Oracle Data Guard
Ensuring Disaster Recovery for Enterprise Data
Wei Hu
[email protected]
Oracle\u2019s High Availability (HA) Solution Stack System Failure Unplanned Downtime
Data Failure & Disaster Human Error
Planned Downtime
System Maintenance Data Maintenance
Real Application Clusters
Continuous Availability for all Applications
Data Guard Zero Data Loss
Flashback Query
Enable Users to Correct their Mistakes
Dynamic Reconfiguration
Capacity on Demand without Interruption
Online Redefinition Adapt to Change Online
Oracle Data Guard Focus \ u e 0 0 0
Data Failures & Site Disasters:
\ u 2 0 1 3
Data Protection
\ u 2 0 1 3
Data Availability
\ u 2 0 1 3
Data Recovery
All 3 are important!
Data is the core asset of the enterprise!
\ u 2 0 2 2 Also addresses human errors & planned maintena
What Is Oracle Data Guard? Database software infrastructure that automates creation and maintenance of a duplicate, or standby copy, of the production (or primary) database If the primary database becomes unavailable (disasters, maintenance), the standby database can be activated and can take over the data serving needs of the enterprise
Data Guard Architecture Overview Clients
Clients
Primary Site
Standby Site
Data Changes t n e g A r e k o r B
Primary Database
Data Guard Broker
Standby Database
t n e g A r e k o r B
How Does It Work? As primary database is modified, redo data is propagated to standby databases Standby databases kept synchronized with primary Primary database is open and active; standby database is either in recovery or open read-only / read-write
Standby database can be transitioned to the prima role as necessary
Data Guard Configuration Standby Site A
Primary Site
Sta Standby Database Primary Database
Managed as a single configuration
Standby Database
Primary and standby databases can be Real Appli or single-instance Oracle
Oracle Data Guard Architecture
Production Database
Physical Standby Database
Sync or Async Redo Shipping
Backup Redo Apply
Network
DIGITAL DATA STORAGE
DIGITAL DATA STORAGE
Broker Optional Delay
Transform Redo to SQL
Optional Delay
Logical Standby Database
SQL Apply
Open for Reports
Additional Indexes & MVs
Oracle Data Guard Process Architecture Physical/Logical Standby Database
Oracle Net
Transactions
LGWR
(Synchronous/Asynchronous)
Online Redo Logs
FAL
Primary Database
RFS
Affirm/ NoAffirm
Standby Redo Logs
ARCH
ARCH
MRP/ LSP
Backup / Reports Transform Redo to SQL for SQL Apply
(Synchronous)
Archived Redo Logs
Archived Redo Logs
Data Guard Redo Apply Data Guard Broker Primary Database
Physical Standby Database
Optional Delay
Backup
Network Sync or Async Redo Shipping
DIGITAL DATA STORAGE
Redo Apply
Physical Standby Database is a block-for-block copy of the primary database Uses the database recovery functionality to apply changes Can be opened in read-only mode for reporting/queries Can also perform backup, offloading production database
Data Guard SQL Apply Data Guard Broker
Primary Database
Optional Delay
Additional Indexes & Materialized Views
Logical Standby Database
Continuously Open for Reports
Network Sync or Async Redo Shipping
Transform Redo to SQL and Apply
Logical Standby Database is an open, independent, active database Contains the same logical information (rows) as the production database Physical organization and structure can be very different Can host multiple schemas
Can be queried for reports while logs are being applied via SQL
Can create additional indexes and materialized views for better query performan
Standby Databases Are Not Idle Standby Server
Read-Only / Read-Write Reporting
Standby Database
Tape
Backups
Standby database can be used to offload the primary database, increasing the ROI
Cascaded Redo Log Destinations Standby database receives its redo data from another standby database and not from the original primary database Primary database sends a set of redo data to only selected standby databases and not to all standby databases Reduces the load on the primary system, and also reduces network traffic and use of valuable network resources around the primary site
Primary Database
Redo Data
Physical Standby Database
Retransmitted
Physical Standby Database
