Oracle Data Guard ensures high availability, data protection, and disaster recovery for enterprise data. With Data Guard, failover of the primary database to the standby database can be done manually by using the Data Guard Broker command line interface (DGMGRL CLI) or Oracle Enterprise Manager, or automatically by configuring a Compute node to act as a fast-start failover (FSFO) observer. The observer can automatically initiate failover and automatically reinstate a failed primary database as a standby database. Having FSFO observers in the deployment removes the need for manual intervention when database failover is necessary.
This reference architecture shows how to deploy two bare metal DB systems and the infrastructure components needed to configure FSFO for an Oracle Database 12c Release 2 (12.2) deployed on Oracle Cloud Infrastructure in two regions.
This cloud database architecture can be used as a resilient database tier for many applications, including Oracle E-Business Suite, JD Edwards and PeopleSoft.
The following diagram illustrates this reference architecture.
Description of the illustration ha-bm-db-oci.eps
A region is a localized geographic area composed of one or more availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or continents).
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domains
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you place Compute instances across multiple fault domains, applications can tolerate physical server failure, system maintenance, and many common networking and power failures inside the availability domain.
- Virtual cloud network (VCN) and subnets
Every compute instance is deployed in a VCN, which can be segmented into subnets.
- Security lists
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
Observers are Compute nodes that have the necessary Oracle Database software installed and configured to initiate FSFO of the Oracle Database running on the bare metal DB system. An FSFO best practice is to run the observer process on a host that is located in a different data center than the primary or standby database. To meet that best practice, this reference architecture deploys three observer nodes. Oracle Database release 12.2 or higher is required for this setup.
- Primary and standby DB systems
These bare metal DB systems have an Oracle Database 12c Release 2 (12.2) configured for Data Guard replication.
Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.
- DB system shapes
This reference architecture uses the BM.Standard2.52 bare metal shape for the DB systems. This shape has 51.2 TB of locally attached NVMe SSDs with low latency. We selected the bare metal shape because it lets us create multiple database homes and databases.
- Compute shapes
This reference architecture uses a VM.Standard2.1 core virtual machine (VM) shape for the observer nodes. The observer node is a low-footprint Oracle Call Interface client built into the DGMGRL CLI. A one-core VM shape is sufficient for this architecture.
When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Specify a subnet mask and a network address range large enough for the required IP addresses, using CIDR notation. Use an address space that falls within the standard private IP address blocks.
Choose an address range that doesn't overlap with your on-premises network, in case you need to set up a connection between the VCN and your on-premises network later.
After you create the VCN, you can’t change the address range.
When you design the subnets, consider functionality and security requirements. All Compute instances within the same tier or role should go in the same subnet, which can be a security boundary.
Use a regional subnet.
- Security lists
Use security lists to define ingress and egress rules that apply to the entire subnet. For example, this reference architecture allows ICMP internally for the entire private subnet.
Consider these points when deploying this reference architecture.
To get the best performance for your application workloads, ensure that your primary bare metal DB system has enough cores to support the application and the Data Guard configuration.
The observer nodes are deployed in multiple availability regions to ensure that FSFO can automatically occur even if one of the observer nodes goes offline. After failover occurs, the standby database becomes the primary database.
Size the CPUs on the bare metal DB systems based on your needs. You can start with two or more cores and scale up to 52 cores on a BM.DenseIO2.52 shape. You can also scale up the cores dynamically without downtime.