Oracle Data Guard

Ensuring Disaster Recovery for Enterprise Data

Wei Hu
wei.hu@oracle.com
 Oracle’s High Availability (HA)
Solution Stack
System Real Application Clusters
Failure Continuous Availability for all Applications

Unplanned Data Failure Data Guard

Downtime & Disaster Zero Data Loss

Human Error Flashback Query

Enable Users to Correct their Mistakes

System Dynamic Reconfiguration

Maintenance Capacity on Demand without Interruption
Planned
Downtime
Data Online Redefinition
Maintenance Adapt to Change Online

2
 Oracle Data Guard Focus

y Data Failures & Site Disasters:

– Data Protection
– Data Availability
– Data Recovery

Data is the core asset of

All 3 are important! the enterprise!

• Also addresses human errors & planned maintenances

3
 What Is Oracle Data Guard?

y Database software infrastructure that automates the

creation and maintenance of a duplicate, or standby
copy, of the production (or primary) database

y If the primary database becomes unavailable

(disasters, maintenance), the standby database can
be activated and can take over the data serving
needs of the enterprise

4
 Data Guard Architecture Overview
Clients Clients

Primary Standby
Site Site

Data Changes
Broker Agent

Broker Agent
Data Guard Broker
Primary Standby
Database Database

5
 How Does It Work?
y As primary database is modified, redo data is
propagated to standby databases

y Standby databases kept synchronized with primary

y Primary database is open and active; standby

database is either in recovery or open read-only /
read-write

y Standby database can be transitioned to the primary

role as necessary

6
 Data Guard Configuration
Primary Site Standby Site A

Standby Site B

Standby
Database
Primary
Database Standby
Database

y Managed as a single configuration

y Primary and standby databases can be Real Application Clusters
or single-instance Oracle
y Up to nine standby databases supported in a single configuration

7
 Oracle Data Guard Architecture
Physical Standby
Database
Sync or Async
Redo Shipping Backup
Production
Database Redo Apply
DIGITAL DATA STORAGE

Network
DIGITAL DATA STORAGE

Broker
Optional
Delay

Logical Standby
Transform Database Open for
Redo to SQL Reports

SQL
Optional Apply
Additional
Delay Indexes & MVs

8
 Oracle Data Guard Process Architecture
Oracle Net Physical/Logical
Transactions Standby
Database
LGWR
(Synchronous/Asynchronous) MRP/ LSP
RFS Affirm/
NoAffirm

Online Redo Logs

Standby
Redo
FAL Logs
Primary Backup /
Database Reports
ARCH
Transform Redo to SQL
ARCH for SQL Apply
(Synchronous)

Archived Redo Logs Archived Redo Logs

9
 Data Guard Redo Apply
Data Guard Broker

Primary Physical Standby

Database Database
Optional
Delay
Backup

Network DIGITAL DATA STORAGE

Redo Apply
Sync or Async
Redo Shipping

y Physical Standby Database is a block-for-block copy of the primary database

y Uses the database recovery functionality to apply changes
y Can be opened in read-only mode for reporting/queries
y Can also perform backup, offloading production database

10
 Data Guard SQL Apply
Additional
Indexes &
Data Guard Broker Materialized Views
Primary
Database Logical Standby
Database
Optional
Delay
Continuously
Network Open for Reports

Sync or Async
Redo Shipping Transform Redo
to SQL and Apply

y Logical Standby Database is an open, independent, active database

ƒ Contains the same logical information (rows) as the production database
ƒ Physical organization and structure can be very different
ƒ Can host multiple schemas
y Can be queried for reports while logs are being applied via SQL
y Can create additional indexes and materialized views for better query performance

11
 Standby Databases Are Not Idle
Standby
Server Read-Only / Read-Write

Reporting

Backups
Standby Tape
Database

Standby database can be used to

offload the primary database, increasing the ROI

12
 Cascaded Redo Log Destinations
y Standby database receives its redo data from another standby database
and not from the original primary database
y Primary database sends a set of redo data to only selected standby
databases and not to all standby databases
y Reduces the load on the primary system, and also reduces network
traffic and use of valuable network resources around the primary site

