| Oracle® Database Conc
epts 10g Release 1 (10.1) Part Number B10743-01 |
|
|
View PDF |
| Oracle® Database Conc
epts 10g Release 1 (10.1) Part Number B10743-01 |
|
|
View PDF |
Backup and recov ery procedures protect your database against data loss and reconstruct the data, should loss occur. The reconstructing of data is ach ieved through media recovery, which refers to the various operations involved in restoring, rolling forward, and rolling back a backu p of database files. This chapter introduces concepts fundamental to designing a backup and recovery strategy.
This chapter co ntains the following topics:
A backup is a copy of dat a. This copy can include important parts of the database, such as the control file and datafiles. A backup is a safeguard against une xpected data loss and application errors. If you lose the original data, then you can reconstruct it by using a backup.
Backup s are divided into physical backups and logical backups. Physical backups, which are the primary concern in a backup and recovery str ategy, are copies of physical database files. You can make physical backups with either the Recovery Manager (RMAN) utility or operat ing system utilities. In contrast, logical backups contain logical data (for example, tables and stored procedures) extracted with an Oracle utility and stored in a binary file. You can use logical backups to supplement physical backups.
There are two ways to perform Oracle backup and recovery: Recovery Manager and user-managed backup and recovery.
Recovery Manager (RMAN) is an Oracle utility that can back up, restore, and recover database files. It is a featur
e of the Oracle database server and does not require separate installation.
You can also use operating system commands for bac kups and SQL*Plus for recovery. This method, also called user-managed backup and recovery, is fully supported by Oracle, although use of RMAN is highly recommended because it is more robust and greatly simplifies administration.
Whether you use RMAN or user-m anaged methods, you can supplement your physical backups with logical backups of schema objects made using the Export utility. The ut ility writes data from an Oracle database to binary operating system files. You can later use Import to restore this data into a data base.
This section contains the following topics:
A consistent backup is one in which the files being backed up contain all changes up to the same system change number (SCN). This means that the files in the backup contain all the d ata taken from a same point in time. Unlike an inconsistent backup, a consistent whole database backup does not require recovery afte r it is restored.
An inconsistent backup is a backup of one or more database files that you make while the database is open or after the database has shut down abnormally.
A consistent back up of a database or part of a database is a backup in which all read/write datafiles and control files are checkpointed with the same SCN.
The only way to make a consistent whole database backup is to shut down the database with the NORMAL, IMMEDIATE, or TRANSACTIONAL options and make the backup while the database is closed. If a database is not shut
down cleanly, for example, an instance fails or you issue a SHUTDOWN ABORT statement, then the database's datafiles a
re always inconsistent—unless the database is a read-only database.
Oracle makes the control files and datafiles consistent to the same SCN during a database che ckpoint. The only tablespaces in a consistent backup that are allowed to have older SCNs are read-only and offline norma l tablespaces, which are still consistent with the other datafiles in the backup because no changes have been made to them.
Th e important point is that you can open the database after restoring a consistent whole database backup without needing recovery because the data is already consistent: no action is required to make the data in the restored datafiles correct. Hence, you can restore a year-old consistent backup of your database without performing media recovery and without Oracle performing instance recove ry. Of course, when you restore a consistent whole database backup without applying redo, you lose all transactions that were made si nce the backup was taken.
A consistent whole database backup is the only valid backup option for databases operating in
NOARCHIVELOG mode, because otherwise recovery is necessary for consistency. In NOARCHIVELOG mode, Oracle does not
archive the redo logs, and so the required redo logs might not exist on disk. A consistent whole backup is also a valid backup optio
n for databases operating in ARCHIVELOG mode. When this type of backup is restored and archived logs are available, you
have the option of either opening the database immediately and losing transactions that were made since the backup was taken, or appl
ying the archived logs to recover those transactions.
An inconsistent backup is a b ackup in which the files being backed up do not contain all the changes made at all the SCNs. In other words, some changes are missin g. This means that the files in the backup contain data taken from different points in time. This can occur because the datafiles are being modified as backups are being taken. Oracle recovery makes inconsistent backups consistent by reading all archived and online redo logs, starting with the earliest SCN in any of the datafile headers, and applying the changes from the logs back into the datafi les.
If the database must be up and running 24 hours a day, 7 days a week, then you have no choice but to perform inconsistent
backups of the whole database. A backup of online datafiles is called an online backup. This requires that you run your database in ARCHIVELOG mode.
If you run the database in ARCHIVELOG<
/code> mode, then you do not have to back up the whole database at one time. For example, if your database contains seven tablespaces
, and if you back up the control file as well as a different tablespace each night, then in a week you will back up all tablespaces i
n the database as well as the control file. You can consider this staggered backup as a whole database backup. However, if such a sta
ggered backup must be restored, then you need to recover using all archived redo logs that were created since the earliest backup was
taken.
|
Caution: Oracle s trongly recommends that you do not make inconsistent, closed database backups inNOARCHIVELOG mode. If such a backup is
used to restore the database, then data corruption might result. |
After an online backup or in consistent closed backup, always ensure that you have the redo necessary to recover the backup by archiving the unarchived redo logs.
After open or inconsistent closed backups, Oracle recommends backing up all archived logs prod uced during the backup, and then backing up the control file after the backup completes. If you do not have all archived redo logs pr oduced during the backup, then you cannot recover the backup because you do not have all the redo records necessary to make it consis tent.
This section contains the following topics:
A whole database backup is either a consistent backup or an inconsistent backup. Whether a backup is consistent determines whether you need to apply redo logs after restoring the backup.
A tablespace backup is a backup of the datafiles that constitute t
he tablespace. For example, if tablespace users contains datafiles 2, 3, and 4, t
hen a backup of tablespace users backs up these three datafiles.
Tablespace backups, whether online or offline, a
re valid only if the database is operating in ARCHIVELOG mode. The reason is that redo is required to make the restored
tablespace consistent with the other tablespaces in the database.
A datafile backup is a
backup of a single datafile. Datafile backups, which are not as common as tablespace backups, are valid in ARCHIVELOG da
tabases. The only time a datafile backup is valid for a database in NOARCHIVELOG mode is if:
The datafiles are read only or offline-normal.
There are two ty pes of backups: image copies and backup sets. An image copy is an exact duplicate of a datafile, control file, or archived log. You c an create image copies of physical files with operating system utilities or RMAN, and you can restore them as-is without performing a dditional processing by using either operating system utilities or RMAN.
Note:
Unlike operating system copies, RMAN validates the blocks in t he file and records the copy in the repository.A backup set is a backup in a proprietary format that consists of one or more physical files called backup pieces. It differs from an image co py in that it can contain more than one database file, and it can also be backed up using special processing, such as compression or incremental backup. You must use RMAN to restore a backup set.
Because the database continues writing to the file during an online backup, there is the possibi lity of backing up inconsistent data within a block. For example, assume that either RMAN or an operating system utility reads the bl ock while database writer is in the middle of updating the block. In this case, RMAN or the copy utility could read the old data in t he top half of the block and the new data in the bottom top half of the block. The block is a fractured block, meaning that the data in this block is not consistent.
During an RMAN backup, the Oracle database server reads the datafiles, not an operating syste m utility. The server reads each block and determines whether the block is fractured. If the block is fractured, then Oracle re-reads the block until it gets a consistent picture of the data.
When you back up an online datafile with an operating system utilit
y (rather than with RMAN), you must use a different method to handle fractured blocks. You must first place the files in backup mode
with the ALTER TABLESPACE BEGIN BACKUP statement (to back up an individual tables
pace), or the ALTER DATABASE BEGIN BACKUP statement (to back up the entire databa
se). After an online backup is completed, you must run the ALTER TABLESPACE ... END BACKUP or ALTER DATABASE END BACKUP statement to take the tablesp
ace out of backup mode.
When updates are made to files in backup mode, additional redo data is logged. This additional data is needed to repair fractured blocks that might be backed up by the operating system utility.
