noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Oracle Corporation

Announcing OCI Block Volume Direct APIs for changed block tracking[...]
SEC - The United States Securities[...]

Litigation Releases (Matthew Groom)
UnitedHealth Group Inc.

UnitedHealth Group Reports Third Quarter Results

Finance

Oracle Corporation

10/16/2024 | Press release | Distributed by Public on 10/15/2024 21:57

Announcing customer managed keys for cross region volume replication and policy based backup

We're pleased to announce that Oracle Cloud Infrastructure (OCI) Block Volume service now supports customer-managed keys for cross region volume replication and automated policy-based backup copy across regions. This feature enables you to meet the requirements for regulatory compliance and internal security mandates related to using your own keys for Block Volume operations across regions.

Previously, we've offered asynchronous replication of volumes and policy-based automated backups across regions for various use cases, including the following examples:

Migration of workloads and data

Workload expansion to multiple regions

Disaster recovery and business continuity

Reducing operational errors through built-in automation provided by OCI Block Volume.

Until now, these cross region features have supported volumes and backups that are encrypted only with Oracle-managed keys. They now also support your customer-managed keys. All keys continue to be kept and managed securely in OCI Vault.

By default, volumes and their backups in OCI are always encrypted without a way to disable encryption. For volumes that are encrypted with your keys, you can now enable replication of those volumes and their policy-based scheduled backups across regions. The customer-managed key can be either:

A replicated key that exists in the destination region

Any key in target region that you own and is different than the one in the source region.

This functionality is available in all OCI regions through all interfaces, including API, software developer kit (SDK), Console, and Terraform.

Enable and manage cross region replication using a customer-managed key

Using a customer-managed key for cross region asynchronous volume replication requires only a few selections on the Edit Volume page in the Oracle Cloud Console.

Under Cross region replication, select On to enable asynchronous cross region replication.

Select the destination region and availability domain you want to replicate the volume to.

Name the replica on the destination region and availability domain.

Confirm the storage and network cost impact from replication.

Select Encrypt using customer managed keys.

Enter the OCID of your encryption key in the destination region.

Select Save changes, and your settings take effect immediately.

Configuring cross region replication of a volume

Cross-region replication configuration for volumes

For more details about how to secure block volumes using your keys in the Vault service, see the technical documentation.

Using customer-managed key for cross region asynchronous volume group replication is also simple in the Oracle Cloud Console. Enterprise applications typically require multiple volumes across multiple Compute instances to function. Boot volumes that power the system disks of the Compute instances, block volumes for the web tier, app tier, and database tier. Volume groups enable you to group multiple block storage volumes and boot volumes, such as system boot disks that OCI Block Volume backs, and perform crash-consistent, point-in-time, coordinated backups, and clones across all the volumes in the group. You can now use your own keys for replicating your volume groups across regions.

Enable and manage policy-based scheduled backup copy across regions using a customer-managed key

Enabling policy-based scheduled backup copies across regions for a volume encrypted using customer-managed key requires the following steps on the Edit Volume page in the Oracle Cloud Console:

Under Backup Policies, select your backup policy in the menu. Your backup policy must be already configured for cross region copy to another one of your subscribed regions.

Confirm the storage and network cost impact from the policy-based scheduled backup copy.

Select Encrypt using customer managed keys.

Enter the OCID of your key in the destination region for the backups to be copied to the destination region.

Select Save changes, and your settings take effect immediately.

Configuring cross region backup for a volume

Cross-region backup configuration for volumes

You can also enable policy-based scheduled backup copies across regions for a volume group, encrypted using customer-managed key. This is also similarly trivial on the Edit Volume page in the Oracle Cloud Console.

Heinz Mielimonka, customer success director and cloud architect at Oracle, provides more insight and guidance in the blog post, OCI helps you to optimize your data protection. He describes how OCI helps ensure information security attributes for data, the most important asset, using the CIA triad: Confidentiality, integrity, and availability.

Try it yourself

We want you to experience these new features and all the enterprise-grade capabilities that Oracle Cloud Infrastructure offers. It's easy to try them out with Oracle Cloud Free Tier. For more information, see the following resources:

OCI Storage

Block Volume service overview

Policy-based volume group backups

Replicating a volume

Volume group replication

Block volume encryption

OCI Vault service

Sharing and Personal Tools

Please select the service you want to use:

Back