Student Guide - Oracle Secure Backup - Volume I
May 29, 2016 | Author: whakamaru | Category: N/A
Short Description
good...
Description
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Volume I • Student Guide
D57258GC10
Edition 1.0
March 2009
Part Number
®
Oracle University and (Oracle Corporation) use only.
Oracle Database 11g: Oracle Secure Backup
Author
Copyright © 2009, Oracle. All rights reserved.
Maria Billings
Disclaimer
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Christian Bauwens Donna Cooksey Gerlinde Frenzen Steven Fried Donna Keesling
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way. Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display, perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization of Oracle. The information contained in this document is subject to change without notice. If you find any problems in the document, please report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not warranted to be error-free.
Isabelle Marchand Judy Panock Branislav Valny
Editor Raj Kumar
Graphic Designer Satish Bettegowda
Publisher Syed Ali Nita Brozowski
Restricted Rights Notice If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract. Trademark Notice Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
Oracle University and (Oracle Corporation) use only.
Technical Contributors and Reviewers
Preface I
Introduction to Oracle Database 11g: Oracle Secure Backup Objectives I-2 Course Objectives I-3 Suggested Schedule I-4 The Product in Context I-5 Your Learning Aids I-6 Oracle Secure Backup Documentation I-7 Additional Resources I-8
1
Oracle Secure Backup Overview Objectives 1-2 What Is Oracle Secure Backup? 1-3 Oracle Secure Backup Tape Backup Management 1-4 Tape Management and Integration with Oracle Products 1-5 The Integration Advantage 1-6 Client/Server Architecture Host Roles 1-7 Oracle Secure Backup Architecture 1-8 Oracle Secure Backup for Centralized Tape Backup Management 1-9 Typical SAN Environment 1-11 Oracle Secure Backup Interface Options 1-12 Media Concepts: Overview 1-13 Backup Pieces and Backup Images 1-14 RMAN and Oracle Secure Backup Overview 1-15 Oracle Secure Backup Media Family 1-16 Tape Drives and Libraries 1-17 Virtual Tape Library (VTL) 1-19 Managing Data to Be Protected 1-20 Securing Data and Access to the Backup Domain 1-21 Quiz 1-22 Why Use Oracle Secure Backup? 1-26 Summary 1-27
iii
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Contents
Installing Oracle Secure Backup Objectives 2-2 Performing Preinstallation Tasks 2-3 Installation and Configuration of the Administrative Domain 2-4 Quiz 2-5 Performing Installation Tasks 2-9 Administrative Server Installation: Example 2-10 Wizard-Based Installation on Windows 2-16 Oracle Secure Backup Interfaces 2-17 Oracle Secure Backup Web Tool Home Page 2-18 Common Obtool Commands 2-19 Quiz 2-20 Summary 2-23 Practice 2 Overview: Installing and Configuring Oracle Secure Backup 2-24
3
Securing Domain and Data Objectives 3-2 Managing User Access Control 3-3 Predefined Classes and User Rights 3-4 Configuring Oracle Secure Backup Users 3-7 Oracle Secure Backup User: OS Permissions 3-9 Preauthorization 3-11 Preauthorizing Access 3-12 Assigning Windows Account Information 3-13 Quiz 3-14 Authentication 3-16 Leveraging Oracle Security Technology 3-17 Administrative Server Certificate Authority (CA) 3-19 Oracle Wallets for OSB Intradomain Communication 3-21 Encrypted Backups to Tape 3-23 Oracle Secure Backup Encryption 3-24 Configuring Host Encryption Policies 3-25 Using OSB Encryption Keys 3-26 Transient Backup Encryption 3-27 Comparing OSB and RMAN Encryption 3-29 Quiz 3-30 Summary 3-34 Practice 3 Overview: Configuring OSB Security 3-35
4
Configuring RMAN for Oracle Secure Backup
iv
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
2
5
Performing RMAN Backups and Restores Objectives 5-2 Scheduling Backups with EM 5-3 Oracle-Suggested Backup 5-4 RMAN and OSB Process Flow 5-7 Oracle Secure Backup Jobs 5-8 RMAN and Oracle Secure Backup Job Execution 5-9 Managing Database Tape Backups 5-10 Performing Database Recovery 5-12 RMAN Automatic Failover to Previous Backup 5-13 Quiz 5-14 Summary 5-16 Practice 5 Overview: Performing OSB-Encrypted Backup and Restore 5-17
6
Backing Up File-System Data with Oracle Secure Backup Objectives 6-2 Backing Up OS File Systems with Oracle Secure Backup 6-3
v
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives 4-2 Oracle Database Disk and Tape Backup Solution 4-3 Backing Up the Flash Recovery Area to Tape 4-4 Defining Retention for RMAN Backups 4-5 RMAN and Oracle Secure Backup Basic Process Flow 4-6 Integration with Enterprise Manager 4-7 Configuring the Administrative Server in EM 4-8 Oracle Secure Backup Administrative Server Page 4-9 RMAN Database Backup to Tape 4-10 Recovery Settings 4-11 Backup Settings 4-12 Database Backup Storage Selector 4-13 Defining Database Storage Selectors 4-15 Media Families and RMAN 4-16 Media Management Expiration Policies for Automated Tape Recycling 4-17 RMAN and Oracle Secure Backup 4-19 Media Management Expiration Troubleshooting Technique 4-20 Quiz 4-21 Summary 4-25 Practice 4 Overview: Configuring RMAN for OSB 4-26
7
Restoring File-System Backups with Oracle Secure Backup Objectives 7-2 Browsing the Catalog for File-System Backup Data 7-3 Restoring File-System Data 7-4 Restoring File-System Files with Oracle Secure Backup 7-5 The Restore Page 7-6 Listing All File-System Backups of a Client 7-7 Creating a Catalog-Based Restore Request 7-8 Submitting Restore Requests 7-12 Quiz 7-13 Summary 7-16 Practice 7 Overview: Restoring File-System Data 7-17
8
Managing Your Oracle Secure Backup Domain Objectives 8-2 Oracle Secure Backup Processes: Daemons 8-3 Managing Common Daemon Operations 8-5 Quiz 8-6 Managing Defaults and Policies 8-7 Configuring Oracle Secure Backup Policies 8-8 Oracle Secure Backup: Backup Metadata Catalogs 8-9 Oracle Secure Backup: Directory Structure 8-11 Backing Up the Catalog 8-12 Manual Catalog Backup 8-13
vi
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
File-System Backups 6-4 Managing Media Families 6-5 Dataset Examples 6-6 Creating Datasets 6-9 Configuring Backup Windows 6-11 Creating Backup Schedules 6-13 Creating Backup Triggers 6-14 Previewing a Backup Trigger 6-16 Creating On-Demand Backup Requests 6-17 Submitting Backup Requests 6-19 Reviewing Jobs 6-20 Quiz 6-21 Summary 6-24 Practice 6 Overview: Backing up File-System Data 6-25
9
Managing the OSB Infrastructure Objectives 9-2 Managing Clients 9-3 Adding Media Servers 9-4 NAS Devices 9-6 Adding NDMP Media Servers 9-7 Adding Devices 9-8 Discovering Devices on NDMP Hosts 9-10 Managing Devices 9-11 Tape Library Properties 9-12 Tape Drive Properties 9-13 Managing Volumes 9-14 Quiz 9-16 Summary 9-27 Practice 9 Overview: Viewing OSB Management Tasks 9-28
10 Configuring and Using Tape Vaulting Objectives 10-2 Overview of Vaulting 10-3 Configuring a New Vaulting Environment 10-5 Defining Media Storage Locations 10-6 Defining Rotation Policies and Rules 10-7 Defining Rotation Policies and Rules 10-8 Associating a Media Family with a Rotation Policy 10-9 Using the Vaulting Environment 10-11 Scheduling a Location Scan 10-12 Viewing Scan Control Jobs 10-13 Executing a Media Movement Job 10-14 Viewing Vaulting Reports 10-15 Troubleshooting Vaulting 10-16 Recovery Manager and Vaulting 10-17 Recalling a Tape Volume 10-18 Quiz 10-19 Summary 10-22 Practice 10 Overview: Configuring and Using Tape Vaulting 10-23 11 Configuring Tape Duplication
vii
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz 8-14 Summary 8-16 Practice 8 Overview: Performing a Preconfigured OSB Catalog Backup 8-17
12 Tuning Oracle Secure Backup Objectives 12-2 Tuning Hardware 12-3 Tuning RMAN and Oracle Secure Backup 12-4 Tuning RMAN Software 12-6 Performance Factors 12-8 Tuning Oracle Secure Backup 12-11 Results of Tuning 12-12 Scalability of the Overall System 12-13 Quiz 12-14 Summary 12-18 Appendix A Appendix B Oracle Secure Backup: Additional Topics Objectives B-2 Encrypted Backups to Tape . B-3 Creating RMAN Encrypted Backups B-4 Using Transparent Mode Encryption B-5 Using Password Mode Encryption B-7 Using Dual Mode Encryption B-8 Restoring Encrypted Backups B-9 Performing Encrypted Recovery B-10 Comparing RMAN and OSB Encryption B-11 Oracle Secure Backup Jobs B-14 viii
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives 11-2 Media Management 11-3 Overview of Tape Duplication 11-4 Tape Duplication and Vaulting 11-5 Tape Duplication and Migration 11-6 Configuring and Using Volume Duplication 11-7 Configuring a Duplication Environment 11-8 Defining Volume Duplication Policies 11-9 Associating a Duplication Policy with a Media Family 11-10 Scheduling Volume Duplication 11-11 Executing Jobs 11-12 Quiz 11-13 Summary 11-15 Practice 11 Overview: Viewing Media Life Cycle Demonstration 11-16
Appendix C Oracle Secure Backup Additional Installation Topics Topics C-2 Windows Installation: Overview C-3 Oracle Secure Backup InstallShield Wizard C-4 Oracle Secure Backup Service Startup C-7 Service Logon and SCSI Devices C-8 Oracle Secure Backup Installed Files C-9 Installed Files for Host Role: Administrative Server C-13 Installed Files for Host Role: Media Server C-15 Installed Files for Host Role: Client C-16 Verifying Your Installation C-17 Removing Oracle Secure Backup C-18 Summary C-20 Appendix D Glossary Index
ix
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Jobs B-16 Viewing Job Properties and Transcripts B-18 Troubleshooting Jobs B-20 Suspending and Resuming Job Dispatching B-21 Job Summaries B-23 Displaying Log Files and Transcripts B-24 Summary B-25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Preface
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Before you begin this course, you should be able to perform database backup and restore operations in Enterprise Manager at least equivalent to the level of the Oracle Database 11g: Administration Workshop I course, ideally equivalent to the level of the Oracle Database 11g: Administration Workshop II course. How This Course Is Organized Oracle Database 11g: Oracle Secure Backup is an instructor-led course featuring lectures and hands-on exercises. Online demonstrations and written practice sessions reinforce the concepts and skills that are introduced.
Preface - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Profile Before You Begin This Course
Title
Part Number
Oracle Secure Backup Installation and Configuration Guide, Release 10.2
E05408-02
Oracle Secure Backup Administrator’s Guide, Release 10.2
E05407-02
Oracle Secure Backup Reference, Release 10.2
E05410-02
Oracle Secure Backup Migration Guide, Release 10.2
E05409-01
Oracle Secure Backup Readme, Release 10.2
E05411-05
Oracle Secure Backup Licensing Information, Release 10.2
E10310-02
Additional Publications • System release bulletins • Installation and user’s guides • read.me files • International Oracle User’s Group (IOUG) articles • Oracle Magazine
Preface - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Related Publications Oracle Publications
Typographic Conventions The following two lists explain Oracle University typographical conventions for words that appear within regular text or within code samples.
