Policy-Based Backups

The Oracle Cloud Infrastructure Block Volume service provides you with the capability to perform volume backups automatically on a schedule and retain them based on the selected backup policy.

With user defined policies, you can also enable scheduled cross-region backups, so that scheduled volume backups are automatically copied to a second region, see Scheduling Volume Backup Copies Across Regions.

These features allow you to adhere to your data compliance and regulatory requirements.

Caution

Deleting Block Volumes with Policy-Based Backups

All policy-based backups will eventually expire, so if you want to keep a volume backup indefinitely, you need to create a manual backup.

Volume backups are point-in-time snapshots of volume data. For more information about volume backups, see Overview of Block Volume Backups.

There are two kinds of backup policies:

  • User defined: Custom backup policies that you create and configure schedules for.
  • Oracle defined: Predefined backup policies that have a set backup frequency and retention period. You cannot modify these policies.
Note

Timing for Scheduled Backups

Scheduled volume backups are not guaranteed to start at the exact time specified by the backup schedule. You may see up to several hours of delay between the scheduled start time and the actual start time for the volume backup in scenarios where the system is overloaded. This applies to both user defined and Oracle defined backup policies.

User Defined Backup Policies

Oracle Cloud Infrastructure enables you to customize your backup schedules with user defined policies. These are backup policies that you define the backup frequency and retention period for. There are two parts to user defined backup policies, the backup policy itself, and then one or more schedules in the policy.

To get started with user defined backup policies, you need to first create the backup policy, see To create a user defined backup policy. After this step, you have an empty backup policy, so the next step is to define and add schedules to the policy.

Schedules

Schedules define the backup frequency and retention period for a user defined backup policy, just like Oracle defined backup policies. The difference is that you can customize the schedules associated with user defined policies. This gives you control over the backup frequency and retention period.

When defining a schedule for a user defined backup policy, the first thing you configure is the schedule type, this specifies the backup frequency. Oracle Cloud Infrastructure provides the following schedule types:

  • Daily: Backups are generated daily. You specify the hour of the day for the backup.
  • Weekly: Backups are generated weekly. You specify the day of the week, and the hour of that day for the backup.
  • Monthly: Backups are generated monthly. You specify the day of the month, and the hour of that day for the backup.
  • Yearly: Backups are generated yearly. You specify the month, the day of that month, and the hour of that day for the backup.

In addition to frequency, you also configure the following:

  • Retention time: The amount of time to keep the backup, in days, weeks, months, or years. The time period is based the schedule type.
  • Backup type Options are full or incremental, see Volume Backup Types for more information.
  • Timezone The time zone to use for the backup schedule. Options are UTC or the regional data center time zone.

For more information, see To add a schedule to a user defined backup policy.

You can also edit or remove schedules for a user defined policy at any time, see To edit a schedule for a user defined backup policy and To delete a schedule for a user defined backup policy.

Duplicating Existing Backup Policies

You can create a new backup policy by duplicating any of the existing backup policies.

If one of the Oracle defined policies is close to meeting your volume backup requirements, but with some changes, you can create a new backup policy by duplicating the Oracle defined policy. This creates a new user defined backup policy with schedules already assigned, enabling you to use the Oracle defined policy's settings as a starting point to save time and simplify the process.

You can also duplicate an existing user defined policy. For more information, see To duplicate a backup policy. You can then add, edit, or delete schedules for the new backup policy.

Scheduling Volume Backup Copies Across Regions

The Block Volume service enables you to copy volume backups from one region to another for business continuity and disaster recovery scenarios, for more information, see Copying Block Volume Backups Across Regions. With user-defined policies, you can automate this process, so that volume backups are copied to another region on a schedule. Enabling the automatic copying of scheduled volume backups is only supported with user-defined policies, so if you need to use this feature for a volume currently configured with an Oracle defined policy, you need to duplicate the policy and then enable cross region copy. The volume backup copy in the target region has the same retention period as the volume backup in the source region

Once this feature is enabled, your bill will include charges for storing volume backups in both the source region and the destination region. You may also see an increase in network costs.

Note

When a volume backup is copied to another region, the volume backup in the other region is always a full backup, even if the source backup type was incremental. This applies to volume backups copied on a schedule and volume backups copied manually.

Note

It may take up to 24 hours for daily scheduled volume backups to be copied to the target region. You can verify that the volume backup was copied by switching to the target region and checking the list of volume backups for that region. If the volume backup has not been copied yet, you can perform a manual copy of that volume backup to the target region using the steps described in Copying a Volume Backup Between Regions.

Regions Pairs

When you enable cross region copy for a backup policy, the target region is based on the source region for the backup and cannot be changed. The following table lists the source and target region pairs for cross region copy. To copy a volume backup to a region not paired with the backup's source region, you must manually copy the volume backup, see Copying a Volume Backup Between Regions.

