Configuring Recovery Service

Review and complete the configuration tasks required to implement Recovery Service in your tenancy.

Prerequisite Tasks for Using Recovery Service
Before you enable and use Recovery Service as the backup destination, you must ensure to verify the minimum requirements and complete all the prerequisite tasks specific to your Oracle Cloud Database service.
Oracle Database Releases That Support Recovery Service
You can use Oracle Database Autonomous Recovery Service as the backup destination for Oracle Cloud databases provisioned with the following Oracle Database releases.
Review Limits for Recovery Service
A service limit is the quota or allowance set on a resource. Use the console to verify that your tenancy's Recovery Service resource limits are adequate to meet your database backup demands.
Create Groups and Users to Manage Recovery Service
Create Oracle Cloud Infrastructure (OCI) user accounts and groups to manage Recovery Service resources.
Permissions Required for Oracle Databases in OCI to Use Recovery Service
Assign the permissions required for OCI Databases to use Recovery Service for backups.
Permissions Required for Multicloud Oracle Databases to Use Recovery Service
Assign the permissions required for Oracle Database@Azure or Oracle Database@Google Cloud to use Recovery Service for backups.
Configuring Network Resources for Recovery Service
Use an IP4-only subnet in the database VCN for Recovery Service operations. Define security rules to control the backup traffic between your database and Recovery Service. Finally, register the private subnet as a Recovery Service subnet.
Register a Recovery Service Subnet
After you have created a private subnet for Recovery Service in your database VCN, use this procedure to register the subnet in Recovery Service.
(Optional) Review Protection Policies for Database Backup Retention
Recovery Service provides predefined protection policies to suit common use cases for backup retention. You can optionally create custom protection policies to suit your internal data retention requirements.
Ways to Manage Recovery Service Resources
In Oracle Cloud Infrastructure (OCI), you can create and manage Recovery Service resources using a variety of interfaces provided to fit your different management use cases.

Prerequisite Tasks for Using Recovery Service

Before you enable and use Recovery Service as the backup destination, you must ensure to verify the minimum requirements and complete all the prerequisite tasks specific to your Oracle Cloud Database service.

Figure 2-1 Prerequisite Configuration Steps to Enable Recovery Service for Database Backups

Description of "Figure 2-1 Prerequisite Configuration Steps to Enable Recovery Service for Database Backups "

Common Requirements for Oracle Database Services to Use Recovery Service, see Table 2-1
Common mandatory prerequisites required for using Recovery Service.
Prerequisites for Oracle Databases in OCI, see Table 2-2
Specific prerequisites for Oracle Exadata Database Service on Dedicated Infrastructure and Oracle Base Database Service to use Recovery Service for backups.
Prerequisites for Multicloud Oracle Databases, see Table 2-3
Specific prerequisites for multicloud Oracle Database services to use Recovery Service for backups.

Note

Operational backups to two different backup destinations may create data loss scenarios. Therefore, before you enable automatic backups to Recovery Service, you must disable manual backup scripts and processes to other storage destinations.

Table 2-1 Common Requirements for Oracle Database Services to Use Recovery Service

Requirement	More Information
Verify whether Recovery Service is supported for your target database version.	Oracle Database Releases That Support Recovery Service
Ensure that Recovery Service resource limits are adequate.	Review Limits for Recovery Service
As a tenancy administrator, create the Oracle Cloud Infrastructure IAM users and groups to manage Recovery Service related tasks.	Create Groups and Users to Manage Recovery Service

Table 2-2 Prerequisites for Supported Oracle Databases in OCI

Step	Task	More Information
1	Use the Autonomous Recovery Service policy templates to assign permissions for Oracle Cloud Databases in OCI to use Recovery Service for backups.	Permissions Required for Oracle Databases in OCI to Use Recovery Service
2	Configure the required network resources to enable the backup network path to Recovery Service.	Configuring Network Resources for Recovery Service
3	Register a Recovery Service subnet.	Register a Recovery Service Subnet
4	Review protection policies and enable automatic backups to Autonomous Recovery Service	(Optional) Review Protection Policies for Database Backup Retention Enable Automatic Backups to Recovery Service