Backing up the control file is a crucial aspect of backup and recovery. Without a control file, you cannot mount or open the d atabase.
You can instruct RMAN to automatically backup the control file whenever you run backup jobs. The command is CON
FIGURE CONTROLFILE AUTOBACKUP. Because the autobackup uses a default filename, RMAN can restore this
backup even if the RMAN repository is unavailable. Hence, this feature is extremely useful in a disaster recovery scenario.
Y ou can make manual backups of the control file by using the following methods:
The RMAN BACKUP CURRENT CONTROLFILE command makes a binary backup of the control file, as either a backup set or an ima
ge copy.
The SQL statement ALTER DATABASE BACKUP CONTROLFIL
E makes a binary backup of the control file.
The SQL statement ALTER DATABASE<
/code> BACKUP CONTROLFILE TO TRACE exports the control file contents to a SQL scr
ipt file. You can use the script to create a new control file. Trace file backups have one major disadvantage: they contain no record
s of archived redo logs, and RMAN backups and copies. For this reason, binary backups are preferable.
Archi
ved redo logs are essential for recovering an inconsistent backup. The only way to recover an inconsistent backup without archived lo
gs is to use RMAN incremental backups. To be able to recover a backup through the most recent log, every log generated between these
two points must be available. In other words, you cannot recover from log 100 to log 200 if log 173 is missing. If log 173 is missing
, then you must halt recovery at log 172 and open the database with the RESETLOGS option.
Because archived redo l ogs are essential to recovery, you should back them up regularly. If possible, then back them up regularly to tape.
You can ma ke backups of archived logs by using the following methods:
The RMAN BACKUP ARCHIVELO
G command
The RMAN BACKUP ... PLUS ARCHIVELOG
command
An operating system utility
To restore a physical backup of a datafile or control file is to reconstruct it and make it available to the Oracle database server. To recover a restored datafile is to update it by applying archi ved redo logs and online redo logs, that is, records of changes made to the database after the backup was taken. If you use RMAN, the n you can also recover datafiles with incremental backups, which are backups of a datafile that contain only blocks that changed afte r a previous incremental backup.
After the necessary files are restored, media recovery must be initiated by the user. Media r ecovery involves various operations to restore, roll forward, and roll back a backup of database files.
Media recovery applies archived redo logs and online redo logs to recover the datafiles. Whenever a change is made to a datafile, the change is first recorded in the online redo logs. Media recovery selectively applies the changes recorded in the online and archived redo logs to the restored datafile to roll it forward.
To correct problems caused by logical data corrupti ons or user errors, you can use Oracle Flashback. Oracle Flashback Database and Oracle Flashback Table let you quickly recover to a p revious time.
Figure 15-2 illustrates the basic principle of backing up, restoring, and performing med ia recovery on a database.
Unlike media recovery, Oracle performs crash recovery and instance recovery automatically after an instance failure. Crash and instance recovery recover a database to its transaction-cons istent state just before instance failure. By definition, crash recovery is the recovery of a database in a single-instance configura tion or an Oracle Real Application Clusters configuration in which all instances have crashed. In contrast, instance recovery is the recovery of one failed instance by a live instance in an Oracle Real Application Clusters configuration.
This section contains the following topics:
< a href="#i1006585">Overview of RMAN and User-Managed Restore and Recovery
Other Types of Oracle Recovery
|
See Also: |
The type of recovery that takes a backup and applie s redo is called media recovery. Media recovery updates a backup to either to the current or to a specified prior time. Typically, th e term "media recovery" refers to recovery of datafiles. Block media recovery is a more specialized operation that you use when just a few blocks in one or more files have been corrupted. In any case, you always use a restored backup to perform the recovery.
This section contains the following topics:
Complete recovery involves using redo data o r incremental backups combined with a backup of a database, tablespace, or datafile to update it to the most current point in time. I t is called complete because Oracle applies all of the redo changes contained in the archived and online logs to th e backup. Typically, you perform complete media recovery after a media failure damages datafiles or the control file.
