Manage Databases on Exadata Cloud Infrastructure

Prerequisites and Limitations for Creating and Managing Oracle Databases on Oracle Exadata Database Service on Dedicated Infrastructure

Review the prerequisites for creating and managing Oracle Databases on Oracle Exadata Database Service on Dedicated Infrastructure.

Before you can create and use an Oracle Database on Exadata Cloud Infrastructure, you must:

  • Provision Exadata Cloud Infrastructure infrastructure
  • Configure a VM cluster
  • Create any required backup destinations

You can create one or more databases on each Oracle Exadata Database Service on Dedicated Infrastructure system. Other than the storage and processing limits of your Oracle Exadata system, there is no maximum for the number of databases that you can create. By default, databases on Exadata Cloud Infrastructure use Oracle Database Enterprise Edition - Extreme Performance. This edition provides all the features of Oracle Database Enterprise Edition, plus all of the database enterprise management packs, and all of the Enterprise Edition options, such as Oracle Database In-Memory, and Oracle Real Application Clusters (Oracle RAC). If you use your own Oracle Database licenses, then your ability to use various features is limited by your license holdings. TDE Encryption is required for all cloud databases. All new tablespaces will automatically be enabled for encryption.

Prerequisites for Oracle Database Autonomous Recovery Service Cross Region Restore (Same Tenancy)

  1. VCN peering: Both the VCNs in local and remote regions must be peered across regions.

    For more information, see Access to Other VCNs: Peering.

  2. Add security rules on the source and target VCNs.
    1. Add Ingress rules on the source.
      1. Click Add Ingress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the VCN where the database resides.

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 8005

        Description: Specify an optional description of the ingress rule to help manage the security rules.

      2. Click Add Ingress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the VCN where the database resides.

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 2484

        Description: Specify an optional description of the ingress rule to help manage the security rules.

      3. Click Add Ingress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the target VCN

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 8005

        Description: Specify an optional description of the ingress rule to help manage the security rules.

      4. Click Add Ingress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the target VCN

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 2484.

        Description: Specify an optional description of the ingress rule to help manage the security rules.

    2. Add Egress rules on the target.

      These are optional if the egress traffic is opened for all IPs and ports.

      1. Click Add Egress Rule, and add these details to set up a rule that allows HTTPS traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the source VCN

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 8005

        Description: Specify an optional description of the ingress rule to help manage the security rules.

      2. Click Add Egress Rule, and add these details to set up a rule that allows SQL*Net traffic from anywhere:

        Source Type: CIDR

        Source CIDR: Specify the CIDR of the source VCN

        IP Protocol: TCP

        Source Port Range: All

        Destination Port Range: 2484

        Description: Specify an optional description of the ingress rule to help manage the security rules.

        Note: Ensure that recovery service subnets (RSS) are present in both regions and are attached to the peer VCNs, namely, source RSS attached to source VCN and target RSS attached to target VCN. For more information, see Creating a Recovery Service Subnet in the Database VCN.

  3. Perform DNS peering between local and remote VCNs.

    For more information, see Private DNS Implementation.

    Note: Ensure that the customer adds the oci.oraclecloud.com domain while creating forwarding rules inside target/remote VCN.

    Also, ensure that the following requirements are met for DNS peering between source and target.

    1. Listening endpoint at the source VCN
    2. Forwarding endpoint at the target VCN
    3. Forwarding rule at the target VCN with the destination being set as the listening endpoint
    4. Ingress and egress rules as stated in the aforementioned link

Prerequisites for Oracle Database, Object Storage Cross Region Restore (Same Tenancy)

The VCNs in region A, where the new database will be located, and region B, where the backups are stored, should be remote peered using a DRG. For more information, see Remote VCN Peering through an Upgraded DRG.

Once the remote peer is established, the DRG in the region with Object Storage should be configured to advertise Object Storage routes towards region A. Go to Private Access to Oracle Services and follow the steps outlined under For routing directly between gateways.

Note

In the "Transit routing directly through gateways", the "on-premises network" will be Region A. Specifically the IP addresses of the "on-premises network" will be the Backup Subnet CIDR of Region A's VCN.

"For routing directly between gateways" steps:
  • If you have a VCN and SGW in the region with Object Storage, skip Tasks 1 and 2
  • Skip Task 3
  • In Task 4, instead of selecting the "All OSN services" route, select the "Object Storage" route.
You'll also need to confirm security lists, and that the VCN route table applied to the backup subnet in Region A, has a route rule to the DRG for Region B's Object Storage CIDRs.
  • You can obtain the Object Storage CIDRs for Region B by viewing the JSON file located at Public IP Addresses for VCNs and the Oracle Services Network under the Downloading the JSON File section.
  • Within the JSON, locate the region attribute corresponding to Region B. Within the region, next locate the CIDR ranges for the Object Storage, the corresponding CIDR will have "tags" 0 and 1 of "OSN" and "OBJECT_STORAGE".
  • Note, some regions will have multiple CIDRs for "OSN" and "OBJECT_STORAGE", create a route rule for each in the route table.

Once completed, confirm remote access to Region's B Object Storage from Region A.

This provides network connectivity to Object Storage. The network cannot permit or prohibit specific Object Storage operations. For that, look to use IAM policies.

Oracle Database Releases Supported by Oracle Exadata Database Service on Dedicated Infrastructure

Exadata Cloud Infrastructure databases require Enterprise Edition - Extreme Performance subscriptions or you can bring your own Oracle Enterprise Edition software licenses.

The Enterprise Edition - Extreme Performance provides all the features of Oracle Database Enterprise Edition, plus all the database enterprise management packs and all the Enterprise Edition options, such as Oracle Database In-Memory and Oracle Real Application Clusters (Oracle RAC).

Exadata Cloud Infrastructure supports the following database versions:

  • Oracle Database 23ai
  • Oracle Database 19c
  • Oracle Database 12c Release 2 (12.2) (Upgrade Support Required)
  • Oracle Database 12c Release 1 (12.1) (Upgrade Support Required)
  • Oracle Database 11g Release 2 (11.2) (Upgrade Support Required)
Note

  • Earlier database versions are supported on a 19c cloud VM cluster and can be created at anytime. Cloud VM clusters created with earlier Oracle Database versions will not automatically support Oracle Database 19c.
  • For information on upgrading an existing database, see Upgrading Exadata Databases.
  • To use Autonomous Recovery Service as a backup destination, your target database must have a minimum compatibility level of 19.0 (the COMPATIBLE initialization parameter must be set to 19.0.0 or higher).

For Oracle Database release and software support timelines, see Release Schedule of Current Database Releases (Doc ID 742060.1) in the My Oracle Support portal.

Provisioning and Managing Exadata Databases

This topic describes creating and managing Oracle Databases on an Exadata Cloud Infrastructure instance instance.

In this documentation, "database" refers to a container database (CDB). When you provision a database in an Exadata cloud VM cluster, the database includes an initial pluggable database (PDB). For more information on these resource types, see Multitenant Architecture in the Oracle Database documentation. See Exadata Pluggable Database Operations for more information on pluggable databases in Exadata Cloud Infrastructure.

You can create Database Homes, databases, and pluggable databases at any time by using the Console or the Database APIs.

When you add a database to a VM cluster on an Exadata instance, the database versions you can select from depend on the current patch level of that resource. You may have to patch your VM cluster to add later database versions.

After you provision a database, you can move it to another Database Home. Consolidating databases under the same home can facilitate management of these resources. All databases in a given Database Home share the Oracle Database binaries and therefore, have the same database version. The Oracle-recommended way to patch a database to a version that is different from the current version is to move the database to a home running the target version. For information about patching, see Patching an Exadata Cloud Service Instance.

Note

When provisioning databases, make sure your VM cluster has enough OCPUs enabled to support the total number of database instances on the system. Oracle recommends the following general rule: for each database, enable 1 OCPU per node. See To scale CPU cores in an Exadata Cloud Service cloud VM cluster or DB system for information on scaling your OCPU count up or down.

When you create an Exadata database, you can choose to encrypt the database using your own encryption keys that you manage. You can rotate encryption keys, periodically, to maintain security compliance and, in cases of personnel changes, to disable access to a database.

Note

  • The encryption key you use must be AES-256.
  • To ensure that your Exadata database uses the most current versions of the Vault encryption key, rotate the key from the Database Details page on the Oracle Cloud Infrastructure Console. Do not use the Vault service's Console pages to rotate your Database keys.

If you want to use your own encryption keys to encrypt a database that you create, then you must create a dynamic group and assign specific policies to the group for customer-managed encryption keys. See Managing Dynamic Groups and Let security admins manage vaults, keys, and secrets. Additionally, see To integrate customer-managed key management into Exadata Cloud Service if you need to update customer-managed encryption libraries for the Vault service.

You can also add and remove databases, and perform other management tasks on a database by using command line utilities. For information and instructions on how to use these utilities, see Creating and Managing Exadata Databases Manually.

Database Memory Initialization Parameters

  • When creating a container database, the initialization parameter, SGA_TARGET is set by the automation. This will automatically size the SGA memory pools. The setting will vary depending on the size of the database VM total memory. If the VM has less than or equal to 60 GB of system memory, SGA_TARGET is set to 3800 MB. If the VM has 60 GB or more system memory, SGA_TARGET is set to 7600 MB.
  • The database initialization parameter USE_LARGE_PAGES is set to ONLY upon database creation, which will require the use of large pages for SGA memory. If the VM is configured with insufficient large pages, the instance will fail to start.

Customer-Managed Keys in Exadata Cloud Infrastructure

Customer-managed keys for Exadata Cloud Infrastructure is a feature of Oracle Cloud Infrastructure (OCI) Vault service that enables you to encrypt your data using encryption keys that you control.

