Oracle Zero Data Loss Recovery Appliance



Today’s solutions for protecting business data fail to meet the needs of mission critical enterprise databases. They lose up to a day of business data on every restore, place a heavy load on production servers during backup, fail to ensure database level recoverability, and cannot scale to meet the needs of ever expanding databases. Fundamentally they treat databases as a set of disjoint files to copy, not as transactional systems with specific integrity and performance requirements.
Oracle’s Zero Data Loss Recovery Appliance is a ground-breaking data protection solution that tightly integrates with the Oracle Database in order to address these requirements head-on. It eliminates data loss exposure and dramatically reduces data protection overhead on production servers. In addition, the Recovery Appliance scales to protect thousands of databases, ensures end-to-end data validation, and implements full lifecycle protection including disk backup, tape backup, and remote replication.


Today’s Database Data Protection Problems

The fundamental problems with today’s database protection solutions stem from:
  • Backup and recovery methods that are based on decades-old nightly backups paradigm, where up to a day’s worth of data can be lost on every restore
  • High backup overhead on production servers and networks for processing all database data during backups, whether it has changed or not
  • Ever-increasing backup windows due to non-stop data growth
  • Backup appliances that cannot scale to protect the hundreds to thousands ofdatabases in the data center
  • Poor visibility and control of the full data protection lifecycle, from disk to tape to replication 

Introducing Zero Data Loss Recovery Appliance

The Oracle Zero Data Loss Recovery Appliance is the world's first engineered system designed specifically for database protection. The Recovery Appliance delivers continuous protection for critical databases while offloading all backup processing from production servers to minimize overhead.
The Zero Data Loss Recovery Appliance is massively scalable, allowing a single appliance to handle the data protection requirements of thousands of databases.
Oracle’s Zero Data Loss Recovery Appliance tightly integrates with new Recovery Appliance specific capabilities in the Oracle Database and the Recovery Manager (RMAN) backup tool to provide data protection capabilities and performance that are not possible with any other data protection solution.


Eliminate Data Loss

The principal design goal for the Recovery Appliance is to eliminate the loss of critical database data that is still possible using existing data protection solutions.
Real-time Redo Transport
Redo logging is the fundamental means of implementing transactional changes within the Oracle database. All Oracle 11g or later databases can now continuously send redo directly from in-memory log buffers to the Recovery Appliance. This provides unique real-time data protection that allows databases to be protected until the last sub-second. Since redo is sent from database shared memory, the overhead on the production systems is extremely low.
Real-Time Redo Transport was first implemented for Oracle’s Data Guard technology and has been deployed in thousands of mission-critical databases around the world. The Recovery Appliance extends this technology beyond the top tier of databases in a simple and cost-effective manner. The Recovery Appliance provides similar levels of data protection as in Data Guard today, for databases that do not necessarily require Data Guard’s fast failover and query offload capabilities.
Secure Replication
Backups on a local Recovery Appliance can be easily and quickly replicated via secure transport to a remote Recovery Appliance for protection against disasters such as site outages or regional disasters. The replication topology can be tailored to match the data center’s requirements. For example, replication can be set up in a simple one-way topology, or two Recovery Appliances can be set up to replicate to each other, or several satellite Recovery Appliances can be set up to replicate to a central Recovery Appliance. In all topologies, only changed blocks are replicated to minimize WAN network usage. 
If the local Recovery Appliance is not available, restore operations can run directly from the remote Recovery Appliance without staging the data locally.



Autonomous Tape Archival
Tape offers a very low cost solution for long-term data retention and archival. It also provides low-cost unalterable protection from intentional attacks by hackers or employees, production software/hardware malfunctions, and accidental data deletion. However, the requirement for periodic full backups to tape imposes high overhead on production systems.
The Recovery Appliance automates and offloads full and incremental backups to tape, completely eliminating the impact of tape backup on production database systems. 16Gb Fibre Channel Adapters can be optionally added to the Recovery Appliance to send data directly from the Recovery Appliance to tape libraries, using the included and highly integrated Oracle Secure Backup media management software.
Tape archival offload is a significant Recovery Appliance differentiator compared to today’s backup solutions. It allows businesses to continue to use their existing tape libraries while eliminating tape backup overhead on production systems. Expensive media manager database backup agents are no longer needed on production servers. Because all tape activity is offloaded to the Recovery Appliance, tape drives can now run all day without slowing production systems, which enables better utilization of tape drives and lower costs.
All tape hardware products supported by Oracle Secure Backup, including Oracle’s StorageTek Tape, are supported by the Recovery Appliance. Alternatively, other vendors’ tape backup agents may be deployed on the Recovery Appliance for integration with existing tape backup software, media servers, and processes.



