Data Management:Practice guide for Data Disaster Recovery (DBS)

1. Log on to the Resource Access Management (RAM) console using the Alibaba Cloud account that owns the source database instance.

   Note

   Ensure that the AliyunDBSDefaultRole permission is granted to the Alibaba Cloud account that owns the source database instance.

2. In the navigation pane on the left, choose Identity Management > Roles.

3. Create a role:

   1. Click Create Role. For Trusted Entity Type, select Alibaba Cloud Account.

   2. For Trusted Entity Name, select Current Cloud Account 164882xxxx and click OK.

   3. In the dialog box that appears, enter a role name, such as ram-for-dbs, and click OK.

4. Grant permissions to the role:

   1. On the role details page, click the Permission Management tab, and then click Add Permissions.

   2. In the panel that appears, for Permission Type, select System Policy.

      

   3. You can select the required policies based on the Database Location.

      • RDS Instance: AliyunRDSReadOnlyAccess and AliyunVPCReadOnlyAccess

      • Connecting to a self-managed database over an Express Connect circuit, a VPN Gateway, or a Smart Access Gateway: AliyunVPCReadOnlyAccess

      • PolarDB: AliyunPolardbFullAccess

   4. Click Confirm.

5. Edit the trust policy:

   1. In the basic information section of the role, choose Trust Policy > Edit Trust Policy.

   2. On the Edit Trust Policy page, click Script Editor and enter the following code in the text box:

      Replace <Account ID> with the ID of the Alibaba Cloud account that you use to manage the backup schedule.

      {
       "Statement": [
           {
               "Action": "sts:AssumeRole",
               "Effect": "Allow",
               "Principal": {
                   "RAM": [
                       "acs:ram::<Account ID>:root"
                   ],
                   "Service": [
                       "<Account ID>@dbs.aliyuncs.com"
                   ]
               }
           }
       ],
       "Version": "1"
      }

6. Click OK to complete the RAM authorization.

Configure cross-account backup

1. Create a backup schedule.

2. Configure a backup schedule.

   1. In the Database Location section, select a destination instance that supports the cross-account feature. Then, click Cross-Alibaba Cloud Account Instance.

      

   2. Enter the required information in the Cross-Alibaba Cloud Account ID and Role Name text boxes.

      • Cross-Alibaba Cloud Account ID: The ID of the Alibaba Cloud account that owns the source database.

      • Role Name: The name of the role that has the required trust policy. For example, ram-for-dbs.

      

Configure cross-account restoration

For more information about how to configure cross-account backup and restoration, see Configure a backup schedule and restore data.

1. Create a backup schedule.

2. Configure a backup schedule.

3. Set Database Location to User-Created Database with Public IP Address <IP Address:Port Number>.

1. Create a backup schedule. This operation is performed using an operations account.

2. Manage a backup schedule. This operation is performed using an operations account.

3. Install a backup gateway on the backup server. This operation is performed using a backup account.

   Note

   If you do not have a backup server, you can purchase a server first.

4. In the backup schedule list, find the backup schedule you want to manage and click Manage in the Actions column. On the Configure Backup Task page, go to the Backup Set Download section at the bottom of the page and click Set Backup Set Download Rule. In the dialog box that opens, configure the parameters as described in the following table. This operation requires an operations account.

   Note

   If the database engine of the backup instance does not support backup set downloads, or the destination storage class is not DBS Storage, this button is not displayed in the console.

   Parameter	Description
   Auto-download Status	Select Enable.
   Destination Type	The default value is the directory of the server on which the backup gateway is installed. This parameter is fixed.
   Backup Gateway	Select a backup gateway. DBS uses the backup gateway to connect to the on-premises device. Important The automatic backup set download feature is not yet commercially available and may have performance bottlenecks. Therefore, do not configure the same backup gateway to download backup data from multiple backup schedules. This prevents data stacking and other exceptions.
   Destination Location	Select the type of the destination location and set the corresponding directory or path. The backup data is stored in the specified path. The following four types of locations are supported: Server directory FTP path NAS directory Minio path
   Full Data Format	This parameter uses the default value and cannot be modified. Note For more information about the data formats of full and incremental backup sets, see the preceding feature limits and format description.
   Incremental Data Format	This parameter uses the native format by default and cannot be modified.