The OCI Vault service provides you with centralized key management capabilities that are highly available and durable. This key-management solution also offers secure key storage using isolated partitions (and a lower-cost shared partition option) in FIPS 140-2 Level 3-certified hardware security modules, and integration with select Oracle Cloud Infrastructure services. Use customer-managed keys when you need security governance, regulatory compliance, and homogenous encryption of data, while centrally managing, storing, and monitoring the life cycle of the keys you use to protect your data.

You can:

  • Enable customer-managed keys when you create databases in Exadata Cloud Infrastructure
  • Switch from Oracle-managed keys to customer-managed keys
  • Rotate your keys to maintain security compliance

Requirements

To enable management of customer-managed encryption keys, you must create a policy in the tenancy that allows a particular dynamic group to do so, similar to the following: allow dynamic-group dynamic_group_name to manage keys in tenancy.

Another policy is needed if the Vault being used by the customer is replicated (https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/replicatingvaults.htm). For vaults that are replicated, this policy is needed: allow dynamic-group dynamic_group_name to read vaults in tenancy

Limitations

To enable Data Guard on Exadata Cloud Infrastructure databases that use customer-managed keys, the primary and standby databases must be in the same realm.

Task 1. Create a Vault and a Master Encryption Key

Create a vault in the Vault service by following the instructions in To create a new vault in Oracle Cloud Infrastructure Documentation. When following these instructions, Oracle recommends that you create the vault in a compartment created specifically to contain the vaults containing customer-managed keys, as described in Before You Begin: Compartment Hierarchy Best Practice.

After creating the vault, create at least one master encryption key in the vault by following the instructions in To create a new master encryption key in Oracle Cloud Infrastructure Documentation. When following these instructions, make these choices:

  • Create in Compartment: Oracle recommends that you create the master encryption key in the same compartment as its vault; that is, the compartment created specifically to contain the vaults containing customer-managed keys.
  • Protection Mode: Choose an appropriate value from the drop-down list:
    • HSM to create a master encryption key that is stored and processed on a hardware security module (HSM).
    • Software to create a master encryption key that is stored in a software file system in the Vault service. Software-protected keys are protected at rest using an HSM-based root key. You may export software keys to other key management devices or to a different OCI cloud region. Unlike HSM keys, software-protected keys are free of cost.
  • Key Shape Algorithm: AES
  • Key Shape Length: 256 bits

Oracle strongly recommends that you create a separate master encryption key for each of your container databases (CDBs). Doing so makes management of key rotation over time much simpler.

Task 2. Create a Service Gateway, a Route Rule, and an Egress Security Rule

Create a service gateway in the VCN (Virtual Cloud Network) where your Oracle Exadata Database Service on Dedicated Infrastructure resources reside by following the instructions in Task 1: Create the service gateway in Oracle Cloud Infrastructure Documentation.

After creating the service gateway, add a route rule and an egress security rule to each subnet (in the VCN) where Oracle Exadata Database Service on Dedicated Infrastructure resources reside so that these resources can use the gateway to access the Vault service:

  1. Go to the Subnet Details page for the subnet.
  2. In the Subnet Information tab, click the name of the subnet's Route Table to display its Route Table Details page.
  3. In the table of existing Route Rules, check whether there is already a rule with the following characteristics:
    • Destination: All IAD Services In Oracle Services Network
    • Target Type: Service Gateway
    • Target: The name of the service gateway you just created in the VCN

    If such a rule does not exist, click Add Route Rules and add a route rule with these characteristics.

  4. Return to the Subnet Details page for the subnet.
  5. In the subnet's Security Lists table, click the name of the subnet's security list to display its Security List Details page.
  6. In the side menu, under Resources, click Egress Rules.
  7. In the table of existing Egress Rules, check whether there is already a rule with the following characteristics:
    • Stateless: No
    • Destination: All IAD Services In Oracle Services Network
    • IP Protocol: TCP
    • Source Port Range: All
    • Destination Port Range: 443

    If such a rule does not exist, click Add Egress Rules and add an egress rule with these characteristics.

Task 3. Create a Dynamic Group and a Policy Statement

To grant your Oracle Exadata Database Service on Dedicated Infrastructure resources permission to access customer-managed keys, you create an IAM dynamic group that identifies these resources and then create an IAM policy that grants this dynamic group access to the master encryption keys you created in the Vault service.

When defining the dynamic group, you identify your Oracle Exadata Database Service on Dedicated Infrastructure resources by specifying the OCID of the compartment containing your Exadata Infrastructure resource.

  1. Copy the OCID of the compartment containing your Exadata Infrastructure resource. You can find this OCID on the Compartment Details page of the compartment.
  2. Create a dynamic group by following the instructions in To create a dynamic group in Oracle Cloud Infrastructure Documentation. When following these instructions, enter a matching rule of this format:
    ALL {resource.compartment.id ='<compartment-ocid>'}

    where <compartment-ocid> is the OCID of the compartment containing your Exadata Infrastructure resource.

After creating the dynamic group, navigate to (or create) an IAM policy in a compartment higher up in your compartment hierarchy than the compartment containing your vaults and keys. Then, add a policy statement of this format:

allow dynamic-group <dynamic-group-name>
to manage keys
in compartment <vaults-and-keys-compartment>
where all {
target.key.id='<key_ocid>',
request.permission!='KEY_DELETE',
request.permission!='KEY_MOVE',
request.permission!='KEY_IMPORT',
request.permission!='KEY_BACKUP’
}

If you are using a replicated virtual private vault for the Oracle Data Guard deployment, add an additional policy statement in this format:

allow dynamic-group <dynamic-group>
to read vaults
in tenancy | compartment <vaults-and-keys-compartment>

where <dynamic-group> is the name of the dynamic group you created and <vaults-and-keys-compartment> is the name of the compartment in which you created your vaults and master encryption keys.

To integrate customer-managed key management into Exadata Cloud Infrastructure

If you choose to encrypt databases in an Exadata Cloud Infrastructure instance using encryption keys that you manage, then you may update the following two packages (using Red Hat Package Manager) to enable DBAASTOOLS to interact with the APIs that customer-managed key management uses.

KMS TDE CLI

To update the KMS TDE CLI package, you must complete the following task on all nodes in the Exadata Cloud Infrastructure instance:

  1. Deinstall current KMS TDE CLI package, as follows:
    rpm -ev kmstdecli
  2. Install the updated KMS TDE CLI package, as follows:
    rpm -ivh kms_tde_cli

LIBKMS

LIBKMS is a library package necessary to synchronize a database with customer-managed key management through PKCS11. When a new version of LIBKMS is installed, any databases converted to customer-managed key management continue to use the previous LIBKMS version, until the database is stopped and restarted.

To update the LIBKMS package, you must complete the following task on all nodes in the Exadata Cloud Infrastructure instance:

  1. Confirm that the LIBKMS package is already installed, as follows:
    rpm -qa --last | grep libkmstdepkcs11
  2. Install a new version of LIBKMS, as follows:
    rpm -ivh libkms
  3. Use SQL*Plus to stop and restart all databases converted to customer-managed key management, as follows:
    shutdown immediate;
    startup;
  4. Ensure that all converted databases are using the new LIBKMS version, as follows:
    for pid in $(ps aux | grep "<dbname>" | awk '{print $2;}'); do echo $pid; sudo lsof -p $pid | grep kms | grep "pkcs11_[0-9A-Za-z.]*" | sort -u; done | grep pkcs11
  5. Deinstall LIBKMS packages that are no longer being used by any database, as follows:
    rpm -ev libkms

Using the Console to Manage Databases on Oracle Exadata Database Service on Dedicated Infrastructure

To create or terminate a database, complete procedures using the Oracle Exadata console.

To create a database in an existing Exadata Cloud Infrastructure instance

This topic covers creating your first or subsequent databases.

Note

If IORM is enabled on the Exadata Cloud Infrastructure instance, then the default directive will apply to the new database and system performance might be impacted. Oracle recommends that you review the IORM settings and make applicable adjustments to the configuration after the new database is provisioned.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment.
  3. Navigate to the cloud VM cluster or DB system you want to create the database in:

    Cloud VM clusters (The New Exadata Cloud Infrastructure Resource Model): Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems: Under Oracle Base Database, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

  4. Click Create Database.
  5. In the Create Database dialog, enter the following:
    Note

    You cannot modify the db_name, db_unique_name, and SID prefix after creating the database.
    • Database name: The name for the database. The database name must meet the requirements:
      • Maximum of 8 characters
      • Contain only alphanumeric characters
      • Begin with an alphabetic character
      • Cannot be part of the first 8 characters of a DB_UNIQUE_NAME on the VM cluster
      • DO NOT use the following reserved names: grid, ASM
    • Database unique name suffix:

      Optionally, specify a value for the DB_UNIQUE_NAME database parameter. The value is case insensitive.

      The unique name must meet the requirements:

      • Maximum of 30 characters
      • Contain only alphanumeric or underscore (_) characters
      • Begin with an alphabetic character
      • Unique across the VM cluster. Recommended to be unique across the tenancy.
      If not specified, the system automatically generates a unique name value, as follows:
      <db_name>_<3_chars_unique_string>_<region-name>
    • Database version: The version of the database. You can mix database versions on the Exadata DB system.
    • Database Home: The Oracle Database Home for the database. Choose the applicable option:
      • Select an existing Database Home: The Database Home display name field allows you to choose the Database Home from the existing homes for the database version you specified. If no Database Home with that version exists, you must create a new one.
      • Create a new Database Home: Use this option to provision a new Database Home for your Data Guard peer database.

        Click Change Database Image to use a desired Oracle-published image or a custom database software image that you have created in advance, then select an Image Type:

        • Oracle Provided Database Software Images:

          then you can use the Display all available version switch to choose from all available PSUs and RUs. The most recent release for each major version is indicated with a latest label.

