Step-by-Step Guide: Configuring Zero Data Loss Autonomous Recovery Services for Oracle DBCS
Ensuring business continuity and data protection in the cloud has become mission-critical. Oracle’s Zero Data Loss Autonomous Recovery Service (ZDLARS) helps organizations protect their Autonomous Databases and DBCS (Database Cloud Services) with minimal manual effort, near-zero data loss, and automated recovery capabilities.
This blog provides a step-by-step walkthrough to configure Autonomous Recovery Services (ARS) with detailed screenshots and explanations.
Prerequisites
Before you begin:
-
You must have access to an Oracle Cloud Infrastructure (OCI) account.
-
An active DBCS (Oracle Database Cloud Service) instance.
-
Necessary permissions to create and assign IAM policies.
-
A registered private subnet is in the same region as your database.
Step 1: Create A Protection Policy for the ZDLARS
Creating a Protection Policy for Your Database Compartment in OCI
Best Practice: Use Dedicated Compartments
OCI best practices recommend creating separate compartments for different systems to maintain clean governance, improved access control, and better resource organization. This ensures that each environment—whether for dev, test, or production—is logically isolated and easier to manage.
We’ve set up a dedicated compartment to host our two-node RAC Extreme Edition database. With this structure in place, the next step is configuring a Protection Policy for this compartment.
Steps to Create a Protection Policy
-
Navigate to the Database Backup and Protection Policies Section
-
From the OCI Console, go to Database > Backup & Protection Policies.
-
-
Create a New Protection Policy
-
Click Create Protection Policy.
-
Provide a clear and descriptive name (e.g.,om_palane_db Protection Policy).
-
Select the compartment where your RAC database resides.
-
Step 2 : Create a Recovery Subnet for the database
Enabling Secure Backups with Recovery Service Subnets in OCI
When it comes to protecting your Oracle Cloud databases, network isolation plays a key role in ensuring secure and efficient backup operations. Oracle Cloud Infrastructure (OCI) addresses this through Recovery Service subnets, which establish a dedicated network path between your databases and the OCI Recovery Service.
Best Practice: Use a Private Subnet for Immutable Backups
For strong security with immutable backup, OCI requires that your database VCN includes a single, private subnet dedicated exclusively to Recovery Service backups. This subnet should not be shared with other services or applications, helping you maintain a clean and controlled environment for backup traffic.
How to Register a Recovery Service Subnet
The process is streamlined through the OCI Console:
[1]The name of the Recovery subnet is used to identify the subnet
[2]A compartment to be created, preferably in the network compartment
[3]Choose the Particular VCN that has been associated with the database; it should be your database private subnet
[4] The recovery subnet that will be used for the immutable backups (you should have created a subnet in the compartment before this registration here we are registering that subnet as the recovery service subnet.
Step 3: Create the IAM Policies for Autonomous Recovery services
Define Policies in the OCI Console
-
Navigate to Identity & Security > Policies in the OCI Console.
-
Create a new policy (or edit an existing one) with a clear name like
AUTONOMOUS_RECOVERY_SERVICES_POLICY
. -
Assign the policy at the tenancy level to ensure broad access for service operations.
Example Policy Statements
Here are some recommended statements,
Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow group <your-admin-group> to manage recovery-service-family in tenancy
Step 4: Creating the Protection Policy
Step 5: Enabling the Autonomous Recovery Section in DBCS
-
OCI will automatically perform scheduled backups when enabled according to the chosen configuration.
_AUTONOMOUS_RECOVERY_SERVICES_PROTECTION_POLICY -- the policy that we had created in the earlier steps, which has a 31-day recovery window
Select this checkbox to enable real-time redo log backups, ensuring that changes are continuously backed up between scheduled backups,, and with near-zero lag,, the logs will be applied to the backups
Retain backups according to the protection policy retention period
Backups follow the full policy period (e.g., 31 days).
Retain backups for 72 hours, then delete
Backups are kept for a short period after termination and then removed.
-
Dropdown to define the daily backup time window.
Take the first backup immediately . When this checkbox is selected, OCI initiates the first backup as soon as the configuration is saved. Useful for getting a baseline backup without waiting for the scheduled time.