Skip to main content
NetApp Solutions

TR-4964: Oracle Database backup, restore and clone with SnapCenter Services - AWS

Contributors acao8888 sufianNetApp

Allen Cao, Niyaz Mohamed, NetApp

Purpose

SnapCenter Services is the SaaS version of the classic SnapCenter database management UI tool that is available through the NetApp BlueXP cloud management console. It is an integral part of the NetApp cloud-backup, data-protection offering for databases such as Oracle and HANA running on NetApp cloud storage. This SaaS-based service simplifies traditional SnapCenter standalone server deployment that generally requires a Windows server operating in a Windows domain environment.

In this documentation, we demonstrate how you can set up SnapCenter Services to backup, restore, and clone Oracle databases deployed to Amazon FSx for ONTAP storage and EC2 compute instances. Although it is much easier to set up and use, SnapCenter Services deliver key functionalities that are available in the legacy SnapCenter UI tool.

This solution addresses the following use cases:

  • Database backup with snapshots for Oracle databases hosted in Amazon FSx for ONTAP

  • Oracle database recovery in the case of a failure

  • Fast and storage-efficient cloning of primary databases for a dev/test environment or other use cases

Audience

This solution is intended for the following audiences:

  • The DBA who manages Oracle databases running on Amazon FSx for ONTAP storage

  • The solution architect who is interested in testing Oracle database backup, restore, and clone in the public AWS cloud

  • The storage administrator who supports and manages the Amazon FSx for ONTAP storage

  • The application owner who owns applications that are deployed to Amazon FSx for ONTAP storage

Solution test and validation environment

The testing and validation of this solution was performed in an AWS FSx and EC2 environment that might not match the final deployment environment. For more information, see the section [Key Factors for Deployment Consideration].

Architecture

This image provides a detailed picture of the BlueXP backup and recovery for applications within BlueXP console, including the UI, connector and resources it manages.

This image provides a detailed picture of BlueXP backup and recovery for applications within the BlueXP console, including the UI, the connector, and the resources it manages.

Hardware and software components

Hardware

FSx ONTAP storage

Current version offered by AWS

One FSx HA cluster in the same VPC and availability zone

EC2 instance for compute

t2.xlarge/4vCPU/16G

Two EC2 T2 xlarge EC2 instances, one as primary DB server and the other as clone DB server

Software

RedHat Linux

RHEL-8.6.0_HVM-20220503-x86_64-2-Hourly2-GP2

Deployed RedHat subscription for testing

Oracle Grid Infrastructure

Version 19.18

Applied RU patch p34762026_190000_Linux-x86-64.zip

Oracle Database

Version 19.18

Applied RU patch p34765931_190000_Linux-x86-64.zip

Oracle OPatch

Version 12.2.0.1.36

Latest patch p6880880_190000_Linux-x86-64.zip

SnapCenter Service

Version

v2.3.1.2324

Key factors for deployment consideration

  • Connector to be deployed in the same VPC as database and FSx. When possible, the connector should be deployed in the same AWS VPC, which enables connectivity to the FSx storage and the EC2 compute instance.

  • An AWS IAM policy created for SnapCenter connector. The policy in JSON format is available in the detailed SnapCenter service documentation. When you launch connector deployment with the BlueXP console, you are also prompted to set up the prerequisites with details of required permission in JSON format. The policy should be assigned to the AWS user account that owns the connector.

  • The AWS account access key and the SSH key pair created in the AWS account. The SSH key pair is assigned to the ec2-user for logging into the connector host and then deploying a database plug-in to the EC2 DB server host. The access key grants permission for provisioning the required connector with IAM policy above.

  • A credential added to the BlueXP console setting. To add Amazon FSx for ONTAP to the BlueXP working environment, a credential that grants BlueXP permissions to access Amazon FSx for ONTAP is set up in the BlueXP console setting.

  • java-11-openjdk installed on the EC2 database instance host. SnapCenter service installation requires java version 11. It needs to be installed on application host before plugin deployment attempt.

Solution deployment

There is extensive NetApp documentation with a broader scope to help you protect your cloud-native application data. The goal of this documentation is to provide step-by-step procedures that cover SnapCenter Service deployment with the BlueXP console to protect your Oracle database deployed to Amazon FSx for ONTAP and an EC2 compute instance. This document fills in certain details that might be missing from more general instructions.

To get started, complete the following steps:

Solution Deployment

Prerequisites for SnapCenter service deployment

Details

Deployment requires the following prerequisites.

