Very Large Database Backup and Recovery Best Practices Part 2

May 3, 2023 | 5 minute read
Dan Holeva
Principal Product Manager
Tim Chien
Senior Director of Product Management
Text Size 100%:

INTRODUCTION

Building a state-of-the-art backup and recovery system requires careful planning and careful execution. Both are necessary to achieve the highly available, zero data loss environment required by today’s competitive business landscape. Software alone cannot achieve this. Oracle’s Zero Data Loss Recovery Appliance (ZDLRA) is a purpose-built and designed engineered system to maximize both hardware and software to work in tandem to provide a highly available, zero data loss environment for your enterprise.

Previously in Part 1 of this 2-part blog series, we examined specific RMAN backup and recovery practices for very large databases. In part 2, let’s see how Recovery Appliance can take database protection to the next level by dramatically making the backup process more efficient and providing higher levels of data protection than with RMAN alone.

INCREMENTAL FOREVER

The process of backup and recovery not only can be time-consuming but process intensive. With the Recovery Appliance’s innovative incremental forever strategy, production system processing is reduced to an absolute minimum by transmitting only the changed data. In the figure below, you can see how only the changes are preserved during the daily incremental backup process, while new virtual full backups are created each day.

 

Incremental Forever
Figure 1. Incremental Forever

 

Virtual fulls are pointer-based representations of the corresponding physical full backup, as of the incremental backup time. This can lead to a 10X decrease in space consumption, depending on the size of the data set and the change rate of the protected database. Virtual fulls can extend the disk-based recovery window for a large number of databases and allow for much more efficient recovery, compared to a traditional RMAN incremental-based recovery.

In addition, backup compression, deletion, validation, and maintenance operations are offloaded to the appliance. Eliminating unnecessary backup processes allow the production systems to focus on the service of production workloads and avoid unnecessary backup tasks.

REAL-TIME, ZERO DATA LOSS PROTECTION

The Recovery Appliance delivers continuous, real-time data protection, leveraging Oracle’s real-time redo transport, as shown below. Redo is the method by which transactional changes are preserved within the Oracle database and are transmitted directly to the appliance, where archived redo log backups are created and stored, providing immediate, zero data loss protection of all changes.

 

Real time Redo
Figure 2. Real Time Transaction Protection via Redo Transport

 

ROLE-BASED ACCESS CONTROL

It is important in an enterprise environment to establish and maintain access restrictions to sensitive data. In the recovery appliance, access to the system is controlled by a strict separation of duty policy and role separation. Database administrators are only allowed to have Virtual Private Catalog (VPC) roles to backup and recover their privileged databases. No modifications are allowed on the appliance. Recovery Appliance administrators are the only personas that have access to the appliance to manage and monitor the system, but do not have access to any of the protected databases. The duties are separated, and the appliance does not permit any creation of local users, databases, or services. Root access is only allowed through approval by quorum, which requires that two other named administrators approve root access for a specific time period.

 

IMMUTABILITY PROTECTION

Immutability, the preservation of database integrity, is continuing to grow as a requirement in many vertical markets such as finance and healthcare. The protection of backup data is required by law in some cases, and this can be achieved within the appliance through immutable (compliance) retention policies, as shown below. These policies specify a retention period whereby delete operations are not permitted. Backups can also be placed in a legal hold mode where they are retained indefinitely until the hold is removed. Immutable backups can further be archived to Oracle Cloud Infrastructure (OCI) object storage to meet longer-term retention periods, e.g., for months or years to comply with regulatory requirements.

For additional protection against malicious user or application access, the appliance may be deployed in an cyber vault location to create a network-isolated copy of the backups via replication - this is achieved via air gap network configuration, where connectivity is only open for specific periods to replicate backups. Cyber vault backups can be restored at any time, in the event production systems become compromised and must be taken offline. Appliances in the vault are independently managed with respect to user access, retention policies, and other backup attributes, fully separate from production systems.

Immutability
Figure 3. Recovery Appliance Immutability

 

 

CONTINUOUS RECOVERY VALIDATION

Assurance that your data is valid is a key component to a successful recovery. The appliance performs corruption detection throughout the backup cycle to validate the consistency of the data and will immediately alert the administration should a detection occur. The appliance checks all incoming and replicated backups for block-level validity as shown in Figure 4 below. Any backup data that is maligned by errors, malware, or any other method will be detected, recorded, and alerted to the administrator. With this information at hand, action can be taken by administrators and DBAs to remove the database from the network for further investigation.

continuous recovery
Figure 4. Continuous Recovery Validation

IN SUMMARY

Lost data results in lost revenue and lost time. Most solutions today struggle with the ability to provide quick, consistent, end-to-end validation and performance. Oracle’s Zero Data Loss Recovery Appliance is a purpose-built, engineered system with validation and recovery designed into the product. Both hardware and software work together to provide a highly sophisticated system that eliminates data loss, production impact, and provides disaster protection.

For more information, refer to the Recovery Appliance Product Central and subscribe to our monthly Backup & Recovery Office Hours sessions.

Dan Holeva

Principal Product Manager

Dan Holeva is a Principal Product Manager with the Backup and Recovery group that covers Zero Data Loss Recovery Appliance (ZDLRA), RMAN, and Cloud backup services. 

Dan has over 25 years of industry experience with 13 years of data protection PM experience as well as vendor and customer roles. He also has 10 years of systems engineering and consulting experience advising clients on moving business operations to public Cloud. 

Dan received his bachelor of science degree in computer science from Wilkes University.

Show more

Tim Chien

Senior Director of Product Management

Tim Chien is Senior Director of Product Management with Oracle's High Availability and Storage Management Group, focusing on Backup and Recovery, including Zero Data Loss Recovery Appliance, Recovery Manager (RMAN), and Flashback Technologies. His 20+ years of product management and marketing experience includes both application server and database products, and he has presented at numerous Oracle and industry conferences around the world. Tim received his bachelors and masters in computer science from the Massachusetts Institute of Technology.

Show more

Previous Post

Very Large Database Backup and Recovery Best Practices

Tim Chien | 7 min read

Next Post


Better together: Playing with Oracle Active Data Guard and DBSAT – Part I (Preparing the environment)