Source Region Target Region
US West (Phoenix) US East (Ashburn)
US East (Ashburn) US West (Phoenix)
US West (San Jose) US West (Phoenix)
Brazil East (Sao Paulo) US West (Phoenix)
Canada Southeast (Toronto) Canada Southeast (Montreal)
Canada Southeast (Montreal) Canada Southeast (Toronto)
Japan Central (Osaka) Japan East (Tokyo)
Japan East (Tokyo) Japan Central (Osaka)
India South (Hyderabad) India West (Mumbai)
India West (Mumbai) India South (Hyderabad)
Germany Central (Frankfurt) Switzerland North (Zurich)
UK South (London) Germany Central (Frankfurt)
Australia East (Sydney) Australia Southeast (Melbourne)
Australia Southeast (Melbourne) Australia East (Sydney)
Netherlands Northwest (Amsterdam) Germany Central (Frankfurt)
Saudi Arabia West (Jeddah) Germany Central (Frankfurt)
South Korea Central (Seoul) South Korea North (Chuncheon)
South Korea North (Chuncheon) South Korea Central (Seoul)

Oracle Defined Backup Policies

There are three Oracle defined backup policies, Bronze, Silver, and Gold. Each backup policy is comprised of schedules with a set backup frequency and a retention period that you cannot modify. If the backup policy settings for Oracle defined policies don't meet your requirements, you should use User Defined Backup Policies instead. With user defined backup policies you define and control the schedules. You can also enable the automatic copying of volume backups to a second region, which is not supported with Oracle defined policies.

Bronze Policy

The bronze policy includes monthly incremental backups, run on the first day of the month. These backups are retained for twelve months. This policy also includes a full backup, run yearly on January 1st. Full backups are retained for five years.

Silver Policy

The silver policy includes weekly incremental backups that run on Sunday. These backups are retained for four weeks. This policy also includes monthly incremental backups, run on the first day of the month and are retained for twelve months. Also includes a full backup, run yearly on January 1st. Full backups are retained for five years.

Gold Policy

The gold policy includes daily incremental backups. These backups are retained for seven days. This policy also includes weekly incremental backups that run on Sunday and are retained for four weeks. Also includes monthly incremental backups, run on the first day of the month, retained for twelve months, and a full backup, run yearly on January 1st. Full backups are retained for five years.

Working with Backup Policies

There are two types of tasks when working with backup policies:

The linked sections listed above provide information for working with backup policies using the Console, CLI, and REST APIs.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  you should work in.

Important

To view or work with backup policies, you need access to the root compartment, which is where the predefined backup policies are located.

For administrators: The policy in Let volume admins manage block volumes, backups, and volume groups lets the specified group do everything with block volumes and backups. The policy in Let volume backup admins manage only backups further restricts access to just creating and managing backups.

Tip

When users create a backup from a volume or restore a volume from a backup, the volume and backup don't have to be in the same compartment . However, users must have access to both compartments.
If you're new to policies, see Getting Started with Policies and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Creating and Configuring User Defined Backup Policies

Using the Console

You can use the Console to create and update user defined backup policies.

To create a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click Create Backup Policy.

  3. Specify a name for the backup policy.

  4. Select the compartment to create the backup policy in.

    While you select a compartment for the backup policy, it is accessible across your tenancy.

  5. Optionally, you can enable cross region copy to the specified region. This automates the copying of the volume backup to a second region after each backup is created. The target region specified for the backup copy is based on the region pair for the policy's source region and cannot be changed. For more information, see Regions Pairs.

  6. Click Create Backup Policy to create the backup policy.

To add a schedule to a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the backup policy you want to add the schedule to.
  3. Click Add Schedule.
  4. Specify the backup frequency by selecting from the Schedule Type options: Daily, Weekly, Monthly, or Yearly, and then configure the additional schedule options. Depending on the schedule type, the additional schedule options will include one or more of the following:

    • Hour of the day

    • Day of the week

    • Day of the month

    • Month of the year

  5. Specify the Retention Time, which will be in days, weeks, months, or years, depending on the schedule type you selected in the previous step.

  6. Select Full or Incremental for Backup Type.

  7. Select the Timezoneto base the schedule settings on, either UTC or Regional Data Center Time.

  8. Click Add Schedule.

To enable cross region copy for a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the backup policy that you want to enable cross region copy for.
  3. On the details page, for Cross Region Copy Target, click Enable.
  4. Click Enable in the confirmation dialog.
To disable cross region copy for a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the backup policy that you want to disable cross region copy for.
  3. On the details page, for Cross Region Copy Target, click Disable.
  4. Click Disable in the confirmation dialog.
To duplicate a backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the backup policy that you want to duplicate.Both Oracle defined and user defined backup policies can be duplicated.
  3. Click Duplicate.
  4. Specify a name for the policy.
  5. Select the compartment to create the backup policy in. It does not need to be the same compartment as the backup policy you are duplicating.
  6. Optionally, you can enable cross region copy to the specified region. This automates the copying of the volume backup to a second region after each backup is created. The target region specified for the backup copy is based on the region pair for the policy's source region and cannot be changed. For more information, see Regions Pairs.

