You can create one or more databases on each Oracle Exadata Database Service on Dedicated
Infrastructure system. Other
than the storage and processing limits of your Oracle Exadata system, there is no
maximum for the number of databases that you can create. By default, databases on Exadata Cloud Infrastructure use Oracle Database Enterprise
Edition - Extreme Performance. This edition provides all the features of Oracle Database
Enterprise Edition, plus all of the database enterprise management packs, and all of the
Enterprise Edition options, such as Oracle Database In-Memory, and Oracle Real
Application Clusters (Oracle RAC). If you use your own Oracle Database licenses, then
your ability to use various features is limited by your license holdings. TDE Encryption
is required for all cloud databases. All new tablespaces will automatically be enabled
for encryption.
Click Add Ingress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the VCN where the database resides.
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 8005
Description: Specify an optional description of the ingress rule to help manage the security rules.
Click Add Ingress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the VCN where the database resides.
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 2484
Description: Specify an optional description of the ingress rule to help manage the security rules.
Click Add Ingress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the target VCN
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 8005
Description: Specify an optional description of the ingress rule to help manage the security rules.
Click Add Ingress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the target VCN
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 2484.
Description: Specify an optional description of the ingress rule to help manage the security rules.
Add Egress rules on the target.
These are optional if the egress traffic is opened for all IPs and ports.
Click Add Egress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the source VCN
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 8005
Description: Specify an optional description of the ingress rule to help manage the security rules.
Click Add Egress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:
Source Type: CIDR
Source CIDR: Specify the CIDR of the source VCN
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 2484
Description: Specify an optional description of the ingress rule to help manage the security rules.
Note: Ensure that recovery service subnets (RSS) are present in both regions and are attached to the peer VCNs, namely, source RSS attached to source VCN and target RSS attached to target VCN. For more information, see Creating a Recovery Service Subnet in the Database VCN.
Perform DNS peering between local and remote VCNs.
Prerequisites for Oracle Database, Object Storage Cross Region Restore (Same Tenancy) 🔗
The VCNs in region A, where the new database will be located, and region B, where the backups are stored, should be remote peered using a DRG. For more information, see Remote VCN Peering through an Upgraded DRG.
Once the remote peer is established, the DRG in the region with Object Storage should be configured to advertise Object Storage routes towards region A. Go to Private Access to Oracle Services and follow the steps outlined under For routing directly between gateways.
Note
In the "Transit routing directly through gateways", the "on-premises network" will be Region A. Specifically the IP addresses of the "on-premises network" will be the Backup Subnet CIDR of Region A's VCN.
"For routing directly between gateways" steps:
If you have a VCN and SGW in the region with Object Storage, skip Tasks 1 and 2
Skip Task 3
In Task 4, instead of selecting the "All OSN services" route, select the "Object Storage" route.
You'll also need to confirm security lists, and that the VCN route table applied to the backup subnet in Region A, has a route rule to the DRG for Region B's Object Storage CIDRs.
Within the JSON, locate the region attribute corresponding to Region B. Within the region, next locate the CIDR ranges for the Object Storage, the corresponding CIDR will have "tags" 0 and 1 of "OSN" and "OBJECT_STORAGE".
Note, some regions will have multiple CIDRs for "OSN" and "OBJECT_STORAGE", create a route rule for each in the route table.
Once completed, confirm remote access to Region's B Object Storage from Region A.
This provides network connectivity to Object Storage. The network cannot permit or prohibit specific Object Storage operations. For that, look to use IAM policies.
Oracle Database Releases Supported by Oracle Exadata Database Service on Dedicated
Infrastructure 🔗
Exadata Cloud Infrastructure databases require Enterprise Edition - Extreme Performance subscriptions or you can bring your own Oracle Enterprise Edition software licenses.
The Enterprise Edition - Extreme Performance provides all the features of Oracle Database Enterprise Edition, plus all the database enterprise management packs and all the Enterprise Edition options, such as Oracle Database In-Memory and Oracle Real Application Clusters (Oracle RAC).
Exadata Cloud Infrastructure supports the following database versions:
Oracle Database 23ai
Oracle Database 19c
Oracle Database 12c Release 2 (12.2) (Upgrade Support Required)
Oracle Database 12c Release 1 (12.1) (Upgrade Support Required)
Oracle Database 11g Release 2 (11.2) (Upgrade Support Required)
Note
Earlier database versions are supported on a 19c cloud VM cluster and can be created at anytime. Cloud VM clusters created with earlier Oracle Database versions will not automatically support Oracle Database 19c.
To use Autonomous Recovery Service as a backup destination, your target database must have a minimum compatibility level of 19.0 (the COMPATIBLE initialization parameter must be set to 19.0.0 or higher).
This topic describes creating and managing Oracle Databases on an Exadata Cloud Infrastructure instance instance.
In this documentation, "database" refers to a container database (CDB). When
you provision a database in an Exadata cloud VM cluster, the database includes an
initial pluggable database (PDB). For more information on these resource types, see
Multitenant Architecture in the
Oracle Database documentation. See Exadata Pluggable Database
Operations for more information on pluggable databases in Exadata Cloud Infrastructure.
You can create Database Homes, databases, and pluggable databases at any time by using
the Console or the Database APIs.
When you add a database to a VM cluster on an Exadata instance, the database
versions you can select from depend on the current patch level of that resource. You may
have to patch your VM cluster to add later database versions.
After you provision a database, you can move it to another Database Home. Consolidating
databases under the same home can facilitate management of these resources. All
databases in a given Database Home share the Oracle Database binaries and therefore,
have the same database version. The Oracle-recommended way to patch a database to a
version that is different from the current version is to move the database to a home
running the target version. For information about patching, see Patching an Exadata Cloud Service
Instance.
Note
When provisioning databases, make sure
your VM cluster has enough OCPUs enabled to support the total number of database
instances on the system. Oracle recommends the following general rule: for each
database, enable 1 OCPU per node. See To scale CPU cores in an Exadata Cloud
Service cloud VM cluster or DB system for information on scaling your OCPU
count up or down.
When you create an Exadata database, you can choose to encrypt the database
using your own encryption keys that you manage. You can rotate encryption keys,
periodically, to maintain security compliance and, in cases of personnel changes, to
disable access to a database.
Note
The encryption key you use must be AES-256.
To ensure that your Exadata database uses the most current versions
of the Vault encryption key, rotate the key from the Database Details page on
the Oracle Cloud Infrastructure Console. Do not use the Vault service's Console
pages to rotate your Database keys.
You can also add and remove databases, and perform other management tasks on a database
by using command line utilities. For information and instructions on how to use these
utilities, see Creating and Managing Exadata Databases
Manually.
Customer-Managed Keys in Exadata Cloud Infrastructure Customer-managed keys for Exadata Cloud Infrastructure is a feature of Oracle Cloud Infrastructure (OCI) Vault service that enables you to encrypt your data using encryption keys that you control.
When creating a container database, the initialization parameter,
SGA_TARGET is set by the automation. This will automatically
size the SGA memory pools. The setting will vary depending on the size of the
database VM total memory. If the VM has less than or equal to 60 GB of system
memory, SGA_TARGET is set to 3800 MB. If the VM has 60 GB or more
system memory, SGA_TARGET is set to 7600 MB.
The database initialization parameter USE_LARGE_PAGES
is set to ONLY upon database creation, which will require the use of large pages for
SGA memory. If the VM is configured with insufficient large pages, the instance will
fail to start.
Customer-Managed Keys in Exadata Cloud Infrastructure 🔗
Customer-managed keys for Exadata Cloud Infrastructure is a feature of Oracle Cloud Infrastructure (OCI) Vault
service that enables you to encrypt your data using encryption keys that you
control.
The OCI Vault service provides you with centralized key management capabilities
that are highly available and durable. This key-management solution also
offers secure key storage using isolated partitions (and a lower-cost shared
partition option) in FIPS 140-2 Level 3-certified hardware security modules,
and integration with select Oracle Cloud Infrastructure services. Use
customer-managed keys when you need security governance, regulatory
compliance, and homogenous encryption of data, while centrally managing,
storing, and monitoring the life cycle of the keys you use to protect your
data.
You can:
Enable customer-managed keys when you create databases in Exadata Cloud Infrastructure
Switch from Oracle-managed keys to customer-managed keys
Rotate your keys to maintain security compliance
Requirements
To enable management of customer-managed encryption keys, you must create a
policy in the tenancy that allows a particular dynamic group to do so,
similar to the following: allow dynamic-group dynamic_group_name to
manage keys in tenancy.
To enable Data Guard on Exadata Cloud Infrastructure databases that use customer-managed keys, the primary and standby databases must be in the same realm.
Task 1. Create a Vault and a Master Encryption Key
Create a vault in the Vault service by following the instructions in To create a new vault in Oracle Cloud Infrastructure Documentation. When following these instructions, Oracle recommends that you create the vault in a compartment created specifically to contain the vaults containing customer-managed keys, as described in Before You Begin: Compartment Hierarchy Best Practice.
After creating the vault, create at least one master encryption key in the vault by following the instructions in To create a new master encryption key in Oracle Cloud Infrastructure Documentation. When following these instructions, make these choices:
Create in Compartment: Oracle recommends that you create the master encryption key in the same compartment as its vault; that is, the compartment created specifically to contain the vaults containing customer-managed keys.
Protection Mode: Choose an appropriate value from the drop-down list:
HSM to create a master encryption key that is stored and processed on a hardware security module (HSM).