Convention
Object or Term
Example
Courier New
User input; commands; column, table, and schema names; functions; PL/SQL objects; paths
Use the SELECT command to view information stored in the LAST_NAME column of the EMPLOYEES table. Enter 300. Log in as scott
Initial cap
Triggers; Assign a When-Validate-Item trigger to user interface object the ORD block. names, such as button names Click the Cancel button.
Italic
Titles of courses and manuals; emphasized words or phrases; placeholders or variables
For more information on the subject see Oracle SQL Reference Manual
Lesson or module titles referenced within a course
This subject is covered in Lesson 3, “Working with Objects.”
Quotation marks
Do not save changes to the database. Enter hostname, where hostname is the host on which the password is to be changed.
Preface - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
1. Typographic Conventions for Words Within Regular Text
Typographic Conventions (continued)
Convention
Object or Term
Example
Uppercase
Commands, functions
SELECT employee_id FROM employees;
Lowercase, italic
Syntax variables
CREATE ROLE role;
Initial cap
Forms triggers
Form module: ORD Trigger level: S_ITEM.QUANTITY item Trigger name: When-Validate-Item . . .
Lowercase
Column names, table names, filenames, PL/SQL objects
. . . OG_ACTIVATE_LAYER (OG_GET_LAYER ('prod_pie_layer')) . . . SELECT last_name FROM employees;
Bold
Text that must be entered by a user
CREATE USER scott IDENTIFIED BY tiger;
Preface - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
2. Typographic Conventions for Words Within Code Samples
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Introduction to Oracle Database 11g: Oracle Secure Backup
After completing this lesson, you should be able to describe: • The overall course objectives • The product in context • Your learning aids
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup I - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
After completing this course, you should be able to: • Install and manage Oracle Secure Backup (OSB) • Use Oracle Secure Backup and Recovery Manager (RMAN) to create Oracle Database backup and restore operations • Use Oracle Secure Backup to create file-system backup and restore operations • Manage the OSB environment: – – – –
Back up the OSB catalog Manage OSB domain: Add client Manage tape media (vaulting and duplication) Tune OSB
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup I - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Course Objectives
Topic
Lessons
Day
Overview, Installation and Configuration
1, 2, 3, 4
1
5
1
File System Backup and Restore
6, 7
2
OSB Management (Core Tasks)
8, 9
2
10, 11, 12
2
Database Backup and Restore
Advanced OSB Management (Tape Vaulting, Duplication and Tuning)
Copyright © 2009, Oracle. All rights reserved.
Suggested Schedule The lessons in this guide are arranged in the order in which you will probably study them in the class. If your instructor teaches the class in the sequence in which the lessons are printed in this guide, the class should run approximately as shown in the schedule. Your instructor, however, may vary the sequence of the lessons for a number of reasons, including: • Customizing material for a specific audience • Splitting topics, such as backup and restore of the database • Maximizing the use of course resources (such as hardware and software)
Oracle Database 11g: Oracle Secure Backup I - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Suggested Schedule
Copyright © 2009, Oracle. All rights reserved.
The Product in Context Oracle Secure Backup is a product in the “High Availability” group of database options. It has its own release cycle and version number, for example, Oracle Secure Backup 10.2 is the correct version for Oracle Database 11g (Release 1). Oracle Secure Backup provides the fastest, most efficient Oracle database backups to tape, as well as heterogeneous file system protection.
Oracle Database 11g: Oracle Secure Backup I - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
The Product in Context
Related material: • Oracle by Example (OBE): OTN > Oracle Database 11g > Availability > Oracle Secure Backup – Installing and Configuring Oracle Secure Backup 10.2 – Performing Encrypted Backups with Oracle Secure Backup 10.2 – Configuring Policy-Based Media Management with Oracle Secure Backup 10.2
• Viewlets or demonstrations accessible from the product home page: – Media Lifecycle Management – Backup Encryption to Tape – And more to come
Copyright © 2009, Oracle. All rights reserved.
Your Learning Aids: OBEs show you step-by-step how to perform a specific task. They do not discuss why you need to perform a task. It is assumed that you have your own technical environment to follow along. Viewlets or demonstrations are generally a series of screenshots, displaying how a specific task is accomplished.
Oracle Database 11g: Oracle Secure Backup I - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Your Learning Aids
• • • • • •
Oracle Secure Backup Installation and Configuration Guide Oracle Secure Backup Administrator’s Guide Oracle Secure Backup Reference Oracle Secure Backup Migration Guide Oracle Secure Backup Readme Oracle Secure Backup Licensing Information
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup I - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Documentation
To continue your learning: • Oracle Secure Backup home page http://www.oracle.com/technology/products/secure-backup
• High Availability home page http://www.oracle.com/technology/deploy/availability
• Oracle University (OU) http://education.oracle.com
• Oracle Technology Network (OTN) http://www.oracle.com/technology
• Oracle by Example (OBE) http://www.oracle.com/technology/obe
• My Oracle Support: OracleMetaLink http://metalink.oracle.com Copyright © 2009, Oracle. All rights reserved.
Additional Resources Product home pages on OTN provide you with a variety of information, which can include the latest product updates, white papers, FAQs, and so on. Oracle University offers different formats to best suit your needs: • Instructor-Led inClass Training • Live Web Class • Self-Study CD-ROMs Oracle Technology Network is a free resource with information about the core Oracle software products, including database and development tools. You can have access to: • Technology centers • Oracle Community, including user groups • Software downloads and code samples, and much more My Oracle Support: Access to My Oracle Support is included as part of your annual support maintenance fees. In addition to the most up-to-date technical information available, My Oracle Support gives you access to: • Service requests (SRs) • Certification matrixes • Technical forums monitored by Oracle experts • Software patches • Bug reports Oracle Database 11g: Oracle Secure Backup I - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Additional Resources
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Oracle Secure Backup Overview
After completing this lesson, you should be able to: • Describe how Oracle Secure Backup complements the Oracle backup and recovery options • Define Oracle Secure Backup terminology • Describe Oracle Secure Backup interface options • Describe backup management features of Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
For More Information • http://www.oracle.com/technology/deploy/availability • http://www.oracle.com/technology/products/secure-backup • Oracle Secure Backup Administrator’s Guide • Oracle Secure Backup Reference
Oracle Database 11g: Oracle Secure Backup 1 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
What Is Oracle Secure Backup? Centralized tape backup management software: – Managing data protection for diverse, distributed servers and tape devices – Client/server architecture for backing up and restoring data locally or over the LAN, WAN, or SAN
•
Oracle Secure Backup features: – Tape backup management for entire Oracle environment, including file systems and the Oracle database – Policy-based backup management – Secure data protection and interdomain communication – Effective media and device management – Broad tape device and platform support
Copyright © 2009, Oracle. All rights reserved.
What Is Oracle Secure Backup? Oracle Secure Backup is centralized tape management software. It enables reliable data protection to tape, and supports the major tape drives and libraries in SAN, Gigabit Ethernet (GbE), and SCSI environments. Oracle Secure Backup enables you to do the following: • Back up and restore data using a variety of machine architectures. • Access local and remote file systems and devices from any location in a network without using Network File System (NFS) or Common Internet File System (CIFS) protocols. • Back up to and restore from Oracle Cluster File System (OCFS) on Linux and Windows • Use wildcards and exclusion lists to specify what you want to back up. • Control secondary storage-based data recording format and compression. • Duplex database backups (back up the same files to multiple devices). Each data stream automatically goes to a separate device. • Perform full, incremental, or differential backups. • Maintain security and limit the users who are authorized to perform data management operations. • Support most popular tape drives and libraries.
Oracle Database 11g: Oracle Secure Backup 1 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Oracle databases
File-system data UNIX
Integration with RMAN
Windows
•
Highest levels of tape data protection at the lowest cost
•
Fastest, most efficient Oracle database tape backup
•
Protection of entire Oracle environment including Oracle application files
•
Oracle integrated product
Linux NAS
Oracle Secure Backup Centralized tape backup system
Tape Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Tape Backup Management Business background: The increased demands on the enterprise backup infrastructure require more rigorous service-level agreements for backup windows and restoration time, while achieving reliable data protection within budget. The tape technology meets this challenge by offering high-speed devices and high-capacity media with a throughput similar to that of a disk (generally, at a high cost). Oracle Secure Backup addresses this issue by providing centralized tape backup management for the Oracle database and file systems in mixed, diverse environments, thus reducing the cost and complexity of tape backup and restoration. The graphic shows that Oracle databases are integrated via RMAN with Oracle Secure Backup (OSB) and that UNIX, Linux, Windows and Network Attached Storage (NAS) directly use OSB.
Oracle Database 11g: Oracle Secure Backup 1 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Tape Backup Management
Oracle Application Server configuration files Oracle database: • Version Oracle9i and later • Real Application Clusters File-system data: • Oracle home installations • Other nondatabase data
Oracle Secure Backup Centralized tape backup management Tape library
Copyright © 2009, Oracle. All rights reserved.
Tape Management and Integration with Oracle Products Some of the many options available for protecting your Oracle data are backing up solely to disk, backing up to disk as a staging area for tape backups, or backing up directly to tape. Disk backup and restore operations are generally faster than the equivalent tape operations. However, tape backups provide some advantages for long-term backup requirements, such as off-site storage and portability, which allow you to move backups from one data center to another. Oracle Secure Backup provides tape backup management for all your files relating to Oracle products, including: • Oracle database backups stored on tape through integration with Recovery Manager • Seamless support of Oracle Real Application Clusters (RAC) • Support for Oracle Cluster File System (OCFS) and Automatic Storage Management (ASM) • Central administration of distributed clients and media servers including: - Oracle Application Server - Oracle Collaboration Suite - Oracle home and binaries Note: Oracle Secure Backup has its own release cycle and version numbers; for example, Oracle Secure Backup 10.2 is the correct version for Oracle Database 11g (Release 1).
Oracle Database 11g: Oracle Secure Backup 1 - 5
Oracle University and (Oracle Corporation) use only.
Oracle Beehive configuration files Backup and restore
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Management and Integration with Oracle Products
The Integration Advantage Key benefits of RMAN and Oracle Secure Backup integration: – Exclusive support of RMAN backup encryption to tape – Faster, more reliable database backups to tape – Single technical support resource, expediting problem resolution
•
Enterprise Manager integration exclusive to OSB – Familiar interface for Oracle customers, reducing any learning curves associated with other products – Management of the entire Oracle database backup and recovery from disk (Flash Recovery Area) to tape
•
Advanced, effective security based on proven Oracle technology Copyright © 2009, Oracle. All rights reserved.
The Integration Advantage This slide summarizes key benefits of RMAN and Oracle Secure Backup integration over other third-party media management libraries. Details about the security technology are: • Secure Sockets Layer (SSL) implementation • Embedded Oracle wallets
Oracle Database 11g: Oracle Secure Backup 1 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
• Administrative server
N E T W O R K
– Maintains configuration settings and backup history catalog
Oracle Secure Backup catalog
•
Media server
Administrative server
Media server – Transfers data to or from attached devices
•
Client – Contains data to be backed up
Client Data to backup
Copyright © 2009, Oracle. All rights reserved.
Client/Server Architecture Host Roles To configure Oracle Secure Backup, you must define an administrative domain. An administrative domain is a group of machines on your network that you manage as a common unit to perform backup and restore operations. An administrative domain has one administrative server, one or more clients, and one or more media servers. • The administrative server is a machine in your administrative domain that contains a full installation of the Oracle Secure Backup software. This host maintains the backup catalog files and other files for configuration settings and administrative data. The administrative server runs the scheduler, which starts and monitors jobs within the administrative domain. You need one administrative server for each administrative domain at your site. To configure an administrative server, choose an administrative server installation when installing Oracle Secure Backup on the host. • A media server is a machine that has one or more secondary storage devices, such as a tape library, connected to it. A media server transfers data to and from its attached storage devices. During installation, you can configure multiple secondary storage devices on media servers. • A client is a machine whose locally accessed data is backed up by Oracle Secure Backup. Most of the machines defined within the administrative domain are clients.
