Oracle Database Disaster Recovery on IBM PowerVS Cross Region
Architecture diagram
The reference architecture covers a solution overview and details on how to design an Oracle Disaster recovery deployable architecture on IBM Power Virtual Server environment.
This reference architecture assumes that there are more non-Oracle Database x86 workloads that are hosted in the IBM Cloud VPC environment. The key components outlined here are required for an Oracle Database deployment on Power Virtual Server and x86 workloads on VPC in two IBM regions.
The following figure describes an architecture approach for deploying a disaster recovery solution for Oracle Database across IBM PowerVS regions.
Deploying environments in this reference architecture
-
VPC environment
- Edge VPC cluster: Hosts security components, firewall, and other edge services that are essential for a secure environment.
- Management VPC cluster: Hosts all the management tool stacks that are needed to manage VPC and PowerVS environments.
- Workload VPC cluster: The location where the IBM VPC virtual server instance (VSI) workloads are hosted(includes x86 workloads).
- Transit gateway: Used to connect VPC and Power Virtual workspace.
- Direct Link: Used to connect to IBM Cloud from the customer’s existing data center and other regional offices.
- VPN connection: The connection for managed services to provide cloud-managed operations.
- Load Balancer: An option if the customer needs a private application load balancer.
- Cloud internet Service: An option if public global load balancing or DDoS services are needed.
- Virtual Private end points: Used for connecting to IBM Cloud services over the private network such as Event Streams or Cloud Object Storage.
- Monitoring tools: Tools include IBM Cloud Logs and IBM Cloud Monitoring.
- Backup Environment through IBM Storage Protect or Veeam
-
Power VS Environment
- Workload Power VS cluster: The actual Oracle Database instance.
- Storage that's required for Logical Partitions (LPARS).
- Cloud Object Storage is configured for backup.
Oracle Disaster Recovery that uses Oracle Data Guard
In this section, we look at how to use Oracle Database Enterprise edition and use the Oracle Data Guard feature for disaster recovery. We set up a database instance in IBM PowerVS primary region and secondary region and configure Data Guard failover for disaster recovery.
The following figure illustrates the reference architecture based on Oracle Data Guard.
- Two IBM Power Virtual Server environment regions, for example, FRA AZ1 (FRA02) and MAD AZ1 (MAD02).
- Oracle Database is installed on IBM Power Virtual Server LPARS in two separate Regions
- Oracle Database Enterprise Edition that includes Data Guard, is used to provide real-time replications across the two separate Oracle Databases in each region over a Global Transit Gateway.
- The primary region is Frankfurt and the secondary region is Madrid.
Deployment guidance
Review the key steps for setting up the Oracle Database and Data Guard in IBM Power Systems Virtual Server.
- Ensure that you have a proper connection that is established between your on-premises data center to IBM Power Systems virtual Server regions.
- Validate network connectivity
- Configure a private subnet
- Configure VPN for managed service team such as a Day 2 operation team needs VPN access
- Site to Site VPN for resiliency purpose
- Configure and integrate with VPC environment
- Create a primary LPARS that runs database servers. This includes both sites: primary and secondary.
- Create and attach disks for Oracle software that is provided by IBM PowerVS (tier 1)
- Optional: Importing a boot image
- Configure the operating system for Oracle (exact steps depending on the operating system)
- Install Oracle Database according to Oracle guidance and recommendations
- Install and configure the Oracle Data Guard software
As a best practice, create a non-production environment similar to a production setup, but non-production can have tier 3 storage and lower CPU as they don’t have high-performance requirements.
Network architecture guidance
This figure shows required network components from customer Data center to IBM Power Systems Virtual Server.
Make sure that you have a proper networking architecture and connection that is established from your on-premises data center to an IBM Power Systems virtual server workplace. Refer to guidance on IBM Cloud docs.
- Establish Direct 2.0 Link to VPC IBM Cloud account
- Enable Transit Gateway to connect PowerVS and VPC. Have the right VLAN created when you set up your account for VPC and PowerVS
- PowerVS Connection to global TGW
Design scope
This document provides design recommendations for an Oracle Database deployment on IBM Power Virtual Server environment to meet disaster recovery requirements. It covers the following resiliency patterns including cross-region disaster recovery of Oracle Database that uses Oracle Data Guard.