Software to create a master encryption key that is stored in a software file system in the Vault service. Software-protected keys are protected at rest using an HSM-based root key. You may export software keys to other key management devices or to a different OCI cloud region. Unlike HSM keys, software-protected keys are free of cost.
Key Shape Algorithm: AES
Key Shape Length: 256 bits
Oracle strongly recommends that you create a separate master encryption key for each of your container databases (CDBs). Doing so makes management of key rotation over time much simpler.
Task 2. Create a Service Gateway, a Route Rule, and an Egress Security Rule
Create a service gateway in the VCN (Virtual Cloud Network) where your Oracle Exadata Database Service on Dedicated Infrastructure resources reside by following the instructions in Task 1: Create the service gateway in Oracle Cloud Infrastructure Documentation.
After creating the service gateway, add a route rule and an egress security rule to each subnet (in the VCN) where Oracle Exadata Database Service on Dedicated Infrastructure resources reside so that these resources can use the gateway to access the Vault service:
Go to the Subnet Details page for the subnet.
In the Subnet Information tab, click the name of the subnet's Route Table to display its Route Table Details page.
In the table of existing Route Rules, check whether there is already a rule with the following characteristics:
Destination: All IAD Services In Oracle Services Network
Target Type: Service Gateway
Target: The name of the service gateway you just created in the VCN
If such a rule does not exist, click Add Route Rules and add a route rule with these characteristics.
Return to the Subnet Details page for the subnet.
In the subnet's Security Lists table, click the name of the subnet's security list to display its Security List Details page.
In the side menu, under Resources, click Egress Rules.
In the table of existing Egress Rules, check whether there is already a rule with the following characteristics:
Stateless: No
Destination: All IAD Services In Oracle Services Network
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 443
If such a rule does not exist, click Add Egress Rules and add an egress rule with these characteristics.
Task 3. Create a Dynamic Group and a Policy Statement
To grant your Oracle Exadata Database Service on Dedicated Infrastructure resources permission to access customer-managed keys, you create an IAM dynamic group that identifies these resources and then create an IAM policy that grants this dynamic group access to the master encryption keys you created in the Vault service.
When defining the dynamic group, you identify your Oracle Exadata Database Service on Dedicated Infrastructure resources by specifying the OCID of the compartment containing your Exadata Infrastructure resource.
Copy the OCID of the compartment containing your Exadata Infrastructure resource. You can find this OCID on the Compartment Details page of the compartment.
Create a dynamic group by following the instructions in To create a dynamic group in Oracle Cloud Infrastructure Documentation. When following these instructions, enter a matching rule of this format:
ALL {resource.compartment.id ='<compartment-ocid>'}
where <compartment-ocid> is the OCID of the compartment containing your Exadata Infrastructure resource.
After creating the dynamic group, navigate to (or create) an IAM policy in a compartment higher up in your compartment hierarchy than the compartment containing your vaults and keys. Then, add a policy statement of this format:
allow dynamic-group <dynamic-group-name>
to manage keys
in compartment <vaults-and-keys-compartment>
where all {
target.key.id='<key_ocid>',
request.permission!='KEY_DELETE',
request.permission!='KEY_MOVE',
request.permission!='KEY_IMPORT',
request.permission!='KEY_BACKUP’
}
If you are using a replicated virtual private vault for the Oracle Data Guard deployment, add an additional policy statement in this format:
allow dynamic-group <dynamic-group>
to read vaults
in tenancy | compartment <vaults-and-keys-compartment>
where <dynamic-group> is the name of the dynamic group you created and <vaults-and-keys-compartment> is the name of the compartment in which you created your vaults and master encryption keys.
To integrate customer-managed key management into Exadata Cloud Infrastructure If you choose to encrypt databases in an Exadata Cloud Infrastructure instance using encryption keys that you manage, then you may update the following two packages (using Red Hat Package Manager) to enable DBAASTOOLS to interact with the APIs that customer-managed key management uses.
To integrate customer-managed key management
into Exadata Cloud Infrastructure 🔗
If you choose to encrypt databases in an Exadata Cloud Infrastructure instance using encryption keys that you manage, then you may
update the following two packages (using Red Hat Package Manager) to enable DBAASTOOLS to
interact with the APIs that customer-managed key management uses.
KMS TDE CLI
To update the KMS TDE CLI package, you must complete the following task
on all nodes in the Exadata Cloud Infrastructure
instance:
Deinstall current KMS TDE CLI package, as
follows:
rpm -ev kmstdecli
Install the updated KMS TDE CLI package, as
follows:
rpm -ivh kms_tde_cli
LIBKMS
LIBKMS is a library package necessary to synchronize a database with customer-managed
key management through PKCS11. When a new version of LIBKMS is installed, any
databases converted to customer-managed key management continue to use the previous
LIBKMS version, until the database is stopped and restarted.
To update the LIBKMS package, you must complete the following task on
all nodes in the Exadata Cloud Infrastructure
instance:
Confirm that the LIBKMS package is already installed, as
follows:
rpm -qa --last | grep libkmstdepkcs11
Install a new version of LIBKMS, as
follows:
rpm -ivh libkms
Use SQL*Plus to stop and restart all databases converted to customer-managed key
management, as follows:
shutdown immediate;
startup;
Ensure that all converted databases are using the new LIBKMS version, as
follows:
for pid in $(ps aux | grep "<dbname>" | awk '{print $2;}'); do echo $pid; sudo lsof -p $pid | grep kms | grep "pkcs11_[0-9A-Za-z.]*" | sort -u; done | grep pkcs11
Deinstall LIBKMS packages that are no longer being used by any database, as
follows:
To move a database to another Database Home This task explains how to patch a single Oracle Database in your Exadata Cloud Infrastructure instance by moving it to another Database Home.
To create a database in an existing Exadata Cloud Infrastructure instance
🔗
This topic covers creating your first or subsequent databases.
Note
If IORM is enabled on the Exadata Cloud Infrastructure instance, then the default
directive will apply to the new database and system performance might be impacted.
Oracle recommends that you review the IORM settings and make applicable adjustments to
the configuration after the new database is provisioned.
Open the navigation menu. Click Oracle Database,
then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment.
Navigate to the cloud VM cluster or DB system you want to create the
database in:
Cloud VM clusters (The New Exadata Cloud
Infrastructure Resource Model): Under Oracle Exadata Database
Service on Dedicated Infrastructure, click Exadata VM
Clusters. In the list of VM clusters, find the VM cluster you
want to access and click its highlighted name to view the details page for the
cluster.
DB systems: Under Oracle
Base Database, click DB Systems. In the
list of DB systems, find the Exadata DB system you want to access, and then
click its name to display details about it.
Click Create Database.
In the Create Database dialog, enter the
following:
Note
You cannot modify
the db_name, db_unique_name, and SID prefix
after creating the database.
Database name: The name for the
database. The database name must meet the requirements:
Maximum of 8 characters
Contain only alphanumeric characters
Begin with an alphabetic character
Cannot be part of the first 8 characters of a
DB_UNIQUE_NAME on the VM cluster
DO NOT use the following reserved names:
grid, ASM
Database unique name suffix:
Optionally, specify a value for the
DB_UNIQUE_NAME database parameter. The value is
case insensitive.
The unique name must meet the
requirements:
Maximum of 30 characters
Contain only alphanumeric or underscore (_)
characters
Begin with an alphabetic character
Unique across the VM cluster. Recommended to be unique
across the tenancy.
If not specified, the system automatically generates a
unique name value, as follows:
<db_name>_<3_chars_unique_string>_<region-name>
Database version: The version of the
database. You can mix database versions on the Exadata DB system.
Database Home: The Oracle Database Home
for the database. Choose the applicable option:
Select an existing Database
Home: The Database Home display name field allows
you to choose the Database Home from the existing homes for the
database version you specified. If no Database Home with that
version exists, you must create a new one.
Create a new Database Home: Use this option to provision a new Database Home for your Data Guard peer database.
Click Change Database Image to use a desired Oracle-published image or a custom database software image that you have created in advance, then select an Image Type:
Oracle Provided Database Software Images:
then you can use the Display all available version switch to choose from all available PSUs and RUs. The most recent release for each major version is indicated with a latest label.
Note
For the Oracle Database major version releases available in Oracle Cloud Infrastructure, images are provided for the current version plus the three most recent older versions (N through N - 3). For example, if an instance is using Oracle Database 19c, and the latest version of 19c offered is 19.8.0.0.0, images available for provisioning are for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and 19.5.0.0.
Custom Database Software Images: These images are created by your organization and contain customized configurations of software updates and patches. Use the Select a compartment, Select a region, and Select a Database version selectors to limit the list of custom database software images to a specific compartment, region, or Oracle Database software major release version.
Region filter defaults to the currently connected region and lists all the software images created in that region. When you choose a different region, the software image list is refreshed to display the software images created in the selected region.
PDB name:(Optional) For Oracle Database 12c (12.1.0.2) and later, you
can specify the name of the pluggable database. The PDB name must begin with
an alphabetic character, and can contain a maximum of eight alphanumeric
characters. The only special character permitted is the underscore ( _).
To avoid potential service name collisions when using
Oracle Net Services to connect to the PDB, ensure that the PDB name is
unique across the entire VM cluster. If you do not provide the name of
the first PDB, then a system-generated name is used.
Create administrator credentials:(Read only) A database administrator SYS user will
be created with the password you supply.