          Note

          For the Oracle Database major version releases available in Oracle Cloud Infrastructure, images are provided for the current version plus the three most recent older versions (N through N - 3). For example, if an instance is using Oracle Database 19c, and the latest version of 19c offered is 19.8.0.0.0, images available for provisioning are for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and 19.5.0.0.
        • Custom Database Software Images: These images are created by your organization and contain customized configurations of software updates and patches. Use the Select a compartment, Select a region, and Select a Database version selectors to limit the list of custom database software images to a specific compartment, region, or Oracle Database software major release version.

          Region filter defaults to the currently connected region and lists all the software images created in that region. When you choose a different region, the software image list is refreshed to display the software images created in the selected region.

    • PDB name: (Optional) For Oracle Database 12c (12.1.0.2) and later, you can specify the name of the pluggable database. The PDB name must begin with an alphabetic character, and can contain a maximum of eight alphanumeric characters. The only special character permitted is the underscore ( _).

      To avoid potential service name collisions when using Oracle Net Services to connect to the PDB, ensure that the PDB name is unique across the entire VM cluster. If you do not provide the name of the first PDB, then a system-generated name is used.

    • Create administrator credentials: (Read only) A database administrator SYS user will be created with the password you supply.
      • Username: SYS
      • Password: Supply the password for this user. The password must meet the following criteria:

        A strong password for SYS, SYSTEM, TDE wallet, and PDB Admin. The password must be 9 to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters. The special characters must be _, #, or -. The password must not contain the username (SYS, SYSTEM, and so on) or the word "oracle" either in forward or reversed order and regardless of casing.

      • Confirm password: Re-enter the SYS password you specified.
      • Using a TDE wallet password is optional. If you are using customer-managed encryption keys stored in a vault in your tenancy, the TDE wallet password is not applicable to your DB system. Use Show Advanced Options at the end of the Create Database dialog to configure customer-managed keys.

        If you are using customer-managed keys, or if you want to specify a different TDE wallet password, uncheck the Use the administrator password for the TDE wallet box. If you are using customer-managed keys, leave the TDE password fields blank. To set the TDE wallet password manually, enter a password in the Enter TDE wallet password field, and then confirm by entering it into the Confirm TDE wallet password field.

    • Configure database backups: Specify the settings for backing up the database to Autonomous Recovery Service or Object Storage:
      • Enable automatic backup: Check the check box to enable automatic incremental backups for this database. If you are creating a database in a security zone compartment, you must enable automatic backups.
      • Backup Destination: Your choices are Autonomous Recovery Service or Object Storage.
      • Backup Scheduling:
        • Object Storage (L0):
          • Full backup scheduling day: Choose a day of the week for the initial and future L0 backups to start.
          • Full backup scheduling time (UTC): Specify the time window when the full backups start when the automatic backup capability is selected.
          • Take the first backup immediately: A full backup is an operating system backup of all datafiles and the control file that constitute an Oracle Database. A full backup should also include the parameter file(s) associated with the database. You can take a full database backup when the database is shut down or while the database is open. You should not normally take a full backup after an instance failure or other unusual circumstances.

            If you choose to defer the first full backup your database may not be recoverable in the event of a database failure.

        • Object Storage (L1):
          • Incremental backup scheduling time (UTC): Specify the time window when the incremental backups start when the automatic backup capability is selected.
        • Autonomous Recovery Service (L0):
          • Scheduled day for initial backup: Choose a day of the week for the initial backup.
          • Scheduled time for initial backup (UTC): Select the time window for the initial backup.
          • Take the first backup immediately: A full backup is an operating system backup of all datafiles and the control file that constitute an Oracle Database. A full backup should also include the parameter file(s) associated with the database. You can take a full database backup when the database is shut down or while the database is open. You should not normally take a full backup after an instance failure or other unusual circumstances.

            If you choose to defer the first full backup your database may not be recoverable in the event of a database failure.

        • Autonomous Recovery Service (L1):
          • Scheduled time for daily backup (UTC): Specify the time window when the incremental backups start when the automatic backup capability is selected.
      • Deletion options after database termination: Options that you can use to retain protected database backups after the database is terminated. These options can also help restore the database from backups in case of accidental or malicious damage to the database.
        • Retain backups for the period specified in your protection policy or backup retention period: Select this option if you want to retain database backups for the entire period defined in the Object Storage Backup retention period or Autonomous Recovery Service protection policy after the database is terminated.
        • Retain backups for 72 hours, then delete: Select this option to retain backups for a period of 72 hours after you terminate the database.
      • Backup Retention Period/Protection Policy: If you choose to enable automatic backups, you can choose a policy with one of the following preset retention periods, or a Custom policy.

        Object Storage Backup retention period: 7, 15, 30, 45, 60. Default: 30 days. The system automatically deletes your incremental backups at the end of your chosen retention period.

        Autonomous Recovery Service protection policy:

        • Bronze: 14 days
        • Silver: 35 days
        • Gold: 65 days
        • Platinum: 95 days
        • Custom defined by you
        • Default: Silver - 35 days
      • Enable Real-Time Data Protection: Real-time protection is the continuous transfer of redo changes from a protected database to Autonomous Recovery Service. This reduces data loss and provides a recovery point objective (RPO) near 0. This is an extra cost option.
  6. Click Show Advanced Options to specify advanced options for the database:

    • Management:

      Oracle SID prefix: The Oracle Database instance number is automatically added to the SID prefix to create the INSTANCE_NAME database parameter. The INSTANCE_NAME parameter is also known as the SID. The SID is unique across the cloud VM Cluster. If not specified, SID prefix defaults to the db_name.

      Note

      Entering an SID prefix is only available for Oracle 12.1 databases and above.

      The SID prefix must meet the requirements:

      • Maximum of 12 characters
      • Contain only alphanumeric characters. You can, however, use underscore (_), which is the only special character that is not restricted by this naming convention.
      • Begin with an alphabetic character
      • Unique in the VM cluster
      • DO NOT use the following reserved names: grid, ASM
    • Character set: The character set for the database. The default is AL32UTF8.
    • National character set: The national character set for the database. The default is AL16UTF16.
    • Encryption:

      If you are creating a database in an Exadata Cloud Service VM Cluster, then you can choose to use encryption based on encryption keys that you manage. By default, the database is configured using Oracle-managed encryption keys. To configure the database with encryption based on encryption keys you manage:

      1. Select Use customer-managed keys. You must have a valid encryption key in Oracle Cloud Infrastructure Vault service. See Let security admins manage vaults, keys, and secrets.
        Note

        You must use AES-256 encryption keys for your database.
      2. Choose a Vault.
      3. Select a Master encryption key.
      4. To specify a key version other than the latest version of the selected key, check Choose the key version and enter the OCID of the key you want to use in the Key version OCID field.
      Note

      The Key version will only be assigned to the container database (CDB), and not to its pluggable database (PDB). PDB will be assigned an automatically generated new key version.
    • Tags: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags . If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.
  7. Click Create Database.

After database creation is complete, the status changes from Provisioning to Available, and on the database details page for the new database, the Encryption section displays the encryption key name and the encryption key OCID.

WARNING:

Do not delete the encryption key from the vault. This causes any database protected by the key to become unavailable.
To manage SYS user and TDE Wallet passwords

Learn to manage administrator (SYS user) and TDE wallet passwords.

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment that contains the VM cluster that hosts the database that you want to change passwords.
  3. Click the name of the VM cluster that contains the database that you want to change passwords.
  4. In the Resources list of the VM Cluster Details page, click Databases.
  5. Click the name of the database that you want to change passwords.

    The Database Details page displays information about the selected database.

  6. On the Database Details page, click More actions, and then click Manage passwords.
  7. In the resulting Manage passwords dialog, click Update Administrator Password or Update TDE Wallet Password.

    Depending on the option you select, the system displays the fields to edit.

    • Update Administrator Password: Enter the new password in both the New administrator password and Confirm administrator password fields.
      Note

      The Update Administrator Password option will change the sys user password only. Passwords for other administrator accounts such as system, pdbadmin, and TDE wallet will not be changed.
    • Update TDE Wallet Password: Enter the current wallet password in the Enter existing TDE wallet password field, and then enter the new password in both the New TDE wallet password and Confirm TDE wallet password fields.
  8. Click Apply to update your chosen password.
To view details of a Protected Database

To view the details of a Protected Database, use this procedure.

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (The New Exadata Cloud Infrastructure Resource Model): Under Exadata at Oracle Cloud, click Exadata VM Clusters.

    In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems: Under Oracle Base Database, click DB Systems.

    In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.The Backup section displays the state of the automatic backups. If the Autonomous Recovery Service is the destination, a link will be available which includes additional details. You can also check if Real-time Data Protection is enabled or disabled. Click the Autonomous Recovery Service link to be taken to the page containing the Protected Database details.For more information about Protected Databases, see Viewing Protected Database Details.
To create a database from a backup

Before you begin, note the following:

  • When you create a database from a backup, the availability domain is the same as the availability domain that hosts the backup or a different one within the same region.
  • The Oracle Database software version you specify must be the same or later version as that of the backed-up database.
  • If you are creating a database from an automatic backup, then you can choose any level 0 weekly backup, or a level 1 incremental backup created after the most recent level 0 backup. For more information on automatic backups, see Using the Console
  • If the backup being used to create a database is in a security zone compartment, the database cannot be created in a compartment that is not in a security zone. See the Security Zone Policies topic for a full list of policies that affect Database service resources.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to a backup.
    • Standalone backups: Click Standalone Backups under Oracle Exadata Database Service on Dedicated Infrastructure.
    • Automatic backups: Navigate to the Database Details page of the database associated with the backup:

      • Cloud VM clusters (new resource model): Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.
      • DB systems: Under Exadata at Oracle Cloud, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

      Click the name of the database associated with the backup that you will use to create the new database. Locate the backup in the list of backups on the Database Details page.

