Release 11.2.
Ensure the listener.ora file is configured for static service registration, a requirement of Oracle Data Guard.
To protect plaintext from being visible on the WAN, enable Oracle Net encryption. Set parameters in the $ORACLE_HOME/network/admin/sqlnet.ora file:
- SQLNET.ENCRYPTION_SERVER = requested
- SQLNET.ENCRYPTION_TYPES_SERVER = (RC4_256, AES256)
- SQLNET.ENCRYPTION_CLIENT = requested
- SQLNET.ENCRYPTION_TYPES_CLIENT = (RC4_256, AES256)
After editing the sqlnet.ora file, reload the listener.
Ensure one of the following RPMs is installed, based on the Oracle Database release of your system:
- Oracle Database 11g Release 2: oracle-rdbms-server-11gR2-preinstall
- Oracle Database 12c Release 1: oracle-rdbms-server-12cR1-preinstall
You can use this command as the root user to verify that the RPM is installed:
```
# rpm -qa|grep oracle-rdbms-server
```
Ensure the Netcat RPM is installed: nc-1.84-24.el6.x86_64 or higher.
Ensure that the /etc/hosts file contains the IP address for your on-premises system, the host name with a fully qualified domain name, and a short host name.
Ensure all TCP socket size maximum kernel parameters are set to 10 MB (10485760) for optimal transport performance:
- net.core.rmem_max = 10485760
- net.core.wmem_max = 10485760
As the root user, execute these commands:
```
# sysctl -w net.core.rmem_max=10485760
# sysctl -w net.core.wmem_max=10485760
```
The Oracle listener port and the Secure Shell (SSH) port must be open for remote access from the compute node.

It is important that you secure port connectivity on the on-premises system. To enable SSH tunneling and also to make sure that only specific cloud IP addresses can access the listener port in the on-premises system, appropriate security rules need to be configured on the on-premises system. The on-premises firewall needs to have properly configured Access Control Lists to allow SSH and Oracle Net to be accessed from the on-premises system by the Oracle Cloud compute node. Because Oracle Data Guard in a Hybrid DR deployment requires access to the on-premises database from the cloud compute node, the primary database listener port must be opened with restricted access from the cloud IP address.
Ensure that the non-Oracle software meets the following minimum release requirements
- Java: Release 1.7 or higher. Java must be in the default path.
- Perl: 5.10.1 or higher.
- Python: 2.6.6 or higher.

You must have a valid Oracle Storage Cloud Service account and ensure that it is accessible from your on-premises system. You will create a container and then specify its name in the setupdg.cfg file and in the Oracle Database Cloud Service creation wizard.

Perform these steps to create the Hybrid DR configuration:

Create a container in Oracle Storage Cloud Service to be used only during the deployment creation. See Creating Containers in Using Oracle Cloud Infrastructure Object Storage Classic. You should delete this container after the database deployment is created.
Create an IP reservation that will be used for the standby database. See Creating an IP Reservation for detailed instructions.
If you have previously used the same on-premises system to set up a Hybrid DR configuration, perform these commands on the system to prepare it for reuse in this Hybrid DR configuration:
```
% cd /var/opt/oracle/hdg/
% rm -rf db_wallet
% rm -rf hdgonpreminfo*
```
Using wget, download the OracleCloud_HybridDR_Setup.zip file from Oracle Storage Cloud Service to your own system and expand the zip file.
```
% wget https://storage.us2.oraclecloud.com/v1/dbcsswlibp-usoracle29538/hdg/DBCS_version/OracleCloud_HybridDR_Setup.zip
```
where DBCS_version is the Database Cloud Service version, such as 17.3.1.
Follow the instructions in the README file from the OracleCloud_HybridDR_Setup.zip file to update the setupdg.cfg configuration file and back up your on-premises database.
Create the Hybrid DR deployment by using the Oracle Database Classic Cloud Service creation wizard.
See Creating a Customized Database Deployment for instructions on using the wizard.
Be sure to specify the following values when using the wizard:
- Service page:
  - Region. Select a region. Your identity domain must be enabled for regions to create a Hybrid DR deployment.
  - IP Network. If your region has IP networks, this field appears. You must select No Preference because Hybrid DR does not support IP networks.
  - Software Release. Choose the Oracle Database release corresponding to the primary database.
  - Software Edition. Choose at the minimum a software edition that supports the options used by the source database.
  - Database Type. Choose Data Guard Standby with Hybrid DR.
- Service Details page:
  - DB Name (SID) (on the Service Details page). Specify the same SID as used by the database on your on-premises system. You must make sure the SID you provide matches exactly, including the case of letters.
  - Administration Password. Specify the same password that you use for the SYS user on your on-premises database.
  - Usable Database Storage (GB) (on the Service Details page). Specify the minimum the amount of storage needed to accommodate the source database.
  - Advanced Settings: Listener Port. Specify the same port number that you use for the database on your own system.
  - Advanced Settings: IP Reservations. Select the IP reservation you created in a previous step.
  - Backup Destination. The chosen destination is only applicable when the database on the compute node is the primary database. If you select None when you create the deployment, you can change the backup configuration as described in Enabling and Reconfiguring the Automatic Backups Feature. Be aware that if you change the backup destination, the Database Cloud Service Console is unaware of this change.
  - Hybrid DR: Cloud Storage Container. The name of the Oracle Storage Cloud Service container that contains the configuration information and backup of your on-premises database. This name should match the name you set in the setupdg.cfg file.
  - Hybrid DR: Username. The name of a user who has read/write access to the specified Oracle Storage Cloud Service container.
  - Hybrid DR: Password. The password of the user specified in Username.
After the database deployment creation is complete, change the permissions on the /home/oracle/bkup directory.
1. Log in to the compute node as the opc user.
2. Start a root-user command shell:
```
$ sudo -s
#
```
3. Change the permissions on the /home/oracle/bkup directory:
```
# chmod 755 /home/oracle/bkup
```
4. Exit the root-user command shell.

