Oracle Database 23ai: Enhanced RMAN Capabilities

Building on the momentum of Oracle DB 23ai, RMAN has evolved to become even more resilient, faster, and secured thus enhancing the database backup and recovery capabilities in this release. In this section of the blog, we will delve into the following key areas of enhancement and explore the exciting new developments in more detail.

  • Advanced Security Features: Learn about the new, stronger backup encryption algorithms, leveraging XTS block cipher mode
  • Performance and Availability Enhancements: Discover how RMAN optimizes performance and ensures high availability for backup and recovery operations
  • Oracle-integrated Innovations: Get an inside look at how RMAN seamlessly integrates with Zero Data Loss Recovery Appliance for on-premises enterprise database protection and Zero Data Loss Autonomous Recovery Service for OCI and Multicloud database protection

Advanced Security Features

RMAN Backup Encryption Algorithm Now Defaults to AES256. While backward compatibility with previously configured RMAN encryption algorithm is still supported, new backups will use AES-256(XTS) when the COMPATIBLE initialization parameter is set to 23.0.0 or higher.

Figure 1

How is it done

For Persistent settings

RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON.

Or

RMAN> SET ENCRYPTION ON

Figure 2a

Performance & Efficiency Enhancements

  • Upgrade catalog pauses in-process RMAN jobs

  • Time statistics are saved for planning purposes

  • Corrupt data file blocks automatically fixed with  VALIDATE DATABASE

  • Updated compression algorithm to faster ZSTD

High Availability Enhancements

  • More efficient initial resync after REGISTER DATABASE

  • Internal save points prevent loss of work for resync operations

  • Minimize dependency on client connection to recovery catalog by disconnecting during backup execution phase

  • Block media recovery support for ASM file directory entries

  • Improved fault tolerance for RAC DB backup/recovery

Flexibility & Ease of Use Enhancements

  • Standby database registration support with RMAN catalog allows for more flexible configuration of RMAN backups in Data Guard environments. In prior releases, only the primary database could be registered with the catalog, and for Data Guard environments where primary and standby databases backup independently, each database needs to connect to their respective catalog.

Improved Diagnosability

  • Additional debug messages are generated in the output log during RMAN sessions, to improve troubleshooting of a service request. This can reduce overall resolution time, by eliminating the need to reproduce the issue and gathering the appropriate logs. Errors will automatically generate an RMAN trace file that can help Support expedite analysis of root cause and solution.

Managing Flashback Database Logs Outside the Fast Recovery Area

In releases prior to Oracle DB 23ai, storing Flashback database logs were only possible in the fast recovery area. Now, a separate location can be designated for flashback logging.

A separate destination also eliminates the manual administration to manage the free space in the fast recovery area and flashback logs can be hosted on faster disks for better IO performance.

How is it done

DB 23ai introduces this parameter

DB_FLASHBACK_LOG_DEST and DB_FLASHBACK_LOG_DEST_SIZE

Modifying DB_FLASHBACK_LOG_DEST with ALTER SYSTEM

When modifying the DB_FLASHBACK_LOG_DEST parameter with the ALTER SYSTEM statement, you must disable and reenable flashback logging. For example:

SQL> alter database flashback off;

Database altered.

SQL> alter system set db_flashback_log_dest=’/u01/oracle/dbs/ofba2′;

System altered.

SQL> alter database flashback on;

Database altered.

Oracle-Integrated Innovations

The Oracle Database 23ai release introduces cutting-edge industry features, including Select AI, Vector Search, In-Database machine learning, and JSON duality. It holds unparalleled support for diverse workloads of any scale. By adopting a converged database approach, you can eliminate the need for specialized data storage solutions and streamline integration processes.

The variety and criticality of data supporting next-gen AI applications along with the base relational data in the same database demands increased backup and recovery, security, performance, and availability.

And with Oracle databases often storing the most business-critical assets within a company, they are a prime target of ransomware attacks. Thus, zero data loss recovery and backup resiliency against such attacks is paramount. For these needs, RMAN natively integrates with Oracle’s Zero Data Loss Recovery Appliance (ZDLRA) and Zero Data Loss Autonomous Recovery Service (ZRCV), Oracle’s premier engineered system and cloud service for enterprise database protection.

Zero Data Loss Recovery Appliance

Recovery Appliance is Oracle’s flagship data protection solution for on-premises databases and delivers robust features, including:

  • Zero data loss recovery from outages

  • Zero-impact backup validation & data anomaly detection
  • Ultra high performance and resource-efficient incremental forever backups
  • Ultra-fast recovery using daily virtualized full backups
  • Space-efficient encrypted backups
  • Deeper insights into database protection status and recoverability

Examples of ZDLRA + RMAN integration:

  • The RMAN ZDLRA backup module (libra) is included with standard database install starting with DB 19.27, allowing for easier setup with ZDLRA backup destination and easier updates for latest fixes and enhances with each database release update.

