Back Up Your Data

To create resilient architectures, back up your data, applications, and operating environments (defined as operating systems configured with applications) to meet the requirements for your recovery point objectives (RPO) and recovery time objectives (RTO).

Backup Data in Storage Services

Cloud Architect, Infrastructure Lead, Security Architect

Identify the different services where your data resides in your application. Ensure that you understand the backup functionality of each service and architect your application around it.

Identify all data in your cloud storage services (Local NVMe, Block, File, and Object Storage) that require backup and perform manual or automatic backups.

Review and consider the following for your cloud storage:

• Oracle Cloud Infrastructure locally attached NVMe devices

  Some instance shapes in Oracle Cloud Infrastructure include locally attached NVMe devices. These devices provide extremely low latency, high performance block storage. These devices are not protected by Oracle Cloud Infrastructure; they are individual devices locally installed on your instance. It is your responsibility to protect and manage the durability of the data on these devices.

  There are three primary failure modes that you should consider when protecting your local NVMe devices:

  • Failure of an NVMe device
  • Loss of the instance or availability domain
  • Data corruption or loss from application or user error

  You can mitigate the failure of an NVMe device in Linux by using the Local Volume Manager (LVM) to mirror the device. The other two require implementing a backup method.

• Oracle Cloud Infrastructure Block Volumes

  The block volume service enables you to dynamically provision and manage block storage volumes. All volumes have built-in durability and run on redundant hardware within a single availability domain. It provides integrated features to back up your data to Oracle Cloud Infrastructure Object Storage. You can use the backups for business continuity and disaster recovery. The following backup options are available:

  • Automated and policy-based scheduled backups, with a choice of incremental or full. The policies are either predefined or user-defined.

  • Manual on-demand backups, with a choice of incremental or full. Manual backups have no retention period associated with them and are stored indefinitely.

• Oracle Cloud Infrastructure File Storage

  The service provides a durable, scalable, secure, enterprise-grade network file system. It is a shared file system. Data is replicated for durability within each availability domain.

  The following backup options are available:

  • Use snapshots for data protection of your file system. Snapshots are a consistent, point-in-time view of your file systems. They are copy-on-write, and scoped to the entire file system. Scripts and tools are available to manually copy snapshots to object storage in either the same or different region. For better durability in a multi-availability domain, Object Storage replicates the data stored across availability domains. Use the Parallel File Tools suite to manage snapshots. The suite provides parallel versions of tar, rm, and cp and can run requests on large filesystems in parallel, maximizing performance for data protection operations.
  • Use rsync and rclone commands to transfer data to Oracle Cloud Infrastructure Object Storage or another file system.
• Oracle Cloud Infrastructure Object Storage

  This regional service is an internet-scale, high-performance storage platform that provides highly durable and available data across multiple availability domains (ADs) in a multi-AD region and across multiple fault domains in a single AD region. The service provides internet scale and high performance storage for your unstructured data.

  Data is stored redundantly across multiple storage servers. Oracle Cloud Infrastructure Object Storage actively monitors data integrity and ensures data redundancy. The service automatically detects and repairs corrupt data. If a redundancy loss is detected, the service automatically creates more data copies.

Backup Data in Your Databases

Cloud Architect, Infrastructure Lead, Security Architect

Perform either manual or automatic backups of the data in your databases.

Identify the back-up requirements based on the database service that you use:

• Oracle Cloud Infrastructure database systems

  Oracle Cloud Infrastructure Database systems provide methods of creating backups of your databases in Oracle Cloud Infrastructure Object Storage, Oracle Database Zero Data Loss Autonomous Recovery Service, or local disk.

  • Automatic Backups

    When you enable the Automatic Backup feature, you get the choice of Autonomous Recovery Service or Object Storage as a backup destination. Autonomous Recovery Service offers zero data loss recovery with real-time database protection, uses an incremental forever backup paradigm, and automatically performs recovery validation. This helps ensures that the database is always protected and ready for recovery. Object storage creates weekly full and daily incremental backups. Both destinations allow you to set a retention period for backups and manage the backup schedule.

  • On-Demand Backups

    You can create a backup of your database at any time unless your database is assuming the standby role in association with Oracle Data Guard. When object storage is the backup destination, on-demand backups are full backups and remain in object storage even after the database is terminated. When Autonomous Recovery Service is the destination, on-demand backups are incremental backups and are retained according to the retention period.

    Alternatively, you can use Oracle Recovery Manager (RMAN) to manage backups of your database systems to your own Object Storage.

  • Local Disk Backup

    Backups are stored locally in the Fast Recovery Area of the DB System. It is not a recommended approach as it provides low durability and if the DB System becomes unavailable, the backup is also unavailable.

• Cloud Service

  You can setup automated incremental or manual on-demand full backups using the Oracle Exadata Database Service. You can use the Console or API to work with Exadata database backups managed by Oracle Cloud Infrastructure. You can use the backup utility, bkup_api, to back up databases on an Exadata DB system to an existing bucket in Oracle Cloud Infrastructure Object Storage, Oracle Database Zero Data Loss Autonomous Recovery Service, and to the local disk Fast Recovery Area.

