Managing Recovery Window Compliance
The "Recovery Window Compliance" is a range of time that the Recovery Appliance will ensure databases can be recovered from their backups. This is specified with a RECOVERY_WINDOW_COMPLIANCE
attribute in the protection policy. When set in the protection policy, newly created backups of that policy are held on the Recovery Appliance for that period of time.
RECOVERY_WINDOW_COMPLIANCE
is different and more restrictive than RECOVERY_WINDOW_GOAL
, because the goal doesn't have to be met but the compliance does. The goal might be for the Recovery Appliance to recover a given database to any point in the last 30 days, if reserve storage is sufficient and not needed and overwritten by newer backups. Recovery window compliance might require the Recovery Appliance to recover a given database to any point in the past 7 days regardless of reserve storage constraints.
Note:
If the RECOVERY_WINDOW_COMPLIANCE
is too large, it can prevent the addition of new backups to the Recovery Appliance, because reserve storage isn't available. When RECOVERY_WINDOW_COMPLIANCE
consumption is near the reserved storage limit and an incoming backup piece would have the space used exceed that limit, RMAN fails immediately.
Because backups need space, you must estimate how much reserve space you believe is needed to store backups. The ESTIMATE_SPACE procedure can assist with determining reserved space. The target_window
used to estimate space should be the RECOVERY_WINDOW_COMPLIANCE
plus an extra day for edge conditions.
Changes can be made to the protection policy to keep backups longer or shorter for new backups. However, once RECOVERY_WINDOW_COMPLIANCE
is set for a given backup, it is strictly enforced and the backup is not deleted until the RECOVERY_WINDOW_COMPLIANCE
period expires.
The two main methods for creating and maintaining recovery window compliance are with an application, such as Enterprise Manager Cloud Control, or using the DBMS_RA API. In either case, the
The steps for setting and removing compliance hold on a database using Enterprise Manager Cloud Control are:
-
Log in to your Cloud Control page.
See Also:
"Accessing the Recovery Appliance Home Page" for more information.
-
From any Cloud Control page, use the Targets drop-down menu and select Recovery Appliances.
The Recovery Appliances page appears.
-
In the Name column, click the name of a Recovery Appliance.
The Home page for the selected Recovery Appliance appears.
-
From the Recovery Appliances drop-down menu, select Protection Policies.
This displays a table with all of the protection policies that the Recovery Appliance is currently enforcing.
-
Select the Protected Policy table and then on Edit to make change for its recovery window compliance or to turn on keep compliance.
This opens the Update Protection Policy dialog box.
Note:
Changes to the protection policy affect all databases that use that policy, which are listed below the Protected Policy table for the policy selected.
The Recovery Window Compliance is a time range to which the Recovery Appliance must ensure that all databases using that protection policy can be recovered. This should be smaller than Recovery Window Goal. The Recovery Window Compliance may be null. If too large, this can result in the Recovery Appliance rejecting new backups, because old backups for compliance purposes have not "expired" and made their storage space available for re-use with incoming backups.
The protection policy can also be used to establish Keep Compliance. When enabled in the protection policy, the Recovery Appliance keeps the backups of all of the associated databases until the "keep until time".
Later when a protection policy and its associated databases no longer require a compliance hold, be sure to remove.
PL/SQL Snippets on Setting Immutability Settings in Protection Policies
The protection policy has two new immutability settings and UPDATE_DB
has one.
If you are creating a new protection policy for compliance, refer to Creating a Protection Policy. You can set multiple compliance attributes at the same time, such as in the following snippet.
dbms_ra.CREATE_PROTECTION_POLICY (
PROTECTION_POLICY_NAME => ‘Policy 1’,
STORAGE_LOCATION_NAME => ‘DELTA’,
RECOVERY_WINDOW_GOAL = INTERVAL '14' DAY,
RECOVERY_WINDOW_COMPLIANCE => INTERVAL '7' DAY,
KEEP_COMPLIANCE => ‘YES’,
ALLOW_BACKUP_DELETION => ‘NO’);
If you are modifying existing protection policies for compliance rules, here are PL/SQL snippets on updating a policy.
-
Set
RECOVERY_WINDOW_COMPLIANCE
settings for one or more protection policies.BEGIN DBMS_RA.UPDATE_PROTECTION_POLICY( PROTECTION_POLICY_NAME => '&pname', RECOVERY_WINDOW_GOAL => INTERVAL '92' DAY, RECOVERY_WINDOW_COMPLIANCE => INTERVAL '14' DAY); END;
Note:
Exercise caution in setting this value, because too large values forRECOVERY_WINDOW_COMPLIANCE
can result in the Recovery Appliance running out of storage with backups that can't be deleted (yet) to the point where new backups can't be stored and are rejected. This number forRECOVERY_WINDOW_COMPLIANCE
should be less than theRECOVERY_WINDOW_GOAL
.RESERVED_SPACE
needs to be large enough to support all needed backups for compliance retention, otherwise the space could fill and cause new backups to be rejected. -
Set
ALLOW_BACKUP_DELETION
attribute toNO
for one or more protection policies.BEGIN DBMS_RA.UPDATE_PROTECTION_POLICY( PROTECTION_POLICY_NAME => '&pname', ALLOW_BACKUP_DELETION => 'NO'); END;
ALLOW_BACKUP_DELETION
set toNO
means that the Recovery Appliance does not allow deletion of these backups, which is the requirement of a legal hold. .ALLOW_BACKUP_DELETION
set toYES
means that the Recovery Appliance allows deletion of these backups when they expire beyond their recovery window goals.Note:
ALLOW_BACKUP_DELETION
has to be set toNO
(disabled) beforeKEEP_COMPLIANCE
is enabled. -
Enable
KEEP_COMPLIANCE
immutable settings for one or more protection policies.Here is a pseudo snippet for PL/SQL that shows the
KEEP_COMPLIANCE
attribute being set in a given protection policy.BEGIN DBMS_RA.UPDATE_PROTECTION_POLICY( PROTECTION_POLICY_NAME => '&pname', KEEP_COMPLIANCE => 'YES'); END;
YES
: The Recovery Appliance prevents the deletion ofKEEP
backups.NO
: The administrator of the Recovery Appliance is permitted to removeKEEP
backups.The
KEEP_COMPLIANCE
attribute helps enable the archival backup by preventing its storage from getting overwritten when the backup would normally have expired according to its recovery window goals. However, once thekeep_time
is reached, the backup can be deleted.