We’re pleased to announce that Oracle Cloud Infrastructure (OCI) Block Volume service now supports customer-managed keys for cross region volume replication and automated policy-based backup copy across regions. This feature enables you to meet the requirements for regulatory compliance and internal security mandates related to using your own keys for Block Volume operations across regions.
Previously, we’ve offered asynchronous replication of volumes and policy-based automated backups across regions for various use cases, including the following examples:
Until now, these cross region features have supported volumes and backups that are encrypted only with Oracle-managed keys. They now also support your customer-managed keys. All keys continue to be kept and managed securely in OCI Vault.
By default, volumes and their backups in OCI are always encrypted without a way to disable encryption. For volumes that are encrypted with your keys, you can now enable replication of those volumes and their policy-based scheduled backups across regions. The customer-managed key can be either:
This functionality is available in all OCI regions through all interfaces, including API, software developer kit (SDK), Console, and Terraform. For more details about how to secure block volumes using your keys in the Vault service and cross region operations support, see the technical documentation.
Using a customer-managed key for cross region asynchronous volume replication requires only a few selections on the Edit Volume page in the Oracle Cloud Console.
Using customer-managed key for cross region asynchronous volume group replication is also simple in the Oracle Cloud Console. Enterprise applications typically require multiple volumes across multiple Compute instances to function. Boot volumes that power the system disks of the Compute instances, block volumes for the web tier, app tier, and database tier. Volume groups enable you to group multiple block storage volumes and boot volumes, such as system boot disks that OCI Block Volume backs, and perform crash-consistent, point-in-time, coordinated backups, and clones across all the volumes in the group. You can now use your own keys for replicating your volume groups across regions.
Enabling policy-based scheduled backup copies across regions for a volume encrypted using customer-managed key requires the following steps on the Edit Volume page in the Oracle Cloud Console:
You can also enable policy-based scheduled backup copies across regions for a volume group, encrypted using customer-managed key. This is also similarly trivial on the Edit Volume Group page in the Oracle Cloud Console.
Heinz Mielimonka, customer success director and cloud architect at Oracle, provides more insight and guidance in the blog post, OCI helps you to optimize your data protection. He describes how OCI helps ensure information security attributes for data, the most important asset, using the CIA triad: Confidentiality, integrity, and availability.
We want you to experience these new features and all the enterprise-grade capabilities that Oracle Cloud Infrastructure offers. It’s easy to try them out with Oracle Cloud Free Tier. For more information, see the following resources: