ZDLRA - Quick Start Guide

 This post is intended to be a Quick Start Guide for those who are new to ZDLRA (RA for short).  I spend part of time working with customers who are new the RA and often the same topics/questions come up.  I wanted to put together a "Quick Start" guide that they can use to learn more about these common topics.

The steps I would follow for anyone new to the RA are.

1. Read through the section on configuring users and security settings for the RA. Decide which compliance settings make sense for the RA and come with a plan to implement them.
2. Identify the users, both OS users (if you are disabling direct root access), and users within the databases that will mange and/or monitor the RA. OS users can be added with "racli add admin_user". Database users can be added with "racli add db_user"
3. Create protection policies that contain the recovery window(s) that you want to set for the databases. You will also set compliance windows when creating policies. This can be done manually using the package DBMS_RA.CREATE_PROTECTION_POLICY.
4. Identify the VPC user(s) needed to manage the database. Is it a single DBA team, or different teams requiring multiple VPC users? Create the VPC user using "racli add vpc_user"
5. Add databases to be backed up to the RA, associate the database with both a protection policy and a VPC user who will be managing the database. NOTE that you should look at the Reserved Space, and adjust it as needed.  Databases can be added manually by using two PL/SQL calls. DBMS_RA.ADD_DB will add the database to the RA. DBMS_RA.GRANT_DB_ACCESS will allow the VPC user to manage the database.
6. Configure the database to be backed up to the RA either by using OEM, or manually. The manual steps would be

• Create a wallet on the DB client that contains the VPC credentials to connect to the RA.
• Update the sqlnet.ora file to point to this wallet
• Connect to the RMAN catalog on the RA from the DB client
• Register the database to the RA
• Configure the channel configuration to point to the RA
• Configure Block change tracking (if it is not configured).
• Configure the redo destination to point to the RA if you want to configure real-time redo.
• Change the RMAN retention to be "applied to all standby" if using real-time redo, or "backed up 1 time" if not.
• Update OEM to have the database point to the RMAN catalog on the ZDLRA.

Documentation

The documentation can be found here. Within the documentation there are several sections that will help you manage the RA.

Get Started 

The get started section contains some subtopics to delve into

Install and configure the Recovery Appliance

The links in this section cover all the details about the installation and configuration of the RA.  I won't be talking about those sections in the post, but be aware this is where to look for general maintenance/patching/expanding information.

Learn about the Recovery Appliance.

This section covers an overview of the RA, and is mostly marketing material. If you are not familiar with the RA, or want an overview this is the place to turn.

Administer the Recovery Appliance

These sections are going to be a lot more helpful to get you started. This section of the documentation covers 

Managing Protect Policies - Protection policies is the place to start when configuring an RA. Protection policies group databases together and it is critical to make sure you have the correct protection policies in place before adding databases to be backed up.

Copying Backups to Tape - This section is useful if you plan on creating backups (either point in time or archival) that will be sent externally from the RA. This can be either to physical/virtual tape, or to an external media manager.

Archiving Backups to the Cloud - This section covers how to configure the RA to send backups to an OCI compatible object storage.  This can either be OCI, or it can be an on-premises ZFS that has a project configured as OCI object storage.

Accessing Recovery Appliance Reports - This section covers how to access all the reports available to you.  You will find these reports are priceless to manage the RA over time. Some examples of the areas these reports cover are.

• Storage Capacity Planning reports with future usage projections
• Recovery Window Summary reports to validate backups are available
• Active incident reports to manage any alerts
• API History Report to audit any changes to the RA

NOTE : If you are using the RA in a charge backup model to your internal business units, there is specific reporting that can be used for this. Talk your Oracle team find out more.

Monitoring the Recovery Appliance - This section covers how to monitor the RA and set up alerts. This will allow you identify any issues that would affect the recovery of the backups including space issues, and missing backups.

Administer the Recovery Appliance

Configure Protected Databases - This section goes through how to configure databases to be backed up to the recovery appliance and includes instructions for both using OEM, and adding databases using the command line.

Backup Protected Databases - This section covers how to backup a database from either OEM, or from the traditional RMAN command line. I would also recommend looking at the MOS note to ensure that you are using the current best practices for backups. "RMAN best practice recommendations for backing up to the Recovery Appliance (Doc ID 2176686.1)".