Redo Data Retransmitted

Primary Physical Physical
Database Standby Standby
Database Database

13
 Protection from Human Errors
and Data Corruptions
Primary Site Standby Site

Standby
Production
Database
Database
Optional Delayed Apply

y The application of changes received from the primary can be

delayed at standby to allow for the detection of user errors and
prevent standby to be affected

y The apply process also revalidates the log records to prevent

application of any log corruptions

14
 Switchover and Failover
y Primary and Standby role transitions
y Switchover
– Planned role reversal
– No database reinstantiation required
– Used for maintenance of OS or hardware
y Failover
– Unplanned failure (e.g. disasters) of primary
– Primary database must be reinstantiated
y Initiated using simple SQL / GUI interface
y Data Guard automates the processes involved

15
 Failover Example

16
 Flexible Data Protection Modes

Protection Mode Risk of Data Loss Redo Shipment

Maximum Protection Zero Data Loss Synchronous redo

Double Failure Protection shipping to 2 sites

Maximum Availability Zero Data Loss Synchronous redo

Single Failure Protection shipping

Maximum Performance Minimal data loss – Asynchronous redo

usually 0 to few seconds shipping

Balance cost, availability, performance, and transaction protection

17
 Maximum Protection Mode

Protection Mode Risk of Data Loss Redo Shipment

Maximum Protection Zero Data Loss Synchronous redo

Double Failure Protection shipping to 2 sites

y Highest level of data protection

y Configuration: LGWR SYNC, SRLs
y Enforces protection of every transaction
y If last standby is unavailable, processing stops at primary
y Good for financial systems where no data loss is acceptable

ALTER DATABASE SET STANDBY TO MAXIMIZE PROTECTION;

18
 Maximum Availability Mode

Protection Mode Risk of Data Loss Redo Shipment

Maximum Availability Zero Data Loss Synchronous redo

Single Failure Protection shipping

y Enforces protection of every transaction

y Configuration: LGWR SYNC, do not need SRLs
y If last standby is unavailable, processing continues at primary
y When the standby becomes available again, synchronization with
the primary is automatic

ALTER DATABASE SET STANDBY TO MAXIMIZE AVAILABILITY;

19
 Maximum Performance Mode

Protection Mode Risk of Data Loss Redo Shipment

Maximum Performance Minimal data loss – Asynchronous redo

usually 0 to few seconds shipping

y Highest level of performance

y Configuration: LGWR ASYNC, or ARCH
y Protects from failure of any single component
y Least impact on production system
y Useful for applications that can tolerate some data loss

ALTER DATABASE SET STANDBY TO MAXIMIZE PERFORMANCE;

20
 Automatic Gap Resolution &
Resynchronization
y Network connectivity problems may cause gaps in
the sequence of log files in the standby
y Data Guard automatically takes care of these gaps
– Automatic Gap Handling
– FAL (Fetch Archive Log) Gap Handling

21
 GAP Resolution
y Automatic
– ARCH process idling away on the primary ‘pings’ all enabled
standbys on a regular basis to see if they are missing any redo
data
– If so it sends them the missing redo data

y FAL
– Gap discovered during apply process in physical standby
– Based on FAL_SERVER and FAL_CLIENT settings, primary
notified, and it sends missing redo data

22
 Oracle Data Guard Broker

y Distributed management framework that automates

and centralizes the creation, maintenance, and
monitoring of Data Guard configurations

y Management operations can be performed locally or

remotely through the Broker's easy-to-use interfaces:
– GUI-based Oracle Data Guard Manager
– Data Guard command-line interface

23
 Data Guard Broker Architecture
Job Event Security Discovery
Service Service Service Service

Oracle Management Server

Data Guard
Manager

OEM Data OEM Data OEM Data

Agent Guard Agent Guard Agent Guard
Broker Broker Broker Repository

Primary Physical Logical

Database Standby Standby
Database Database

24
 Data Guard Manager

y Simple, easy-to-use management and monitoring interface

25
 Local and Remote Standby Databases
y Oracle Data Guard configuration can support both local and
remote standby databases

y Local standby database

– Human error and data corruption protection
– Appropriate for highest data protection modes
– LAN links are cheap, reliable, have high bandwidth and low latency
– Switchover operations are very fast

y Remote standby database

– Best solution for disaster recovery
– WAN links are generally more expensive, less reliable, have lower
bandwidth and higher latency than LAN links
– Suitable for highest performance asynchronous data protection mode