  1. A primary Oracle database server on an EC2 instance with an Oracle database fully deployed and running.

  2. An Amazon FSx for ONTAP cluster deployed in AWS that is hosting the database volumes above.

  3. An optional database server on an EC2 instance that can be used for testing the cloning of an Oracle database to an alternate host for the purpose of supporting a dev/test workload or any use cases that requires a full data set of a production Oracle database.

  4. If you need help to meet the above prerequisites for Oracle database deployment on Amazon FSx for ONTAP and EC2 compute instance, see Oracle Database Deployment and Protection in AWS FSx/EC2 with iSCSI/ASM or white paper Oracle Database Deployment on EC2 and FSx Best Practices

Onboarding to BlueXP preparation

Details
  1. Use the link NetApp BlueXP to sign up for BlueXP console access.

  2. Login to your AWS account to create an IAM policy with proper permissions and assign the policy to the AWS account that will be used for BlueXP connector deployment.

    Screenshot showing this step in the GUI.

    The policy should be configured with a JSON string that is available in NetApp documentation. The JSON string can also be retrieved from the page when connector provisioning is launched and you are prompted for the prerequisites permissions assignment.

  3. You also need the AWS VPC, subnet, security group, an AWS user account access key and secrets, an SSH key for ec2-user, and so on ready for connector provisioning.

Deploy a connector for SnapCenter services

Details
  1. Login to the BlueXP console. For a shared account, it is a best practice to create an individual workspace by clicking Account > Manage Account > Workspace to add a new workspace.

    Screenshot showing this step in the GUI.

  2. Click Add a Connector to launch the connector provisioning workflow.

Screenshot showing this step in the GUI.

  1. Choose your cloud provider (in this case, Amazon Web Services).

Screenshot showing this step in the GUI.

  1. Skip the Permission, Authentication, and Networking steps if you already have them set up in your AWS account. If not, you must configure these before proceeding. From here, you could also retrieve the permissions for the AWS policy that is referenced in the previous section "Onboarding to BlueXP preparation."

Screenshot showing this step in the GUI.

  1. Enter your AWS account authentication with Access Key and Secret Key.

    Screenshot showing this step in the GUI.

  2. Name the connector instance and select Create Role under Details.

Screenshot showing this step in the GUI.

  1. Configure networking with the proper VPC, Subnet, and SSH Key Pair for connector access.

    Screenshot showing this step in the GUI.

  2. Set the Security Group for the connector.

    Screenshot showing this step in the GUI.

  3. Review the summary page and click Add to start connector creation. It generally takes about 10 mins to complete deployment. Once completed, the connector instance appears in the AWS EC2 dashboard.

Screenshot showing this step in the GUI.

Define a credential in BlueXP for AWS resources access

Details
  1. First, from AWS EC2 console, create a role in Identity and Access Management (IAM) menu Roles, Create role to start role creation workflow.

    Screenshot showing this step in the GUI.

  2. In Select trusted entity page, choose AWS account, Another AWS account, and paste in the BlueXP account ID, which can be retrieved from BlueXP console.

    Screenshot showing this step in the GUI.

  3. Filter permission policies by fsx and add Permissions policies to the role.

    Screenshot showing this step in the GUI.

  4. In Role details page, name the role, add a description, then click Create role.

    Screenshot showing this step in the GUI.

  5. Back to BlueXP console, click on setting icon on top right corner of the console to open Account credentials page, click Add credentials to start credential configuration workflow.

    Screenshot showing this step in the GUI.

  6. Choose credential location as - Amazon Web Services - BlueXP.

    Screenshot showing this step in the GUI.

  7. Define AWS credentials with proper Role ARN, which can be retrieved from AWS IAM role created in step one above. BlueXP account ID, which is used for creating AWS IAM role in step one.

    Screenshot showing this step in the GUI.

  8. Review and Add.
    Screenshot showing this step in the GUI.

SnapCenter services setup

Details

With the connector deployed and the credential added, SnapCenter services can now be set up with the following procedure:

  1. From My Working Environment click Add working Environment to discover FSx deployed in AWS.

Screenshot showing this step in the GUI.

  1. Choose Amazon Web Services as the location.

Screenshot showing this step in the GUI.

  1. Click Discover Existing next to Amazon FSx for ONTAP.

Screenshot showing this step in the GUI.

