Configure Oracle Data Guard for Oracle Exadata Database Service on Dedicated Infrastructure
Data Guard for Oracle Exadata Database Service on Dedicated Infrastructure supports Oracle-managed keys and customer-managed keys for Transparent Data Encryption (TDE). Oracle-managed keys use password based wallets to store and manage TDE keys, while customer-managed keys enable you to store and manage TDE keys in OCI Vault. By default, Oracle Exadata Database Service on Dedicated Infrastructure uses Oracle-managed keys.
Verify Security Policies and Dynamic Groups
If your database uses OCI Vault to store customer-managed keys, you must follow the steps below to verify all required security policies and dynamic groups are properly configured. You can skip this section if your database uses Oracle-managed keys.
Verify OCI Vault Replication
If you are configuring Oracle Data Guard between two regions, and your database uses customer-managed keys, a Virtual Private Vault must be replicated between the two regions. You can skip this section if your database uses Oracle-managed keys. These steps describe how to verify your Virtual Private Vault is being replicated across both regions.
Configure In-Region Oracle Data Guard
These steps describe how to enable Oracle Data Guard for Oracle Exadata Database Service on Dedicated Infrastructure databases in the same region.
- Navigate to the OCI menu, and click Oracle Database.
- Click Oracle Exadata Database Service on Dedicated Infrastructure.
- Select the compartment where the Oracle Exadata Database Service on Dedicated Infrastructure VM cluster is configured.
- Select the VM cluster where the database to be configured with Oracle Data Guard is located.
- Click the database name to select the database.
- Under Resources, click Data Guard Associations.
- Click Add Standby. An Add standby window will open, your database version determines the options displayed. Databases version 11g and 12c support Data Guard Associations, while versions 19c and newer support Data Guard Groups. Select whether to configure a Data Guard Association, or a Data Guard Group.
- Configure the Data Guard options:
- Peer Region: The region for the selected database is displayed by default. Use this region for the Oracle Data Guard configuration.
- Availability Domain: The availability domain for the selected database is displayed by default. Use this availability domain if the standby database is to be configured on the same availability domain as the primary database. Otherwise, select a different availabiity domain.
- Exadata Infrastructure: Select the Exadata Infrastructure where the standby will be running.
- Data Guard Peer resource type: Select VM cluster.
- VM Cluster: Select the VM cluster where the standby database will be running. If the standby database will be running on a VM cluster on a different compartment, select the corresponding compartment. By default, the same compartment as the primary database is selected.
- Data Guard Type: Select Data Guard or Active Data Guard. Active Data Guard may require an additional license.
- Protection Mode: Select Max Performance or Max Availability.
- Transport: Synchronous or Asynchronous depending on the Protection Mode selection. If the Protection Mode is Max Performance, the Transport is Asynchronous. If the Protection Mode is Max Availability, the Transport is Synchronous.
- Database Home: Select existing or create a new database home. Ensure the database home runs the same Oracle database software version and patches as the primary.
- Database Unique Name: (Optional) Provide a database unique name for the peer standby database. If no database unique name is provided, by default the OCI interface will automatically configure a database unique name for the standby database.
- Password: Provide the
sys
password for the primary database. Thesys
password and TDE Wallet password must be the same when using Oracle-managed keys. - TDE Password: Enter the TDE password for the primary database. The
sys
and TDE password may be the same when using Oracle Managed Keys.
- Click Add Standby.
Configure Cross Region Oracle Data Guard
These steps describe how to enable Oracle Data Guard for Oracle Exadata Database Service on Dedicated Infrastructure databases in different regions.