Configuring Recovery Service

Review and complete the configuration tasks required to implement Recovery Service in your tenancy.

Prerequisite Tasks for Using Recovery Service

Before you enable and use Recovery Service as the backup destination, you must ensure to verify the minimum requirements and complete all the prerequisite tasks specific to your Oracle Cloud Database service.

Figure 2-1 Prerequisite Configuration Steps to Enable Recovery Service for Database Backups


Description of Figure 2-1 follows

  • Common Requirements for Oracle Database Services to Use Recovery Service, see Table 2-1

    Common mandatory prerequisites required for using Recovery Service.

  • Prerequisites for Oracle Databases in OCI, see Table 2-2

    Specific prerequisites for Oracle Exadata Database Service on Dedicated Infrastructure and Oracle Base Database Service to use Recovery Service for backups.

  • Prerequisites for Multicloud Oracle Databases, see Table 2-3

    Specific prerequisites for multicloud Oracle Database services to use Recovery Service for backups.

Note

Operational backups to two different backup destinations may create data loss scenarios. Therefore, before you enable automatic backups to Recovery Service, you must disable manual backup scripts and processes to other storage destinations.

Table 2-1 Common Requirements for Oracle Database Services to Use Recovery Service

Requirement More Information

Verify whether Recovery Service is supported for your target database version.

Oracle Database Releases That Support Recovery Service

Ensure that Recovery Service resource limits are adequate.

Review Limits for Recovery Service

As a tenancy administrator, create the Oracle Cloud Infrastructure IAM users and groups to manage Recovery Service related tasks.

Create Groups and Users to Manage Recovery Service

Table 2-2 Prerequisites for Supported Oracle Databases in OCI

Step Task More Information

1

Use the Autonomous Recovery Service policy templates to assign permissions for Oracle Cloud Databases in OCI to use Recovery Service for backups.

Permissions Required for Oracle Databases in OCI to Use Recovery Service

2

Configure the required network resources to enable the backup network path to Recovery Service.

Configuring Network Resources for Recovery Service

3

Register a Recovery Service subnet.

Register Recovery Service Subnet

4

Review protection policies and enable automatic backups to Autonomous Recovery Service

(Optional) Review Protection Policies for Database Backup Retention

Enable Automatic Backups to Recovery Service

Table 2-3 Prerequisites for Oracle Database@Azure and Oracle Database@Google Cloud

Step Task More Information

1

Use the Autonomous Recovery Service policy templates to assign the permissions required for Oracle Database@Azure or Oracle Database@Google Cloud to use Recovery Service for backups.

Permissions Required for Multicloud Oracle Databases to Use Recovery Service

2

Do one of the following for Oracle Database@Azure and Oracle Database@Google Cloud:
  • If your backup subnet meets the recommended /24 subnet size requirement, then skip this step and directly proceed to register a Recovery Service subnet using NSG as described in step 3.
  • If your backup subnet does not meet the minimum subnet size requirements, you must first configure the network resources as described in this step, and then proceed to register the Recovery Service subnet.

Configuring Network Resources for Recovery Service

3

Register a Recovery Service subnet.

For multicloud Oracle Databases, such as Oracle Database@Azure or Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating NSGs.

Register Recovery Service Subnet

4

Review protection policies and then enable automatic backups to Recovery Service.

(Optional) Review Protection Policies for Database Backup Retention

Enable Automatic Backups to Recovery Service

Oracle Database Releases That Support Recovery Service

You can use Oracle Database Autonomous Recovery Service as the backup destination for Oracle Cloud databases provisioned with the following Oracle Database releases.

Table 2-4 Oracle Database Releases that Support Recovery Service

Oracle Database Edition and Version More Information

Oracle Database 19c Release 16 (19.16) or later

Your target database must meet these minimum requirements:
  • To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the COMPATIBLE initialization parameter must be set to 19.0.0 or higher).
  • To use the Real-time data protection feature, your database must be provisioned with Oracle Database 19c Release 18 (19.18) or later.

Oracle Database 21c Release 7 (21.7) or later

Your target database must meet these minimum requirements:
  • To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the COMPATIBLE initialization parameter must be set to 19.0.0 or higher).
  • To use the Real-time data protection feature, your database must be provisioned with Oracle Database 21c Release 8 (21.8) or later.

Oracle Database 23ai (23.4) or later

To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the COMPATIBLE initialization parameter must be set to 19.0.0 or higher).

Note

For information about the supported Database Services in the Oracle US Government Cloud, see Oracle Database Releases That Support Recovery Service in Oracle US Government Cloud.