You can perform complete recovery on a database, tablespace, or datafile. If you are performing complete recovery on the whole database, then you must:
Mount the database
Ensure that all datafiles you want to recover are online
Restore a backup of the whole database or the files you want to recover
Apply online or archived redo logs, or a combination of the two
If you are performing complete recovery on a tablespace or datafile, then you must:
Take the tablespace or datafile to be recovered offline if the database is open
Restore a backup of the datafiles you want to recover
Appl y online or archived redo logs, or a combination of the two
Incomplete recovery, or po int-in-time recovery, uses a backup to produce a noncurrent version of the database. In other words, you do not apply all of the redo records generated after the most recent backup. You usually perform incomplete recovery of the whole database in the following situa tions:
Media failure destroys some or all of the online redo logs.
A user e rror causes data loss, for example, a user inadvertently drops a table.
You cannot perform complete reco very because an archived redo log is missing.
You lose your current control file and must use a backup c ontrol file to open the database.
To perform incomplete media recovery, you must restore all datafiles from backups
created prior to the time to which you want to recover and then open the database with the RESETLOGS option when recover
y completes. The RESETLOGS operation creates a new incarnation of the database—in other words, a database with a new stream of log sequence numbers starting with lo
g sequence 1.
Before using the OPEN RESETLOGS command to open the database in read/write mode after
an incomplete recovery, it is a good idea to first open the database in read-only mode, and inspect the data to make sure that the da
tabase was recovered to the correct point. If the recovery was done to the wrong point, then it is easier to re-run the recovery if n
o OPEN RESETLOGS has been done. If you open the database read-only and discover that not enough recovery wa
s done, then just run the recovery again to the desired time. If you discover that too much recovery was done, then you must restore
the database again and re-run the recovery.
|
N ote: Flashback Database is another way to perform incomplete recovery. |
The tablespace point-in-time recovery (TSPITR) feature lets you recover one or more tablespaces to a point in time that is different from the rest of the database. TSPITR is most useful when you want to:
Recover from an erroneous drop or truncate table operation
Recover a table that has become logically corrupted
Recover from an incorrect batch job or other DML statement that has affected only a subset of the database
Recover one independent schema t o a point different from the rest of a physical database (in cases where there are multiple independent schemas in separate tablespac es of one physical database)
Recover a tablespace on a very large database (VLDB) rather than restore th e whole database from a backup and perform a complete database roll-forward
TSPITR has the following limitations:
You cannot use it on the SYSTEM tablespace, an UNDO tablespace, or any tablespace that contai
ns rollback segments.
Tablespaces that contain interdependent data must be recovered together. For examp le, if two tables are in separate tablespaces and have a foreign key relationship, then both tablespaces must be recovered at the sam e time; you cannot recover just one of them. Oracle can enforce this limitation when it detects data relationships that have been exp licitly declared with database constraints. There could be other data relationships that are not declared with database constraints. Oracle cannot detect these, and the DBA must be careful to always restore a consistent set of tablespaces.
|
|
Because you are not completely recovering the database to the mo st current time, you must tell Oracle when to terminate recovery. You can perform the following types of media recovery.
| Type of Recovery | Function |
|---|---|
| Time-based recovery | Recovers the data up to a specified point in time. |
| Cancel-based recovery | Recovers until you issue the CANCEL
statement (not available when using Recovery Manager). |
| Change-based recovery | Recovers until the specified SCN. |
| Log sequence recovery | Recovers until the specified log sequence number (only available when using Recovery Manager). |
Datafile media recovery is used to recover fro
m a lost or damaged current datafile or control file. It is also used to recover changes that were lost when a tablespace went offlin
e without the OFFLINE NORMAL option. Both datafile media recovery and instance recovery must repair databas
e integrity. However, these types of recovery differ with respect to their additional features. Media recovery has the following char
acteristics:
Applies changes to restored backups of damaged datafiles.
Can use archived logs as well as online logs.
Requires explicit invocation by a user.
Does not detect media failure (that is, the need to restore a backup) automatically. After a backup has been restored, however , detection of the need to recover it through media recovery is automatic.
Has a recovery time governed solely by user policy (for example, frequency of backups, parallel recovery parameters, number of database transactions sinc e the last backup) rather than by Oracle internal mechanisms.
The database cannot be opened if any of the online dat afiles needs media recovery, nor can a datafile that needs media recovery be brought online until media recovery is complete. The fol lowing scenarios necessitate media recovery:
You restore a backup of a datafile.
You restore a backup control file (even if all datafiles are current).
A datafile is taken offline
(either by you or automatically by Oracle) without the OFFLINE NORMAL option.
Unless the database is not open by any instance, datafile media recovery can only operate on offline datafiles. You can initiate datafile media recovery before opening a database even when crash recovery would have sufficed. If so, crash recovery still runs automatically at da tabase open.
Note that when a file requires media recovery, you must perform media recovery even if all necessary cha nges are contained in the online logs. In other words, you must still run recovery even though the archived logs are not needed. Medi a recovery could find nothing to do — and signal the "no recovery required" error — if invoked for files that do not ne ed recovery.
Block media recovery is a technique for restoring and recovering individual data blocks while all database files remain online and available. If corruptio n is limited to only a few blocks among a subset of database files, then block media recovery might be preferable to datafile recover y.
The interface to block media recovery is provided by RMAN. If you do not already use RMAN as your principal backup and reco very solution, then you can still perform block media recovery by cataloging into the RMAN repository the necessary user-managed data file and archived redo log backups.
|
See Also: Oracle Database Recovery Manager Refe rence for information on how to catalog user-managed datafile and archived log backups and to perform block media recovery |
The basic RMAN recovery commands are RESTORE and RECOVER. Use RESTORE to restore datafiles from backup sets or from image copies on disk, either to their current
location or to a new location. You can also restore backup sets containing archived redo logs, but this is usually unnecessary, beca
use RMAN automatically restores the archived logs that are needed for recovery and deletes them after the recovery is finished. Use t
he RMAN RECOVER command to perform media recovery and apply archived logs or incremental backups.
RMAN automates the procedure for recovering and restoring your backups and copies.
See Also:
Oracl e Database Recovery Manager Reference for details about how to restore and recover using RMANIf you do not use RMAN, then you can restore backups with operating
system utilities and then run the SQL*Plus RECOVER command to recover the database. You should follow these basic steps:
After identifying which files are damaged, place the database in the appropriate state for resto re and recovery. For example, if some but not all datafiles are damaged, then take the affected tablespaces offline while the databas e is open.
Restore the files with an operating system utility. If you do not have a backup, it is sometimes possible to perform recovery if you have the necessary redo logs dating from the time when the datafiles were first created and the control f ile contains the name of the damaged file.
If you cannot restore a datafile to its original location, then relocate the restor ed datafile and change the location in the control file.
Restore any necessary archived redo log files.
Use the SQL*Plus RECOVER command to recover the datafile backups.
|
See Also: Oracle Dat abase Backup and Recovery Advanced User's Guide for details about how to restore and recover with operating system utilities and SQL*Plus |
To correct problems caus ed by logical data corruptions or user errors, you can use Oracle Flashback. Flashback Database and Flashback Table let you quickly r ecover to a previous time.
This section contains the following topics:
Oracle Flashback Da tabase lets you quickly recover an Oracle database to a previous time to correct problems caused by logical data corruptions or user errors.
If an Oracle managed disk area, called a flash recovery area is configured, and if you have enabled the Flashback func
tionality, then you can use the RMAN and SQL FLASHBACK DATABASE commands to return the database to a prior
time. Flashback Database is not true media recovery, because it does not involve restoring physical files. However, Flashback is pref
erable to using the RESTORE and RECOVER commands in some cases, because it is faster and easier, and does n
ot require restoring the whole database.
To Flashback a database, Oracle uses past block images to back out changes to the database. During normal da tabase operation, Oracle occasionally logs these block images in Flashback logs. Flashback logs are written sequentially, and they ar e not archived. Oracle automatically creates, deletes, and resizes Flashback logs in the flash recovery area. You only need to be awa re of Flashback logs for monitoring performance and deciding how much disk space to allocate to the flash recovery area for Flashback logs.
