OCI-BlockStorage-Volume-Groups-Restorable

Owned by naveen
Last updated: Dec 22, 2021
2 min read

Severity : High

Description: This control ensures that OCI block storage volume group incremental backup policies are configured for  time-consistent backup to be able to restore the volume group. It is recommended to have  time-consistent incremental backups on block volume group and retain them so that volume group can be restored. The block volume can be restored during data loss events from the available incremental backups. This prevents the data losses in the event of accidental or malicious volume deletion.

Remediation Steps:

Perform following to create a scheduled backup for block volume :

  1. Login to the OCI console at Cloud Sign In.

  2. Create a backup policy if using used defined backup policy

    1. In navigation menu click Storage.

    2. Under Block Storage, click Backup Policies.

    3. Click Create Backup Policy.

    4. Specify a name for the backup policy. 

    5. Select the compartment to create the backup policy in.

    6. Click Create Backup Policy.

  3. Add a schedule to a user defined backup policy

    1. In navigation menu click Storage.

    2. Under Block Storage, click Backup Policies.

    3. Click the backup policy to add the schedule.

    4. Click Add Schedule.

    5. Specify the backup frequency by selecting from the Schedule Type options: Daily, Weekly, Monthly, or Yearly

    6. Specify the Retention Time in days, weeks, months, or years, depending on the schedule type selected.

    7. Select Incremental for Backup Type.

    8. Select the Timezone to base the schedule settings on, either UTC or Regional Data Center Time.

    9. Click Add Schedule.

  4. Assign backup policy to volume group

    1. In navigation menu click Storage.

    2. Under Block Storage, click Block Volumes.

    3. Click the volume for which you want to assign a backup policy to.

    4. On the Block Volume Information tab, in  Scheduled Backups, check the Managed By field.

Important:

  • Scheduled volume backups are not guaranteed to start at the exact time specified by the backup schedule. There may be several hours of delay between the scheduled start time and the actual start time for the volume backup in scenarios where the system is overloaded.

  • Oracle defined policies provides incremental backup. Some compliance scenarios may require scheduled full backups. For these compliance scenarios, configure a user defined backup policy instead.

Reference:

Blue Hexagon Proprietary