26
 Usage Examples
Chicago Dallas Example B

Standby machine must be powerful

Primary Standby
Database Database
enough to support multiple production
instances after switchover / failover

Primary Primary
Standby Database
Primary Site A Standby
Database Database Database

Primary Primary Standby

Database Database
Maximize primary and Site B
standby resources

Standby
Database
Primary Primary
Example A Site C Database

Standby Site

27
 Usage Examples
Standby Site A Synchronous transport
Primary Site LAN attached
Used to offload backups
First choice for switchover candidate

Standby
Database
Standby Site B
Primary
Database
Synchronous transport
LAN attached
Used to offload reporting

Standby
Database
Standby Site C

Standby
Database
Example C Asynchronous transport
WAN attached
Delayed apply
Provides DR and data protection

28
 Data Guard and RAC
y Data Guard and Real Application Clusters are complementary and
should be used together for a Maximum Availability Architecture

y Real Application Clusters provides high availability

– Provides rapid and automatic recovery from node failures or an
instance crash
– Provides increased scalability

y Data Guard provides disaster protection and prevents data loss

– By maintaining transactionally consistent copies of primary database
– Protects against disasters, data corruption and user errors
– Does not require expensive and complex HW/SW mirroring

29
 Data Guard and Streams
y Streams and Data Guard are independent features of Oracle Database
Enterprise Edition, based on some common underlying technology

y Data Guard: Disaster Recovery & Data Protection

– Transactionally consistent standby databases
– Zero data loss
– Automated switchover/failover
– Various data protection modes

y Streams: Information Sharing/Distribution

– Fine granularity and control over what is replicated
– Bi-directional replication
– Data transformations
– Heterogeneous platforms

y Because of business requirements, customers may choose to use Streams

for DR/HA, and Data Guard SQL Apply for information distribution

30
 Financial Services Company Using Data Guard & Streams

Streams
Master for information
Database distribution

Data Feed

Data Guard Data Transformation

for DR

Product Delivery Databases

for Client Access

Physical Standby Database

31
 Data Guard and Remote Mirroring

y Remote Mirroring is another way to protect

enterprise data
y Host-based and storage based
y Is a physical bit-for-bit copy
y The copy can be remote
y Is this a good substitute?

32
 Data Guard and Remote Mirroring

y Better protection
– Redo is validated logically
y Greater efficiency
– Only redo is transferred instead of entire disk
block (7x bandwidth savings, 27x network I/Os)
y Cheaper
– No reliance on specialized hardware
y Remote mirroring is useful for non-Oracle
data

33
 Why Oracle Data Guard?
1. Disaster Recovery & High Availability
– Easy failover/switchover between primary and standby databases

2. Complete data protection

– Enables zero data loss, safeguard against data corruptions

3. Efficient utilization of system resources

– Standby databases can be used for reporting, backups, queries

4. Balance data availability against performance

– Flexible data protection/synchronization modes

5. Automatic resynchronization after restoration of network connectivity

– Automatic archive gap detection and resolution with no manual intervention

6. Centralized and simple management

– Graphical interface for management and monitoring

34
 Resources
y HA Portal on OTN: http://otn.oracle.com/deploy/availability/

y Maximum Availability Architecture (best practice

recommendations on Data Guard + RAC configuration):
http://otn.oracle.com/deploy/availability/htdocs/maa.htm

y Disaster Recovery page on OTN:

http://otn.oracle.com/deploy/availability/htdocs/dr_overview.html

y Data Guard Technical White Paper on OTN:

http://otn.oracle.com/deploy/availability/pdf/DG92_TWP.pdf

y Data Guard Technology Overview Presentation on OTN:

http://otn.oracle.com/deploy/availability/pdf/DataGuardTechnologyOverview.pdf

35