The amount of time it takes to Flashback a database is proportional to how far back you need to revert the database, ra ther than the time it would take to restore and recover the whole database, which could be much longer. The before images in the Flas hback logs are only used to restore the database to a point in the past, and forward recovery is used to bring the database to a cons istent state at some time in the past. Oracle returns datafiles to the previous point-in-time, but not auxiliary files, such as initi alization parameter files.
|
See Also:
|
Oracle Flashback T able lets you recover tables to a specified point in time with a single statement. You can restore table data along with associated i ndexes, triggers, and constraints, while the database is online, undoing changes to only the specified tables. Flashback Table does n ot address physical corruption; for example, bad disks or data segment and index inconsistencies.
Flashback Table works like a
self-service repair tool. Suppose a user accidentally deletes some important rows from a table and wants to recover the deleted rows
. You can restore the table to the time before the deletion and see the missing rows in the table with the FLASHBACK
You can revert the table and its contents to a certain wall clock time or user-specified system cha nge number (SCN). Use Flashback Table with Oracle Flashback Version query and Flashback Transaction Query to find a time to which the table should be restored back to.
|
See Also: "Overview of Oracle Flashback Query" for information about Oracle Flash back Query "Overview of Oracle Flashback Database" for information about reverting an entire database to an earlier point in time |
For Flashback Table t o succeed, the system must retain enough undo information to satisfy the specified SCN or timestamp, and the integrity constraints sp ecified on the tables cannot be violated. Also, row movement must be enabled.
The point of time in the past that you use Flash back Table to go to is controlled by the undo retention of the system. Initialization parameters specify the duration for which undo information is to be saved before being used for other transactions. The longer the undo information is available, the further back i n time can the database version be available to Flashback. Typically, DBAs supply sufficient space to the undo tablespace to be able to Flashback for a couple of days.
|
Note: Oracle strongly recommends that you run your database in automatic undo management mode. In addition, set the undo re tention to an interval large enough to include the oldest data you anticipate needing. |
|
See Also:
|
This section contains the following topics:
Database buffers in the buffer cache in the SGA are written to disk only whe n necessary, using a least-recently-used (LRU) algorithm. Because of the way that the database writer process uses this algorithm to write database buffers to datafiles, datafiles could contain some data blocks modified by uncommitted transactions and some data bloc ks missing changes from committed transactions.
Two potential problems can result if an instance failure occurs:
Data blocks modified by a transaction might not be written to the datafiles at commit time and might only appear in the redo log. Therefore, the redo log contains changes that must be reapplied to the database during re covery.
After the roll forward phase, the datafiles could contain changes that had not been committed at the time of the failure. These uncommitted changes must be rolled back to ensure transactional consistency. These changes were eithe r saved to the datafiles before the failure, or introduced during the roll forward phase.
To solve this dilemma, two separate steps are generally used by Oracle for a successful recovery of a system failure: rolling forward with the redo log (cache recovery) and rolling back with the rollback or undo segments (transaction recovery).
The online redo log is a set of operating system files that record all changes made to any database block, including data, index, and rollback segments, whether the changes are committed or uncommitted. All changes to Oracle blocks are recorded in the online log.
The first step of recovery from an instance or disk failure is called cache recovery or rolling forward, and involves reapplying all of the changes recorded in the redo log to the datafiles . Because rollback data is also recorded in the redo log, rolling forward also regenerates the corresponding rollback segments
Rolling forward proceeds through as many redo log files as necessary to bring the database forward in time. Rolling forward usually includes online redo log files (instance recovery or media recovery) and could include archived redo log files (media recovery only).
After rolling forward, the data blocks contain all committed changes. They could also contain uncommitted changes that were e ither saved to the datafiles before the failure, or were recorded in the redo log and introduced during cache recovery.
You can run Oracle in either manual undo management mode< /strong> or automatic undo management mode. In manual mode, you must create a nd manage rollback segments to record the before-image of changes to the database . In automatic undo management mode, you create one or more undo tablespaces. These undo tablespaces contain undo segments similar to traditional rollback segments. The main difference is that Oracle manages the undo for you.
