3 Oracle Database High Availability Solutions for Unplanned Downtime

3.1 Oracle High Availability Solutions and Recovery for Unplanned Downtime

Oracle Database provides high availability solutions to prevent and reduce downtime for all types of unplanned failures.

Table 3-1 describes the various Oracle high availability solutions for unplanned downtime. The table shows how the features discussed in Section 3.2 through Section 3.19 can be used to address various causes of unplanned downtime. Also, see Table 7-4 for a summary of the attainable recovery times for all types of unplanned downtime for each Oracle high availability architecture.

^Footnote 1 Exadata Cell is compliant with the HARD initiative. In fact, Exadata Cell implements all of the HARD checks and because of its tight integration with Oracle Database, additional checks are implemented that are specific to Exadata Cell. Unlike other implementations of HARD checking, HARD checks with Exadata Cell operate completely transparently. You do not need to set parameters at the database or storage tier. The HARD checks transparently handle all cases, including Oracle ASM disk rebalance operations and disk failures.

3.2 Fast-Start Fault Recovery

Oracle Database provides fast and predictable recovery from system faults and database failures. The Fast-Start Fault Recovery technology included in Oracle Database automatically bounds instance recovery time at startup by using self-tuned checkpoint processing. This makes recovery time fast and predictable, and improves the ability to meet service-level objectives. The Oracle Fast-Start Fault Recovery feature can reduce recovery time on a heavily laden database from tens of minutes to a few seconds.

Fast-Start Fault Recovery features include:

• Predictable, bounded recovery from instance, database, and computer failures

• Database checkpointing that is self-tuning to maintain a desired recovery time objective

3.3 Oracle Restart

Oracle Restart is a new feature in Oracle 11g Release 2 (11.2) that enhances the availability of a single-instance (nonclustered) Oracle database and its components. Oracle Restart is used in single-instance environments only. For Oracle Real Application Clusters (Oracle RAC) environments, the functionality to automatically restart components is provided by Oracle Clusterware.

If you install Oracle Restart, it automatically restarts the database, the listener, and other Oracle components after a hardware or software failure or whenever the database's host computer restarts. It also ensures that the Oracle components are restarted in the proper order, in accordance with component dependencies.

Oracle Restart periodically monitors the health of components—such as SQL*Plus, the Listener Control utility (LSNRCTL), ASMCMD, and Oracle Data Guard—that are integrated with Oracle Restart. If the health check fails for a component, Oracle Restart shuts down and restarts the component.

Oracle Restart runs out of the Oracle Grid Infrastructure home, which you install separately from Oracle Database homes.

3.4 Oracle Real Application Clusters and Oracle Clusterware

Oracle RAC and Oracle Clusterware allow Oracle Database to run any packaged or custom application across a set of clustered servers. This capability provides the highest levels of availability and the most flexible scalability. If a clustered server fails, then Oracle Database continues running on the surviving servers. When more processing power is needed, you can add another server without interrupting access to data.

Oracle RAC enables multiple instances that are linked by an interconnect to share access to an Oracle database. In an Oracle RAC environment, Oracle Database runs on two or more systems in a cluster while concurrently accessing a single shared database. The result is a single database system that spans multiple hardware systems, enabling Oracle RAC to provide high availability and redundancy during failures in the cluster. Oracle RAC accommodates all system types, from read-only data warehouse systems to update-intensive online transaction processing (OLTP) systems.

Oracle Clusterware is software that, when installed on servers running the same operating system, enables the servers to be bound together to operate as if they are one server, and manages the availability of user applications and Oracle databases. Oracle Clusterware also provides all of the features required for cluster management, including node membership, group services, global resource management, and high availability functions:

• For high availability, you can place Oracle databases (single-instance or Oracle RAC databases), and user applications (Oracle and non-Oracle) under the management and protection of Oracle Clusterware so that the databases and applications restart when a process fails or so that a failover to another node occurs after a node failure.

• For cluster management, Oracle Clusterware presents multiple independent servers as if they are a single-system image or one virtual server. This single virtual server is preserved across the cluster for all management operations, enabling administrators to perform installations, configurations, backups, upgrades, and monitoring functions. Then, Oracle Clusterware automatically distributes the execution of these management functions to the appropriate nodes in the cluster.