Oracle Database 11g: Oracle Secure Backup 1 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Client/Server Architecture Host Roles
Client
Administrative server
Media server
obscheduled observiced
observiced
observiced
obhttpd
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Architecture The Oracle Secure Backup Architecture includes: • Oracle Secure Backup catalog, a directory structure with host-specific subdirectories. This means the contents vary depending on the roles you assign to the host. An administrative server has the central catalog with configuration and metadata. • Daemons (or services), which are processes, that run in the background and perform OSB operations on behalf of an application Some daemons run continually; others run only to perform specific work and then exit when the work is completed. The Oracle Secure Backup daemons actively participate in managing backup and restore operations: • obscheduled daemon: This daemon initiates scheduled events and manages jobs. • observiced daemon: On the administrative server, this daemon runs jobs (such as backup and restore operations) at the request of the obscheduled daemon. • Apache Web server daemon (obhttpd): This daemon provides the Web tool GUI for Oracle Secure Backup.
Oracle Database 11g: Oracle Secure Backup 1 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Architecture
NAS
UNIX or Windows Linux Heterogeneous clients backed up over the network
Oracle Secure Backup administrative server
LAN Media servers locally backed up
OSB Cloud module Oracle Database
Oracle Secure Backup Administrative Domain
Tape Library
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup for Centralized Tape Backup Management The Oracle Secure Backup software offers centralized backup management of heterogeneous clients and servers by storing the backup and configuration data in a central repository called the Oracle Secure Backup administrative server. The administrative server contains a consolidated backup catalog, providing a single location for managing backup policies, scheduling backups for multiple platforms, and managing local and remote tape devices. The configured machines and devices managed by an administrative server make up the Oracle Secure Backup administrative domain, as shown in the slide. The Oracle Secure Backup tape management system minimizes the complexity of managing diverse architectures by offering: • Flexible tape device configuration with options for single- and multihosted tape libraries • Support for major tape libraries and tape drives in GbE and SCSI environments • Client/server architecture providing centralized administration of distributed media servers over a local area network (LAN) or wide area network (WAN)
Oracle Database 11g: Oracle Secure Backup 1 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup for Centralized Tape Backup Management
Oracle Database 11g: Oracle Secure Backup 1 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup for Centralized Tape Backup Management (continued) The Storage Cloud enables users to take advantage of the virtually unlimited pool of computing resources and storage over the Internet (the Cloud). Unlike the traditional IT setup, users have little insight or control over the underlying infrastructure. Their interaction with the Cloud is primarily governed through an abstracted interface provided by the Cloud vendor. The Cloud is essentially disk storage. With the Oracle Secure Backup Cloud module, it is possible to send the local disk backups of the Oracle database directly to a storage cloud for off-site storage purposes. Amazon S3 is the first Cloud vendor that Oracle has partnered with, to enable database backup in the Cloud. This functionality may be extended to more Cloud platforms or vendors in the future. Backup and recovery from the Cloud is performed by RMAN. OSB 10.2 cannot back up to disk. So, OSB 10.2 does not have an explicit integration with the Cloud. RMAN backup encryption and advanced compression technologies may be used for Cloud backup strategies.
LAN
Administrative server SAN
Oracle Secure Backup: • Dynamically shares tape drives attached to the Storage Area Network (SAN) • Manages any resource contention
Fibre connectivity
Oracle Database
Tape devices
Copyright © 2009, Oracle. All rights reserved.
Typical SAN Environment Oracle Secure Backup supports Storage Area Network (SAN) environments. The slide depicts a typical SAN environment where one or more servers are attached to the SAN along with one or more tape devices. Each of the tape devices attached to the SAN appears local to the servers using SAN. Clients within the administrative domain are backed up over the network to the tape devices on the configured media servers. Oracle Secure Backup automatically manages resource contention for tape drives within the SAN. During a backup or restore operation, a server engages a tape drive, thereby making it temporarily unavailable to other servers. When the operation completes, the tape drive is again available for use by any of the servers using SAN, as permitted by your configuration. When configuring tape devices, you are asked to configure attachments, where each attachment describes a data path between the host and the device itself. A device must have at least one attachment. In a SAN environment, a tape device may have multiple attachments, one for each host that can access the device. The Fibre fabric and switches within the SAN are transparent to Oracle Secure Backup. Therefore, SAN interoperability becomes important at the hardware level. When configuring a SAN, it is recommended to confirm that the hardware components have been tested and certified to work together. Oracle Database 11g: Oracle Secure Backup 1 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Typical SAN Environment
EM
RMAN
Web tool
SBT
Database operations
Oracle Secure Backup
obtool
File-system operations
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Interface Options As shown in the slide, you can access Oracle Secure Backup in four different ways depending on what you want to do: • Enterprise Manager provides a graphical interface to Oracle Secure Backup for users who elect to perform database backup and restore operations through integration with RMAN. You can also perform administrative tasks such as managing media and devices within the Oracle Secure Backup administrative domain. The Enterprise Manager console includes a link to the Oracle Secure Backup Web tool for performing file-system backup and restore operations. • Use RMAN to back up your databases directly to tape. RMAN can be accessed either through the RMAN executable or through EM. RMAN communicates with Oracle Secure Backup through the system backup to tape (SBT) interface. • The Web tool is a GUI application that enables you to configure administrative domains, manage operations, browse the backup catalog, and back up and restore data. It provides a graphical and interactive interface to access the obtool utility. You should use this interface when making backups of file-system data. • The obtool utility provides a command-line interface to Oracle Secure Backup. This interface gives you the same functionalities as the GUI interface.
Oracle Database 11g: Oracle Secure Backup 1 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Interface Options
Media Concepts: Overview
Volume set Volume
Volume
Backup image Product of a backup operation Product of a backup operation Physical tape
Physical tape
Set of tapes containing backup images Set of volumes with common characteristics
Copyright © 2009, Oracle. All rights reserved.
Media Concepts: Overview Oracle Secure Backup organizes the backups it creates in a simple hierarchy, which comprises the following logical concepts: • A “backup image” is the product of a backup operation. A backup image is a file that consists of one or more backup sections. A backup image can be contained within a single volume or it can span multiple volumes. The part of a backup image that fits on a single volume is called a “backup section.” • A “volume” is a single unit of media such as an LTO-3 tape. It can store many backup images. • A “volume set” is a group of one or more volumes that contain a complete backup image. • A “media family” is a named classification of volumes that share some common attributes, such as the volume naming method, the policies used for writing data to volumes, and the length of time volumes are retained in the media family. When you back up files using Oracle Secure Backup, you generate a volume set that has some common characteristics defined by the media family that you have associated with your backup operation.
Oracle Database 11g: Oracle Secure Backup 1 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Media family
RMAN backup set Oracle database files
RMAN backup piece
Backup image
…
RMAN backup piece
Backup image
Oracle Secure Backup images
Copyright © 2009, Oracle. All rights reserved.
Backup Pieces and Backup Images The backup of an Oracle database, created by RMAN, results in a backup set (an RMANspecific logical structure), which contains at least one backup piece (an RMAN-specific physical file containing the backed up data). Oracle Secure Backup backs up and maintains backup metadata for each RMAN backup piece written to tape within its own catalog. You can browse backup pieces with the obtool commandline or Oracle Secure Backup Web tool. Note: Use RMAN for the management of RMAN backup pieces. If you manage the backup pieces stored on tape by using Oracle Secure Backup utilities instead of RMAN, the Oracle Secure Backup catalog and the RMAN repository can become unsynchronized. The best practice is for backup pieces to be updated through RMAN, not manually by the use of Oracle Secure Backup.
Oracle Database 11g: Oracle Secure Backup 1 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Backup Pieces and Backup Images
RMAN and Oracle Secure Backup Overview
Data file 1
BACKUP AS COPY
RMAN
OSB
Image copy
Backup image
BACKUP AS BACKUPSET
Data file 2
Backup piece
(filesperset 3)
Backup image
Library Media family Volume set Volume
Volume
Backup image section
Backup image section
Volume
Volume
Backup image section
Backup image section
Volume Backup image section
Volume
Data file 3 Backup piece Backup image
Data file 4
Backup set File-system file
Backup image section
Backup image
Media family ...
Copyright © 2009, Oracle. All rights reserved.
RMAN and Oracle Secure Backup Overview This slide combines the previously discussed concepts into one overview. On the left side it shows data files on the OS level, how they relate to RMAN image copies and backup pieces, and how these relate to OSB backup images. File-system files, which of course do not have and RMAN equivalent, relate directly to OSB backup images. The right side depicts that OSB backup images are stored as backup image section on a volume, within a volume set, which belongs to a media family in a tape library.
Oracle Database 11g: Oracle Secure Backup 1 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
OS
Oracle Secure Backup Media Family A named classification of volumes that share the same: – Volume identification sequence – Write-allowed period – Expiration policy (either content- or time-managed)
• •
Used to classify and characterize backup types Commonly associated with backup levels, which generally correspond to retention times, such as: – Full – Incremental – Archive log
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Media Family Media families provide a way to establish write periods and retention policies for data backed up to various kinds of tapes. You can, for example, establish a media family for all of your backups that remain on-site, a separate media family for your backups that are to be stored off-site. A media family is a classification of backup media that share the same: • Volume identification sequence: The volume ID consists of a fixed portion, followed by a sequence number assigned and updated by Oracle Secure Backup. When you create a media family, you specify how to generate volume IDs that become part of the volume label. • Write window: The beginning of the write window is the time at which Oracle Secure Backup first writes to a volume in the volume set. The write window is a user-specified time interval that applies to all volumes in the set. Oracle Secure Backup continues to append backups to the volume set until the end of this interval. When the write window closes, Oracle Secure Backup does not allow further updates to the volume set until it expires or is relabeled, reused, unlabeled, or overwritten. • Expiration policy: When a volume set expires, Oracle Secure Backup automatically considers each volume in the set eligible to be overwritten. A media family is either content managed (default) or time managed. These two policies are mutually exclusive.
Oracle Database 11g: Oracle Secure Backup 1 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
mainlib
Tape library robotics move tapes between drives and slots.
Storage elements (slots) store tapes.
Tape library Robotic control ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________ ____________
Barcode reader scans labels on cartridges.
maintd1
maintd2
maintd3
Type of tape drive refers to its tape format such as LTO-3 or SDLT600.
Device connectivity varies by device: SCSI, Fibre, and iSCSI Copyright © 2009, Oracle. All rights reserved.
Tape Drives and Libraries Oracle Secure Backup maintains information about secondary storage devices, tape libraries, and tape drives, so they can be used for local and network backup and restore operations. These devices are easily configured during the installation process, or a new device can be easily added to an existing Oracle Secure Backup environment. Each tape drive and tape library is uniquely identified within an Oracle Secure Backup administrative domain by a user-defined name (for example, mainlib and maintd1). Because Oracle Secure Backup manages tape drive operations, it must explicitly be able to identify the tape drive as well as understand if the tape drive is housed within a tape library. Oracle Secure Backup must further determine which tape slots (storage elements) are available for storing tapes when they are not loaded in a tape drive. Before you can use tape drives or tape libraries with Oracle Secure Backup, you must add the device to the administrative domain. Oracle Secure Backup maintains a distinction between a device and the means by which the device is connected to a host. Each device you configure can have one or more attachments, where each attachment describes a data path between a host and the device itself. Most often, an attachment includes the identity of a host plus a UNIX device special file name, a Windows device name, or NAS device name. In rare cases, additional information is needed to complete the attachment definition.
Oracle Database 11g: Oracle Secure Backup 1 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Drives and Libraries
When a device is attached to multiple hosts, Oracle Secure Backup automatically manages contention for the device so that only one host is permitted access to it at any time. For example, SAN-attached devices often have multiple attachments, one for each host that has local access to the device through its Fibre channel interface.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Drives and Libraries (continued) A Fibre channel–attached tape drive or tape library often has multiple attachments, one for each host that can directly access it.
