<Insert Picture Here> Instant Disaster Recovery for Oracle by Deploying on the Amazon Cloud Navin Mudaliar Deloitte Consulting Jamie Kinney Amazon Web Services Cris Pedregal Oracle Development
Agenda Disaster Recovery and High Availability Oracle and Amazon Web Services Ingredients to High Availability/Disaster Recovery Deloitte: How to deploy Data Guard on AWS Advanced Innovations: Production Case Study Key Take-aways <Insert Picture Here> 2
Disasters Happen Newsworthy events first come to mind Fires, earthquakes, tsunamis, floods, hurricanes, power & fiber cuts But everyday events also cause outages Faulty system components server, network, storage, software, Data corruptions - at all levels! Backup / recovery of bad data Bad HW/SW installations / upgrades / patching Wrong batch job Operator errors you get the idea Database down for critical applications = Disaster 3
DR is a Requirement For Business Critical Systems Oracle Data Guard is key to High Availability/Disaster Recovery Primary Site Data Guard Active Standby Site Data Guard SYNC / ASYNC Primary Database Standby Database Data Guard Broker Oracle Enterprise Manager Grid Control 4
But Disaster Recovery Infrastructure is Expensive Upfront Capital and Setup Costs Lead to Inaction Spend Money Hardware Software Network Facilities People Spend Time Budgeting Provisioning Implementation Training Maintenance 5
Oracle Data Guard and Amazon Cloud Services Instant Disaster Recovery Primary Database Primary Site Data Guard Data Guard SYNC / ASYNC Amazon Cloud Data Guard Broker Oracle Enterprise Manager Grid Control 6
Instant Disaster Recovery - Ingredients Oracle Database and its HA technologies Data Guard, RMAN, Oracle Secure Backup Cloud Module Oracle Database Amazon Machine Image (AMI) Amazon Web Services Amazon Machine Image (AMI) for Oracle Database On Elastic Compute Cloud (EC2) + Elastic Block Service Also Elastic Load Balance Backups stored in Amazon's Simple Storage Service (S3) Backup/Restore over network, or AWS S3 "Import/Export" to ship backups in/out Virtual Private Cloud (VPC) to integrate EC2 with premises or other means of securely connecting instances 7
Amazon Web Services Jamie Kinney Amazon Web Services jkinney@amazon.com http://aws.amazon.com
Introducing Amazon Web Services AWS provides flexible, scalable, secure, and cost-effective IT infrastructure for businesses of all sizes around the world. Compute power and storage is available to you on-demand, you pay only for the resources you use running on scalable, reliable, and secure infrastructure operated by Amazon Web Services, based on the knowledge gleaned from over a decade of building efficient and dependable infrastructure for Amazon.com.
Amazon Web Services Your Custom Applications and Services Monitoring Amazon CloudWatch Management AWS Management Console Tools AWS Toolkit for Eclipse Isolated Networks Amazon Virtual Private Cloud Parallel Processing Amazon Elastic MapReduce Content Delivery Amazon CloudFront Messaging Amazon Simple Queue Service (SQS) Payments Amazon Flexible Payments Service (FPS) On-Demand Workforce Amazon Mechanical Turk Compute Amazon Elastic Compute Cloud (EC2) -Elastic Load Balancing -Auto Scaling Storage Amazon Simple Storage Service (S3) -AWS Import/Export Database Amazon RDS Amazon SimpleDB Amazon EC2 images for Oracle, SQL Server, DB2, Informix, MySQL
AWS Global Reach AWS Regions US East (Northern Virginia) US West (Northern California) Europe (Dublin) Asia Pacific (Singapore) AWS CloudFront Locations Ashburn, VA / Dallas, TX / Los Angeles, CA / Miami, FL / Newark, NJ / Palo Alto, CA / Seattle, WA / St. Louis, MO / Amsterdam / Dublin / Frankfurt / London / Hong Kong / Tokyo/ Singapore
Oracle Certification, Support and Licensing All products certified on the Oracle Virtual Machine are now Certified on Amazon EC2 managed OVM Full Support from Oracle and AWS Standard Licensing Policies Apply Pre-built, certified AMIs for Oracle
Deploying Oracle on Amazon EC2 Step 1: Create an account at aws.amazon.com Step 2: Login to the AWS Web Console Step 3: Right-click on an Oracle AMI and click Launch Instance Step 4: Right click on your EC2 instance to SSH into your server