Review Limits for Recovery Service

A service limit is the quota or allowance set on a resource. Use the console to verify that your tenancy's Recovery Service resource limits are adequate to meet your database backup demands.

Autonomous Recovery Service has maximum limits for the number of protected databases and the backup storage space utilization. The limits apply to each region.

Table 2-5 Autonomous Recovery Service Resource Limits

Resource Oracle Universal Credits Pay As You Go or Trial

Autonomous Recovery Service Protected Database Count

Contact Us

Contact Us

Autonomous Recovery Service Space Used for Recovery Window (GB)

Contact Us

Contact Us

Use the console to review the current service limits and usage information, and request an increase in resource limits, if necessary.

  1. In the navigation menu, select Governance & Administration, and then select Tenancy Management.
  2. Select Limits, Quotas and Usage.
  3. Select Autonomous Recovery Service from the Service list.
    Review the current limits and usage information.
  4. Request a service resource limit increase, if necessary.
    See Requesting a Service Limit Increase for detailed steps.
    Note

    You can also control the resource utilization within compartments. See Quota Policy Quick Start for detailed information.

Related Topics

Create Groups and Users to Manage Recovery Service

Create Oracle Cloud Infrastructure (OCI) user accounts and groups to manage Recovery Service resources.

You can then assign Recovery Service policy statements to the groups. For example, create a group called recoveryserviceadmin and assign the policy that allows the group to manage protected databases, protection policies, and Recovery Service subnets.

Table 2-6 Creating Groups and Users for Recovery Service

Task More Information

Create a group

To create a group

Create users

To create a user

Add users to a group

To add a user to a group

Assign policies to groups

Permissions Required for Oracle Databases in OCI to Use Recovery Service

Permissions Required for Oracle Databases in OCI to Use Recovery Service

Assign the permissions required for OCI Databases to use Recovery Service for backups.

In the Policy Builder, select Autonomous Recovery Service as the Policy Use Case, and then select these predefined policy templates:

Note

Recovery Service includes separate policy templates for Oracle Database@Azure and Oracle Database@Google Cloud. If you are configuring Recovery Service for your multicloud Oracle Database, then skip this step and proceed to Permissions Required for Multicloud Oracle Databases to Use Recovery Service.

Ability to do all things with Autonomous Recovery Service

The Ability to do all things with Autonomous Recovery Service policy template includes all the policy statements required to provide permissions for the supported database services to use Recovery Service, and for Recovery Service to use the network resources to access databases in a VCN.

You can either select the policy template or add these policy statements using the manual editor in the Policy Builder.

Table 2-7 Policy Statements Required for Using Recovery Service

Policy Statement Create In Purpose

Allow service database to manage recovery-service-family in tenancy

Root compartment

Enables the OCI Database Service to access protected databases, protection policies, and Recovery Service subnets within your tenancy.

Allow service database to manage tagnamespace in tenancy

Root compartment

Enables the OCI Database Service to access the tag namespace in a tenancy.

Allow service rcs to manage recovery-service-family in tenancy

Root compartment

Enables Recovery Service to access and manage protected databases, Recovery Service subnets, and protection policies within your tenancy.

Allow service rcs to manage virtual-network-family in tenancy

Root compartment

Enables Recovery Service to access and manage the private subnet in each database VCN within your tenancy. The private subnet defines the network path for backups between a database and Recovery Service.

Allow group admin to manage recovery-service-family in tenancy

Root compartment

Enables users in a specified group to access all Recovery Service resources. Users belonging to the specified group can manage protected databases, protection policies, and Recovery Service subnets.

Let users manage protection policies in Autonomous Recovery Service

The Let users manage protection policies in Autonomous Recovery Service policy template grants permissions for users in a specified group to create, update, and delete protection policy resources in Recovery Service.

You can either select the policy template or add this policy statement using the manual editor in the Policy Builder.

Table 2-8 Policy Statement for Managing Protection Policies

Policy Statement Create In Purpose

Allow group {group name} to manage recovery-service-policy in compartment {location}

Compartment that owns the protection policies.

Enables all users in a specified group to create, update, and delete protection policies in Recovery Service.

Consider this example.

This policy grants the RecoveryServiceUser group with the permissions to create, update, and delete protection policies in ABC compartment.
Allow group RecoveryServiceUser to manage recovery-service-policy in compartment ABC

Let users manage Autonomous Recovery Service Subnets

The Let users manage Autonomous Recovery Service subnets policy template grants permissions for users in a specified group to create, update, and delete Recovery Service subnet resources.

You can either select the policy template or add this policy statement in the Policy Builder.

