Learn About Deploying a Hybrid DR Topology for an On-Premises Database
One option is to create a hybrid disaster recovery (DR) plan, where the primary database is on-premises and the standby database system is in the cloud. Oracle Cloud Infrastructure and Oracle Data Guard provide a highly available, secure, and scalable infrastructure and services that enable you to recover from disasters reliably and securely.
When you establish a DR plan that uses Oracle Cloud and Oracle Data Guard, you can seamlessly switch over to the cloud for any recovery scenario.
Before You Begin
Learn more about the disaster recovery (DR) capabilities of Oracle Cloud, examine the available DR strategies, and learn more about Terraform code used to deploy the cloud topology in this solution.
See Learn about protecting your cloud topology against disasters.
This solution uses Terraform code to deploy the cloud topology. To learn more about Terraform, review the Terraform documentation. At a minimum, read the introduction in the Terrraform documentation.
Architecture
This architecture shows an Oracle Database, Enterprise Edition in an on-premises data center and a similar configuration in an Oracle Cloud Infrastructure (OCI) region, which serves as a standby. In the event of an outage in your primary database, Oracle Data Guard enables you to quickly restore your workload to the standby database in OCI.
The following diagram illustrates the on-premises to cloud disaster recovery (DR) architecture using Oracle Data Guard.
Description of the illustration hybrid-dr.png
This architecture supports the following components:
- Region
An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).
- Availability domain
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Virtual cloud network (VCN) and subnet
A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.
- Bastion host
The bastion host is a compute instance that serves as a secure, controlled entry point to the topology from outside the cloud. The bastion host is provisioned typically in a demilitarized zone (DMZ). It enables you to protect sensitive resources by placing them in private networks that can't be accessed directly from outside the cloud. The topology has a single, known entry point that you can monitor and audit regularly. So, you can avoid exposing the more sensitive components of the topology without compromising access to them.
- Database
The architecture includes a database in the on-premises data center and in the OCI region, with Oracle Data Guard association enabled for data replication.
The standby database is a transactionally consistent copy of the primary database. Oracle Data Guard automatically maintains synchronization between the databases by transmitting and applying
redodata from the primary database to the standby. In the event of a disaster in the primary region, Oracle Data Guard automatically fails over to the standby database. - Dynamic routing gateway (DRG)
The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.
- Service gateway
The service gateway provides access from a VCN to other services, such as Oracle Cloud Infrastructure Object Storage. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Password wallet
Oracle Wallet provides an easy method to manage database credentials across multiple domains. It allows you to update database credentials by updating the Wallet instead of having to change individual datasource definitions.
Terraform-based automation is available to deploy the infrastructure for a disaster recovery (DR) topology in the cloud. The Terraform script deploys the network architecture, a bastion server, and an Oracle Database Cloud Service Virtual Machine (VM DB System) in an OCI region. You can modify the topology to deploy higher capacity compute and storage instances. Use similar configurations for your primary and standby databases to ensure you meet the same performance service level agreement after a role transition.
About Oracle Data Guard
Oracle Data Guard is included in Oracle Database, Enterprise Edition and is supported by all editions of Oracle Cloud Infrastructure (OCI) database systems (Enterprise, High Performance, and Extreme Performance). Oracle Data Guard. Oracle Database, Standard Edition does not support Oracle Data Guard.
Obtain the following recovery point objectives (RPOs) when using Oracle Data Guard.
- RPO in less than one (1) second: use ASYNC transport
- RPO zero: use SYNC or FAR SYNC configurations
In addition, when you create a standby in the cloud, Oracle manages the cloud data center and infrastructure, and provides basic system lifecycle operations, including bursting and shrinking resources.
Enabling DR on Oracle Cloud requires instantiation of an Oracle Data Guard standby database in OCI. Once instantiated, Oracle Data Guard maintains synchronization between the primary database on-premises and the standby database in the cloud. The synchronization provides the ability to switchover (planned events) or failover (unplanned event) production to the standby database in the cloud during planned maintenance or unplanned outages. Once the failed on-premises database is repaired, Oracle Data Guard automatically resynchronizes it with the new production database in the cloud, enabling you to switch production back to the on-premises database.
Active Data Guard extends Oracle Data Guard capabilities by providing advanced features for data protection and availability as well as offloading read-only workload and fast incremental backups from a production database. Active Data Guard is included in the Extreme Performance Edition and Oracle Database Exadata Cloud Service. When used in a hybrid configuration, Active Data Guard must also be licensed for the on-premises system.
Considerations When Deploying a DR Topology
When implementing a disaster recovery topology, consider the following:
- Create a standby database target in Oracle Cloud Infrastructure that is symmetrical or similar to the on-premises primary database to ensure that you meet the same performance service level agreements after a role transition. Use Oracle Real Application Clusters (Oracle RAC) for Oracle RAC.
- Ensure that the network bandwidth is sufficient to handle peak redo rates
- Ensure that you have network reliability and security between your on-premises data center and your cloud region
- Use Active Data Guard for additional auto-block repair, data protection and offloading benefits
- Use Transparent Data Encryption (TDE) for both the primary and standby databases
For security, Oracle best practice recommends using TDE to encrypt both primary and standby databases to ensure that all data is encrypted at-rest. Data can be converted during the migration process, but it’s highly recommended to convert to TDE prior to migration to provide the most secure Oracle Data Guard environment. A VPN connection or Oracle Net encryption is also required for encryption-in-flight for any other database payload, such as data file or redo headers, that are not encrypted by TDE. Using TDE to protect data is an important part of improving the security of the system.
Consider the following options when deploying a DR plan using Oracle Data Guard:
- Oracle Data Guard utilizing Enterprise Edition Service or High-Performance Service
- Oracle Data Guard utilizing the Extreme Performance Service for Oracle Bring Your Own Licenses (BYOL) cases where you don't have an Active Data Guard Option license. (recommended)
- Active Data Guard utilizing the Extreme Performance Service or Oracle Database Exadata Cloud Service (recommended)
About Required Services and Roles
This solution requires the following services and roles:
-
Oracle Cloud Infrastructure (OCI) region
-
Oracle Database, Enterprise Edition
-
Oracle Cloud Infrastructure Database VM DB System, Oracle Database 19c EE Extreme Performance Release or Enterprise Edition
These are the roles needed for each service.
| Service Name: Role | Required to... |
|---|---|
| Oracle Database: root | Configure the primary database and instantiate and configure the standby database. |
| Oracle Cloud Infrastructure: sysdba | Close, shutdown, and unmount the standby database in the cloud. |
Oracle Data Guard: SYS, SYSDG
or SYSDBA |
Run the Oracle Data Guard command-line interface
(DGMGRL) to convert the standby
to a snapshot standby and switch the primary and
standby database roles.
|
See Learn how to get Oracle Cloud services for Oracle Solutions to get the cloud services you need.