Disaster recovery is the process of preparing for and responding to disasters. A well-designed disaster recovery plan ensures that you can recover quickly from a disaster and continue to serve your users. A disaster can be anything that threatens your application, from a network outage to device and application failures to a natural disaster. Oracle Analytics Cloud (OAC) requires a minimum of 99 service-level agreements9% availability. Despite service-level agreements regarding OAC availability, for some organizations, statutory audit obligations require you to have a disaster recovery instance. As a result, you're responsible for disaster recovery planning. Oracle Cloud Infrastructure (OCI) provides highly available and scalable infrastructure and services that enable you to design disaster recovery topologies. This reference architecture provides architecture and guidance for using OAC instances for disaster recovery. In this world, the only constant is change. The challenge is not only how to serve customers faster and better, but also how to stay operational in times of crisis. Whether it's a network outage, equipment failure, or a natural disaster, every risk can be a stumbling block to your business. But with Oracle Cloud Infrastructure (OCI), you have a powerful shield to keep your business safe from storms. This architecture illustrates a multi-tier topology with redundant resources spread across two Oracle Cloud Infrastructure (OCI) regions. The following diagram illustrates two variants of this reference architecture: an OAC private instance is not accessible from the public internet, so it requires an OCI public load balancer to facilitate access. The IP address of the public load balancer will be added to the DNS registrar:
An OAC public instance can be accessed directly from the internet. The OAC public IP address will be configured directly at the DNS registrar
These schemas contain the following components:TenantsA tenant is a secure, separate partition that Oracle sets up in the Oracle Cloud when you sign up for Oracle Cloud Infrastructure (OCI). You can create, organize, and manage resources in Oracle Cloud within your tenant. A tenant can be synonymous with a company or organization. Typically, a company will have a tenant within which its organizational structure is reflected. A single tenant is typically associated with a single subscription, and a single subscription typically has only one tenant. areaAn Oracle Cloud Infrastructure Region is a geographic region that contains one or more data centers called Availability Domains. Regions are independent of other regions and can be far apart (across countries or even continents). PartitioningA partition is a cross-region logical partition within an Oracle Cloud Infrastructure tenant. Use partitions to organize resources in Oracle Cloud, control access to resources, and set usage quotas. To control access to resources within a specific partition, you need to define policies that specify who can access resources and what actions they can perform. Availability domainsAn availability domain is a separate, independently operating data center within a region. The physical resources within each availability domain are isolated from the resources of other availability domains, providing fault tolerance. Availability domains do not share networks such as power or cooling facilities, or internal availability domains. As a result, the failure of one availability domain is unlikely to affect other availability domains within that region. Fault domainsFault domains are groupings of hardware and infrastructure within an availability domain. Each availability domain has three fault domains, with independent power and hardware. When you distribute resources across multiple fault domains, your application can withstand physical server failures, system maintenance, and power failures within the fault domains. Virtual Cloud Networks (VCNs) and SubnetsA VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks, and you can change them after you create the VCN. You can divide a VCN into subnets, which can be constrained to a region or an availability domain. Each subnet consists of contiguous address ranges that do not overlap with other subnets in the VCN. You can change the size of the subnet after it has been created. Subnets can be public or private. Load balancingdeviceOracle Cloud Infrastructure Load Balancing provides automatic traffic distribution from a single point of entry to multiple backend servers. Load balancers provide access to different applications. For each subnet, you can create security rules that specify the traffic, destination, and type of traffic that must be allowed to and from the subnet. NAT GatewayNAT gateways enable private resources in the VCN to access hosts on the internet without exposing those resources to incoming internet connections. Services GatewayServices Gateway provides access from the VCN to other services, such as Oracle Cloud Infrastructure Object Storage. Traffic from the VCN to Oracle services travels through the Oracle network fabric and never traverses the Internet. Cloud GuardYou can use Oracle Cloud Guard to monitor and maintain the security of resources in Oracle Cloud Infrastructure. Cloud Guard uses detector recipes that you can define to check your resources for security weaknesses and monitor high-risk activities for operators and users. When any misconfigured or unsafe activity is detected, Cloud Guard recommends corrective actions and assists in taking those actions based on responder recipes that you can define. Safe areaSecurity zones are ensured from the outset to follow Oracle's best security practices, applying to entire partitions by enforcing policies such as encrypting data and