What Happens if Database Crashes Again During Aries Recovery

29
Database Recovery

This chapter introduces the structures that are used during database recovery and describes the Recovery Manager utility, which simplifies backup and recovery operations. The topics in this chapter include:

• Introduction to Database Recovery
• Structures Used for Database Recovery
• Rolling Forward and Rolling Back
• Improving Recovery Functioning
• Recovery Manager
• Database Archiving Modes
• Control Files
• Database Backups
• Survivability

Introduction to Database Recovery

A major responsibleness of the database administrator is to prepare for the possibility of hardware, software, network, process, or organisation failure. If such a failure affects the operation of a database arrangement, you must normally recover the database and return to normal performance as quickly every bit possible. Recovery should protect the database and associated users from unnecessary bug and avoid or reduce the possibility of having to indistinguishable work manually.

Recovery processes vary depending on the type of failure that occurred, the structures afflicted, and the type of recovery that you perform. If no files are lost or damaged, recovery may amount to no more than than restarting an instance. If information has been lost, recovery requires additional steps.

---

Note:

The Recovery Manager is a utility that simplifies backup and recovery operations.

---

Errors and Failures

Several bug tin can halt the normal operation of an Oracle database or touch database I/O to deejay. The post-obit sections describe the most mutual types. For some of these bug, recovery is automatic and requires footling or no action on the office of the database user or database ambassador.

User Error

A database administrator can do little to prevent user errors such as accidentally dropping a tabular array. Usually, user error can be reduced past increased training on database and application principles. Furthermore, by planning an constructive recovery scheme alee of time, the administrator can ease the work necessary to recover from many types of user errors.

Statement Failure

Statement failure occurs when in that location is a logical failure in the treatment of a statement in an Oracle program. For example, assume all extents of a table (in other words, the number of extents specified in the MAXEXTENTS parameter of the CREATE TABLE statement) are allocated, and are completely filled with data; the table is absolutely total. A valid INSERT statement cannot insert a row because there is no space available. Therefore, if issued, the statement fails.

If a statement failure occurs, the Oracle software or operating organisation returns an error code or message. A statement failure usually requires no activity or recovery steps; Oracle automatically corrects for statement failure by rolling back the furnishings (if any) of the statement and returning control to the application. The user can simply re-execute the statement after correcting the problem indicated by the error bulletin.

Procedure Failure

A process failure is a failure in a user, server, or background process of a database instance such as an abnormal disconnect or process termination. When a process failure occurs, the failed subordinate procedure cannot continue work, although the other processes of the database instance can proceed.

The Oracle groundwork procedure PMON detects aborted Oracle processes. If the aborted process is a user or server procedure, PMON resolves the failure past rolling back the electric current transaction of the aborted procedure and releasing any resources that this procedure was using. Recovery of the failed user or server procedure is automatic. If the aborted process is a background process, the case usually cannot go along to function correctly. Therefore, y'all must shut down and restart the instance.

Network Failure

When your system uses networks such as local area networks and phone lines to connect client workstations to database servers, or to connect several database servers to class a distributed database system, network failures such as aborted phone connections or network advice software failures tin can interrupt the normal operation of a database system. For example:

• A network failure might interrupt normal execution of a client application and crusade a process failure to occur. In this instance, the Oracle groundwork procedure PMON detects and resolves the aborted server procedure for the disconnected user procedure, as described in the previous department.
• A network failure might interrupt the two-stage commit of a distributed transaction. After the network problem is corrected, the Oracle background process RECO of each involved database server automatically resolves whatever distributed transactions not yet resolved at all nodes of the distributed database system.

Database Example Failure

Database instance failure occurs when a problem arises that prevents an Oracle database instance from continuing to work. An example failure can result from a hardware problem, such as a power outage, or a software problem, such as an operating arrangement crash. Case failure also results when you issue a SHUTDOWN Abort or STARTUP FORCE statement.

Recovery from Instance Failure

Crash or instance recovery recovers a database to its transaction-consequent state just before instance failure. Crash recovery recovers a database in a single-case configuration and case recovery recovers a database in an Oracle Parallel Server configuration. If all instances of an Oracle Parallel Server database crash, then Oracle performs crash recovery.

Recovery from instance failure is automatic, requiring no DBA intervention. For example, when using the Oracle Parallel Server, another case performs instance recovery for the failed instance. In single-instance configurations, Oracle performs crash recovery for a database when the database is restarted, that is, mounted and opened to a new case. The transition from a mounted country to an open state automatically triggers crash recovery, if necessary.