• Oracle Autonomous Database

  Oracle Cloud Infrastructure automatically backs up your Oracle Autonomous Database and retains the backups for 60 days. Automatic backups are weekly full backups and daily incremental backups. You can create manual backups to supplement your automatic backups. Manual backups are stored in an Oracle Cloud Infrastructure Object Storage bucket that you create and are retained for 60 days.

Verify Your Backup Integrity and Processes

Cloud Architect, Infrastructure Lead

Validate that your backup process implementation meets Recovery Time Objective (RTO) and Recovery Point Objective (RPO) through a recovery test.

• Validate your NVMe protection methods with failover tests.
• Use Oracle Cloud Infrastructure Block Volume backups to restore a volume in the same or different availability domain. By copying over block volumes to other regions, you can also restore a volume in another region for disaster recovery. Validate your backups regularly to make sure that you can meet your RTO and RPO requirements.
• Use a snapshot to restore files. File storage snapshots are created under the root folder of your file system, in a hidden directory named .snapshot. You can restore a file within the snapshot, or an entire snapshot using the cp command.
• To avoid loss of data in case of a natural disaster or an availability domain wide failure, you can implement disaster protection mechanisms using features such as Oracle Cloud Infrastructure Block Volumes inter-region backup and Oracle Cloud Infrastructure Object Storage inter-region copy.
• To back up file system data on Linux and Windows OCI Compute instances to OCI Object Storage, allowing single file recoverability you can use Oracle Secure Backup which is available in the Oracle Cloud Marketplace. Oracle Secure Backup is a licensed product (Bring Your Own License).

Validate Backup Security and Encryption

Cloud Architect, Infrastructure Lead, Security Architect

Ensure that your Oracle Cloud Infrastructure Identity and Access Management authentication and authorization policies enable you to access your data. Also, verify data integrity with encryption.

The following access security is provided for each storage service:

• Oracle Cloud Infrastructure Identity and Access Management

  Create policies to provide granular access controls for your data and its backups.

• Oracle Cloud Infrastructure Block Volume

  The service encrypts all block volumes and boot volumes at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit keys. Consider the following additional encryption options.

  • You can encrypt all of your volumes and their backups by using keys that you own, and you can manage the keys by using the Oracle Key Management Cloud Service.
  • Data is transferred between an instance and the attached block volume through an internal and highly secure network. You can enable in-transit encryption for paravirtualized volume attachments on virtual machine instances.
• Oracle Cloud Infrastructure File Storage

  The service encrypts all data at rest. By default, the file systems are encrypted by using Oracle-managed encryption keys.

  You can encrypt all of your file systems by using keys that you own. You can manage the keys by using the Oracle Key Management Cloud Service.

• Oracle Cloud Infrastructure Object Storage

  The service employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server.

  Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. You can optionally configure a bucket so that it's assigned an Oracle Key Management Cloud Service master encryption key that you control and rotate on your own schedule.

• Oracle Database Zero Data Loss Autonomous Recovery Service

  Integration with automatic backup ensures that all backups are encrypted. Encryption is required for all backups stored in Autonomous Recovery Service. Encryption uses the same key used for Transparent Data Encryption (TDE).

• Database systems
  • The DB System automatic and on-demand backups are encrypted automatically with the same master key used for Transparent Data Encryption (TDE) wallet encryption.
  • If Oracle Recovery Manager (RMAN) is used to manage backups of your DB system to your own Object Storage, encryption is enforced.
  • If local storage backup is used for DB systems, Oracle recommends that you encrypt them using the command line interface (dbcli).
• Oracle Secure Backup

  Backup encryption is on by default when backing up to OCI Object Storage devices. Encryption keys are stored in the Oracle Secure Backup catalog.

Replicate Your Data for Disaster Recovery

Enterprise Architect, Cloud Architect, Infrastructure Lead

Ensure that all of the data needed by your application for disaster recovery is available in your disaster recovery (DR) region.

Consider the following:

• Identify the data stored in your file systems either locally, in the Oracle Cloud Infrastructure File Storage service, or in the Oracle Cloud Infrastructure Object Storage service that will be required in the event of disaster recovery.
  • For files on local and FSS file systems, you can use commands such as rsync and rclone to copy data to the DR region. If Oracle Secure Backup is used for file system backups, it can be used to restore data in a remote region.
  • For files on local file systems residing on block volumes, you can periodically copy block volume backups between regions.
  • For files on object storage, you can copy objects from one region to buckets in other regions
• For Oracle databases, use Oracle Data Guard to create a physical standby database in your DR region.

Learn More

• NVMe Failure Modes and How to Protect Against Them

• Policy-Based Backups

• Backing Up a Volume

• Oracle Secure Backup is available in the Oracle Cloud Marketplace

• Copying a Volume Backup Between Regions

• Install the Parallel File Tools Suite

• Transferring Data to Object Storage from Other Cloud Providers or Local File Systems

• Copying Objects

• Back Up and Recovery in Base Database Service
• Manage Database Backup and Recovery on Oracle Exadata Database Service on Dedicated Infrastructure

• Backing Up an Autonomous Database Manually

• How Policies Work

• Managing Snapshots

• Overview of Key Management