Username: SYS
Password: Supply the password
for this user. The password must meet the following criteria:
A strong password for SYS, SYSTEM, TDE wallet, and
PDB Admin. The password must be 9 to 30 characters and contain
at least two uppercase, two lowercase, two numeric, and two
special characters. The special characters must be _, #, or -.
The password must not contain the username (SYS, SYSTEM, and so
on) or the word "oracle" either in forward or reversed
order and regardless of casing.
Confirm password: Re-enter the
SYS password you specified.
Using a TDE wallet password is optional. If you
are using customer-managed encryption keys stored in a vault in your
tenancy, the TDE wallet password is not applicable to your DB
system. Use Show Advanced Options at the end
of the Create Database dialog to configure
customer-managed keys.
If you are using
customer-managed keys, or if you want to specify a different TDE
wallet password, uncheck the Use the administrator
password for the TDE wallet box. If you are
using customer-managed keys, leave the TDE password fields
blank. To set the TDE wallet password manually, enter a password
in the Enter TDE wallet password field,
and then confirm by entering it into the Confirm TDE
wallet password field.
Configure database backups: Specify
the settings for backing up the database to Autonomous Recovery Service
or Object Storage:
Enable automatic backup: Check the check box
to enable automatic incremental backups for this database. If
you are creating a database in a security zone compartment, you
must enable automatic backups.
Backup Destination: Your choices are
AutonomousRecovery Service or Object Storage.
Backup Scheduling:
Object Storage (L0):
Full backup scheduling day: Choose a day
of the week for the initial and future L0 backups
to start.
Full backup scheduling time (UTC):
Specify the time window when the full backups
start when the automatic backup capability is
selected.
Take the first backup immediately: A
full backup is an operating system backup of all
datafiles and the control file that constitute an
Oracle Database. A full backup should also include
the parameter file(s) associated with the
database. You can take a full database backup when
the database is shut down or while the database is
open. You should not normally take a full backup
after an instance failure or other unusual
circumstances.
If you choose to defer the first full backup
your database may not be recoverable in the event
of a database failure.
Object Storage (L1):
Incremental backup scheduling time (UTC):
Specify the time window when the incremental
backups start when the automatic backup capability
is selected.
Autonomous Recovery Service (L0):
Scheduled day for initial backup: Choose
a day of the week for the initial backup.
Scheduled time for initial backup (UTC):
Select the time window for the initial
backup.
Take the first backup immediately: A
full backup is an operating system backup of all
datafiles and the control file that constitute an
Oracle Database. A full backup should also include
the parameter file(s) associated with the
database. You can take a full database backup when
the database is shut down or while the database is
open. You should not normally take a full backup
after an instance failure or other unusual
circumstances.
If you choose to defer the first full backup
your database may not be recoverable in the event
of a database failure.
Autonomous Recovery Service (L1):
Scheduled time for daily backup (UTC):
Specify the time window when the incremental
backups start when the automatic backup capability
is selected.
Deletion options after database termination: Options that
you can use to retain protected database backups after the
database is terminated. These options can also help restore the
database from backups in case of accidental or malicious damage
to the database.
Retain backups for the period specified in your
protection policy or backup retention period:
Select this option if you want to retain database
backups for the entire period defined in the Object
Storage Backup retention period or Autonomous Recovery
Service protection policy after the database is
terminated.
Retain backups for 72 hours, then delete: Select
this option to retain backups for a period of 72 hours
after you terminate the database.
Backup Retention Period/Protection
Policy: If you choose to enable automatic backups, you
can choose a policy with one of the following preset
retention periods, or a Custom policy.
Object Storage Backup retention period: 7,
15, 30, 45, 60. Default: 30 days. The system automatically
deletes your incremental backups at the end of your chosen
retention period.
Autonomous Recovery Service protection
policy:
Bronze: 14 days
Silver: 35 days
Gold: 65 days
Platinum: 95 days
Custom defined by you
Default: Silver - 35 days
Enable Real-Time Data Protection: Real-time
protection is the continuous transfer of redo changes from a
protected database to Autonomous Recovery Service. This
reduces data loss and provides a recovery point objective (RPO)
near 0. This is an extra cost option.
Click Show Advanced Options to specify advanced options for the
database:
Management:
Oracle SID prefix: The Oracle Database instance number
is automatically added to the SID prefix to create the
INSTANCE_NAME database parameter. The
INSTANCE_NAME parameter is also known as the
SID. The SID is unique across the
cloud VM Cluster. If not specified, SID prefix defaults
to the db_name.
Note
Entering an
SID prefix is only available for Oracle 12.1
databases and above.
The SID prefix must meet the
requirements:
Maximum of 12 characters
Contain only alphanumeric characters. You can, however, use
underscore (_), which is the only special character that is not
restricted by this naming convention.
Begin with an alphabetic character
Unique in the VM cluster
DO NOT use the following reserved names:
grid, ASM
Character set: The character set for the
database. The default is AL32UTF8.
National character set: The national
character set for the database. The default is AL16UTF16.
Encryption:
If you are creating a database in an Exadata Cloud Service
VM Cluster, then you can choose to use encryption based on encryption
keys that you manage. By default, the database is configured using
Oracle-managed encryption keys. To configure the database with
encryption based on encryption keys you manage:
You must use
AES-256 encryption keys for your database.
Choose a Vault.
Select a Master encryption key.
To specify a key version other than the latest version of the
selected key, check Choose the key version
and enter the OCID of the key you want to use in the Key
version OCID field.
Note
The Key version will only be assigned to the container database (CDB),
and not to its pluggable database (PDB). PDB will be assigned an
automatically generated new key version.
Tags: If you have permissions to create a resource, then you also
have permissions to apply free-form tags to that resource. To apply a
defined tag, you must have permissions to use the tag namespace. For more
information about tagging, see Resource Tags . If you are not
sure whether to apply tags, skip this option (you can apply tags later) or
ask your administrator.
Click Create Database.
After database creation is complete, the status changes from
Provisioning to Available, and on the
database details page for the new database, the Encryption
section displays the encryption key name and the encryption key OCID.
WARNING:
Do not delete the
encryption key from the vault. This causes any database protected by the key to become
unavailable.
Learn to manage administrator (SYS user) and TDE wallet
passwords.
Open the navigation menu. Click Oracle Database,
then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment that contains the VM
cluster that hosts the database that you want to change passwords.
Click the name of the VM cluster that contains the database that you want to change
passwords.
In the Resources list of the VM Cluster Details page, click
Databases.
Click the name of the database that you want to change passwords.
The
Database Details page displays information about the
selected database.
On the Database Details page, click More actions, and then
click Manage passwords.
In the resulting Manage passwords dialog, click
Update Administrator Password or Update TDE
Wallet Password.
Depending on the option you select, the system
displays the fields to edit.
Update Administrator Password: Enter the new password in both the New
administrator password and Confirm administrator password fields.
Note
The
Update Administrator Password option will change the sys user
password only. Passwords for other administrator accounts such as
system, pdbadmin, and TDE wallet will not be changed.
Update TDE Wallet Password: Enter the current wallet password in the
Enter existing TDE wallet password field, and
then enter the new password in both the New TDE wallet
password and Confirm TDE wallet
password fields.
To view the details of a Protected Database, use this procedure.
Open the navigation menu. Click Oracle Database,
then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (The New Exadata Cloud
Infrastructure Resource Model): Under Exadata at Oracle Cloud,
click Exadata VM Clusters.
In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems: Under Oracle Base Database, click
DB Systems.
In the list of DB systems, find the Exadata DB
system you want to access, and then click its name to display details about
it.
On the cloud VM cluster or DB system details page, in the
Databases table, click the name of the database to display the Database
Details page.The Backup section displays the state of the automatic backups.
If the Autonomous Recovery Service is the destination, a link will be available
which includes additional details. You can also check if Real-time Data Protection
is enabled or disabled. Click the Autonomous Recovery Service link to be
taken to the page containing the Protected Database details.For more information
about Protected Databases, see Viewing Protected Database Details.
When you create a database from a backup, the availability domain is the
same as the availability domain that hosts the backup or a different one within the
same region.
The Oracle Database software version you specify must be the same or later version
as that of the backed-up database.
If you are creating a database from an automatic backup, then you can choose any level 0 weekly backup, or a level 1 incremental backup created after the most recent level 0 backup. For more information on automatic backups, see To configure automatic backups for a database
If the backup being used to create a database is in a security zone compartment, the database cannot be created in a compartment that is not in a security zone. See the Security Zone Policies topic for a full list of policies that affect Database service resources.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to a backup.
Standalone backups: Click Standalone Backups
under Oracle Exadata Database
Service on Dedicated Infrastructure.
Automatic backups: Navigate to the Database Details
page of the database associated with the backup:
Cloud VM clusters (new resource
model): Under Oracle Exadata Database
Service on Dedicated Infrastructure, click Exadata VM
Clusters. In the list of VM clusters, find the VM cluster
you want to access and click its highlighted name to view the
details page for the cluster.
DB systems:
Under Exadata at Oracle Cloud, click DB Systems. In
the list of DB systems, find the Exadata DB system you want to
access, and then click its name to display details about it.
Click the name of the database associated with the backup
that you will use to create the new database. Locate the backup in the
list of backups on the Database Details page.
Click the Actions icon (three dots) for the backup you chose.
Click Create Database. On the Create Database from Backup page,
configure the database as follows.
In the Provide basic information for the Exadata infrastructure section:
Select a region: The target region where you want to create the database.