Protection from Human Errors and Data Corruptions Standby Site
Primary Site
Standby Database
Production Database Optional Delayed Apply
The application of changes received from the primary can be delayed at standby to allow for the detection of user errors and prevent standby to be affected The apply process also revalidates the log records to prevent application of any log corruptions
Switchover and Failover Primary and Standby role transitions Switchover –
Planned role reversal
–
No database reinstantiation required
–
Used for maintenance of OS or hardware
Failover –
Unplanned failure (e.g. disasters) of primary
–
Primary database must be reinstantiated
Initiated using simple SQL / GUI interface
Data Guard automates the processes involved
Failover Example
Flexible Data Protection Modes Protection Mode
Risk of Data Loss
Maximum Protection
Zero Data Loss
Redo Shipment
Synchronous redo Double Failure Protection shipping to 2 sites
Maximum Availability
Zero Data Loss
Synchronous redo shipping Single Failure Protection
Maximum Performance
Minimal data loss – Asynchronous redo usually 0 to few seconds shipping
Balance cost, availability, performance, and transaction protection
Maximum Protection Mode Protection Mode
Risk of Data Loss
Maximum Protection
Zero Data Loss
Redo Shipment
Synchronous redo Double Failure Protection shipping to 2 sites
Highest level of data protection Configuration: LGWR SYNC, SRLs Enforces protection of every transaction If last standby is unavailable, processing stops at primary Good for financial systems where no data loss is acceptable
ALTER DATABASE SET STANDBY
TO MAXIMIZE PROTECTION;
Maximum Availability Mode Protection Mode
Risk of Data Loss
Redo Shipment
Maximum Availability
Zero Data Loss
Synchronous redo shipping
Single Failure Protection
Enforces protection of every transaction Configuration: LGWR SYNC, do not need SRLs If last standby is unavailable, processing continues at primary When the standby becomes available again, synchronization with the primary is automatic ALTER DATABASE SET STANDBY
TO MAXIMIZE AVAILABILITY;
Maximum Performance Mode Protection Mode Maximum Performance
Risk of Data Loss
Redo Shipment
Minimal data loss – Asynchronous redo usually 0 to few seconds shipping
Highest level of performance Configuration: LGWR ASYNC, or ARCH Protects from failure of any single component Least impact on production system Useful for applications that can tolerate some data loss ALTER DATABASE SET STANDBY
TO MAXIMIZE PERFORMANCE;
Automatic Gap Resolution & Resynchronization
Network connectivity problems may cause ga the sequence of log files in the standby
Data Guard automatically takes care of thes –
Automatic Gap Handling
–
FAL (Fetch Archive Log) Gap Handling
GAP Resolution Automatic –
ARCH process idling away on the primary ‘pings’ all enabled standbys on a regular basis to see if they are missing any redo data
–
If so it sends them the missing redo data
FAL –
Gap discovered during apply process in physical standby
–
Based on FAL_SERVER and FAL_CLIENT settings, primary notified, and it sends missing redo data
Oracle Data Guard Broker Distributed management framework that automates and centralizes the creation, maintenance, and monitoring of Data Guard configurations Management operations can be performed locally remotely through the Broker's easy-to-use interfaces: –
GUI-based Oracle Data Guard Manager
–
Data Guard command-line interface
Data Guard Broker Architecture Job Service
Event Service
Security Service
Discovery Service
Oracle Management Server Data Guard Manager OEM Agent
Primary Database
Data Guard Broker
OEM Agent
Data Guard Broker
Physical Standby Database
OEM Agent
Data Guard Broker
Repository
Logical Standby Database
Data Guard Manager
Simple, easy-to-use management and monitoring interface
Local and Remote Standby Databases Oracle Data Guard configuration can support both local remote standby databases Local standby database – – – –
Human error and data corruption protection Appropriate for highest data protection modes LAN links are cheap, reliable, have high bandwidth and low latency Switchover operations are very fast
Remote standby database – – –