preventing public access to the network. A security zone is associated with a partition with the same name and includes a security zone policy or "recipe" that applies to that partition and its subzones. Standard partitions can't be added or moved to security zone partitions. Object storageObject storage provides fast access to large volumes of structured and unstructured data for any content type, including database backups, analytics data, and rich content such as images and**. You can store your data safely and securely and then retrieve it directly from within the internet or cloud platform. You can seamlessly scale your storage without experiencing performance degradation or service reliability. Use standard storage as the "hot" storage you need for fast, instant, and frequent access. Use archive storage as "cold" storage that you retain for a long time and have little or no access. fastconnectOracle Cloud Infrastructure FastConnect provides an easy way to create a private, private connection between your data center and Oracle Cloud Infrastructure. FastConnect offers higher bandwidth options and a more reliable network experience compared to internet-based connections. Local Peer Gateway (LPG).LPG allows you to peer one VCN in the same region with another VCN. A peering connection means that the VCN communicates using a private IP address and the traffic is not routed through the internet or through your local network. Autonomous DatabaseOracle Cloud Infrastructure Autonomous Database is a fully managed, preconfigured database environment that you can use for transaction processing and data warehousing workloads. You don't need to configure or manage any hardware, and you don't need to install any software. Oracle Cloud Infrastructure is responsible for creating databases, as well as backing up, patching, upgrading, and tuning databases. Oracle Analytics CloudOracle Analytics Cloud is a scalable and secure public cloud service that provides you, your workgroup, and your enterprise with a complete set of capabilities to explore and execute collaborative analytics. With Oracle Analytics Cloud, you also get flexible service management capabilities, including fast setup, easy scaling and patching, and automated lifecycle management. At the time of writing, OAC is available in multiple Oracle Cloud Infrastructure Gen 2 regions in North America, EMEA, Asia Pacific, and Latin America. Object storageObject storage provides fast access to large volumes of structured and unstructured data for any content type, including database backups, analytics data, and rich content such as images and**. You can store your data safely and securely and then retrieve it directly from within the internet or cloud platform. You can seamlessly scale your storage without experiencing performance degradation or service reliability. Use standard storage as the "hot" storage you need for fast, instant, and frequent access. Use archive storage as "cold" storage that you retain for a long time and have little or no access. The architecture shows that object storage in the primary region is automatically replicated to the standby region by using a cross-region replication strategy. DatabasesThe schema includes a database within each region. Use Oracle Data Guard for data replication to ensure that the standby database is a transactionally consistent copy of the primary database. Data Guard automatically maintains synchronization between databases by transferring and applying redo data from the primary database. In the event of a disaster in the primary region, Data Guard automatically fails over to the standby database. Dynamic Routing Gateway (DRG).A DRG is a virtual router that provides a path for private network traffic between a VCN and an out-of-region network, such as a VCN, an on-premises network, or another cloud provider's network in another Oracle Cloud Infrastructure region. When designing a disaster recovery topology for Oracle Analytics Cloud, use the following recommendations as a starting point. Your needs may differ from the architecture described here. vcnWhen you create a VCN, determine the number of CIDR blocks you need and the size of each block based on the number of resources you plan to attach to the VCN subnet. CIDR blocks within a standard private IP address space are used.
Select CIDR blocks that do not overlap with any other networks you intend to have a private connection to (at Oracle Cloud Infrastructure, your on-premises data center, or other cloud providers).
Once the VCN is created, you can change, add, and remove its CIDR blocks.
When designing your subnets, consider your traffic flow and security needs. Attach all resources within a specific tier or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
SafetyProactively monitor and maintain the security of resources in Oracle Cloud Infrastructure with Oracle Cloud Guard. Cloud Guard uses detector recipes that you can define to check your resources for security weaknesses and monitor high-risk activities for operators and users. When any misconfigured or unsafe activity is detected, Cloud Guard recommends corrective actions and assists in taking those actions based on responder recipes that you can define.
For resources that require the highest level of security, Oracle recommends that you use secure zones. A security zone is a partition associated with a security policy recipe defined by Oracle based on best practices. For example, resources in a secure zone must not be accessible from the public internet and must be encrypted with a customer-managed key. When creating and updating resources in a security zone, Oracle Cloud Infrastructure validates the operation against the policies in the security zone recipe and rejects any policy violations.