Recover Databases - This section covers how to recover databases from the RA. This section also covers information about cloning databases. Cloning copies of production is a common use case for the RA, and this section is very useful to help you with this process.

Books

This section contains the documentation you look at regularly to manage the RA and answer questions that you may have on managing it.  I am only going to point the sections that you find most useful.

Deployment

The one important section under deployment is the Zero Data Loss Recovery Appliance Owners Guide.

Zero Data Loss Recovery Appliance Owners Guide - This guide contains information on configuring users on the RA, and the most critical sections to look at are

•  "Part III Security and Maintenance of Recovery Appliance".   If you are using the RA to manage immutable backups, it is important to go through this section to understand how users will be managed for maximum protection of your backups.
• Part IV Command Reference - This section covers the CLI commands you will use the manage the RA.

Administration

This is probably the most important guide in the documentation. It covers many of the areas of you will be managing as you configure databases to be backed up.  The most critical sections are

Part I Managing Recovery appliance - This section covers

• Implementing Immutable Backups
• Securing the Recovery Appliance operations
• Managing Protection Policies
• Configuring replication and replication concepts
• Additional High Availability strategies

Part III Recovery Appliance Reference - This section covers

• DBMS_RA packages to manage the RA through commands
• Recovery Appliance View Reference to see what views are available

MOS Notes

There are number of useful MOS notes that you will want to bookmark

• Zero Data Loss Recovery Appliance (ZDLRA) Information Center (Doc ID 2673011.2)
• How to Backup and Recover the Zero Data Loss Recovery Appliance (Doc ID 2048074.1)
• Zero Data Loss Recovery Appliance Supported Versions (Doc ID 1927416.1)
• Zero Data Loss Recovery Appliance Software Updates Guide (Doc ID 2028931.1)
• Cross Platform Database Migration using ZDLRA (Doc ID 2460552.1)
• How to Move RMAN Catalog To A Different Database (Doc ID 351918.1)

Helpful Blogs

Fernando Simon

Fernando has a number of helpful blog entries. Be aware he has been blogging for a long time on the RA, and some of the management processes have changed. One example is RACLI is now used to create VPC users. Some of the Blogs to note are

• How to use ZDLRA and enroll a database
• Duplicate, Restore and ZDLRA

• ZDLRA, Creating the Replication Config

Bryan Grenn

I have a number of blog posts on features of the ZDLRA.

Estimated space for Compliance Window on RA

 In this post  I will go through how to estimate how much space you need to store backups on the Recovery Appliance to meet your Compliance Window.

This is critical to understand, since compliance protected backups cannot be removed from the RA, and if all space is utilized to meet Compliance Windows, new backups will be refused.

First a bit about Compliance window.

COMPLIANCE WINDOW

Compliance Window is set at the Policy level.  All databases within that policy will inherit the Compliance Window going forward.  Below is some more detail you need to know on Compliance Window.

• The Compliance Window cannot be greater than the Recovery Window Goal
• You cannot set the Policy to "Auto Tune" reserve space when setting a Compliance Window. You must manage the reserve space as you did in the past.
• The Compliance Window can be adjusted up or down once set, but this will not affect any previous backups. Backups previously created observe the Compliance Window in effect when the backup was created.
• The RA does not have to be in Compliance Mode (disabled direct root access) in order to set the a Compliance Window.

Space management for Compliance Window

Reserved Space

If you are familiar with reserved space, then you understand how that can help.  Reserved space is set for each database, and is the estimate of how much is needed to meet the Recovery Window Goal.  The major points to understand with reserved space are

• The sum of all reserved space cannot be greater than the usable space on the RA.
• Reserved space is used during space pressure to determine which databases will not be able to keep their recovery window goal. Databases with reserved space less than what is needed will have their older backups purged first.
• Reserved space should be either
• About 10% greater than the space needed to meet the recovery window goal
• The high water mark of space needed during large volume updates (Black Friday sales for example).

By setting the reserved space for each database to be 10% larger than the space needed to meet the recovery window goal, you can alert when the Recovery Appliance cannot accept new databases to be backed up.  If all reserved space is allocated, then the Recovery Appliance is 90% full.

Recovery Window Goal

Within each policy you set a recovery window goal. This is a "goal" and if you run into space pressure, backups can be deleted from databases with insufficient reserved space (noted in the previous section).