Oracle Clusterware is a requirement for using Oracle RAC. Oracle Clusterware is the only clusterware that you need for most platforms on which Oracle RAC operates. Although Oracle Database continues to support third-party clusterware products on specified platforms, using Oracle Clusterware provides these main benefits:

• Dispenses with proprietary vendor clusterware

• Uses an integrated software stack from Oracle that provides disk management with Oracle Automatic Storage Management (Oracle ASM) to data management with Oracle Database and Oracle RAC

In addition, Oracle Database features, such as Oracle Service, use the underlying Oracle Clusterware mechanisms to provide their capabilities.

Oracle Clusterware requires two clusterware components: a voting disk to record node membership information and the Oracle Cluster Registry (OCR) to record cluster configuration information. The voting disk and the OCR must reside on shared storage. Oracle Clusterware requires that each node be connected to a private network over a private interconnect.

3.5 Oracle Data Guard

Oracle Data Guard ensures high availability, data protection, and disaster recovery for enterprise data. Oracle Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable Oracle databases to survive disasters and data corruptions. Oracle Data Guard maintains standby databases as transactionally consistent copies of the primary (production) database. Then, if the primary database becomes unavailable because of a planned or an unplanned outage, Oracle Data Guard can switch any standby database to the primary role, minimizing the downtime associated with the outage. Oracle Data Guard can be used with traditional backup, restoration, and cluster techniques to provide a high level of data protection and data availability.With Oracle Data Guard, administrators can optionally improve primary database performance by off-loading resource-intensive backup and reporting operations to standby systems.

A Oracle Data Guard configuration consists of one primary database and one or more standby databases. Using a backup copy of the primary database, you can create up to 30 standby databases and incorporate them in a Oracle Data Guard configuration. After the database is created, Oracle Data Guard automatically maintains each standby database by transmitting redo data from the primary database and then applying the redo data to the standby database.

3.6 Oracle Streams

Oracle Streams is a very flexible and powerful database feature that is used to implement fine-grained replication, multimaster replication, many-to-one replication, data transformation, hub-and-spoke replication, and message queuing.

Comparing Oracle Streams and Oracle Data Guard

Oracle Streams is designed for information sharing and it is the only technology that enables a globally distributed, update anywhere architecture. Oracle Streams enables highly customized replication strategies to satisfy the many varied uses of data replicated to a destination database. These same capabilities also make Oracle Streams a useful technology for addressing high availability and disaster recovery requirements and for minimizing planned downtime during upgrades to new database releases and patch sets.

Oracle Data Guard is designed for simple, one-way replication of an entire database expressly for maintaining a synchronized copy that can assume the primary role in a failure. Redo Apply (physical standby database) best exemplifies this notion of simplicity, as a disaster recovery solution that is both data type and application agnostic, and able to scale to very high levels of performance.

Although Oracle Data Guard also provides capabilities that enable a standby database to off-load from the primary database the overhead of performing backups, queries, and reports, these capabilities are ancillary to the primary mission of Oracle Data Guard, and are provided to increase your return on investment in high availability and disaster recovery.

To get additional value from a Oracle Data Guard configuration, you can use SQL Apply (logical standby database) to minimize planned downtime during upgrades to new database releases and patch sets.

Oracle Streams Messaging and Information Flow

Oracle Streams enables information sharing. In Oracle Streams, each unit of shared information is called a message, and you can share these messages in a stream. The stream can propagate information within a database or from one database to another.

For example, Figure 3-1 shows a Oracle Streams multimaster configuration where all sites are directly connected to all other sites participating in the replication environment. The multimaster configuration enables data to be replicated between all locations at a rate that is nearly matches the real-time rate of replication.

Figure 3-1 Oracle Streams Multimaster Configuration

Description of "Figure 3-1 Oracle Streams Multimaster Configuration"

Another example is the Oracle Streams 1-N, or hub-and-spoke configuration, in which changes made at the primary (hub) location are propagated to the remote (spoke) locations in a near real-time manner.