  7. Click Duplicate Backup Policy.

To edit a schedule for a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the backup policy that you want to edit a schedule for.
  3. In Schedules, for the schedule you want to edit, click the Actions icon (three dots), and then click Edit.
  4. After making your changes to the schedule, click Update.
To delete a schedule for a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the user defined backup policy that you want to delete a schedule for.
  3. In Schedules, for the schedule you want to delete, click the Actions icon (three dots), and then click Delete.
  4. Click Delete in the confirmation dialog.
To delete a user defined backup policy
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Backup Policies.
  2. Click the user defined backup policy you want to delete.
  3. Click Delete.
  4. Enter the name of the backup policy and click Delete.

Using the CLI

For information about using the CLI, see Command Line Interface (CLI).

Use the following operations to work with backup policies:

To create a user defined backup policy

Open a command prompt and run:

oci bv volume-backup-policy create --compartment-id <compartment_ID> --schedules file//<path>/<scheduleJSON>.json

For example:

oci bv volume-backup-policy create --compartment-id ocid1.compartment.oc1..<unique_ID> --schedules file//~/input.json
To list the backup policies in a specified compartment

Open a command prompt and run:

oci bv volume-backup-policy list --compartment-id <compartment_ID>

For example:

oci bv volume-backup-policy list --compartment-id ocid1.compartment.oc1..<unique_ID>
To retrieve a specific backup policy

Open a command prompt and run:

oci bv volume-backup-policy get --backup-policy-id  <backup-policy-ID>

For example:

oci bv volume-backup-policy get --backup-policy-id ocid1.volumebackuppolicy.oc1.phx.<unique_ID>
To update the display name for a user defined backup policy

Open a command prompt and run:

oci bv volume-backup-policy update --backup-policy-id <backup-policy_ID> --display-name <backup-policy_name>

For example:

oci bv volume-backup-policy update --backup-policy-id ocid1.volumebackuppolicy.oc1.phx.<unique_ID> --display-name "new display name"
To update the schedules for a user defined backup policy

Open a command prompt and run:

oci bv volume-backup-policy update --backup-policy-id <backup-policy_ID> --schedules file//<path>/<scheduleJSON>.json

For example:

oci bv volume-backup-policy update --volume-group-id ocid1.volumebackuppolicy.oc1.phx.<unique_ID> --schedules file//~/input.json
To delete a user defined backup policy

Open a command prompt and run:

oci bv volume-backup-policy delete --backup-policy-id <backup-policy_ID>

You can only delete a user defined backup policy if it is not assigned to any volumes. You cannot delete Oracle defined backup policies.

For example:

oci bv volume-backup-policy delete --backup-policy-id ocid1.volumebackuppolicy.oc1.phx.<unique_ID>

Managing Backup Policy Assignments to Volumes

Using the Console

You can use the Console to assign, change, or remove both user defined and Oracle defined backup policies for existing volumes.

To assign a backup policy to a volume
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Block Volumes.
  2. Click the volume for which you want to assign a backup policy to.
  3. On the Block Volume Information tab click Edit .
  4. In the BACKUP POLICIES section, select the compartment containing the backup policies.

  5. Select the appropriate backup policy for your requirements.

  6. Click Save Changes.

To change a backup policy assigned to a volume
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Block Volumes.
  2. Click the volume for which you want to change the backup policy for.
  3. On the Block Volume Information tab click Edit.
  4. In the BACKUP POLICIES section, select the compartment containing the backup policy.

  5. Select the backup policy you want to switch to.

  6. Click Save Changes.

To remove a backup policy assigned to a volume
  1. Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Block Volumes.
  2. Click the volume for which you want to remove the backup policy for.
  3. On the Block Volume Information tab click Edit .
  4. In the BACKUP POLICIES section, select None from the list, and then click Save Changes.

Using the CLI

For information about using the CLI, see Command Line Interface (CLI).

Use the following operations to work with volume backup policy assignments to volumes:

To assign a backup policy to a volume

Open a command prompt and run:

oci bv volume-backup-policy-assignment create --asset-id <volume_ID> --policy-id <policy_ID>

For example:

oci bv volume-backup-policy-assignment create --asset-id ocid1.volume.oc1..<unique_ID> --policy-id ocid1.volumebackuppolicy.oc1..<unique_ID>
To get the backup policy assigned to a volume

Open a command prompt and run:

oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id <volume_ID>

For example:

oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id ocid1.volume.oc1..<unique_ID>
To retrieve a specific backup policy assignment

Open a command prompt and run:

oci bv volume-backup-policy-assignment get --policy-assignment-id  <backup-policy-ID>

For example:

oci bv volume-backup-policy-assignment get --policy-assignment-id ocid1.volumebackuppolicyassignment.oc1.phx.<unique_ID>
To delete a backup policy assignment

Open a command prompt and run:

oci bv volume-backup-policy-assignment delete ----policy-assignment-id <backup-policy_ID>

You can only delete a user defined backup policy if it is not assigned to any volumes. You cannot delete Oracle defined backup policies.

For example:

oci bv volume-backup-policy-assignment delete ----policy-assignment-id ocid1.volumebackuppolicyassignment.oc1.phx.<unique_ID>

Using the API

Use the following operations to manage backup policy assignments to volumes:

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

For more information about backups, see Overview of Block Volume Backups and Restoring a Backup to a New Volume.