Table 2-3 Prerequisites for Oracle Database@Azure and Oracle Database@Google Cloud

Step	Task	More Information
1	Use the Autonomous Recovery Service policy templates to assign the permissions required for Oracle Database@Azure or Oracle Database@Google Cloud to use Recovery Service for backups.	Permissions Required for Multicloud Oracle Databases to Use Recovery Service
2	Do one of the following for Oracle Database@Azure and Oracle Database@Google Cloud: If your backup subnet meets the recommended /24 subnet size requirement, then skip this step and directly proceed to register a Recovery Service subnet using NSG as described in step 3. If your backup subnet does not meet the minimum subnet size requirements, you must first configure the network resources as described in this step, and then proceed to register the Recovery Service subnet.	Configuring Network Resources for Recovery Service
3	Register a Recovery Service subnet. For multicloud Oracle Databases, such as Oracle Database@Azure or Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating NSGs.	Register a Recovery Service Subnet
4	Review protection policies and then enable automatic backups to Recovery Service.	(Optional) Review Protection Policies for Database Backup Retention Enable Automatic Backups to Recovery Service

Related Topics

Autonomous Recovery Service Checklist

Parent topic: Configuring Recovery Service

Oracle Database Releases That Support Recovery Service

You can use Oracle Database Autonomous Recovery Service as the backup destination for Oracle Cloud databases provisioned with the following Oracle Database releases.

Table 2-4 Oracle Database Releases that Support Recovery Service

Oracle Database Edition and Version	More Information
Oracle Database 19c Release 16 (19.16) or later	Your target database must meet these minimum requirements: To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the `COMPATIBLE` initialization parameter must be set to 19.0.0 or higher). To use the Real-time data protection feature, your database must be provisioned with Oracle Database 19c Release 18 (19.18) or later.
Oracle Database 21c Release 7 (21.7) or later	Your target database must meet these minimum requirements: To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the `COMPATIBLE` initialization parameter must be set to 19.0.0 or higher). To use the Real-time data protection feature, your database must be provisioned with Oracle Database 21c Release 8 (21.8) or later.
Oracle Database 23ai (23.4) or later	To use Recovery Service, your target database must have a minimum compatibility level of 19.0 (the `COMPATIBLE` initialization parameter must be set to 19.0.0 or higher).

Note

For information about the supported Database Services in the Oracle US Government Cloud, see Oracle Database Releases That Support Recovery Service in Oracle US Government Cloud.

Related Topics

Real-time Data Protection

Parent topic: Configuring Recovery Service

Review Limits for Recovery Service

A service limit is the quota or allowance set on a resource. Use the console to verify that your tenancy's Recovery Service resource limits are adequate to meet your database backup demands.

Autonomous Recovery Service has maximum limits for the number of protected databases and the backup storage space utilization. The limits apply to each region.

Table 2-5 Autonomous Recovery Service Resource Limits

Resource	Oracle Universal Credits	Pay As You Go or Trial
Autonomous Recovery Service Protected Database Count	Contact Us	Contact Us
Autonomous Recovery Service Space Used for Recovery Window (GB)	Contact Us	Contact Us

Use the console to review the current service limits and usage information, and request an increase in resource limits, if necessary.

In the navigation menu, select Governance & Administration, and then select Tenancy Management.
Select Limits, Quotas and Usage.
Select Autonomous Recovery Service from the Service list.
Review the current limits and usage information.
Request a service resource limit increase, if necessary.
See Requesting a Service Limit Increase for detailed steps.

Note

You can also control the resource utilization within compartments. See Quota Policy Quick Start for detailed information.

Related Topics

Service Limits

Parent topic: Configuring Recovery Service

Create Groups and Users to Manage Recovery Service

Create Oracle Cloud Infrastructure (OCI) user accounts and groups to manage Recovery Service resources.