Table 2-9 Policy Statement for Managing Recovery Service Subnets

Policy Statement Create In Purpose

Allow Group {group name} to manage recovery-service-subnet in compartment {location}

Compartment that owns the Recovery Service subnets.

Enables all users in a specified group to create, update, and delete Recovery Service subnets.

Consider this example.

This policy grants the RecoveryServiceAdmin group with the permissions to manage Recovery Service subnets in ABC compartment.
Allow group RecoveryServiceAdmin to manage recovery-service-subnet in compartment ABC

Permissions Required for Multicloud Oracle Databases to Use Recovery Service

Assign the permissions required for Oracle Database@Azure or Oracle Database@Google Cloud to use Recovery Service for backups.

In the Policy Builder, select Autonomous Recovery Service as the Policy Use Case, and then select one of these policy templates relevant to your multicloud Oracle Database service.

Let Oracle Database@Azure use Autonomous Recovery Service for backup

This policy template includes these policy statements required by Oracle Database@Google Cloud to use Recovery Service for backups.


Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow group admin to manage recovery-service-family in tenancy
Allow service database to use organizations-assigned-subscription in tenancy 
where target.subscription.serviceName = 'ORACLEDBATAZURE'

ORACLEDBATAZURE indicates the service name for Oracle Database@Azure.

Let Oracle Database@Google Cloud use Autonomous Recovery Service for backup

This policy template includes these policy statements required by Oracle Database@Google Cloud to use Recovery Service for backups.


Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow group admin to manage recovery-service-family in tenancyAllow service database to use 
organizations-assigned-subscription in tenancy where 
target.subscription.serviceName = 'ORACLEDBATGOOGLE'

ORACLEDBATGOOGLE indicates the service name for Oracle Database@Google Cloud.

See Multicloud Oracle Database Backup Support for more information about using Recovery Service for multicloud Oracle Database backups.

Configuring Network Resources for Recovery Service

Use an IP4-only subnet in the database VCN for Recovery Service operations. Define security rules to control the backup traffic between your database and Recovery Service. Finally, register the private subnet as a Recovery Service subnet.

Note

For Oracle Database@Azure and Oracle Database@Google Cloud, if your backup subnet meets the recommended /24 subnet size requirement, then skip this section and directly proceed to register the Recovery Service subnet using network security groups (NSGs). Otherwise, you must first complete the steps described in this section, and then proceed to register the Recovery Service subnet.

About Using a Private Subnet for Recovery Service

Recovery Service uses a private subnet inside a virtual cloud network (VCN) where your database resides. The private subnet defines the network path for backups between your database and Recovery Service.

Oracle recommends that your database VCN must have a single private subnet dedicated for backups to Recovery Service. Your Oracle Cloud database can reside in the same private subnet used by Recovery Service, or in a different subnet within the same VCN.

You can either create a private subnet or use a preexisting subnet in your database VCN. Oracle recommends that you use a subnet size of /24 (256 IP addresses).

Note

Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.
The database VCN requires security rules to allow backup traffic between your database and Recovery Service. Security rules must include stateful ingress rules to allow destination ports 8005 and 2484. You can use these Networking service features to implement security rules:
  • Security Lists

    A security list allows you to add security rules at the subnet level. In your database VCN, select the security list that is used for the Recovery Service subnet, and add the ingress rules to allow destination ports 8005 and 2484.

  • Network Security Groups (NSG)
    Network security groups (NSG) enable granular control over security rules that apply to individual VNICs in a VCN. Recovery Service supports these options to configure security rules using NSGs:
    • To implement network isolation, create one NSG for the database VNIC (add egress rules to allow ports 2484 and 8005) and a separate NSG for Recovery Service (add ingress rules to allow ports 2484 and 8005).
    • Create and use a single NSG (with egress and ingress rules) for the database VNIC and Recovery Service.
Note

If you have configured a security list and an NSG within your database VCN, then the rules defined in the NSGs takes precedence over the rules defined in a security list.

See Comparison of Security Lists and Network Security Groups to learn more.

After you create a private subnet in the database VCN, assign the security rules and then register the subnet as a Recovery Service subnet in Recovery Service. If you have created NSGs to implement security rules, then you must also ensure to associate the Recovery Service NSG with the Recovery Service subnet.

Note

Oracle recommends using a private subnet for your backups. However, it is possible to use a public subnet.

Review Networking Service Permissions to Configure a Subnet

Ensure that you have these Networking Service permissions required to create a subnet in the database VCN and to assign security rules for Recovery Service.

