Oracle Open World Presentation - Oracle RMAN Best Practices for Cloud Backups

Oracle Recovery Manager Best Practices for Cloud Backups TIP4789 Marco Calmasini Copyright © 2019 Oracle and/or its affiliates. Sr. Principal Product Manager, Oracle Niklas Iveslatt Partner and Senior DB Architect, Arisant

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. Statements in this presentation relating to Oracle’s future plans, expectations, beliefs, intentions and prospects are “forward-looking statements” and are subject to material risks and uncertainties. A detailed discussion of these factors and other risks that affect our business is contained in Oracle’s Securities and Exchange Commission (SEC) filings, including our most recent reports on Form 10-K and Form 10-Q under the heading “Risk Factors.” These filings are available on the SEC’s website or on Oracle’s website at http://www.oracle.com/investor. All information in this presentation is current as of September 2019 and Oracle undertakes no duty to update any statement in light of new information or future events. Safe Harbor Copyright © 2019 Oracle and/or its affiliates.

Before We Start • The content of this presentation is about backing up to Cloud Storage from on- premises or from cloud instances via RMAN or from ZDLRA “Archive to Cloud”. • It does not apply to backups from “Autonomous” instances or DBCS or ExaCS instances using the “Automatic backup” feature. • Always follow the MAA best practices periodically updated and published on OTN whitepapers • RMAN RESTORE VALIDATE is the only supported way to guarantee a backup can be used for recovery Copyright © 2019 Oracle and/or its affiliates.

Agenda • Backup and Recovery solutions overview • RMAN DB Backup Cloud Module for Oracle Cloud Infrastructure • Migrating existing backups to Oracle Cloud Infrastructure • Archiving Backups for Compliance using Serverless Functions and Events Service • Customer Experiences Copyright © 2019 Oracle and/or its affiliates.

Oracle Cloud Protected Files ExaCS DBCS Instantiate into DBCS/ExaCS DB Backup Cloud Service Secure Backup On-Premises Oracle Cloud Storage Compression & Encryption Backup to and Recover from On-Premises or Oracle Cloud Protected Databases Cloud @ Customer Filesystem RMAN: Built-in backup & recovery engine for the Oracle database which provides performant, efficient and dependable protection. Recovery Appliance: Engineered System purpose- built for data center-wide Oracle database protection which ensures zero data loss, verifies backup integrity, and reduces data protection overhead by eliminating repeated full backups. DB Backup Cloud Service: Secure & scalable Oracle Cloud Service providing cost effective storage for long-term retention & compliance of RMAN backups. Secure Backup: Centralized disk, tape and cloud backup management which provides heterogeneous filesystem protection for the entire data center. 1 1 2 23 3 4 4 Archive Storage Backup and Recovery Solutions Portfolio

DB Cloud Backup Module for OCI • Key based authentication vs. username/password Stronger security Simplified Management (password changes do not affect backups) • Supports multiple compartments for buckets Separation of duties • Object Lifecycle Policies for archiving Lower costs for long-term retention backups • Multipart upload Faster uploads, fewer objects Copyright © 2019 Oracle and/or its affiliates. Today Coming Soon

DB Cloud Backup Module Installer • New oci_install.jar installer available on oracle.com https://www.oracle.com/database/technologies/oracle-cloud-backup-downloads.html • Prepare for installation obtaining: Tenancy OCID Compartment OCID User OCID Private key file (corresponding public key must be uploaded via User management console) Public key fingerprint NOTE: Do not use a passphrase with your private key Copyright © 2019 Oracle and/or its affiliates.

Running the Installer java -jar oci_install.jar -host https://objectstorage.us-ashburn-1.oraclecloud.com -pvtKeyFile ~/oci_api_key.pem –pubFingerPrint 21:b1:ab:a0:b0:f0:50:30:ee:d6:a7:18:b3:50:a8:36 -tOCID ocid1.tenancy.oc1..aaaaaaaaj4ccqe763dizkrcdbssx7ufvlmokd24mb6utvkymyo2xwxyv3gfa -cOCID ocid1.compartment.oc1..aaaaaaaaxslr7vtt5cj4ksb3lvwu6agbvo5gh7t5iljd4ydfolgfy4wdpnrq -uOCID ocid1.user.oc1..aaaaaaaaid4hi2kzgbbyzjtietoaxxh2gzk4r2bqqqxwag7cqli5cpw6ls4a -bucket OCIbucket -enableArchiving true -archiveAfterBackup 0 days -retainAfterRestore 48 hours -walletDir ~/ociwallet -libDir ~/ocilib -configfile ~/ociconfig/opcORCL.ora Copyright © 2019 Oracle and/or its affiliates.

