Running Oracle database inside Amazon Cloud (Step 2)
Amazon Cloud Basics for Oracle DBAs
In Step 1 we created an AWS account and signed up for EC2, the Elastic Compute Cloud. Now, before actually creating an Oracle database instance, let’s get a better understanding for how all this stuff works together and what will be needed for an Oracle environment inside AWS.
You really should use the AWS Management Console as a starting point. After clicking the “Amazon EC2” tab, your browser should look like the following:
First important step now is to choose the appropriate “Region” in the upper left corner of the console. A region is equivalent to an AWS data center. E.g. for european companies the nearest data center is “EU West (Ireland)”. There is no easy rule which region fits best for you, but keep in mind that
- a region that is geographically nearby your customers or your own data centers/applications will generally reduce latency
- a region far away can make sense for redundant storage and desaster recovery
- AWS pricing is region specific
- the region “EU West” can be mandatory for data that has to stay inside the EU.
In the AWS world, the equivalent to a server or virtual machine is called an “instance”. Don’t confuse this with an “Amazon Machine Image (AMI)” which is actually a template for instances.
An instance based on an AMI can be “launched” – i.e. created and started – by clicking the “Launch Instance” button and working throw the wizard. The wizard’s first step is choosing the underlying AMI.
Important: Anyone with an AWS account can create his own AMIs and make these public. In the next post I will show how to find images that are officially provided by Oracle or any other AMI provider.
For the first testing I would recommend using one of the images marked as “Free Tier”. These are free, but only if you instantiate them as “Micro Instance”. That’s fine for playing around, but for an Oracle server a Micro instance will probably be too small (613MB memory). The instance type (Micro, Small, Large etc.) as well as the number of instances to be launched is selected during the following steps of the wizard.
Some clicks later the Launch Instance wizard will ask for two things that are not completely self-explanatory:
- A so-called “key pair” has to be assigned to the instance. You can either create this key pair on the fly or beforehand (Link “Key Pairs” in the AWS Management Console). A key pair is just a standard public/private key pair. The initial Linux root access or Windows administrator access to your instance will be secured by this key pair. More details on this in Step 4.
VERY IMPORTANT: You can download the private key ONLY ONCE, namely during creation of the key pair! So, if you want to keep this login, never ever lose your private key! Otherwise you won’t be able to SSH connect to your instance any more.
- The instance must also be assigned a so-called “security group (SG)”. An SG is simply a set of firewall rules for ingress traffic (someone from the internet calling into your instance). Egress traffic (the instance is calling to the outer world) is always possible without any restrictions. Each AWS account has its own “default SG” which – by default – allows ingress traffic only from other AWS instances in the default SG. So the default SG won’t let you ping or SSH to your instance from outside the amazon cloud! I would recommend to create your own SG for Oracle servers and open up at least the listener port, i.e. TCP/1521 or whatever you are going to use. SSH or RDP could be opened up always, or you could temporarily open it up only when you need a server login. If you don’t want to open up from every IP address (0.0.0.0) and you are behind a router, use something like IP Chicken to find out your current IP address.
Most databases will need some persistent storage, so storing the database in the so-called “instance store” is not an option. To get persistent, you need “Elastic Block Storage (EBS)”. Most of the Oracle provided AMIs use EBS even for the root device (/dev/sda1, mounted to /). These images are also called “EBS backed AMIs”. By clicking on the “Volumes” link in the AWS Management Console you can create additional EBS volumes and attach them to an instance, exactly like a standard device (/dev/sdf, …, /dev/sdp for Linux, xvdf, …, xvdp for Windows). After that, just use standard OS tools like fdisk, mkfs, Windows Disk Management to partition and format them or use oracleasm to prepare them for Oracle ASM usage.
Be also aware that an instance by default does NOT have any fixed IP address. Whenever you stop and start an instance (stopping an instance is like shutting down the OS and powering off the server), it will have a new IP address. For an Oracle server you may prefer a static IP address. In the AWS world this is called an “Elastic IP address (EIP)”, and you can create and assign it to the instance it under the link “Elastic IP Addresses” in the AWS Management Console. Unfortunately this assignment gets lost whenever stopping the instance, so you have to re-assign after starting. In one of the following posts I will show how to automate this using EC2 scripting.
IMPORTANT: Be careful with the menu item “Terminate Instance”. This means not only stopping, but also removing, i.e. deleting, the instance. It’s gone. Except of its EBS volumes that could be attached to another, new instance. And except of its EIP that could be assigned to another, new instance.