Oracle Cloud Infrastructure Documentation

Prerequisites

This topic explains the prerequisites to backup and restore your databases in Oracle Database@Azure.

Oracle Database Autonomous Recovery Service

This topic explains how to enable Autonomous Recovery Service for Exadata Database(s).

Note

  • You must complete the following steps before proceeding to Backup Exadata Database and Backup Exascale Database for Automatic Database Backups using Autonomous Recovery Service.

Ensure Tenancy Resource Limits Are Sufficient for Recovery Service

  1. From the OCI console, navigate to Governance & Administration.
  2. From the Tenancy Management section, select the Limits, Quotas and Usage link.
  3. Use the Service, Scope, Resource, Subscription and Compartment fields to filter the limits.
    1. From the Service dropdown list, select the Autonomous Recovery Service option.
    2. From the Subscription dropdown list, select your subscription.
    3. From the Scope dropdown list, select your region.
  4. Check the availability of the following limits.
    1. Protected Database Count
    2. Space Used for Recovery Window (GB)
    This screenshot shows how to check limits, quotas and usage.
  5. If it is required, you can create a Service Limit Request.

Verify Required Group and Set OCI Policies

  1. Use the existing Oracle Database@Azure groups which are created as a part of onboarding, or create new group(s) to administer Autonomous Recovery Service.
  2. Create the required IAM policies for the recovery services at root compartment.
  3. From the OCI console, navigate to Identity & Security, and then select the Identity.
  4. From the left menu, select the Policies section, and then select the Create Policy button.
  5. To create an IAM policies for Oracle Database@Azure Autonomous Recovery Service usage, complete the following substeps.
    1. Create the related policy using the Policy Builder by selecting:
      1. Policy use cases: Select the Autonomous Recovery Service from the list.
      2. Common policy templates: Select the Let Oracle Database@Azure use Autonomous Recovery Service for backup option from the list.
      This screenshot shows how to create an IAM policy(s).
    2. Alternatively, you can use manual editor to add related IAM policy statements.
      1. To allow Oracle Database@Azure use Autonomous Recovery Service for backup, use the following policy statements.
        Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow service database to use organizations-assigned-subscription in tenancy where target.subscription.serviceName = 'ORACLEDBATAZURE'
      2. To allow users to manage or use Autonomous Recovery Service in the appropriate groups created above, use the following policy statements.
        allow group odbaa-db-family-administrators to manage recovery-service-family in tenancy
allow group odbaa-db-family-administrators to use recovery-service-family in tenancy
allow group odbaa-db-systems-administrators to manage recovery-service-family in tenancy
allow group odbaa-db-systems-administrators to use recovery-service-family in tenancy
      Note

      The manage permission allows editing Autonomous Recovery Service, policies and subnets, in addition to configuring database backups with Autonomous Recovery Service, whereas the use permission only allows configuring database backups.

Configure Network Resources for Recovery Service

  1. From the OCI console, navigate to Exadata VM Clusters, and then select your Exadata VM Cluster.
  2. Select the VM Cluster information tab, and then ensure the VM Cluster name on the OCI console matches the intended name.
  3. From the VM Cluster information page, make a note of the names of the Virtual cloud network, Backup subnet, and Backup network security groups.
  4. In the VM Cluster Information tab, right-click the link next to Virtual Cloud Network and open it in a new browser tab.
    1. Navigate to the Subnets tab.
    2. Make sure the IPv4 CIDR block of the backup subnet is at least /24 (256 IP addresses). If it is not, you must create a new subnet with a CIDR block of at least /24.
  5. Navigate to Oracle Database, and then select Database Backups.
  6. From the Recovery Service Subnets section, and then select the Register Recovery Service subnet button.
    1. Enter a descriptive Name for your recovery service subnet.
    2. From the dropdown list, select your compartment where the recovery service subnet will be created.
    3. Select the Compartment and Virtual cloud network from the list.
    4. From the Subnets section, select your Compartment and Subnets information.
    5. Expand the Advanced options section, and then enable the Use network security groups to control traffic option.
    6. Select the Backup network security group of the VM cluster that you are using.
    7. Once you complete, select the Register button.
    8. If it is successful, the State of Recovery Service subnet will change to Active.
  7. In the VM Cluster Information tab, right-click the link next to Backup network security groups, and open it in a new browser tab.
    1. Navigate to the Security rules tab.
    2. Add stateful ingress rules to allow access from the entire CIDR range of the VCN where the database resides, permitting all source ports to destination ports 2484 and 8005.
    3. Add egress rules to allow access to destination ports 2484 and 8005 from the full CIDR range of the VCN where the database resides.This screenshot shows how to add egress rules.

Create Autonomous Recovery Service Protection Policy(s) with locality enforcement

  1. Navigate to Oracle Database, select Database Backups, and then select the Protection policies.
  2. To create protection policies, select the Create protection policy, and then complete the following substeps.
    1. Enter a descriptive Name for your protection policy.
    2. Select the Create in compartment from the list.
    3. Select your Backup retention period ( in days).
    4. Enable the retention lock option if it is required.
    5. Enable the Store backups in the same cloud provider as the database option if you want to store the backups in Azure.
    This screenshot shows how to create Autonomous Recovery Service protection policy.

OCI Object Storage

This topic explains the prerequisites for connecting to the Object Storage service and accessing Object Storage nodes using a Static Route

  1. From the OCI console, navigate to the Virtual cloud network from the VM Cluster information page.This screenshot shows how to enable connectivity to Object Storage.
    1. Select the Gateways tab, and then ensure a Service Gateway is attached.
    2. Select the Routing tab, and add the routing rule for Service Gateway if it is not already created.
    3. Navigate back to VM Cluster information tab, and then click the link next to Backup network security groups.
    4. Add the Egress rule to allow access to Object Storage if it not already created.
    This screenshot shows how to enable connectivity to Object Storage.
  2. Node Access to Object Storage via Static Route.
    1. This step is not required if you're using automatic backup.
      1. When you enable the first automatic backup for a database the static route configuration will be automatically done on the service.
    2. If you are not creating automatic backups, you must configure a static route for Object Storage access on each compute node.
      1. Follow this steps to configure a static route for Object Storage access with Exadata or Exascale.

For more information, see Prerequisites for Backups on Exadata Cloud Infrastructure or Prerequisites for Backups on Oracle Exadata Database Service on Exascale Infrastructure.