This article will show you how easy is to make use of Oracle Cloud to securely store all our on-premises Oracle Database Backups. Note that backups stored in Oracle Cloud can also be used to create new Oracle Database Instances (DBaaS).
Requirements:
To perform the steps in this tutorial, you will need:
- An understanding of the Oracle RMAN backup and Recovery concepts.
- A subscription to Oracle Compute Cloud Service ( You can enroll for a free tryout here )
- An understanding of encryption within RMAN as it is mandatory to encrypt all Oracle cloud backups
- On-Premise database server OS login credentials
Note: You can click on the images at any time to see them in more detail ;)
First, let start downloading the Oracle Database Cloud Backup Module from OTN, and copying it to your on-premise database server.
After copying the backup module zip file, create a new folder called “opc” under $ORACLE_BASE and copy the zip file to it.
$ mkdir /u01/app/oracle/opc $ opc_installer.zip /u01/app/oracle/opc $chown -R oracle:oinstall /u01/app/oracle/opc
Next, go to the newly created folder and unzip the file opc_installer.zip.
Now, let’s create a folder for the Cloud Backup Wallet and the Library that would be populated when installing the Cloud Module.
$ mkdir wallet library
Finally is time to install the Cloud Backup Module and let the magic begins.
java -jar opc_install.jar -host https://<enter your cloud account identifier here>.storage.oraclecloud.com/v1/Storage-<enter your cloud account identifier here> -opcId “<username of your account>” -opcPass “<your password>” -walletDir $ORACLE_BASE/opc/wallet -libDir $ORACLE_BASE/opc/library
You can see that after successfully install the module it:
- generated a wallet on your wallet folder at $ORACLE_BASE/opc/wallet
- generated your library at $ORACLE_BASE/opc/library
- generated an OPC initialization parameter at $ORACLE_HOME/dbs
Now we need to create a directory for our Database Encryption Wallet and add its location to our sqlnet.ora file.
$ mkdir -p /u01/oracle/admin/AWS11G/wallet $ vi $ORACLE_HOME/network/admin/sqlnet.ora ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/u01/oracle/admin/AWS11G/wallet)))
Let’s connect to the database via SQL*Plus and create the database encryption.
SQL> alter system set encryption key identified by "oracle";
Note: Do not lose the encryption key (save it in a safe location). Also, after any restart of the database please run:
SQL> alter system set encryption wallet open identified by “oracle”;
Now, we will execute our first backup to the Cloud.
$ rman target / RMAN> set encryption on identified by “oracle”; RMAN> run { allocate channel t1 type SBT_TAPE MAXPIECESIZE 2G PARMS ‘SBT_LIBRARY=/u01/app/oracle/opc/library/libopc.so, ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/db1/dbs/opcAWS11G.ora)’; backup database plus archivelog; backup current controlfile; release channel t1; }
Note: If using Oracle Standard Edition with a version lower then 12.2 you could hit the bug 18339044. This bug says that backup encryption requires Enterprise Edition. To solve this issue please apply the patch Patch 18339044 to your database.
This is the error you would see if hitting this bug:
RMAN> set encryption on identified by "oracle"; executing command: SET encryption RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-03002: failure of set command RMAN-06770: backup encryption requires Enterprise Edition
You can see that your backup files are now safely stored in your Oracle Cloud Storage Classic.
As you can see it works like a charm. Just to be sure, let’s play a little by removing a datafile and restoring and recovering it from our backup in the Cloud.
For this example, I will remove a datafile called “DB_CREATE_FILE_DEST” (Created on purpose like this, a history for another time)
After removing the file I will shutdown the database and you will see an error message when doing it.
Now, all we need to do is to startup the instance at mount mode, and restore and recover the datafile lost from our Cloud Backup. Please do not forget to set encryption before running the restore and recover commands.
RMAN> startup mount; RMAN> set encryption on identified by “oracle”; RMAN> run { allocate channel t1 type SBT_TAPE MAXPIECESIZE 2G PARMS ‘SBT_LIBRARY=/u01/app/oracle/opc/library/libopc.so, ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/db1/dbs/opcAWS11G.ora)’; restore datafile 6; recover datafile 6; release channel t1; } RMAN> alter database open;
Hope you enjoyed this article and looking forward to your comments and questions!
Kind Regards,
Francisco Munoz Alvarez