IBM Cloud Docs
Oracle Database Disaster Recovery on IBM PowerVS Cross Region

Oracle Database Disaster Recovery on IBM PowerVS Cross Region

Architecture diagram

The reference architecture covers a solution overview and details on how to design an Oracle Disaster recovery deployable architecture on IBM Power Virtual Server environment.

This reference architecture assumes that there are more non-Oracle Database x86 workloads that are hosted in the IBM Cloud VPC environment. The key components outlined here are required for an Oracle Database deployment on Power Virtual Server and x86 workloads on VPC in two IBM regions.

The following figure describes an architecture approach for deploying a disaster recovery solution for Oracle Database across IBM PowerVS regions.

Oracle Disaster Recovery Solution options across two IBM Power Virtual Server environment regions
Oracle Disaster Recovery Solution

Deploying environments in this reference architecture

  • VPC environment

    • Edge VPC cluster: Hosts security components, firewall, and other edge services that are essential for a secure environment.
    • Management VPC cluster: Hosts all the management tool stacks that are needed to manage VPC and PowerVS environments.
    • Workload VPC cluster: The location where the IBM VPC virtual server instance (VSI) workloads are hosted(includes x86 workloads).
    • Transit gateway: Used to connect VPC and Power Virtual workspace.
    • Direct Link: Used to connect to IBM Cloud from the customer’s existing data center and other regional offices.
    • VPN connection: The connection for managed services to provide cloud-managed operations.
    • Load Balancer: An option if the customer needs a private application load balancer.
    • Cloud internet Service: An option if public global load balancing or DDoS services are needed.
    • Virtual Private end points: Used for connecting to IBM Cloud services over the private network such as Event Streams or Cloud Object Storage.
    • Monitoring tools: Tools include IBM Cloud Logs and IBM Cloud Monitoring.
    • Backup Environment through IBM Storage Protect or Veeam
  • Power VS Environment

    • Workload Power VS cluster: The actual Oracle Database instance.
    • Storage that's required for Logical Partitions (LPARS).
    • Cloud Object Storage is configured for backup.

Oracle Disaster Recovery that uses Oracle Data Guard

In this section, we look at how to use Oracle Database Enterprise edition and use the Oracle Data Guard feature for disaster recovery. We set up a database instance in IBM PowerVS primary region and secondary region and configure Data Guard failover for disaster recovery.

The following figure illustrates the reference architecture based on Oracle Data Guard.

  • Two IBM Power Virtual Server environment regions, for example, FRA AZ1 (FRA02) and MAD AZ1 (MAD02).
  • Oracle Database is installed on IBM Power Virtual Server LPARS in two separate Regions
  • Oracle Database Enterprise Edition that includes Data Guard, is used to provide real-time replications across the two separate Oracle Databases in each region over a Global Transit Gateway.
  • The primary region is Frankfurt and the secondary region is Madrid.

Oracle Disaster Recovery across different IBM PowerVS regions that uses Oracle Data Guard
Oracle Disaster Recovery across regions

Deployment guidance

Review the key steps for setting up the Oracle Database and Data Guard in IBM Power Systems Virtual Server.

As a best practice, create a non-production environment similar to a production setup, but non-production can have tier 3 storage and lower CPU as they don’t have high-performance requirements.

Network architecture guidance

IBM Power Virtual server environment networking topology
IBM Power Virtual server environment networking topology

This figure shows required network components from customer Data center to IBM Power Systems Virtual Server.

Make sure that you have a proper networking architecture and connection that is established from your on-premises data center to an IBM Power Systems virtual server workplace. Refer to guidance on IBM Cloud docs.

  1. Establish Direct 2.0 Link to VPC IBM Cloud account
  2. Enable Transit Gateway to connect PowerVS and VPC. Have the right VLAN created when you set up your account for VPC and PowerVS
  3. PowerVS Connection to global TGW

Design scope

This document provides design recommendations for an Oracle Database deployment on IBM Power Virtual Server environment to meet disaster recovery requirements. It covers the following resiliency patterns including cross-region disaster recovery of Oracle Database that uses Oracle Data Guard.

Following the Architecture Design Framework, the Oracle disaster recovery on IBM Power Virtual Systems Server architecture covers resiliency, design considerations, and architecture decisions for the following aspects and domains:

  • Compute: Virtual Servers
  • Storage: Primary Storage, Backup Storage
  • Networking: Enterprise Connectivity, Segmentation and Isolation, Cloud Native Connectivity, Load Balancing, Domain Name System
  • Security: Data Security, Identity and Access Management, Application Security, Infrastructure and Endpoint Security
  • Resiliency: High Availability, Backup and Restore,
  • Service Management: Monitoring, Logging, Auditing, Alerting

Oracle resiliency architecture design scope
Architecture Design Framework

The Architecture Design Framework provides a consistent approach to design cloud solutions by addressing requirements across a set of aspects and domains, which are technology-agnostic architectural areas that need to be considered for any enterprise solution. For more information, see Introduction to the Architecture Design Framework.

