OCI-Compute-Boot-Volume-Restorable

Severity : Medium

Description: This control ensures that OCI compute boot volume is restorable from the boot volume backup. Having an active backup ensures that the boot volumes can be restored in the event of a compromised system or hardware failure. It is recommended to have backups policies configured automatically on boot volume  on a schedule and retain them based on the selected backup policy. The boot volume can be restored during data loss events from the backups.

Remediation Steps:

Perform following to create a scheduled backup for boot volume :

1. Login to the OCI console at https://www.oracle.com/cloud/sign-in.html.

2. Create a backup policy if using used defined backup policy

   1. In navigation menu click Storage.

   2. Under Block Storage, click Backup Policies.

   3. Click Create Backup Policy.

   4. Specify a name for the backup policy. 

   5. Select the compartment to create the backup policy in.

   6. Optionally, you can enable cross region copy to the specified region. This automates the copying of the volume backup to a second region after each backup is created. To enable cross region copy, select a target region from the Cross Region Copy Target list. This is the region the volume backup will be copied to.

   7. Click Create Backup Policy.

3. Add a schedule to a user defined backup policy

   1. In navigation menu click Storage.

   2. Under Block Storage, click Backup Policies.

   3. Click the backup policy to add the schedule.

   4. Click Add Schedule.

   5. Specify the backup frequency by selecting from the Schedule Type options: Daily, Weekly, Monthly, or Yearly

   6. Specify the Retention Time in days, weeks, months, or years, depending on the schedule type selected.

   7. Select Full or Incremental for Backup Type. 

   8. Select the Timezone to base the schedule settings on, either UTC or Regional Data Center Time.

   9. Click Add Schedule.

4. Assign backup policy to volume

   1. In navigation menu click Storage.

   2. Under Block Storage, click Boot Volumes.

   3. Click the volume for which you want to assign a backup policy to.

   4. On the Volume Information tab, Click Edit.

   5. In  BACKUP POLICIES, Select the backup policy compartment and then select the configured policy.

   6. Click Save Changes.

5. To restore the boot volume from backup

   1. In navigation menu click Storage.

   2. Under Block Storage, click Block Volumes.

   3. In Block Storage, Click Boot Volume Backups.

   4. Choose Compartment.

   5. In the list of boot volume backups, click the Actions menu for the boot volume backup to restore and then click Create Boot Volume. 

   6. Specify a name for the boot volume.

   7. Click Create Boot Volume. The boot volume will be ready to use once its icon no longer lists it as PROVISIONING.

Important:

• Boot volume backup size may be larger than the source boot volume size

• Scheduled volume backups are not guaranteed to start at the exact time specified by the backup schedule. There may be several hours of delay between the scheduled start time and the actual start time for the volume backup in scenarios where the system is overloaded.

• Oracle defined policies doesn’t include full backups , but provides incremental backup. Some compliance scenarios may require scheduled full backups. For these compliance scenarios, configure a user defined backup policy instead

Reference:

• https://docs.oracle.com/en-us/iaas/Content/Block/Tasks/schedulingvolumebackups.htm#PolicyBased_Backups

• https://docs.oracle.com/en-us/iaas/Content/knownissues.htm#bootBackupSize