Bulletproof EBS on OCI (Episode 4/4)

Extending the Fortress: Hybrid Immutability & Automated DR

In the finale of our series on securing E-Business Suite, we are stepping out of the pure OCI bubble. Many of our customers operate in a Hybrid reality - keeping their primary EBS instance on-premise while looking to the cloud for Disaster Recovery (DR) and (ransomware) protection.

In Episode 4, we explore how to extend the "Broadpin Fortress" to your on-premise data center and how to evolve from manual recovery to fully automated Full Stack DR.

Part 1: Immutable Backups for On-Premise EBS

Just because your database sits in your own data center doesn't mean you can't leverage OCI's immutable vault. There are two primary architectural paths to send backups to OCI, both capable of utilizing Retention Locked policies.

Option A: The "Premium" Path (Autonomous Recovery Service)

You can connect your on-premise database directly to the OCI Autonomous Recovery Service (ARS).

• The Pros: This brings the "Cloud Native" advantages to on-premise: Real-time data protection (Zero Data Loss) and Incremental Forever backup strategies.
• The Requirements: This route requires a robust Site-to-Site VPN or FastConnect (no public internet). It is strictly limited to Linux x86 infrastructure and requires a recent 19c patch set.

Option B: The "Universal" Path (Database Backup Cloud Service)

For environments where ARS isn't a fit (e.g., non-Linux OS or no VPN), we utilize the Database Cloud Backup Module.

• The Pros: Flexible and runs over the secure public internet (HTTPS). Even allows for encrypted and compressed backups without buying the corresponding database options.
• The Cons: You lose the "Real-time" redo transport (potential data loss between backup intervals) and must manage standard Full/Incremental backup cycles.

The Critical "Gotcha": The Wallet

Whether you use Option A or B, there is one single point of failure that renders an immutable backup useless: The Encryption Wallet (TDE). If you lose your on-premise data center to ransomware and haven't backed up the local TDE wallet to a separate, secure location (or Vault), your immutable backups in OCI are cryptographically locked forever. Always backup the wallet separately.

Part 2: The Restore Strategy (Hybrid & Cloud)

When disaster strikes on-premise, you have two recovery destinations.

1. Restoring On-Premise This is the traditional path.

1. Re-install the OS and Database Software (including the Oracle Home).
2. Connect to OCI (via ARS or Backup Module).
3. Perform the RMAN RESTORE and RECOVER.

2. Restoring to OCI (The "Cloud Lifeboat") A popular strategy is to use these backups to restore into OCI, effectively migrating during a disaster. You can target a Base Database Service instance.

• Note: This is currently a manual setup. You must instantiate the Base DB Service first, then overwrite it with the backup from the on-premise source.

Part 3: Automating the Chaos (Full Stack DR)

In Episodes 2 and 3, we detailed the manual steps to restore EBS. While effective, manual recovery during a crisis is high-stress. How do we automate this?

1. OCI Full Stack Disaster Recovery (FSDR)

For the ultimate peace of mind, we implement OCI Full Stack Disaster Recovery.

• Data Guard Scenario: In a standard MAA architecture, FSDR orchestrates the failover, handling the database role switch, DNS updates, and application tier restarts automatically (Refer to the MAA for EBS on OCI Whitepaper).
• Backup/Restore Scenario: Even if you are running on Compute (as discussed in Ep 3), you can script FSDR to trigger the restoration of Block Volumes and RMAN recovery scripts, transforming a 20-page runbook into a single "Execute" button.

2. Data Guard and EBS Cloud Manager

For those looking into an even more robust and quick DR scenarios (when it comes to both RPO and RTO), EBS Cloud Manager has a powerful option. As described in https://docs.oracle.com/cd/E26401_01/doc.122/f35809/T679330T2010880.htm you can setup a DR environment (even in a separate region) with the click of a few buttons and then leverage Cloud Manager capabilities to do the switchover/cutover in case of a disaster.

Series Conclusion

At Broadpin, we believe that "Hope is not a strategy." Whether you are running purely on OCI Base Database Service, customized Compute, or a Hybrid architecture, the tools exist to build a ransomware-proof, immutable defense.

• Episode 1: We built the immutable backup strategy.
• Episode 2: We proved it works with a live restore.
• Episode 3: We adapted it for Compute-based databases.
• Episode 4: We extended it to On-Premise and Automation.

Is your ERP data truly secure? If you're unsure, let's talk with our Broadpin Teams around the globe.