OATUG INSIGHT Magazine April 5, 2022
Safety First by Johannes Michler

Safety First – Backup Concepts of Oracle E-Business Suite Environments for Oracle Cloud Infrastructure

Johannes Michler, PROMATIS Group, Ettlingen (TechnologyRegion Karlsruhe)

Oracle Cloud Infrastructure (OCI) is used by many of our customers to run their Oracle E-Business Suite workload. Especially when not just running development and testing systems on OCI, a solid concept is required for backing up (and restoring) the environment in the event of a disaster – be it due to user or system errors. Let’s take a closer look at the available options.

Basic Concepts and Terminology – RPO and RTO

The two most important notions when designing a backup strategy are definitely the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). RPO is the amount of data accepted to be lost in case of disaster. For example, an RPO of 30 minutes means that in any situation, you never want to lose more than 30 minutes of transactions when a disaster happens. RTO is the time it takes to recover from a disaster and have an instance up and running again. The Oracle documentation on the database – especially the “high availability overview” – provides more details on this (see [1]).

OCI Levels of Isolation

There are three isolation levels associated with Oracle Cloud Infrastructure that help to protect against failures, see the OCI documentation on this:

  • Region: A region is a highly isolated part of Oracle Cloud Infrastructure, which is located in a geographical area, e.g. EU-Frankfurt or US-WEST (Phoenix). The separation across regions provides protection even against e.g. large natural disasters.
  • Availability domains: Most regions are divided into three availability domains. These are isolated data centers and are thus highly unlikely to fail simultaneously. Because availability domains do not share infrastructure such as power or cooling, or the internal availability domain network, a failure in one availability domain within a region is unlikely to impact the availability of other domains within the same region.
  • Fault Domain: This is a partition within one data center. By putting compute instances in different fault domains, the failure of a physical box in Fault Domain 1 does not impact a physical box (and its compute instances) in Fault Domain 2.

Block, Object and File Storage

Oracle Cloud Infrastructure offers three major types of storage with different advantages and disadvantages. All three types are also relevant for backups:

  • Block storage is a type of storage that is attached to a compute instance as either a boot or an additional volume. Usually the attachment happens through iSCSI. While its performance is very high, block storage resides in just one availability domain (the one where the compute instance is running). Block volumes can be conveniently backed up at specified times through backup policies, and these backups can also be put to the object storage across regions. It is even possible to replicate Block Volumes across regions with a delay of usually not more than 30 minutes (see [2]). All the data from E-Business Suite instances (Apps- and DB-Tier) are usually located on block volumes (see [3]).
  • Object storage can be viewed as a “web service” that helps store and retrieve particularly large objects. As referenced in [4], this service applies “per region” and is highly durable due to the automatic storage of several copies across multiple availability domains.
  • File storage provides a NFS mount point that can be attached to multiple compute instances, eventually also across availability domains (or even regions if they are connected). While the service is a “per AD” service, the file storage can be in AD1, while a compute instance can be in AD2 for convenient access to the storage (cf. [5]). The service provides snapshot functionalities and stores multiple (durable) copies of all data (within one AD).

Objectives of this discussion

For the further scope of this blog, I will describe strategies that will help achieve both an RPO and RTO (for production systems) of appx. 30 minutes each. The strategy should be able to handle outages of one availability domain, but does not need to cover “regional outages”.
I will describe three different scenarios in this article, since they have different appropriate procedures:

  • Handling of development instances
  • Handling of conference room pilot or other testing instances
  • Handling of production instances

Development Instances

Typically on development instances it is not necessary to have a “full blown” backup of the instance. In case of a disaster, one is usually able to just create a new development instance as a new copy of the production system. If all developers work according to “common best practices”, all of their source code is contained by a source code management system and can be easily reinstalled onto the new development system.
In reality, however, this is not always the case. Especially with PL/SQL and APEX development, it is a well-known practice to develop directly in the database and only occasionally transfer the source code into a version control system – often only when moving from development to testing.
To cover this scenario, it is advisable to also carry out “some backups” of development systems. Usually, however, it suffices to back up the following content:

  • (Custom) database objects such as packages, procedures or views: Those can be easily backed up using expdp with a “XX%” name filter that is run at e.g. 8 a.m., noon and 4 p.m. The result can be backed up to a file storage in a different availability domain and restored from there after a new development instance has been created.
  • APEX Applications can be backed up using sqlcl (see [6]). This can again be run multiple times per day, and the result can be written to a file storage location.
  • XML Publisher Reports are stored in the xdo_lobs table. This table can be dumped regularly using expdp.

We put all the three exports into a shell script that cleans up old data after 4 weeks, providing a safety net for developers who do not immediately check-in their source code to GIT.
This means a RPO of 4 hours (for source code only) and an RTO of 2-12 hours (create a new P2T copy and restore the latest source code). The cost is minimal – storing appx. 1 GB in file storage.

CRP and Testing Instances

CRP or testing instances can play a crucial role, especially when running a new E-Business Suite implementation project. In many cases their mere replacement with new copies of production is not necessarily easy, especially during the hot phases of e.g. a user acceptance test.
I have had good experiences using block volume backups that were created either manually or at fixed times (often incrementally) by using custom or pre-built backup policies. Such backups can be easily captured from the Apps and DB Block Volume as well as the Boot Volume (cf. [7]). The backups are “consistent snapshots” of the underlying volume at the time they were taken. It is easy (within seconds) to create block volumes from the boot- and data-volumes and then start a new database and apps tier compute instance based on this backup. This can be done within a few minutes.