Object Lifecycle Policy Support If enableArchiving option is set to True a Lifecycle Policy is applied to the bucket This is how it shows up in the Object Storage Cloud Console Copyright © 2019 Oracle and/or its affiliates.

RMAN configuration and Archive Ops CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' FORMAT '%d_%U' PARMS 'SBT_LIBRARY=/home/oracle/ocilib/libopc.so ENV=(OPC_PFILE=/home/oracle/opcORCL.ora)'; If enableArchiving is true backup pieces are archived automatically by Object Storage Service (must be granted permission to manage objects) Archived backups must be restored to Standard Object Storage before RMAN can access them for actual DB restore or recovery operations RMAN RESTORE PREVIEW– displays archived backup pieces as “remote” RMAN RESTORE PREVIEW RECALL – initiates restore from archive to standard object storage Copyright © 2019 Oracle and/or its affiliates. List of Backup Sets =================== BS Key Type LV Size Device Type Elapsed Time Completion Time ------- ---- -- ---------- ----------- ------------ --------------- 179 Full 256.00K SBT_TAPE 00:00:02 14-SEP-19 BP Key: 179 Status: AVAILABLE Compressed: NO Tag: TAG20190914T100406 Handle: 89ubntom_1_1 Media: objectstorage.us-ashburn-..ecloud.com/n/oradbclouducm/tdemoaug22 List of Datafiles in backup set 179 File LV Type Ckp SCN Ckp Time Abs Fuz SCN Sparse Name ---- -- ---- ---------- --------- ----------- ------ ---- 21 Full 4715399 14-SEP-19 NO /ade/b/3380669573/oracle/dbs/tbs_25.f using channel ORA_SBT_TAPE_1 using channel ORA_DISK_1 archived logs generated after SCN 4715399 not found in repository recovery will be done up to SCN 4715399 Media recovery start SCN is 4715399 Recovery must be done beyond SCN 4715399 to clear datafile fuzziness List of remote backup files ============================ Handle: 89ubntom_1_1 Media: objectstorage.us-ashburn-..ecloud.com/n/oradbclouducm/tdemoaug22 validation succeeded for backup piece Finished restore at 14-SEP-19 List of Backup Sets =================== BS Key Type LV Size Device Type Elapsed Time Completion Time ------- ---- -- ---------- ----------- ------------ --------------- 179 Full 256.00K SBT_TAPE 00:00:02 14-SEP-19 BP Key: 179 Status: AVAILABLE Compressed: NO Tag: TAG20190914T100406 Handle: 89ubntom_1_1 Media: objectstorage.us-ashburn-..ecloud.com/n/oradbclouducm/tdemoaug22 List of Datafiles in backup set 179 File LV Type Ckp SCN Ckp Time Abs Fuz SCN Sparse Name ---- -- ---- ---------- --------- ----------- ------ ---- 21 Full 4715399 14-SEP-19 NO /ade/b/3380669573/oracle/dbs/tbs_25.f using channel ORA_SBT_TAPE_1 using channel ORA_DISK_1 archived logs generated after SCN 4715399 not found in repository recovery will be done up to SCN 4715399 Media recovery start SCN is 4715399 Recovery must be done beyond SCN 4715399 to clear datafile fuzziness Initiated recall for the following list of remote backup files ========================================================== Handle: 89ubntom_1_1 Media: objectstorage.us-ashburn-..ecloud.com/n/oradbclouducm/tdemoaug22 validation succeeded for backup piece Finished restore at 14-SEP-19

Backup Pieces to Cloud Objects • RMAN creates a number of backup pieces using names based on the FORMAT parameter like ‘%d_%U’ %d -> DBNAME %U -> system generated unique identifier For example: ORCL_ctua720h_1_1 • Cloud objects created for this backup piece are: sbt_catalog/ORCL_ctua720h_1_1/metadata.xml file_chunk/<DBID>/<DBNAME>/backuppiece/<DATE>/ORCL_ctua720h_1_1/<INCARNATION>/<CHUNK#> file_chunk/<DBID>/<DBNAME>/backuppiece/<DATE>/ORCL_ctua720h_1_1/<INCARNATION>/metadata.xml Copyright © 2019 Oracle and/or its affiliates.

