About Replication Partners and Users Accounts

As part of a disaster recovery strategy, Recovery Appliance can replicate backups to other Recovery Appliances. Also, you can offload tape archival to a replicated Recovery Appliance, thereby freeing resources on the primary Recovery Appliance. Replication is driven by protection policy, which means that all databases associated with the policy are replicated, and it is fully automatic after the initial setup.

A requirement for replication between Recovery Appliances is that all associated databases are uniquely named across all replication Recovery Appliances.

Oracle requires that you create a replication user account exclusively for use with Recovery Appliance replication, and that you create a unique replication user account for each upstream appliance within the organization.

Replication Partners

Replication is simplified through the use of RA partners. The replication partnership is established using RACLI that automates common administrative tasks across partners which reduces the potential for human error and the need to remotely log into each system.

RACLI establishes the connection between two Recovery Appliances.

Replication User Accounts

The replication user needs to be defined on the downstream from either add_db/grant_db_access or register_tenant_user('repuser name', 1), which doesn't require using multi-tenancy.

Oracle recommends that the replication user account takes the form of REPUSER_FROM_[ZDLRA_DB_NAME or ZDLRA_DB_LOCATION]_TO_[ZDLRA_DB_NAME or ZDLRA_DB_LOCATION].

For example, if two Recovery Appliances have the DB_UNIQUE_NAME of ZDLRA1 and ZDLRA2, then the replication user accounts could be REPUSER_FROM_ZDLRA1_TO_ZDLRA2 and REPUSER_FROM_ZDLRA2_TO_ZDLRA1. Or if those same Recovery Appliances were in Florence and Vienna, then the replication user accounts could be REPUSER_FROM_FLORENCE_TO_VIENNA and REPUSER_FROM_VIENNA_TO_FLORENCE.

The replication user account is created with racli add db_user with --user_type=replication. The replication user account should not be used as a regular VPC user employed by protected databases to connect and send backups to the Recovery Appliance.

The following are important distinctions in the user accounts associated with replication.

RA Partner User

Operating System user who has a limited role enabling the creation, management, and health of a replication server used by RACLI.

One partner user is connected with one partner Recovery Appliance. It has restricted privileges based on the admin user.

RA Replication User

Database user that is created on downstream Recovery Appliance. Its credential is stored on upstream Recovery Appliance replication wallet.

Example: rep_user_from_<USDB>_to_<DSDB>

Certificates

Needed for TLS secure communication between upstream and downstream RA

RA Replication Wallet

Wallet that stores all replication user credentials, downstream Recovery Appliance’s certificates.

Replication Server

Replication server from upstream to downstream.

Example: rep_server_from_<USDB>_to_<DSDB>