The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and manage A service that allows you to add block storage volumes to an instance in order to expand the available storage on that resource.. You can create, attach, connect and move volumes as needed to meet your storage and application requirements. Once attached and connected to an instance, you can use a volume like a regular hard drive. Volumes can also be disconnected and attached to another instance without the loss of data.
The components required to create a volume and attach it to an instance are briefly described below.
- Instance: A bare metal or virtual machine (VM) host running in the cloud.
Volume attachment: There are two types of volume attachments:
Volume: There are two types of volumes:
Block volume: A detachable block storage device that allows you to dynamically expand the storage capacity of an instance.
Boot volume: A detachable boot volume device that contains the image used to boot a Compute instance. See Boot Volumes for more information.
For additional Oracle Cloud Infrastructure terms, see the Glossary.
Typical Block Volume Scenarios
Scenario A: Expand an Instance's Storage
A common usage of Block Volume is adding storage capacity to an Oracle Cloud Infrastructure instance. Once you have launched an instance and set up your cloud network, you can create a block storage volume through the Console or API. Once created, you Link a volume and instance together. Allows an instance to connect and mount the volume as a hard drive. the volume to an instance using a volume attachment. Once attached, you Make an attached volume usable by an instance's guest OS. to the volume from your instance's guest OS using A TCP/IP based standard used for communication between a volume and attached instance.. The volume can then be mounted and used by your instance.
Scenario B: Persistent and Durable Storage
A Block Volume volume can be detached from an instance and moved to a different instance without loss of data. This data persistence allows you to easily migrate data between instances and ensures that your data is safely stored, even when it is not connected to an instance. Any data will remain intact until you reformat or delete the volume.
To move your volume to another instance, unmount the drive from the initial instance, terminate the iSCSI connection, and attach it to the second instance. From there, you simply connect and mount the drive from that instance's guest OS to instantly have access to all of your data.
Additionally, Block Volume volumes offer a high level of data durability compared to standard, attached drives. All volumes are automatically replicated for you, helping to protect against data loss.
Scenario C: Instance Scaling
When you terminate an instance, you can keep the associated boot volume and use it to launch a new instance using a different instance type or shape. See Creating an Instance for how to launch an instance based on a boot volume. This allows you to easily switch from a bare metal instance to a VM instance and vice versa, or scale up or down the number of cores for an instance.
When you attach a block volume to a VM instance, you have two options for attachment type, iSCSI or paravirtualized. Paravirtualized attachments simplify the process of configuring your block storage by removing the extra commands required before connecting to an iSCSI-attached volume. The trade-off is that IOPS performance for iSCSI attachments is greater than that for paravirtualized attachments, so you need to consider your requirements when selecting a volume's attachment type.
Connecting to Volumes on Linux Instances
When connecting to volumes on Linux instances, if you want to automatically mount these volumes on instance boot, you need to use some specific options in the
/etc/fstab file, or the instance may fail to launch. See /etc/fstab Options for the options to use in the
/etc/fstab file. If you
iSCSI attachments are the only option when connecting block volumes to bare metal instances, VM instances based on Windows images published prior to February 2018, or VM instances based on Linux images published prior to December 2017. Once the volume is attached, you need to log in to the instance and use the
iscsiadm command-line tool to configure the iSCSI connection. For more information about the additional configuration steps required for iSCSI attachments, see iSCSI Commands and Information, Connecting to a Volume, and Disconnecting From a Volume.
IOPS performance is better with iSCSI attachments compared to paravirtualized attachments, for more information about iSCSI-attached volume performance, see Block Volume Performance.
Paravirtualized attachments are now an option when attaching volumes to VM instances. For VM instances launched from Oracle-Provided Images, you can select this option for Linux-based images published December 2017 or later, and Windows images published February 2018 or later. For VM instances launched from custom images, the volume attachment type is based on the volume attachment type from the VM the custom image was created from. Once you attach a volume using the paravirtualized attachment type, it is ready to use, you do not need to run any additional commands. However, due to the overhead of virtualization, this reduces the maximum IOPS performance for larger block volumes, see Paravirtualized Attachment Performance for more information.
When you attach a block volume, you can specify one of the following options for access type:
Read/write: This is the default option for volume attachments. With this option, an instance can read and write data to the volume.
Read-only: With this option, an instance can only read data on the volume, it cannot update data on the volume. Specify this option to safeguard data against accidental or malicious modifications.
To change the access type for a block volume, you need to detach the volume and specify the new access type when you re-attach the volume. For more information, see Detaching a Volume and Attaching a Volume.
The access type for boot volumes is always read/write. If you want to change the access type, you need to stop the instance and detach the boot volume. You can then re-attach it to another instance as a block volume, with read-only specified as the access type. For more information, see Detaching a Boot Volume and Attaching a Boot Volume.
Oracle Cloud Infrastructure supports consistent device names for block volumes attached to compatible Linux-based instances. When you attach a block volume to an instance you can optionally select a device path that will remain consistent between instance reboots. For more information, see Connecting to Volumes With Consistent Device Paths. This enables you to refer to the volume using the device path for scenarios such as when you set specific options in the
/etc/fstab file when you're automatically mounting the volumes on instance boot, for more information see /etc/fstab Options for Block Volumes Using Consistent Device Paths.
Consistent device paths are supported on instances created from Oracle-provided Linux-based images released in November 2018 and later, with the exception of instances launched prior to January 11th, 2019, see Device path option not available for instances launched before January 11th, 2019.
The following Linux-based images do not support consistent device paths:
Oracle-provided Linux-based images released prior to November 2018
For instances launched using the image OCID or an existing boot volume, if the source image supports consistent device paths, the instance supports device paths. This feature does not apply to Windows-based images.
Regions and Availability Domains
Volumes are only accessible to instances in the same One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains one or more availability domains. . You cannot move a volume between availability domains or regions.
For more information, see Regions and Availability Domains.
Most types of Oracle Cloud Infrastructure resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID). For information about the OCID format and other ways to identify your resources, see Resource Identifiers.
Ways to Access Block Volume
You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide. For a list of available SDKs, see Software Development Kits and Command Line Interface.
To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You will be prompted to enter your cloud tenant, your user name, and your password.
For general information about using the API, see REST APIs.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up A collection of users who all need a particular type of access to a set of resources or compartment., A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization., and An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.
You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.
The Oracle Cloud Infrastructure Block Volume service always encrypts all block volumes and their backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit for encryption.
All the data moving between the instance and the block volume is transferred over an internal and highly secure network. If you have specific compliance requirements related to the encryption of the data while it is moving between the instance and the block volume, the Block Volume service provides the option to enable in-transit encryption for paravirtualized volume attachments on virtual machine (VM) instances.
You can use the encryption keys managed by the Oracle Cloud Infrastructure Key Management service for volume encryption. If you do not configure a volume to use the Key Management service, the Block Volume service will instead use the Oracle-provided encryption key. This applies to both encryption at-rest and in-transit encryption.
Block Volume volumes can be created in sizes ranging from 50 GB to 32 TB in 1 GB increments. By default, Block Volume volumes are 1 TB.
Block Volume volume performance varies with volume size.
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Additional limits include:
Volumes per instance: 32
Number of backups
Monthly universal credits: 1000
- Overview of Block Volume
- Typical Block Volume Scenarios
- Volume Attachment Types
- Volume Access Types
- Device Paths
- Regions and Availability Domains
- Resource Identifiers
- Ways to Access Block Volume
- Authentication and Authorization
- Tagging Resources
- Block Volume Encryption
- Block Volume Capabilities and Limits