Virtual Machine Choices (US East) Standard High Memory High CPU Cluster Compute Small Large Extra Large XL 2 XL 4 XL Medium Extra Large 4 XL Bits 32 64 64 64 64 64 32 64 64 RAM 1.7 GB Disk 160 GB Virtual Cores EC2 Compute Units 7.5 GB 850 GB 15 GB 17.1 34.2 68.4 1.7 GB 7 GB 23 1690 GB 420 850 GB 1690 GB 350 GB 1690 GB 1690 GB 1 2 4 2 4 8 2 8 8 1 4 8 6.5 13 26 5 20 33.5 Firewall Yes Yes Yes Yes Yes Yes Yes Yes Yes On-Demand Pricing Linux Per Hour $0.08 5 $0.34 $0.68 $0.50 $1.00 $2.00 $0.17 $0.68 1.60 Windows $0.12 $0.48 $0.96 $0.62 $1.24 $2.48 $0.29 $1.16 N/A
Security and Certifications Physical Security Amazon EC2 Stateful Firewall Signed API Calls VPC Guest O/S Firewalls and Encryption Regulatory Compliance and Certifications Sarbanes-Oxley (SOX) SAS70 Type II Pursuing ISO 27001 PCI and HIPAA compliant applications deployed on AWS Security Whitepaper available at aws.amazon.com/security 16
Virtual Everything (Almost) Virtual Computers Web Security Group Availability Zone App Security Group EC2 EC2 EC2 EC2 EC2 EC2 Virtual Firewall DB Security Group EC2 EC2 EC2 Internet Virtual Network
Amazon VPC Architecture Customer s isolated AWS resources Subnets VPN Gateway Router Secure VPN Connection over the Internet Amazon Web Services Cloud Customer s Network
AWS Customers Using Oracle Data Guard Advanced Innovations hosts their entire Oracle Applications and Technology platform on Amazon EC2 Deloitte Consulting uses AWS for Client Proofof-Concept Environments Blue Gecko created Disaster Recovery, Test and Development Oracle E-Business Suite Environments for SAGE Manufacturing on Amazon EC2 Amazon.com is in the process of moving to AWS. We use Oracle Data Guard and the Oracle Secure Backup Cloud Module
Blue Gecko addressed Sage Manufacturing s challenges by deploying environments for them on Amazon Web Services using the Amazon Elastic Compute Cloud, Elastic Block Storage, Virtual Private Cloud and Simple Storage Services. Using these technologies along with Oracle Data Guard, Blue Gecko built a secure, complete disaster recovery environment in a matter of days without investing in new hardware. Chuck Edwards, President, Blue Gecko What Blue Gecko Is Saying 20
Implementing Oracle Data Guard on Amazon Web Services 21
On-Premise Primary & VPC Standby Replicate Database for Excellent RPO Pre-defined machine images for app tier Low-cost D/R solution with great data protection Very easy to clone and test switchover 22
Primary & Standby in the Cloud Replicate Database to meet Recovery Point Objective Deploy on different Availability Zones for in-cloud D/R Low-cost D/R solution with great data protection 23
Multi-Region Cloud Primary & Standby Replicate to one or more geographic regions Place standby close to secondary facilities, potentially leveraging Active Data Guard 24
Deloitte Solutions Network (SNET) Disaster Recovery POC on Amazon EC2 September 2010
Agenda Solutions Network Profile Oracle E-Business Suite R12 POC Amazon Public Cloud Custom Application POC Hybrid Cloud Data Guard Configuration What We Learned Environment and configuration details Q&A 2010 Deloitte Global Services Limited
Solutions Network (SNET) The SNET is a Technology Center of Expertise that combines highly skilled technical resources with a Tier 3 data center that helps Deloitte practice sell and deliver projects, manage investments, and enable our practitioners with the right skills at the right place at the right time. Why this POC? Establish production like capabilities Production configuration High availability Production like SLA s Disaster recovery and data protection Capture effort, skill set and cost estimates Host long term environments on Amazon EC2 Develop leading practices DR process and procedure on Amazon cloud Document configurations for repeatable deployments 2010 Deloitte Global Services Limited