Select an availability domain: It could be the same as
the availability domain that hosts the backup or a different one within the
same region
Select Exadata infrastructure: Select an Exadata infrastructure from
the chosen compartment. Click the Change Compartment hyperlink to
choose a different compartment.
In the Configure your DB system section:
Backups created in cloud VM clusters: Choose a cloud VM
cluster to run the database from the Select a VM cluster drop-down
list.
Backups created in DB systems: Choose a shape from the
Select a shape drop-down list, then choose a DB system to run the
database from the Select a DB system drop-down list.
In the Configure Database Home section:
Select an existing Database Home: If you choose this
option, make a selection from the Select a Database Home drop-down
list.
Note
You can not
create a database from backup in the same Database Home where the source
database exists.
Create a new Database home: If you choose this option,
enter a name for the new Database Home in the Database Home display
name field. Click Change Database Image to select a database
software image for the new Database Home. In the Select a Database
Software Image panel, do the following:
Select the compartment containing the database software
image you want to use to create the new Database Home.
Select the region containing the database software image you want to use to create the new Database Home. Region filter defaults to the currently connected region and lists all the software images created in that region. When you choose a different region, the software image list is refreshed to display the software images created in the selected region.
Select the Oracle Database software version that the
new Database Home will use, then choose an image from the list of
available images for your selected software version.
Note
Database
restore operations for Databases of 12.2.0.1 and earlier are not
allowed at this time.
Click Select.
In the Configure database section:
Note
You cannot modify the
db_name, db_unique_name , and SID prefix
after creating the database.
In the Database name field, name the database or accept
the default name. The database name must meet the requirements:
Maximum of 8 characters
Contain only alphanumeric characters
Begin with an alphabetic character
Cannot be part of first 8 characters of a different
database's db_unique_name on the VM cluster
DO NOT use the following reserved names: grid, ASM
Database unique name: Specify a value for the
DB_UNIQUE_NAME database parameter. The unique name must
meet the requirements:
Maximum of 30 characters
Contain only alphanumeric or underscore (_)
characters
Begin with an alphabetic character
Unique across the VM cluster. Recommended to be unique
across the tenancy.
If not specified, the system automatically generates a
unique name value, as follows:
<db_name>_<3_chars_unique_string>_<region-name>
Administrator username: This read-only field displays
the username for the administrator, "sys".
In the Password and Confirm password fields, enter
and re-enter a password.
A strong password for SYS
administrator must be 9 to 30 characters and contain at least two
uppercase, two lowercase, two numeric, and two special characters. The
special characters must be _, #, or -. The password must not contain the
user name (SYS, SYSTEM, and so on) or the word "oracle" either in
forward or reverse order and regardless of casing.
In the Enter the source database's TDE wallet or RMAN password
field, enter a password that matches either the Transparent Data Encryption (TDE)
wallet password or RMAN password for the source database.
Click Show Advanced Options to specify advanced options for the
database:
Management
Oracle SID prefix: This
option is in the Management tab. The Oracle Database instance
number is automatically added to the SID prefix to create the
INSTANCE_NAME database parameter. If not provided,
then the SID prefix defaults to the first twelve characters of the
db_name.
Note
Entering an SID
prefix is only available for Oracle 12.1 databases and above.
The SID prefix must meet the requirements:
Maximum of 12 characters
Contain only alphanumeric characters
Begin with an alphabetic character
Unique in the VM cluster
DO NOT use the following reserved names: grid, ASM
Click Create Database.
Click the Exadata cloud VM cluster or DB system name that contains
the specific database to display the details page.
From the list of databases, click the database name associated with
the backup you want to use to display a list of backups on the database details
page. You can also access the list of backups for a database by clicking
Backups in the Resources section.
Click Standalone Backups under Oracle Exadata Database Service
on Dedicated Infrastructure.
In the list of standalone backups, find the backup you want to use
to create the database.
When you create a database from a backup, the availability domain is
the same as the availability domain that hosts the backup or a different one
within the same region.
The Oracle Database software version you specify must be the same or later
version as that of the backed-up database.
If the backup being used to create a database is in a security zone compartment,
the database cannot be created in a compartment that is not in a security zone.
See the Security Zone Policies topic for a
full list of policies that affect Database service resources.
Open the navigation menu. Click Oracle Database, then
click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment.
Navigate to the cloud VM cluster that contains the source database you are
using to create the new database:
Cloud VM clusters (new resource model) Under Oracle Exadata Database
Service on Dedicated Infrastructure, click Exadata
VM Clusters. In the list of VM clusters, find the VM cluster
you want to access and click its highlighted name to view the details page
for the cluster.
DB systems Under Bare Metal, VM, and
Exadata, click DB Systems. In the
list of DB systems, find the Exadata DB system you want to access, and then
click its name to display details about it.
Under Databases, click the name of the database you are using as the
source for the new database.
On the Database Details page, click Create Database from Last
Backup.
In the Provide basic information for the Exadata infrastructure
section:
Select a region: The target region where you want to create the database.
Select an availability domain: It could be the same as the
availability domain that hosts the backup or a different one within the
same region.
Select Exadata infrastructure: Select an Exadata infrastructure
from the chosen compartment. Click the Change Compartment
hyperlink to choose a different compartment.
On the Create Database from Backup page, configure the database as
follows.
In the Configure your DB system section: Backups created in cloud VM
clusters: Choose a cloud VM cluster to run the database from the
Select a VM cluster drop-down list.
Backups created in cloud VM clusters: Choose a cloud VM cluster
to run the database from the Select a VM cluster drop-down
list.
Backups created in DB systems: Choose a shape from the Select
a shape drop-down list, then choose a DB system to run the database
from the Select a DB system drop-down list.
In the Configure Database Home section:
Select an existing Database Home: If you choose this option, make
a selection from the Select a Database Home drop-down list.
Create a new Database home: If you choose this option, enter a
name for the new Database Home in the Database Home display name
field. Click Change Database Image to select a database software
image for the new Database Home. In the Select a Database Software
Image panel, do the following:
Select the compartment containing the database software image you
want to use to create the new Database Home.
Select the Oracle Database software version that the new Database
Home will use, then choose an image from the list of available
images for your selected software version.
Click Select.
In the Configure database section:
Note
You cannot modify the
db_name, db_unique_name, and SID
prefix after creating the database.
Database name: The name for the database. The database name
must meet the requirements:
Maximum of 8 characters
Contain only alphanumeric characters
Begin with an alphabetic character
Cannot be part of first 8 characters of a DB_UNIQUE_NAME on the
VM cluster
DO NOT use the following reserved names: grid, ASM
Database unique name: Optionally, specify a value for the
DB_UNIQUE_NAME database parameter. The value is
case insensitive.
The unique name must meet the requirements:
Maximum of 30 characters
Contain only alphanumeric or underscore (_) characters
Begin with an alphabetic character
Unique across the VM cluster. Recommended to be unique across
the tenancy.
If not specified, the system automatically generates a unique name
value, as follows:
<db_name>_<3_chars_unique_string>_<region-name>
Administrator username: This read-only field displays
the username for the administrator, "sys".
In the Password and Confirm password fields,
enter and re-enter a password.
A strong password for SYS
administrator must be 9 to 30 characters and contain at least two
uppercase, two lowercase, two numeric, and two special characters.
The special characters must be _, #, or -. The password must not
contain the user name (SYS, SYSTEM, and so on) or the word "oracle"
either in forward or reverse order and regardless of
casing.
In the Enter the source database's TDE wallet or RMAN password field,
enter a password that matches either the Transparent Data Encryption (TDE)
wallet password or RMAN password for the source database.
Click Show Advanced Options to specify advanced options for the
database.
Management
Oracle SID prefix:
The Oracle Database instance number is automatically added to the SID
prefix to create the INSTANCE_NAME database parameter. he INSTANCE_NAME
parameter is also known as the SID. The SID is unique across the cloud
VM cluster. If not specified, SID prefix defaults to the first 12
characters of the db_name.
Note
Entering an SID
prefix is only available for Oracle 12.1 databases and above.
The SID prefix must meet the requirements:
Maximum of 12 characters
Contain only alphanumeric characters
Begin with an alphabetic character
Unique in the VM cluster
DO NOT use the following reserved names: grid,
ASM
This task explains how to patch a single Oracle Database in your Exadata Cloud Infrastructure instance by moving it to another
Database Home.
You can move a database to any Database Home that meets at either of the following
criteria:
The target Database Home uses the same Oracle Database software version (including
patch updates) as the source Database Home
The target Database Home is based on either the latest version of the Oracle
Database software release used by the database, or one of the three prior versions
of the release
Moving a database to a new Database Home brings the database up to the patch
level of the target Database Home. For information on patching Database Homes, see Database Home Patching and .
Open the navigation menu. Click Oracle Database,
then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment.
Navigate to the database you want to move.:
Cloud VM clusters ( The New Exadata Cloud Infrastructure Resource Model ): Under Oracle Exadata Database
Service on Dedicated Infrastructure, click Exadata VM
Clusters. In the list of VM clusters, click the name of the VM
cluster that contains the database you wan to move.
DB systems: Under Bare Metal, VM, and
Exadata, click DB Systems. In the list of DB
systems, find you want to access, and then click the name of the Exadata DB
system that contains the database you want to move..
Click More Actions, then click Move to Another
Home.
Select the target Database Home.
Click Move Database.
Confirm the move operation.