Oracle Database 11g: Oracle Secure Backup 1 - 18
Virtual Tape Library (VTL) Providing the performance advantages of disk backup – Disk appliances, emulating tape libraries and drives – Most popular virtual tape libraries supported by Oracle Secure Backup See “Tape Device” compatibility guide on Oracle Technology Network)
•
Increasingly adopted into IT environments – Seamless deployment without changing backup infrastructure – Flexible configuration with user-defined options for number and type of tape emulation
•
Attached to the network or servers, depending on the manufacturer
Copyright © 2009, Oracle. All rights reserved.
Virtual Tape Library (VTL) A virtual tape library leverages traditional tape backup with disk technology to create an optimized backup and recovery infrastructure. Tape emulation software on the disk appliance emulates popular tape devices and formats. Because VTLs identify themselves as tape equipment, for the backup software, they appear identical to the actual tape device that is emulated. VTLs offer the performance advantages of disk backup and they may be seamlessly deployed in a system environment, without changing the backup infrastructure. Note: In this class (where physical tape devices are not available), you use virtual test devices to practice Oracle Secure Backup operations. These virtual test devices are not supported in production use and are different from the commercially sold VTLs. For a list of supported VTLs, refer to Certify on My Oracle Support.
Oracle Database 11g: Oracle Secure Backup 1 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Oracle Database
File-System Data
Defining what data to back up
RMAN backup sets
User-defined datasets: based on hosts, files, or directories
Backup options
Use RMAN backup levels: full and incremental
Multilevel backups: full, incremental, or off-site
Frequency of backups
Recurring or immediate backups scheduled using Enterprise Manager
Flexible date/time calendar– based scheduling On-demand backups
Copyright © 2009, Oracle. All rights reserved.
Managing Data to Be Protected Managing the backup infrastructure of file-system data and Oracle database data is easily administered with Oracle Secure Backup and RMAN. Defining what data to back up is conceptually similar for file-system and database data. Both require that you, the user, define what to include in the backup. For the database, you use the RMAN backups sets created using RMAN or Enterprise Manager. For file systems, Oracle Secure Backup uses “datasets.” Use the Oracle Secure Backup Web tool to define file-system datasets. After defining what data to back up, you must determine what type of backup is most appropriate to meet your backup and restore requirements. Oracle Secure Backup offers multiple backup levels for file-system backups including full backup levels, multiple incremental levels, and an off-site backup level. The off-site level is actually a full backup performed without interfering with any incremental backup strategies. Oracle Secure Backup also provides flexible scheduling options that enable you to determine ongoing backup schedules based on the day and time granularity. For the Oracle database, RMAN offers full and incremental backup levels that are backed up to tape by Oracle Secure Backup. After you have defined what, how, and how often to back up your data through scheduling, Oracle Secure Backup can automatically implement your backup schedules, only requiring manual intervention for hardware errors or media needs.
Oracle Database 11g: Oracle Secure Backup 1 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Data to Be Protected
Securing Data and Access to the Backup Domain User-level access control – Users assigned to a set of privileges, called classes – Consistent user identity mapping OS privileges to Oracle Secure Backup user, called preauthorized access
•
Host authentication –
•
Two-way server authentication
Encryption – Oracle Secure Backup encryption for data in transport and on tape – For database backups: choice of RMAN and OSB encryption – For file-system backups: OSB encryption
Copyright © 2009, Oracle. All rights reserved.
Securing Data and Access to the Backup Domain Access Control To access the Oracle Secure Backup software, you must enter a username and password or use preauthorization. Each Oracle Secure Backup user is assigned to a class, which defines the actions that are permitted for that user. Host Authentication All hosts in the administrative domain use SSL and X.509 certificates for identity verification and authentication. Sensitive data is encrypted before transmittal over the network. The Web server requires a signed X.509 certificate and associated public and private keys to establish an SSL connection with a client browser. The X.509 certificate for the Web server is self-signed by the installation script when you install OSB on the administrative server. Note: Currently, the Network Data Management Protocol (NDMP) does not include a mechanism to accommodate the negotiation of an SSL connection to NDMP filers. Encryption For your database backups, you have a choice of RMAN and OSB encryption; for your filesystem backups, use OSB encryption.
Oracle Database 11g: Oracle Secure Backup 1 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
The best way to manage Oracle backup pieces when your configuration includes Oracle Secure Backup (OSB) is with: 1. OSB 2. RMAN 3. OSB or RMAN 4. RMAN or SQL
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 1 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which interfaces may be used to back up and restore filesystem data: 1. obtool 2. RMAN 3. Enterprise Manager 4. Web tool
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 4
Oracle Database 11g: Oracle Secure Backup 1 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
During a backup or restore operation, a server engages a tape drive; but the tape drive is available at the same time for use by any of the servers on the SAN as permitted by your configuration. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 1 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which of the following statements is true? - You can assign to a single host: 1. The role of administrative server 2. The role of media server 3. The role of OSB client 4. All three roles
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2, 3, 4
Oracle Database 11g: Oracle Secure Backup 1 - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Why Use Oracle Secure Backup? Intelligent integration with RMAN delivering the best performance and security for database backups – Backup encryption performed with Oracle database – Faster, smaller backups protecting only used blocks
•
Scalable, low-cost per-tape drive pricing – Substantial cost savings over the competition – Unlimited clients, servers, and NAS
• •
Single technical support resource for entire backup solution expedites problem resolution Reliable, centralized backup management for entire Oracle environment
Copyright © 2009, Oracle. All rights reserved.
Why Use Oracle Secure Backup? • Since Oracle 8.0, RMAN is the recommended backup utility for the Oracle database. It is known for reliable, automated, online protection of data to disk, and is integrated with numerous third-party media management products for backups to tape. Oracle Secure Backup provides an alternative to expensive, third-party tape backup utilities by providing the media management layer for RMAN tape utilization. • Oracle Secure Backup increases customer return on investment by providing end-to-end tape data protection for your Oracle environment at a fraction of the cost of other tape products. • Oracle Secure Backup exclusively provides RMAN encrypted backup to tape. • To deliver the fastest database tape backup, Oracle Secure Backup backs up only used blocks (from Oracle Database 10.2.0.2 and later). This process makes the backups faster and smaller, which also saves space on tape. • Oracle Secure Backup (as part of the Oracle technology stack) offers a single-vendor technical resource for complete Oracle database protection. The Oracle Secure Backup installation automatically links the SBT libraries for RMAN tape backups.
Oracle Database 11g: Oracle Secure Backup 1 - 26
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
In this lesson, you should have learned how to: • Describe how Oracle Secure Backup complements the Oracle backup and recovery options • Define Oracle Secure Backup terminology • Describe Oracle Secure Backup interface options • Describe backup management features of Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 1 - 27
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Installing Oracle Secure Backup
After completing this lesson, you should be able to: • Decide on the structure of your administrative domain • Perform preinstallation tasks • Install Oracle Secure Backup on Linux
Copyright © 2009, Oracle. All rights reserved.
For More Information • Oracle Secure Backup Installation and Configuration Guide • For supported tape devices, see http://www.oracle.com/technology/products/secure-backup. • For supported Web browser, platform and NAS devices, see Oracle’s certification matrix on My Oracle Support.
Oracle Database 11g: Oracle Secure Backup 2 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Performing Preinstallation Tasks Confirm that your planned environment is supported. – Tape device support matrix on OTN – Platform support on Certify on metalink.oracle.com
• • •
•
Plan disk space for Oracle Secure Backup. Obtain Oracle Secure Backup software via OTN download or CD. Plan your administrative domain-that is, determine which host will be the administrative server, which the media server(s) and which the client(s). Obtain SCSI device information (UNIX and Linux).
Copyright © 2009, Oracle. All rights reserved.
Performing Preinstallation Tasks There is no required sequence between the preinstallation tasks. Check the supported device list on OTN to confirm that your environment is supported: • Platform support by host role • Tape library and tape drive support • Connectivity support Each host that participates in an Oracle Secure Backup administrative domain must have a network connection and run TCP/IP. Oracle Secure Backup uses this protocol for all inter- and intra-server communication between its own and other system components. Each appliance that employs a closed operating system, such as Network Attached Storage (NAS) and tape servers, is backed up using NDMP. This protocol enables Oracle Secure Backup to access primary and secondary storage controlled by the appliance. Each host that participates in an Oracle Secure Backup administrative domain must also have some preconfigured way to resolve a host name to an IP address. Most systems use one of the name resolution mechanisms: Domain Name Service (DNS), Network Information Service (NIS), Windows Internet Name Service (WINS), or a local hosts file to do this. Oracle Secure Backup does not require a specific mechanism. Oracle Secure Backup requires only that, upon presenting the underlying system software with an IP address you have configured, it obtains an IP address corresponding to that name. Oracle Database 11g: Oracle Secure Backup 2 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
The graphic makes a distinction between the original software OTN CD-ROM installation, which includes the mandatory configuration of the administrative server, and later configurations of media and client host roles. It also shows that tape drives and libraries can 1. Software 2. Configure additional hosts and be added at any point in time. installation
tape devices
Administrative server Media server
Media server
Client
Tape drives and libraries
Client
Copyright © 2009, Oracle. All rights reserved.
Installation and Configuration of the Administrative Domain The installation and configuration of your administrative domain includes the following: • Install the Oracle Secure Backup software itself on each of your hosts except NDMP-enabled hosts such as NAS filers. • Define your administrative domain on the administrative server. This step involves defining all media servers, clients, and NAS filers. • When installing a media server, Oracle Secure Backup device attachments are created as part of the device driver installation process. These attachments are used during the device definition. Make the administrative server aware of the tape devices that exist in your administrative domain. On each defined media servers, you configure the directly attached SCSI and Fibre Channel devices (tape libraries and tape drives). If you use a NAS filer with attached tape libraries and tape drives, you can use Oracle Secure Backup commands to discover these devices; this allows Oracle Secure Backup to recognize and communicate with the NASattached devices.
Oracle Database 11g: Oracle Secure Backup 2 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Installation and Configuration of the Administrative Domain
The host that you use to initiate and manage backup and restore jobs should have the role of administrative server. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 2 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
You have hosts in your network with data that needs to be backed up. Assign these hosts the role of: 1. Administrative server 2. OSB client 3. Media server
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 2 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
You should assign hosts, which have tape or other secondary storage devices attached to them, the role of media server. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 2 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 2 - 8
Oracle University and (Oracle Corporation) use only.
Quiz
A single host can NEVER serve all roles. 1. True 2. False
Performing Installation Tasks
2. Create an Oracle Secure Backup home directory. 3. Change your directory to the directory. 4. Run the setup program from your directory and respond to the prompts. [stage] $ su Password: [stage]# mkdir -p /usr/local/oracle/backup [stage]# cd /usr/local/oracle/backup [backup]# /stage/osb_installmedia/setup
Copyright © 2009, Oracle. All rights reserved.
Performing Installation Tasks The recommended directory for installing the Oracle Secure Backup software is /usr/local/oracle/backup. You can install the software in a different directory, if desired. However, then the printed and online documentation for Oracle Secure Backup may not agree with your actual commands, output, and GUI screens. For users new to Oracle Secure Backup, this can add an unwanted layer of confusion. In this course, you use the default directory /usr/local/oracle/backup as OSB_Home. Note: There is no default “OSB_Home” environment variable, which is used to refer to this directory, unlike the ORACLE_HOME variable used with Oracle Database installations. After your OSB_Home directory is created, change your current directory to the OSB_Home directory, and execute the setup program from your staging area, which in this example is the /stage/osb_installmedia directory. If you use your CD-ROM drive as your staging area, use a command similar to /cdrom/cdrom0/setup. In the slide example, a stage directory is used instead of a CD-ROM drive.
