This section describes the RACLI tasks for establishing replication between two Recovery Appliances, the upstream (RA1) and the downstream (RA2). Most of the tasks are performed on the upstream (RA1) with an admin_user account.

Many of the early tasks may have already been completed, if backups to the Recovery Appliance were configured and in operation. However, the tasks would be required if this were a fresh installation that configures for the first time backups and the replication.

The replication user and replication wallet are managed within racli create replication_server and racli delete replication_server. The Recovery Appliance partner user manages the replication user, replication wallet, and replication server parameters.

Upon completion of this, the client database sends its backups to the upstream (RA1). RA1 as part of replication sends those backups to the downstream (RA2) as well.

A partnership between Recovery Appliance allows remote management with limited privileges on RACLI commands. A partnership is mainly used for replication management, rack migration, and status checking.

Task 1: Make sure the ports are open

Make sure the ports are open. From RA1 with the path to RA2, try the SSH command:

ssh <RA2>

From RA2 with the path to RA1, try the SSH command:

ssh <RA1>

(Guidance only) Task 2: Create the admin_user user types needed for replication.

If you don't already have admin_user and if root authentication is not preferred, you need to create admin_user user type for replication to use.

Both Recovery Appliances require an admin_user (an OS user), preferably named the same.

On both the upstream (RA1) and the downstream (RA2), run:

racli add admin_user --user_name=REPL_ADMIN_NAME 

You are prompted for a password, which has no special requirements for the admin_user password.

Verify that the admin_user was created. On each Recovery Appliance, run::

racli list admin_user

Task 3: Create a partnership between two Recovery Appliances.

For one-way replication, create the partner connection on the upstream (RA1) to the downstrea (RA2) --admin_user credentials.

racli add ra_partner --target_host=<RA2> 
[--partner_user=REPL_PARTNER_RA1 --partner_uid=UID] 
--admin_user=REPL_ADMIN_NAME --admin_key=VALUE

• --target_host specifies the fully qualified domain name (FQDN) of the first compute node from the downstream Recovery Appliance. If running command from upstream RA1, the --target_host is RA2.
• --partner_user specifies the designated partner's name. This is optional and the default value is rapartner. The same partner user is created on both Recovery Appliances.
• --partner_uid specifies the numeric user id (UID) for the partner user. The UID value needs to be less than 3000 for cloud system.
• --admin_user specifies the administrative user, which was created in task 1. It can be either root or any admin user with access to RA2 with a password or SSH key. Required for cloud-based instances, but optional for on-premise.
• --admin_key specifies the admin user SSH key, which was obtained in task 1. Required for cloud-based instances or when an --admin_user is specified.

Only --target_host is required, which is first compute node full name of downstream Recovery Appliance (RA2). This command only needs to be run on one Recovery Appliance. It will create partner objects on both Recovery Appliances automatically

Task 4: Create a replication server.

This operation is run from the upstream Recovery Appliance (RA1). The credential information for the downstream RA2 replication user is put into the replication wallet for the upstream RA1.

Operations performed by this command:

• Add Replication user on RA2 Create Replication wallet on RA1

• TNS update

• Export certificate from RA2 if RA2 is TLS enabled

• Import certificate into RA1 wallets if RA2 is TLS enabled

• Create Replication server on RA1

• If --type=bidirectional, all of the above operations are repeated in the opposite direction.

racli create replication_server --target_host=PATH2TARGET 
[--type=bidirectional] 

• --target_host specifies full path to the first node of the target Recovery Appliance to be paired.
• --type=bidirectional specifies two-way replication. If one-way replication is needed, do not provide this argument.

The command racli list listener provides information on whether TCP or TCPS is used.

Example 1: Two-way replication.

racli create replication_server --target_host=<RA2> --type=bidirectional

Example 2: One-way replication with TLS enabled on only the downstream Recovery Appliance.

racli create replication_server --target_host=<RA2>

Example 2: Two-way replication with TLS enabled on only the downstream Recovery Appliance.

racli create replication_server --target_host=<RA2> --type=bidirectional

(Guidance only) Task 5: Add protected databases.

The database needs to be added to both the upstream and downstream Recovery Appliance protection policies. The upstream should already have the database added, because it should already receive backups from the client.

At least one database has to be added to the protection policy before enabling replication.

If the database has not been assigned a protection policy by other means (DBMS_RA API or Enterprise Manager Cloud Control), then issue a command similar to.

racli add protected_db --db_unique_name=<yourDB>  
--protection_policy_name=<YOUR_POLICY> --reserved_space=10G

(Guidance only) Task 6: Grant protected database access

For one-way and two-way replication, run this on the upstream Recovery Appliance to grant access.

racli grant db_access --db_unique_name=test_db --username=rep_user_from_radb01_to_radb02 

Additionally for two-way replication, run from the downstream RA2:

racli grant db_access --db_unique_name=test_db --username=rep_user_from_radb02_to_radb01 

The command racli list replication_server provides the replication user names.

Task 7: Login to the client machine or Exadata Database.

The database needs to be registered and a backup has to be run. To validate whether a backup has been run or not, follow these steps.

racli list protected_db [ --db_unique_name=DB_NAME | --all ] [ --long ]
 
 
Created log /opt/oracle.RecoveryAppliance/log/racli_list_protected_db.log​
Thu Nov  6 18:06:13 2025: Start: List Protected Database ​
DEMO_DB ​
DB UNIQUE NAME:                exadb1
DB KEY:                        5678
DBID:                          1234
TENANT NAME:                   DEFAULT_TENANT ​
TENANT IDENTIFIER:             0 ​
POLICY NAME:                   REPL_PROD_RA01_to_RA02 ​
SPACE USAGE:                   789
ACTIVE INCIDENT COUNT:         0​
Thu Nov  6 18:06:13 2025: End:List Protected Database​

Check the output:

• SPACE USAGE should not be 0
• DB KEY should not be null

Task 8: Add replication server

For one-way and two-way replication, run this on the upstream Recovery Appliance.

racli list replication_server
racli add replication_server 
--replication_server_name=<REPL_SERVER> --protection_policy_name=<YOUR_POLICY>

racli list replication_server

racli add replication_server 
--replication_server_name=<REPL_SERVER> --protection_policy_name=<YOUR_POLICY>

• --replication_server_name use the output from racli list replication_server
• --protection_policy_name use the protection policy specified in an earlier task.

The very first time replication is set up, issue the commands to stop and start the replication server.

racli stop replication_server --replication_server_name=rep_server_from_radb02_to_radb01
 
racli start replication_server --replication_server_name= rep_server_from_radb02_to_radb01