The recommendation is to set the Compliance Window smaller than Recovery Window Goal if all databases are being protected.

By setting the recovery window goal smaller, you can alert when the required space to meet the recovery window goal is not available on the Recovery Appliance.  This will give you time to determine the space issue and take corrective action.

Compliance Window

Within each policy you can set a Compliance Window. This will lock any backups for the protected databases from being deleted, and will disable the database from being from the Recovery Appliance as long as it has backups that fall under compliance.  Since these backups cannot be removed, and the database cannot be removed, it is critical that you do not reach the point where all storage is utilized by compliant backups.

ESTIMATING COMPLIANCE SPACE

As you can tell by reading through how this works, it is critical to understand the space needed for compliant backups. 

The recommendation to estimate the space needed is to utilize the DBMS_RA.ESTIMATE_SPACE package.

Unfortunately with release 21.1 you cannot call this package from within a SQL statement. You will receive the following error.

Select dbms_ra.estimate_space ('TIMSP' , numtodsinterval(45,'day')) from dual
       *
ERROR at line 1:
ORA-14551: cannot perform a DML operation inside a query
ORA-06512: at "RASYS.DBMS_RA_MISC", line 5092
ORA-06512: at "RASYS.DBMS_RA", line 1204
ORA-06512: at line 1

In order to help everyone calculate the space needed, I came up with a code snippet that can give you the data you need.

Using the snippet below, and setting the variable for compliance window you can create an HTML report that will show you the estimate for space needed.