Although it is possible to configure a hub-and-spoke configuration for bidirectional replication, you may prefer to restrict updates to a single location—the hub—as shown in Figure 3-2. In query-intensive environments, you can still balance the load between multiple locations, with fast local access, whereas updates are restricted to the hub. By off-loading reporting to the spoke locations, you improve performance at the hub, or primary OLTP location. This type of configuration is easier to implement than multimaster replication because it is not necessary to establish connectivity between all locations in the replication environment and it is not necessary to implement a conflict resolution strategy.

Figure 3-2 Information Dissemination with Oracle Streams (1-N Configuration)

Description of "Figure 3-2 Information Dissemination with Oracle Streams (1-N Configuration)"

The stream routes specific information to specific destinations. The result is a feature that provides greater functionality and flexibility than traditional solutions for capturing and managing messages and sharing the messages with other databases and applications. Oracle Streams provides the capabilities needed to build and operate distributed enterprises and applications, data warehouses, and high availability solutions. You can use all of the capabilities of Oracle Streams at the same time. If your business requirements change, then you can implement a new capability of Oracle Streams without sacrificing existing capabilities.

Every Oracle Streams configuration has three phases: capture, stage (propagate), and consume (apply). Using Oracle Streams, you control what information is put into a stream, how the stream flows or is routed from database to database, what happens to messages in the stream as they flow into each database, and how the stream terminates. By configuring specific capabilities of Oracle Streams, you can address specific requirements. Based on your specifications, Oracle Streams can capture, stage, and manage messages in the database automatically, including, but not limited to, data manipulation language (DML) changes and data definition language (DDL) changes. You can also put user-defined messages into a stream, and Oracle Streams can propagate the information to other databases or applications automatically. When messages reach a destination, Oracle Streams can consume them based on your specifications.

Figure 3-3 shows the Oracle Streams information flow.

Figure 3-3 Oracle Streams Information Flow

Description of "Figure 3-3 Oracle Streams Information Flow"

With Oracle Streams, you can create a local or remote copy of a production database. If a human error or catastrophe occurs, you can use the copy to resume processing. You can use Oracle Streams to configure flexible high availability environments.

You can use the features of Oracle Streams to achieve little or no database downtime during database upgrade and maintenance operations. Maintenance operations include migrating a database to a different platform, migrating a database to a different character set, modifying database schema objects to support upgrades to user-created applications, and applying an Oracle software patch.

Figure 3-4 shows an application that explicitly enqueues and dequeues messages through Oracle Streams Advanced Queuing as a method of sharing information with business partners or customers with different messaging systems. After it is enqueued, messages can be transformed and propagated as desired, before being dequeued to a business partner's application that is a nondatabase-oriented messaging system.

Figure 3-4 Oracle Streams Message Queuing

Description of "Figure 3-4 Oracle Streams Message Queuing"

Benefits of Using Oracle Streams

Oracle Streams provides the following benefits:

• Data protection by maintaining a full or partial remote copy of the database

• Little or no downtime during database upgrade or maintenance operations such as migrating a database to a different platform or character set, modifying database objects to support upgrades to applications, and applying an Oracle software patch

• Data replication by capturing DML and DDL changes made to database objects and replicating these changes to one or more other databases

  A bidirectional replication environment, in which exactly two databases share the replicated database objects and data, is possible.

• Event management and notification by enqueuing messages or capturing events, propagating the messages and events through queues, and dequeuing and applying or acting upon the message or event (as shown in Figure 3-4)

• Heterogeneous platform support across databases in the configuration

• Character sets that can differ between replicas

• Fine-grained control of data sharing

3.7 Oracle Flashback Technology

Flashback technology provides a set of features to switch between views of the data as it existed at different points in time. Using flashback features, you can query past versions of schema objects and historical data. You can also perform change analysis and self-service repair to recover from logical corruption while the database is online.

Flashback technology provides a SQL interface to quickly analyze and repair human errors. Flashback technology provides fine-grained analysis and repair for localized damage such as deleting the wrong customer order. Flashback technology also enables correction of more widespread damage, yet does it quickly to avoid long downtime. Flashback technology is unique to Oracle Database and supports recovery at all levels including row, transaction, table, tablespace, and database.

Most of the flashback features use undo data, whereas other features (such as Flashback Database and Block Media Recovery) use flashback logs:

• Undo tablespace—A dedicated tablespace that stores only undo information when the database is run in automatic undo management mode.