Oracle Database 11g: Oracle Secure Backup 2 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
1. Log in as the root user.
Administrative Server Installation: Example
This CD-ROM contains Oracle Secure Backup version 10.2.0.2.0_linux32. Please wait a moment while I learn about this host... done. - - - - - - - - - - - - - - - - - - - - 1. Linux32 administrative server, media server, client - - - - - - - - - - - - - - - - - - - - Loading Oracle Secure Backup installation tools... done. Loading linux32 administrative server, media server, client... done. - - - - - - - - - - - - - - - - - - - - Loading of Oracle Secure Backup software from CD-ROM is complete. You may unmount and remove the CD-ROM. Would you like to continue Oracle Secure Backup installation with 'installob' now? (The Oracle Secure Backup Installation Guide contains complete information about installob.) Please answer 'yes' or 'no' [yes]: no
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example As you can see, Oracle Secure Backup analyzes the host on which you start the installation, then it loads the relevant software. installob is the primary installation script for Oracle Secure Backup. It can be called in a standalone fashion by invoking the installob shell script.
Oracle Database 11g: Oracle Secure Backup 2 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Welcome to Oracle's setup program for Oracle Secure Backup. This program loads Oracle Secure Backup software from the CDROM to a filesystem directory of your choosing.
Welcome to installob, Oracle Secure Backup's UNIX installation program. It installs Oracle Secure Backup onto one or more UNIX or Linux systems on your network. (Install Oracle Secure Backup for Windows using the CD-ROM from which you loaded this software.) For most questions, a default answer appears enclosed in square brackets. Press Enter to select this answer. Please wait a few seconds while I learn about this machine... done. Have you already reviewed and for your Oracle Secure Backup Would you like to do this now - - - - - - - - - -
customized install/obparameters installation [yes]? no [yes]? no - - - - - - - - - - -
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example (continued) The obparameters file is preconfigured. If you wish a default installation, answer no, once, to the question about customizing this file. If you wish to customize it, then you can use a text editor to edit the obparameters file in the /usr/local/oracle/backup/install/ directory (referred to as the OSB_Home/install directory). Various parameters are defined that you can configure to meet the needs of your business. For example, you can modify parameters for: • Automatic startup at boot time of the observiced daemon • Automatic creation of an Oracle Secure Backup user, called oracle, that is assigned the oracle class, and preauthenticated to be used by RMAN • Default certificate key size
Oracle Database 11g: Oracle Secure Backup 2 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Installation: Example
Oracle Secure Backup is not yet installed on this machine. Oracle Secure Backup's Web server has been loaded, but is not yet configured. You can install this host one of three ways: (a) administrative server (the host will also be able to act as a media server or client) (b) media server (the host will also be able to act as a client) (c) client If you are not sure which way to install, please refer to the Oracle Secure Backup Installation Guide. (a,b or c) [a]? a
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example (continued) Specify the role for this server. If you install Oracle Secure Backup for first time on a specific network, then you should begin with an administrative server installation. By default, the administrative server is also configured as a client.
Oracle Database 11g: Oracle Secure Backup 2 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Installation: Example
Beginning the installation. This will take just a minute and will produce several lines of informational output. Installing Oracle Secure Backup on edvmr1p0 (Linux version 2.6.9-67.0.7.0.1.ELxenU) You must now enter a password for the Oracle Secure Backup encryption key store. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the key store password:key_password Re-type password for verification:key_password
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example (continued) Choose a password for the Oracle Secure Backup encryption key store, which follows your security strategies. (Do not forget this password). Note: In this class, simple and easy to remember passwords (oracle) are used to avoid detracting from the purpose of the exercise. In real development and production environments, use strong passwords that follow the guidelines in Oracle Database Security Guide and the Oracle Secure Backup Administrator’s Guide.
Oracle Database 11g: Oracle Secure Backup 2 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Installation: Example
You must now enter a password for the Oracle Secure Backup 'admin' user. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the admin password:admin_password > Re-type password for verification:admin_password You should now enter an email address for the Oracle Secure Backup 'admin‘ user. Oracle Secure Backup uses this email address to send job summary reports and to notify the user when a job requires input. If you leave this blank, you can set it later using the obtool's 'chuser' command. Please enter the admin email address:
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example (continued) Choose a password for the admin user, which follows your security strategies. If you know the email of the admin user you can enter it as well. During the software installation, you see the actions that are performed. For example: generating links for admin installation with Web server updating /etc/ld.so.conf checking Oracle Secure Backup's configuration file (/etc/obconfig) setting Oracle Secure Backup directory to /usr/local/oracle/backup in /etc/obconfig setting local database directory to /usr/etc/ob in /etc/obconfig setting temp directory to /usr/tmp in /etc/obconfig setting administrative directory to /usr/local/oracle/backup/admin in /etc/obconfig protecting the Oracle Secure Backup directory creating /etc/rc.d/init.d/observiced activating observiced via chkconfig initializing the administrative domain
If you wish to see the daemons or background processes, enter the following after the installation: # ps -a |grep ob 13760 pts/0 00:00:00 observiced 13772 pts/0 00:00:00 obscheduled
Oracle Database 11g: Oracle Secure Backup 2 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Installation: Example
*********************** N O T E ************************ On Linux systems Oracle recommends that you answer no to the next two questions. The preferred mode of operation on Linux systems is to use the /dev/sg devices for attach points as described in the 'ReadMe‘ and in the 'Installation and Configuration Guide'. Is edvmr1p0 connected to any tape libraries that you'd like to use with Oracle Secure Backup [no]? no Is edvmr1p0 connected to any tape drives that you'd like to use with Oracle Secure Backup [no]? no Installation summary: Installation Mode admin
Host OS Driver Name Name Installed? edvmr1p0 Linux no
OS Move Required? no
Reboot Req? no
Oracle Secure Backup is now ready for your use.
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Installation: Example (continued) After the Oracle Secure Backup software has been installed, you are asked if you want to configure any tape libraries or tape drives that might be attached to the current host. As suggested in the NOTE on the slide, you should answer no to both questions and follow the methods recommended in the Oracle Secure Backup Installation Guide. After the software installation completes, an installation summary appears.
Oracle Database 11g: Oracle Secure Backup 2 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Installation: Example
There are 3 Windows screenshots on this slide, showing: – the Oracle Secure Backup welcome page – the setup page, on which you choose which host roles to install, and – the admin user password and email page
Copyright © 2009, Oracle. All rights reserved.
Wizard-Based Installation on Windows Start your Windows installation by running the setup.exe program. This activates the InstallShield wizard. Answer the questions of the InstallShield wizard, such as your customer information, your server role definition, your predefined Oracle user, passwords for the admin user and the encryption key store, and other questions needed to complete the installation on a Windows server. During the installation process, the Oracle Secure Backup Setup wizard copies all Oracle Secure Backup files to the local host and generates Windows Registry entries. The default directory on Windows is C:\Program Files\Oracle\Backup\, which is different from the recommended UNIX directory of usr/local/oracle/backup.
Oracle Database 11g: Oracle Secure Backup 2 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Wizard-Based Installation on Windows
Oracle Secure Backup
Web tool
obtool
https://
EM interface
.
https://:1158/em
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Interfaces You can use either the GUI interface or the obtool command-line interface (CLI) to access the Oracle Secure Backup information. In all cases, you must use a valid username and password. For example, if you want to view the Oracle Secure Backup users, you can choose any of these three interfaces: • You can start the Web tool by entering https:// into your Web browser. Click the Configure tab, and then click Users. • You can start Enterprise Manager by entering https://:1158/em into your Web browser, and then select the following: Availability > Oracle Secure Backup Device and Media > Configure > Users. • You can start the obtool command line by entering obtool in a terminal window, and then the lsuser command. Note: Enterprise Manager is the recommended interface.
Oracle Database 11g: Oracle Secure Backup 2 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Interfaces
This screenshot has the OSB home page as it first appears. The home page has the following sections: 1. Failed Jobs 2. Active Jobs 3. Pending Jobs 4. Completed jobs (within the last 24 hours) 5. Devices No jobs have been executed; the devices are not in use.
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Web Tool Home Page The Oracle Secure Backup Web tool Home page provides a snapshot of the current status of Oracle Secure Backup jobs and devices, presenting important summary information to administrators and users. The Home page includes the schedule times and status of recent jobs as well as job IDs, job type, and job level. Oracle Secure Backup provides a link for failed jobs, alerting users and administrators to potential trouble spots. The Devices link lists the devices associated with each job along with information concerning device type, device name, and status. This page provides you with an overall sense of the various backup or restore processes that are going on. The Web tool provides a graphic interface for just about all of the Oracle Secure Backup features, such as: • Flexible scheduling options for backups of file-system data: - Specify backups based on time of day, days of the week, month, quarter, or year - Schedule backups to start immediately or at a future date • Backup windows to minimize impact on day-to-day backup operations • Ability to create off-site backups for remote storage without disturbing currently scheduled incremental backups of the same data
Oracle Database 11g: Oracle Secure Backup 2 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Web Tool Home Page
Category
Obtool Command
Hosts
lshost -l
Devices
lsdev
Storage selectors
lsssel
User info
id, lsuser, lsclass
Jobs and schedules
lsjob (-a | -c | -p) lsbw (backup windows) Lssched
Backups
lsds (for dataset information) lspiece (for RMAN backup pieces) lsbackup (for file-system backups) lssection (for backup image sections)
Media families
lsmf --long
Volumes
lsvol --all or lsvol --library
Copyright © 2009, Oracle. All rights reserved.
Common Obtool Commands The slide lists some of the common obtool commands that you can use to query the Oracle Secure Backup administrative and catalog data. Depending upon the information you want to retrieve, you may use additional options to specify the amount of information returned, such as listing all the volumes for a particular media family or listing only completed jobs. For details of all command options, see the Oracle Secure Backup Reference. These commands can assist you with troubleshooting your OSB installation and configuration. For example, the lshost command shows the current roles of a host. If you want to add a device to your OSB domain, the host must have the mediaserver role, which is not installed by default.
Oracle Database 11g: Oracle Secure Backup 2 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Common Obtool Commands
Oracle Secure Backup installation automatically discovers NAS-attached media devices. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 2 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
When installing the administrative server, the following components are also installed: 1. Media server only 2. Client only 3. Media server and client 4. None
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 2 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
After initial installation, the OSB administrative server is automatically configured with a media server role: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 2 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Decide on the structure of your administrative domain • Perform preinstallation tasks • Install Oracle Secure Backup on Linux
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 2 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Creating your Oracle Secure Backup home directory • Installing the Oracle Secure Backup software • Configuring the media server and virtual test devices • Inserting volumes into both tape libraries Note: Completing all practice steps is a prerequisite for all the following practices.
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 2 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2 Overview: Installing and Configuring Oracle Secure Backup
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Securing Domain and Data
After completing this lesson, you should be able to: • Manage user access control for Oracle Secure Backup • Add an Oracle Secure Backup user with preauthorized access • Describe host authentication • Determine backup security characteristics • Describe Oracle Secure Backup encryption • Configure host encryption policies
Copyright © 2009, Oracle. All rights reserved.
Objectives This course focuses on Oracle Secure Backup: Access control, authentication and OSB encryption. For comprehensive coverage of Oracle’s security concepts and tools (including RMAN encryption), see the course titled Oracle Database 11g: Security.
Oracle Database 11g: Oracle Secure Backup 3 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Access Control Authentication Encryption
Oracle Secure Backup user: • Is different from an Oracle schema and an OS user • Is assigned to a single UNIX and a single Window account • Has one set of access rights • Belongs to only one class Set of user rights
Set of user rights
Class
Class
Copyright © 2009, Oracle. All rights reserved.