5. Click OK to save the settings.

6. On the Configure Backup Task page, click Backup Set Download in the navigation pane on the left to view the download progress. This operation requires an operations account.

1. Log on to the Data Management (DMS) 5.0 console.

2. In the top navigation bar, choose Security and Specifications (DBS) > Data Disaster Recovery (DBS) > Backup Plan.

   Note

   If you use the DMS console in simple mode, move the pointer over the icon in the upper-left corner of the DMS console and choose All Features > Security and Specifications (DBS) > Data Disaster Recovery (DBS) > Backup Plan.

3. In the Actions column of the backup schedule, click Manage to open the Configure Backup Task page.

4. In the Lifecycle Information section, click Set Lifecycle.

5. Set the Retention Period for full or incremental backups, and then click Save.

   

   Important

   • The minimum retention period is 7 days and the maximum retention period is 3,650 days. After the retention period expires, the backup set is automatically deleted and cannot be recovered.

   • If you do not enable incremental backup, only the configuration item for the full backup lifecycle is displayed in the console. For more information about how to enable incremental backup, see Enable or disable incremental log backup.

• You can set the lifecycle of backup sets when you configure a backup schedule or modify the lifecycle as needed. You can use the following methods:

  • Console: Manage a backup schedule and Modify the backup lifecycle.

  • API operations: CreateAndStartBackupPlan - Create and start a backup schedule and ModifyStorageStrategy - Modify the lifecycle of stored data.

• When you configure a backup schedule, no DBS storage fees are generated for backup data stored in User OSS. DBS storage fees are generated for backup data stored in DBS Storage. The storage fees are calculated based on the actual storage data size and retention period. For more information, see Differences between DBS Storage and user-owned OSS buckets and Storage billing.

  Note

  If you have a large amount of data, we recommend that you purchase a DBS storage plan for backup instances to offset the storage fees generated by the backup schedule. For more information, see Use a storage plan.

• If necessary, you can also manually delete backup sets to reduce storage fees.

1. Create a backup schedule and set Backup Method to Logical Backup.

2. In Manage a backup schedule, select Self-managed Database On ECS for Database Location.

1. Ensure that a public endpoint is enabled for the source ApsaraDB RDS for MySQL instance.

2. Create a backup schedule. For geo-redundant backups, you must purchase a backup schedule in a region different from the data source region. For Backup Method, select Logical Backup.

3. Manage a backup schedule.

1. Create a backup schedule and set Backup Method to Logical Backup.

2. In the Manage a backup schedule task, select User-Created Database with Public IP Address <IP Address:Port Number> for Database Location.

1. Install a backup gateway.

2. Create a backup schedule and select Logical Backup as the Backup Method.

3. When you manage a backup schedule, select Self-managed Database Without A Public IP Address And Port (connected Over DG) for Database Location.

1. Create a backup schedule and select Logical Backup as the Backup Method.

2. Connect the on-premises Internet Data Center (IDC) to Alibaba Cloud using an Express Connect circuit. This allows the virtual private cloud (VPC) on the cloud and the on-premises IDC to communicate with each other. For more information, see Connect an on-premises IDC to a VPC on the cloud using an Express Connect circuit.

3. On the access device on the customer side of the on-premises IDC, add a static route that points to the DBS IP address range. Command: ip route DBS address range{Alibaba Cloud-side interconnection IP}. For more information about the DBS IP address ranges, see DBS IP address ranges.

4. For more information, see Manage a backup schedule. For Database Location, select Self-managed Database Connected Over An Express Connect Circuit, A VPN Gateway, Or A Smart Access Gateway.

1. Create a backup schedule and select Logical Backup as the Backup Method.

   Note

   • When you purchase a backup schedule, select Redis as the Data Source Type and Logical Backup as the Backup Method.

   • For more information about the specific granularity that Data Disaster Recovery supports when it backs up and restores Redis databases, see Supported database engines and features.

2. Configure a backup schedule and set Database Location to Self-managed Database On ECS.

3. Restore data to an Alibaba Cloud Redis instance.

4. Switch the backup to an Alibaba Cloud Redis instance.

Backup and restoration

For more information, see Cross-cloud or self-managed MySQL logical backup and restoration.