• Flashback data archive—An archive that is stored in a tablespace and contains transactional changes to every record in a table for the duration of the record's lifetime. The archived data can be retained for much longer duration than the retention period offered by an undo tablespace.

• Flashback logs—Oracle-generated logs used to perform Flashback Database or block media recovery operations. The database can only write flashback logs to the fast recovery area. Flashback logs are written sequentially and are not archived. They cannot be backed up to disk.

The following sections describes the Flashback features:

3.8 Oracle Automatic Storage Management

Oracle ASM provides a vertically integrated file system and volume manager directly in the Oracle Database kernel, resulting in:

• Significantly less work to provision database storage

• Higher level of availability

• Elimination of the expense, installation, and maintenance of specialized storage products

• Unique capabilities for database applications

For optimal performance, Oracle ASM spreads files across all available storage. To protect against data loss, Oracle ASM extends the concept of SAME (stripe and mirror everything) and adds more flexibility as it can mirror at the database file level rather than the entire disk level.

More importantly, Oracle ASM simplifies the processes of setting up mirroring, adding disks, and removing disks. Instead of managing hundreds and possibly thousands of files (as in a large data warehouse), DBAs using Oracle ASM create and administer a larger-grained object called a disk group. The disk group identifies the set of disks that are managed as a logical unit. Automation of file naming and placement of the underlying database files save administrators time and ensure adherence to standard best practices.

The Oracle ASM native mirroring mechanism (two-way or three-way) protects against storage failures. With Oracle ASM mirroring, you can provide an additional level of data protection with the use of failure groups. A failure group is a set of disks sharing a common resource (disk controller or an entire disk array) whose failure can be tolerated. After it is defined, an Oracle ASM failure group intelligently places redundant copies of the data in separate failure groups. This ensures that the data is available and transparently protected against the failure of any component in the storage subsystem.

Oracle ASM provides the following benefits:

• Provides the ability to mirror and stripe across drives and storage arrays

• Automatically remirrors from a failed drive to remaining drives

• Automatically rebalances stored data when disks are added or removed while the database remains online

• Supports Oracle database files and non-database files using Automatic Storage Management File Systems (ASMFS).

• Allows for operational simplicity in managing database storage

• Manages the Oracle Cluster Registry (OCR) and voting disks

• Provides preferred read capability on disks that are local to the instance, which gives better performance for an extended cluster

• Supports very large databases

• Supports Oracle ASM rolling upgrades

• Supports finer granularity in tuning and security

• Provides fast repair after a temporary disk failure through Oracle ASM Fast Mirror Resync and automatic repair of block corruptions if good copy exists in one of the mirrors

3.9 Fast Recovery Area

The fast recovery area, previously referred to as a flash recovery area, is a unified storage location for all recovery-related files and activities in Oracle Database. After this feature is enabled, all RMAN backups, archived redo log files, control file autobackups, flashback logs, and data file copies are automatically written to a specified file system or Oracle ASM disk group, and the management of this disk space is handled by RMAN and the database server.

Performing a backup to disk is faster because using the fast recovery area eliminates the bottleneck of writing to tape. More importantly, if database media recovery is required, then data file backups are readily available. Restoration and recovery time is reduced because you do not need to find a tape and a free tape device to restore the needed data files and archived redo log files.

The fast recovery area provides the following benefits:

• Unified storage location of related recovery files

• Management of the disk space allocated for recovery files, which simplifies database administration tasks

• Fast, reliable, disk-based backup and restoration

• Ability to back up and restore the entire fast recovery area

• Ability to tolerate failures to the fast recovery area

3.10 Recovery Manager

RMAN is an Oracle utility to manage database backup and, more importantly, the recovery of the database. RMAN eliminates operational complexity while providing superior performance and availability of the database.

RMAN determines the most efficient method of executing the requested backup, restoration, or recovery operation and then submits these operations to the Oracle Database server for processing. RMAN and the server automatically identify modifications to the structure of the database and dynamically adjust the required operation to adapt to the changes.