Managing User Access Control Oracle Secure Backup maintains its own catalog of Oracle Secure Backup users and their rights on the administrative server. This is in addition to the database access and operating system control. By storing Oracle Secure Backup access control information about the administrative server, Oracle Secure Backup maintains a consistent user identity across the administrative domain. A set of “rights” is grouped into a “class,” which can be assigned to multiple users. However, each user is a member of exactly one class. An Oracle Secure Backup user is different from an Oracle schema user, as well as an operating system user. You can assign Oracle Secure Backup usernames and passwords that are identical to or different from those of existing operating system users. Each Oracle Secure Backup user is associated with a single UNIX account and a single Windows account. These UNIX and Windows accounts are used when some component of Oracle Secure Backup must assume a UNIX or Windows identity when running on behalf of a given Oracle Secure Backup user. Note: You might find it convenient to name Oracle Secure Backup users like their OS user identity. To configure Oracle Secure Backup users, you must belong to a class with the “Modify administrative domain’s configuration” right. Oracle Database 11g: Oracle Secure Backup 3 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing User Access Control .>
Predefined Classes and User Rights Browse backup catalogs with this access
operator
user
oracle
reader
Privileged
notdenied
permitted
permitted
named
Y Y
Y
Y Y
Modify any job, regardless of its owner
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Access Oracle backups
all
all
Perform Oracle backups and restores
Y
Y
Display administrative domain's configuration
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
admin
Modify own name and password Modify administrative domain's configuration Perform backups as self Perform backups as privileged user List any jobs owned by user Modify any jobs owned by user Perform restores as self Perform restores as privileged user Receive e-mail requesting operator assistance Receive e-mail describing internal errors Query and display information about devices Manage devices and change device state List any job, regardless of its owner
Y Y
Y Y Y Y Y Y Y Y Y Y Y Y
Y Y Y Y
Y
owner
Y Y Y Y Y Y Y
owner
none
Y
Copyright © 2009, Oracle. All rights reserved.
Predefined Classes and User Rights A class defines a set of rights or access privileges. Oracle Secure Backup comes with the following predefined classes: • admin: Is used for the overall administration of a domain. The admin class has all the rights and privileges needed to modify domain configurations and perform backup and restore operations. • operator: Is used for standard day-to-day operations. The operator class lacks configuration privileges but has all the rights needed for backup and restore operations as well as viewing and managing devices. • user: Is assigned to specific users giving them permission to interact in a limited way with their domains. This class is reserved for users who need to browse their own data within the Oracle Secure Backup catalog and perform user-based restore operations. • oracle: Is similar to the operator class with specific privileges to modify Oracle database configuration settings, as well as to perform Oracle database backups and restore operations • reader: Enables users to view the Oracle Secure Backup catalog data. Readers are permitted only to modify the given name and password for their Oracle Secure Backup user accounts. You can use the mkclass command to define your own Oracle Secure Backup user class. Oracle Database 11g: Oracle Secure Backup 3 - 4
Oracle University and (Oracle Corporation) use only.
Rights
Oracle Database 11g: Oracle Secure Backup 3 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Predefined Classes and User Rights (continued) Here is the explanation of each right: • Browse backup catalogs with this access: - Privileged: Users can browse all directories. - Notdenied: Users can browse any directory for which they are not explicitly denied access. This option differs from permitted in that it allows access to a directory having no stat record stored in the catalog. - Permitted: Users can browse a directory to which, based on operating system file ownership and protection, they have read rights. - Named: Users can browse a directory if the UNIX user defined in the Oracle Secure Backup identity is listed as the owner of the directory or the UNIX group defined in the Oracle Secure Backup identity matches the group of the directory. If the UNIX user defined in the Oracle Secure Backup identity has read rights for the directory, but is not the UNIX owner or a member of the UNIX group associated with the directory, then the user is not able to browse the directory. - None: Users have no rights to browse any directory. • Display administrative domain’s configuration allows the class member to list objects (for example, hosts, devices, and users) in the administrative domain. • Modify own name and password allows the class member to modify certain attributes for their own user objects (password and given name). • Modify administrative domain’s configuration allows the class member to edit (create, modify, rename, and remove) all configuration data in an Oracle Secure Backup administrative domain. These include classes, users, hosts, devices, defaults and policies, schedules, datasets, media families, summaries, and backup windows. • Perform backups as self allows the class member to back up only those files and directories in which the member has access (using either UNIX user and group names or a Windows domain account). • Perform backups as privileged user allows the class member to back up files and directories while acting as a privileged user (root on UNIX and as a member of the Administrators group on Windows). • List any jobs owned by user enables the class member to view: - Status of scheduled, ongoing, and completed jobs that they create - Transcripts for job that they create • Modify any jobs owned by user allows the class member to modify only jobs that the member configured. • Perform restore as self allows class members to restore the contents of backup images under the restrictions of the access rights imposed by the user’s UNIX name or group, or the Windows domain and account.
Oracle Database 11g: Oracle Secure Backup 3 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Predefined Classes and User Rights (continued) • Perform restore as privileged user allows the class member to recover the contents of backup images as a privileged user (root on UNIX and as a member of the Administrators group on Windows). • Receive email requesting operator assistance allows the class member to receive email messages when Oracle Secure Backup requires manual intervention. Occasionally, during backup and restore operations, your assistance may be required—for example, if a new tape is required to continue a backup. In such cases, emails are sent to all users who belong to classes having this attribute. • Receive email describing internal errors allows the class member to receive email messages describing errors that occurred in any Oracle Secure Backup activity. • Query and display information about devices allows the class member to query the state of all storage devices configured within the administrative domain. • Manage devices and change device state allows a class member to control the state of devices. • List any job, regardless of owner allows the class member to view: - Status of any scheduled, ongoing, and completed jobs - Transcripts for any job • Modify job, regardless of owner permits the class member to make changes to any job. • Access Oracle backups specifies the type of access to Oracle Database backups made through the SBT interface. The values are as follows: - owner indicates that the user can access only SBT backups created by the user. - class indicates that the user can access SBT backups created by any Oracle Secure Backup user in the same class. - all indicates that the user can access all SBT backups. - none indicates that the user has no access to SBT backups. • Perform Oracle backups and restores allows the class member to back up and restore Oracle databases. Users with this right are Oracle Secure Backup users that are mapped to operating system accounts used when performing Oracle database installations. SBT requests will be honored only if the OS account making the request is mapped to an Oracle Secure Backup user who has the “Oracle database backup/restore” right. In addition to this, SBT restore, query, and remove requests will be honored only if the OS account making the request is mapped to an Oracle Secure Backup user whose “Access Oracle backups” right allows access to the piece requested.
Tip: No clear text passwords, use prompts. For unprivileged backup, that is, file-system backup not as UNIX root or Windows Administrator
Copyright © 2009, Oracle. All rights reserved.
Configuring Oracle Secure Backup Users To configure one or more users, perform the following steps: 1. From the Web tool Home page, click the Configure tab in the menu bar. 2. Click Users in the submenu under Basic. The Users page appears. 3. Click the Add button to add a new user. A dialog box appears for entering a username. 4. Enter a username in the User field. Formally, it is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain. Practically, you might find it convenient to choose Oracle Secure Backup usernames that are identical to users’ Windows or UNIX names. 5. Enter a password for the user in the Password field. This password is used to log in to Oracle Secure Backup. Note: The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle Corporation. It is a security vulnerability. The recommended procedure is to prompt the user for the password. 6. Select a class from the User class list. 7. Optionally, enter a given name in the Given name filed. This name is for information purposes only.
Oracle Database 11g: Oracle Secure Backup 3 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Oracle Secure Backup Users
Oracle Database 11g: Oracle Secure Backup 3 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Oracle Secure Backup Users (continued) 8. Enter a UNIX name for this account in the UNIX name field. This name forms the identity of any nonprivileged jobs run by the user on UNIX systems. If this Oracle Secure Backup user will not, or is not permitted to, run Oracle Secure Backup jobs on UNIX systems, the user can leave this field blank. 9. Enter a UNIX group name for this account in the UNIX group field. This name forms the identity of any nonprivileged jobs run by the user on UNIX systems. 10. In the NDMP server user list, select yes if you want Oracle Secure Backup’s NDMP server to accept a login from this user using the username and password you have supplied. This is not required for normal Oracle Secure Backup operation and is typically set to no. 11. Enter the email address for the user in the Email address field. When Oracle Secure Backup wants to communicate with this user, such as to deliver a summary report or notify the user of a pending input request, it does so by sending an email to this address. 12. Choose one of the following: - Click Apply to add the user account and remain in this page. - Click OK to add the user account and return to the Users page. The user account appears in the User Name box on the Users page. A message appears in the Status box informing you that the user was successfully added. - Click Cancel to avoid the operation and move back one page. 13. If the user you configured needs to initiate backup and restore operations on Windows clients, refer to the “Assigning Windows Account Information” section. Note: Oracle Secure Backup creates the admin user when a new administrative domain is initialized. You cannot remove the admin user.
% obtool Oracle Secure Backup 10.2 login: osbuser1
osbuser1 can only backup and restore data accessible to UNIX name: jdoe UNIX group: sysadmin
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup User: OS Permissions When writing backup data to tape, you must log into Oracle Secure Backup. You can login explicitly or transparently by using "preauthorization". Oracle Secure Backup uses the class and rights assigned to the osbuser1 user, to determine whether or not the requested action is allowed. In this example, the osbuser1 user can only back up and restore data accessible by the jdoe UNIX user and the sysadmin UNIX group. The UNIX name and group are the identity under which an unprivileged backup operation will be performed. When an Oracle Secure Backup user makes an unprivileged backup or restore of a host, the host is accessed by means of an operating system identity. • If a UNIX or Linux host is backed up or restored, then Oracle Secure Backup uses the UNIX username and group values for the operating system identity. • If a Windows host is backed up or restored, then Oracle Secure Backup uses the first (domain, account, password) triplet that allows access to the host.
Oracle Database 11g: Oracle Secure Backup 3 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup User: OS Permissions
Type of Backup Operation
OS Namespace
Scheduled job
OSB admin user: typically root on UNIX or LocalSystem on Windows
Unprivileged on-demand and RMAN backups
Current session of the OSB user
Privileged backup
root on UNIX; OSB service on Windows
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup User: OS Permissions (continued) The OS user that is used to access the files being backed up depends upon the type of backup operation: • If you create a scheduled job, the backup runs in the OS namespace associated with the Oracle Secure Backup admin user, which is typically root on UNIX-like systems or LocalSystem on Windows systems. • If you perform an on-demand backup, the OS namespace associated with the Oracle Secure Backup user of the current session is used, unless you specify the backup should run as a privileged operation. A backup that runs in privileged mode runs under the root operating system identity. On Windows systems, the backup runs under the same account as the Oracle Secure Backup service on the Windows client. Backup and restore requests submitted through the RMAN interface are treated as on-demand jobs.
Oracle Database 11g: Oracle Secure Backup 3 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup User: OS Permissions
RMAN script: run { … allocate channel oem_sbt_backup1 type 'SBT_TAPE' format '%U'; …}
Preauthorized users do not log in explicitly. Oracle Secure Backup verifies: • RMAN preauthorization • Matching OS and database identity • Backup and /or restore class rights
Copyright © 2009, Oracle. All rights reserved.
Preauthorization You can preauthorize Oracle Secure Backup users for the use of the obtool command line (cmdline), rman, or both. Using the example from the previous slide, the jdoe OS user can be preauthorized to use Oracle Secure Backup as the osbuser1 OSB user, without having to supply an Oracle Secure Backup username or password. Preauthorization for file-system backups is primarily used to avoid logging in to Oracle Secure Backup when running custom scripts. Without cmdline preauthorization, the script would fail, because access to Oracle Secure Backup is not granted without user login. RMAN preauthorization is required to successfully backup or restore the Oracle database. Oracle database backups are invoked from RMAN or Enterprise Manager. When Oracle Secure Backup receives communication from RMAN (through sbt), Oracle Secure Backup verifies that an OSB user meets the following requirements: 1) RMAN preauthorization on that host 2) Matching the OS user identity of the Oracle instance associated with the database (which is, for example, oracle) 3) Assignment to a class with rights to back up or restore Oracle database If these three criteria are not successfully met, Oracle Secure Backup does not perform the RMAN backup or restore requests. Oracle Database 11g: Oracle Secure Backup 3 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Preauthorization
Best Practice Tip: Limit preauthorized access to selected hosts.
