WIXLIB

Backup and Recovery Scenariosfor Oracle WebLogic Server: 10.3An Oracle White PaperJanuary, 2009MaximumAvailabilityArchitectureOracle Best Practices For High Availability

Maximum Availability ArchitectureBackup and Recovery Scenarios for Oracle WebLogic ServerIntroduction . 3Terminology . 3Backup Modes. 3Oracle Weblogic Server Components . 3Backup and Recovery Approach. 3Concepts . 4Administration Server and Console . 4Node Manager. 4WebLogic Domain Structure . 4Impact of Administration Server Failure . 5MSI (Managed Server Independence) Mode . 6Configuration Changes in Managed Server . 6Existing Tools and Their Capabilities. 6Backup Artifacts . 7Static Artifacts . 7Runtime Artifacts. 7Persistent Stores . 7External Database Dependencies . 8Sample Topology. 8Backup Recommendations . 9Recovery Procedures . 11Recovery from File System Deletion or Corruption . 11Recovery After Configuration Changes . 13Recovery After Provisioning or Deprovisioning . 15Loss of Host: Recovery to Same Host . 16Loss of Host: Recovery to Different Host . 17Recovery of Database. 18Conclusion. 18References . 19Backup and Recovery Scenarios for Oracle WebLogic ServerPage 2

Maximum Availability ArchitectureBackup and Recovery Scenarios for Oracle WebLogic ServerINTRODUCTIONThe goal of this document is to provide backup and recovery procedures for OracleWebLogic Server 10.3 deployments. It discusses the mechanism, frequency, andmode for performing backups. It also provides the recovery steps for protectionfrom the most common failure scenarios.TERMINOLOGYThe following sections describe the terminology used in this document.Backup ModesTypical modes are online and offline. All the servers in the domain should be downwhile performing offline backups.Oracle WebLogic Server ComponentsComponents in Oracle WebLogic Server (WLS) refer to:Administration ServerManaged ServerJMS ServerApplication artifacts (ear/war files)Application Customizations (such as datasources.xml)BACKUP AND RECOVERY APPROACHAny file system copy mechanism can be used to backup the suggested artifacts.You can also take incremental backups if it is desired.Backup and Recovery Scenarios for Oracle WebLogic ServerPage 3

Maximum Availability ArchitectureCONCEPTSThe following sections describe concepts related to backup and recovery.Administration Server and ConsoleThe Administration Console is a Web browser-based, graphical user interface thatyou use to manage an Oracle WebLogic Server domain. An Oracle WebLogicServer domain is a logically related group of Oracle WebLogic Server resources thatyou manage as a unit. A domain includes one or more Oracle WebLogic Serversand may also include Oracle WebLogic Server clusters. Clusters are groups ofOracle WebLogic Servers instances that work together to provide scalability andhigh availability for applications. You deploy and manage your applications as partof a domain.One instance of Oracle WebLogic Server in each domain is configured as anAdministration Server. The Administration Server provides a central point formanaging an Oracle WebLogic Server domain. All other Oracle WebLogic Serverinstances in a domain are called Managed Servers. The Administration Server hoststhe Administration Console, which is a Web application accessible from anysupported Web browser with network access to the Administration Server.Node ManagerNode Manager is a Java utility that runs as separate process from Oracle WebLogicServer and allows you to perform common operations for a Managed Server,regardless of its location with respect to its Administration Server. While use ofNode Manager is optional, it provides valuable benefits if your WebLogic Serverenvironment hosts applications with high-availability requirements.If you run Node Manager on a machine that hosts Managed Servers, you can startand stop the Managed Servers remotely using the Administration Console or thecommand line. Node Manager can also automatically restart a Managed Server afteran unexpected failure.WebLogic Domain StructureThe following figure shows the WebLogic domain directory structure:Backup and Recovery Scenarios for Oracle WebLogic ServerPage 4

Maximum Availability ArchitecturePlease refer to the WebLogic Server Understanding Domain Configuration formore details. If the Managed Server resides in a host different from theAdministration Server, then, at every Managed Server restart, the latest serversand config directory under the domain directory is pulled from theAdministration Server.Impact of Administration Server FailureThe failure of an Administration Server does not affect the operation of ManagedServers in the domain but it does prevent you from changing the domain’sconfiguration. If an Administration Server fails because of a hardware or softwarefailure on its host machine, other server instances on the same machine may besimilarly affected.If an Administration Server for a domain becomes unavailable while the serverinstances it manages—clustered or otherwise—are running, those Managed Serverscontinue to run. Periodically, these Managed Servers attempt to reconnect to theAdministration Server. For clustered Managed Server instances, the load balancingand failover capabilities supported by the domain configuration continue to remainavailable.You can start a Managed Server even if the Administration Server is not running. Inthis case, the Managed Server uses a local copy of the domain’s configuration filesBackup and Recovery Scenarios for Oracle WebLogic ServerPage 5