  4. Click the Actions icon (three dots) for the backup you chose.
  5. Click Create Database. On the Create Database from Backup page, configure the database as follows.
  6. In the Provide basic information for the Exadata infrastructure section:
    • Select a region: The target region where you want to create the database.
    • Select an availability domain: It could be the same as the availability domain that hosts the backup or a different one within the same region
    • Select Exadata infrastructure: Select an Exadata infrastructure from the chosen compartment. Click the Change Compartment hyperlink to choose a different compartment.
  7. In the Configure your DB system section:
    • Backups created in cloud VM clusters: Choose a cloud VM cluster to run the database from the Select a VM cluster drop-down list.
    • Backups created in DB systems: Choose a shape from the Select a shape drop-down list, then choose a DB system to run the database from the Select a DB system drop-down list.
  8. In the Configure Database Home section:
    • Select an existing Database Home: If you choose this option, make a selection from the Select a Database Home drop-down list.
      Note

      You can not create a database from backup in the same Database Home where the source database exists.
    • Create a new Database home: If you choose this option, enter a name for the new Database Home in the Database Home display name field. Click Change Database Image to select a database software image for the new Database Home. In the Select a Database Software Image panel, do the following:
      1. Select the compartment containing the database software image you want to use to create the new Database Home.
      2. Select the region containing the database software image you want to use to create the new Database Home. Region filter defaults to the currently connected region and lists all the software images created in that region. When you choose a different region, the software image list is refreshed to display the software images created in the selected region.
      3. Select the Oracle Database software version that the new Database Home will use, then choose an image from the list of available images for your selected software version.
        Note

        Database restore operations for Databases of 12.2.0.1 and earlier are not allowed at this time.
      4. Click Select.
  9. In the Configure database section:
    Note

    You cannot modify the db_name, db_unique_name , and SID prefix after creating the database.
    • In the Database name field, name the database or accept the default name. The database name must meet the requirements:
      • Maximum of 8 characters
      • Contain only alphanumeric characters
      • Begin with an alphabetic character
      • Cannot be part of first 8 characters of a different database's db_unique_name on the VM cluster

      • DO NOT use the following reserved names: grid, ASM
    • Database unique name: Specify a value for the DB_UNIQUE_NAME database parameter. The unique name must meet the requirements:
      • Maximum of 30 characters
      • Contain only alphanumeric or underscore (_) characters
      • Begin with an alphabetic character
      • Unique across the VM cluster. Recommended to be unique across the tenancy.
      If not specified, the system automatically generates a unique name value, as follows:
      <db_name>_<3_chars_unique_string>_<region-name>
    • Administrator username: This read-only field displays the username for the administrator, "sys".
    • In the Password and Confirm password fields, enter and re-enter a password.

      A strong password for SYS administrator must be 9 to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters. The special characters must be _, #, or -. The password must not contain the user name (SYS, SYSTEM, and so on) or the word "oracle" either in forward or reverse order and regardless of casing.

  10. In the Enter the source database's TDE wallet or RMAN password field, enter a password that matches either the Transparent Data Encryption (TDE) wallet password or RMAN password for the source database.
  11. Click Show Advanced Options to specify advanced options for the database:
    • Management
      Oracle SID prefix: This option is in the Management tab. The Oracle Database instance number is automatically added to the SID prefix to create the INSTANCE_NAME database parameter. If not provided, then the SID prefix defaults to the first twelve characters of the db_name.
      Note

      Entering an SID prefix is only available for Oracle 12.1 databases and above.

      The SID prefix must meet the requirements:

      • Maximum of 12 characters
      • Contain only alphanumeric characters
      • Begin with an alphabetic character
      • Unique in the VM cluster
      • DO NOT use the following reserved names: grid, ASM
  12. Click Create Database.
  1. Click the Exadata cloud VM cluster or DB system name that contains the specific database to display the details page.
  2. From the list of databases, click the database name associated with the backup you want to use to display a list of backups on the database details page. You can also access the list of backups for a database by clicking Backups in the Resources section.
  1. Click Standalone Backups under Oracle Exadata Database Service on Dedicated Infrastructure.
  2. In the list of standalone backups, find the backup you want to use to create the database.
To navigate to the list of standalone backups for your current compartment

  1. Click Standalone Backups under Oracle Exadata Database Service on Dedicated Infrastructure.
  2. In the list of standalone backups, find the backup you want to use to create the database.
To create a database from the latest backup

Before you begin, note the following:

  • When you create a database from a backup, the availability domain is the same as the availability domain that hosts the backup or a different one within the same region.
  • The Oracle Database software version you specify must be the same or later version as that of the backed-up database.
  • If the backup being used to create a database is in a security zone compartment, the database cannot be created in a compartment that is not in a security zone. See the Security Zone Policies topic for a full list of policies that affect Database service resources.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment.
  3. Navigate to the cloud VM cluster that contains the source database you are using to create the new database:
    • Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.
    • DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.
  4. Under Databases, click the name of the database you are using as the source for the new database.
  5. On the Database Details page, click Create Database from Last Backup.
  6. In the Provide basic information for the Exadata infrastructure section:
    • Select a region: The target region where you want to create the database.
    • Select an availability domain: It could be the same as the availability domain that hosts the backup or a different one within the same region.
    • Select Exadata infrastructure: Select an Exadata infrastructure from the chosen compartment. Click the Change Compartment hyperlink to choose a different compartment.
  7. On the Create Database from Backup page, configure the database as follows.
  8. In the Configure your DB system section: Backups created in cloud VM clusters: Choose a cloud VM cluster to run the database from the Select a VM cluster drop-down list.
    • Backups created in cloud VM clusters: Choose a cloud VM cluster to run the database from the Select a VM cluster drop-down list.
    • Backups created in DB systems: Choose a shape from the Select a shape drop-down list, then choose a DB system to run the database from the Select a DB system drop-down list.
  9. In the Configure Database Home section:
    • Select an existing Database Home: If you choose this option, make a selection from the Select a Database Home drop-down list.
    • Create a new Database home: If you choose this option, enter a name for the new Database Home in the Database Home display name field. Click Change Database Image to select a database software image for the new Database Home. In the Select a Database Software Image panel, do the following:
      1. Select the compartment containing the database software image you want to use to create the new Database Home.
      2. Select the Oracle Database software version that the new Database Home will use, then choose an image from the list of available images for your selected software version.
      3. Click Select.
  10. In the Configure database section:
    Note

    You cannot modify the db_name, db_unique_name, and SID prefix after creating the database.
    • Database name: The name for the database. The database name must meet the requirements:

      • Maximum of 8 characters
      • Contain only alphanumeric characters
      • Begin with an alphabetic character
      • Cannot be part of first 8 characters of a DB_UNIQUE_NAME on the VM cluster
      • DO NOT use the following reserved names: grid, ASM
    • Database unique name: Optionally, specify a value for the DB_UNIQUE_NAME database parameter. The value is case insensitive.

      The unique name must meet the requirements:

      • Maximum of 30 characters
      • Contain only alphanumeric or underscore (_) characters
      • Begin with an alphabetic character
      • Unique across the VM cluster. Recommended to be unique across the tenancy.
      If not specified, the system automatically generates a unique name value, as follows:
      <db_name>_<3_chars_unique_string>_<region-name>
    • Administrator username: This read-only field displays the username for the administrator, "sys".
    • In the Password and Confirm password fields, enter and re-enter a password.

      A strong password for SYS administrator must be 9 to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters. The special characters must be _, #, or -. The password must not contain the user name (SYS, SYSTEM, and so on) or the word "oracle" either in forward or reverse order and regardless of casing.

  11. In the Enter the source database's TDE wallet or RMAN password field, enter a password that matches either the Transparent Data Encryption (TDE) wallet password or RMAN password for the source database.
  12. Click Show Advanced Options to specify advanced options for the database.
    • Management
      Oracle SID prefix: The Oracle Database instance number is automatically added to the SID prefix to create the INSTANCE_NAME database parameter. he INSTANCE_NAME parameter is also known as the SID. The SID is unique across the cloud VM cluster. If not specified, SID prefix defaults to the first 12 characters of the db_name.
      Note

      Entering an SID prefix is only available for Oracle 12.1 databases and above.
      The SID prefix must meet the requirements:
      • Maximum of 12 characters
      • Contain only alphanumeric characters
      • Begin with an alphabetic character
      • Unique in the VM cluster
      • DO NOT use the following reserved names: grid, ASM
  13. Click Create Database.
To move a database to another Database Home

This task explains how to patch a single Oracle Database in your Exadata Cloud Infrastructure instance by moving it to another Database Home.

You can move a database to any Database Home that meets at either of the following criteria:

  • The target Database Home uses the same Oracle Database software version (including patch updates) as the source Database Home
  • The target Database Home is based on either the latest version of the Oracle Database software release used by the database, or one of the three prior versions of the release

Moving a database to a new Database Home brings the database up to the patch level of the target Database Home. For information on patching Database Homes, see Database Home Patching and .

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment.
  3. Navigate to the database you want to move.:

    Cloud VM clusters ( The New Exadata Cloud Infrastructure Resource Model ): Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, click the name of the VM cluster that contains the database you wan to move.

    DB systems: Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find you want to access, and then click the name of the Exadata DB system that contains the database you want to move..

  4. Click More Actions, then click Move to Another Home.
  5. Select the target Database Home.
  6. Click Move Database.
  7. Confirm the move operation.

    The database is moved in a rolling fashion. The database instance will be stopped, node by node, in the current home and then restarted in the destination home. While the database is being moved, the Database Home status displays as Moving Databse. When the operation completes, Database Home is updated with the current home. Datapatch is executed automatically, as part of the database move, to complete post-patch SQL actions for all patches, including one-offs, on the new Database Home. If the database move operation is unsuccessful, then the status of the database displays as Failed, and the Database Home field provides information about the reason for the failure.

