Introduction to Oracle-Managed Disaster Recovery

Failover is the process in which a secondary (standby) instance takes over when the primary working instance fails. Oracle provides a disaster recovery solution that allows you to fail over quickly from natural or human disasters and provide business continuity in your secondary instance. You can also use this solution for planned migrations and switch between instances periodically. Oracle manages nearly all disaster recovery responsibilities automatically for you. Your administrative responsibilities are minimal.

Note:

Oracle-managed disaster recovery is a paid feature. Consult with your sales representative for details.

You don't need to worry about managing DNS changes, load balancing, design-time data synchronization between instances, object storage buckets, and other responsibilities. All message traffic is automatically forwarded to the correct instance. All messaging is bidirectional, meaning you can fail over from one instance to another, and back. Data synchronization between the two instances occurs automatically in near real time to minimize data loss.


Oracle Integration Clients appears at the top. Outbound arrows appear on the left and right sides of the label Oracle Integration Clients. The solid arrow on the left is labeled Primary. The dashed arrow on the right is labeled Secondary. Both arrows connect to separate boxes below, each labeled Oracle Integration. Each box has a subbox inside labeled Integrations. A bidirectional arrow labeled Oracle Synchronization connects between these two boxes. Inbound arrows appear on the bottoms of both Oracle Integration boxes. The solid arrow on the left box is labeled Primary. The dashed arrow on the right box is labeled Secondary. Both arrows are coming from a Connectivity Agent label.

At a high level, the Oracle-managed disaster recovery solution works as follows:
  1. You work in your primary instance (for example, in the Ashburn instance), which then fails and becomes unreachable.
  2. Your administrator logs in to the Oracle Cloud Infrastructure Console for your secondary instance (for example, in the Phoenix instance) and selects to fail over from the Ashburn instance to the Phoenix instance. No other administrator-initiated tasks are required for failover to complete.
  3. Once failover completes, you are prompted to log in to the new primary instance in a different region with the global (regionless) URL and resume work. Data synchronization has occurred in near real time between the two instances since you installed your disaster recovery solution. For this reason, any data loss is minimized.
  4. You work in the instance in Phoenix, which has become the primary instance, until the original primary instance in Ashburn is restored.
  5. Your administrator logs in to the Oracle Cloud Infrastructure Console in either the Ashburn instance or the Phoenix instance and selects to fail over from the Phoenix instance back to the Ashburn instance. No other administrator-initiated tasks are required for failover to complete.
  6. Once failover completes, you are prompted to log in to the instance in the Ashburn instance (which once again becomes the primary instance) and resume work. Because of data synchronization in near real time between the two instances, the data changes you made in the Phoenix instance are visible in the restored Ashburn primary instance.