I usually attach a policy as follows:

  • Run a full backup every Sunday morning at 2 a.m. Keep this backup for 2 weeks.
  • Run a daily incremental backup at 4 a.m. Keep this backup for 5 days.
Figure 1: Definition of a BLOCK Storage Backup Policy
[Source: PROMATIS]

This means a RPO of up to one day and an RTO of appx. 30 minutes. The costs depend on the size of the instance, on a medium size instance costs are appx. within the range of 25-50 $/month.

Figure 2: View of the Backup Restore
[Source: PROMATIS]

Production

In production, it is often not acceptable to lose an entire day of work in case of a disaster. The traditional way to handle this is by using regular RMAN full/incremental backups in combination with a backup of the recent archivelogs. This can be used to reach an RPO of appx. 30 minutes quite easily. The drawback of this method is RTO: if the database is large, disaster recovery means first restoring the latest full backup followed by an incremental backup, followed by applying all the latest archive logs. On instances with many terabytes of data this may easily take a full day to restore and recover.
However, there is a convenient “turbo-mode” for this approach: Starting with the Oracle Database Release 12c recovery can be performed based on “3rd party storage snapshots“. OCI object storage backup is considered such a 3rd party storage snapshot. This allows the combination of a snapshot approach as shown in the previous section with applying the archive logs only from the current day.

The main steps to set this up are:

  • Setup a file storage in a different availability domain and mount it to the database tier.
  • Setup this mount point as a second/optional archive log destination.
  • Make sure an archive log is created at least every 30 minutes by using the archive_lag_target parameter.
  • Optional: Define the above mount point as a secondary control file location.

This approach gives an RPO of 30 minutes with an RTO of 30 to 90 minutes (depending on the amount of archive logs to be applied). The costs are the costs of the 1-day storage snapshot costs described previously plus file storage for the archive logs of 1 day.

Figure 3: Model of the Productive Instance Approach
[Source: Horus]

Hybrid Approach

For some database administrators, the described procedure of a recovery based on “3rd party storage snapshots” is too “modern” and not established enough yet. A combination of classic RMAN backups with storage snapshots is also possible. One of our customers has had good experience with the following procedure:

  • Nightly at 1 a.m. a snapshot of the database (software and data files) is taken; each Sunday “fully” (5 TB) and otherwise incrementally (20-50 GB).
  • A daily RMAN backup to OCI Object Storage takes place at 9 p.m.; on Saturdays as a “Level 0” full backup (appx. 3 hours; 600GB) and otherwise incrementally (10 minutes; 10-30 GB).
  • Hourly backup of the archive logs to OCI Object Storage (a few seconds).

In the event of a disaster, the latest storage snapshot is then first restored to its old state and the latest control file auto backup from the OCI object storage is restored (already fully configured). Then a recovery and subsequent “alter database open resetlogs” can be performed using the following command (in doing so, RMAN automatically applies any helpful incremental backups and then restores and applies archive logs):
recover database UNTIL SCN 6232192258870 SNAPSHOT TIME “TO_DATE(‘20.01.2021 01:00:52′,’DD.MM.YYYY HH24:MI:SS’)”;
If the recovery based on the snapshot fails for any reason, an RMAN Full/Incremental backup is also available, which can then be restored (with significantly increased runtime).
The process therefore combines the low cost with low RTO with proven RMAN backups.

Apps Tier for Production

So far we have primarily covered the database tier of an E-Business Suite instance. For the apps tier, one of the following approaches could be used in addition to the usually nightly snapshots as described above:

  • Put the $INST_TOP onto a NFS share on File Storage, or
  • Implement a rsync backup of $INST_TOP on a block volume to a remote file storage location, or
  • Make sure that no crucial data is on the apps tier: In many cases, this data is only temporary and does not need to be backed up more than once a day.

Conclusion

As shown above, Oracle Cloud Infrastructure provides powerful, easy-to-use and cost-effective ways to cover all backup and recovery needs for E-Business Suite instances. Short RPO and RTO times can be achieved way easier than when using traditional on-premise data centers.

References

[1]Oracle High Availability Overview and Best Practices https://docs.oracle.com/en/database/oracle/oracle-database/19/haovw/index.html
[2] Oracle Cloud Infrastructure Documentation, Cross Region Replication https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/volumereplication.htm
[3] Oracle Cloud Infrastructure Documentation, Overview of Block Volume https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/overview.htm
[4] Oracle Cloud Infrastructure Documentation, Overview of Object Storage https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm
[5] Oracle Cloud Infrastructure Documentation, Overview of File Storage https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm
[6] Oracle User’s Guide, 1 Working with Oracle SQLcl https://docs.oracle.com/en/database/oracle/sql-developer-command-line/19.4/sqcug/working-sqlcl.html#GUID-1343FA2B-BDB4-4645-B4D4-CD7C3E200AC9
[7] Oracle Cloud Infrastructure Documentation, Overview of Block Volume Backups https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumebackups.htm

About the author

Johannes Michler is Senior Principal Consultant, System Architect and Project Manager for the PROMATIS Group, with focus on service-oriented architectures (SOA), web portals as well as BPMN- and BPEL-based process automation. Since 2014, his function has been “Senior Vice President – Head of Platforms & Development”; he is also a member of the Horus software GmbH management board. Since 2010, he has been an active speaker and author for DOAG with numerous scientific and application-related contributions. In addition, he is a regular speaker at numerous events of the Oracle Community (IOUG & OATUG).

Contact

Johannes Michler
Senior Vice President – Head of Platforms & Development
PROMATIS Group
Pforzheimer Str. 160, 76275 Ettlingen
Germany
johannes.michler@promatis.com

Menu