To terminate a database

You'll get the chance to back up the database prior to terminating it. This creates a standalone backup that can be used to create a database later. We recommend that you create this final backup for any production (non-test) database.

Note

Terminating a database removes all automatic incremental backups of the database from Oracle Cloud Infrastructure Object Storage. However, all full backups that were created on demand, including your final backup, will persist as standalone backups.

You cannot terminate a database that is assuming the primary role in a Data Guard association. To terminate it, you can switch it over to the standby role.

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (The New Exadata Cloud Infrastructure Resource Model): Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems: Under Oracle Base Database, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.
  4. Click More Actions, and then click Terminate.
    For the database using Oracle Cloud Infrastructure Object Storage or Oracle Database Autonomous Recovery Service: In the confirmation dialog,
    • Review the message about the backup retention policy.
    • Configure automatic backups as needed.
    • Type the name of the database to confirm the termination
  5. Click Terminate Database.

    The database's status indicates Terminating.

    Note

    The database stays in a terminated state with backups listed until all backups are expired.
To administer Vault encryption keys

Use this procedure to rotate the Vault encryption key or or change the encryption management configuration.

After you provision a database in an Exadata DB system or cloud VM cluster, you can rotate the Vault encryption key or change the encryption management configuration for that database.

Note

  • To ensure that your Exadata database uses the most current version of the Vault encryption key, rotate the key from the database details page on the Oracle Cloud Infrastructure Console. Do not use the Vault service.
  • You can rotate Vault encryption keys only on databases that are configured with customer-managed keys.
  • You can change encryption key management from Oracle-managed keys to customer-managed keys but you cannot change from customer-managed keys to Oracle-managed keys.
  • Oracle supports administering encryption keys on databases after Oracle Database 11g release 2 (11.2.0.4).
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure
  2. Choose your compartment from the Compartment drop-down.
  3. Navigate to the cloud VM cluster that contains the database for which you want to change encryption management or to rotate a key.

    Cloud VM clusters: Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, locate the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

  4. In the Databases section, click the name of the database for which you want to change encryption management or to rotate a key to display its details page.
  5. Click the More Actions drop-down.
  6. Click Manage encryption key.
    To rotate an encryption key on a database using customer-managed keys:
    Note

    Generate a new master encryption key version. Only the CDB root key version is changed or rotated to a new one. It doesn't generate a new key version for the dependent PDBs. Rotate customer-managed keys periodically to comply with security compliance and regulatory mandates.
    1. Click Rotate Encryption Key to display a confirmation dialog.
    2. Click Update.

    To assign a new key version:

    Assign a new key version (BYOK) to CDB while creating or after provisioning it.

    1. Click Assign a new key version.
    2. In the Key version OCID field, enter the OCID of the new key version you want to assign.
    3. Click Update.

      To copy the Key version OCID:

      1. Find the Vault and the Key details on the Key Details page (Key Management & Secret Management >> Vault >> <Vault> >> Key Details) by searching with the KMS key OCID provided in the CDB details page.
      2. Copy the OCID and paste it in the Key version OCID field.

    To change key management type from Oracle-managed keys to customer-managed keys:

    1. Click Change Key Management Type.
    2. Select Use customer-managed keys.

      You must have a valid encryption key in Oracle Cloud Infrastructure Vault service and provide the information in the subsequent steps. See Key and Secret Management Concepts.

    3. Choose a vault from the Vault in compartment drop-down. You can change the compartment by clicking the Change Compartment link.
    4. Select an encryption key from the Master encryption key in compartment drop-down. You can change the compartment containing the encryption key you want to use by clicking the Change Compartment link.
    5. If you want to use an encryption key that you import into your vault, then select the Choose the key version check box and enter the OCID of the key you want to use in the Key version OCID field.
      Note

      If you do not choose a version, the latest version of the key is used.
  7. Click Update.
Note

Changing key management causes the database to become briefly unavailable.

Caution:

After changing key management to customer-managed keys, do not delete the encryption key from the vault as this can cause the database to become unavailable.

On the database details page for this database, the Encryption section displays the encryption key name and the encryption key OCID.

Known Issues in Exadata Cloud Infrastructure

rac stopdb failed

rac stopdb failed to stop db

When GI version is 19.17 then creating a database against 11.2.0.4 Oracle home with patchsets July ’22 RU or older will fail with error mentioned in bug#28326679

Example:

ERROR : rac stopdb, failed to stop db viacmd export ORACLE_HOME=/u02/app/oracle/product/11.2.0/dbhome_1 ;/u02/app/oracle/product/11.2.0/dbhome_1/bin/srvctl stop database -d db008077-o immediate, out : PRCD-1120 : The resource for database db008077 could notbe found. PRCR-1001 : Resource ora.db008077.db does not exist, err :1 }

Solution:

Option 1: (Create new oracle home with Custom Image):
  • Create custom image for 11.2.0.4 with patchsets July ’22 RU or older along with bug#28326679 one off
  • Create Oracle home using above customer image
  • Create database against the home

Option 2 (Apply one-off to existing Oracle home) :

  • Download the patch for bug#28326679
  • Apply the patch using opatch
Applicability:
  • For ExaCS and ExaCC-Gen2, Both options given above will work.
  • For ExaCC – Gen1, Option 2 (Apply one-off to existing Oracle home) will work.

Using the API to manage Databases

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these API operations to manage databases.

For the complete list of APIs for the Database service, see Database Service API.

Create and Manage Exadata Pluggable Databases

You can create and manage pluggable databases (PDBs) in Exadata Cloud Infrastructure using the Console and APIs.

In this documentation, "database" refers to a container database, also called a CDB. For more information on these resource types, see Multitenant Architecture in the Oracle Database documentation. See Provisioning and Managing Exadata Databases for information on container databases in Exadata Cloud Infrastructure.

Oracle 19c or later databases created in Exadata Cloud Infrastructure include an initial PDB that you can access from the Database Details page in the Console. You can create and manage additional PDBs in the database using the Console or APIs.

  • Backup

    You can take a backup of the PDB optionally during create, clone, or relocate operations when the CDB is configured with the auto-backup feature. The PDB backup destination will always be the same as CDB, and the backups cannot be accessed directly or created on demand. Oracle recommends immediately backing up the PDB after you create or clone it. This is because the PDB will not be recoverable until the next daily auto-backup completes successfully, leading to a possible data loss.

  • Restore
    • Base Database Service / Oracle Exadata Database Service on Dedicated Infrastructure:
      • In place restore: You can restore a PDB within the same CDB to last known good state or to a specified timestamp.
      • Out of place restore: You can restore a PDB by creating a database (CDB) from the backup, then selecting a PDB or a subset of them you want to restore on the new database.
    • Oracle Exadata Database Service on Cloud@Customer:
      • In place restore: You can restore a PDB within the same CDB to last known good state and specified timestamp.
      • Out of place restore: It's not available.

      You can perform an in-place restore when you want to move a PDB back to a specified state or time. Both the CDB and PDB must be up and running and only one PDB can be restored at a time.

      • If you have multiple PDBs in your CDB and want to restore multiple of them to the same CDB, then you could restore each individual PDB, one PDB at a time, from the CDB backup.
      • When the CDB is down, you could restore the complete CDB and all the PDBs in that CDB will also be restored.
      • You could either restore the database to the specified timestamp or to its last known good state.
  • Relocate
    You can relocate a PDB from one CDB to another CDB within the same availability domain (AD):
    • Across compartments, VM clusters, DB system (for BaseDB only), or VCNs (not applicable to ExaDB-C@C). If two different VCNs are used, then both VCNs must be peered before relocating.
    • To the same or a higher database version.

    During relocate, the PDB will be removed from the source CDB and moved to the destination CDB that is up and running. In a Data Guard association, a PDB relocated to the primary will be synchronized with the standby as well.

  • Clone

    A clone is an independent and complete copy of the given database as it existed at the time of the cloning operation. You can create clones of your PDB within the same CDB or a different CDB and refresh the cloned PDB.

    The following types of clones are supported:
    • Local clone: A copy of the PDB is created within the same CDB.
    • Remote clone: A copy of the PDB is created in a different CDB.
    You can perform a remote clone of a PDB from one CDB to another CDB within the same availability domain (AD):
    • Across compartments, VM clusters, DB system (for BaseDB only), or VCNs (not applicable to ExaDB-C@C). If two different VCNs are used, then both VCNs must be peered before cloning.
    • To the same or a higher database version.
    • Refreshable clone: A copy of the PDB is created in a different CDB, and you will be able to refresh the cloned PDB.
      You can perform a refreshable clone of a PDB from one CDB to another CDB within the same availability domain (AD):
      • Across compartments, VM clusters, DB system (for BaseDB only), or VCNs (not applicable to ExaDB-C@C). If two different VCNs are used, then both VCNs must be peered before cloning.
      • To the same or a higher database version.
  • Refreshable Clone
    A refreshable clone enables you to keep your remote clone updated with the source PDB. You can only refresh while the PDB is in mount mode. The only open mode you can have is read-only and refresh cannot be done while it is in read-only mode.
    • A database link user credential is required for creating a refreshable clone.
    • Clone, relocate, and in-place restore operations are not supported in the refreshable clone. Relocate and in-place restore operations are not supported in the source, and the source can only be deleted after disconnecting or deleting the refreshable clone.
    • In a Data Guard association, a refreshable clone cannot be created on standby, but it can be created on the primary. However, the primary will not be synced to the standby.
      Note

      A PDB in standby cannot be used as the source for a refreshable PDB.
  • Convert Refreshable PDB to Regular PDB

    You can convert a refreshable PDB to a regular PDB by disconnecting the refreshable clone (destination PDB) from the source PDB at any time. If the refresh PDB is in a Data Guard association, when it is converted to a regular PDB the PDB will be synced to the standby as part of the conversion process.

