Delphix Products

 View Only

OCI Base Database Service Guide

By Derek Vanderveer posted 12 days ago


OCI Base Database Service Guide

Users of Oracle Cloud's Base Database Service (BDS) can integrate with a Delphix Continuous Data engine by following the guide below.

Base Database Service VM Configuration 

The OCI instance created to run the Base Database Service has some configuration details that affect how it can be used with Delphix. 

Certain key configuration files are managed by Chef 

The following files have a comment at the top indicating that they are managed by Chef, and that local changes will be overwritten: 

  • /etc/ssh/sshd_config 

  • /etc/sudoers 


Delphix cannot recommend that any changes be made to these files as they could be overwritten at any time by OCI cloud automation. Changes to the overall sudoers configuration can still be made by creating configuration files in /etc/sudoers.d. The OCI-provided SSH server must be used as-is since sshd_config has no configuration mechanism equivalent to /etc/sudoers.d. 

Only users opc and oracle can login via SSH 

The /etc/ssh/sshd_config file has two AllowUsers entries that enable SSH logins for users opc and oracle. No other users are allowed to login via SSH: 


~]$ sudo grep AllowUsers /etc/ssh/sshd_config 

AllowUsers opc 

AllowUsers oracle 


Delphix normally recommends the creation of a Delphix OS account, but such an account would not be able to access an OCI BDS instance due to Oracle sshd_config. It is possible to use the oracle account as the Delphix OS account with no additional configuration changes. It is also possible to use the opc account as the Delphix OS account, but this requires additional customization (see below). 

BDS databases use full Transparent Data Encryption (TDE) 

Every database created by OCI has TDE enabled with all tablespaces encrypted, including system tablespaces. All vPDB provisions from a BDS dSource will be TDE-enabled vPDBs. 

dSourcing from Base Database Service 

By default, the databases created by OCI do not have Block Change Tracking enabled. Delphix recommends that BCT be enabled for faster incremental SnapSyncs. This can be done by running this SQL statement in the source CDB: 


alter system enable block change tracking; 


Next, you will need to decide which account to use as the Delphix OS account. 

Using oracle as the Delphix OS account 

The oracle user is the owner of the Oracle Database home, so using this account ensures that many required OS permissions are already in place and no sudoers rights are required. Only two system changes are needed to dSource: 

  • Create a Delphix toolkit directory, e.g.: 


sudo su - oracle 

mkdir /u01/app/oracle/delphix_toolkit 


  • Add the engine's public key to /home/oracle/.ssh/authorized_keys. The engine's public key can be shown by clicking View Public Key when adding an environment using the "Username and Engine Public Key" option for Login Type. 


  • Add the environment using the "Username and Engine Public Key" option for Login Type. For more information on adding environments, refer to the Continuous Data documentation here. 

Using opc as the Delphix OS account 

By default, the opc account is not a member of the oinstall or backupdba groups. The Delphix OS user must be a member of backupdba to perform SnapSync and LogSync, and membership in the oinstall group is strongly recommended for environment discovery. Follow these steps to allow opc to function as the Delphix OS user for dSourcing: 

  • Add opc to the oinstall and backupdba groups: 


sudo usermod -aG oinstall,backupdba opc 


  • Create a Delphix toolkit directory, e.g.: 


sudo mkdir /u01/app/oracle/delphix_toolkit 

sudo chown opc:oinstall /u01/app/oracle/delphix_toolkit 

  • Add the environment using the "Username and Custom Key Pair" option for Login Type. The SSH private and public keys will be the keys specified or generated when the BDS was provisioned. For more information on Oracle adding environments, refer to the Continuous Data documentation here. 

dSourcing OCI BDS databases 

Once the OCI BDS environment has been added, the Continuous Data engine will attempt automatic discovery of Oracle homes, listeners and databases. Note that automatic discovery will be limited If using the opc account without oinstall membership, and other configuration steps may be required. Refer to the Continuous Data documentation on source host requirements for more information. 


Provided that Oracle homes and databases have been automatically discovered, or manually added as needed, databases can now be dSourced by following the steps outlined in the Continuous Data documentation on linking Oracle data sources. Once dSourced, virtual databases can be provisioned normally by following the documented steps for provisioning.