Moving backups from other Cloud Infrastructures • The object format and naming are the same for: OCI native DB Backup Cloud Module Legacy Swift-based DB Backup Cloud Module OSB Cloud Module for AWS S3 • Backups can be migrated to OCI using tools like rclone • No RMAN catalog update is required Copyright © 2019 Oracle and/or its affiliates.

rclone example: migrating from AWS S3 • Download rclone (https://rclone.org) • Prepare your OCI target installing the DB Cloud Backup Module and setting up S3 compatible keys for your user • Set your environment variables for source and target services export RCLONE_CONFIG_S3_TYPE=s3 export RCLONE_CONFIG_S3_ACCESS_KEY_ID=AKIRGGSJRV23S5AG4N export RCLONE_CONFIG_S3_SECRET_ACCESS_KEY=TLJkltRDASlSlhVRPsRuJse2FtWLnFD5 export RCLONE_CONFIG_S3_REGION=us-east-1 export SOURCE=s3:osbbackups export RCLONE_CONFIG_OCI_TYPE=s3 export RCLONE_CONFIG_OCI_ACCESS_KEY_ID=b8d65742ca7385eac87091f1c0e86376d1e30eb4 export RCLONE_CONFIG_OCI_SECRET_ACCESS_KEY=26TtH1CVKSSFgddsEPwDoBqweDPCsLVrapmerolAsDg= export RCLONE_CONFIG_OCI_REGION=us-ashburn-1 export RCLONE_CONFIG_OCI_ENDPOINT=https://ixhf9gsbcsml.compat.objectstorage.us-ashburn-1.oraclecloud.com • rclone --verbose --cache-workers 64 --transfers 64 --retries 32 copy $SOURCE oci:OCIbucket Copyright © 2019 Oracle and/or its affiliates.

Compliance backups • End-Of-Month or End-Of-Year backups • Multi-year retention • Selectively Replicated to off-Region WORM buckets (DBAs have read-only capabilities) • Policy-based automatic deletion from Object Storage at expiration time Copyright © 2019 Oracle and/or its affiliates.

Using Events Service and Serverless Functions Copyright © 2019 Oracle and/or its affiliates. Create Object event triggers serverless function RMAN BACKUP DEVICE TYPE SBT FORMAT ‘MONTHLY_%d_%U’ DATABASE PLUS ARCHIVELOG; BACKUP FORMAT ‘MONTHLY_CF_%d_%U’ CURRENT CONTROLFILE SPFILE; Event Service rule: sbt_catalog*MONTHLY* file_chunk*MONTHLY* us-phoenix-1us-ashburn-1 NOTE: Events are not guaranteed, perform RMAN validation to confirm backups can be restored

User Privileges • User belongs to group that has full control on buckets and objects in us-ashburn-1 region and read-only in us-phoenix-1 region Allow group BRPM-IAD to manage buckets in compartment brpm where request.region = 'iad‘ Allow group BRPM-IAD to manage objects in compartment brpm where request.region = 'iad‘ Allow group BRPM-IAD to manage objects in compartment brpm where all {request.region = 'phx', any {request.permission = 'OBJECT_INSPECT', request.permission = 'OBJECT_READ'}} Allow group BRPM-IAD to manage buckets in compartment brpm where all {request.region = 'phx', any {request.permission = 'BUCKET_INSPECT', request.permission = 'BUCKET_READ'}} Copyright © 2019 Oracle and/or its affiliates.

Event Code Copyright © 2019 Oracle and/or its affiliates. { "cloudEventsVersion" : "0.1", "eventID" : "8ba2d00b-b596-4338-b49f-4824baee4677", "eventType" : "com.oraclecloud.objectstorage.createobject", "source" : "objectstorage", "eventTypeVersion" : "1.0", "eventTime" : "2019-08-21T00:48:41Z", "schemaURL" : null, "contentType" : "application/json", "extensions" : { "compartmentId" : "ocid1.compartment.oc1..aaaaaaaaxslr7vtt5cj4ksb3lvwu67gbvo5gh7t5iljdmydfolgfygwdpnrq" }, "data" : { "compartmentId" : "ocid1.compartment.oc1..aaaaaaaaxslr7vtt5cj4ksb3lvwu67gbvo5gh7t5iljdmydfolgfygwdpnrq", "compartmentName" : "BRPM", "resourceName" : "sbt_catalog/MONTHLY_ORCL_1527520098_83u9nk6r_1_1/metadata.xmll", "resourceId" : "", "availabilityDomain" : null, "freeFormTags" : { }, "definedTags" : { }, "additionalDetails" : { "eTag" : "43da49ca-720c-4c96-8b52-175c65a3bfb8", "namespace" : "oradbclouducm", "archivalState" : "Available", "bucketName" : "OCIbucket", "bucketId" : "ocid1.bucket.oc1.iad.aaaaaaaakfrmfdzueqrrn3nt4gd4ejp4xijycygqzm6heymibpx2iyujqmvq" } } }