  • Open Modes

    On the Console, you can see the open modes of a PDB, such as read-write, read-only, and mounted. If the PDB status is the same across all nodes, the system displays the same status for all PDBs. If the PDB statuses are different across the nodes, the system displays a message indicating on which nodes the PDBs are opened in read-write mode. You cannot change the open mode of a PDB through the API or Console. However, you can start or stop a PDB. Starting the PDB will start it in read-write mode. Stopping the PDB will close it and it will remain in mount mode.

Limitations for Pluggable Database Management

  • New PDBs created with SQL are not immediately discovered by OCI's control plane and displayed in the Console. However, OCI does perform a sync operation on a regular basis to discover manually-created PDBs, and they should be visible in the Console and with API-based tools within 45 minutes of creation. Oracle recommends using the Console or API-based tools (including the OCI CLI , SDKs, and Terraform) to create PDBs.
  • Pluggable database operations are supported only for databases using Oracle Database 19c and later.
  • PDBs are backed up at the CDB level when using the OCI Console or APIs, and each backup includes all the PDBs in the database. However, the dbaascli utility's dbaascli database backup command allows you to create backups of specified PDBs. See Using the dbaascli Utility on Exadata Cloud Infrastructure for more information.
  • Restore operations are performed at the CDB level when using the OCI Console or APIs. However, the dbaascli utility's dbaascli pdb recover command allows you to restore backups of specified PDBs. See Using the dbaascli Utility on Exadata Cloud Infrastructure for more information.

Creating an Exadata Pluggable Database

You can create a pluggable database (PDB) in Exadata Cloud Service from the OCI Console, or with the APIs and API-based tools (the OCI CLI, SDKs, and Terraform). PDBs must be created one at a time. During the PDB create operation, the parent database (CDB) is in the "Updating" state. Creating a new PDB has no impact on existing PDBs in the database.

Using the console to create pluggable database

Note

  • Creating a pluggable database (PDB) is not supported for databases using Data Guard.
  • If the databases are created directly on Guest VM, the attributed usage data would be delayed.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. On the Database Details page, click Pluggable Databases in the Resources section of the page.
  5. Click Create Pluggable Database.
  6. In the Create Pluggable Database dialog, enter the following:

    • PDB Name: Enter a name for the PDB. The name must begin with an alphabetic character and can contain a maximum of 30 alphanumeric characters. Note: For bare metal DB systems, you cannot have two PDBs in the same database that use the same PDB name. You can use the same name for PDBs in different databases within the same DB system.
    • Unlock my PDB Admin account: Optional. Select this option to specify a PDB Admin password and configure the PDB to be unlocked at creation.
    • PDB Admin password: If you clicked Unlock my PDB Admin account, create and enter a PDB admin password. The password must contain:
      • A minimum of 9 and a maximum of 30 characters
      • At least two uppercase characters
      • At least two lowercase characters
      • At least two special characters. The valid special characters are: underscore ( _ ), a hash sign (#), and a dash (-). You can use two of the same characters or any combination of two of the same characters.
      • At least two numeric characters (0 - 9)
    • Confirm PDB Admin password: Reenter the PDB admin password.
    • TDE wallet password: Applicable only to databases using Oracle-managed encryption keys. Enter the TDE wallet password for the parent CDB.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the check box is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
  7. Click Create Pluggable Database.

WHAT NEXT?

After creating your PDB, you can get connection strings for the administrative service using the OCI Console.

Using the console to relocate a pluggable database

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. On the Database Details page, click Pluggable Databases in the Resources section of the page.
  5. Click the name of the PDB that you want to relocate.

    From the Pluggable Database details page, click More Actions, and then select Relocate.

    (or)

    Click the Actions menu (three dots) and select Relocate.

  6. In the resulting Relocate Pluggable Database window, enter the following:
    • VM Cluster: Use the menu to select the destination VM cluster.
    • Destination database: Use the menu to select an existing database where the PDB will be created. This database can be of the same version as the CDB the source PDB is in or of a higher version.
    • New PDB name for the clone: The name must begin with an alphabetic character and can contain up to 30 characters. To keep the PDB name the same, just re-enter the source PDB name.
    • Database TDE wallet password: Enter the TDE wallet password for the parent CDB of the source PDB.
    • Unlock my PDB Admin Account:
      • To enter the administrator's password, check this check box.
        • PDB Admin Password: Enter PDB admin password. The password must contain:
          • a minimum of 9 and a maximum of 30 characters
          • at least two uppercase characters
          • at least two lowercase characters
          • at least two special characters. The valid special characters are underscore ( _ ), a pound or hash sign (#), and dash (-). You can use two of the same characters or any combination of two of the same characters.
          • at least two numeric characters (0 - 9)
        • Confirm PDB Admin Password: Enter the same PDB Admin password in the confirmation field.
      • To skip entering the administrator's password, uncheck this check box. If you uncheck this check box, then the PDB is created but you cannot use it. To use the PDB, you must reset the administrator password.
        Note

        When you create a new PDB, a local user in the PDB is created as the administrator and granted the PDB_DBA role locally to the administrator.
        To reset the password:
        1. Connect to the container where your PDB exists using the SQL*Plus CONNECT statement.
          SQL> show con_name;
          CON_NAME
          ------------------------
          CDB$ROOT

          For more information, see Administering a CDB and Administering PDBs in the Oracle® Multitenant Administrator’s Guide.

        2. Find the administrator name of your PDB:
          SQL> select grantee from cdb_role_privs where con_id = (select con_id from cdb_pdbs where pdb_name = '<PDB_NAME>') and granted_role = 'PDB_DBA';
        3. Switch into your PDB:
          SQL> alter session set container=<PDB_NAME>;
          Session altered.
          SQL> show con_name;
          CON_NAME
          ------------------------
          <PDB_NAME>
        4. Reset the PDB administrator password:
          SQL> alter user <PDB_Admin> identified by <PASSWORD>;
          User altered.
    • Source database SYS password: Enter the database admin password.
    • Database link: Enter the user name and password for the database link. Note that the user must be precreated in the source database. The DB link will be created in the destination using that username and password.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the checkbox is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
    • Advanced Options:
      • Tags: Optionally, you can apply tags. If you have permission to create a resource, you also have permission to apply free-form tags to that resource. To apply a defined tag, you must have permission to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
  7. Click Relocate pluggable database.
    Note

    Relocate will incur downtime during the process and that the time required is based on the size of the PDB.
Using the API to create pluggable database

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the CreatePluggableDatabase API to create pluggable databases on Exadata Cloud Infrastructure.

For the complete list of APIs for the Database service, see Database Service API.

Managing an Exadata Pluggable Database

This topic includes the procedures to connect to, start, stop, and delete a pluggable database (PDB).

It also includes instructions for getting PDB connection strings for the administrative service.

To start a pluggable database
Note

The PDB must be available and stopped to use this procedure.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to start. Click the PDB name to display details about it.
  6. Click Start.
  7. In the Start PDB dialog, click Start PDB to confirm the start operation.
To stop a pluggable database
Note

The PDB must be available and running (started) to use this procedure.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to stop. Click the PDB name to display details about it.
  6. Click Start.
  7. In the Stop PDB dialog, click Stop PDB to confirm the stop operation.
To delete a pluggable database
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to delete. Click the PDB name to display details about it.
  6. Click More Actions, then choose Delete.
  7. In the Delete PDB dialog box, enter the name of the PDB that you want to delete to confirm the action, then click Delete PDB.
To get connection strings for a pluggable database
Note

This topic explains how to get connection strings for the administrative service of a PDB. Oracle recommends that you connect applications to an application service, using strings created for the application service.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the PDB, and then click its name to display details about it.
  6. Click PDB Connection.
  7. In the Pluggable Database Connection dialog, use the Show and Copy links to display and copy connection strings, as needed.
  8. Click Close to exit the dialog.
Using the API to manage pluggable databases

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these APIs to manage pluggable databases.

Note

Use the GetPluggableDatabase API to get administration service connection strings and other details about a PDB.

For the complete list of APIs for the Database service, see Database Service API.

To administer Vault encryption keys

Use this procedure to rotate the Vault encryption key or assign a new key version.

Note

Rotate Key is blocked on standby when KMS is configured in the current database. Also, you cannot change or update the encryption type once it is configured to KMS.
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your compartment from the Compartment drop-down.
  3. Navigate to the cloud VM cluster that contains the database for which you want to change encryption management or to rotate a key.

    Cloud VM clusters: Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, locate the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

  4. In the Databases section, click the name of the database in which the pluggable database you want to change encryption management or to rotate a key exists.
  5. Click the name of the database to view its details.
  6. Under Resources, click Pluggable Databases.
  7. From the list, click the name of a PDB to view its details.
  8. Click Manage encryption key.

    To rotate an encryption key on a database using customer-managed keys:

    Note: Generate a new master encryption key version. Only the CDB root key version is changed or rotated to a new one. It doesn't generate a new key version for the dependent PDBs. Rotate customer-managed keys periodically to comply with security compliance and regulatory mandates. The rotation involves stopping and restarting the database.

    1. Click Rotate Encryption Key.
    2. Click Update.

    To assign a new key version:

    Assign a new key version (BYOK) to CDB while creating or after provisioning it.

    a. Click Assign a new key version.

    b. In the Key version OCID field, enter the OCID of the new key version you want to assign.

    c. Click Update.

    To copy the Key version OCID:

    a. Find the Vault and the Key details on the Key Details page (Key Management & Secret Management >> Vault >> <Vault> >> Key Details) by searching with the KMS key OCID provided in the PDB details page.

    b. Copy the OCID and paste it in the Key version OCID field.

Cloning an Exadata Pluggable Database

You can create local, remote, and refreshable clones.

A clone is an independent and complete copy of the given database as it existed at the time of the cloning operation. You can create clones of your PDB within the same CDB or a different CDB and also refresh the cloned PDB.