Undo blocks (whether in rollback segments or automatic undo tablespaces) record database actions that should be undone during certain database operations. In database recovery, the undo blocks roll back the effects of uncommitted transactions previously applied by the rolling forward phase.
After the roll forward, any changes that were not c ommitted must be undone. Oracle applies undo blocks to roll back uncommitted changes in data blocks that were either written before t he failure or introduced by redo application during cache recovery. This process is called rol ling back or transaction recovery.
Figure 15-3 illustrates rolling forward and rolling back, the two steps necessary to recover f rom any type of system failure.
Figure 15-3 Basic Recovery Steps: Rolling Forward and Rolling Back
Oracle ca n roll back multiple transactions simultaneously as needed. All transactions systemwide that were active at the time of failure are marked as terminated. Instead of waiting for SMON to roll back terminated transactions, new transactions can recover blocking transactions thems elves to get the row locks they need.
Crash recovery is used to recover from a failure either when a single-instance database fails or all instances of an Oracle Real Application Clusters database fail. Instance recovery refers to the case where a surviving instance recovers a failed instance in an Oracle Real Application Clusters database.
The goal of crash and instance recovery is to restore the data block changes located in the cache of the terminated instance and to clos e the redo thread that was left open. Instance and crash recovery use only online redo log files and current online datafiles. Oracle recovers the redo threads of the terminated instances together.
Crash and instance recovery involve two distinct operations: rolling forward the current, online datafiles by applying both committed and unco mmitted transactions contained in online redo records, and then rolling back changes made in uncommitted transactions to their origin al state.
Crash and instance recovery have the following shared characteristics:
Redo the changes
using the current online datafiles (as left on disk after the failure or SHUTDOWN ABORT)
Use only the online redo logs and never require the use of the archived logs
Have a recovery time governed by the number of terminated instances, amount of redo generated in each terminated redo thread since the last checkpoi nt, and by user-configurable factors such as the number and size of redo log files, checkpoint frequency, and the parallel recovery s etting
Oracle performs this recovery automatically on two occasions:
At the first datab ase open after the failure of a single-instance database or all instances of an Oracle Real Applications Cluster database (crash reco very).
When some but not all instances of an Oracle Real Application Clusters configuration fail (instan ce recovery). The recovery is performed automatically by a surviving instance in the configuration.
The important po int is that in both crash and instance recovery, Oracle applies the redo automatically: no user intervention is required to supply re do logs. However, you can set parameters in the database server that can tune the duration of instance and crash recovery performance . Also, you can tune the rolling forward and rolling back phases of instance recovery separately.
|
See Also: Oracle Database Backup and Recovery Advanced User's Guide for a discussion of instance reco very mechanics and instructions for tuning instance and crash recovery |
This section contains the following topics:
Use media recovery whe n one or more datafiles has been physically damaged. This can happen due to hardware errors or user errors, such as accidentally dele ting a file. Complete media recovery is used with individual datafiles, tablespaces, or the entire database.
Use incomplete me dia recovery when the database has been logically damaged. This can happen due to application error or user error, such as accidental ly deleting a table or tablespace. Incomplete media recovery is used only with the whole database, not with individual datafiles or t ablespaces. (If you do not want to do incomplete media recovery of the entire database, you can do tablespace point-in-time recovery with individual tablespaces.)
Use block media recovery when a small number of blocks in one or more files have been physically damaged. This usually happens due to hardware errors, such as a bad disk controller, or operating system I/O errors. Block media rec overy is used with individual data blocks, and the remainder of the database remains online and available during the recovery.
Flashback Table is a push button solution to restore the contents of a table to a given point in time. An application on top of Flashback Query can achieve this, but with less efficiency.
Flashback Database applies to the entire database. It requires configuration and resources, but it prov ides a fast alternative to performing incomplete database recovery.
Flashback Table uses information in the undo tablespace to restore the table. This provides significant benefits over media recovery in terms of ease of use, availability, and faster restorat ion.
