Oracle Cloud Infrastructure Documentation

Overview of Block Volume Backups

The Oracle Cloud Infrastructure Block Volume offers a secure, cost-effective, policy-based, fully-managed backup solution. Block volumes, boot volumes, and volume groups can be backed up while attached to or detached from an instance, and are then encrypted and regionally stored in OCI-managed Oracle Cloud Infrastructure Object Storage. Backups can be restored to existing or new volumes in any availability domain, irrespective of the availability of the source volume or volume group. This capability allows you to easily restore the volumes or volume groups in the event of a disaster. You can create up to 100,000 backups.

Note

While a backup is in progress, the volume being backed up can't be deleted.

Required IAM Policy for Volume Backups

To use Oracle Cloud Infrastructure, an administrator must be a member of a group granted security access in a policy  by a tenancy administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with the tenancy administrator what type of access you have and which compartment  your access works in.

To get started with the volume backups, an administrator needs to grant user access through an IAM policy. Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

The following is an example policy to allow block volume administrators to manage block volumes, backups, and volume groups across regions: 

Allow group VolumeBackupAdmins to use volumes in tenancy

Allow group VolumeBackupAdmins to manage volume-backups in tenancy

Allow group VolumeBackupAdmins to inspect volume-attachments in tenancy

Allow group VolumeBackupAdmins to inspect instances in tenancy

Allow group VolumeBackupAdmins to manage backup-policies in tenancy

Allow group VolumeBackupAdmins to manage backup-policy-assignments in tenancy

Allow group VolumeBackupAdmins to use volume-backups in tenancy where request.permission='VOLUME_BACKUP_COPY'
The following is an example policy to allow boot volume backup administrators to create and manage only boot volume backups:
Allow group BootVolumeBackupAdmins to use volumes in tenancy

Allow group BootVolumeBackupAdmins to manage boot-volume-backups in tenancy

Allow group BootVolumeBackupAdmins to inspect instances in tenancy

Allow group BootVolumeBackupAdmins to manage backup-policies in tenancy

Allow group BootVolumeBackupAdmins to manage backup-policy-assignments in tenancy

Allow group BootVolumeBackupAdmins to use boot-volume-backups in tenancy where request.permission='BOOT_VOLUME_BACKUP_COPY'
Tip

When users create a backup from a volume or restore a volume from a backup, the volume and backup don't have to be in the same compartment . However, users must have access to both compartments.
If you're new to policies, see Managing Identity Domains and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Volume Backup Types

There are two backup types available in the Block Volume service:

  • Incremental: This backup type includes only the changes since the last backup.
  • Full: This backup type includes all changes since the volume was created.

Volume Group Backups

A volume group is a consistent group of volumes. You can use volume group backups to create creating point-in-time snapshots for multiple block volumes such as large filesystems and databases. These snapshots are stored in OCI-managed object storage. For more information, see Working with Block Volumes.

Backup Details

For data recovery purposes, there is no functional difference between an incremental backup and a full backup. Because both backup types enable you to restore the full contents to the point-in-time snapshot, you don't need to retain the initial full backup or subsequent incremental backups. A volume backup retains all of that volume's contents, regardless of the time of its snapshot. If you delete a full backup of a volume, (for example, due to retention policies), the size of the incremental backup for that volume will increase in order to restore the volume successfully.

Example

You create a 50 GB block volume, write 25 GB to the volume, and then launch a full backup of the volume on Day 1 with a two-day retention period. Upon completion, the backup size is 25 GB.Day 1

On Day 2, you then modify 2GB of existing data, write 3GB of new data and create an incremental backup. The unique size of the incremental backup totals 5 GB.Day 2

On Day 3, another incremental backup is made with modified 3G of existing data and added 2 GB of new data, totaling 5GB.Day 3

On Day 4, the full backup is be deleted as the retention expires. The incremental backup size is now totals 28GB, the contents of which are required to restore the volume contents to the time the incremental backup was taken. Day 4

On Day 5, the first incremental backup retention expires. The backup size for this second incremental backup totals 30GB, the actual size of the volume contents at the time the second incremental backup was made. Because the blocks are retained even after the full backup was deleted, the volume can still be restored from an incremental backup.Day 5

Volume Backup Size

Volume backup size may be larger than the current volume usage. Possible reasons for this could include:

  • Any part of a volume that has been written to is considered initialized, and will always be included in a volume backup.