Best solution for disaster recovery WAN links are generally more expensive, less reliable, have lower bandwidth and higher latency than LAN links Suitable for highest performance asynchronous data protection mode
Usage Examples Chicago
Primary Database
Standby Database
Example B
Dallas
Standby Database
Primary Database
Maximize primary and standby resources
Example A
Standby machine must be powerful enough to support multiple production instances after switchover / failover
Primary Site A
Primary Database
Primary Site B
Primary Database
Primary Site C
Primary Database
Standby Database
Standby Database
Standby Database
Standby Site
Usage Examples Primary Site
Standby Site A Synchronous transport
LAN attached Used to offload backups First choice for switchover candidate
Standby Database
Standby Site B
Primary Database
Synchronous transport LAN attached Used to offload reporting Standby Database
Example C
Standby Site C
Asynchronous transport WAN attached Delayed apply Provides DR and data protection
Standby Database
Data Guard and RAC Data Guard and Real Application Clusters are complementary should be used together for a Maximum Availability Architecture Real Application Clusters provides high availability – –
Provides rapid and automatic recovery from node failures or an instance crash Provides increased scalability
Data Guard provides disaster protection and prevents data los –
By maintaining transactionally consistent copies of primary database
–
Protects against disasters, data corruption and user errors
–
Does not require expensive and complex HW/SW mirroring
Data Guard and Streams Streams and Data Guard are independent features of Oracle Database Enterprise Edition, based on some common underlying technology Data Guard: Disaster Recovery & Data Protection – – – –
Transactionally consistent standby databases Zero data loss Automated switchover/failover Various data protection modes
Streams: Information Sharing/Distribution – – – –
Fine granularity and control over what is replicated Bi-directional replication Data transformations Heterogeneous platforms
Because of business requirements, customers may choose to use Streams for DR/HA, and Data Guard SQL Apply for information distribution
Financial Services Company Using Data Guard & Streams
Master Database
Streams
for information distribution
Data Feed
Data Guard
Data Transformation
for DR
Product Delivery Databases for Client Access
Physical Standby Database
Data Guard and Remote Mirroring Remote Mirroring is another way to protect enterprise data Host-based and storage based Is a physical bit-for-bit copy The copy can be remote
Is this a good substitute?
Data Guard and Remote Mirroring Better protection –
Redo is validated logically
Greater efficiency –
Only redo is transferred instead of entire disk block (7x bandwidth savings, 27x network I/Os)
Cheaper –
No reliance on specialized hardware
Remote mirroring is useful for non-Oracle data
Why Oracle Data Guard? 1.
Disaster Recovery & High Availability –
2.
Complete data protection –
3.
Flexible data protection/synchronization modes
Automatic resynchronization after restoration of network connectivity –
6.
Standby databases can be used for reporting, backups, queries
Balance data availability against performance –
5.
Enables zero data loss, safeguard against data corruptions
Efficient utilization of system resources –
4.
Easy failover/switchover between primary and standby databases
Automatic archive gap detection and resolution with no manual intervention
Centralized and simple management –
Graphical interface for management and monitoring
Resources HA Portal on OTN: http://otn.oracle.com/deploy/availability/ Maximum Availability Architecture (best practice recommendations on Data Guard + RAC configuration): http://otn.oracle.com/deploy/availability/htdocs/maa.htm
Disaster Recovery page on OTN:
http://otn.oracle.com/deploy/availability/htdocs/dr_overview.html
Data Guard Technical White Paper on OTN: http://otn.oracle.com/deploy/availability/pdf/DG92_TWP.pdf
Data Guard Technology Overview Presentation on OTN:
http://otn.oracle.com/deploy/availability/pdf/DataGuardTechnologyOverview.pdf