Crash or instance recovery consists of the following steps:

1. Rolling forward to recover data that has non been recorded in the datafiles, yet has been recorded in the online redo log, including the contents of rollback segments. This is chosen cache recovery.
2. Opening the database. Instead of waiting for all transactions to be rolled dorsum before making the database available, Oracle allows the database to exist opened as soon equally enshroud recovery is complete. Any data that is non locked by unrecovered transactions is immediately available.
3. Marking all transactions system-wide that were active at the time of failure as DEAD and marking the rollback segments containing these transactions as PARTLY Available.
4. Rolling back dead transactions as part of SMON recovery. This is called transaction recovery.
5. Resolving any pending distributed transactions undergoing a ii-stage commit at the fourth dimension of the instance failure.
6. As new transactions see rows locked past dead transactions, they tin can automatically roll dorsum the dead transaction to release the locks. If y'all are using Fast-Start Recovery, just the data block is immediately rolled dorsum, as opposed to the entire transaction.

Media (Disk) Failure

An error tin can arise when trying to write or read a file that is required to operate an Oracle database. This occurrence is called media failure considering there is a physical trouble reading or writing to files on the storage medium.

A common example of media failure is a disk head crash, which causes the loss of all files on a disk drive. All files associated with a database are vulnerable to a disk crash, including datafiles, online redo log files, and control files.

The appropriate recovery from a media failure depends on the files affected.

How Media Failures Affect Database Operation

Media failures can touch on one or all types of files necessary for the operation of an Oracle database, including datafiles, online redo log files, and control files.

Database operation after a media failure of online redo log files or command files depends on whether the online redo log or command file is multiplexed, as recommended. A multiplexed online redo log or control file means that a 2d copy of the file is maintained. If a media failure damages a single deejay, and you have a multiplexed online redo log, the database can commonly continue to operate without pregnant interruption. Damage to a non-multiplexed online redo log causes database operation to halt and may cause permanent loss of information. Damage to any control file, whether information technology is multiplexed or not-multiplexed, halts database performance once Oracle attempts to read or write the damaged control file, which happens oft, for example at every checkpoint and log switch.

Media failures that affect datafiles can be divided into two categories: read errors and write errors. In a read error, Oracle discovers it cannot read a datafile and an operating organization error is returned to the application, along with an Oracle error indicating that the file cannot exist found, cannot be opened, or cannot exist read. Oracle continues to run, but the error is returned each time an unsuccessful read occurs. At the side by side checkpoint, a write fault will occur when Oracle attempts to write the file header as function of the standard checkpoint process.

If Oracle discovers that it cannot write to a datafile and Oracle is in ARCHIVELOG mode, then Oracle returns an error in the DBWn trace file and takes the datafile offline automatically. Only the datafile that cannot exist written to is taken offline; the tablespace containing that file remains online.

If the datafile that cannot be written to is in the Arrangement tablespace, then the file is not taken offline. Instead, an fault is returned and Oracle shuts down the instance. The reason for this exception is that all files in the System tablespace must be online in order for Oracle to operate properly. For the same reason, the datafiles of a tablespace containing active rollback segments must remain online.

If Oracle discovers that it cannot write to a datafile, and Oracle is non archiving the filled online redo log files, and so the DBWn background process fails and the current example fails. If the problem is temporary (for example, the disk controller was powered off), then crash or instance recovery usually can exist performed using the online redo log files, in which case the instance can exist restarted. However, if a datafile is permanently damaged and archiving is non used, then the entire database must be restored using the most recent consistent fill-in.

Recovery of Read-Only Tablespaces

Recovery is not needed on read-only datafiles during crash or instance recovery. Recovery during startup verifies that each online read-but file does not need any media recovery. That is, the file was not restored from a backup taken before information technology was made read-only. If y'all restore a read-only tablespace from a backup taken before the tablespace was made read-merely, and so you cannot access the tablespace until you consummate media recovery.

Structures Used for Database Recovery

Several structures of an Oracle database safeguard information against possible failures. This section introduces each of these structures and its role in database recovery.

Database Backups

A database backup consists of backups of the physical files (all datafiles and a control file) that constitute an Oracle database. To begin media recovery after a media failure, Oracle uses file backups to restore damaged datafiles or command files. Replacing a current, possibly damaged, copy of a datafile, tablespace, or database with a fill-in re-create is called restoring that portion of the database.

Oracle offers several options in performing database backups, including:

• Recovery Director
• Operating organisation utilities
• Export utility
• Enterprise Fill-in Utility

The Redo Log

The redo log, nowadays for every Oracle database, records all changes fabricated in an Oracle database. The redo log of a database consists of at least two redo log files that are separate from the datafiles (which actually shop a database's data). As part of database recovery from an instance or media failure, Oracle applies the advisable changes in the database's redo log to the datafiles, which updates database information to the instant that the failure occurred.

A database's redo log can consist of two parts: the online redo log and the archived redo log.

