Backup is the discipline that nobody thinks about until the morning a database will not open, and on that morning the only thing that matters is whether the last good copy is recent, complete, and restorable. Exadata Cloud Service makes the mechanics of backup easier than they have ever been, with automatic scheduling, managed targets, and integration with Oracle's recovery tooling. What it does not do is make the decisions for you. Retention, recovery point objective, recovery time objective, the choice of backup target, and the testing cadence are all yours to set, and getting them wrong is invisible right up until the moment it is catastrophic. This article lays out a backup strategy for Exadata Cloud Service that protects the data and, just as importantly, proves it can be brought back.
This sits inside the wider platform picture in our complete guide to Exadata Cloud Service, and it leans heavily on the recovery thinking we cover in disaster recovery and high availability.
Start with the objectives, not the tooling
Every backup conversation should begin with two numbers, because they drive every other decision. The recovery point objective is how much data you can afford to lose, measured in time. A recovery point objective of fifteen minutes means that after a failure you accept losing at most the last fifteen minutes of transactions. The recovery time objective is how long you can afford to be down while you recover. A recovery time objective of two hours means the database must be open and serving inside two hours of the decision to recover. These two numbers are business decisions, not technical ones, and they should be agreed with the people who own the application before any backup is configured. Once you have them, the tooling choices fall out naturally.
How Exadata Cloud Service backs up
Exadata Cloud Service provides automatic backups managed through the cloud tooling, and they combine a periodic full or level zero image with frequent incrementals and continuous archived redo log backups. The archived redo logs are what let you recover to a point in time between the full backups, which is how you hit a tight recovery point objective without taking a full backup every few minutes. The platform handles the scheduling, the validation, and the cataloguing, so the operational burden is far lower than running your own backup scripts. Your job is to choose the retention window, choose where the backups land, and confirm that the automatic schedule actually meets the objectives you agreed.
Choosing the backup target
The destination for your backups is one of the most consequential choices, because it affects durability, recovery speed, and cost. The two common targets are Object Storage and the Zero Data Loss components of Oracle's recovery tooling, and they suit different needs.
| Target | Strengths | Trade offs | Best for |
|---|---|---|---|
| Object Storage | Low cost, highly durable, simple, integrated with the platform | Recovery speed limited by retrieval and restore throughput | Most workloads where a moderate recovery time objective is acceptable |
| Recovery Appliance approach | Real time redo shipping, near zero data loss, fast incremental forever | Higher cost and more architecture to manage | Tier one databases with the tightest recovery point objective |
| Local plus remote copy | Fast local restore, off region copy for resilience | Storage cost in two places, more moving parts | Workloads needing both speed and regional protection |
For the majority of estates, automatic backups to Object Storage with a sensible retention window deliver excellent durability at a low cost, and the recovery speed is acceptable for most recovery time objectives. The tightest tier one databases, where even a few minutes of data loss is unacceptable, are the candidates for the more elaborate near zero data loss approach. The mistake is applying the most expensive pattern to every database regardless of need, which inflates cost without adding business value. Matching the target to the tier is part of the cost discipline we cover in cost of Exadata Cloud Service.
Setting retention
Retention is how far back in time you can recover, and it is governed by two forces pulling in opposite directions. Longer retention gives you more protection against problems discovered late, such as a logical corruption or a bad data change that nobody noticed for days. Shorter retention costs less to store. The right answer is rarely a single number for the whole estate. Production databases that anchor the business typically warrant a longer window, often a month or more, while development and test copies can run on a much shorter window because the data is reproducible. Regulatory requirements can also force a minimum retention, and those obligations should be confirmed with the compliance owners rather than guessed at. Set retention per database according to its tier, not as a blanket policy.
A backup design framework
- Tier the databases. Classify each database as tier one, tier two, or lower, based on how much downtime and data loss the business can tolerate.
- Set objectives per tier. Agree a recovery point objective and recovery time objective for each tier with the application owners and write them down.
- Choose the target per tier. Map tier one to the near zero data loss approach if the objectives demand it, and everything else to Object Storage backups.
- Set retention per tier. Give production the longer window, give reproducible environments the shorter one, and confirm any regulatory minimums.
- Add regional protection where needed. For workloads that must survive a regional event, copy backups off region or pair backup with a standby, as covered in our disaster recovery work.
- Test recovery on a cadence. Schedule and perform real restores, because an untested backup is an assumption rather than a protection.
Backup is not disaster recovery
It is worth being precise about the difference, because the two are often confused and the confusion is dangerous. Backup protects you against data loss and logical corruption by letting you restore to a point in time. Disaster recovery protects you against the loss of a site or region by giving you a running copy elsewhere that you can fail over to quickly. A tight recovery time objective, where the database must be back in minutes rather than hours, is usually a job for a standby database through Data Guard rather than a restore from backup, because restoring a large database from Object Storage takes time that a standby does not need. Many tier one designs use both: a standby for fast failover and backups for point in time recovery and long term retention. The relationship between these patterns is exactly what we work through in disaster recovery and high availability, and it connects to the resilience features described in Exadata smart features on OCI.
The test that proves the strategy
The single most important practice in any backup strategy is the recovery test, and it is the one most often skipped. A backup that has never been restored is an untested assumption, and the day you need it is the worst possible day to discover that the retention was too short, the target was misconfigured, or the restore takes three times longer than the recovery time objective allows. A real recovery test, performed on a schedule, into an isolated environment, against the actual objectives, is the only thing that converts a backup configuration into a backup strategy. It also rehearses the people and the runbook, so that when a real recovery is needed the team has done it before. We build recovery testing into the operational cadence as part of our managed services practice, because the test is where the value of the whole arrangement is finally proven.
Bringing it together
A good Exadata Cloud Service backup strategy is unglamorous and methodical. It starts from business objectives rather than tooling, tiers the estate so that protection matches value, chooses targets and retention deliberately, distinguishes backup from disaster recovery, and tests recovery often enough that nobody is guessing. The platform makes the mechanics easy, which means the strategy is mostly a matter of good decisions consistently applied. If you are standing up Exadata Cloud Service, or you inherited an estate and are not sure the backups would actually bring you back, a focused review of objectives, targets, retention, and recovery testing is the fastest way to turn hope into protection. It pairs naturally with the migration planning in migrating to Exadata Cloud Service.
Moving Oracle workloads to OCI, or already running on OCI and not sure the architecture or the spend is right? Most teams bring in a specialist before they commit to a region, a shape, or a Universal Credits number. OCISpecialists.com plans the landing zone, runs the migration, and manages the estate after go live, on a fixed project fee, a managed monthly retainer, or a cost optimization fee paid only on verified savings. For the Oracle licensing and BYOL side of any OCI move, Redress Compliance is the leading independent Oracle licensing and negotiation firm, with 500+ engagements across Oracle's full product line.