Maximum Availability Architecturefor its starting configuration and then periodically attempts to connect with theAdministration Server. When it does connect, it synchronizes its configuration statewith that of the Administration Server.MSI (Managed Server Independence) ModeManaged Servers maintain a local copy of the domain configuration. When aManaged Server starts, it contacts its Administration Server to retrieve any changesto the domain configuration that were made since the Managed Server was last shutdown. If a Managed Server cannot connect to the Administration Server duringstartup, it can use its locally cached configuration information—this is theconfiguration that was current at the time of the Managed Server’s most recentshutdown. A Managed Server that starts up without contacting its AdministrationServer to check for configuration updates is running in Managed Server Independence(MSI) mode. By default, MSI mode is enabled. However a Managed Server cannotbe started even in MSI mode for the first time if the Administration Server is downdue to non-availability of the cached configuration.Configuration Changes in Managed ServerConfiguration changes are updated in Managed Server during the following events:On each Managed Server restart, the latest configuration will be pulled from theAdministration Server. This happens even when the Node Manager is down in thenode where the Managed Server is running. If the Administration Server isunavailable during the Managed Server restart and if the MSI (Managed ServerIndependence) mode is enabled in the Managed Server, it starts up reading its localcopy of the configuration and synchronizes with the Administration Server when itis available. By default MSI mode is enabled.Upon activating every administrative change like configuration changes, deploy orredeploy of applications and topology changes, the Administration Server pushesthe latest configuration to the Managed Server.Existing Tools and Their CapabilitiesThe following sections describe the existing tools and their capabilities.Configuration File ArchivingYou can configure Oracle WebLogic Server to make backup copies of theconfiguration files. This facilitates recovery in cases where configuration changesneed to be reversed or in the unlikely case that configuration files becomecorrupted. When the Administration Server starts up, it saves a JAR file namedconfig-booted.jar that contains the configuration files. When you make changes tothe configuration files, the old files are saved in the configArchive directory underthe domain directory, in a JAR file with a sequentially numbered name such asconfig-1.jar. The configuration archive is always local to the Administration Serverhost. It is a best practice to back up the archives to an external location.Backup and Recovery Scenarios for Oracle WebLogic ServerPage 6

Maximum Availability ArchitecturePack and Unpack UtilityThe pack command creates a template archive (.jar) file that contains a snapshot ofeither an entire domain or a subset of a domain. You can use a template thatcontains a subset of a domain to create a Managed Server domain directoryhierarchy on a remote machineBACKUP ARTIFACTSIt is important to understand how to back up critical data to protect the systemagainst different failures. You can save backup artifacts in various ways—by usingperiodic backups to tape or fault-tolerant disks, or by manually copying files toanother machine. The following sections describe the artifacts that you should backup.Static ArtifactsStatic artifacts are those that change less frequently. These include:BEA HOME (except USER PROJECTS/domains/domain name) for theAdministration Server and all the Managed ServersWLS product home (by default, it resides in BEA HOME and it can be configuredby the user to point to a different location) for the Administration Server and allthe Managed ServersThis data is changed only while patching or upgrading the environment.Runtime ArtifactsRuntime artifacts are those that change more frequently. These include:USER PROJECTS directory in all the servers (By default, it resides inBEA HOME, but it can be configured by the user to point to a different location.)Application artifacts (ear, war files, property files) which reside outside of thedomain directory on each of the servers (in case of nostage or external stageapplication staging modes)This data changes frequently while updating the domain configurations, deployingan application, and while performing other administrative changes.PERSISTENT STORESA persistent store provides a built-in, high-performance storage solution forWebLogic Server subsystems and services that require persistence. For example, itcan store persistent JMS (Java Messaging Service) messages or durable subscriberinformation, as well as temporarily store messages sent to an unavailable destinationusing the Store-and-Forward feature. The persistent store supports persistence to afile-based store (File Store) or to a JDBC-enabled database (JDBC Store). Thedefault store maintains its data in a data\store\default directory inside theservername subdirectory of a domain’s root directoryBackup and Recovery Scenarios for Oracle WebLogic ServerPage 7

Maximum Availability ArchitectureEXTERNAL DATABASE DEPENDENCIESThe WebLogic Server environment may depend upon some external databasessuch as, Application database, JMS, and Oracle Internet Directory. Proper backupand recovery procedures should be in place for such databases to ensure properfunctioning of the environment. Also, the consistency between domainconfiguration and database-specific configuration should be maintained whereverapplicable. This document does not address database backup and recoveryprocedures.SAMPLE TOPOLOGYThe following figure shows the topology that is referred to in the scenarios insubsequent sections. The sample topology has a domain with an AdministrationServer and two Managed Servers. All the servers reside in the same host.Backup and Recovery Scenarios for Oracle WebLogic ServerPage 8