The Online Redo Log

Every Oracle database has an associated online redo log. The Oracle background procedure LGWR uses the online redo log to immediately record all changes made through the associated instance. Each redo record contains both the former and the new values. Oracle also records the former value to a rollback cake. The online redo log consists of two or more pre-allocated files that are reused in a circular fashion to record ongoing database changes.

The Archived Redo Log

Optionally, yous tin can configure an Oracle database to archive files of the online redo log once they fill. The online redo log files that are archived are uniquely identified by their log sequence numbers and make upwards the archived redo log. Past archiving filled online redo log files, older redo log data is preserved for operations such every bit media recovery, while the pre-allocated online redo log files continue to be reused to shop the near current database changes.

Datafiles that were restored from backup, or were not closed by a make clean database shutdown, may not be completely up to appointment. These datafiles must exist updated past applying the changes in the archived and/or online redo logs. This procedure is called recovery.

Rollback Segments

Rollback segments are used for a number of functions in the performance of an Oracle database. In general, the rollback segments of a database store the old values of data inverse by ongoing transactions for uncommitted transactions.

Among other things, the information in a rollback segment is used during database recovery to disengage any uncommitted changes applied from the redo log to the datafiles. Therefore, if database recovery is necessary, then the data is in a consistent state after the rollback segments are used to remove all uncommitted data from the datafiles.

Control Files

In general, the control files of a database store the status of the physical structure of the database. Status information in the control file such as the current online redo log file and the names of the datafiles guides Oracle during instance or media recovery.

Rolling Forrard and Rolling Dorsum

Database buffers in the buffer cache in the SGA are written to disk only when necessary, using a to the lowest degree-recently-used algorithm. Because of the way that the DBWnorthward process uses this algorithm to write database buffers to datafiles, datafiles might contain some data blocks modified past uncommitted transactions and some information blocks missing changes from committed transactions.

Two potential issues can effect if an instance failure occurs:

• Data blocks modified by a transaction might not be written to the datafiles at commit fourth dimension and might only announced in the redo log. Therefore, the redo log contains changes that must be reapplied to the database during recovery.
• After the scroll forrard phase, the datafiles may contain changes that had not been committed at the time of the failure. These uncommitted changes must be rolled back to ensure transactional consistency. These changes were either saved to the datafiles before the failure, or introduced during the whorl forwards phase.

To solve this dilemma, ii separate steps are more often than not used past Oracle for a successful recovery of a system failure: rolling forward with the redo log (enshroud recovery) and rolling dorsum with the rollback segments (transaction recovery).

The Redo Log and Rolling Forward

The redo log is a set of operating arrangement files that tape all changes made to any database buffer, including data, index, and rollback segments, whether the changes are committed or uncommitted. Each redo entry is a group of change vectors describing a single atomic change to the database. The redo log protects changes made to database buffers in memory that have not been written to the datafiles.

The commencement step of recovery from an instance or deejay failure is to coil forward, or reapply all of the changes recorded in the redo log to the datafiles. Because rollback data is too recorded in the redo log, rolling forward besides regenerates the respective rollback segments. This is called cache recovery.

Rolling forward proceeds through as many redo log files as necessary to bring the database forwards in time. Rolling forward usually includes online redo log files and may include archived redo log files.

Subsequently curl forwards, the data blocks contain all committed changes. They may also contain uncommitted changes that were either saved to the datafiles before the failure, or were recorded in the redo log and introduced during roll frontwards.

Rollback Segments and Rolling Back

Rollback segments tape database deportment that should be undone during certain database operations. In database recovery, rollback segments undo the effects of uncommitted transactions previously applied past the rolling forward phase.

After the whorl frontward, any changes that were not committed must be undone. After redo log files have reapplied all changes made to the database, and so the corresponding rollback segments are used. Rollback segments are used to identify and undo transactions that were never committed, still were either saved to the datafiles earlier the failure, or were applied to the database during the ringlet forward. This process is called rolling back or transaction recovery.

Figure 29-1 illustrates rolling frontwards and rolling back, the two steps necessary to recover from any blazon of system failure.

Figure 29-1 Basic Recovery Steps: Rolling Forward and Rolling Back

Oracle can curlicue back multiple transactions simultaneously equally needed. All transactions system-wide that were agile at the time of failure are marked as DEAD. Instead of waiting for SMON to roll back dead transactions, new transactions can recover blocking transactions themselves to become the row locks they demand.

Improving Recovery Performance

When a database failure occurs, rapid recovery is very important in most situations. Oracle provides a number of methods to make recovery as quick equally possible, including:

• Parallel Recovery
• Fast-Get-go Recovery
• Transparent Awarding Failover

Performing Recovery in Parallel

Recovery reapplies the changes generated by several concurrent processes, and therefore example or media recovery can take longer than the time information technology took to initially generate the changes to a database. With serial recovery, a single procedure applies the changes in the redo log files sequentially. Using parallel recovery, several processes simultaneously employ changes from redo log files.