  • Many operating systems write or zero out the content, which marks these blocks as used. Block Volume service considers these blocks updated and includes them in the volume backup.

  • Volume backups also include metadata, which can be up to 1 GB in additional data. For example, in a full backup of a 256 GB Windows boot disk, you might see a backup size of 257 GB, which includes an additional 1 GB of metadata.

Note

After a volume has been resized, the first backup on the resized volume will be a full backup. See Resizing a Volume for more information about volume resizing.

Backup Methods

Overview/container topic for methods of backing up block volumes.

Backups can be initiated manually or by assigning a backup policy. The backups for a volume will be created in the same compartment as the volume. If volumes in a volume group are located in different compartments, the volume backups will be stored in the volume's compartment and not in volume group's compartment. Volume group backup resources will be in the volume group's compartment.

Manual Backups

You can perform single incremental or full backups for volumes or volume groups. See Volume Backup Types for more information.

To manually back up a volume, see Backing Up a Volume.

Note

Backups can take hours during peak times, and completion times can vary based on the time the backups are initiated and by region. Large full and incremental backups the backups can take longer based on the amount of data that has to be copied.

Policy-Based Backups

You can also define backup policies to simplify and automate the snapshot management and scheduling for a volume or volume group without affecting application performance.

There are two kinds of backup policies:

See Policy-Based Backups for more information.

Copying Block Volume Backups Across Regions

You can copy block volume backups between regions using the Console, command line interface (CLI), SDKs, or REST APIs. For steps, see Copying a Volume Backup Between Regions. This capability enhances the following scenarios:

  • Disaster recovery and business continuity: By copying block volume backups to another region at regular intervals, you can easily rebuild applications and data in the destination region if a region-wide disaster occurs in the source region.
  • Migration and expansion: You can easily migrate and expand your applications to another region.

You can also enable scheduled cross-region automated backups with user defined policies. See Scheduling Volume Backup Copies Across Regions.

To copy volume backups between regions, you must have permission to read and copy volume backups in the source region, and permission to create volume backups in the destination region. For more information, see Required IAM Policy.

After you copy the volume backup to the new region, you can restore from that backup by creating a new volume from the backup using the steps described in Restoring a Backup to a New Volume.

Volume Backup Encryption

The Oracle Cloud Infrastructure Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.

The Oracle Cloud Infrastructure Vault service enables you to bring and manage your own keys to use for encrypting volumes and their backups. When you create a volume backup, the encryption key used for the volume is also used for the volume backup.

You can change the encryption key for the volume backup to another Vault encryption key, or to an Oracle-managed key. See Changing the Encryption Key for a Volume Backup for more information.

When you restore the backup to create a new volume you configure a new key, see Restoring a Backup to a New Volume. See also Vault.

Important

By default, volumes restored from a volume backup or a volume group backup are configured to use Oracle-provided keys for encryption. For volumes restored from a volume backup, you can specify a customer-managed key for the new volume during the restore process. This option is not available for volumes restored from volume group backups, so the new volumes are restored with Oracle-provided keys. You can update the encryption keys for these volumes after they are restored, see Editing a Key to a Block Volume.

If you don't configure a volume to use the Vault service, the Block Volume service uses the Oracle-provided encryption key instead. This applies to both encryption at-rest and in-transit encryption.

Applying Tags

Apply tags to Block Volume resources to organize them to fit your needs.

Apply tags to resources to help organize them according to your business needs. You can apply tags when you create a resource, and you can update a resource later to add, revise, or remove tags. For general information about applying tags, see Resource Tags.

When a volume backup is created, the source volume's tags are automatically included. This also includes volumes with custom backup policies applied to create scheduled backups. Source volume tags are automatically assigned to all backups when they are created. You can also apply additional tags to volume backups as needed.

When a volume backup is copied to a new region, tags are also automatically copied with the volume backup. When the volume is restored from a backup, the volume is restored with the source volume's tags.

