Oracle Cloud Infrastructure Documentation

Overview of Block Volume

The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and manage A service that allows you to add block storage volumes to an instance in order to expand the available storage on that resource.. You can create, attach, connect, and move volumes as needed to meet your storage and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without the loss of data.

These components are required to create a volume and attach it to an instance:

  • Instance: A bare metal or virtual machine (VM) host running in the cloud.
  • Volume attachment: There are two types of volume attachments:

    • iSCSI: A TCP/IP-based standard used for communication between a volume and attached instance.

    • Paravirtualized: A virtualized attachment available for VMs.

  • Volume: There are two types of volumes:

    • Block volume: A detachable block storage device that allows you to dynamically expand the storage capacity of an instance.

    • Boot volume: A detachable boot volume device that contains the image used to boot a Compute instance. See Boot Volumes for more information.

For additional Oracle Cloud Infrastructure terms, see the Glossary.

Typical Block Volume Scenarios

Scenario A: Expanding an Instance's Storage

A common usage of Block Volume is adding storage capacity to an Oracle Cloud Infrastructure instance. After you have launched an instance and set up your cloud network, you can create a block storage volume through the Console or API. Then, you Link a volume and instance together. Allows an instance to connect and mount the volume as a hard drive. the volume to an instance using a volume attachment. After the volume is attached, you Make an attached volume usable by an instance's guest OS. to the volume from your instance's guest OS using A TCP/IP based standard used for communication between a volume and attached instance.. The volume can then be mounted and used by your instance.

Scenario B: Persistent and Durable Storage

A Block Volume volume can be detached from an instance and moved to a different instance without the loss of data. This data persistence enables you to migrate data between instances and ensures that your data is safely stored, even when it is not connected to an instance. Any data remains intact until you reformat or delete the volume.

To move your volume to another instance, unmount the drive from the initial instance, terminate the iSCSI connection, and attach the volume to the second instance. From there, you connect and mount the drive from that instance's guest OS to have access to all of your data.

Additionally, Block Volume volumes offer a high level of data durability compared to standard, attached drives. All volumes are automatically replicated for you, helping to protect against data loss.

Scenario C: Instance Scaling

When you terminate an instance, you can keep the associated boot volume and use it to launch a new instance with a different instance type or shape. This allows you to easily switch from a bare metal instance to a VM instance and vice versa, or scale up or scale down the number of cores for an instance. See Creating an Instance for steps to launch an instance based on a boot volume.

Volume Attachment Types

When you attach a block volume to a VM instance, you have two options for attachment type, iSCSI or paravirtualized. Paravirtualized attachments simplify the process of configuring your block storage by removing the extra commands that are required before connecting to an iSCSI-attached volume. The trade-off is that IOPS performance for iSCSI attachments is greater than that for paravirtualized attachments. You should consider your requirements when selecting a volume's attachment type.

Important

Connecting to Volumes on Linux Instances

When connecting to volumes on Linux instances, if you want to automatically mount these volumes on instance boot, you need to use some specific options in the /etc/fstab file, or the instance may fail to launch. See Traditional fstab Options and fstab Options for Block Volumes Using Consistent Device Paths for more information.

iSCSI

iSCSI attachments are the only option when connecting a block volume to any of the following types of instances:

  • Bare metal instances
  • VM instances based on Windows images that were published before February 2018
  • VM instances based on Linux images that were published before December 2017

After the volume is attached, you need to log in to the instance and use the iscsiadm command-line tool to configure the iSCSI connection. For more information about the additional configuration steps required for iSCSI attachments, see iSCSI Commands and Information, Connecting to a Volume, and Disconnecting From a Volume.

IOPS performance is better with iSCSI attachments compared to paravirtualized attachments. For more information about iSCSI-attached volume performance, see Block Volume Performance.

Paravirtualized

Paravirtualized attachments are an option when attaching volumes to the following types of VM instances:

  • For VM instances launched from Oracle-provided images, you can select this option for Linux-based images published in December 2017 or later, and Windows images published in February 2018 or later.
  • For VM instances launched from custom images, the volume attachment type is based on the volume attachment type from the VM the custom image was created from.

After you attach a volume using the paravirtualized attachment type, it is ready to use, and you do not need to run any additional commands. However, because of the overhead of virtualization, this reduces the maximum IOPS performance for larger block volumes. See Paravirtualized Attachment Performance for more information.

Volume Access Types

When you attach a block volume, you can specify one of the following options for access type:

  • Read/write: This is the default option for volume attachments. With this option, an instance can read and write data to the volume.