Table 2-10 Networking Service Permissions Required to Create a Private Subnet and Configure Security Rules for Recovery Service

Operation Required IAM Policies

Configure a private subnet in a database VCN

  • use vcns for the compartment which the VCN is in
  • use subnets for the compartment which the VCN is in
  • manage private-ips for the compartment which the VCN is in
  • manage vnics for the compartment which the VCN is in
  • manage vnics for the compartment which the database is provisioned or is to be provisioned in

Alternatively, you can create a policy that allows a specified group with broader access to networking components.

For example, use this policy to allow a NetworkAdmin group to manage all networks in any compartment in a tenancy.

Example 2-1 Policy for Network Administrators

Allow group NetworkAdmin to manage virtual-network-family in tenancy

Review Subnet Size Requirements and Security Rules for Recovery Service Subnet

The security rules are necessary to allow backup traffic between a database and Recovery Service.

Note

Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.

Table 2-11 Subnet Size Requirements and Ingress Rules for the Recovery Service Private Subnet

Item Requirements

Recommended subnet size

/24 (256 IP addresses)

General ingress rule 1: Allow HTTPS traffic from Anywhere

This rule allows backup traffic from your Oracle Cloud Infrastructure Database to Recovery Service.

  • Stateless: No (all rules must be stateful)
  • Source Type: CIDR
  • Source CIDR: CIDR of the VCN where the database resides
  • IP Protocol: TCP
  • Source Port Range: All
  • Destination Port Range: 8005

General ingress rule 2: Allows SQLNet Traffic from Anywhere

This rule allows recovery catalog connections and real-time data protection from your Oracle Cloud Infrastructure Database to Recovery Service.

  • Stateless: No (all rules must be stateful)
  • Source Type: CIDR
  • Source CIDR: CIDR of the VCN where the database resides
  • IP Protocol: TCP
  • Source Port Range: All
  • Destination Port Range: 2484
Note

If you use network security groups (NSG) to implement security rules or if your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database NSG or subnet to the Recovery Service NSG or subnet that you create.

Create a Recovery Service Subnet in the Database VCN

Use the OCI Console to configure a private subnet for Recovery Service in your database virtual cloud network (VCN).

Note

For Oracle Database@Azure and Oracle Database@Google Cloud, if your backup subnet meets the recommended /24 subnet size requirement, then skip this section and directly proceed to register the Recovery Service subnet using network security groups (NSGs). Otherwise, you must first complete the steps described in this section, and then proceed to register the Recovery Service subnet.
  1. In the navigation menu, select Networking, and then select Virtual cloud networks to display the Virtual Cloud Networks page.
  2. Select the VCN in which your database resides.
  3. Use these steps to create a Recovery Service subnet with a security list. If you choose to use network security groups, then proceed to step 4.
    1. Under Resources, select Security Lists.
    2. Select the security list that is used for the VCN.
      You must add two ingress rules to allow destination ports 8005 and 2484.
    3. Click Add Ingress Rules and add these details to set up a stateful ingress rule that allows HTTPS traffic from anywhere:
      • Source Type: CIDR
      • Source CIDR: Specify the CIDR of the VCN where the database resides.
      • IP Protocol: TCP
      • Source Port Range: All
      • Destination Port Range: 8005
      • Description: Specify an optional description of the ingress rule to help manage the security rules.
    4. Click Add Ingress Rule and add these details to set up a stateful ingress rule that allows SQLNet traffic from anywhere:
      • Source Type: CIDR
      • Source CIDR: Specify the CIDR of the VCN where the database resides.
      • IP Protocol: TCP.
      • Source Port Range: All
      • Destination Port Range: 2484.
      • Description: Specify an optional description of the ingress rule to help manage the security rules.
      Note

      Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.
    5. In the Virtual Cloud Networks Details page, click Create Subnet.
    6. Create a private subnet or select a private subnet that already exists in the database VCN. Oracle recommends a subnet size of /24 (256 IP addresses) for the private subnet.
    7. In the Subnet Details page, under Resources select Security Lists. Add the security list that includes the ingress rules to allow destination ports 8005 and 2484.
      Note

      If your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database subnet to the Recovery Service subnet that you create.
  4. Use these steps to create a Recovery Service subnet with network security groups (NSG).
    1. Under Resources, select Network Security Groups.
    2. Click Create Network Security Group.
      Use one of these supported methods to configure security rules using NSGs:
      • To implement network isolation, create one NSG for the database VNIC (add egress rules to allow ports 2484 and 8005) and a separate NSG for Recovery Service (add ingress rules to allow ports 2484 and 8005).
      • Create and use a single NSG (with egress and ingress rules) for the database VNIC and Recovery Service.
      The Network Security Group page lists the NSGs that you create.
    Note

    For additional configuration details, refer the relevant OCI Database Service documentation.
  5. After you create the Recovery Service subnet in the database VCN, proceed to register the subnet as a Recovery Service subnet. Oracle recommends that you register a single Recovery Service subnet per VCN.
    If you have implemented security rules using NSGs, then you must also ensure to add the Recovery Service NSG to the Recovery Service subnet.