Requirements

The following represents a baseline set of requirements that we believe are applicable to most clients and critical to successful Oracle Disaster Recovery deployment. This set of requirements are key considerations for a successful disaster recovery setup of power workloads and other co-existing applications in IBM Power Systems Virtual Server environments, IBM Cloud, and customer Data Centers.

Requirements
Aspect Requirements
Compute Provide properly isolated compute resources with adequate compute capacity for the applications.
Storage Provide storage that meets the application and database performance requirements.
Networking
  • Deploy workloads in an isolated environment and enforce information flow policies.
  • Provide secure, encrypted connectivity to the cloud’s private network for management purposes.
  • Distribute incoming application requests across available compute resources.
  • Provide public and private DNS resolution to support the use of hostnames instead of IP addresses.
Security
  • Ensure that all operator actions are run securely through a bastion host.
  • Protect the boundaries of the application against denial-of-service and application-layer attacks.
  • Encrypt all application data in transit and at rest to protect it from unauthorized disclosure.
  • Encrypt all backup data to protect it from unauthorized disclosure.
  • Encrypt all security data (operational and audit logs) to protect from unauthorized disclosure.
  • Encrypt all data by using customer-managed keys to meet regulatory compliance requirements for more security and customer control.
  • Protect secrets through their entire lifecycle and secure them using access control measures.
Resiliency

Support application availability targets and business continuity policies.

  • Provide highly available compute, storage, network, and other cloud services to handle application load and performance requirements.
  • Backup application data to enable recovery if unplanned outages occur.
  • Provide highly available storage for security data (logs) and backup data.
Service Management
  • Monitor system and application health metrics and logs to detect issues that might impact the availability of the application.
  • Generate alerts/notifications about issues that might impact the availability of applications to trigger appropriate responses to minimize downtime.
  • Monitor audit logs to track changes and detect potential security problems.
  • Provide a mechanism to identify and send notifications about issues that are found in audit logs.

Components

The common solution components that are listed in the following table are those components that are needed for both scenarios.

Components
Aspects Architecture components How the component is used
Compute VPC VSIs, IBM Power Virtual Server Oracle Database, other non-Oracle application that is hosted on cloud Non-Oracle workloads that are run on x86 (VPC) and Oracle workloads runs on PowerVS
Storage Tier 1 Power Virtual Server Storage Database servers storage
Tier 3 Power Virtual Server Storage Archive or backup storage
Cloud Object Storage Backups and Logs (application, operational, and audit logs)
Block Storage Block storage for VPC VSI images on x86 workloads
Networking Transit Gateway Connects across VPCs and PowerVS
VPC Virtual Private Network (VPN) Remote access to manage resources in a private network
Virtual Private Gateway & Virtual Private Endpoint (VPE) Private network access to Cloud Services, for example Key Protect, Cloud Object Storage, and so on.
VPC Application Load Balancers Application Load Balancing for web servers, app servers, and database servers
Public Gateway For web server access to the internet
Cloud Internet Services (CIS) Public Load balancing of web server traffic across zones in the region
DNS Services Domain Name System (DNS) for Domain name resolution
Security IAM IBM Cloud Identity & Access Management
BYO Bastion Host on VPC VSI with PAM SW Remote access for administrative functions with Privileged Access Management
Virtual Private Clouds (VPCs), Subnets, Security Groups, ACLs Isolated PowerVS LPARs Network Segmentation/Isolation for Power VS using PVS subnets.
Cloud Internet Services (CIS) Public DDoS protection and Web App Firewall
Key Protect or HPCS HSM and Key Management Service (KYOK)
Secrets Manager Certificate and Secrets Management
Firewall:
Fortigate
Juniper vSRX
Checkpoint Cloud Guard
Palo Alto
IPS/IDS protection at all ingress/egress points Unified Threat Management (UTM) Firewall
Service Management (Observability) IBM Cloud Monitoring Apps and operational monitoring
IBM Cloud Logs Apps and operational logs
IBM Cloud Logs Audit logs

As mentioned, the Architecture Framework is used to guide and determine the applicable aspects and domains for which architecture decisions need to be made based on customer requirements. The following sections in this deployment guide contain the considerations and architecture decisions for the aspects and domains that are contained in the PowerVS common elements for both Oracle resiliency solution patterns.