The database is moved in a rolling fashion. The database instance
will be stopped, node by node, in the current home and then restarted in the
destination home. While the database is being moved, the Database Home status
displays as Moving Databse. When the operation completes,
Database Home is updated with the current home. Datapatch is executed
automatically, as part of the database move, to complete post-patch SQL actions
for all patches, including one-offs, on the new Database Home. If the database
move operation is unsuccessful, then the status of the database displays as
Failed, and the Database Home field provides information
about the reason for the failure.
You'll get the chance to back up the database prior to terminating it. This creates a
standalone backup that can be used to create a database later. We recommend that you
create this final backup for any production (non-test) database.
Note
Terminating a database removes all automatic incremental backups of the database
from Oracle Cloud Infrastructure Object Storage. However, all full backups that were
created on demand, including your final backup, will persist as standalone
backups.
You cannot terminate a database that is assuming the primary role in a Data Guard
association. To terminate it, you can switch it over to the standby role.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (The New Exadata Cloud Infrastructure Resource
Model): Under Oracle Exadata Database
Service on Dedicated Infrastructure, click
Exadata VM Clusters. In the list of VM clusters, find
the VM cluster you want to access and click its highlighted name to view the
details page for the cluster.
DB systems:
Under Oracle Base Database, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details
page, in the Databases table, click the name of the database to display the Database
Details page.
Click More Actions, and then click Terminate.
For the
database using Oracle Cloud Infrastructure Object Storage or Oracle Database
Autonomous Recovery Service: In the confirmation dialog,
Review the message about the backup retention policy.
Configure automatic backups as needed.
Type the name of the database to confirm the termination
Click Terminate Database.
The database's status
indicates Terminating.
Note
The database stays in a terminated state with
backups listed until all backups are expired.
Use this procedure to rotate the Vault encryption key or or change the
encryption management configuration.
After you provision a database in an Exadata DB system or cloud VM cluster, you can
rotate the Vault encryption key or change the encryption management configuration for
that database.
Note
To ensure that your Exadata database uses the most current version of the Vault
encryption key, rotate the key from the database details page on the Oracle
Cloud Infrastructure Console. Do not use the Vault service.
You can rotate Vault encryption keys only on databases that are configured with
customer-managed keys.
You can change encryption key management from Oracle-managed keys to
customer-managed keys but you cannot change from customer-managed keys to
Oracle-managed keys.
Oracle supports administering encryption keys on databases after Oracle Database
11g release 2 (11.2.0.4).
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure
Choose your compartment from the Compartment drop-down.
Navigate to the cloud VM cluster that contains the database for which
you want to change encryption management or to rotate a key.
Cloud
VM clusters: Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, locate the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
In the Databases section, click the name of the database for which you want
to change encryption management or to rotate a key to display its details page.
Click the More Actions drop-down.
Click Manage encryption key.
To rotate an encryption key on a database using customer-managed keys:
Note
Generate a new master encryption key version. Only the CDB root key version is changed or rotated to a new one. It doesn't generate a new key version for the dependent PDBs. Rotate customer-managed keys periodically to comply with security compliance and regulatory mandates.
Click Rotate Encryption Key to display a confirmation dialog.
Click Update.
To assign a new key version:
Assign a new key version (BYOK) to CDB while creating or after provisioning it.
Click Assign a new key version.
In the Key version OCID field, enter the OCID of the new key version you want to assign.
Click Update.
To copy the Key version OCID:
Find the Vault and the Key details on the Key Details page (Key Management & Secret Management >> Vault >> <Vault> >> Key Details) by searching with the KMS key OCID provided in the CDB details page.
Copy the OCID and paste it in the Key version OCID field.
To change key management type from Oracle-managed keys to customer-managed keys:
Click Change Key Management Type.
Select Use customer-managed keys.
You must have a valid encryption key in Oracle Cloud Infrastructure Vault service and provide the information in the subsequent steps. See Key and Secret Management Concepts.
Choose a vault from the Vault in compartment drop-down. You can change the compartment by clicking the Change Compartment link.
Select an encryption key from the Master encryption key in compartment drop-down. You can change the compartment containing the encryption key you want to use by clicking the Change Compartment link.
If you want to use an encryption key that you import into your vault, then select the Choose the key version check box and enter the OCID of the key you want to use in the Key version OCID field.
Note
If you do not choose a version, the latest version of the key is used.
Click Update.
Note
Changing key management causes the database to become briefly unavailable.
Caution:
After changing key
management to customer-managed keys, do not delete the encryption key from the vault
as this can cause the database to become unavailable.
On the database details page for this database, the Encryption section displays
the encryption key name and the encryption key OCID.
When GI version is 19.17 then creating a database against 11.2.0.4 Oracle home with
patchsets July ’22 RU or older will fail with error mentioned in bug#28326679
Example:
ERROR : rac stopdb, failed to stop db viacmd export
ORACLE_HOME=/u02/app/oracle/product/11.2.0/dbhome_1
;/u02/app/oracle/product/11.2.0/dbhome_1/bin/srvctl stop database -d db008077-o
immediate, out : PRCD-1120 : The resource for database db008077 could notbe found.
PRCR-1001 : Resource ora.db008077.db does not exist, err :1 }
Solution:
Option 1: (Create new oracle home with Custom Image):
Create custom image for 11.2.0.4 with patchsets July ’22 RU or older along
with bug#28326679 one off
Create Oracle home using above customer image
Create database against the home
Option 2 (Apply one-off to existing Oracle home) :
Download the patch for bug#28326679
Apply the patch using opatch
Applicability:
For ExaCS and ExaCC-Gen2, Both options given above will work.
For ExaCC – Gen1, Option 2 (Apply one-off to existing Oracle home) will
work.
You can create and manage pluggable databases (PDBs) in Exadata Cloud Infrastructure using the Console and
APIs.
In this documentation, "database" refers to a container database, also called a CDB.
For more information on these resource types, see Multitenant Architecture in the
Oracle Database documentation. See Provisioning and Managing Exadata Databases for information on container databases in Exadata Cloud Infrastructure.
Oracle 19c or later databases created in Exadata Cloud Infrastructure include an initial PDB that you can access from the
Database Details page in the Console. You can create and manage additional PDBs in the
database using the Console or APIs.
Backup
You can take a backup of the PDB optionally during create, clone, or
relocate operations when the CDB is configured with the auto-backup feature. The
PDB backup destination will always be the same as CDB, and the backups cannot be
accessed directly or created on demand. Oracle recommends immediately backing up
the PDB after you create or clone it. This is because the PDB will not be
recoverable until the next daily auto-backup completes successfully, leading to
a possible data loss.
Restore
Base Database Service / Oracle Exadata Database Service on Dedicated
Infrastructure:
In place restore: You can restore a PDB within the same CDB
to last known good state or to a specified timestamp.
Out of place restore: You can restore a PDB by creating a
database (CDB) from the backup, then selecting a PDB or a subset of
them you want to restore on the new database.
Oracle Exadata Database Service on Cloud@Customer:
In place restore: You can restore a PDB within the same CDB
to last known good state and specified timestamp.
Out of place restore: It's not available.
You can perform an in-place restore when you want to move a PDB back
to a specified state or time. Both the CDB and PDB must be up and
running and only one PDB can be restored at a time.
If you have multiple PDBs in your CDB and want to restore multiple
of them to the same CDB, then you could restore each individual PDB,
one PDB at a time, from the CDB backup.
When the CDB is down, you could restore the complete CDB and all the
PDBs in that CDB will also be restored.
You could either restore the database to the specified timestamp or
to its last known good state.
Relocate
You can relocate a PDB from one CDB to another CDB within the same
availability domain (AD):
Across compartments, VM clusters, DB system (for BaseDB
only), or VCNs (not applicable to ExaDB-C@C). If two different VCNs are
used, then both VCNs must be peered before relocating.
To the same or a higher database version.
During relocate, the PDB will be removed from the source CDB and
moved to the destination CDB that is up and running. In a Data Guard
association, a PDB relocated to the primary will be synchronized with the
standby as well.
Clone
A clone is an independent and complete copy of the given database as
it existed at the time of the cloning operation. You can create clones of your
PDB within the same CDB or a different CDB and refresh the cloned PDB.
The
following types of clones are supported:
Local clone: A copy of the PDB is created within the same
CDB.
Remote clone: A copy of the PDB is created in a different
CDB.
You can perform a remote clone of a PDB from one CDB to another CDB
within the same availability domain (AD):
Across compartments, VM clusters, DB system (for BaseDB
only), or VCNs (not applicable to ExaDB-C@C). If two different VCNs are
used, then both VCNs must be peered before cloning.
To the same or a higher database version.
Refreshable clone: A copy of the PDB is created in a different CDB,
and you will be able to refresh the cloned PDB.
You can perform a
refreshable clone of a PDB from one CDB to another CDB within the same
availability domain (AD):
Across compartments, VM clusters, DB system (for
BaseDB only), or VCNs (not applicable to ExaDB-C@C). If two
different VCNs are used, then both VCNs must be peered before
cloning.
To the same or a higher database version.
Refreshable Clone
A refreshable clone enables you to keep your remote clone
updated with the source PDB. You can only refresh while the PDB is in mount
mode. The only open mode you can have is read-only and refresh cannot be done
while it is in read-only mode.
A database link user credential is required for creating a refreshable
clone.
Clone, relocate, and in-place restore operations are not supported in
the refreshable clone. Relocate and in-place restore operations are not
supported in the source, and the source can only be deleted after
disconnecting or deleting the refreshable clone.