You can then assign Recovery Service policy statements to the groups. For example, create a group called recoveryserviceadmin and assign the policy that allows the group to manage protected databases, protection policies, and Recovery Service subnets.

Table 2-6 Creating Groups and Users for Recovery Service

Task	More Information
Create a group	To create a group
Create users	To create a user
Add users to a group	To add a user to a group
Assign policies to groups	Permissions Required for Oracle Databases in OCI to Use Recovery Service

Parent topic: Configuring Recovery Service

Permissions Required for Oracle Databases in OCI to Use Recovery Service

Assign the permissions required for OCI Databases to use Recovery Service for backups.

In the Policy Builder, select Autonomous Recovery Service as the Policy Use Case, and then select these predefined policy templates:

Note

Recovery Service includes separate policy templates for Oracle Database@Azure and Oracle Database@Google Cloud. If you are configuring Recovery Service for your multicloud Oracle Database, then skip this step and proceed to Permissions Required for Multicloud Oracle Databases to Use Recovery Service.

Ability to do all things with Autonomous Recovery Service

The Ability to do all things with Autonomous Recovery Service policy template includes all the policy statements required to provide permissions for the supported database services to use Recovery Service, and for Recovery Service to use the network resources to access databases in a VCN.

You can either select the policy template or add these policy statements using the manual editor in the Policy Builder.

Table 2-7 Policy Statements Required for Using Recovery Service

Policy Statement	Create In	Purpose
`Allow service database to manage recovery-service-family in tenancy`	Root compartment	Enables the OCI Database Service to access protected databases, protection policies, and Recovery Service subnets within your tenancy.
`Allow service database to manage tagnamespace in tenancy`	Root compartment	Enables the OCI Database Service to access the tag namespace in a tenancy.
`Allow service rcs to manage recovery-service-family in tenancy`	Root compartment	Enables Recovery Service to access and manage protected databases, Recovery Service subnets, and protection policies within your tenancy.
`Allow service rcs to manage virtual-network-family in tenancy`	Root compartment	Enables Recovery Service to access and manage the private subnet in each database VCN within your tenancy. The private subnet defines the network path for backups between a database and Recovery Service.
`Allow group admin to manage recovery-service-family in tenancy`	Root compartment	Enables users in a specified group to access all Recovery Service resources. Users belonging to the specified group can manage protected databases, protection policies, and Recovery Service subnets.

Let users manage protection policies in Autonomous Recovery Service

The Let users manage protection policies in Autonomous Recovery Service policy template grants permissions for users in a specified group to create, update, and delete protection policy resources in Recovery Service.

You can either select the policy template or add this policy statement using the manual editor in the Policy Builder.

Table 2-8 Policy Statement for Managing Protection Policies

Policy Statement	Create In	Purpose
`Allow group {group name} to manage recovery-service-policy in compartment {location}`	Compartment that owns the protection policies.	Enables all users in a specified group to create, update, and delete protection policies in Recovery Service.

Consider this example.

This policy grants the RecoveryServiceUser group with the permissions to create, update, and delete protection policies in ABC compartment.

Allow group RecoveryServiceUser to manage recovery-service-policy in compartment ABC

Let users manage Autonomous Recovery Service Subnets

The Let users manage Autonomous Recovery Service subnets policy template grants permissions for users in a specified group to create, update, and delete Recovery Service subnet resources.

You can either select the policy template or add this policy statement in the Policy Builder.

Table 2-9 Policy Statement for Managing Recovery Service Subnets

Policy Statement	Create In	Purpose
`Allow Group {group name} to manage recovery-service-subnet in compartment {location}`	Compartment that owns the Recovery Service subnets.	Enables all users in a specified group to create, update, and delete Recovery Service subnets.

Consider this example.

This policy grants the RecoveryServiceAdmin group with the permissions to manage Recovery Service subnets in ABC compartment.