Cloud GuardClone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security breach generates a warning and what actions are allowed to be taken on it. For example, you might want to detect an Object Storage bucket that has visibility set to public. Apply Cloud Guard at the tenant level to cover the widest reach and reduce the administrative burden of maintaining multiple configurations. You can also use the Managed List feature to apply specific configurations to detectors. Safe areaFor resources that require the highest level of security, Oracle recommends that you use secure zones. A security zone is a partition associated with a security policy recipe defined by Oracle based on best practices. For example, resources in a secure zone must not be accessible from the public internet and must be encrypted with a customer-managed key. When creating and updating resources in a security zone, Oracle Cloud Infrastructure validates the operation against the policies in the security zone recipe and rejects any policy violations. Network Security Group (NSGS).You can use NSGS to define a set of inbound and outbound rules that apply to a specific VNICS. We recommend using NSGS instead of security lists because NSGS enables you to decouple the subnet architecture of your VCN from the security needs of your application. You can use NSGS to define a set of inbound and outbound rules that apply to a specific VNICS. We recommend using NSGS instead of security lists because NSGS enables you to decouple the subnet architecture of your VCN from the security needs of your application. Load balancingbandwidthWhen you create a load balancer, you can choose a predefined shape that provides fixed bandwidth, or specify a custom (flexible) shape where you set the bandwidth range and have the service automatically scale the bandwidth based on traffic patterns. Either way, you can change the shape of the load balancer at any time after you create it. dnsResolutionBy default, the Internet and VCN resolvers do not allow instances to resolve the hostnames of on-premises network hosts that connect to your VCN via site-to-site VPN or Fastconnect. This can be achieved by using a custom parser or configuring a private DNS resolver with a VCN. Snapshot backupsOracle recommends that you take snapshots at important checkpoints; For example, before you make significant changes to your content or environment. In addition, Oracle recommends that you take weekly snapshots on a regular basis or at a frequency that you customize, depending on the rate at which your environment changes and rollback requirements or RPO schedules. Use object storage to store snapshot files. Web Application Firewall (wafOracle recommends that you use the Oracle Cloud Infrastructure Web Application Firewall in this architecture. A WAF is a zone-based edge execution service that is attached to an execution point, such as a load balancer or web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can secure any internet-facing endpoint, providing consistent rule enforcement for customer applications. When deploying this reference architecture, consider the following points. PerformanceWhen planning for recovery point objectives (RPOs) and recovery time objectives (RTOs), consider the time required to replicate volume backups across regions. AvailabilityYou can use custom DNS domain settings to redirect client traffic to the current production region after failover. CostIn a failover from the primary region to the standby region, you can save about 80% of the cost by using a second instance. Because the second instance can be in paused mode. DatabasesYour database** already has a disaster recovery program in place; For example, use Oracle Data Guard to synchronize databases. Virtual URLsYou'll need to meet the prerequisites for your virtual URL, such as a custom domain name and certificate. ConfigurationThe following configurations in the primary and secondary instances are not saved by the snapshot backup, so you need to synchronize them according to the change management process. Virus scanner configuration.
Mail server configuration.
Other saved snapshots in the source environment.
Users (and groups).
Identity management configuration (e.g. SSO).
Network configuration. Database connectionYour RPD database connection to the primary and secondary databases should be the same. DeploymentThe steps to deploy this architecture are beyond the scope of this document. See Oracle Analytics Cloud's Disaster Recovery Configuration for complete deployment guidance. As an Oracle Premier Partner, Agilewing is redefining the way enterprises experience Oracle Cloud Services. With its streamlined account opening process and best-in-class technical support, Agilewing transforms the complex process of account opening and operation into an easy, intuitive experience. With our one-stop shop, you can quickly get up and running with the full range of Oracle Cloud services, so you can seamlessly integrate into the cloud. Agilewing's AgileCDN service, combined with OCI's cloud-based services, provides a best-in-class global content acceleration solution. A strong network of more than 2,800 global POP nodes and 7,000 direct connection points ensures efficient and stable operation no matter where your business expands to the world. Leveraging the advanced technology of Oracle Cloud, Agilewing is committed to simplifying the process of cloud service building, cloud migration, and business going global. "Our partnership model provides customers with cost-effective solutions that allow them to focus more on their core business while enjoying the high performance and security of Oracle Cloud." Oracle Cloud Service, as a promising field, opens the door to new opportunities for enterprises with its high performance, security, and globally consistent service standards. Through Agilewing's professional services, both individual users and enterprises can easily enter this new era full of technological innovation and high performance. Let Agilewing start exploring Oracle Cloud Services and open the door to a whole new world today.