In a Data Guard association, a refreshable clone cannot be created on
standby, but it can be created on the primary. However, the primary will
not be synced to the standby.
Note
A PDB in standby cannot be used as
the source for a refreshable PDB.
Convert Refreshable PDB to Regular PDB
You can convert a refreshable PDB to
a regular PDB by disconnecting the refreshable clone (destination PDB) from the
source PDB at any time. If the refresh PDB is in a Data Guard association, when
it is converted to a regular PDB the PDB will be synced to the standby as part
of the conversion process.
Open Modes
On the Console, you can see the open modes of a PDB, such as
read-write, read-only, and mounted. If the PDB status is the same across all
nodes, the system displays the same status for all PDBs. If the PDB statuses are
different across the nodes, the system displays a message indicating on which
nodes the PDBs are opened in read-write mode. You cannot change the open mode of
a PDB through the API or Console. However, you can start or stop a PDB. Starting
the PDB will start it in read-write mode. Stopping the PDB will close it and it
will remain in mount mode.
New PDBs created with SQL are not immediately discovered by OCI's control plane and
displayed in the Console. However, OCI does perform a sync operation on a regular
basis to discover manually-created PDBs, and they should be visible in the Console
and with API-based tools within 45 minutes of creation. Oracle recommends using the
Console or API-based tools (including the OCI CLI , SDKs, and Terraform) to create
PDBs.
Pluggable database operations are supported only for databases using Oracle Database
19c and later.
You can create a pluggable database (PDB) in Exadata Cloud Service from the OCI Console,
or with the APIs and API-based tools (the OCI CLI, SDKs, and Terraform). PDBs must be created one
at a time. During the PDB create operation, the parent database (CDB) is in the
"Updating" state. Creating a new PDB has no impact on existing PDBs in the database.
Creating a pluggable database (PDB) is not supported for databases using Data Guard.
If the databases are created directly on Guest VM, the attributed usage data would be delayed.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new
resource model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
On the Database Details page, click Pluggable Databases in the
Resources section of the page.
Click Create Pluggable Database.
In the Create Pluggable Database dialog, enter the following:
PDB Name: Enter a name for the PDB. The name must begin with an
alphabetic character and can contain a maximum of 30 alphanumeric
characters. Note: For bare metal DB systems, you cannot have two PDBs in the
same database that use the same PDB name. You can use the same name for PDBs
in different databases within the same DB system.
Unlock my PDB Admin account: Optional. Select this option to
specify a PDB Admin password and configure the PDB to be unlocked at
creation.
PDB Admin password: If you clicked Unlock my PDB Admin
account, create and enter a PDB admin password. The password must
contain:
A minimum of 9 and a maximum of 30 characters
At least two uppercase characters
At least two lowercase characters
At least two special characters. The valid special characters are:
underscore ( _ ), a hash sign (#), and a dash (-). You can use two
of the same characters or any combination of two of the same
characters.
At least two numeric characters (0 - 9)
Confirm PDB Admin password: Reenter the PDB admin password.
TDE wallet password: Applicable only to databases using
Oracle-managed encryption keys. Enter the TDE wallet password for
the parent CDB.
Take a backup of the PDB immediately after creating it: You must
enable auto-backup on the CDB to back up a PDB immediately after creating
it. This check box is checked by default if auto-backup was enabled on the
CDB.
Note
If the check box is unchecked, the system displays a warning
stating that PDB cannot be recovered until the next daily backup has
been successfully completed.
Click Create Pluggable Database.
WHAT NEXT?
After creating your PDB, you can get connection strings for the administrative
service using the OCI Console.
Using the console to relocate a pluggable
database 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new
resource model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
On the Database Details page, click Pluggable Databases in the
Resources section of the page.
Click the name of the PDB that you want to relocate.
From the
Pluggable Database details page, click More Actions, and then select
Relocate.
(or)
Click the Actions menu (three dots) and
select Relocate.
In the resulting Relocate Pluggable Database window, enter the following:
VM Cluster: Use the menu to select the destination VM cluster.
Destination database: Use the menu to select an existing database
where the PDB will be created. This database can be of the same version as
the CDB the source PDB is in or of a higher version.
New PDB name for the clone: The name must begin with an alphabetic
character and can contain up to 30 characters. To keep the PDB name the
same, just re-enter the source PDB name.
Database TDE wallet password: Enter the TDE wallet password for the
parent CDB of the source PDB.
Unlock my PDB Admin Account:
To enter the administrator's password, check this check box.
PDB Admin Password: Enter PDB admin password. The
password must contain:
a minimum of 9 and a maximum of 30 characters
at least two uppercase characters
at least two lowercase characters
at least two special characters. The valid special
characters are underscore ( _ ), a pound or hash
sign (#), and dash (-). You can use two of the same
characters or any combination of two of the same
characters.
at least two numeric characters (0 - 9)
Confirm PDB Admin Password: Enter the same PDB Admin
password in the confirmation field.
To skip entering the administrator's password, uncheck this check
box. If you uncheck this check box, then the PDB is created but you
cannot use it. To use the PDB, you must reset the administrator
password.
Note
When you create a new PDB, a local user in the
PDB is created as the administrator and granted the
PDB_DBA role locally to the
administrator.
To reset the password:
Connect to the container where your PDB exists using the
SQL*Plus CONNECT
statement.
SQL> show con_name;
CON_NAME
------------------------
CDB$ROOT
For
more information, see Administering a
CDB and Administering PDBs in
the Oracle® Multitenant Administrator’s
Guide.
Find the administrator name of your
PDB:
SQL> select grantee from cdb_role_privs where con_id = (select con_id from cdb_pdbs where pdb_name = '<PDB_NAME>') and granted_role = 'PDB_DBA';
Switch into your
PDB:
SQL> alter session set container=<PDB_NAME>;
Session altered.
SQL> show con_name;
CON_NAME
------------------------
<PDB_NAME>
Reset the PDB administrator
password:
SQL> alter user <PDB_Admin> identified by <PASSWORD>;
User altered.
Source database SYS password: Enter the database admin password.
Database link: Enter the user name and password for the database
link. Note that the user must be precreated in the source database. The DB
link will be created in the destination using that username and
password.
Take a backup of the PDB immediately after creating it: You must
enable auto-backup on the CDB to back up a PDB immediately after creating
it. This check box is checked by default if auto-backup was enabled on the
CDB.
Note
If the checkbox is unchecked, the system displays a warning
stating that PDB cannot be recovered until the next daily backup has
been successfully completed.
Advanced Options:
Tags: Optionally, you can apply tags. If you
have permission to create a resource, you also have permission to
apply free-form tags to that resource. To apply a defined tag, you
must have permission to use the tag namespace. For more information
about tagging, see Resource Tags. If you
are not sure if you should apply tags, skip this option (you can
apply tags later) or ask your administrator.
Click Relocate pluggable database.
Note
Relocate will incur downtime during
the process and that the time required is based on the size of the
PDB.
The PDB must be available and stopped to use this procedure.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find
the Exadata DB system you want to access, and then click its name to display
details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB) you want to
start. Click the PDB name to display details about it.
Click Start.
In the Start PDB dialog, click Start PDB to confirm the start
operation.
The PDB must be available and running
(started) to use this procedure.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find
the Exadata DB system you want to access, and then click its name to display
details about it.
On the cloud VM cluster or DB system details page, in the
Databases table, click the name of the database to display the
Database Details page.
Click Pluggable Databases in the Resources section of the
page.
In the list of pluggable databases, find the pluggable database (PDB)
you want to stop. Click the PDB name to display details about it.
Click Start.
In the Stop PDB dialog, click Stop PDB to confirm the stop
operation.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want. In the list of VM clusters, find the VM cluster you want to
access and click its highlighted name to view the details page for the
cluster.
DB systems Under
Bare Metal, VM, and Exadata, click DB Systems. In the list of
DB systems, find the Exadata DB system you want to access, and then click its
name to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB) you want to
delete. Click the PDB name to display details about it.
Click More Actions, then choose Delete.
In the Delete PDB dialog box, enter the name of the PDB that you want to
delete to confirm the action, then click Delete PDB.
To get connection strings for a pluggable
database 🔗
Note
This topic explains how to get connection strings for the administrative service of a
PDB. Oracle recommends that you connect applications to an application service, using
strings created for the application service.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters
(new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under
Bare Metal, VM, and Exadata, click DB Systems. In the list of
DB systems, find the Exadata DB system you want to access, and then click its
name to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the PDB, and then click its name to display
details about it.
Click PDB Connection.
In the Pluggable Database Connection dialog, use the Show and
Copy links to display and copy connection strings, as needed.
Use this procedure to rotate the Vault encryption key or assign a new key version.
Note
Rotate Key is blocked on standby when KMS is configured in the current database. Also, you cannot change or update the encryption type once it is configured to KMS.
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
Choose your compartment from the Compartment drop-down.
Navigate to the cloud VM cluster that contains the database for which you want to change encryption management or to rotate a key.
Cloud VM clusters: Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, locate the VM cluster you want to access and click its highlighted name to view the details page for the cluster.
In the Databases section, click the name of the database in which the pluggable database you want to change encryption management or to rotate a key exists.
Click the name of the database to view its details.
Under Resources, click Pluggable Databases.
From the list, click the name of a PDB to view its details.
Click Manage encryption key.