  1. Select the Credentials Name that you have created in previous section to grant BlueXP with the permissions that it needs to manage FSx for ONTAP. If you have not added credentials, you can add it from the Settings menu at the top right corner of the BlueXP console.

    Screenshot showing this step in the GUI.

  2. Choose the AWS region where Amazon FSx for ONTAP is deployed, select the FSx cluster that is hosting the Oracle database and click Add.

Screenshot showing this step in the GUI.

  1. The discovered Amazon FSx for ONTAP instance now appears in the working environment.

Screenshot showing this step in the GUI.

  1. You can log into the FSx cluster with your fsxadmin account credentials.

Screenshot showing this step in the GUI.

  1. After you log into Amazon FSx for ONTAP, review your database storage information (such as database volumes).

Screenshot showing this step in the GUI.

  1. From the left-hand sidebar of the console, hover your mouse over the protection icon, and then click Protection > Applications to open the Applications launch page. Click Discover Applications.

Screenshot showing this step in the GUI.

  1. Select Cloud Native as the application source type.

Screenshot showing this step in the GUI.

  1. Choose Oracle for the application type.

Screenshot showing this step in the GUI.

  1. Fill in the AWS EC2 Oracle application host details. Choose Using SSH as Host Installation Type for one step plugin installation and database discovery. Then, click on Add SSH Private Key.

    Screenshot showing this step in the GUI.

  2. Paste in your ec2-user SSH key for the database EC2 host and click on Validate to proceed.

    Screenshot showing this step in the GUI.

  3. You will be prompted for Validating fingerprint to proceed.

    Screenshot showing this step in the GUI.

  4. Click on Next to install an Oracle database plugin and discover the Oracle databases on the EC2 host. Discovered databases are added to Applications. The database Protection Status shows as Unprotected when initially discovered.

    Screenshot showing this step in the GUI.

This completes the initial setup of SnapCenter services for Oracle. The next three sections of this document describe Oracle database backup, restore, and clone operations.

Oracle database backup

Details
  1. Click the three dots next to the database Protection Status, and then click Polices to view the default preloaded database protection policies that can be applied to protect your Oracle databases.

Screenshot showing this step in the GUI.

  1. You can also create your own policy with a customized backup frequency and backup data-retention window.

Screenshot showing this step in the GUI.

  1. When you are happy with the policy configuration, you can then assign your policy of choice to protect the database.

Screenshot showing this step in the GUI.

  1. Choose the policy to assign to the database.

Screenshot showing this step in the GUI.

  1. After the policy is applied, the database protection status changed to Protected with a green check mark.

Screenshot showing this step in the GUI.

  1. The database backup runs on a predefined schedule. You can also run a one-off on-demand backup as shown below.

Screenshot showing this step in the GUI.

  1. The database backups details can be viewed by clicking View Details from the menu list. This includes the backup name, backup type, SCN, and backup date. A backup set covers a snapshot for both data volume and log volume. A log volume snapshot takes place right after a database volume snapshot. You can apply a filter if you are looking for a particular backup in a long list.

Screenshot showing this step in the GUI.

Oracle database restore and recovery

Details
  1. For a database restore, choose the right backup, either by the SCN or backup time. Click the three dots from the database data backup, and then click Restore to initiate database restore and recovery.

Screenshot showing this step in the GUI.

  1. Choose your restore setting. If you are sure that nothing has changed in the physical database structure after the backup (such as the addition of a data file or a disk group), you can use the Force in place restore option, which is generally faster. Otherwise, do not check this box.

Screenshot showing this step in the GUI.

  1. Review and start database restore and recovery.

Screenshot showing this step in the GUI.

  1. From the Job Monitoring tab, you can view the status of the restore job as well as any details while it is running.

Screenshot showing this step in the GUI.

Screenshot showing this step in the GUI.

Oracle database clone

Details

To clone a database, launch the clone workflow from the same database backup details page.

  1. Select the right database backup copy, click the three dots to view the menu, and choose the Clone option.

Error: Missing Graphic Image

  1. Select the Basic option if you don't need to change any cloned database parameters.

Error: Missing Graphic Image

  1. Alternatively, select Specification file, which gives you the option of downloading the current init file, making changes, and then uploading it back to the job.

Error: Missing Graphic Image

  1. Review and launch the job.

Error: Missing Graphic Image

  1. Monitor the cloning job status from the Job Monitoring tab.

Error: Missing Graphic Image

  1. Validate the cloned database on the EC2 instance host.

Error: Missing Graphic Image

Error: Missing Graphic Image