Allow group RecoveryServiceAdmin to manage recovery-service-subnet in compartment ABC

Related Topics

Recovery Service Resource Types and Policies

Parent topic: Configuring Recovery Service

Permissions Required for Multicloud Oracle Databases to Use Recovery Service

Assign the permissions required for Oracle Database@Azure or Oracle Database@Google Cloud to use Recovery Service for backups.

In the Policy Builder, select Autonomous Recovery Service as the Policy Use Case, and then select one of these policy templates relevant to your multicloud Oracle Database service.

Let Oracle Database@Azure use Autonomous Recovery Service for backup

This policy template includes these policy statements required by Oracle Database@Azure to use Recovery Service for backups.


Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow group admin to manage recovery-service-family in tenancy
Allow service database to use organizations-assigned-subscription in tenancy 
where target.subscription.serviceName = 'ORACLEDBATAZURE'

ORACLEDBATAZURE indicates the service name for Oracle Database@Azure.

Let Oracle Database@Google Cloud use Autonomous Recovery Service for backup

This policy template includes these policy statements required by Oracle Database@Google Cloud to use Recovery Service for backups.


Allow service database to manage recovery-service-family in tenancy
Allow service database to manage tagnamespace in tenancy
Allow service rcs to manage recovery-service-family in tenancy
Allow service rcs to manage virtual-network-family in tenancy
Allow group admin to manage recovery-service-family in tenancyAllow service database to use 
organizations-assigned-subscription in tenancy where 
target.subscription.serviceName = 'ORACLEDBATGOOGLE'

ORACLEDBATGOOGLE indicates the service name for Oracle Database@Google Cloud.

See Multicloud Oracle Database Backup Support for more information about using Recovery Service for multicloud Oracle Database backups.

Parent topic: Configuring Recovery Service

Configuring Network Resources for Recovery Service

Use an IP4-only subnet in the database VCN for Recovery Service operations. Define security rules to control the backup traffic between your database and Recovery Service. Finally, register the private subnet as a Recovery Service subnet.

Note

For Oracle Database@Azure and Oracle Database@Google Cloud, if your backup subnet meets the recommended /24 subnet size requirement, then skip this section and directly proceed to register the Recovery Service subnet using network security groups (NSGs). Otherwise, you must first complete the steps described in this section, and then proceed to register the Recovery Service subnet.

About Using a Private Subnet for Recovery Service Operations
Recovery Service requires a private subnet in the same virtual cloud network (VCN) where your database resides. The private subnet must include security rules to control the backup network between your database and Recovery Service.
Review Networking Service Permissions to Configure a Subnet
Ensure that you have these Networking Service permissions required to create a subnet in the database VCN and to assign security rules for Recovery Service.
Review Subnet Size Requirements and Security Rules for Recovery Service Subnet
The security rules are necessary to allow backup traffic between a database and Recovery Service .
Create a Recovery Service Subnet in the Database VCN
Use the OCI Console to configure a private subnet for Recovery Service in your database virtual cloud network (VCN).

Parent topic: Configuring Recovery Service

About Using a Private Subnet for Recovery Service Operations

Recovery Service requires a private subnet in the same virtual cloud network (VCN) where your database resides. The private subnet must include security rules to control the backup network between your database and Recovery Service.

Recommendations for Recovery Service Subnets in the Database VCN

Your database VCN must have a single private subnet for backups to Recovery Service. The private subnet must reside in the same VCN where the database resides.
Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.
The recommended subnet size is /24 (256 IP addresses).
Recovery Service dynamically assigns the required number of free IP addresses to support the private endpoints. If you have any limitations on the available number of free IP addresses, then use a minimum /27 subnet size which will allow 32 IP addresses.

You can either create a new private subnet or select any preexisting subnet (of the recommended size) available in the database VCN.
You must register the private subnet as a Recovery Service subnet. See Register a Recovery Service Subnet for details.
If a Recovery Service subnet contains insufficient number of available IP addresses, then Recovery Service issues an alert message when you try to add a new database. In this scenario, you can add IP addresses by associating multiple subnets to the Recovery Service subnet.
Your Oracle Cloud database can reside in the same private subnet used by Recovery Service or in a different subnet within the same VCN.