Oracle E-Business Suite R12 POC Amazon Public Cloud Technology Components Amazon EC2 instance Amazon Elastic Load Balancer Amazon Region and Availability Zones Amazon EC2 Security Groups Amazon Elastic IP Oracle E-Business Suite R12 Oracle Secure Backup Cloud Module Oracle Database 11g Oracle Advanced Security Options Oracle Data Guard Oracle Transparent Data Encryption Oracle Enterprise Linux IP tables, NFS * Expertise Oracle E- Business Suite Oracle RDBMS and Data Guard Oracle Enterprise Linux Administration Amazon Web Services EC2 2010 Deloitte Global Services Limited
Oracle E-Business Suite R12 POC Amazon Public Cloud 2010 Deloitte Global Services Limited
Custom Application POC Hybrid Cloud Technology Components Amazon Virtual Private Cloud Oracle 11g RDBMS Oracle Data Guard Oracle Secure Backup Cloud Module TSM Backup Monitoring tools Expertise Oracle Database 11g and Data Guard Oracle Enterprise Linux Administration Network and Firewall Amazon Web Services EC2 VPC 2010 Deloitte Global Services Limited
Custom Application Hybrid Cloud 2010 Deloitte Global Services Limited
Data Guard Configuration Prepare primary database Enable logging Add standby redo logs Add data guard parameters to init.ora/spfile Update tnsnames.ora and listener.ora Prepare standby database environment Install or clone the Oracle home Copy password file (orapwdsid) from primary database Add data guard parameters to init.ora/spfile Update tnsnames.ora and listener.ora Create standby database using RMAN Duplicate target database for standby Configure data guard broker Setup database parameters on primary and standby database init.ora/spfile Create data guard configuration for primary and standby using dgmgrl Setup StaticConnectIdentifier for primary and standby Enable data guard configuration Show configuration should return success 2010 Deloitte Global Services Limited
What We Learned Assessment : Understand the business goals, risk, characteristics of your application and SLA requirements Security : Requirements will vary when deployed in the public or hybrid cloud compared to all in-house Network : Review your application network latency and bandwidth requirements Monitoring : We can monitor instances in the Amazon Virtual Private Cloud using our existing tools, however we were unable to use the tools on Amazon EC2 Cloud Backups : An instance in the VPC can be backed up either to S3 (with OSB Cloud Module) or to existing enterprise backup solution. Standby Database : Creation and switchover faster on EC2 to EC2 as compared to in-house to VPC Configuration : Configuring Data Guard on Amazon EC2 or Virtual Private Cloud is not any different from traditional in-house configuration Firewall : Applications or services running on non standard ports on Amazon EC2 will require additional ports to be opened on the corporate firewall. Configuration Guide : http://tinyurl.com/s316930-deloitte (PDF) 2010 Deloitte Global Services Limited
Environment & configuration details Primary Server : ebdr12prm Primary Database : VIS #Primary init.ora: LOG_ARCHIVE_DEST_1='LOCATION=/data/oracle/VIS/db/archive VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=VIS' LOG_ARCHIVE_CONFIG='DG_CONFIG=(VIS,VISSTB)' DB_FILE_NAME_CONVERT='VIS','VIS' FAL_CLIENT='VIS' FAL_SERVER='VISSTB' log_archive_dest_2='service=visstb VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=VISSTB' LOG_ARCHIVE_DEST_STATE_1='ENABLE' log_archive_dest_state_2='enable' log_archive_format='%t_%s_%r.arc' LOG_FILE_NAME_CONVERT='VIS','VIS' remote_login_passwordfile='exclusive' SERVICE_NAMES='VIS' STANDBY_FILE_MANAGEMENT='AUTO' db_unique_name=vis global_names=true DG_BROKER_START=TRUE DG_BROKER_CONFIG_FILE1='/data/oracle/VIS/db/tech_st/11.1.0/dbs/D GCVIS1.dat' DG_BROKER_CONFIG_FILE2='/data/oracle/VIS/db/tech_st/11.1.0/dbs/D GCVIS2.dat' Standby server : ec2r12ebsdbs Standby Database: VISSTB #Standby init.ora: LOG_ARCHIVE_DEST_1='LOCATION=/data/oracle/VIS/db/archive VALID_FOR=(ALL_LOGFILES,ALL_ROLES) DB_UNIQUE_NAME=VISSTB' LOG_ARCHIVE_CONFIG='DG_CONFIG=(VIS,VISSTB)' DB_FILE_NAME_CONVERT='VIS','VIS' FAL_CLIENT='VISSTB' FAL_SERVER='VIS' log_archive_dest_2='service=vis VALID_FOR=(ONLINE_LOGFILES,PRIMARY_ROLE) DB_UNIQUE_NAME=VIS' LOG_ARCHIVE_DEST_STATE_1='ENABLE' log_archive_dest_state_2='defer' log_archive_format='%t_%s_%r.arc' LOG_FILE_NAME_CONVERT='VIS','VIS' remote_login_passwordfile='exclusive' SERVICE_NAMES='VISSTB' STANDBY_FILE_MANAGEMENT='AUTO' db_unique_name=visstb global_names=true DG_BROKER_START=TRUE DG_BROKER_CONFIG_FILE1='/data/oracle/VIS/db/tech_st/11.1.0/d bs/dgcvis1.dat' DG_BROKER_CONFIG_FILE2='/data/oracle/VIS/db/tech_st/11.1.0/d bs/dgcvis2.dat' 2010 Deloitte Global Services Limited
