Oracle’s Zero Data Loss Recovery Appliance Engineered System is designed with recovery in mind to offer the best possible protection for Oracle Databases. Today’s most critical recovery scenario is ransomware recovery.
The Recovery Appliance provides features that makes it intrinsically resilient to attacks aimed at eliminating recovery capabilities by disabling backup operations, deleting backups or, in general, making them useless; it also maintains encryption for the complete lifecycle, from the database to the different backup tiers so exfiltrated backups are not usable for restore.
A new Oracle technical brief describes these key capabilities combined with three different architectural deployments: single Recovery Appliance with immutable object storage, multi-site with DR, and Cyber Vault with Clean Room. Together, the complete solution can address a wide range of Oracle datrabase cyber recovery needs.
As a quick preview, the Recovery Appliance capabilities include:
- Separation of Duties Framework prevents a single user from being able to both delete/modify active and backup data. A malicious actor stealing DBA credentials would not be able to tamper with the backups, or in case he/she gets access to a Recovery Appliance Administrator’s credentials, they would not be able to delete backups (requires quorum admin approval) or restore to a different location (requires DBA credentials).
- End-to-end Database Encrypted Backups allows data ownership and access to remain with the DBA. All backups are compressed and encrypted before sending to the Recovery Appliance using highly efficient incremental forever strategy. All database restores and data access requires DBA access, including RMAN user and key store credentials.
- Regulatory-certified Immutable Backups prevent any tampering of backups within a specific retention period. No DBA, Appliance Admin, or other user can delete/modify backups or their retention policies. All user and appliance activities are recorded in history logs that can be sent to external monitoring tools for further analysis.
- Zero to Sub-second Recovery Point Objective achieved via Real Time Redo Transport technology. The Recovery Appliance can quickly recover Databases, back to the original location, or in a clean room environment, up to the last second before a cyber attack. This allows to recover multiple DBs to the same point in time without losing transactions.
- Database-native Anomaly Detection validates the integrity of each Oracle Database block, detecting any attempt to physically tamper with the data. Validation occurs at all data movement stages, and runs continually while the backups are stored on Recovery Appliance disks.
Zero Data Loss Recovery Appliance maintains encryption across the complete Oracle Database backup lifecycle, detects Oracle block anomalies, provides fast recovery, and can be deployed in multiple ways to address any ransomware protection need. For more information:
Ransomware Protection and Cyber-Resilience with Zero Data Loss Recovery Appliance Technical Brief
Backup and Recovery Office Hours Recording on ZDLRA Ransomware Protection
Previous ZDLRA Blog on Ransomware Protection
Marco Calmasini
Sr. Principal Product Manager
Marco Calmasini is a Senior Principal Product Manager within the Oracle Database Backup and Recovery Solutions team, working on the Zero Data Loss Recovery Appliance, Oracle Secure Backup, and Database Backup Cloud Service. Marco has presented at many technical conferences for Oracle and external partners including Oracle CloudWorld and contributes to a monthly webinar on data protection for the Oracle Database.
Show more