Unique combination of: Hosts, OS and Windows name
Copyright © 2009, Oracle. All rights reserved.
Preauthorizing Access To provide preauthorized access, you can modify parameters for an existing user account: 1. From the Users page, select the name of the user from the User Name box. 2. Click the Edit button. A page appears with details for the user you selected. 3. Make any required changes. To modify users, you must be a member of a class that has this right enabled. 4. Choose one of the following: - Click Apply to remain in this page. - Click OK to save the changes and return to the Users page. - Click Cancel to avoid the operation and move back one page. • If your Oracle Secure Backup user needs to initiate backup and restore operations on Windows clients, then you must add Windows Domains information. • To configure RMAN and/or command-line preauthorization, click Preauthorized Access and specify the appropriate attributes. The combination of Hosts, OS username, and Windows domain name must be unique.
Oracle Database 11g: Oracle Secure Backup 3 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Preauthorizing Access
Copyright © 2009, Oracle. All rights reserved.
Assigning Windows Account Information You can associate an Oracle Secure Backup user with multiple Windows domain accounts or use a single account that applies to all Windows domains. This section explains how to configure Windows account information for existing Oracle Secure Backup users who need to initiate backups and restores on Windows clients. To assign Windows account information to an Oracle Secure Backup user, perform the following steps: 1. From the Users page, select the name of the user from the User Name box. 2. Click the Edit button. A page appears with details for the user you selected. 3. Click the Windows Domains button. The Windows Domains page appears. 4. Enter a Windows domain name in the Domain name field. Type an asterisk (*) in this box for all Windows domains. 5. Enter a Windows user account in the Username field. 6. Enter a Windows password in the Password field. 7. Click the Add button to add the Windows account information. The domain appears in the Domain: Username list.
Oracle Database 11g: Oracle Secure Backup 3 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Assigning Windows Account Information
Preauthorization may be specified for: 1. obtool users only 2. RMAN only 3. Both
Copyright © 2009, Oracle. All rights reserved.
Answers: 3
Oracle Database 11g: Oracle Secure Backup 3 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which are required to allow RMAN to successfully backup or restore using Oracle Secure Backup: 1. RMAN must connect via a preauthorized user. 2. The preauthorized OSB user's OSB class must have database backup and restore rights. 3. The preauthorized OSB user's OSB class must have OS file backup and restore rights. 4. The OSB user permissions must match those of Oracle instance.
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2, 4
Oracle Database 11g: Oracle Secure Backup 3 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Access Control > Authentication Encryption
The identity of each host is securely established before accepting communications. X.509 certificate transmitted proving identity
2
Identity verified Ethernet Network
1
3
Messages sent securely
Reply submitted
4
SSL communication established; backup or restore operations may proceed
Copyright © 2009, Oracle. All rights reserved.
Authentication For hosts to securely exchange control messages and backup data within the domain, they must first authenticate themselves to one another. Host connections are always based on twoway authentications with the exception of the initial host invitation to join a domain and communication with NDMP servers. In two-way authentication, the hosts participate in a handshake process whereby they mutually decide on a cipher suite to use, exchange identity certificates, and validate that each other’s certificate has been issued by a trusted Certificate Authority (CA). At the end of this process, a secure and trusted communication channel is established for the exchange of data. The use of identity certificates and SSL prevents outside attackers from impersonating a client in the administrative domain and accessing backup data. For example, an outside attacker would not be able to run an application on a nondomain host that sends messages to domain hosts that claim origin from a host within the domain. Note: Currently, the NDMP protocol does not include a mechanism to accommodate the negotiation of an SSL connection to NDMP filers.
Oracle Database 11g: Oracle Secure Backup 3 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Authentication
Leveraging Oracle Security Technology Intradomain communications are secured by using the Secure Sockets Layer (SSL) protocol. – Backup messages are encrypted as part of SSL communication. – Two-way authentication of clients and servers is performed, with an SSL “handshake” verifying identity.
•
Every client and server has a unique X.509 certificate signed by a trusted Certificate Authority (CA). – The Oracle Secure Backup administrative server is the CA that issues and manages security credentials within the domain.
•
Oracle wallets are encrypted containers storing X.509 certificates on all machines within the domain.
Copyright © 2009, Oracle. All rights reserved.
Leveraging Oracle Security Technology Oracle Secure Backup uses the SSL protocol to establish a secure communication channel between hosts in an administrative domain. Any host in the domain can use a public key to send an encrypted message to another host, but only the host with the corresponding private key can decrypt the message. The default key size for all hosts in the domain is 1,024 bits. If you accept this default, then you do not need to perform any additional configuration. You can set the size of the key to values between 512 (less secure) and 4,096 (very secure). The Advanced Encryption Standard (AES) defines three standard key lengths, which are 128-bit, 192-bit, and 256-bit. The Web server requires a signed X.509 certificate and associated public and private keys to establish an SSL connection with a client browser. The X.509 certificate for the Web server is self-signed by the installation script when you install Oracle Secure Backup on the administrative server.
Oracle Database 11g: Oracle Secure Backup 3 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
For more information about how to modify the secure settings for your installation, refer to the Oracle Secure Backup Administrator’s Guide.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Leveraging Oracle Security Technology (continued) You can modify the default security configuration in the following ways: • Disable SSL for interhost authentication and communication by setting the securecomms security policy. • Transmit identity certificates in manual certificate provisioning mode. • Set the key size for a host to a value greater or less than the default of 1,024 bits. • Disable encryption for backup data in transit by setting the encryptdataintransit security policy.
Oracle Database 11g: Oracle Secure Backup 3 - 18
Administrative server
Media server and client
Wallet
Wallet
Signing certificate Identity certificate
Identity certificate
If destroyed without backups: Create new wallets for each host in the domain.
If destroyed: Reinstall host to create new wallet, which can then be digitally signed by CA.
Copyright © 2009, Oracle. All rights reserved.
Administrative Server Certificate Authority (CA) The Oracle Secure Backup administrative server is automatically configured as the Certificate Authority (CA) upon installation. During the installation of an administrative server, its wallets (encrypted and obfuscated) are created along with a signing certificate and identity certificate. The administrative server has the signing certificate, which it needs to sign the identity certificates for other hosts, and its identity certificate, which it needs to establish authenticated SSL connections with other hosts in the domain. By default, wallets and identity certificates are automatically created during the installation of media servers and clients. However, you can manually provision these certificates by using the obcm utility. For more information about obcm and manual certificate provisioning, see the Oracle Secure Backup Reference. The encrypted wallets should be backed up, whereas the obfuscated wallets should not be backed up. If a host wallet becomes destroyed, the host must be reinstalled and configured. This generates a new host wallet, which again is to be digitally signed by the administrative server. If the administrative server wallet is destroyed, the wallet must be re-created using the --initnewdomain command. However, if a new administrative server wallet is created, then a new wallet for each host in the domain must be created, so that their identity certificates are digitally signed by the new administrative server signing certificate. Oracle Database 11g: Oracle Secure Backup 3 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Certificate Authority (CA)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Administrative Server Certificate Authority (CA) (continued) Because Oracle Secure Backup embedded wallets are used only for intradomain communication, they do not have any direct relationship to the backup data written to tape. Therefore, if wallets are destroyed and re-created, it does not affect the restoration of data from tape.
Oracle Database 11g: Oracle Secure Backup 3 - 20
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
• •
Oracle Secure Backup creates a unique wallet for every host in the administrative domain. (No additional configuration is needed. No sharing with other Oracle products.) The wallets contain X.509 certificates, but no encryption keys (unlike the database wallets). There are two types of wallets: – A password protected, encrypted file to establish security credentials – An obfuscated wallet, used by Oracle Secure Backup daemons
Note: Back up the encrypted wallet regularly, but never the obfuscated one. Copyright © 2009, Oracle. All rights reserved.
Oracle Wallets When you add hosts to the administrative domain, Oracle Secure Backup creates the wallet, keys, and certificates for each host. No additional intervention or configuration is required. All required wallet functionality is embedded in Oracle Secure Backup, thereby eliminating the need for other wallet utilities. Every host in the domain, including the administrative server, has a private key known only to that host that is stored with the host’s identity certificate. This private key corresponds to a public key that is made available to other hosts in the administrative domain. Any host in the domain can use a public key to send an encrypted message to another host, but only the host with the corresponding private key can decrypt the message. Oracle wallets are encrypted containers designed to store X.509 certificates. Unlike the database encryption key wallet, the Oracle Secure Backup wallet does not store encryption keys for data. Oracle Secure Backup does not share its wallets with other Oracle products. Besides maintaining its password-protected wallet, each host in the domain maintains an obfuscated wallet. This version of the wallet does not require a password. The obfuscated wallet, which is scrambled but not encrypted, enables the Oracle Secure Backup software to run without requiring a password during system startup. Oracle Database 11g: Oracle Secure Backup 3 - 21
Oracle University and (Oracle Corporation) use only.
Oracle Wallets for OSB Intradomain Communication
To reduce the risk of unauthorized access to obfuscated wallets, Oracle Secure Backup does not back them up. The obfuscated version of a wallet is named cwallet.sso. By default, the wallet is located in /usr/etc/ob/wallet on Linux and UNIX and C:\Program Files\Oracle\Backup\db\wallet on Windows. Best practice tip: Back up the encrypted wallet.
Oracle Database 11g: Oracle Secure Backup 3 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Wallets (continued) The password for the password-protected wallet is generated by Oracle Secure Backup and not made available to the user. The password-protected wallet is not normally used after the security credentials for the host have been established because the Oracle Secure Backup daemons use the obfuscated wallet.
.
Access Control Authentication > Encryption
OSB backup encryption: • Available for RMAN and file-system data • Data encryption on the client host (prior to any transport or local writes, but not for NAS) • According to your encryption policy: – – – –
Encryption level Encryption algorithm Key types Rekey frequency
Note: Consider costs and benefits of encryption, such as performance, accessibility and administrative overhead.
Copyright © 2009, Oracle. All rights reserved.
Encrypted Backups to Tape Oracle Secure Backup encryption is available for both RMAN backup data (Oracle 9i and higher) and for file-system data. Oracle Secure Backup encrypts data on the client host. (Because there is no client software installation on NAS, NAS data cannot be encrypted by OSB.) While encryption occurs outside the database, the data is encrypted prior to transport over the network or prior to being written to a locally attached tape device. Backup clients do not have direct access to the tape drives, Data is sent to the media server, which applies your encryption policies. To implement your encryption policy, you can choose among multiple levels, considering the costs and benefits of encryption, such as performance, accessibility and administrative overhead. Details of your OSB encryption choices are covered in the following pages.
Oracle Database 11g: Oracle Secure Backup 3 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Encrypted Backups to Tape
Embedded SSL for keys RMAN backup data
Key store for each host
Administrative server OSB encryption
Tape libraries and drives
Encrypted data
File-system data
Media server
Client host
Encrypted data on tape
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Encryption OSB encryption keys are managed by Oracle Secure Backup. They are stored in host-specific encrypted key stores on the administrative server. For security purposes, encryption keys are not stored on client machines, but instead are transmitted via SSL for encryption and decryption. During backup or restore operations, they are held in memory at the client host, but never saved on disk. The backup data is encrypted on the client host before any transport. OSB backup encryption protects data on tape (while onsite, offsite or lost).
Oracle Database 11g: Oracle Secure Backup 3 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Encryption
Encryption level Default: AES192 Key renewal: - Automatic for transparent keys - Email, log file and display output notification for passphrase renewal Certificate keys define level of security for host authentication and are NOT related to backup encryption.
Copyright © 2009, Oracle. All rights reserved.