Recovery Reassurance: End-to-End Data Validation
The Recovery Appliance understands internal Oracle database block formats, which enables deep levels of data validation. All backup data and redo blocks are automatically validated as they are received by the Recovery Appliance, as they are copied to tape, and as they are replicated. In addition, backup blocks are also periodically validated on disk. This ensures that recovery operations will always restore valid data – another unique differentiator that is only possible because of the Recovery Appliance’s deep database integration. If a corruption is discovered during validation, the Recovery Appliance’s underlying storage software automatically reads the good block from a mirrored copy and immediately repairs the corrupted block.
In addition, the Recovery Appliance storage software performs periodic inspections of the underlying hard disks. If bad sectors are detected, they are immediately repaired from a mirrored copy.


Minimal Impact Backups

Despite the requirement for 24x7 operations, many businesses still need to reserve multi-hour backup windows during which production jobs are minimized. Backup windows provide no immediate business benefit, but instead compete with business critical reporting and batch workloads for off-hours processing time. In an increasingly global economy, backup windows continue to shrink, while data volumes grow. 
Impact of Current Disk-Based Data Protection Solutions
Current disk-based data protection solutions impose large loads on production systems. This impact continuously increases as databases grow. Some key challenges are:
  • Most deduplication appliances require periodic full backups. Full backups read the entire database which creates a heavy impact on production storage, servers, and networks. 
  • Somededuplicatingappliancesperformsource-sidededuplicationonproduction systems to reduce network requirements. This imposes high CPU and memory loads on production servers. 
  • Incrementalbackupsarerelativelyfast,butapplyingtheincrementalbackupto restored data files during recovery is very expensive, especially as this operation usually runs across the network.
Minimal Impact Backups
The second key design goal for the Recovery Appliance is to reduce backup related processing on production database systems to the absolute minimum – transmitting only the changed data. With unnecessary backup processing eliminated, production systems can now focus on their primary goal - serving business critical workloads.
The Recovery Appliance implements an incremental-forever backup architecture to minimize impact on production systems. This architecture is based on two innovative technologies: Delta Push and Delta Store.

Delta Push

With Delta Push, protected databases only send incremental backups containing unique changes to the Recovery Appliance. There is no need for recurring full backups. Delta Push is also known as “incremental forever” because, after a one-time full backup, only incremental backups are run on production systems. Effectively, Delta Push is a highly optimized form of source-side deduplication. Changed blocks on production databases are very efficiently identified using RMAN block change tracking which eliminates the need to read unchanged data.
Special integration between protected databases and the Recovery Appliance eliminates committed undo, unused, and dropped tablespace blocks from the backup stream, significantly reducing overhead and space consumption.
Because Delta Push sends only changed data and not full backups, network traffic is greatly reduced compared to other solutions. This enables low-cost 10 Gig Ethernet to be used for backups. Expensive dedicated Fibre Channel or Fibre Channel over Ethernet backup networks are not needed. Also, minimizing network traffic allows the Recovery Appliance to be located further away from the protected databases, and even in some cases, across a WAN in a remote data center.

Delta Store

Delta Store represents the “brains” of the Recovery Appliance software engine. Delta Store validates the incoming changed data blocks, and then compresses, indexes and stores them. These changed blocks are the foundation of Virtual Full Database Backups, which are space-efficient pointer-based representations of physical full backups as of the point-in-time of an incremental backup. Virtual full backups can improve storage efficiency by 10 times or more depending on the data set and change rate of the protected database.

The space efficiency of the Delta Store architecture enables a large number of Virtual Full Backups to be kept online, greatly extending the disk based recovery window.
When a restore operation is required, Delta Store efficiently recreates a physical full backup based on the closest incremental backup time. The restore operation is supported by the massive scalability and performance of the underlying hardware architecture of the Recovery Appliance. Restoring from a Recovery Appliance eliminates the slow traditional process of restoring a full backup and then sequentially restoring and applying all relevant incremental backups.

Zero Data Loss Recovery Appliance: Technical Overview   




Most Backup Operations Offloaded

Practically all backup-related processing is offloaded to the Recovery Appliance. This includes time-consuming compression, backup deletion, validation, and maintenance operations. This frees production system resources, even outside the backup window, which increases the performance of the production systems.

To summarize, with Real-time Redo Transport and Delta Push, protected databases do the minimum possible backup-related work – transmitting only the changed data to the Recovery Appliance. All other backup and recovery related processing, including tape backup, is handled by the Recovery Appliance. This is one of the core architectural innovations of the Recovery Appliance, above and beyond today’s backup solutions.




0 Comments