Serverless Function Code Copyright © 2019 Oracle and/or its affiliates. def do(signer,bucket,namesp,object,compartment): try: object_storage_client = oci.object_storage.ObjectStorageClient({}, signer=signer) response = object_storage_client.copy_object(namesp,bucket, oci.object_storage.models.CopyObjectDetails( source_object_name = object, destination_bucket = 'archivebucket', destination_region = 'us-phoenix-1', destination_namespace = namesp, destination_object_name = object ) ) except (Exception, ValueError) as ex: print("ERROR: " + str(ex), flush=True, file=sys.stderr) return {"response": str(ex)} return {"response": str(response)} import io import json import oci import sys from fdk import response def handler(ctx, data: io.BytesIO=None): try: signer = oci.auth.signers.get_resource_principals_signer() # Parse Json to extract variables resp = do(signer,bucketsource,namespace,objectname,compid) print("EventType " + str(eventtype) + " " + str(objectname), flush=True, file=sys.stderr) return response.Response(ctx, response_data=json.dumps(resp), headers={"Content-Type": "application/json"} )

Why backups in the Cloud? Requirements to keep backups offsite Security and Compliance Cost savings Who is doing backups in the Cloud? City of Las Vegas (Public Sector) University of Colorado (Higher Education) i-wireless (Commercial) Many others, including well-known name brands.

Pre-Implementation Considerations • Retention and Storage Requirements (Archive / Object) • Region Designation (Region Replication) • Network bandwidth requirements and capabilities • Dev / Test Cloning Requirements • Security and Access Management (Compartments, Roles, Buckets, etc.) • Backup tool (existing / new) • Good news: All your existing RMAN know-how is still very applicable

Lessons Learned • Re-use existing backup scripts to save time • Test Full Backups and Incremental Backups (adjust backup windows) • Measure and Tune for Performance Degree of parallelism, including intra data file parallelism # of channels Block Change Tracking FastConnect Considerations • Set the base line using RMAN NETTEST run { allocate channel c1 device type sbt PARMS ‘sbt_library=libopc.so’; send channel c1 ‘NETTEST BACKUP 1024 M’; } • Use LOW or MEDIUM compression For more details on NETTEST see: “How to measure network performance from RMAN for ZDLRA or Cloud Backups (Doc ID 2371860.1)”

More Lessons Learned • Test Restores and Cloning • Keep or Delete Archive logs • Use AES-256 as your standard • Ensure encryption wallets are backed up We recommend storing on offline media in a safe location

Good docs and notes Whitepaper - Oracle Database Backup Cloud Service Best Practices for On-Premise Database Backup & Recovery Whitepaper - Oracle Database Backup Cloud Service Oracle Cloud Infrastructure Exadata Backup & Restore Best Practices using Cloud Object Storage Oracle Database Backup Service - FAQ (Doc ID 1640149.1) Cloud Backup Performance Analysis (Doc ID 2078576.1) Multi-Section Backups (Doc ID 406295.1) Master Note For Transparent Data Encryption (TDE) (Doc ID 1228046.1)

Where To Go Next Tomorrow 3:45-4:30 4:45-5:30 Realizing Value from the Zero Data Loss Recovery Appliance: Eaton's Journey Moscone South - Room 152C Zero Data Loss Recovery Appliance: Expanding Integration with Oracle Cloud Kelly Smith, Javier Ruiz, Durga Malella Moscone South 212 Thursday 1:15-2:00 Zero Data Loss Recovery Appliance: Latest Practices from Oracle Development Tim Chien, Jony Safi, Joe Scanlon Moscone South 212 Copyright © 2019 Oracle and/or its affiliates.

Oracle Open World Presentation - Oracle RMAN Best Practices for Cloud Backups

More Related Content

What's hot

Similar to Oracle Open World Presentation - Oracle RMAN Best Practices for Cloud Backups

Recently uploaded

In this document

Oracle Open World Presentation - Oracle RMAN Best Practices for Cloud Backups