Best Practices When Creating Block Volume Backups

When creating and restoring from backups, keep in mind the following:

    • Backup your critical application volumes multiple times daily. For mission-critical applications, we recommend that you take multiple backups per day for to minimize the possible recovery point objective (RPO).

      Note

      With policy-based backups you can only schedule one backup and copy per day. Users can use manual backups to initiate multiple backups in a day. For cross region copy, it is recommended to only copy one backup per day to the remote region. For even smaller RPO, please take a look into our replication support.
    • Configure retention and expiry times for your backups. Backups will be automatically purged after the set expiry time to free storage space and costs. Manual backups do not expire.

    • Schedule or create your backups during off-peak hours. if you notice your backups are not completing at the expected time, consider changing your scheduled or manual backup times to a different time of day. A daily backup will still complete in less than 24 hours.

    • Organize critical and non-critical data. To reduce the amount of backups needing to be managed, we recommend using separate creation, backup and recovery operations for critical and non-critical data. Critical data typically includes all the data that is required for application recovery and use, and should be kept in a secondary block volume instead of your boot volume. Non-critical data includes swap, temporary, cache or page files and non-critical logs, and tends to be larger in size.

    • Use volume groups to create cross-volume, crash-consistent backups. When your data is spread across multiple volumes, you can create and back them up as a volume group. Because the volume group backups consistently capture all of the data synced to each volume, you no longer have to shut down your instances to take individual snapshots. This method is ideal for filesystems and applications that support journaling.
    • Maximize data recoverability and recover time with app-consistent backups. You can achieve app-consistent backups by pausing or quiescing your service before initiating a backup. This can include stopping all I/O operations, syncing all memory buffers, and flushing in-flight transactions. You can then send an API call to take a backup of a volume or volume group.
  • Before creating a backup, you should ensure that the data is consistent: Sync the file system, unmount the file system if possible, and save your application data. Only the data on the disk will be backed up. When creating a backup, after the backup state changes from REQUEST_RECEIVED to CREATING, you can return to writing data to the volume. While a backup is in progress, the volume that is being backed up cannot be deleted.
  • If you want to attach a restored volume that has the original volume attached, be aware that some operating systems do not allow you to restore identical volumes. To resolve this, you should change the partition IDs before restoring the volume. The steps to change an operating system's partition ID vary by operating system. For instructions, see your operating system's documentation.

See Backing Up a Volume andRestoring a Backup to a New Volume for more information.

Planning Your Backup

The primary use of backups is to support business continuity, disaster recovery, and long-term archiving requirements. When determining a backup schedule, your backup plan and goals should consider the following:

  • Frequency: How often you want to back up your data.
  • Recovery time: How long you can wait for a backup to be restored and accessible to the applications that use it. The time for a backup to complete varies on several factors, but it will generally take a few minutes or longer, depending on the size of the data being backed up and the amount of data that has changed since your last backup.
  • Number of stored backups: How many backups you need to keep available and the deletion schedule for those you no longer need. You can only create one backup at a time, so if a backup is underway, it will need to complete before you can create another one. For details about the number of backups you can store, see Block Volume Capabilities and Limits.

The common use cases for using backups are:

  • Needing to create multiple copies of the same volume. Backups are highly useful in cases where you need to create many instances with many volumes that need to have the same data formation.

  • Taking a snapshot of your work that you can restore to a new volume at a later time.
  • Ensuring you have a spare copy of your volume in case something goes wrong with your primary copy.

Reducing Volume Backup Sizes with SCSI UNMAP

Oracle Cloud Infrastructure Block Volume supports SCSI UNMAP commands for both boot volumes and block volumes to reclaim unused space. Use these commands to reduce your backup sizes, resulting in faster backup restore times. See Support for SCSI UNMAP for more information.

Differences Between Block Volume Backups and Clones

Consider the following criteria when you decide whether to create a backup or a clone of a volume.

  Volume Backup Volume Clone
Description Creates a point-in-time backup of data on a volume. You can restore multiple new volumes from the backup later in the future. Creates a single point-in-time copy of a volume without having to go through the backup and restore process.
Use case

Retain a backup of the data in a volume, so that you can duplicate an environment later or preserve the data for future use.