Note

Oracle recommends using a private subnet for backups to Recovery Service. However, it is possible to use a public subnet.

Implementing Security Rules for Recovery Service Subnet

The database VCN requires security rules to allow backup traffic between your database and Recovery Service.

Security rules for the Recovery Service subnet must include stateful ingress rules to allow destination ports 8005 and 2484.

Use these Networking service features to implement security rules:

Security Lists
A security list allows you to add security rules at the subnet level.

In your database VCN, select the security list that is used for the Recovery Service subnet, and add the ingress rules to allow destination ports 8005 and 2484.
Network Security Groups (NSG)
Network security groups (NSG) enable granular control over security rules that apply to individual VNICs in a VCN. Recovery Service supports these options to configure security rules using NSGs:
- Create one NSG for the database VNIC with egress rules to allow ports 2484 and 8005. Add a separate NSG for Recovery Service with ingress rules to allow ports 2484 and 8005. Use this approach if you want to implement network isolation.
- Create and use a single NSG (with egress and ingress rules) for the database VNIC and Recovery Service.

Note

If you use network security groups (NSG) to implement security rules or if your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database NSG or subnet to the Recovery Service NSG or subnet that you create.
If you have configured a security list and an NSG within your database VCN, then the rules defined in the NSGs takes precedence over the rules defined in a security list.

See Comparison of Security Lists and Network Security Groups to learn more.

After you create a private subnet in the database VCN, assign the security rules and then register the subnet as a Recovery Service subnet in Recovery Service. If you have created NSGs to implement security rules, then you must also ensure to associate the Recovery Service NSG with the Recovery Service subnet.

Related Topics

Autonomous Recovery Service Checklist

Parent topic: Configuring Network Resources for Recovery Service

Review Networking Service Permissions to Configure a Subnet

Ensure that you have these Networking Service permissions required to create a subnet in the database VCN and to assign security rules for Recovery Service.

Table 2-10 Networking Service Permissions Required to Create a Private Subnet and Configure Security Rules for Recovery Service

Operation	Required IAM Policies
Configure a private subnet in a database VCN	`use vcns` for the compartment which the VCN is in `use subnets` for the compartment which the VCN is in `manage private-ips` for the compartment which the VCN is in `manage vnics` for the compartment which the VCN is in manage vnics for the compartment which the database is provisioned or is to be provisioned in

Alternatively, you can create a policy that allows a specified group with broader access to networking components.

For example, use this policy to allow a NetworkAdmin group to manage all networks in any compartment in a tenancy.

Example 2-1 Policy for Network Administrators

Allow group NetworkAdmin to manage virtual-network-family in tenancy

Parent topic: Configuring Network Resources for Recovery Service

Review Subnet Size Requirements and Security Rules for Recovery Service Subnet

The security rules are necessary to allow backup traffic between a database and Recovery Service .

Note

Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.

Table 2-11 Subnet Size and Security Rules for the Recovery Service Subnet

Item	Requirements
Recommended subnet size	/24 (256 IP addresses) If you have any limitations on the available number of free IP addresses, then use a minimum /27 subnet size which will allow 32 IP addresses.
General ingress rule 1: Allow HTTPS traffic from Anywhere	This rule allows backup traffic from your Oracle Cloud Infrastructure Database to Recovery Service. Stateless: No (all rules must be stateful) Source Type: CIDR Source CIDR: CIDR of the VCN where the database resides IP Protocol: TCP Source Port Range: All Destination Port Range: 8005
General ingress rule 2: Allows SQLNet Traffic from Anywhere	This rule allows recovery catalog connections and real-time data protection from your Oracle Cloud Infrastructure Database to Recovery Service. Stateless: No (all rules must be stateful) Source Type: CIDR Source CIDR: CIDR of the VCN where the database resides IP Protocol: TCP Source Port Range: All Destination Port Range: 2484

Item

Requirements

Recommended subnet size

/24 (256 IP addresses)

If you have any limitations on the available number of free IP addresses, then use a minimum /27 subnet size which will allow 32 IP addresses.

General ingress rule 1:

Allow HTTPS traffic from Anywhere

This rule allows backup traffic from your Oracle Cloud Infrastructure Database to Recovery Service.

Stateless: No (all rules must be stateful)
Source Type: CIDR
Source CIDR: CIDR of the VCN where the database resides
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 8005

General ingress rule 2:

Allows SQLNet Traffic from Anywhere

This rule allows recovery catalog connections and real-time data protection from your Oracle Cloud Infrastructure Database to Recovery Service.

Stateless: No (all rules must be stateful)
Source Type: CIDR
Source CIDR: CIDR of the VCN where the database resides
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 2484

Note

If you use network security groups (NSG) to implement security rules or if your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database NSG or subnet to the Recovery Service NSG or subnet that you create.

Parent topic: Configuring Network Resources for Recovery Service

Create a Recovery Service Subnet in the Database VCN

Use the OCI Console to configure a private subnet for Recovery Service in your database virtual cloud network (VCN).

In the navigation menu, select Networking, and then select Virtual cloud networks to display the Virtual Cloud Networks list page.
Select the VCN in which your database resides.
Use these steps to create a Recovery Service subnet with a security list. If you want to use network security groups, then proceed to step 4.
1. On the details page for the virtual cloud network, select the Security tab.
2. Under Security Lists, select the security list that is used for the VCN.
3. On the details page for the security list, select the Security rules tab.
  You must add two ingress rules to allow destination ports 8005 and 2484.
4. Select Add Ingress Rules and add these details to set up a stateful ingress rule that allows HTTPS traffic from anywhere:
  - Source Type: CIDR
  - Source CIDR: Specify the CIDR of the VCN where the database resides.
  - IP Protocol: TCP
  - Source Port Range: All
  - Destination Port Range: 8005
  - Description: Specify an optional description of the ingress rule to help manage the security rules.
5. Select +Another Ingress Rule and add these details to set up a stateful ingress rule that allows SQLNet traffic from anywhere:
  - Source Type: CIDR
  - Source CIDR: Specify the CIDR of the VCN where the database resides.
  - IP Protocol: TCP.
  - Source Port Range: All
  - Destination Port Range: 2484.
  - Description: Specify an optional description of the ingress rule to help manage the security rules.
  Note
  
  Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.
  
  See: Review Subnet Size Requirements and Security Rules for Recovery Service Subnet for more information.
6. Select Add Ingress Rules.
7. On the details page for the virtual cloud network page, select the Subnets tab and then select Create Subnet.
8. Create a private subnet or select a private subnet that already exists in the database VCN. Oracle recommends a subnet size of /24 (256 IP addresses) for the private subnet.
9. On the details page for the subnet, select the Security tab. Under Security Lists, add the security list that includes the ingress rules to allow destination ports 8005 and 2484.
  
  Note
  
  If your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database subnet to the Recovery Service subnet that you create.
Use these steps to create a Recovery Service subnet with network security groups (NSG).
1. On the details page for the virtual cloud network, select the Security tab and go to the Network Security Groups section.
2. Select Create Network Security Group.
  Use one of these supported methods to configure security rules using NSGs:
  - To implement network isolation, create one NSG for the database VNIC (add egress rules to allow ports 2484 and 8005) and a separate NSG for Recovery Service (add ingress rules to allow ports 2484 and 8005).
  - Create and use a single NSG (with egress and ingress rules) for the database VNIC and Recovery Service.
  The Network Security Group page lists the NSGs that you create.
Note

For additional configuration details, refer the relevant OCI Database Service documentation.
After you create and configure the Recovery Service subnet in the database VCN, proceed to register the subnet as a Recovery Service subnet. Oracle recommends that you register a single Recovery Service subnet per VCN.