Register Recovery Service Subnet

After you have created a private subnet for Recovery Service in your database VCN, use this procedure to register the subnet in Recovery Service.

Multiple protected databases can use the same Recovery Service subnet. In order to ensure that the required number of IP addresses are available to support the Recovery Service private endpoints, you can assign multiple subnets to a Recovery Service subnet that is used by more than one protected database.
Note

  • Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet.
  • For Oracle Database@Azure and Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating network security groups (NSG).
Ensure that you have completed the prerequisite configuration tasks specific to your Oracle Database service before you register the Recovery Service subnet.
  1. Log in to your OCI tenancy.
  2. In the navigation menu, click Oracle Database, and select Database Backups to display the Database Backups page.
  3. Click Recovery Service Subnets.
  4. In the Compartment field, select a compartment where you want to create the Recovery Service subnet.
  5. Click Register Recovery Service subnet, and specify the details.
  6. In the Name field, enter a name for the Recovery Service subnet.
  7. In the Compartment field, select the compartment where you want to create the Recovery Service subnet.
  8. In the Virtual cloud network field, select the database VCN.
    Click Change Compartment to select a VCN belonging to a different compartment.
  9. In the Subnet field, select a private subnet that you have configured for Recovery Service operations in your database VCN.
    Click Change Compartment to select a private subnet from a different compartment.
  10. (Optional) Click +Another Subnet to assign an additional subnet to the Recovery Service subnet.
    If a single subnet does not contain enough IP addresses to support the Recovery Service private endpoints, then you can assign multiple subnets.
  11. Click Show advanced options to configure these additional features.
    • Network security groups
    • Tags

    If you have used a network security group (NSG) to implement security rules for Recovery Service in the database VCN, then you must add the Recovery Service NSG to the Recovery Service subnet. The Recovery Service NSG can reside in the same compartment or in a different compartment. However, the NSG must belong to the same VCN to which the specified subnet belongs.

    Note

    For Oracle Database@Azure and Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating network security groups (NSG).
    1. In the Network security groups section, select Use network security groups to control traffic.
    2. Select the Recovery Service NSG you have created in the database VCN.
    3. Click +Another network security group to associate multiple NSGs (maximum five).
    (Optional) In the Tag Namespace field, consider adding a tag namespace, or tagging the control with an existing tag namespace.
  12. Click Register.

You can replace a subnet or add more subnets to support the required number of private endpoints.

  1. Use these steps to update an existing Recovery Service subnet:
    1. In the Recovery Service subnet details page, under Resources, click Subnets.
    2. Click Add subnets and select the subnets you want to add.
    3. To replace an existing subnet, click the Action menu, and select Remove subnet. You can then add another subnet.
    Note

    A Recovery Service subnet must be associated with at least one subnet belonging to your database VCN.
  2. Use these steps to manage the network security groups (NSGs) for an existing Recovery Service subnet:
    1. In the Network security groups section, click Add network security groups.
    2. Select and add the Recovery Service network security groups (maximum five).
    3. To remove an NSG, select the resource and click Remove.

(Optional) Review Protection Policies for Database Backup Retention

Recovery Service provides predefined protection policies to suit common use cases for backup retention. You can optionally create custom protection policies to suit your internal data retention requirements.

  1. In the navigation menu, select Oracle Database, and then select Database Backups to view the Database Backups page.
  2. Click Protection Policies.
  3. Recovery Service provides four Oracle-defined protection policies based on typical use cases for backup retention. You cannot modify these policies:
    • Platinum: 95 days
    • Gold: 65 days
    • Silver: 35 days
    • Bronze: 14 days
  4. Optionally, create a custom policy to suit your backup retention requirements. See: Creating a Protection Policy.

Ways to Manage Recovery Service Resources

In Oracle Cloud Infrastructure (OCI), you can create and manage Recovery Service resources using a variety of interfaces provided to fit your different management use cases.

Interface More Information

OCI Console

Using the Console

Application Programming Interfaces (APIs)

Oracle Database Autonomous Recovery Service API

Command-Line Interfaces (CLIs)

Using the CLI