HELIOS BLOG

Helios Database Journey

Oracle Database Backup to OCI Object Storage — The Complete Guide for 2026

Object Storage is the right destination for Oracle Database backups in OCI environments. It’s dramatically cheaper than Block Volume for backup retention, it’s geographically redundant by default, and it integrates with RMAN through Oracle’s database cloud backup module. But “integrates with RMAN” covers a lot of ground — the configuration details matter, and the defaults are not always optimal. This post is the configuration guide I wish existed when I set up my first OCI Object Storage backup.

Why Object Storage Over Block Volume for Backups

The cost difference is significant. OCI Block Volume storage costs roughly $0.0255/GB-month. OCI Object Storage Standard tier costs $0.0244/GB-month — slightly less, but the real difference is in lifecycle management.

With Object Storage lifecycle policies, you can automatically transition backups to Archive Storage ($0.0026/GB-month — roughly 10x cheaper than Block Volume) after a defined period, and delete them after your retention window. Block Volume doesn’t have equivalent lifecycle management.

For a database with 1TB of backup data kept for 90 days:

  • Block Volume: ~$23/month
  • Object Storage with lifecycle (Standard 7 days, Archive 83 days): ~$4/month

For an environment with 20 databases, this difference is significant.

Installing and Configuring the Oracle Database Cloud Backup Module

The backup module (libopc.so on Linux) is the RMAN media management library that enables RMAN to write to OCI Object Storage.

bash

# Download the backup module from MOS (Doc ID 2748454.1)
# Or use OCI's built-in module path on DB Systems:
ls /opt/oracle/dcs/commonstore/pkgrepos/oss/odbcs/
# Create the OCI config file for RMAN
cat > /home/oracle/opc_rman.cfg << EOF
OPC_HOST=https://objectstorage.eu-frankfurt-1.oraclecloud.com
OPC_WALLET=(source=(METHOD=file)(METHOD_DATA=(DIRECTORY=/home/oracle/opc_wallet)))
OPC_CONTAINER=rman-backup-bucket
OPC_AUTH_SCHEME=AuthType=API_Keys
EOF
# Create OCI API key wallet
mkstore -wrl /home/oracle/opc_wallet -create
mkstore -wrl /home/oracle/opc_wallet -createCredential \
    'https://objectstorage.eu-frankfurt-1.oraclecloud.com' \
    'ocid1.user.oc1..aaa...' \
    '<your_api_key_fingerprint>'

On OCI DB Systems, Oracle provides Instance Principal authentication — no API key wallet needed. The DB System instance itself has an IAM policy granting it access to Object Storage:

bash

# Simpler config on OCI DB Systems using Instance Principal
cat > /home/oracle/opc_ip.cfg << EOF
OPC_HOST=https://objectstorage.eu-frankfurt-1.oraclecloud.com
OPC_CONTAINER=rman-backup-bucket
OPC_AUTH_SCHEME=AuthType=InstancePrincipal
EOF

Instance Principal is the recommended approach on OCI — no credentials to manage or rotate.

RMAN Configuration for Object Storage Backup

bash

# Configure RMAN channels for Object Storage
RMAN> CONFIGURE CHANNEL DEVICE TYPE SBT
      PARMS='SBT_LIBRARY=/opt/oracle/dcs/commonstore/pkgrepos/oss/odbcs/libopc.so,
      ENV=(OPC_PFILE=/home/oracle/opc_ip.cfg)';
# Set parallel channels based on your network bandwidth and instance count
RMAN> CONFIGURE DEVICE TYPE SBT PARALLELISM 4;
# Retention policy
RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 30 DAYS;
# Enable control file autobackup
RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON;
RMAN> CONFIGURE CONTROLFILE AUTOBACKUP FORMAT
      FOR DEVICE TYPE SBT TO '%F';
# Run a full backup
RMAN> BACKUP DEVICE TYPE SBT
      DATABASE PLUS ARCHIVELOG
      TAG 'WEEKLY_FULL';

Object Storage Lifecycle Policy for Backup Cost Optimization

Configure lifecycle rules in OCI Console (or CLI) to automatically manage backup retention:

bash

# Create lifecycle policy via OCI CLI
oci os object-lifecycle-policy put \
    --bucket-name rman-backup-bucket \
    --items '[
        {
            "name": "archive-old-backups",
            "action": "ARCHIVE",
            "objectNameFilter": {"inclusionPrefixes": ["rman/"]},
            "timeAmount": 7,
            "timeUnit": "DAYS",
            "isEnabled": true
        },
        {
            "name": "delete-expired-backups",
            "action": "DELETE",
            "objectNameFilter": {"inclusionPrefixes": ["rman/"]},
            "timeAmount": 90,
            "timeUnit": "DAYS",
            "isEnabled": true
        }
    ]'

Critical note: If you delete objects from Object Storage using lifecycle policies, RMAN’s catalog still thinks those backups exist. Run RMAN> CROSSCHECK BACKUP and RMAN> DELETE EXPIRED BACKUP after lifecycle policies clean up old objects, to keep the RMAN catalog in sync.

This is one of the most common mistakes in OCI backup setups — the lifecycle policy deletes backups that RMAN doesn’t know are gone, leading to catalog inconsistencies and restore failures.

Monitoring Backup Success — Don’t Trust Exit Codes Alone

sql

-- Check backup history from RMAN catalog / control file
SELECT session_key, input_type, status,
       start_time, end_time,
       input_bytes/1024/1024/1024 input_gb,
       output_bytes/1024/1024/1024 output_gb,
       output_device_type
FROM v$rman_backup_job_details
WHERE start_time > SYSDATE - 7
ORDER BY start_time DESC;
-- Check if archived logs are being backed up
SELECT sequence#, first_time, completion_time, backed_up
FROM v$archived_log
WHERE first_time > SYSDATE - 1
ORDER BY sequence#;
-- Verify Object Storage objects actually exist
-- (via OCI CLI, separate from RMAN)
oci os object list --bucket-name rman-backup-bucket \
    --prefix "rman/" --query "data[].name" | head -20

A complete backup monitoring strategy verifies both that RMAN reports success AND that the objects actually exist in the bucket. These can diverge if there are transient network issues or Object Storage API errors that RMAN doesn’t properly detect.

Gunes Erol adlı kullanıcının avatarı

Posted by:

Gunes Erol

http://apex.oracle.com/pls/otn/f?p=19297:4:1668120596920607::NO:4:P4_ID:4160

Yorum bırakın