RMAN provides the following benefits:

• Automatic channel failover on backup and restore operations

• Automatic failover to a previous backup when the restore operation discovers a missing or corrupt backup

• Automatic creation of new database files and temporary files during recovery

• Automatic recovery through a previous point-in-time recovery—recovery through resetlogs

• Block media recovery, which enables the data file to remain online while fixing the block corruption

• Fast incremental backups using block change tracking

• Fast backup and restore operations with intrafile and interfile parallelism

• Enhanced security with virtual private catalog

• Lower space consumption when creating a database over the network by eliminating staging areas

• Merger of incremental backups into image copies in the background, providing up-to-date recoverability

• Optimized backup and restore of required files only

• Retention policy to ensure that relevant backups are retained

• Ability to resume backup and restore of previously failed operations

• Automatic backup of the control file and the server parameter file, ensuring that backup metadata is available in times of database structural changes and media failure and disasters

• Online backup that does not require you to place the database into hot backup mode

  See Also:

  Oracle Database Backup and Recovery User's Guide

3.11 Data Recovery Advisor

Data Recovery Advisor automatically diagnoses persistent (on-disk) data failures, presents appropriate repair options, and runs repair operations at your request.

You can use Data Recovery Advisor to troubleshoot:

• Primary databases, logical standby databases, and snapshot standby databases

• Physical standby database and Oracle RAC databases

  Data Recovery Advisor only takes the presence of a physical standby database into account when recommending repair strategies.

Data Recovery Advisor includes the following functionality:

• Failure diagnosis

  The first symptoms of database failure are usually error messages, alarms, trace files and dumps, and failed health checks. Assessing these symptoms can be complicated, error-prone, and time-consuming. Data Recovery Advisor automatically diagnoses data failures and informs you about them.

• Failure impact assessment

  After a failure is diagnosed, you must understand its extent and assess its impact on applications before devising a repair strategy. Data Recovery Advisor automatically assesses the impact of a failure and displays it in an easily understood format.

• Repair generation

  Even if a failure has been diagnosed correctly, selecting the right repair strategy can be error prone and stressful. Moreover, there is often a high penalty for making poor decisions in terms of increased downtime and loss of data. Data Recovery Advisor automatically determines the best repair for a set of failures and presents it to you.

• Repair feasibility checks

  Before presenting repair options, Data Recovery Advisor validates them with respect to the specific environment and availability of media components required to complete the proposed repair.

• Repair automation

  If you accept the suggested repair option, Data Recovery Advisor automatically performs the repair, verifies that the repair was successful, and closes the appropriate failures.

• Validation of data consistency and database recoverability

  Data Recovery Advisor can validate the consistency of your data, and backups and redo stream, whenever you choose.

• Early detection of corruption

  Through Health Monitor, you can schedule periodic runs of Data Recovery Advisor diagnostic checks to detect data failures before a database process executing a transaction discovers the corruption and signals an error. Early warnings can limit the damage caused by corruption.

• Integration of data validation and repair

  Data Recovery Advisor is a single tool for data validation and repair.

3.12 Oracle Secure Backup

Oracle Secure Backup is a centralized tape backup management solution providing heterogeneous data protection in distributed UNIX, Linux, Windows, and Network Attached Storage (NAS) Environments. By protecting file system and Oracle Database data, Oracle Secure Backup provides a complete tape backup solution for your IT environment.

Oracle Secure Backup is tightly integrated with RMAN to provide the media management layer for RMAN, supporting releases since Oracle9i. With optimized integration points, Oracle Secure Backup and RMAN provide the fastest and most efficient tape backup capability for Oracle Database.

You can back up distributed servers to local and remote tape devices from a central Oracle Secure Backup administrative server using backup policies, calendar-based scheduling for lights out operations, or on-demand backup for immediate requirements. With its highly scalable client/server architecture, Oracle Secure Backup provides local and remote data protection, using Secure Sockets layer (SSL) for secure intradomain communication and two-way server authentication.