To rotate an encryption key on a database using customer-managed keys:
Note: Generate a new master encryption key version. Only the CDB root key version is changed or rotated to a new one. It doesn't generate a new key version for the dependent PDBs. Rotate customer-managed keys periodically to comply with security compliance and regulatory mandates. The rotation involves stopping and restarting the database.
Click Rotate Encryption Key.
Click Update.
To assign a new key version:
Assign a new key version (BYOK) to CDB while creating or after provisioning it.
a. Click Assign a new key version.
b. In the Key version OCID field, enter the OCID of the new key version you want to assign.
c. Click Update.
To copy the Key version OCID:
a. Find the Vault and the Key details on the Key Details page (Key Management & Secret Management >> Vault >> <Vault> >> Key Details) by searching with the KMS key OCID provided in the PDB details page.
b. Copy the OCID and paste it in the Key version OCID field.
You can create local, remote, and refreshable clones.
A clone is an independent and complete copy of the given database as it existed
at the time of the cloning operation. You can create clones of your PDB
within the same CDB or a different CDB and also refresh the cloned PDB.
Note
When cloning a PDB from 19c to 23ai, the cloned PDB is automatically upgraded to 23ai. For example, if you use refreshable clones to clone to 23ai and then convert it to regular PDB, all necessary upgrade steps are automatically handled, converting the refreshable clone into a fully upgraded 23ai PDB.
The following types of clones are supported:
Local clone: A clone of the PDB is created within the same
CDB.
Remote clone: A clone of the PDB is created in a different
CDB.
Refreshable clone: A clone of the PDB is created in a different
CDB, and you will be able to refresh the cloned PDB.
Using the Console to Create a Local Clone of a
Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB) you want to
clone, and then click its name to display details about it.
Click Clone.
In the Clone PDB dialog box, enter the following:
Select clone type: Select Local clone to create a copy of the
source PDB to the same CDB.
Exadata VM Cluster: Use the menu to select the cloud VM
cluster of the target database.
Note
The target VM Cluster may be on a
different Exadata infrastructure.
Destination database: This field is disabled.
PDB name: Provide a name for the new cloned PDB. The name must begin
with an alphabetic character and can contain up to 30 characters.
Database TDE wallet password: Not applicable for databases using
customer-managed keys from the Vault service. Enter the TDE wallet
password for the parent database (CDB) of the source PDB.
Unlock my PDB Admin account: Optional. Select this option to
specify a PDB Admin password and configure the PDB to be unlocked at
creation.
PDB Admin password: Create and enter a new PDB Admin password. The
password must contain:
9–30 characters
At least two uppercase characters
At least two lowercase characters
At least two special characters. The valid special characters are:
underscore ( _ ), a hash sign (#), and a dash (-). You can use two
of the same characters or any combination of two of these
characters.
At least two numeric characters (0-9)
Confirm PDB Admin password: Enter the PDB Admin password again to
confirm.
Take a backup of the PDB immediately after creating it: You must
enable auto-backup on the CDB to back up a PDB immediately after creating
it. This check box is checked by default if auto-backup was enabled on the
CDB.
Note
If the checkbox is unchecked, the system displays a warning
stating that PDB cannot be recovered until the next daily backup has
been successfully completed.
Advanced Options:
Tags: Optionally, you can apply tags. If you have permission
to create a resource, you also have permission to apply free-form
tags to that resource. To apply a defined tag, you must have
permission to use the tag namespace. For more information about
tagging, see Resource Tags. If you are not sure if you should apply
tags, skip this option (you can apply tags later) or ask your
administrator.
Using the Console to Create a Remote Clone of
a Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB) you want to
clone, and then click its name to display details about it.
Click Clone.
In the Clone PDB dialog box, enter the following:
Select clone type: Select Remote clone to create
a copy of the source PDB to the same CDB.
Exadata VM Cluster: Use the menu to select the cloud VM
cluster of the target database.
Note
The target VM Cluster may be on a
different Exadata infrastructure.
Destination database: Use the menu to select an existing
database where the PDB will be created. This database can be of the same
version as the CDB the source PDB is in or of a higher version.
PDB name: Provide a name for the new cloned PDB. The name must begin
with an alphabetic character and can contain up to 30 characters.
Database TDE wallet password: Not applicable for databases using
customer-managed keys from the Vault service. Enter the TDE wallet
password for the parent database (CDB) of the source PDB.
Unlock my PDB Admin account: Optional. Select this option to
specify a PDB Admin password and configure the PDB to be unlocked at
creation.
PDB Admin password: Create and enter a new PDB Admin password. The
password must contain:
9–30 characters
At least two uppercase characters
At least two lowercase characters
At least two special characters. The valid special characters are:
underscore ( _ ), a hash sign (#), and a dash (-). You can use two
of the same characters or any combination of two of these
characters.
At least two numeric characters (0-9)
Confirm PDB Admin password: Enter the PDB Admin password again to
confirm.
Database link: Enter the user name and password for the database link.
Note that the user must be precreated in the source database. The DB link
will be created in the destination using that username and password.
Take a backup of the PDB immediately after creating it: You must
enable auto-backup on the CDB to back up a PDB immediately after creating
it. This check box is checked by default if auto-backup was enabled on the
CDB.
Note
If the checkbox is unchecked, the system displays a warning
stating that PDB cannot be recovered until the next daily backup has
been successfully completed.
Advanced Options:
Tags: Optionally, you can apply tags. If you have permission
to create a resource, you also have permission to apply free-form
tags to that resource. To apply a defined tag, you must have
permission to use the tag namespace. For more information about
tagging, see Resource Tags. If you are not sure if you should apply
tags, skip this option (you can apply tags later) or ask your
administrator.
Using the Console to Create a Refreshable
Clone of a Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB) you want to
clone, and then click its name to display details about it.
Click Clone.
In the Clone PDB dialog box, enter the following:
Select clone type: Select Refreshable clone to create a
copy of the source PDB to the same CDB.
Exadata VM Cluster: Use the menu to select the cloud VM
cluster of the target database.
Note
The target VM Cluster may be on a
different Exadata infrastructure.
Destination database: Use the menu to select an existing
database where the PDB will be created. This database can be of the same
version as the CDB the source PDB is in or of a higher version.
PDB name: Provide a name for the new cloned PDB. The name must begin
with an alphabetic character and can contain up to 30 characters.
Database TDE wallet password: Not applicable for databases using
customer-managed keys from the Vault service. Enter the TDE wallet
password for the parent database (CDB) of the source PDB.
Unlock my PDB Admin account: Optional. Select this option to
specify a PDB Admin password and configure the PDB to be unlocked at
creation.
PDB Admin password: Create and enter a new PDB Admin password. The
password must contain:
9–30 characters
At least two uppercase characters
At least two lowercase characters
At least two special characters. The valid special characters are:
underscore ( _ ), a hash sign (#), and a dash (-). You can use two
of the same characters or any combination of two of these
characters.
At least two numeric characters (0-9)
Confirm PDB Admin password: Enter the PDB Admin password again to
confirm.
Database link: Enter the user name and password for the database link.
Note that the user must be precreated in the source database. The DB link
will be created in the destination using that username and password.
Take a backup of the PDB immediately after creating it: You must
enable auto-backup on the CDB to back up a PDB immediately after creating
it. This check box is checked by default if auto-backup was enabled on the
CDB.
Note
If the checkbox is unchecked, the system displays a warning
stating that PDB cannot be recovered until the next daily backup has
been successfully completed.
Advanced Options:
Tags: Optionally, you can apply tags. If you have permission
to create a resource, you also have permission to apply free-form
tags to that resource. To apply a defined tag, you must have
permission to use the tag namespace. For more information about
tagging, see Resource Tags. If you are not sure if you should apply
tags, skip this option (you can apply tags later) or ask your
administrator.
Using the Console to Refresh a Cloned
Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the
Databases table, click the name of the database to display the
Database Details page.
Click Pluggable Databases in the Resources section of the
page.
In the list of pluggable databases, find the pluggable database (PDB)
you want to refresh, and then click its name to display details about it.
Click More Actions and select Refresh.
In the resulting Refresh dialog box, click Refresh to confirm.
Using the Console to Convert a Refreshable
Clone to a Regular Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the Databases table,
click the name of the database to display the Database Details page.
Click Pluggable Databases in the Resources section of the page.
In the list of pluggable databases, find the pluggable database (PDB)
you want to convert to a regular PDB, and then click its name to display details
about it.
In the resulting Convert to regular PDB dialog box, enter the
following:
Database TDE wallet password: Not applicable for
databases using customer-managed keys from the Vault service. Enter
the TDE wallet password for the parent database (CDB) of the source
PDB.
Take a backup of the PDB immediately after creating it:
You must enable auto-backup on the CDB to back up a PDB immediately after
creating it. This check box is checked by default if auto-backup was enabled
on the CDB.
Note
If the
checkbox is unchecked, the system displays a warning stating that PDB
cannot be recovered until the next daily backup has been successfully
completed.
You can perfrom in-place and out of place restore of an Exadata pluggable
database.
The following types of clones are supported:
In place restore: You can restore a PDB within the same CDB to
last known good state or to a specified timestamp.
Out of place restore: You can restore a PDB by creating a
database (CDB) from the backup, then selecting a PDB or a subset of
them you want to restore on the new database.
Using the Console to Perform an In-Place
Restore of a Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the
Databases table, click the name of the database to display the
Database Details page.
Click Pluggable Databases in the Resources section of the
page.