Meet compliance and regulatory requirements, because the data in a backup remains unchanged over time.

Support business continuity requirements.

Reduce the risk of outages or data mutation over time.

Rapidly duplicate an existing environment. For example, you can use a clone to test configuration changes without impacting your production environment.
Speed Slower (minutes or hours) Faster (seconds)
Cost Lower cost Higher cost
Storage location Object Storage Block Volume
Retention policy Policy-based backups expire, manual backups do not expire No expiration
Volume groups Supported. You can back up a volume group. Supported. You can clone a volume group.

For background information and steps to clone a block volume, see Cloning a Block Volume.

Using the CLI or REST APIs to Customize and Manage the Lifecycle of Volume Backups

You can use the CLI, REST APIs, or the SDKs to automate, script, and manage volume backups and their lifecycle.

Using the CLI

This section provides basic sample CLI commands that you can use in a script, such as a cron job run by the cron utility on Linux-based operating systems, to perform automatic backups at specific times. For information about using the CLI, see Command Line Interface (CLI).

To create a manual backup of the specified block volume

Open a command prompt and run:

oci bv backup create --volume-id <block_volume_OCID> --display-name <Name> --type <FULL|INCREMENTAL>

For example:

oci bv backup create --volume-id  ocid1.volume.oc1..<unique_ID> --display-name "backup display name" --type FULL
To delete a block volume backup

Open a command prompt and run:

oci bv backup delete --volume-backup-id <volume_backup_OCID>

For example:

oci bv backup delete --volume-backup-id ocid1.volume.oc1..<unique_ID>
To create a manual backup of the specified boot volume

Open a command prompt and run:

oci bv boot-volume-backup create --volume-id <boot_volume_OCID> --display-name <Name> --type <FULL|INCREMENTAL>

For example:

oci bv boot-volume-backup create --volume-id  ocid1.volume.oc1..<unique_ID> --display-name "backup display name" --type FULL
To delete a boot volume backup

Open a command prompt and run:

oci bv backup delete --boot-volume-backup-id <boot_volume__backup_OCID>

For example:

oci bv backup delete --boot-volume-backup-id ocid1.volume.oc1..<unique_ID>
To list the Oracle-defined backup policies

Open a command prompt and run:

oci bv volume-backup-policy list
To assign an Oracle-defined backup policy to a boot or block volume

Open a command prompt and run:

oci bv volume-backup-policy-assignment create --asset-id <volume_OCID> --policy-id <policy_OCID>

For example:

oci bv volume-backup-policy-assignment create --asset-id  ocid1.volume.oc1..<unique_ID> --policy-id ocid1.volumebackuppolicy.oc1..<unique_ID>
To un-assign an Oracle-defined backup policy from a boot or block volume

Open a command prompt and run:

oci bv volume-backup-policy-assignment delete --policy-assignment-id <policy_assignment_OCID>

For example:

oci bv volume-backup-policy-assignment delete --policy-assignment-id ocid1.volumebackuppolicyassign.oc1..<unique_ID>
To retrieve the backup policy assignment ID for a boot or block volume

Open a command prompt and run:

oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id <volume_OCID>

For example:

oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment --asset-id ocid1.volume.oc1..<unique_ID>

Using the API

For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.

Use the following operations for working with block volume backups, boot volume backups, and backup policies.

Block Volume Backups

Boot Volume Backups

Volume Backup Policies and Policy Assignments

Backing Up a Volume

Create a manual backup for a volume in the Block Volume service.

Volume backups are point-in-time snapshots of volume data. For more information, see Overview of Block Volume Backups. You can create a manual backup for a volume by using the steps in this topic. To create backups based on a defined schedule and retention policy, see Policy-Based Backups.

Manual backups don't expire, they're maintained until you delete them.

For information to help you decide whether to create a backup or a clone of a boot volume, see Differences Between Block Volume Backups and Clones.

Note

The size of a volume backup size might be larger than the current volume usage. See Volume Backup Size.

Required IAM Policy

Learn about access permission requirements for your tenancy.