Environment & configuration details Primary Server : ebdr12prm Primary Database : VIS #Primary listener.ora: VIS = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = Ebsr12prm) (PORT = 1526)) ) ) (SID_LIST = (SID_DESC = ) (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) (SID_DESC = ) (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) (GLOBAL_DBNAME=VIS_DGMGRL) (SID_DESC = (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) (GLOBAL_DBNAME=VIS_DGB) Standby server : ec2r12ebsdbs Standby Database: VISSTB #Standby listener.ora: VIS = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ec2r12ebsdbs)(port = 1526)) ) ) SID_LIST_VIS = (SID_LIST = (SID_DESC = (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) ) (SID_DESC = (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) (GLOBAL_DBNAME=VISSTB_DGMGRL) ) (SID_DESC = (ORACLE_HOME= /data/oracle/vis/db/tech_st/11.1.0) (SID_NAME = VIS) (GLOBAL_DBNAME=VISSTB_DGB) 2010 Deloitte Global Services Limited
Environment & configuration details Primary Server : ebdr12prm Primary Database : VIS #Primary tnsnames.ora: VISSTB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ec2r12ebsdbs)(port = 1526)) ) ) (CONNECT_DATA = (SID = VIS) VIS = (DESCRIPTION = ) (ADDRESS = (PROTOCOL = TCP)(HOST = ebsr12prm)(port = 1526)) (CONNECT_DATA = ) (SID = VIS) Standby server : ec2r12ebsdbs Standby Database: VISSTB #Standby tnsnames.ora: VISSTB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ec2r12ebsdbs)(port = 1526)) (CONNECT_DATA = (SID = VIS) ) ) VIS = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ebsr12prm.solutions.glbsnet.com)(port = 1526)) (CONNECT_DATA = (SID = VIS) ) ) 2010 Deloitte Global Services Limited
Environment & configuration details DGMGRL> show configuration Configuration Name: dgconfig Enabled: YES Protection Mode: MaxAvailability Databases: VIS - Primary database VISSTB - Physical standby database - Fast-Start Failover target Fast-Start Failover: ENABLED Current status for "dgconfig": SUCCESS DGMGRL> SHOW FAST_START FAILOVER; Fast-Start Failover: ENABLED Threshold: 6 seconds Target: VISSTB Observer: ec2r12ebsdbs Lag Limit: 45 seconds (not in use) Shutdown Primary: TRUE Auto-reinstate: TRUE Configurable Failover Conditions Health Conditions: Corrupted Controlfile YES Corrupted Dictionary YES Inaccessible Logfile NO Stuck Archiver NO Datafile Offline YES Oracle Error Conditions: (none) 2010 Deloitte Global Services Limited
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's approximately 169,000 professionals are committed to becoming the standard of excellence. This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, Deloitte Global Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing s affiliates (collectively the Deloitte Network ) are, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication. 2010 Deloitte Global Services Limited
Advanced Innovations is growing revenue at over 100% a year with virtually flat headcount and a global IT staff of two people. The only way we've been able to accomplish this is through the productivity increases and rock solid combination of Oracle Software, including Oracle Data Guard, running on Amazon Web Services. Michael Higgins, CTO of Advanced Innovations What Advanced Innovations Is Saying 41
Oracle on the Amazon Cloud Michael Higgins, SVP IT
Advanced Innovations Ltd. End-to-end Supply Chain Management 46 Staff in 5 main locations:» Alexandria, VA. USA» Huntsville, AL. USA» Chicago, IL. USA» Shenzhen, China» Limerick Ireland Road Worriers x 3
The AI Technology Stack Oracle Enterprise Linux 5.4 (AWS Kernel) Oracle Enterprise Database 11g» Data Guard, RMAN, Oracle Secure Backup Cloud Module Oracle Fusion / SOA Middleware 11g Oracle Beehive 2.0.1 Oracle IDM / SSO Oracle Web Center Oracle ebusiness Suite R12 Oracle Agile R6 Oracle Business Intelligence EE 11g Oracle Repository & Registry Oracle Grid Control 11g Oracle UPK Training tool Microsoft Active Directory