Oracle Secure Backup provides the following benefits:

• Optimized tape backup for Oracle Database by backing up only the currently used blocks and increasing backup performance by 10% to 25%

• Policy-based management that allows backup administrators to exercise precise control over the backup domain

• Dynamic drive sharing for increased tape resource use

• Heterogeneous Storage Area Network (SAN) support allowing NAS, UNIX, Windows, and Linux to share tape drives and media

• File system backup at the file, directory, file system or raw partition level with full, incremental, and offsite backup scheduling

• Integration with Oracle Enterprise Manager, providing an intuitive, familiar interface

• Backup encryption to tape

• Broad tape-device support for new and legacy tape devices in SAN and SCSI environments

• Network Data Management Protocol (NDMP) support for highly efficient backup of NAS files

• Scalable, low-cost licensing model that reduces IT costs and operational considerations

3.13 Oracle Security Features

The best protection against human errors is to prevent their occurrence. The best way to prevent human errors is to restrict user access to only those data and services truly needed to perform business functions. Oracle Database provides a wide range of security tools to control access to application data by authenticating database users and then enabling administrators to grant them only those privileges required to perform their duties.

In addition, the Oracle Database security model provides the ability to restrict data access at a row level using Virtual Private Database, thereby further isolating database users from data that they do not need to access.

Oracle Database provides the following security benefits:

• Authentication control to validate the identities of entities using networks, databases, and applications. Network sessions between databases, such as redo transport sessions, are also authenticated.

• Authorization control to provide limits to access and actions linked by database user identities and roles.

• Access control to objects, providing protection regardless of the entity seeking to access or alter them.

• Auditing control to monitor and gather data about specific database activities, investigate suspicious activity, deter users (or others) from inappropriate activities, and detect problems with authorization or access control implementation.

• Security policy management using profiles.

• Encryption of data residing in the database and backups, or transferred to and from databases.

3.14 LogMiner

Oracle log files contain useful information about the activities and history of Oracle Database. Log files contain all data necessary to perform database recovery, and also record all changes made to the data and metadata in the database.

LogMiner is a fully relational tool that allows redo log files to be read, analyzed, and interpreted using SQL. Using LogMiner, you can analyze log files to:

• Track or audit changes to data

• Provide supplemental information for tuning and capacity planning

• Retrieve critical information for debugging complex applications

• Recover deleted data

• Provide additional browser-based simplification to help troubleshoot and resolve logical failures

LogMiner features include:

• Pinpointing when a logical corruption to the database—such as errors made at the application level—may have occurred

• Determining the necessary actions to perform fine-grained recovery at the transaction level

• Providing performance tuning and capacity planning through trend analysis

• Auditing

3.15 Oracle Exadata Storage Server Software (Exadata Cell)

Oracle Storage Grid using Exadata. Oracle Exadata Storage Server Software is a storage product that is highly optimized for use with Oracle Database. Oracle Exadata Storage Server Software, also referred to as Exadata Cell, is used to store and access Oracle Database. It runs the Exadata Cell software. It can be used in addition to traditional storage arrays and products. Exadata Cell provides database-aware storage services, such as the ability to offload database processing from the database server, while remaining transparent to SQL processing and database applications.

The Oracle Storage Grid is implemented using either Oracle ASM and Oracle Exadata Storage Server Software or Oracle ASM and third-party storage. The Oracle Storage Grid with Exadata provides seamless support for MAA-related technology, improves performance, provides unlimited I/O scalability, is straightforward to use and manage, and delivers mission-critical availability and reliability to your enterprise. Also, Exadata Cell is the most comprehensive solution, to prevent corruptions from being written to disk, and it is HARD compliant. Also, Exadata Cell with the DB_ULTRA_SAFE=DATA_AND_INDEX initialization parameter provides the most comprehensive solution to prevent corruptions from being written to disk, and Exadata Cell is HARD complaint. For HARD compliance, you will require a minimum setting of DB_BLOCK_CHECKSUM=TYPICAL.

3.16 Oracle Database File System (DBFS)

Oracle Database File System (DBFS) creates a standard file system interface on top of files and directories that are stored in database tables. Oracle DBFS is similar to the Network File System (NFS) protocol in that it provides a shared network file system that looks like a local file system.

Similar to NFS, there is a server component and a client component. The server is Oracle Database and files are stored as SecureFile LOBs in a database table. Because the files are stored in the database you inherit the high availability and disaster-recovery protection Oracle Database offers, providing a full stack disaster-recovery solution. The implementation of the file system in the database is called the DBFS Content Store and allows each database user to create one or more file systems that can be mounted by clients. Each file system has its own dedicated tables that hold the file system content. A set of PL/SQL procedures implement file system access (such as CREATE, OPEN, READ, WRITE, and LIST DIRECTORY) to the database.

