OCI-Compute-Boot-Volume-Backup-Enabled

Owned by naveen
Last updated: Aug 08, 2022
2 min read

Severity : Medium

Description: This control ensures that OCI compute boot volume backup policies are configured. It is recommended to have backups automatically on each volume  on a schedule and retain them based on the selected backup policy. A backup of a boot volume can be created while it is attached to a running instance. The boot volume can be restored during data loss events from the backups. The volume backup policies also provide data compliance and regulatory requirements.

Remediation Steps:

Perform following to create a scheduled backup for block volume :

  1. Login to the OCI console at Cloud Sign In.

  2. Create a backup policy if using used defined backup policy

    1. In navigation menu click Storage.

    2. Under Block Storage, click Backup Policies.

    3. Click Create Backup Policy.

    4. Specify a name for the backup policy. 

    5. Select the compartment to create the backup policy in.

    6. Optionally, you can enable cross region copy to the specified region. This automates the copying of the volume backup to a second region after each backup is created. To enable cross region copy, select a target region from the Cross Region Copy Target list. This is the region the volume backup will be copied to.

    7. Click Create Backup Policy.

  3. Add a schedule to a user defined backup policy

    1. In navigation menu click Storage.

    2. Under Block Storage, click Backup Policies.

    3. Click the backup policy to add the schedule.

    4. Click Add Schedule.

    5. Specify the backup frequency by selecting from the Schedule Type options: Daily, Weekly, Monthly, or Yearly

    6. Specify the Retention Time in days, weeks, months, or years, depending on the schedule type selected.

    7. Select Full or Incremental for Backup Type. 

    8. Select the Timezone to base the schedule settings on, either UTC or Regional Data Center Time.

    9. Click Add Schedule.

  4. Assign backup policy to volume

    1. In navigation menu click Storage.

    2. Under Block Storage, click Block Volumes.

    3. Click the volume for which you want to assign a backup policy to.

    4. On the Block Volume Information tab, in  Scheduled Backups, check the Managed By field.

Important:

  • Boot volume backup size may be larger than the source boot volume size

  • Scheduled volume backups are not guaranteed to start at the exact time specified by the backup schedule. There may be several hours of delay between the scheduled start time and the actual start time for the volume backup in scenarios where the system is overloaded.

  • Oracle defined policies doesn’t include full backups , but provides incremental backup. Some compliance scenarios may require scheduled full backups. For these compliance scenarios, configure a user defined backup policy instead

Reference:

Blue Hexagon Proprietary