Oracle Zero Data Loss Recovery Appliance Cyber Security Architecture

 Separation of Duty

Ensuring that backup data is validated is key to being prepared for a future recovery, which means that all data, including TDE databases, must be validated for recoverability at each step of the workflow into the Cyber Vault.

Multi-layer anomaly detection in the architecture ensures that data is valid at all points in the Oracle ecosystem. Each zone indicated above will perform independent checks to prevent invalid or compromised data from entering or exiting the zone and ultimately the Cyber Vault.

• Zone 1
• RMAN will do consistency checks at the database to ensure the backup data is valid before being sent to the Recovery Appliance in the production data center
• Zone 2
• The Recovery Appliance in the production data center performs checks to ensure that the data is valid and complete.
• Data is validated when the RMAN database backup arrives on the Recovery Appliance in the production data center. 
• Data replicated from the Recovery Appliance in the production data center is validated again before being sent to the Recovery Appliance in the Cyber Vault. 
• Regular automated validation is scheduled within the Recovery Appliance in the production data center to ensure ongoing validity as the data ages.
• Zone 3
• The Recovery Appliance in the Cyber Vault performs checks to ensure that the data is valid and complete
• Data is validated upon arrival into the Recovery Appliance in the Vault from the Recovery Appliance in the production data center.

Regular automated validation is scheduled within the Recovery Appliance in the Cyber Vault to ensure ongoing validity as the data ages

Enterprise Manager positioning

Oracle Enterprise Manager is the single dashboard for your entire Oracle deployment. In this Cyber Vault architecture, Enterprise Manager is used for management, monitoring and alerting for the Recovery Appliance and for backup automation. This centralized management helps verify the integrity and provide compliance reporting across the entire infrastructure.

Synchronizing the Vault with Latest Backups

The Recovery Appliance real time redo capability produces backups that are always available for the Cyber Vault. This eliminates the troublesome synchronization process with the backup schedule and the Cyber Vault replication network gateway that opens randomly. The most current backup data is automatically transferred to the Cyber Vault the moment the Cyber Vault replication gateway opens. This replication gateway is randomized and controlled from the Cyber Vault location.

Data Recovery

The Recovery Appliance can backup and recover data to any platform supported by the Oracle database. This eases the planning required for recovery operations since the data is available for recovery to any known good location during a cyber event. The gateway can only push data from Cyber Vault location to the environment and is controlled from the Cyber Vault location

Documentation reference

• Zero Data Loss Recovery Appliance Cyber Security Architecture