Note

When cloning a PDB from 19c to 23ai, the cloned PDB is automatically upgraded to 23ai. For example, if you use refreshable clones to clone to 23ai and then convert it to regular PDB, all necessary upgrade steps are automatically handled, converting the refreshable clone into a fully upgraded 23ai PDB.

The following types of clones are supported:

  • Local clone: A clone of the PDB is created within the same CDB.
  • Remote clone: A clone of the PDB is created in a different CDB.
  • Refreshable clone: A clone of the PDB is created in a different CDB, and you will be able to refresh the cloned PDB.
Using the Console to Create a Local Clone of a Pluggable Database (PDB)
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to clone, and then click its name to display details about it.
  6. Click Clone.
  7. In the Clone PDB dialog box, enter the following:

    • Select clone type: Select Local clone to create a copy of the source PDB to the same CDB.
    • Exadata VM Cluster: Use the menu to select the cloud VM cluster of the target database.
      Note

      The target VM Cluster may be on a different Exadata infrastructure.
    • Destination database: This field is disabled.
    • PDB name: Provide a name for the new cloned PDB. The name must begin with an alphabetic character and can contain up to 30 characters.
    • Database TDE wallet password: Not applicable for databases using customer-managed keys from the Vault service. Enter the TDE wallet password for the parent database (CDB) of the source PDB.
    • Unlock my PDB Admin account: Optional. Select this option to specify a PDB Admin password and configure the PDB to be unlocked at creation.
    • PDB Admin password: Create and enter a new PDB Admin password. The password must contain:
      • 9–30 characters
      • At least two uppercase characters
      • At least two lowercase characters
      • At least two special characters. The valid special characters are: underscore ( _ ), a hash sign (#), and a dash (-). You can use two of the same characters or any combination of two of these characters.
      • At least two numeric characters (0-9)
    • Confirm PDB Admin password: Enter the PDB Admin password again to confirm.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the checkbox is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
    • Advanced Options:
      • Tags: Optionally, you can apply tags. If you have permission to create a resource, you also have permission to apply free-form tags to that resource. To apply a defined tag, you must have permission to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
  8. Click Clone pluggable database.
Using the Console to Create a Remote Clone of a Pluggable Database (PDB)
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to clone, and then click its name to display details about it.
  6. Click Clone.
  7. In the Clone PDB dialog box, enter the following:

    • Select clone type: Select Remote clone to create a copy of the source PDB to the same CDB.
    • Exadata VM Cluster: Use the menu to select the cloud VM cluster of the target database.
      Note

      The target VM Cluster may be on a different Exadata infrastructure.
    • Destination database: Use the menu to select an existing database where the PDB will be created. This database can be of the same version as the CDB the source PDB is in or of a higher version.
    • PDB name: Provide a name for the new cloned PDB. The name must begin with an alphabetic character and can contain up to 30 characters.
    • Database TDE wallet password: Not applicable for databases using customer-managed keys from the Vault service. Enter the TDE wallet password for the parent database (CDB) of the source PDB.
    • Unlock my PDB Admin account: Optional. Select this option to specify a PDB Admin password and configure the PDB to be unlocked at creation.
    • PDB Admin password: Create and enter a new PDB Admin password. The password must contain:
      • 9–30 characters
      • At least two uppercase characters
      • At least two lowercase characters
      • At least two special characters. The valid special characters are: underscore ( _ ), a hash sign (#), and a dash (-). You can use two of the same characters or any combination of two of these characters.
      • At least two numeric characters (0-9)
    • Confirm PDB Admin password: Enter the PDB Admin password again to confirm.
    • Database link: Enter the user name and password for the database link. Note that the user must be precreated in the source database. The DB link will be created in the destination using that username and password.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the checkbox is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
    • Advanced Options:
      • Tags: Optionally, you can apply tags. If you have permission to create a resource, you also have permission to apply free-form tags to that resource. To apply a defined tag, you must have permission to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
  8. Click Clone pluggable database.
Using the Console to Create a Refreshable Clone of a Pluggable Database (PDB)
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to clone, and then click its name to display details about it.
  6. Click Clone.
  7. In the Clone PDB dialog box, enter the following:

    • Select clone type: Select Refreshable clone to create a copy of the source PDB to the same CDB.

      For more information about refreshable clones, see About Refreshable Clone PDBs.

    • Exadata VM Cluster: Use the menu to select the cloud VM cluster of the target database.
      Note

      The target VM Cluster may be on a different Exadata infrastructure.
    • Destination database: Use the menu to select an existing database where the PDB will be created. This database can be of the same version as the CDB the source PDB is in or of a higher version.
    • PDB name: Provide a name for the new cloned PDB. The name must begin with an alphabetic character and can contain up to 30 characters.
    • Database TDE wallet password: Not applicable for databases using customer-managed keys from the Vault service. Enter the TDE wallet password for the parent database (CDB) of the source PDB.
    • Unlock my PDB Admin account: Optional. Select this option to specify a PDB Admin password and configure the PDB to be unlocked at creation.
    • PDB Admin password: Create and enter a new PDB Admin password. The password must contain:
      • 9–30 characters
      • At least two uppercase characters
      • At least two lowercase characters
      • At least two special characters. The valid special characters are: underscore ( _ ), a hash sign (#), and a dash (-). You can use two of the same characters or any combination of two of these characters.
      • At least two numeric characters (0-9)
    • Confirm PDB Admin password: Enter the PDB Admin password again to confirm.
    • Database link: Enter the user name and password for the database link. Note that the user must be precreated in the source database. The DB link will be created in the destination using that username and password.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the checkbox is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
    • Advanced Options:
      • Tags: Optionally, you can apply tags. If you have permission to create a resource, you also have permission to apply free-form tags to that resource. To apply a defined tag, you must have permission to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
  8. Click Clone pluggable database.
Using the Console to Refresh a Cloned Pluggable Database (PDB)
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to refresh, and then click its name to display details about it.
  6. Click More Actions and select Refresh.
  7. In the resulting Refresh dialog box, click Refresh to confirm.
Using the Console to Convert a Refreshable Clone to a Regular Pluggable Database (PDB)
  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to convert to a regular PDB, and then click its name to display details about it.
  6. In the resulting Convert to regular PDB dialog box, enter the following:
    • Database TDE wallet password: Not applicable for databases using customer-managed keys from the Vault service. Enter the TDE wallet password for the parent database (CDB) of the source PDB.
    • Take a backup of the PDB immediately after creating it: You must enable auto-backup on the CDB to back up a PDB immediately after creating it. This check box is checked by default if auto-backup was enabled on the CDB.
      Note

      If the checkbox is unchecked, the system displays a warning stating that PDB cannot be recovered until the next daily backup has been successfully completed.
  7. Click Convert.
Using the API to clone a pluggable database

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use these APIs to clone pluggable databases:

For the complete list of APIs for the Database service, see Database Service API.

Restoring an Exadata Pluggable Database

You can perfrom in-place and out of place restore of an Exadata pluggable database.

The following types of clones are supported:

  • In place restore: You can restore a PDB within the same CDB to last known good state or to a specified timestamp.
  • Out of place restore: You can restore a PDB by creating a database (CDB) from the backup, then selecting a PDB or a subset of them you want to restore on the new database.

Using the Console to Perform an In-Place Restore of a Pluggable Database (PDB)

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to restore, and then click its name to display details about it.
  6. In the resulting Restore PDB dialog, enter the following:
    • Restore to latest: Select this option to restore and recover the database with zero, or least possible, data loss.
    • Restore to a timestamp: Select this option to restore and recover the database to the specified timestamp.
  7. Click Restore.

Using the Console to Perform an Out-of-Place Restore of a Pluggable Database (PDB)

  1. Open the navigation menu. Click Oracle Database, then click Oracle Exadata Database Service on Dedicated Infrastructure.
  2. Choose your Compartment.
  3. Navigate to the database:

    Cloud VM clusters (new resource model) Under Oracle Exadata Database Service on Dedicated Infrastructure, click Exadata VM Clusters. In the list of VM clusters, find the VM cluster you want to access and click its highlighted name to view the details page for the cluster.

    DB systems Under Bare Metal, VM, and Exadata, click DB Systems. In the list of DB systems, find the Exadata DB system you want to access, and then click its name to display details about it.

    On the cloud VM cluster or DB system details page, in the Databases table, click the name of the database to display the Database Details page.

  4. Click Pluggable Databases in the Resources section of the page.
  5. In the list of pluggable databases, find the pluggable database (PDB) you want to restore, and then click its name to display details about it.
  6. Under Resources, click Backups.
  7. From the list of backups, choose a backup, click the Actions menu (three dots), and then select Create Database.
  8. In the resulting Create database from backup dialog box, select either of these options, Select all PDBs or Specify the PDBs to restore.
To create a database by selecting all Pluggable Databases

Provide the requested information in the Create database from backup page:

  1. Click Select all PDBs.
  2. Click Next.
  3. Select the VM cluster where you want to create the database.

    Click the Change Compartment hyperlink to choose your compartment.

  4. Configure Database Home: Select an existing Database Home or create one as applicable. Note that this field is not available when you create a Database from the Database Home details page.
    • Select an existing Database Home: If one or more Database Homes already exist for the database version you have selected, then this option is selected by default. And, you will be presented with a list of Database Homes. Select a Database Home from the list.
    • Create a new Database Home: If no Database Homes exist for the database version you have selected, then this option is selected by default.
      1. Enter Database Home display name.
      2. Click Change Database Image to select your software version.

        Select a Database Software Image window is displayed.

      3. Select an Image Type, Oracle Provided Database Software Images, or Custom Database Software Images.

        If you choose Oracle Provided Database Software Images, then you can use the Display all available version switch to choose from all available PSUs and RUs. The most recent release for each major version is indicated with a latest label.