---

Notation:

Oracle8i provides express parallelism with Recovery Director; the Oracle8i Enterprise Edition allows unlimited parallelism. See Getting to Know Oracle8i for more than information about the features available in Oracle8i and Oracle8i Enterprise Edition.

---

Parallel recovery can be performed using these methods:

• Parallel recovery can exist performed manually by spawning several Oracle Enterprise Managing director sessions and issuing the RECOVER DATAFILE command on a unlike set of datafiles in each session. However, this method causes each Oracle Enterprise Manager session to read the entire redo log file.
• You tin utilize the Recovery Director's restore and recover statements to automatically parallelize all stages of recovery. Oracle uses one procedure to read the log files sequentially and dispatch redo information to several recovery processes, which apply the changes from the log files to the datafiles. The recovery processes are started automatically by Oracle, so at that place is no demand to use more than i session to perform recovery. At that place are too some initialization parameters to set for automatic parallel recovery.
• You tin utilise the SQL*Plus RECOVER statement to perform parallel recovery. Refer to the SQL*Plus User's Guide and Reference for details.
• Y'all can use the SQL statement ALTER DATABASE RECOVER to perform parallel recovery, but this is non recommended.

Situations That Benefit from Parallel Recovery

In full general, parallel recovery is most effective at reducing recovery time when several datafiles on several different disks are being recovered concurrently. Crash recovery (recovery after example failure) and media recovery of many datafiles on many different disk drives are good candidates for parallel recovery.

The performance comeback from parallel recovery is also dependent upon whether the operating system supports asynchronous I/O. If asynchronous I/O is not supported, parallel recovery can dramatically reduce recovery time. If asynchronous I/O is supported, the recovery fourth dimension may only be slightly reduced by using parallel recovery.

See Likewise:

Your operating organization documentation to determine whether the system supports asynchronous I/O

Recovery Processes

In a typical parallel recovery situation, one process is responsible for reading and dispatching redo entries from the redo log files. This is the dedicated server procedure that begins the recovery session. The server process reading the redo log files enlists two or more recovery processes to utilise the changes from the redo entries to the datafiles.

Effigy 29-two illustrates a typical parallel recovery session.

Figure 29-ii Typical Parallel Recovery Session

In most situations, ane recovery session and one or two recovery processes per disk drive containing datafiles needing recovery is sufficient. Recovery is a disk-intensive action as opposed to a CPU-intensive activity, and therefore the number of recovery processes needed is dependent entirely upon how many disk drives are involved in recovery. In full general, a minimum of 8 recovery processes is needed before parallel recovery can show improvement over a serial recovery.

Fast-Outset Fault Recovery

Fast-start fault recovery is an architecture that reduces the time required for rolling forward and makes the recovery bounded and anticipated. Information technology as well eliminates rollback time from recovery for transactions aborted due to arrangement faults. Fast-start error recovery includes:

• Fast-Start Checkpointing
• Fast-Start On-Demand Rollback
• Fast-Start Parallel Rollback

Fast-Offset Checkpointing

Fast-start checkpointing records the position in the redo thread (log) from which crash or instance recovery would demand to brainstorm. This position is determined by the oldest dingy buffer in the buffer enshroud. Each DBWn procedure continually writes buffers to disk to advance the checkpoint position, with minimal or no overhead during normal processing. Fast-start checkpointing improves the functioning of crash and instance recovery, but not media recovery.

You tin can influence recovery performance for situations where there are stringent limitations on the duration of crash or case recovery. The fourth dimension required for crash or case recovery is roughly proportional to the number of data blocks that need to be read or written during the curlicue forward phase. You can specify a limit, or bound, on the number of data blocks that will need to be processed during roll forwards. The Oracle server automatically adjusts the checkpoint write rate to meet the specified roll-forward bound while issuing the minimum number of writes.

You tin can set the dynamic initialization parameter FAST_START_IO_TARGET to limit the number of blocks that need to exist read for crash or instance recovery. Smaller values of this parameter impose college overhead during normal processing because more buffers have to be written. On the other hand, the smaller the value of this parameter, the better the recovery performance, since fewer blocks need to be recovered. The dynamic initialization parameters LOG_CHECKPOINT_INTERVAL and LOG_CHECKPOINT_TIMEOUT too influence Fast-Start Checkpointing.

Fast-First On-Demand Rollback

When a expressionless transaction holds a row lock on a row that some other transaction needs, fast-start on-demand rollback immediately recovers but the information block nether consideration, leaving the rest of the dead transaction to be recovered in the background. This improves the availability of the database for users accessing data that is locked by large expressionless transactions. If fast-start on-need rollback is not enabled, the user would accept to wait until the entire dead transaction was recovered before obtaining the row lock.

Fast-Start Parallel Rollback

Fast-start parallel rollback allows a set up of transactions to be recovered in parallel using a grouping of server processes. This technique is used when SMON determines that the amount of work it takes to perform recovery in parallel is less than the time information technology takes to recovery serially.

Masking Failures with Transparent Application Failover

Rapid recovery minimizes the time information is unavailable to users, but it does non address the disruption caused when user sessions fail. Users need to re-establish connections to the database, and piece of work in progress may be lost. Oracle8i Transparent Awarding Failover (TAF) tin can mask many failures from users, preserving the land of their applications and resuming queries that had been in progress at the fourth dimension of the failure. Developers tin farther extend these capabilities by edifice applications that leverage TAF and make all failures, including those affecting transactions, transparent to users.

Recovery Manager

Recovery Manager is a utility that manages the processes of creating backups of all database files (datafiles, control files, and archived redo log files) and restoring or recovering files from backups.

Recovery Catalog

Recovery Director maintains a repository called the recovery catalog, which contains data about fill-in files and archived log files. Recovery Manager uses the recovery catalog to automate both restore operations and media recovery.

The recovery catalog contains:

• Data almost backups of datafiles and archive logs
• Data about datafile copies
• Data virtually archived redo logs and copies of them
• Information about the physical schema of the target database
• Named sequences of commands called stored scripts

The recovery catalog is maintained solely past Recovery Manager. The database server of the backed-up database never accesses the recovery itemize directly. Recovery Manager propagates data about backup datafile sets, archived redo logs, backup control files, and datafile copies into the recovery itemize for long-term retentiveness.

When doing a restore, Recovery Managing director extracts the advisable information from the recovery catalog and passes it to the database server. The server performs diverse integrity checks on the input files specified for a restore. Wrong behavior by Recovery Manager cannot corrupt the database.

The Recovery Catalog Database

The recovery itemize is stored in an Oracle database. Information technology is the database administrator's responsibleness to make such a database available to Recovery Manager. Taking backups of the recovery catalog is also the database administrator'southward responsibility. Because the recovery catalog is stored in an Oracle database, you can utilise Recovery Director to dorsum information technology up.

If the recovery itemize is destroyed and no backups are available, and then it can be partially reconstructed from the current control file or control file backups.

Operation Without a Recovery Catalog

Use of a recovery catalog is not required, but is recommended. Considering most data in the recovery catalog is also bachelor from the command file, Recovery Director supports an operational mode where it uses only the control file. This operational fashion is advisable for small databases where installation and assistants of another database to serve as the recovery catalog would be burdensome.

Some Recovery Manager features are only available when a recovery catalog is used.

Parallelization

Recovery Manager can parallelize its operations, establishing multiple logon sessions and conducting multiple operations in parallel by using non-blocking UPI. Concurrent operations must operate on disjoint sets of datafiles.

---

Notation:

The Oracle8i Enterprise Edition allows unlimited parallelism. Oracle8i tin can only classify one Recovery Manager channel at a time, thus limiting the parallelism to one stream. See Getting to Know Oracle8i for more information about the features bachelor with Oracle8i and Oracle8i Enterprise Edition.

---

Parallelization of the backup, copy, and restore commands is handled internally by Recovery Director. You only demand to specify:

• A list of ane or more sequential I/O devices such as deejay or tape drives
• The objects to exist backed upwardly, copied, or restored.

Recovery Manager executes commands serially, that is, it completes the previous command before starting the next control. Parallelism is exploited only within the context of a single control. Thus, if 10 datafile copies are desired, it is better to issue a unmarried copy command that specifies all 10 copies rather than 10 separate re-create commands.

Written report Generation

The report and list commands provide data about backups and paradigm copies. The output from these commands is written to the message log file.

The report command produces reports that can reply questions such as:

• What files demand a backup
• What files oasis't had a fill-in in a while
• What backup files can be deleted

Y'all can employ the study need fill-in and written report unrecoverable commands on a regular ground to ensure that the necessary backups are available to perform recovery, and that the recovery can be performed inside a reasonable length of time.

A datafile is considered unrecoverable if an unlogged performance has been performed against a schema object residing in the datafile.

(A datafile that does not have a fill-in is non considered unrecoverable. Such datafiles can be recovered through the use of the CREATE DATAFILE statement, provided that logs starting from when the file was created nonetheless be.)

The list command queries the recovery catalog and produces a list of its contents. You tin can use information technology to find out what backups or copies are available:

• Backups or copies of a specified list of datafiles
• Backups or copies of whatever datafile that is a member of a specified listing of tablespaces
• Backups or copies of whatever archive logs with a specified name and/or inside a specified range
• Incarnations of a specified database

Database Archiving Modes

A database can operate in ii singled-out modes: NOARCHIVELOG way (media recovery disabled) or ARCHIVELOG manner (media recovery enabled).