Cloud Drivers Change CAPEX to OPEX pay-per-use model Reduce I/T Infrastructure Costs to date reduction 70%» No Servers!!» No Storage systems» No network infrastructure required» No Firewalls, Proxy Servers, etc.» No Data Centre, HVAC, Insurance, etc. Scaling, scaling, scaling» No Server provision lead time» No wasted Server resources» Resource on Demand Resource on the Fly In-house Staffing» Fewer staff FTE s required (Security, Build-out, etc.)» In-house I/T staff can focus on Business requirements not plumbing
Business Continuity in the AWS Cloud
Database Protection in the Cloud Amazon Cloud AWS Import/Export USB Disk OSB Cloud Module RMAN Database Server Physical Data Guard Standby Server EBS Volumes 5 per Instance EBS Volumes 5 per Instance
Database Backup and Recovery The AI Database Backup and Recovery Hierarchy» Archive LogMode on all Production Instances» Logs stored a separate EBS volume» Flashback Recovery on All Production Instances» FRA stored on separate EBS volume» Physical Dataguard with Dynamic DNS using AWS Elastic IP s.» Physical Dataguard with zero delay for apply of logs» Nightly Hot Backup to S3 Buckets via pseudo tape drives» Reduces impact on EBS volumes» Scales as tape drive count can be increased» Checkpoint Important milestone backups exported to off-site storage» Using AWS Import/Export facility
Enhanced Cloud Security AWS Security is tighter than our existing infrastructure» Opt-in vs. Manage-out IP Address checking at the Firewall AWS locks out any possible Probe or Hack attempts Standard Mail and Web ports are open to the Internet Management ports are restricted by IP address Database communications are on a private network Simple to Configure and Manage (Web console) Not one single hacking attempt in 16 months
Key Take-aways No more excuses Deploy Disaster Recovery with no extra investment in facilities, equipment, people Deploy quickly: zero lead time required to provision No more compromises Implement best HA/DR for Oracle: Active Data Guard Deploy on robust, leading public cloud infrastructure: Amazon Web Services Bonus: mix and match locations for zero data loss, compliance These slides: http://tinyurl.com/s316930 50
Key HA Sessions, Labs, & Demos by Oracle Development Monday, 20 Sep Moscone South * 3:30p Extreme Consolidation with RAC One Node, Rm 308 4:00p Edition-Based Redefinition, Hotel Nikko, Monterey I / II 5:00p Five Key HA Innovations, Rm 103 5:00p GoldenGate Strategy & Roadmap, Moscone West, Rm 3020 Tuesday, 21 Sep Moscone South * 11:00a App Failover with Data Guard, Rm 300 12:30p Oracle Data Centers & Oracle Secure Backup, Rm 300 2:00p ASM Cluster File System, Rm 308 2:00p Exadata: OLTP, Warehousing, Consolidation, Rm 103 3:30p Deep Dive into OLTP Table Compression, Rm 104 3:30p MAA for E-Business Suite R12.1, Moscone West, Rm 2020 5:00p Instant DR by Deploying on Amazon Cloud, Rm 300 Wednesday, 22 Sep Moscone South * 11:30a RMAN Best Practices, Rm 103 11:30a Database & Exadata Smart Flash Cache, Rm 307 11:30a Configure Oracle Grid Infrastructure, Rm 308 1:00p Top HA Best Practices, Rm 103 1:00p Exadata Backup/Recovery Best Practices, Rm 103 4:45p GoldenGate Architecture, Hotel Nikko, Peninsula Thursday, 23 Sep Moscone South * 10:30a Active Data Guard Under the Hood, Rm 103 1:30p Minimal Downtime Upgrades, Rm 306 3:00p DR for Database Machine, Rm 103 Demos Moscone West DEMOGrounds Mon & Tue 9:45a - 5:30p; Wed 9:00a - 4:00p Maximum Availability Architecture (MAA) Oracle Active Data Guard Oracle Secure Backup Oracle Recovery Manager & Flashback Oracle GoldenGate Oracle Real Application Clusters Oracle Automatic Storage Management Hands-on Labs Marriott Marquis, Salon 10 / 11 Monday, Sep 20, 12:30 pm - 1:30 pm Oracle Active Data Guard Tuesday, Sep 21, 5:00 pm - 6:00 pm Oracle Active Data Guard * All session rooms are at Moscone South unless otherwise noted * After Oracle OpenWorld, visit http://www.oracle.com/goto/availability 51
52
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle. 53