        Note

        For the Oracle Database major version releases available in Oracle Cloud Infrastructure, images are provided for the current version plus the three most recent older versions (N through N - 3). For example, if an instance is using Oracle Database 19c, and the latest version of 19c offered is 19.8.0.0.0, images available for provisioning are for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and 19.5.0.0.

  5. Provide the database name: Specify a user-friendly name that you can use to identify the database. The database name must contain only the permitted characters.

    Review the following guidelines when selecting a database name.
    • maximum of 8 characters
    • contain only alphanumeric characters
    • begin with an alphabetic character
    • cannot be part of first 8 characters of a db_unique_name on the VM cluster
    • unique within a VM cluster
    • DO NOT use grid because grid is a reserved name
    • DO NOT use ASM because ASM is a reserved name
  6. Provide a unique name for the database: Optionally, specify a unique name for the database. This attribute defines the value of the db_unique_name database parameter. The value is case insensitive.

    The db_unique_name must contain only the permitted characters. Review the following guidelines when selecting a database name.

    • maximum of 30 characters
    • can contain alphanumeric and underscore (_) characters
    • begin with an alphabetic character
    • unique across the fleet/tenancy

    If a unique name is not provided, then the db_unique_name defaults to the following format <db_name>_<3 char unique string>_<region-name>.

    If you plan to configure the database for backup to a Recovery Appliance backup destination, then the unique database name must match the name that is configured in the Recovery Appliance.

  7. Provide the administration password: Provide and confirm the Oracle Database administration password. This password is used for administration accounts and functions in the database, including:

    • The password for the Oracle Database SYS and SYSTEM users.
    • The Transparent Data Encryption (TDE) Keystore password.

    For Oracle Database 12c Release 1 or later releases, the password for the PDB administration user in the first PDB (PDBADMIN) must be nine to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters. The special characters must be _, #, or -. In addition, the password must not contain the name of the tenancy or any reserved words, such as Oracle or Table, regardless of casing.

  8. Enter the source database's TDE wallet or RMAN password: Password must match the TDE wallet or RMAN password of the source database contained in the backup.
  9. Click Create Backup.
To create a database by specifying a subset of Pluggable Databases

Provide the requested information in the Create database from backup page:

  1. Click Specify the PDBs to restore.
  2. In the Specify PDB to restore field, provide a comma-delimited list of PDBs to restore.
  3. Click Next.
  4. Select the VM cluster where you want to create the database.

    Click the Change Compartment hyperlink to choose your compartment.

  5. Configure Database Home: Select an existing Database Home or create one as applicable. Note that this field is not available when you create a Database from the Database Home details page.
    • Select an existing Database Home: If one or more Database Homes already exist for the database version you have selected, then this option is selected by default. And, you will be presented with a list of Database Homes. Select a Database Home from the list.
    • Create a new Database Home: If no Database Homes exist for the database version you have selected, then this option is selected by default.
      1. Enter Database Home display name.
      2. Click Change Database Image to select your software version.

        Select a Database Software Image window is displayed.

      3. Select an Image Type, Oracle Provided Database Software Images, or Custom Database Software Images.

        If you choose Oracle Provided Database Software Images, then you can use the Display all available version switch to choose from all available PSUs and RUs. The most recent release for each major version is indicated with a latest label.

        Note

        For the Oracle Database major version releases available in Oracle Cloud Infrastructure, images are provided for the current version plus the three most recent older versions (N through N - 3). For example, if an instance is using Oracle Database 19c, and the latest version of 19c offered is 19.8.0.0.0, images available for provisioning are for versions 19.8.0.0.0, 19.7.0.0, 19.6.0.0 and 19.5.0.0.

  6. Provide the database name: Specify a user-friendly name that you can use to identify the database. The database name must contain only the permitted characters.

    Review the following guidelines when selecting a database name.
    • maximum of 8 characters
    • contain only alphanumeric characters
    • begin with an alphabetic character
    • cannot be part of first 8 characters of a db_unique_name on the VM cluster
    • unique within a VM cluster
    • DO NOT use grid because grid is a reserved name
    • DO NOT use ASM because ASM is a reserved name
  7. Provide a unique name for the database: Optionally, specify a unique name for the database. This attribute defines the value of the db_unique_name database parameter. The value is case insensitive.

    The db_unique_name must contain only the permitted characters. Review the following guidelines when selecting a database name.

    • maximum of 30 characters
    • can contain alphanumeric and underscore (_) characters
    • begin with an alphabetic character
    • unique across the fleet/tenancy

    If a unique name is not provided, then the db_unique_name defaults to the following format <db_name>_<3 char unique string>_<region-name>.

    If you plan to configure the database for backup to a Recovery Appliance backup destination, then the unique database name must match the name that is configured in the Recovery Appliance.

  8. Provide the administration password: Provide and confirm the Oracle Database administration password. This password is used for administration accounts and functions in the database, including:

    • The password for the Oracle Database SYS and SYSTEM users.
    • The Transparent Data Encryption (TDE) Keystore password.

    For Oracle Database 12c Release 1 or later releases, the password for the PDB administration user in the first PDB (PDBADMIN) must be nine to 30 characters and contain at least two uppercase, two lowercase, two numeric, and two special characters. The special characters must be _, #, or -. In addition, the password must not contain the name of the tenancy or any reserved words, such as Oracle or Table, regardless of casing.

  9. Enter the source database's TDE wallet or RMAN password: Password must match the TDE wallet or RMAN password of the source database contained in the backup.
  10. Click Create Backup.

Cost and Usage Attribution for Pluggable Databases (PDBs)

Note

It is supported only on Oracle Databases 19c and higher running in a multitenant deployment.

With this enhancement to the Cost Analysis feature of the OCI Cost Management Service, you can view the attributed usage and cost for all the PDBs in a VM Cluster. This data will be available on the cost analysis dashboard and the reports.

Prerequisites:

  • dbaastools: (minimum version) 24.2.1
    • To check the version of the dbaastools rpm on the guest VM, run: rpm -qa | grep dbaastools
    • To update the dbaastools rpm on the guest VM, run: dbaascli admin updateStack

      Confirm you have the minimum version of dbaastools needed after you update the dbaastools rpm by running the rpm -qa | grep dbaastools command.

  • dbcsagent needs to be running on the guest VM. Minimum version of dbcsagent needed is 23.3.2.
    • To check the version of the dbcsagent on the guest VM, run: rpm -qa | grep dbcs-agent-update
    • You will need to open a service request on My Oracle Support to update the dbcsagent on the guest VM.
    • To check the status of the dbcsagent, run: systemctl status dbcsagent

      Run systemctl start dbcsagent if the dbcsagent is not in active (running) state.

      Check the status of the agent again to confirm that it is running.

Generate Attributed Cost Analysis Report for Pluggable Databases

Follow the steps below to view the attributed costs based on CPU utilization for all pluggable databases within a VM Cluster.

  1. Open the navigation menu and click Billing & Cost Management. Under Cost Management, click Cost Analysis.
  2. From Reports, select one of the predefined reports, or use the default Costs by Service report.
  3. Make your preferred query adjustments.
    1. From Start/End Date (UTC), select a time period.
    2. From Granularity, select Daily or Monthly.
    3. From Show, select Attributed cost.
    4. From Filters, select Tag.

      In the resulting Tag dialog, select orcl-cloud as the tag with the key parent_resource_id_1 equal to the OCID of the VM Cluster.

    5. From Grouping dimensions, select the preferred grouping dimension. For example, Resource OCID.

      The VM Cluster OCID is the parent of the CDBs it contains, and the CDB OCID is the parent OCID of the PDBs it contains.

    6. Click Apply to apply the changes and reload the chart and table with the selected filters.

      The generated report will show the attributed costs for all the PDBs in the VM Cluster.

  4. After you have made changes, the currently selected predefined report name from the Reports menu changes to (edited).
  5. If you're done making changes and want to save a new report, click Save as new report.
  6. In the Save as new report dialog, enter the report name in the Name field. Avoid entering confidential information..
  7. Click Save.

    A notification is displayed that your report has been saved, and the report is also selected in the Reports menu.

  8. If you didn't already apply your custom report settings, click Apply to view your changes.

    The new saved report is now available for future selection from the Reports menu under Saved Reports.

    For more information about generating a PDB attributed cost analysis report, see Cost Analysis.

Changing the Database Passwords

To change the SYS password, or to change the TDE wallet password, use this procedure.

The password that you specify in the Database Admin Password field when you create a new Exadata Cloud Infrastructure instance or database is set as the password for the SYS, SYSTEM, TDE wallet, and PDB administrator credentials. Use the following procedures if you need to change passwords for an existing database.

Note

if you are enabling Data Guard for a database, then the SYS password and the TDE wallet password of the primary and standby databases must all be the same.
Note

Using the dbaascli to change the SYS password will ensure the backup/restore automation can parallelize channels across all nodes in the cluster.

To Change the SYS Password for an Exadata Cloud Infrastructure Database

  1. Log onto the Exadata Cloud Infrastructure virtual machine as opc.
  2. Run the following command:
    sudo dbaascli database changepassword --dbname database_name --user SYS

To Change Database Passwords in a Data Guard Environment

  1. Run the following command on the primary database:
    dbaascli database changePassword —dbName <dbname> --user SYS --prepareStandbyBlob true --blobLocation <location to create the blob file>
  2. Copy the blob file created to all the standby databases and update the file ownership to oracle user.
  3. Run the following command on all the standby databases:
    dbaascli database changePassword —dbName <dbname> --user SYS --standbyBlobFromPrimary <location of copies the blob file>

To Change the TDE Wallet Password for an Exadata Cloud Infrastructure Database

  1. Log onto the Exadata Cloud Infrastructure virtual machine as opc.
  2. Run the following command:
    sudo dbaascli tde changepassword --dbname database_name