NOARCHIVELOG Fashion (Media Recovery Disabled)

If a database is used in NOARCHIVELOG mode, so the archiving of the online redo log is disabled. Information in the database's control file indicates that filled groups are not required to be archived. Therefore, as presently as a filled group becomes inactive, the group is available for reuse by the LGWR procedure.

NOARCHIVELOG mode protects a database simply from case failure, not from disk failure. Only the nigh recent changes made to the database, stored in the groups of the online redo log, are available for crash recovery or example recovery. This is sufficient to satisfy the needs of crash recovery and instance recovery, considering Oracle volition non overwrite an online redo log that might be needed until its changes have been safely recorded in the datafiles. However, information technology will non be possible to practice media recovery.

ARCHIVELOG Mode (Media Recovery Enabled)

If an Oracle database is operated in ARCHIVELOG mode, the archiving of the online redo log is enabled. Information in a database command file indicates that a group of filled online redo log files cannot exist reused by LGWR until the group has been archived.

Figure 29-3 illustrates how the database'southward online redo log files are used in ARCHIVELOG fashion and how the archived redo log is generated by the process archiving the filled groups (for case, ARC0 in this analogy).

ARCHIVELOG mode permits consummate recovery from disk failure as well as case failure, because all changes made to the database are permanently saved in an archived redo log.

Figure 29-3 Online Redo Log File Use in ARCHIVELOG Mode

Automated Archiving and the ARC n (Archiver) Background Processes

An instance can exist configured to have an additional groundwork process, the archiver (ARC0), automatically archive groups of online redo log files after they become inactive. Automatic archiving frees the database ambassador from having to keep track of, and archive, filled groups manually. For this convenience alone, automated archiving is the choice of most database systems that run in ARCHIVELOG fashion. For heavy workloads, such equally bulk loading of data, multiple archiver processes (up to ARC9) tin exist configured by setting the initialization parameter LOG_ARCHIVE_MAX_PROCESSES.

If yous request automatic archiving at instance startup by setting the LOG_ARCHIVE_START initialization parameter, Oracle starts the number of ARCdue north processes specified past LOG_ARCHIVE_MAX_PROCESSES during example startup. Otherwise, the ARCdue north processes are not started when the instance starts up.

Withal, the database ambassador tin interactively start or stop automatic archiving at whatever time. If automatic archiving was non specified to start at case startup, and the administrator after starts automatic archiving, Oracle creates the ARCn background process(es). ARCnorth and then remains for the duration of the instance, even if automatic archiving is temporarily turned off and turned on once more, although the number of ARCnorthward processes can exist changed dynamically past setting LOG_ARCHIVE_MAX_PROCESSES with the ALTER SYSTEM statement.

ARCn ever archives groups in lodge, beginning with the lowest sequence number. ARCnorth automatically archives filled groups as they become inactive. A tape of every automatic archival is written in the ARCn trace file by the ARCn process. Each entry shows the time the annal started and stopped.

If ARCnorth encounters an mistake when attempting to archive a log group (for example, due to an invalid or filled destination), ARCnorth continues trying to archive the group. An error is also written in the ARCn trace file and the ALERT file. If the problem is not resolved, eventually all online redo log groups get total, nevertheless not archived, and the system halts because no group is available to LGWR. Therefore, if problems are detected, you should either resolve the problem so that ARCn can proceed archiving (such as by changing the annal destination) or manually annal groups until the problem is resolved.

Manual Archiving

If a database is operating in ARCHIVELOG mode, the database administrator can manually annal the filled groups of inactive online redo log files, every bit necessary, whether or non automatic archiving is enabled or disabled. If automatic archiving is disabled, the database administrator is responsible for manually archiving all filled groups.

For most systems, automatic archiving is called considering the administrator does non take to watch for a group to become inactive and bachelor for archiving. Furthermore, if automatic archiving is disabled and manual archiving is not performed fast plenty, database operation can exist suspended temporarily whenever LGWR is forced to wait for an inactive group to go available for reuse.

The manual archiving option is provided so that the database administrator can:

• Annal a grouping when automatic archiving has been stopped because of a problem (for example, the offline storage device specified as the archived redo log destination has experienced a failure or get total)
• Archive a group in a non-standard mode (for example, archive one group to one offline storage device, the adjacent grouping to a different offline storage device, and then on)
• Re-annal a group if the original archived version is lost or damaged

When a group is archived manually, the user process issuing the statement to archive a group actually performs the process of archiving the grouping. Even if the ARCn groundwork process is present for the associated case, it is the user process that athenaeum the group of online redo log files.

Control Files

The control file of a database is a small binary file necessary for the database to starting time and operate successfully. A command file is updated continuously by Oracle during database use, and so information technology must be bachelor for writing whenever the database is open. If for some reason the control file is non accessible, the database will not function properly.

Each control file is associated with but one Oracle database.

Control File Contents

A control file contains information nigh the associated database that is required for the database to be accessed by an instance, both at startup and during normal functioning. A command file'south data tin be modified only past Oracle; no database administrator or cease-user can edit a database's control file.

Amid other things, a control file contains information such as:

• The database name
• The timestamp of database creation
• The names and locations of associated datafiles and online redo log files
• Tablespace information
• Datafile offline ranges
• The log history
• Archived log information
• Backup set up and fill-in piece information
• Backup datafile and redo log information
• Datafile copy information
• The current log sequence number
• Checkpoint information

The database name and timestamp originate at database creation. The database's proper name is taken from either the name specified past the initialization parameter DB_NAME or the proper noun used in the CREATE DATABASE argument.

Each time that a datafile or an online redo log file is added to, renamed in, or dropped from the database, the control file is updated to reflect this physical structure alter. These changes are recorded so that:

• Oracle can place the datafiles and online redo log files to open up during database startup
• Oracle can identify files that are required or available in case database recovery is necessary

Therefore, if you make a change to your database's physical structure, you lot should immediately brand a fill-in of your control file.

Control files also tape information about checkpoints. Every three seconds, the checkpoint process (CKPT) records data in the control file about the checkpoint position in the online redo log. This information is used during database recovery to tell Oracle that all redo entries recorded earlier this point in the online redo log grouping are not necessary for database recovery; they were already written to the datafiles.

Multiplexed Control Files

As with online redo log files, Oracle allows multiple, identical control files to exist open concurrently and written for the same database.

By storing multiple control files for a unmarried database on different disks, you tin can safeguard against a single point of failure with respect to command files. If a single disk that independent a command file crashes, the electric current instance fails when Oracle attempts to access the damaged control file. However, other copies of the current control file are available on dissimilar disks, so an instance can be restarted easily without the demand for database recovery.

The permanent loss of all copies of a database'south control file is a serious trouble to safeguard against. If all control files of a database are permanently lost during performance (several disks fail), the instance is aborted and media recovery is required. All the same, media recovery is non straightforward if an older backup of a control file must be used because a electric current re-create is not bachelor. Therefore, it is strongly recommended that you lot attach to the post-obit practices:

• Use multiplexed command files with each database
• Shop each copy on a unlike physical disk
• Use operating system mirroring

Database Backups

You can use Oracle mirrored logs, Oracle mirrored control files, and archive logs to recover from media failure, but some or all of the data may not be bachelor while recovery is proceeding. To attain a higher level of recovery, Oracle recommends that yous use operating system or hardware data redundancy for at least the datafiles and the command files. This volition make sure that whatever 1 media failure will be recoverable while the system is fully available.

No matter what fill-in and recovery scheme you devise for an Oracle database, backups of the database'south datafiles and control files are absolutely necessary as office of the strategy to safeguard confronting potential media failures that can harm these files. The following sections provide a conceptual overview of the different types of backups that can exist made and their usefulness in unlike recovery schemes.

Whole Database Backups

A whole database backup is a backup of all datafiles and the control file that establish an Oracle database. You can practice this with Recovery Manager or by using operating system commands. You tin can take a whole database backup when the database is shut down or while the database is open up. Y'all should not normally have a whole backup after an instance failure or other unusual circumstances.

Consistent Whole Backups vs. Inconsistent Whole Backups

A clean shutdown is a shutdown that does not follow a crash or a SHUTDOWN Abort. Following a clean shutdown, all of the files that constitute a database are closed and consequent with respect to the current signal in time. Thus, a whole fill-in taken later a shutdown can be used to recover to the bespeak in time of that fill-in. A whole backup taken while the database is open up is not consistent to a given point in time and must be recovered with the online and archived redo log files before the database tin become available.

Backups and Archiving Mode

The datafiles obtained from a whole backup are useful in any blazon of media recovery scheme:

• If a database is operating in NOARCHIVELOG mode and a deejay failure damages some or all of the files that constitute the database, the most recent consequent whole backup tin can exist used to restore (not recover) the database.

  Because an archived redo log is not available to bring the database up to the current point in time, all database piece of work performed since the fill-in must exist repeated. Under special circumstances, a disk failure in NOARCHIVELOG mode can exist fully recovered, but you should not rely on this.

• If a database is operating in ARCHIVELOG mode and a disk failure damages some or all of the files that institute the database, the datafiles collected by the nigh contempo whole backup can be used every bit part of database recovery.

  After restoring the necessary datafiles from the whole backup, database recovery can go on by applying archived and current online redo log files to bring the restored datafiles up to the electric current point in fourth dimension.