SET SERVEROUTPUT ON DECLARE x NUMBER; v_POLICY_NAME varchar2(128) := 'empty policy'; v_disk_reserved_space number :=0; v_size_estimate number :=0; v_compliance_window_space number := 0; v_recovery_window_space number :=0; vt_disk_reserved_space number :=0; vt_size_estimate number :=0; vt_recovery_window_space number :=0; vt_compliance_window_space number := 0; /*******************************************************/ /*******************************************************/ /*******************************************************/ /*******************************************************/ /* set the compliance window below */ /*******************************************************/ /*******************************************************/ /*******************************************************/ /*******************************************************/ V_COMPLIANCE_WINDOW_ESTIMATE DSINTERVAL_UNCONSTRAINED := numtodsinterval(15,'DAY'); BEGIN dbms_output.put_line('<HTML>'); dbms_output.put_line('<HEAD>'); dbms_output.put_line('<style>'); dbms_output.put_line('table {'); dbms_output.put_line('border: 1px solid #666;'); dbms_output.put_line('table-layout: fixed;'); dbms_output.put_line('width: 220px;'); dbms_output.put_line('}'); dbms_output.put_line('th,'); dbms_output.put_line('td {'); dbms_output.put_line('border: 1px solid #666;'); dbms_output.put_line('width: 140px;'); dbms_output.put_line('overflow: hidden;'); dbms_output.put_line('}'); dbms_output.put_line('</style>'); dbms_output.put_line('</HEAD>'); dbms_output.put_line('<BODY>'); dbms_output.put_line('<TABLE>'); dbms_output.put_line('<caption> Compliance Window of ' || extract(day from V_COMPLIANCE_WINDOW_ESTIMATE) || ' days sizing data for all database </caption>'); dbms_output.put_line('<colgroup>'); dbms_output.put_line('<col span="2">'); dbms_output.put_line('<col style="border: 2px solid black">'); dbms_output.put_line('<col span="7">'); dbms_output.put_line('</colgroup>'); dbms_output.put_line('<TR>'); dbms_output.put_line('<TH>'||'Policy'||' </TH> '); dbms_output.put_line('<TH>'||'Database Name'||' </TH> '); dbms_output.put_line('<TH>'||'Database Size'||' </TH> '); dbms_output.put_line('<TH>'||'Recovery Window Goal'||' </TH> '); dbms_output.put_line('<TH>'||'Reserved Space'||' </TH> '); dbms_output.put_line('<TH>'||'RWG Space'||' </TH> '); dbms_output.put_line('<TH>'||'Compliance space'||' </TH> '); dbms_output.put_line('</TR>'); dbms_output.put_line('</TABLE>'); FOR item IN (Select db_unique_name, POLICY_NAME, recovery_window_goal, disk_reserved_space , size_estimate, recovery_window_space from rasys.ra_database order by policy_name,db_unique_name) LOOP x := dbms_ra.estimate_space(db_unique_name => item.db_unique_name, target_window => V_COMPLIANCE_WINDOW_ESTIMATE ); if item.policy_name != v_policy_name THEN if v_policy_name != 'empty policy' then dbms_output.put_line('<TABLE>'); dbms_output.put_line('<TD>'||v_policy_name ||' Total </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(v_size_estimate,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(v_disk_reserved_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(v_recovery_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(v_compliance_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('</TABLE>'); end if; dbms_output.put_line('<TABLE>'); dbms_output.put_line('<TD>'||item.policy_name ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('</TABLE>'); end if; dbms_output.put_line('<TABLE>'); if item.policy_name <> v_policy_name THEN v_disk_reserved_space := item.disk_reserved_space ; v_size_estimate := item.size_estimate; v_recovery_window_space := item.recovery_window_space; v_compliance_window_space := x; v_policy_name := item.policy_name; else v_disk_reserved_space := v_disk_reserved_space + item.disk_reserved_space; v_size_estimate := v_size_estimate + item.size_estimate; v_recovery_window_space := v_recovery_window_space + item.recovery_window_space; v_compliance_window_space := v_compliance_window_space + x; end if; dbms_output.put_line('<TD>'||' ' ||' </TD> '); vt_disk_reserved_space := vt_disk_reserved_space + item.disk_reserved_space; vt_size_estimate := vt_size_estimate + item.size_estimate; vt_recovery_window_space := vt_recovery_window_space + item.recovery_window_space; vt_compliance_window_space := vt_compliance_window_space + x; dbms_output.put_line('<TD>'||item.db_unique_name ||' </TD> '); dbms_output.put_line('<TD>'||to_char(item.size_estimate,'999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||extract(day from item.recovery_window_goal) ||' </TD> '); dbms_output.put_line('<TD>'||to_char(item.disk_reserved_space,'999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(item.recovery_window_space,'999,999')||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(x,'999,999') ||' GB </TD> '); dbms_output.put_line('</TABLE>'); END LOOP; dbms_output.put_line('<TABLE>'); dbms_output.put_line('<TD>'||v_policy_name ||' Total </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(v_size_estimate,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(v_disk_reserved_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(v_recovery_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(v_compliance_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('</TABLE>'); dbms_output.put_line('<TABLE>'); dbms_output.put_line('<TD>'|| '' ||'Grand Total </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(vt_size_estimate,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||' ' ||' </TD> '); dbms_output.put_line('<TD>'||to_char(vt_disk_reserved_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(vt_recovery_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('<TD>'||to_char(vt_compliance_window_space,'9,999,999') ||' GB </TD> '); dbms_output.put_line('</TABLE>'); dbms_output.put_line('</BODY>'); dbms_output.put_line('</HTML>'); END; /

What the output looks like is below.  Note you can adjust the compliance window you want to look at.

This should allow you to look at the effect of setting a compliance window and compare it to the reserved space, and the RWG database by database, policy by policy, and as a whole.

ZFSSA File Retention and Snapshot Retention provide protection for RMAN incremental merge backups.

File Retention Lock and Snapshot Retention Lock are great new features on ZFSSA that can help protect your backups from deletion and help you meet regulatory requirements. Whether it be an accidental deletion or a bad actor attempting to corrupt your backups they are protected.

In this post I am going to walk through how to implement File Retention and Snapshot Retention together to protect an RMAN incremental merge backup from being deleted . 

 Why do I need both? 

The first question you might have is why do I need both File Retention and Snapshot Retention to protect my backups ? RMAN incremental merge backups consists of 3 types of backup pieces.

 FILE IMAGE COPIES - Each day when the backup job is executed the same image copy of each datafile file is updated by recovering the datafile with an incremental backup. This moves the image copy of each datafile forward one day using the changed blocks from the incremental backup. The backup files containing the image copy of the datafiles needs to be updatable by RMAN.

INCREMENTAL BACKUP - Each day a new incremental backup (differential) is taken. This incremental backup contains the blocks that changed in the database files since the previous incremental backup. Once created this file does not change. 

 ARCHIVE LOG BACKUPS - Multiple times a day, archive log backups (also known as log sweeps) are taken. These backup files contain the change records for the database and do not change once written. 