After the database deployment creation is complete, create operating system directories required for the standby database on the compute node.

Log in to the compute node as the oracle user.
Connect to the standby database as SYSDBA:
```
$ sqlplus / as sysdba
```

Query V$DATAFILE to see a list of files and identify the directory for each, as shown in the example:

SQL> SELECT name FROM v$datafile;
NAME
------------------------------------------------------------------------------
/u02/app/oracle/oradata/orcl/system01.dbf
/u02/app/oracle/oradata/orcl/sysaux01.dbf
/u02/app/oracle/oradata/orcl/undotbs01.dbf
/u02/app/oracle/oradata/orcl/pdbseed/system01.dbf
/u02/app/oracle/oradata/orcl/users01.dbf
/u02/app/oracle/oradata/orcl/pdbseed/sysaux01.dbf
/u02/app/oracle/oradata/orcl/PDB1/system01.dbf
/u02/app/oracle/oradata/orcl/PDB1/sysaux01.dbf
.
8 rows selected.

Exit from SQL*Plus.

Create the directories that you identified when you queried V$DATAFILE. For example:

$ mkdir -p /u02/app/oracle/oradata/orcl
$ mkdir -p /u02/app/oracle/oradata/orcl/pdbseed
$ mkdir -p /u02/app/oracle/oradata/orcl/PDB1

Make a copy of /home/oracle/.ssh/ on your own system after the database backup is completed successfully.

When the Hybrid DR deployment is created, a new set of private and public keys is created in /home/oracle/.ssh. The original .ssh directory is stored as /home/oracle/.ssh.bak. Only the private and public keys generated during the deployment creation process are copied to the compute node. By making an extra copy of /home/oracle/.ssh, you can append the public keys from your on-premises host to the newly created /home/oracle/.ssh directory.
Delete the Oracle Storage Cloud Service container that you created in the first step.

The following limitations apply to a Hybrid DR deployment:

You must use the dataguard subcommands of the dbaascli utility to perform operations on your Hybrid DR Data Guard configuration. You cannot use the Oracle Database Cloud Service console to perform operations on the on-premises primary database. See The dbaascli Utility for detail on the dataguard subcommands of the dbaascli utility.
You cannot use the Oracle Database Cloud Service console or the bkup_api utility to take backups of your on-premises primary database. If the standby database on the compute node becomes the primary database in the Hybrid DR configuration, backups may be taken by using the Oracle Database Cloud Service console or the bkup_api utility depending on the backup configuration selected when the database deployment was created.
You cannot use the Oracle Database Cloud Service console or the patch subcommand of the dbaascli utility to patch your on-premises primary database. See Patching a Hybrid DR Deployment for additional information on patching the databases in a Hybrid DR deployment.