  • With the Space-Efficient Encrypted Backups capability TDE database backups remain compressed and encrypted end-to-end under an incremental forever strategy. The Recovery Appliance Backup Module for RMAN, installed on the protected database server, decrypts, compresses, re-encrypts the backup blocks, and formats the data for RA-native virtual full backups, as shown below. This process results in 3X or more storage savings compared to TDE backups on general purpose backup appliances.

    • To ensure end-to-end data security, encrypted data is never decrypted at rest by the Recovery Appliance and remains encrypted when copied to, or restored from, cloud or tape. Encryption keys are stored and managed only on the protected database.

    • By compressing backup data on the protected database, this feature not only reduces storage consumption but can also significantly improve backup and restore performance.

Figure 4b

More Details : https://blogs.oracle.com/maa/post/zero-data-loss-recovery-appliance-231-software-release-part-1

  • Smart Incremental Backups ensures that the proper incremental backups are created by RMAN to fill in any recovery window gaps on the ZDLRA. For example, gaps can occur if backups are taken to backup destination outside the ZDLRA or if there is an internal issue that affects availability of backups. Smart incremental backups detects and fixes these recovery gaps. This is only possible via internal communication between RMAN and Recovery Appliance to determine the proper incremental backup range needed to preserve the recovery window.

Zero Data Loss Autonomous Recovery Service

Recovery Service is a fully managed OCI and Multicloud service based on the on-premises Oracle Zero Data Loss Recovery Appliance (ZDLRA) technology which offers modern cyber security protection for cloud databases of any size. All backup and recovery operations are performed using OCI automation, which integrates with RMAN.

Recovery Service is the recommended solution for protecting cloud databases and provides the following unique advantages over Object Storage backups while keeping costs the same:

  • Achieve Faster Backups with Less Database Overhead – Recovery Service eliminates the weekly full backup and uses an offloaded incremental forever backup paradigm, so that the database CPU, memory and I/O overheads are reduced along with the backup window. Your valuable database resources can now be more focused on business needs rather than backup tasks.

  • Be Confident in Reliable Recovery – Recovery Service validates all backups for data anomalies which can impact recovery operations. Combining this validation process with immutability and enforced encryption, your data is safe, unalterable by anyone in the tenancy, and always ready for recovery in case of a ransomware attack.

  • Get Deeper Insights into your Database Protection – Recovery Service provides a centralized data protection dashboard and addresses key questions on the state of your database backups. Are my backups healthy? How long has it been since my last backup? How far back can I recover? How much space is my backup using? Are all my databases using the same retention policy?

Database Backup Cloud Service

Backup Cloud Service provides secure, scalable backup of on-premises and cloud databases to OCI Object Storage Service. The backup cloud service license includes use of RMAN encryption and compression, which would otherwise require licensing of Advanced Security and Advanced Compression options for the database. Installation and configuration of the database with backup cloud service is via a one-step installer included with the database, along with the RMAN cloud backup module.All backup and restore operations are then performed using RMAN as normal.

Summarizing Oracle Database 23ai RMAN Key New Features – Part 1 and Part 2

RMAN DB 23ai new features for greater ease of use and tape/cloud backup enhancements discussed in Part-1 and this BLOG are summarized below.

 

Summary

Benefit

Simplified Oracle RMAN Backup Modules Delivery

Latest OCI/S3/Recovery Appliance backup modules are delivered in each DB release update, eliminating need to separately check for and download newer modules from My Oracle Support

Simplified Configuration with OCI Object Storage Immutable Buckets

New OCI backup module installer (oci_install.jar) automates all configuration steps for immutable buckets, eliminating need for manual update to the backup module configuration file

Simplified Database Platform Migration

New RMAN backup, restore, and recovery command options automate end-to-end database platform migration activities, eliminating need for external scripts to prepare and migrate data.

Copy Backups across Tape/Cloud/Third Party Backup Destinations

New RMAN backup option supports copying of backups from SBT backup destination (e.g. tape or third-party backup media) to another destination (e.g. cloud object storage). This allows backups on legacy/decommissioned storage to be easily moved to new backup storage platform, such as Zero Data Loss Recovery Appliance or OCI object storage, and cataloged by RMAN for reporting and restore operations.

Advanced Security Features

The DB 23ai release bolsters security with enhanced encryption capabilities and immutable storage options, providing unparalleled resilience against ransomware attacks and data breaches, thereby ensuring robust protection of sensitive data.

Performance and High Availability Enhancements

The latest enhancements to RMAN in Oracle DB 23ai introduce advanced capabilities that improve data integrity and resilience. Key features include enhanced data corruption detection and automated repair, improved logging for better visibility, and increased flexibility in data transfer with simplified command sets. Additionally, optimized RESYNC operations with the catalog improve resiliency of backup operations in event of catalog connection issues.

Oracle-integrated Innovations

RMAN is integrated with Oracle’s premier data protection solutions – ZDLRA and ZRCV – to deliver database-unique features, such as space efficient encrypted backups, which ensures data at rest is always encrypted end-to-end while providing 3X or more storage savings compared to general purpose backup appliances.

 

  Take Your Learning to the Next Level

   Want to dive deeper into the world of Oracle Database 23ai and RMAN? Check out these valuable resources to learn more: