OCI Storage Services
- Local storage: NVME, hardware-specific: for High Availability [HA], implement RAID, Mostly available in DENSE IO shape or HPC shape
- Block storage: volume storage, AD specific, for High Availability [HA], internally replicated in AD
- Object Storage: Cloud storage, Regional
- File Storage: NFS storage, Regional available, and Highly Available [HA]
All volumes have built-in durability and run on redundant hardware within a single AD. It provides integrated features to back up your data to Object Storage. The backups can be used for business continuity and disaster recovery.Block volumes are network-attached and their network bandwidth usage counts towards the overall provisioned bandwidth limit of the selected compute instance type.
- Volume can be created as
- Shared [rem : you need to setup filesystem]
- Read shared
- Read /write shared
- Shared [rem : you need to setup filesystem]
- Volume attachment to compute are iSCSI [more prefrable] / paravirtualized attached
- After iSCSI command you may need to create file system using mkfs.ext4 /dev/sdb command and then mount, use fdisk -l command to list all disk
- Multi attach should be same and number of attachment limit is 8
- If you want to change this behavior [read/ rw/rw shared], then need to detach from all instances then need to apply again
- Volume backup restoration and clone restoration offer resize of restored volume while restoring
- Volume performance : lower cost / balanced / Higher Performance
- There are 3 aspects to the block volume performance:
- The Block Volume service provisions the capacity needed and performance scales linearly per GB volume size up to the service maximums
- Throughput performance on VM instances is dependent on network bandwidth
- IOPS performance is dependent of the instance type or shape, so is applicable to all bare metal and VM shapes, for iSCSI attached volumes
- Supports automatic adjustment of the elastic performance setting to optimize performance with the auto-tune performance
- The backup policy can be either volume-based or volume group-based
- Volume Backup policy, you can choose if need to enable cross-region policy but can not choose the other region, it is by default tied.
- Volume Backup schedule: daily, weekly, monthly, yearly
- Bronze : 12 M + 5y, Silver: 4w + 12M+5y, Gold : 7d+ 4w+ 12m+ 5y
- Volume backup is one-time, point-in-time backup however Replica is continuously replicated even in a different regions.
- Volume backup can only be in same compartment.
- Volume Group [Collection of Volume] within a AD offer following operation: Volume Backup and Volume Cloning, Volume Replicas
- Cross-region operation require a subscription to the region and IAM permission
- During cross region, one can decide for OCI mange key encryption or Customer managed keys encryption and you need to have the OCID of the key from the the vault of that region
- Copy across regions are sequential, or limited in parallel, generally 1 copy at a time
- Volume clone is within AD and direct disk to disk copy at point of time
- For attached volume, one clone at a time, for not attached, 10 clones simultaneously.
- Volume Replica or Volume Group Replica is continuous replication from region-1 to region-2, as backups and clone is point-in-time
- Replicated volumed needs to be activated before use thus synchronization stops
- If replica enabled, can not increase in size, first replication stops, then increase in size and then replication start again
- Expand an existing volume in place with online resizing or offline resizing
- Restore from a volume backup to a larger volume.
- Clone an existing volume to a new larger volume.
- Volume size may only be increased.
- Volumes may not be resized if there a prior resize / clone is still ongoing.
- Volumes may not be resized if there is a backup pending.
- Volumes may not have attachments added or removed during resize.
This service is a shared file system that provides a durable, scalable, secure, enterprise-grade network file system. Data is replicated for durability within each availability domain.
- NFS v3 based file system
- AD specific service and automatically replicated within AD
- Regionally available through private access [mount taget] from outside of AD
- When provisioning, A file system, a mount target within defined subnet of VCN will be created
- Ingress TCP/UPD port should be allowed in security list and route table should be configured
- Each file system must have at least one export option in one mount target
- Snapshot available under .snapshot directory, max 10000 snapshot
- For data protection use a tool that supports ndsv3 to copy data to different AD/ REGION/FS/OS/remote location
- From the Export option one can restrict read/write permission on basis of IP
- Snapshot can be created manually as well, and point in time copy and data usage is metered against differentiated data only
- Up to 100 FS behind a mount target using export path , if export path is / then only single FS
- Replicated internally across multiple AD for HA and data protection
- The bucket name is Unique in the region
- Storage tiers when creating Standard or Archive
- One can move between Standard and Infrequent Tier [30day min bill]
- When uploading the object in the standard tier, one can choose the standard or infrequent tier
- Archive tier, min 4 hours for restoration, 90day min bill
- By Default every bucket is private
- PAR [Pre authenticated request] available at bucket level and object level and objects with a prefix which permits read, write or read/write
- One needs to enable object event and versioning, disabled by default
- Data encryption at rest is enabled by default and can not be disabled.
- Maximum 10 TB size of a single file, multipart upload, assign a part number from 1 to 10000 in order, once uploaded commit the upload to complete and merged
- For regional replication, the destination bucket is read-only only for the customer, async copied, overwrite destination object.
- Versioning provides data protection, the new version created for duplication, the latest version available, on deletion, delete marker will be applied and one can restore from there
- Re-encryption: all objects are encrypted including the previous version
- Copy happens only with latest version
- You can not enable versioning on the bucket, then the retention rule can not be applied
- The retention rule provides unmutable, locakable storage of data for a bucket. It can be time-bound and indefinite. Locking will allow not to modify the rule even. One need to delete the bucket to remove the object
Data Transfer through Disk
- Customer purchases disks, loads them up and sends them to data site
- Must be AES-256 encrypted
- Data deleted after upload
- Up to 100 TB and 10 disks per package
Data Transfer Appliance
Rents appliance (150 TB) from Oracle, AES-256.
Data deleted after uploaded.
Data Transfer Utility
Command Line software used to prepare data for Data Transfer to Oracle Open 220.127.116.11/16
Online Data Transfer
- VPN over internet
- Storage Gateway
Storage Gateway service
- Installed as Linux docker on-premise
- Frequently accessed data written locally called storage gateway caching
- Exposes NFS mount point that can be pointed anywhere that supports NFSv4
- Points to object storage
- File systems can’t exceed 10, Objects can’t exceed 100 million,20,000 files max in cache
- Use case categories of Storage Gateway
- Hybrid cloud
- One-time data migration or periodic data transfers