In the list of pluggable databases, find the pluggable database (PDB)
you want to restore, and then click its name to display details about it.
In the resulting Restore PDB dialog, enter the following:
Restore to latest: Select this option to restore and recover the
database with zero, or least possible, data loss.
Restore to a timestamp: Select this option to restore and recover the
database to the specified timestamp.
Using the Console to Perform an Out-of-Place
Restore of a Pluggable Database (PDB) 🔗
Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service
on Dedicated Infrastructure.
Choose your Compartment.
Navigate to the database:
Cloud VM clusters (new resource
model) Under Oracle Exadata Database
Service on Dedicated Infrastructure,
click Exadata VM Clusters. In the list of VM clusters, find the VM
cluster you want to access and click its highlighted name to view the details
page for the cluster.
DB systems Under Bare
Metal, VM, and Exadata, click DB Systems. In the list of DB
systems, find the Exadata DB system you want to access, and then click its name
to display details about it.
On the cloud VM cluster or DB system details page, in the
Databases table, click the name of the database to display the
Database Details page.
Click Pluggable Databases in the Resources section of the
page.
In the list of pluggable databases, find the pluggable database (PDB)
you want to restore, and then click its name to display details about it.
Under Resources, click Backups.
From the list of backups, choose a backup, click the Actions menu (three dots), and
then select Create Database.
In the resulting Create database from backup dialog box, select either of these
options, Select all PDBs or Specify the PDBs to restore.
To create a database by selecting all
Pluggable Databases 🔗
Provide the requested information in the Create database from backup
page:
Click Select all PDBs.
Click Next.
Select the VM cluster where you want to create the database.
Click the Change
Compartment hyperlink to choose your compartment.
Configure Database Home: Select an existing Database Home or create one as
applicable. Note that this field is not available when you create a Database from
the Database Home details page.
Select an existing Database Home: If one or more Database Homes
already exist for the database version you have selected, then this option
is selected by default. And, you will be presented with a list of Database
Homes. Select a Database Home from the list.
Create a new Database Home: If no Database Homes exist for the
database version you have selected, then this option is selected by
default.
Enter Database Home display name.
Click Change Database Image to select your software
version.
Select a Database Software Image window is
displayed.
Select an Image Type, Oracle Provided Database Software
Images, or Custom Database Software Images.
If you
choose Oracle Provided Database Software Images, then you
can use the Display all available version switch to
choose from all available PSUs and RUs. The most recent release
for each major version is indicated with a latest
label.
Note
For the Oracle Database major
version releases available in Oracle Cloud Infrastructure,
images are provided for the current version plus the three most
recent older versions (N through N - 3). For example, if an
instance is using Oracle Database 19c, and the latest version of
19c offered is 19.8.0.0.0, images available for provisioning are
for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and
19.5.0.0.
Provide the database name: Specify a user-friendly name that you can use
to identify the database. The database name must contain only the permitted
characters.
Review the following guidelines when selecting a database name.
maximum of 8 characters
contain only alphanumeric characters
begin with an alphabetic character
cannot be part of first 8 characters of a
db_unique_name on the VM cluster
unique within a VM cluster
DO NOT use grid because grid is
a reserved name
DO NOT use ASM because ASM is a
reserved name
Provide a unique name for the database: Optionally, specify a unique name
for the database. This attribute defines the value of the
db_unique_name database parameter. The value is case
insensitive.
The db_unique_name must contain only the permitted characters.
Review the following guidelines when selecting a database name.
maximum of 30 characters
can contain alphanumeric and underscore (_) characters
begin with an alphabetic character
unique across the fleet/tenancy
If a unique name is not provided, then the db_unique_name
defaults to the following format
<db_name>_<3 char unique
string>_<region-name>.
If you plan to configure the database for backup to a Recovery Appliance backup
destination, then the unique database name must match the name that is
configured in the Recovery Appliance.
Provide the administration password: Provide and confirm the Oracle
Database administration password. This password is used for administration
accounts and functions in the database, including:
The password for the Oracle Database SYS and
SYSTEM users.
The Transparent Data Encryption (TDE) Keystore password.
For Oracle Database 12c Release 1 or later releases, the password for the PDB
administration user in the first PDB (PDBADMIN) must be nine to
30 characters and contain at least two uppercase, two lowercase, two numeric,
and two special characters. The special characters must be _,
#, or -. In addition, the password must
not contain the name of the tenancy or any reserved words, such as
Oracle or Table, regardless of casing.
Enter the source database's TDE wallet or RMAN password: Password must match
the TDE wallet or RMAN password of the source database contained in the backup.
To create a database by specifying a subset of
Pluggable Databases 🔗
Provide the requested information in the Create database from backup
page:
Click Specify the PDBs to restore.
In the Specify PDB to restore field, provide a comma-delimited list of PDBs
to restore.
Click Next.
Select the VM cluster where you want to create the database.
Click the Change Compartment hyperlink to choose your compartment.
Configure Database Home: Select an existing Database Home or create one as
applicable. Note that this field is not available when you create a Database from
the Database Home details page.
Select an existing Database Home: If one or more Database Homes
already exist for the database version you have selected, then this option
is selected by default. And, you will be presented with a list of Database
Homes. Select a Database Home from the list.
Create a new Database Home: If no Database Homes exist for the
database version you have selected, then this option is selected by
default.
Enter Database Home display name.
Click Change Database Image to select your software
version.
Select a Database Software Image window is
displayed.
Select an Image Type, Oracle Provided Database Software
Images, or Custom Database Software Images.
If you
choose Oracle Provided Database Software Images, then you
can use the Display all available version switch to
choose from all available PSUs and RUs. The most recent release
for each major version is indicated with a latest
label.
Note
For the Oracle Database major
version releases available in Oracle Cloud Infrastructure,
images are provided for the current version plus the three most
recent older versions (N through N - 3). For example, if an
instance is using Oracle Database 19c, and the latest version of
19c offered is 19.8.0.0.0, images available for provisioning are
for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and
19.5.0.0.
Provide the database name: Specify a user-friendly name that you can use
to identify the database. The database name must contain only the permitted
characters.
Review the following guidelines when selecting a database name.
maximum of 8 characters
contain only alphanumeric characters
begin with an alphabetic character
cannot be part of first 8 characters of a
db_unique_name on the VM cluster
unique within a VM cluster
DO NOT use grid because grid is
a reserved name
DO NOT use ASM because ASM is a
reserved name
Provide a unique name for the database: Optionally, specify a unique name
for the database. This attribute defines the value of the
db_unique_name database parameter. The value is case
insensitive.
The db_unique_name must contain only the permitted characters.
Review the following guidelines when selecting a database name.
maximum of 30 characters
can contain alphanumeric and underscore (_) characters
begin with an alphabetic character
unique across the fleet/tenancy
If a unique name is not provided, then the db_unique_name
defaults to the following format
<db_name>_<3 char unique
string>_<region-name>.
If you plan to configure the database for backup to a Recovery Appliance backup
destination, then the unique database name must match the name that is
configured in the Recovery Appliance.
Provide the administration password: Provide and confirm the Oracle
Database administration password. This password is used for administration
accounts and functions in the database, including:
The password for the Oracle Database SYS and
SYSTEM users.
The Transparent Data Encryption (TDE) Keystore password.
For Oracle Database 12c Release 1 or later releases, the password for the PDB
administration user in the first PDB (PDBADMIN) must be nine to
30 characters and contain at least two uppercase, two lowercase, two numeric,
and two special characters. The special characters must be _,
#, or -. In addition, the password must
not contain the name of the tenancy or any reserved words, such as
Oracle or Table, regardless of casing.
Enter the source database's TDE wallet or RMAN password: Password must match
the TDE wallet or RMAN password of the source database contained in the backup.
Cost and Usage Attribution for Pluggable Databases (PDBs) 🔗
Note
It is supported only on Oracle Databases 19c and higher running in a multitenant deployment.
With this enhancement to the Cost Analysis feature of the OCI Cost Management Service, you can view the attributed usage and cost for all the PDBs in a VM Cluster. This data will be available on the cost analysis dashboard and the reports.
Prerequisites:
dbaastools: (minimum version) 24.2.1
To check the version of the dbaastools rpm on the guest VM, run: rpm -qa | grep dbaastools
To update the dbaastools rpm on the guest VM, run: dbaascli admin updateStack
Confirm you have the minimum version of dbaastools needed after you update the dbaastools rpm by running the rpm -qa | grep dbaastools command.
dbcsagent needs to be running on the guest VM. Minimum version of dbcsagent needed is 23.3.2.
To check the version of the dbcsagent on the guest VM, run: rpm -qa | grep dbcs-agent-update
You will need to open a service request on My Oracle Support to update the dbcsagent on the guest VM.
To check the status of the dbcsagent, run: systemctl status dbcsagent
Run systemctl start dbcsagent if the dbcsagent is not in active (running) state.
Check the status of the agent again to confirm that it is running.
To change the SYS password, or to change the TDE wallet password, use this
procedure.
The password that you specify in the Database Admin
Password field when you create a new Exadata Cloud Infrastructure instance or database is set as the password for the
SYS, SYSTEM, TDE wallet, and PDB administrator credentials. Use the following
procedures if you need to change passwords for an existing database.
Note
if you are enabling Data Guard for a database, then the SYS password and the TDE
wallet password of the primary and standby databases must all be the same.
Note
Using the dbaascli
to change the SYS password will ensure the backup/restore automation can parallelize
channels across all nodes in the
cluster.