Learn About Deploying a Hybrid DR Topology for an On-Premises Oracle Exadata

To ensure business continuity in the event of disasters, implement a disaster recovery strategy for your on-premises Oracle Exadata Database Machine. You need a low cost, high availability solution that provides data protection and enables you to quickly switch to the standby system with minimal loss of data and productivity. You can create a hybrid disaster recovery (DR) plan, where the primary Oracle Exadata Database Machine is on-premises and the standby is an Oracle Database Exadata Cloud Service in Oracle Cloud Infrastructure (OCI). OCI and Oracle Data Guard provide a highly available, secure, and scalable infrastructure and services that enable you to recover from disasters reliably and securely.

Before You Begin

Learn more about the disaster recovery (DR) capabilities of Oracle Cloud.

See Learn about protecting your cloud topology against disasters.

This solution assumes that you have Oracle Exadata Database Machine deployed in your on-premises data center and Oracle Database Exadata Cloud Service deployed in Oracle Cloud as shown in the architecture.


This architecture shows an Oracle Database, Enterprise Edition in an on-premises data center and a similar configuration in an Oracle Cloud Infrastructure (OCI) region, which serves as a standby. In the event of an outage in your primary database, Oracle Data Guard enables you to quickly restore your workload to the standby database in OCI.

The following diagram illustrates the on-premises to cloud disaster recovery (DR) architecture using Oracle Data Guard.

Description of hybrid-dr-v3.png follows
Description of the illustration hybrid-dr-v3.png
This architecture supports the following components in the on-premises Data Center:
  • Oracle Exadata DB Machine

    Oracle Exadata Database Machine is a modern architecture featuring scale-out industry-standard database servers, scale-out intelligent storage servers, and an extremely high speed internal RDMA Network Fabric that connects the database and storage servers.

  • Oracle Data Guard

    An Exadata DB Machine engineered system is located in the on-premises data center, with Oracle Data Guard association enabled for data replication.

    The standby Exadata DB Cloud Service in Oracle Cloud is a transactionally consistent copy of the primary database. Oracle Data Guard automatically maintains synchronization between the databases by transmitting and applying redo data from the primary database to the standby. In the event of a disaster in the primary region, Oracle Data Guard automatically fails over to the standby database.

This architecture supports the following components in Oracle Cloud Region:

  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Availability domain

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual cloud network (VCN) and subnet

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • VPN Connect

    VPN Connect provides site-to-site IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

  • FastConnect

    Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

  • Internet gateway

    The internet gateway allows traffic between the public subnets in a VCN and the public internet.

  • Dynamic routing gateway (DRG)

    The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

  • NAT gateway

    The NAT gateway enables private resources in a VCN to access hosts on the internet, without exposing those resources to incoming internet connections.

  • Route table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Bastion host

    The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.

  • Exadata DB system

    Exadata Cloud Service enables you to leverage the power of Exadata in the cloud. You can provision flexible X8M systems that allow you to add database compute servers and storage servers to your system as your needs grow. X8M systems offer RoCE (RDMA over Converged Ethernet) networking for high bandwidth and low latency, persistent memory (PMEM) modules, and intelligent Exadata software. You can provision X8M systems by using a shape that's equivalent to a quarter-rack X8 system, and then add database and storage servers at any time after provisioning.

  • Object storage

    Object storage provides quick access to large amounts of structured and unstructured data of any content type, including database backups, analytic data, and rich content such as images and videos. Use standard storage for "hot" storage that you need to access quickly, immediately, and frequently. Use archive storage for "cold" storage that you retain for long periods of time and seldom or rarely access.

Considerations When Deploying a DR Topology

When implementing a disaster recovery topology, consider the following:

  • Create a standby database target in Oracle Cloud Infrastructure that is symmetrical or similar to the on-premises primary database to ensure that you meet the same performance service level agreements after a role transition. Use Oracle Real Application Clusters (Oracle RAC) for Oracle RAC.
  • Ensure that the network bandwidth is sufficient to handle peak redo rates
  • Ensure that you have network reliability and security between your on-premises data center and your cloud region
  • Use Active Data Guard for additional auto-block repair, data protection and offloading benefits
  • Use Transparent Data Encryption (TDE) for both the primary and standby databases

For security, Oracle best practice recommends using TDE to encrypt both primary and standby databases to ensure that all data is encrypted at-rest. Data can be converted during the migration process, but it’s highly recommended to convert to TDE prior to migration to provide the most secure Oracle Data Guard environment. A VPN connection or Oracle Net encryption is also required for encryption-in-flight for any other database payload, such as data file or redo headers, that are not encrypted by TDE. Using TDE to protect data is an important part of improving the security of the system.

Consider the following options when deploying a DR plan using Oracle Data Guard:

  • Oracle Data Guard utilizing Enterprise Edition Service or High-Performance Service
  • Oracle Data Guard utilizing the Extreme Performance Service for Oracle Bring Your Own Licenses (BYOL) cases where you don't have an Active Data Guard Option license. (recommended)
  • Active Data Guard utilizing the Extreme Performance Service or Oracle Database Exadata Cloud Service (recommended)

About Required Services and Roles

This solution requires the following services and roles:

  • Oracle Cloud Infrastructure (OCI) region

  • Oracle Database Exadata Cloud Service
  • Oracle Exadata Database Machine

These are the roles needed for each service.

Service Name: Role Required to...
Oracle Database: root Configure the primary database and instantiate and configure the standby database.
Oracle Cloud Infrastructure: sysdba Close, shutdown, and unmount the standby database in the cloud.
Oracle Data Guard: SYS, SYSDG or SYSDBA Run the Oracle Data Guard command-line interface (DGMGRL) to convert the standby to a snapshot standby and switch the primary and standby database roles.

See Learn how to get Oracle Cloud services for Oracle Solutions to get the cloud services you need.