Oracle DBFS provides the following benefits:

• The ability to store both non-structured and structured data in the same database.

  This allows you to perform backups and synchronous point-in-time recovery of both types of data.

  Oracle DBFS provides the ability to store unstructured content in the database by presenting an NFS-like file system to the client. The file system itself is stored in a tablespace in Oracle Database. The database storage aspect is transparent to the client because it appears as a traditional NFS mounted file system with the same functionality, but DBFS provides the ability to store any type of file directly in the database—such as logs or generated reports—that you would normally store in a file system.

• Clustered file system capability with a lightweight process.

  You can mount Oracle DBFS on multiple client machines (database servers, mid-tiers) and therefore the file system can also be available for use as a clustered file system. A lightweight process is started on each client machine to make the file system accessible. This process uses the FUSE (Filesystem in Userspace) API to implement the file system access.

• Fast and transparent client failover of both file system and database operations (full stack disaster recovery).

  The process on the client systems is OCI based. Thus, clients can take advantage of FAN and Fast Connection Failover capabilities using the same service-based connection methods.

3.17 Client Failover

A highly available architecture must achieve fast database and client failover:

• Database failover to a designated, synchronized standby database must occur quickly, and reliably in the event of loss of the primary database.

• Client failover must enable middle-tier applications (or any client program that connects directly to a database) to quickly and seamlessly fail over to an available database service when the primary database service is unavailable.

Client failover encompasses failure notification, previous connection cleanup, automatic reconnection, and possible query replay. Until Oracle Database 10g Release 2 (10.2), automatic, fast, and transparent client failover (at the session level) has been difficult to achieve for all client types and for all failures.Client failover provides the capability to integrate automatic database failover with failover procedures at the middle tier to automatically redirect clients and applications to the new primary database at the standby location within seconds of failover, providing an end-to-end solution for achieving business continuity.

3.18 Automatic Block Repair

Automatic block repair allows corrupt data blocks to be automatically repaired as soon as the corruption is detected. This feature reduces the amount of time that data is inaccessible due to block corruption. This reduces block recovery time by using up-to-date good blocks in real-time, as opposed to retrieving blocks from disk or tape backups, or from Flashback logs.

You can also manually repair a corrupted data block by using the RMAN RECOVER BLOCK command. This command searches several locations for an uncorrupted copy of the data block. By default, one of the locations is any available physical standby database that is operating in real-time query mode. You can use the EXCLUDE STANDBY option of the RMAN RECOVER BLOCK command to exclude physical standby databases as a source for replacement blocks.

3.19 Corruption Prevention, Detection, and Repair

Starting in Oracle Database 11g Release 2 (11.2), the primary database automatically attempts to repair the corrupted block in real time by fetching a good version of the same block from a physical standby database.

Also, Exadata Cell is the most comprehensive solution to prevent corruptions from being written to disk, and it is Hardware Assisted Resilient Data (HARD) compliant. HARD uses block checking where the storage subsystem validates the Oracle block contents, and it can detect corruption early and prevent corrupted data from being written to disk. See Section 3.15 for more information about Exadata Cell and HARD.

Before Oracle Database 11g, block corruptions detected by RMAN were recorded in V$DATABASE_BLOCK_CORRUPTION. Beginning with Oracle Database 11g, several database components and utilities in addition to RMAN can detect a corrupt block and record it in that view. Oracle Database automatically updates this view when block corruptions are detected or repaired (for example, using block media recovery or data file recovery). Block corruptions are now discovered sooner.

You must use the DB_ULTRA_SAFE initialization parameter to automatically configure the appropriate data protection block checking level in the database. The performance impact may vary depending on the application and available system resources, but the effect can vary from 1% to 10%.

The DB_ULTRA_SAFE initialization parameter:

• Controls the setting of other related initialization parameters, including DB_BLOCK_CHECKING, DB_BLOCK_CHECKSUM, and DB_LOST_WRITE_PROTECT

• Controls other data protection behavior in Oracle Database, such as requiring Oracle ASM to perform sequential mirror writes

By making it possible to detect data corruptions in a timely manner, these features provide critical high availability benefits for Oracle Database.