In summary, if a database is operated in NOARCHIVELOG mode, a consistent whole database backup is the only method to partially protect the database against a deejay failure. If a database is operating in ARCHIVELOG way and the logs are available, either a consistent or an inconsistent whole database backup can be used to restore damaged files as part of database recovery from a disk failure.

Fractional Database Backups

A fractional database backup is any backup short of a whole backup, taken while the database is open or shut down. The following are all examples of partial database backups:

• A backup of all datafiles for an individual tablespace
• A backup of a single datafile
• A backup of a control file

Partial backups are but useful for a database operating in ARCHIVELOG mode. Because an archived redo log is present, the datafiles restored from a partial backup can be fabricated consistent with the rest of the database during recovery procedures.

Datafile Backups

A fractional backup includes only some of the datafiles of a database. Private or collections of specific datafiles tin be backed upwards independently of the other datafiles, online redo log files, and control files of a database. You can dorsum up a datafile while it is offline or online.

Choosing whether to accept online or offline datafile backups depends only on the availability requirements of the information--online datafile backups are the simply choice if the data existence backed up must always be bachelor.

Control File Backups

Another course of a partial fill-in is a command file backup. Considering a command file keeps track of the associated database's physical file structure, you should support a database's command file every time a structural modify is fabricated to the database. Brand a physical fill-in and a backup to a trace file.

---

Note:

Recovery Managing director automatically backs upward the control file in any backup that includes datafile 1, which contains the information lexicon.

---

Multiplexed control files safeguard confronting the loss of a single control file. All the same, if a disk failure damages the datafiles and incomplete recovery is desired, or a point-in-time recovery is desired, a backup of the command file that corresponds to the intended database structure should be used, non necessarily the current command file. Therefore, the apply of multiplexed control files is not a substitute for command file backups taken every fourth dimension the structure of a database is contradistinct.

If y'all use Recovery Director to restore the control file prior to incomplete or bespeak-in-fourth dimension recovery, Recovery Managing director automatically restores the most suitable fill-in control file.

The Export and Import Utilities

Consign and Import are utilities used to move Oracle data in and out of Oracle databases. Consign is a utility that writes data from an Oracle database to operating organisation files in an Oracle database format. Export files store data near schema objects created for a database. Import is a utility that reads Export files and restores the respective information into an existing database. Although Export and Import are designed for moving Oracle information, they can be used also as a supplemental method of protecting information in an Oracle database.

Read-Only Tablespaces and Fill-in

You can create backups of a read-just tablespace while the database is open up. Immediately after making a tablespace read-only, you lot should support the tablespace. Every bit long as the tablespace remains read-only, at that place is no need to perform whatever further backups of it.

After you alter a read-only tablespace to a read-write tablespace, you lot need to resume your normal backups of the tablespace, merely every bit you practice when you bring an offline read-write tablespace back online.

Bringing the datafiles of a read-only tablespace online does not brand these files writable, nor does information technology cause the file header to be updated. Thus information technology is not necessary to perform a backup of these files, every bit is necessary when you bring a writable datafile back online.

Survivability

In the event of a ability failure, hardware failure, or whatever other system-interrupting disaster, Oracle offers the managed standby database feature. The standby database is intended for sites where survivability and disaster recovery are of paramount importance. Another option is to use database replication.

Planning for Disaster Recovery

The only way to ensure rapid recovery from a system failure or other disaster is to plan carefully. You must have a set program with detailed procedures. Whether you are implementing a standby database or you have a single database organization, y'all must take a plan for what to exercise in the upshot of a catastrophic failure.

Managed Standby Database

Oracle provides the managed standby database feature to facilitate quick disaster recovery. Up to four standby systems tin be maintained in a constant state of media recovery through the automatic shipping and application of log files archived at the primary site. In the event of a primary system failure, one of the standby systems can be activated, providing immediate organisation availability. Oracle provides commands and internal verifications for operations involved in the cosmos and maintenance of the standby systems, improving the reliability of the disaster recovery scheme.

A standby database uses the archived log information from the primary database, so it is ready to perform recovery and go online at any time. When the chief database athenaeum its redo logs, the logs must be transferred to the remote site and applied to the standby database.

The managed standby database protects your data from extended outages such as ability failures, or from physical disasters such as fire, floods, or earthquakes. Because the standby database is designed for disaster recovery, it ideally resides in a split up physical location from the primary database.

You tin open the standby database read only. This allows you to utilize the database for reporting. When you open a standby database read just, redo logs are placed in a queue and are not applied. As shortly as the database is returned to standby mode, the queued logs and newly arriving logs are practical.

striblingcoputere.blogspot.com

Source: https://docs.oracle.com/cd/A87860_01/doc/server.817/a76965/c28recov.htm

Share this post