 How to leverage both retention types 

 SNAPSHOT RETENTION can be used to create a periodic restorable copy of a share/project by saving the unique blocks as of the "snapshot" time a new snapshot is taken. Each of these periodic snapshots can be scheduled on a regular basis. With snapshot retention, the snapshots are locked from being deleted, and the schedule itself is locked to prevent tampering with the snapshots. This is perfect for ensuring we have a restorable copy of the datafile images each time they are updated by RMAN.

FILE RETENTION can be used to lock both the incremental backups and the archive log backups. Both types of backup files do not change once created and should be locked to prevent removal or tampering with for the retention period. 

 How do I implement this ? 

First I am going create a new project for my backups named "DBBACKUPS". Of course you could create 2 different projects. Within this project I am going to create 2 shares with different retention settings. 

 FULLBACKUP - Snapshot retention share 

 My image copy backups are going to a share that is protected with snapshot retention. The documentation on where to start with snapshot retention can be found here. In the example below I am keeping 5 days of snapshots, and I am locking the most recent 3 days of snapshots. This configuration will ensure that I have locked image copies of my database files for the last 3 days. 

 NOTE: Snapshots only contain the unique blocks since the last snapshot, but still provide a FULL copy of each datafile. The storage used to keep each snapshots is similar to the storage needed for each incremental backup. 

 DAILYBACKUPS - File Retention share 

My incremental backups and archivelog backups are going to a share with File Retention. The files (backup pieces) stored on this share will be locked from being modified or deleted. The documentation on where to start with File Retention can be found here. 

 NOTE: I chose the "Privileged override" file retention policy. I could have chosen "Mandatory" file retention policy if I wanted to lock down the backup pieces even further. 

 In the example below I am retaining all files for 6 days. 

DAILY BACKUP SCRIPT 

Below is the daily backup script I am using to perform the incremental backup, and the recovery of the image copy datafiles with the changed blocks. You can see that I am allocating channels to "/fullbackup" which is the share configured with Snapshot Retention, and the image copy backups are going to this share. The incremental backups are going to "/dailybackups" which is protected with File Retention. 

run {
  ALLOCATE CHANNEL Z1 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  ALLOCATE CHANNEL Z2 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  ALLOCATE CHANNEL Z3 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  ALLOCATE CHANNEL Z4 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  ALLOCATE CHANNEL Z5 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  ALLOCATE CHANNEL Z6 TYPE DISK  format '/fullbackup/radb/DATA_%N_%f.dbf';
  
  backup
    section size 32G
    incremental level 1
    for recover of copy with tag 'DEMODBTEST' database FORMAT='/dailybackups/radb/FRA_%d_%T_%U.bkp';
  recover copy of database with tag 'DEMODBTEST' ;
  RELEASE CHANNEL Z1;
  RELEASE CHANNEL Z2;
  RELEASE CHANNEL Z3;
  RELEASE CHANNEL Z4;
  RELEASE CHANNEL Z5;
  RELEASE CHANNEL Z6;
}

 ARCHIVELOG BACKUP SCRIPT 

Below is the log sweep script that will perform the periodic backup of archive logs and send them to the "/dailybackups" share which has File Retention configured. 

run {
  ALLOCATE CHANNEL Z1 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';
  ALLOCATE CHANNEL Z2 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';
  ALLOCATE CHANNEL Z3 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';
  ALLOCATE CHANNEL Z4 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';
  ALLOCATE CHANNEL Z5 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';
  ALLOCATE CHANNEL Z6 TYPE DISK  format '/dailybackups/radb/ARCH_%U.bkup';

  
  backup
    section size 32G
    filesperset 32
    archivelog all;
  RELEASE CHANNEL Z1;
  RELEASE CHANNEL Z2;
  RELEASE CHANNEL Z3;
  RELEASE CHANNEL Z4;
  RELEASE CHANNEL Z5;
  RELEASE CHANNEL Z6;
}

 RESULT: 

This strategy will ensure that I have 5 days of untouched full backups available for recovery. It also ensures that I have 6 days of untouched archive logs, and incremental backups that can be applied if necessary. This will protect my RMAN incremental merge backups using a combination of Snapshot Retention for backup pieces that need to be updated, and File Retention for backup pieces that will not change.