Note

If you have implemented security rules using NSGs, then you must also ensure to add the Recovery Service NSG to the Recovery Service subnet.

Parent topic: Configuring Network Resources for Recovery Service

Register a Recovery Service Subnet

After you have created a private subnet for Recovery Service in your database VCN, use this procedure to register the subnet in Recovery Service.

Multiple protected databases can use the same Recovery Service subnet. In order to ensure that the required number of IP addresses are available to support the Recovery Service private endpoints, you can assign multiple subnets to a Recovery Service subnet that is used by more than one protected database.

Note

Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet.
For Oracle Database@Azure and Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating network security groups (NSG).

Ensure that you have completed the prerequisite configuration tasks specific to your Oracle Database service before you register the Recovery Service subnet.

On the Recovery Service subnets list page, select Register Recovery Service subnet. See Listing Recovery Service Subnets for detailed steps to access the list page.
Enter a name for the Recovery Service subnet. Avoid entering confidential information in the Name field.
Verify the compartment where you want to create the Recovery Service subnet. Use the Create in compartment field to select a different compartment, if necessary.
Select the Compartment that contains the virtual cloud network (VCN) that you want to use. You can select a VCN from only one compartment at a time
Select the virtual cloud network.
Under Subnets, select these options:
1. Select the Compartment that contains the private subnet that you want to use.
2. Select the Subnet that you have configured for Recovery Service operations in the selected VCN.
(Optional) Select +Another Subnet to assign an additional subnet to the Recovery Service subnet.
If a single subnet does not contain enough IP addresses to support the Recovery Service private endpoints, then you can assign multiple subnets.

See About Using a Private Subnet for Recovery Service Operations for details.
Expand Advanced options to configure these options: .
- Network security groups
  If you have used a network security group (NSG) to implement security rules for Recovery Service in the database VCN, then you must add the Recovery Service NSG to the Recovery Service subnet. The Recovery Service NSG can reside in the same compartment or in a different compartment. However, the NSG must belong to the same VCN to which the specified subnet belongs.
  1. In the Network security groups section, select Use network security groups to control traffic.
  2. Select the Recovery Service NSG you have created in the database VCN.
  3. Select +Another network security group to associate multiple NSGs (maximum five).
  Note
  
  For Oracle Database@Azure and Oracle Database@Google Cloud, you must register the Recovery Service subnet by associating network security groups (NSG).
- Tags: (Optional) Add one or more tags to the resource. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
Select Register.

Note

A Recovery Service subnet must be associated with at least one subnet belonging to your database VCN.

You can replace a subnet or add more subnets to support the required number of private endpoints. See Add Multiple Subnets to a Recovery Service Subnet for details.

See Associate NSGs to a Recovery Service Subnet for detailed steps to add NSGs to an existing Recovery Service subnet.

Parent topic: Configuring Recovery Service

(Optional) Review Protection Policies for Database Backup Retention

Recovery Service provides predefined protection policies to suit common use cases for backup retention. You can optionally create custom protection policies to suit your internal data retention requirements.

Open the navigation menu, select Oracle Database and then select Database Backups.
Under Database Backups, select Protection Policies.
Recovery Service provides four Oracle-defined protection policies based on typical use cases for backup retention. You cannot modify these policies:
- Platinum: 95 days
- Gold: 65 days
- Silver: 35 days
- Bronze: 14 days
Optionally, create a custom policy to suit your backup retention requirements. See: Creating a Protection Policy for details.

Related Topics

Policy-Based Data Protection Management

Parent topic: Configuring Recovery Service

Ways to Manage Recovery Service Resources

In Oracle Cloud Infrastructure (OCI), you can create and manage Recovery Service resources using a variety of interfaces provided to fit your different management use cases.

Interface	More Information
OCI Console	Using the Console
Application Programming Interfaces (APIs)	Oracle Database Autonomous Recovery Service API
Command-Line Interfaces (CLIs)	Using the CLI

Related Topics

Parent topic: Configuring Recovery Service

Oracle Cloud Infrastructure Documentation