To use Oracle Cloud Infrastructure, an administrator must be a member of a group granted security access in a policy  by a tenancy administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with the tenancy administrator what type of access you have and which compartment  your access works in.

Tip

When users create a backup from a volume or restore a volume from a backup, the volume and backup don't have to be in the same compartment . However, users must have access to both compartments.
If you're new to policies, see Managing Identity Domains and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for Core Services.
    1. Open the navigation menu  and select Storage. Under Block Storage, select Block Volumes.
    2. Under List scope, select the compartment that contains the block volume.
    3. In the Block Volume list, select the name of the block volume that you want to create a backup for.
    4. Under Resources, select Block Volume Backups.
    5. Select Create Block Volume Backup.

    6. Enter a name for the backup. Avoid entering confidential information.

    7. Select the backup type, either incremental or full. See Volume Backup Types.

    8. (Optional) Select Show Tagging Options to add tags to the backup. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

    9. Select Create Block Volume Backup.

      The backup is complete when the state changes to Available.

  • Use the oci bv backup create command and specify the --volume-id parameter to create a block volume backup:

    oci bv backup create --volume-id volume_ocid [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateVolumeBackup operation and specify the volumeId attribute for the CreateVolumeBackupDetails resource to create a block volume backup.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.

    For more information about backups, see Overview of Block Volume Backups and Restoring a Backup to a New Volume.

Listing Volume Backups

Learn how to list volume backups for a compartment.

    1. Open the navigation menu  and select Storage. Under Block Storage, select Block Volume Backups.

      The Block Volume Backups list page opens. All block volumes in the selected compartment are displayed in a table.

    2. To view the block volume backups in a different compartment, use the Compartment filter to switch compartments.

      You must have permission to work in a compartment to see the resources in it. If you're not sure which compartment to use, contact an administrator. For more information, see Understanding Compartments.

    Filtering List Results

    Use filters to limit the block volume backups in the list. Perform one of the following actions depending on the options that you see:

    • From the Search and Filter box above the list table, select one or more filters and specify the values that you want to use to narrow the list. In general, the filters correspond to the columns shown in the list table, although some filters represent attributes that aren't shown in the table. The Compartment filter is always displayed next to Applied filters.
    • On the left side of the list page, select a value from one of the available filters, such as compartment, state, or tags.

    Change the order of the items in the list table by using the sort icons next to the column names.

    For information about searching for resources and managing the columns in the list table, if those features are available, see Listing Resources.

    Use filters to limit the block volume backups in the list.

    From the Search and Filter box above the list table, select one or more filters and specify the values that you want to use to narrow the list. In general, the filters correspond to the columns shown in the list table, although some filters represent attributes that aren't shown in the table. The Compartment filter is always displayed next to Applied filters.

    Change the order of the items in the list table by using the sort icons next to the column names.

    For information about searching for resources and managing the columns in the list table, see Listing Resources.

    Actions

    In the list table, select the name of a block volume backup to open its details page, where you can view its status and perform other tasks.

    To perform an action on a block volume backup directly from the list table, select an available option from the Actions menu in the row for that block volume backup

    To create a block volume backup, see Backing Up a Volume.

    To perform an action on more than one block volume backup at a time, select the checkboxes next to the block volume backup names and then select an action from the Actions menu above the table.

  • Use the oci bv backup list command and specify the --volume-backup-id parameter to list block volume backups:

    oci bv backup list --volume-backup-id <backup_ID> ... [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the ListVolumeBackups operation to and specify the compartmentId attribute to list block volume backups.

Deleting a Volume Backup

Learn how to delete a block volume backup from a compartment.

    1. Open the navigation menu  and select Storage. Under Block Storage, select Block Volume Backups.
    2. In the Scope section, select a compartment.
    3. Find the block volume backup in the list, select the the Actions menu (three dots), and then select Terminate.

  • Use the oci bv backup delete command and specify the --volume-backup-id parameter to list block volume backups:

    oci bv backup delete --volume-backup-id <backup_ID> ... [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the DeleteVolumeBackup operation to and specify the compartmentId attribute to list block volume backups.