Flashback Database and Flashback Table differ in granularity, performance, and restrictions. For a primary database, cons ider using Flashback Database rather than Flashback Table in the following situations:
There is a logica l data corruption, particularly undo corruption.
A user error affected the whole database.
A user error affected a table or a small set of tables, but the impact of reverting this set of tables is not clear b ecause of the logical relationships between tables.
A user error affected a table or a small set of tabl es, but using Flashback Table would fail because of its DDL restrictions.
Flashback Database works throu gh all DDL operations, whereas Flashback Table does not. Also, because Flashback Database moves the entire database back in time, con straints are not an issue, whereas they are with Flashback Table. Flashback Table cannot be used on a standby database.
To do an out of place restore of the data, perform a CTAS (CREATE TABLE AS
SELECT … AS OF …) using the Flashback Query SQL "AS OF …" clause. For exa
mple, to create a copy of the table as of a specific time:
CREATE TABLE old_emp AS SELECT * FROM emplo yees AS OF TIMESTAMP ‘2002-02-05 14:15:00'
For out of place creation of the table, you only get data back. Constr aints, indexes, and so on are not restored. This could take significantly more time and space than Flashback Table. However, Flashbac k Table only restores rows in blocks that were modified after the specified time, making it more efficient.
In contrast to physical backups, logical backups are exports of schema objects, like tables and stored procedures, into a binary file. Oracle utilities are used to move Oracle schema objects in and out of Oracle. Export, or Data Pump Export, writes data from an Oracle database to binary operating system files. Import, or Data Pump Import, reads export files and restores the corresponding dat a into an existing database.
Although import and export are designed for moving Oracle data, you can also use them as a supple mental method of protecting data in an Oracle database. You should not use Oracle import and export utilities as the sole method of b acking up your data.
Oracle import and export utilities work similarly to CTAS, but they restore constraints, indexes, and so on. They effectively re-create the whole table if an export was performed earlier corresponding to the Flashback time. Flashback Tabl e is more performance efficient than import/export utilities, because it restores only the subset of rows that got modified.
Use tablespace point-in-time recovery when one or more tablespaces have been logically damaged, and you do not want to do incomplete media recovery of the entire database. Tablespace point-in-time recovery is used with individual tablespaces.
< div align="center">The flash recovery area is an Oracle-managed directory, file system, or Automatic Storage Management disk group that provides a centralized disk locatio n for backup and recovery files. Oracle creates archived logs in the flash recovery area. RM AN can store its backups in the flash recovery area, and it uses it when restoring files during media recovery. The flash recovery ar ea also acts as a disk cache for tape.
Oracle recovery components interact with the flash recovery area ensuring that the data base is completely recoverable using files in flash recovery area. All files necessary to recover the database following a media fail ure are part of flash recovery area.
Following is a list of recovery-related files in flash recovery area:
Current control file
Online logs
Archived logs
Flashback logs
Control file autobackups
Control file copies
< /li>Datafile copies
Backup pieces
Oracle and RMAN create files in the flash recover y area until the space used reaches the flash recovery area disk limit. Then, Oracle deletes the minimum set of existing files from t he flash recovery area that are obsolete, redundant copies, or backed up to tertiary storage. Oracle warns the user when available di sk space is less than 15%, but it continues to fill the disk to 100% of the flash recovery area disk limit.
The bigger the fla sh recovery area, the more useful it becomes. The recommended disk limit is the sum of the database size, the size of incremental bac kups, and the size of all archive logs that have not been copied to tape.
If the flash recovery area is big enough to keep a c opy of the tablespaces, then those tablespaces do not need to access tertiary storage. The minimum size of the flash recovery area sh ould be at least large enough to contain archive logs that have not been copied to tape. For example, if an ASM disk group of size 10 0 GB is used with normal redundancy for the flash recovery area, then the flash recovery area disk limit must be set to 50 GB.
|
See Also:
|
|
 Copyright © 1993, 2003 Oracle Corporation All Rights Reserved. |
|
