redo logs and control files

pma111 used Ask the Experts™
can anyone elaborate (in laymans management freindly terms) the risks associated with storing all redo logs and control files on the same drive? I have seen a few articles stating they should be stored on seperate discs, can I ask why? do oracle themselves have a view on this, and any artciles to back their view up?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Database Administrator
I don't know that I have any articles handy but the main reason is fault protection.

If you have redo logs and control files on different devices, and you love one device, you still have a copy since redo logs and control files are redundant copies of themselves.

If you have everything on a single drive, and it fails you lose everything.

If you lose a disk and they are spread out over multiple devices, even if you lose the device with the data files, you still should be able to recover up to the point of failure if you have your redo logs still available somewhere.

Also the control files contain information about your backups if you are doing RMAN and no catalog database so you want to make sure that you have them protected from faults as well.

All on one device is a single point of failure.  Lose it and you lose everything.


albeit not a storage guru (nor oracle), does it matter if your server has raided storage? i.e. would that mitigate the need to store them across multiple systems? or is that a dangerous strategy, as if the entire server went boom, same problem occurs... and do you spread them across servers, or across different drives in the same server?

also if you have routine backups, does that again mitigate the impact?  is this more towards minimizing how much data you lose in relation to hardware failure? which if you do daily backups would be a days worth at most, as if the server goes boom I assume everything goes down..
Steve WalesSenior Database Administrator

Even on raided storage I tend to move things around onto different devices as much as possible.  What happens if you have a failure in the raid controller ?  Or the enclosure where the disks are spontaneously combusts ?

Admittedly, if you're on a SAN or a VM, there's a whole lot more there that is invisible to the DBA.   If the SAN admin assigns you a couple of disks you have no idea if they are on separate physical devices or the same one.

For backups, you're only as good as the last time the backup was taken.  If you have a backup, and a copy of your redo logs and the backup of your archive log destination you can restore to the point of failure (I had a sysadmin disconnect my datafile drive once in error.  Between the backups and the online redo logs that were still on another volume I recovered right up to the point where the disconnect occurred and the users lost zero data).

It would be a very rare installation where the users would be happy with any data loss, even if it was "only a day".

They might be able to "live with it", but I doubt they'd be happy and you never want to be the DBA who has to tell his boss that you didn't have sufficient redundancy or backups built into your disaster recovery plan to mitigate as much loss as is humanly possible.

Of course there more disaster proof you need your system to be the more it costs.  You certainly want to hope that your bank has multiple redundant control in place including all sorts of hot offsite copying of data by the second as it happens (but I'm getting off track now).
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

David VanZandtOracle Database Administrator III
Hi pma, you're asking good questions.  I think you have the right idea in mind about reducing risk, and some level of risk is acceptable in a business case -- be it the length of unscheduled interruptions, or how much data loss is affordable.  I know of people who work  on a project that requires two DBAs on the primary RAC for redundancy, another two on the COOP RAC in another location, and of course, separate backups on both installations.

So, both the primary and secondary sites have SAN storage, j, with logs and data files striped across virtual drives -- for redundancy to avoid ANY SINGLE POINT OF FAILURE.

Routine backups?  Of course it helps, but when was the last time your management declared a full emergency simulation and you had to fully restore from that backup?  What if you also had to install the O/S and network onto a cold server in another location?  And the primary support person / people weren't available, so that a less-experienced person had to rely upon the available run-time documentation.  Remember, all it takes is a fire or flood somewhere in the building to force the evacuation and quarantine of your data center.

Lastly, all it takes is for one part of the whole process to fail.  I participated last year in a root cause analysis for an organization that took a four-day unplanned outage.  With some effort, the team determined the fault lay with a prior firmware upgrade on the interconnect switch.  The primary site tried to fail over to secondary, and failed, because the remote/backup site's switch had not been included in the firmware change.
Geert GOracle dba
Top Expert 2009
everything can fail, even hardware with a failover system
like a raid with 2 discs going corrupt at the same time
or a core switch not failing over because there's a bug in the failover software

this simple question should be checked at all levels, from hardware to people's skills:
how much do you allow your redundancy to cost and what is the minimum level of redundancy required


is it common to seperate the oracle software and all the relevant database files onto different drives as well?
Geert GOracle dba
Top Expert 2009

dunno about who's doing what in common, but in general i have 5 drives
C: Operating system, D: oracle software, G: control files, redo files, archive logs, H: control files, redo logs, data files, I: backups
whenever wants to backup the server, i indicate they can only backup C, D and I
I tell them i'll do the rest.

backup software with for oracle built specific agents doesn't always work too well

that's just one reason to make a distinction ... failures and redundancy is still the main one

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial