Configure Network Traffic for Data Guard in Azure

Learn how to configure your network for the observer, primary, and standby databases.

Follow these steps to enable network connectivity between the observer, primary, and standby databases over the Azure network:

1. In the Azure portal, create a virtual network peer between VNet1 and VNet2 to enable Data Guard traffic between the primary and standby databases.
   1. In Virtual networks, select VNet1.
   2. In the Settings section, select Peerings.
   3. Click +Add.
   4. Enter a peering link name, select VNet2, and enable Allow the peered virtual network to receive forwarded traffic from 'VNet1'.
   5. Click Add.
2. Repeat the steps to create a virtual network peer between VNet3 and VNet1 to enable network traffic between the observer and the primary database.
3. Repeat the steps to create a virtual network peer between VNet3 and VNet2 to enable network traffic between the observer and the standby database.
4. Create a security group and assign it to the subnet of VNet3 with the following rules to enable network traffic from VNet1 and VNet2.

   Name	Port	Protocol	Source	Destination	Action
   Allow ingress from the subnet of VNet1	1521	TCP	10.10.1.0/24	Any	Allow
   Allow ingress from the subnet of VNet2	1521	TCP	10.20.1.0/24	Any	Allow

Configure Network Traffic for Data Guard in OCI

For the primary and standby database networks, the security rules on OCI take precedence over the security rules on Azure.

Follow these steps to enable Data Guard traffic by adding client NSG rules in VCN1 and VCN2 to allow connections from Azure VNets.

1. In the OCI Console, add security rules to the client Network Security Group (NSG) in VCN1 to allow traffic from the subnets of VNet2 and VNet3.

   Stateless	Source CIDR	Protocol	Source Port	Destination Port	Description	Note
   No	10.20.1.0/24	TCP	1521	1521	TCP traffic for ports: 1521	Allow ingress from the subnet of VNet2
   No	10.30.1.0/24	TCP	1521	1521	TCP traffic for ports: 1521	Allow ingress from the subnet of VNet3

2. Add security rules to the client Network Security Group (NSG) in VCN2 to allow traffic from the subnets of VNet1 and VNet3.

   Stateless	Source CIDR	Protocol	Source Port	Destination Port	Description	Note
   No	10.10.1.0/24	TCP	1521	1521	TCP traffic for ports: 1521	Allow ingress from the subnet of VNet1
   No	10.30.1.0/24	TCP	1521	1521	TCP traffic for ports: 1521	Allow ingress from the subnet of VNet3

Enable Data Guard

Create the Data Guard standby database.

Use the OCI Console to add a standby database and configure the association.

1. Log in to the OCI Console and open the primary Database information page.
2. Select the Data Guard associations tab.
3. Click Add standby.
4. To explicitly run a Data Guard precheck, click Run Precheck.
   • The system closes the Add Standby page.
   • A message appears on the Primary Database Details page indicating that the precheck is in progress, and the Add Standby button is disabled.
   • While the precheck is running, the primary database and the VM cluster remain in the AVAILABLE state.
5. Select Use the new Data Guard Group Resource.

   With this option, your new Data Guard configuration will be created as a Data Guard Group resource and supports adding multiple standby databases.

6. In Peer VM Cluster, specify the standby value as follows:

   Option	Description
   	The primary and standby databases are running on two different VM clusters in the same region.
   Availability Domain	Availability Domain
   VM Cluster	VM Cluster

7. In Data Guard Group details, select a Data Guard type as either Active Data Guard or Data Guard based on your requirements.

   Active Data Guard: A licensed option to Oracle Database Enterprise Edition that enables advanced capabilities extending basic Data Guard functionality, including Real-Time Query and DML Offload, Automatic Block Repair, Standby Block Change Tracking, Global Data Services, and Application Continuity.

   Data Guard: Ensures high availability, data protection, and disaster recovery for enterprise data. Data Guard provides a comprehensive set of services to create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to survive disasters and data corruptions. Data Guard maintains these standby databases as transactionally consistent copies of the production database.

8. Set the Protection mode for this Data Guard Group.
   • Maximum Performance: Provides the highest level of protection possible without affecting primary database performance.
   • Maximum Availability: Provides zero data loss synchronous transport protection without compromising database availability.
9. Set the redo Transport type used for the Data Guard association between the primary and this standby database:
   • Async: Asynchronous transport mode is used with Maximum Performance protection mode.
   • Sync: Synchronous transport mode used with Maximum Performance and Maximum Availability protection mode.
10. Choose an existing Database Home for the standby database.
    To add a standby in a new database home, create the database home before adding the standby database.
11. Provide the standby database details.
    1. Enter a unique standby database name.
    2. Enter the database admin password of the primary database in the Database password field.
    3. Provide the TDE wallet password.
12. Click Add.

    A work request is issued to configure the Data Guard association. You can view the progress of the request and the stages of provisioning on the Work Requests page of the respective Standby database.

When the association is created, the details for a database and its peer display their respective roles as Primary or Standby.