  • Read-only: With this option, an instance can only read data on the volume. It cannot update data on the volume. Specify this option to safeguard data against accidental or malicious modifications.

To change the access type for a block volume, you need to detach the volume and specify the new access type when you reattach the volume. For more information, see Detaching a Volume and Attaching a Volume.

The access type for boot volumes is always read/write. If you want to change the access type, you need to stop the instance and detach the boot volume. You can then reattach it to another instance as a block volume, with read-only specified as the access type. For more information, see Detaching a Boot Volume and Attaching a Volume.

Device Paths

When you attach a block volume to a compatible Linux-based instance, you can select a device path that remains consistent between instance reboots. This enables you to refer to the volume using a consistent device path. For example, you can use the device path when you set options in the /etc/fstab file to automatically mount the volume on instance boot.

Consistent device paths are supported on instances when all of the following things are true:

For instances launched using the image OCID or an existing boot volume, if the source image supports consistent device paths, the instance supports device paths.

Consistent device paths are not supported on Linux-based partner images or custom images that are created from other sources. This feature does not apply to Windows-based images.

Important

You must select a device path when you attach a volume using the Console, it is required. Specifying a device path is optional when you attach a volume using the CLI, REST APIs, or SDK.

For more information about consistent device paths, see Connecting to Volumes With Consistent Device Paths.

Regions and Availability Domains

Volumes are only accessible to instances in the same One or more isolated, fault-tolerant Oracle data centers that host cloud resources such as instances, volumes, and subnets. A region contains one or more availability domains. . You cannot move a volume between availability domains or regions.

For more information, see Regions and Availability Domains.

Resource Identifiers

Most types of Oracle Cloud Infrastructure resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID). For information about the OCID format and other ways to identify your resources, see Resource Identifiers.

Ways to Access Oracle Cloud Infrastructure

You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide. For a list of available SDKs, see Software Development Kits and Command Line Interface.

To access the Console, you must use a supported browser. You can use the Console link at the top of this page to go to the sign-in page. You will be prompted to enter your cloud tenant, your user name, and your password.

For general information about using the API, see REST APIs.

Authentication and Authorization

Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

An administrator in your organization needs to set up A collection of users who all need a particular type of access to a set of resources or compartment., A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization., and An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, launch instances, create buckets, download objects, etc. For more information, see Getting Started with Policies. For specific details about writing policies for each of the different services, see Policy Reference.

If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you should be using.

Monitoring Resources

You can monitor the health, capacity, and performance of your Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring Overview and Notifications Overview.

Moving Resources

You can move Block Volume resources such as block volumes, boot volumes, volume backups, volume groups, and volume group backups from one compartment to another. For more information, see Move Block Volume Resources Between Compartments.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Block Volume Encryption

The Oracle Cloud Infrastructure Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption. By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Key Management service, for more information see Overview of Key Management. If you do not configure a volume to use the Key Management service or you later unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead. This applies to both encryption at-rest and in-transit encryption.

For how to use your own key for new volumes, see Creating a Volume. See To assign a key to an existing Block Volume for how to assign or change the key for an existing volume.

All the data moving between the instance and the block volume is transferred over an internal and highly secure network. If you have specific compliance requirements related to the encryption of the data while it is moving between the instance and the block volume, the Block Volume service provides the option to enable in-transit encryption for paravirtualized volume attachments on virtual machine (VM) instances.

Important

In-transit encryption for boot and block volumes is only available for virtual machine (VM) instances launched from Oracle-provided images, it is not supported on bare metal instances. It is also not supported in most cases for instances launched from custom images imported for "bring your own image" (BYOI) scenarios. To confirm support for certain Linux-based custom images and for more information contact Oracle support, see Getting Help and Contacting Support.

Block Volume Data Eradication

The Oracle Cloud Infrastructure Block Volume service uses eventual-overwrite data eradication, which guarantees that block volumes you delete cannot be accessed by anyone else and that the deleted data is eventually overwritten. When you terminate a volume, its associated data is overwritten in the storage infrastructure before any future volume allocations.

Block Volume Capabilities and Limits

Block Volume volumes can be created in sizes ranging from 50 GB to 32 TB in 1 GB increments. By default, Block Volume volumes are 1 TB.

Block Volume volume performance varies with volume size.

See Service Limits for a list of applicable limits and instructions for requesting a limit increase. To set compartment-specific limits on a resource or resource family, administrators can use compartment quotas.

Additional limits include:

  • Volumes per instance: 32

  • Number of backups

    • Monthly universal credits: 1000

    • Pay-as-you-go: 500