Following the Architecture Design Framework, the Oracle disaster recovery on IBM Power Virtual Systems Server architecture covers resiliency, design considerations, and architecture decisions for the following aspects and domains:
- Compute: Virtual Servers
- Storage: Primary Storage, Backup Storage
- Networking: Enterprise Connectivity, Segmentation and Isolation, Cloud Native Connectivity, Load Balancing, Domain Name System
- Security: Data Security, Identity and Access Management, Application Security, Infrastructure and Endpoint Security
- Resiliency: High Availability, Backup and Restore,
- Service Management: Monitoring, Logging, Auditing, Alerting
The Architecture Design Framework provides a consistent approach to design cloud solutions by addressing requirements across a set of aspects and domains, which are technology-agnostic architectural areas that need to be considered for any enterprise solution. For more information, see Introduction to the Architecture Design Framework.
Requirements
The following represents a baseline set of requirements that we believe are applicable to most clients and critical to successful Oracle Disaster Recovery deployment. This set of requirements are key considerations for a successful disaster recovery setup of power workloads and other co-existing applications in IBM Power Systems Virtual Server environments, IBM Cloud, and customer Data Centers.
Aspect | Requirements |
---|---|
Compute | Provide properly isolated compute resources with adequate compute capacity for the applications. |
Storage | Provide storage that meets the application and database performance requirements. |
Networking |
|
Security |
|
Resiliency |
Support application availability targets and business continuity policies.
|
Service Management |
|
Components
The common solution components that are listed in the following table are those components that are needed for both scenarios.
Aspects | Architecture components | How the component is used |
---|---|---|
Compute | VPC VSIs, IBM Power Virtual Server | Oracle Database, other non-Oracle application that is hosted on cloud Non-Oracle workloads that are run on x86 (VPC) and Oracle workloads runs on PowerVS |
Storage | Tier 1 Power Virtual Server Storage | Database servers storage |
Tier 3 Power Virtual Server Storage | Archive or backup storage | |
Cloud Object Storage | Backups and Logs (application, operational, and audit logs) | |
Block Storage | Block storage for VPC VSI images on x86 workloads | |
Networking | Transit Gateway | Connects across VPCs and PowerVS |
VPC Virtual Private Network (VPN) | Remote access to manage resources in a private network | |
Virtual Private Gateway & Virtual Private Endpoint (VPE) | Private network access to Cloud Services, for example Key Protect, Cloud Object Storage, and so on. | |
VPC Application Load Balancers | Application Load Balancing for web servers, app servers, and database servers | |
Public Gateway | For web server access to the internet | |
Cloud Internet Services (CIS) | Public Load balancing of web server traffic across zones in the region | |
DNS Services | Domain Name System (DNS) for Domain name resolution | |
Security | IAM | IBM Cloud Identity & Access Management |
BYO Bastion Host on VPC VSI with PAM SW | Remote access for administrative functions with Privileged Access Management | |
Virtual Private Clouds (VPCs), Subnets, Security Groups, ACLs Isolated PowerVS LPARs | Network Segmentation/Isolation for Power VS using PVS subnets. | |
Cloud Internet Services (CIS) | Public DDoS protection and Web App Firewall | |
Key Protect or HPCS | HSM and Key Management Service (KYOK) | |
Secrets Manager | Certificate and Secrets Management | |
Firewall: Fortigate Juniper vSRX Checkpoint Cloud Guard Palo Alto |
IPS/IDS protection at all ingress/egress points Unified Threat Management (UTM) Firewall | |
Service Management (Observability) | IBM Cloud Monitoring | Apps and operational monitoring |
IBM Cloud Logs | Apps and operational logs | |
IBM Cloud Logs | Audit logs |
As mentioned, the Architecture Framework is used to guide and determine the applicable aspects and domains for which architecture decisions need to be made based on customer requirements. The following sections in this deployment guide contain the considerations and architecture decisions for the aspects and domains that are contained in the PowerVS common elements for both Oracle resiliency solution patterns.