Configuring Host Encryption Policies You can specify encryption: • At the global or host level for all backup data (additionally at backup or volume level for file-system data). - required: All data coming from this backup domain or this client must be encrypted. - allowed: The decision to encrypt is deferred to the next lower priority item. • Supported algorithms: AES128, AES192 (default), and AES256 • A client rekeyfrequency policy defines when a new key is generated. For example, the policy might require that a new set of keys be generated every 30 days. Transparent keys are automatically rekeyed. For keys that depend on a passphrase, you receive an email notification. Additionally, Oracle Secure Backup writes a message to the log files and the display output. • Key types: transparent (randomly generated keys) or passphrase (keys generated based on your passphrase.)
Oracle Database 11g: Oracle Secure Backup 3 - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Host Encryption Policies
•
First generated during client installation (mkhost phase)
• •
Valid until automatic or manual renewal Key types: – transparent: Randomly generated keys, default and recommended – Passphrase: Keys generated based on your passphrase (hash of passphrase is stored, but not the passphrase itself)
•
Stored in encrypted key stores on the administrative server: – Active encryption keys – All old encryption keys
Copyright © 2009, Oracle. All rights reserved.
Using OSB Encryption Keys Each newly created client gets an automatically generated key during the mkhost phase. It remains valid for encryption until: • A key renewal event occurs. • You manually renew an automatically generated key. • You change the key to a passphrase by providing a new passphrase. The passphrase itself is never stored anywhere. The hash of the passphrase and the key generated from the passphrase are stored in the encrypted key store. Oracle Secure Backup does not enforce a minimum length for a passphrase. After the new key is created, it is added to the wallet-protected key store and marked as the active encryption key. Old encryption keys are left in the key store and used for automatic and seamless decryption of data. If clients are removed from the backup domain, then their key stores are still retained on the administrative server. This ensures that you can always restore data.
Oracle Database 11g: Oracle Secure Backup 3 - 26
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Using OSB Encryption Keys
• • • •
One-time use in addition to the regular schedule Moving data to other OSB domains Encrypting data at the volume set level for a given job Transient Key for this volume set: – Based on a passphrase – Not stored by default in key store
Site B
Site A
Copyright © 2009, Oracle. All rights reserved.
Transient Backup Encryption Scenario: You work in a data center for many customers. From your production environment (A) your customer requests a one-time backup of his three client hosts to create the same environment (B) as his independent test environment. Each of the client backup files is encrypted with its own specific key. You do not want to disclose the keys, because they are used for the regularly scheduled backups. Oracle Secure Backup enables cross-site backup encryption without this security threat by encrypting data at the volume set level for a given backup job. The key for this volume set encryption is based on a passphrase. The data is encrypted with this passphrase-generated key for all clients that are part of this specific backup job. You, as backup administrator of Site A, give the passphrase and encryption algorithm to Site B for the restore operation, so that the data can be decrypted. In all other cases, the OSB encryption keys are automatically added to the appropriate walletprotected key store. A transient key, however, is a one-time key used mainly for moving data to a remote location. By default, transient encryption keys are not stored in the key stores, but Oracle Secure Backup provides you the --storekey/-s option of the backup obtool command to store the key.
Oracle Database 11g: Oracle Secure Backup 3 - 27
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Transient Backup Encryption
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Transient Backup Encryption (continued) Before restoring data in another OSB domain, the tapes must first be imported to update the OSB catalog. Your customer enters the passphrase during the restore operation to decrypt the backup. In another scenario, if backup and restore operations occur in the same domain (for example, you must duplicate a test environment for another team), then you do not need to provide the passphrase, because Oracle Secure Backup knows it already.
Oracle Database 11g: Oracle Secure Backup 3 - 28
Comparing OSB and RMAN Encryption
OSB Encryption
RMAN Encryption
For RMAN backup For file-system data
Only for RMAN backup data
Global or host level
Database or tablespace level
Global, host, backup or volume level
Data encryption on the client host
Data encryption within the database: no further encryption
OSB encryption keys: - Managed by OSB - Stored in host-specific encrypted key stores on administrative server
RMAN encryption keys: - Managed by database - Stored in database wallet
Encryption algorithms: AES128, AES192 (default), and AES256
Encryption algorithms up to 256-bit AES
Seamless decryption within domain
User-entered password for decryption
Copyright © 2009, Oracle. All rights reserved.
Comparing OSB and RMAN Encryption Oracle Database backup encryption can be performed in one of two ways: • OSB encryption: - For both: RMAN backup data (Oracle 9i and higher) and for file-system data - Oracle Secure Backup encrypts data on the client host. (Because there is no client software installation on NAS, NAS data cannot be encrypted by OSB.) While encryption occurs outside the database, the data is encrypted prior to transport over the network or prior to being written to a locally attached tape device. For decryption within the same domain, you do not have to provide a passphrase. - Embedded SSL technology provides secure transport of backup data and messages between two-way authenticated servers. • RMAN encryption (available with “Advanced Security Option”): - RMAN can encrypt backups of an Oracle database on the database or tablespace level. RMAN encrypts the backup data within the database. This is generally faster than the OSB encryption. The RMAN encryption keys are stored in database wallets and are managed by the database. You must provide passwords for decryption. - RMAN encrypted backups require the Advanced Security Option. For more on RMAN encryption, see the course titled Oracle Database 11g: Security. • When OSB encounters RMAN encrypted backups, it does not perform any additional encryption. Oracle Database 11g: Oracle Secure Backup 3 - 29
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Via “Advanced Security Option”
OSB host encryption keys are stored: 1. On each host 2. In an Oracle wallet 3. All in one encrypted key store on the administrative server 4. Each in their specific host key store on the administrative server
Copyright © 2009, Oracle. All rights reserved.
Answers: 4
Oracle Database 11g: Oracle Secure Backup 3 - 30
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which statements are true about transient backups? 1. The passphrase for a transient backup is briefly stored in clear text. 2. Only the hash value and the key, based on the passphrase, are stored. 3. Transient backups can only be restored in the same OSB domain. 4. Transient backups can use just one encryption key for a backup job, even if diverse hosts are part of the volume set.
Copyright © 2009, Oracle. All rights reserved.
Answers: 2, 4
Oracle Database 11g: Oracle Secure Backup 3 - 31
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Your host encryption policy is set to passphrase-generated keys. Within the same OSB domain, encrypted backups are automatically decrypted and restored without requiring that you enter any password. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 3 - 32
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which is the most secure OSB encryption setting? 1. Key type: passphrase and algorithm: AES256 2. Key type: passphrase and algorithm: AES128 3. Key type: transparent and algorithm: AES256 4. Key type: transparent and algorithm: AES192 (default) 5. Key type: transparent and algorithm: AES128
Copyright © 2009, Oracle. All rights reserved.
Answers: 3
Oracle Database 11g: Oracle Secure Backup 3 - 33
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Manage user access control for Oracle Secure Backup • Add an Oracle Secure Backup user with preauthorized access • Describe host authentication • Determine backup security characteristics • Describe Oracle Secure Backup encryption • Configure host encryption policies
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 3 - 34
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Defining a new Oracle Secure Backup user • Configuring preauthorization for this user • Defining a host encryption policy Note: Completing all practice steps is a prerequisite for all the following practices.
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 3 - 35
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3 Overview: Configuring OSB Security
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Configuring RMAN for Oracle Secure Backup
After completing this lesson, you should be able to: • Describe integrated disk and tape backup • Register the Administrative Server in EM • Check RMAN backup and recovery settings • Create database backup storage selectors • Use time- and content-managed expiration policies
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 4 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Oracle Database Disk and Tape Backup Solution
RMAN
Flash Recovery Area
RMAN
Backup directly --- OR --- Backup from to tape disk to tape
Oracle Secure Backup Media Management Layer
• Flash Recovery Area space managed by RMAN • Automatic restores from disk or tape without user-specified destination • Optimized backup to tape
Enterprise Manager
Copyright © 2009, Oracle. All rights reserved.
Oracle Database Disk and Tape Backup Solution Oracle Database 10g (and later) has a Flash Recovery Area, which is a unified disk storage location for all database recovery-related files. RMAN manages the disk space in the Flash Recovery Area. With the Flash Recovery Area and Oracle Secure Backup, you can easily deploy a comprehensive disk and tape backup and recovery strategy for your Oracle databases. By putting RMAN in control of your backup and restore operations, you simplify your availability-related processes. You have the most effective restore process because RMAN automatically restores from the best backup source (which can be disk or tape). If the most recent backup is not available, RMAN continues with a previous backup. This failover can be from disk to tape. It does not require any user intervention.
Oracle Database 11g: Oracle Secure Backup 4 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Databases
•
One simple RMAN command: BACKUP RECOVERY AREA
•
Advantages of using the Flash Recovery Area to tape: – Performing optimized backups to tape – First restoring from Flash Recovery Area for maximum performance, then using tape (if needed) – Reducing I/O on databases (separate disk group)
Copyright © 2009, Oracle. All rights reserved.
Backing Up the Flash Recovery Area to Tape To back up the Flash Recovery Area to tape with Oracle Secure Backup, you issue one RMAN command: BACKUP RECOVERY AREA. Using this disk-to-tape backup method (instead of performing a separate backup of the production database to tape) provides a few distinct advantages: • Saves tape resources with optimized backups of the Flash Recovery Area. It eliminates unnecessary backup of files, which are already on tape. • Enables RMAN to utilize better restore intelligence, first from disk, then from tape, as needed. Otherwise, RMAN use the most recent backup regardless of the storage media. • Reduces I/O (important for production databases) because the Flash Recovery Area uses a separate disk group.
Oracle Database 11g: Oracle Secure Backup 4 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Backing Up the Flash Recovery Area to Tape
• • •
Achieving retention policy with both disk and tape backups Defining an RMAN RECOVERY WINDOW retention policy Using the RMAN DELETE OBSOLETE command: – Deleting obsolete files on disk – Notifying Oracle Secure Backup of backup pieces that are no longer needed
•
Defining content-managed media families for RMAN and Oracle Secure Backup (recommendation) File2
RMAN recovery window
File1
Now
Seven-day retention
Copyright © 2009, Oracle. All rights reserved.
Defining Retention for RMAN Backups By defining retention periods within RMAN, a combination of disk and tape backups is used to meet your recovery requirements. When using the Flash Recovery Area and Oracle Secure Backup, the recommended RMAN retention policy is the user-defined RECOVERY WINDOW option. This means, that you define a period of time within which point-in-time recovery must be possible. When defining this recovery window, also consider the following: • Base retention on recovery needs • Size the Flash Recovery Area based on desired disk recovery capability • Schedule disk and tape backups through RMAN or EM If your recovery plan allows for restoration from disk for a certain number of hours each day, the Flash Recovery Area should be of sufficient size to hold the recovery-related files for this time period. The amount of time backups remain within the Flash Recovery Area is determined by the amount of available disk space, not by a specific time setting.
Oracle Database 11g: Oracle Secure Backup 4 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Retention for RMAN Backups
EM
5 RMAN
4
1 2
Administrative server
3 OSB client: Database server
Data being backed up
Media server
Copyright © 2009, Oracle. All rights reserved.
RMAN and Oracle Secure Backup Basic Process Flow 1. RMAN initiates backup and passes the database backup storage selector to OSB. If RMAN is started from the Enterprise Manager (EM) interface, then you must configure the administrative server in EM (a one-time task). 2. Oracle Secure Backup creates the backup job. Typically, the OS namespace associated with the Oracle Secure Backup user of the current session is used. 3. Oracle Secure Backup executes the job (transfers data from client to media). 4. Oracle Secure Backup updates its own catalog. 5. RMAN updates its repository.
Oracle Database 11g: Oracle Secure Backup 4 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RMAN and Oracle Secure Backup Basic Process Flow
• The Oracle Secure Backup Device and Media link invokes the OSB Administrative Server page in EM. • The File System Backup and Restore link invokes the Oracle Secure Backup Web tool.
Copyright © 2009, Oracle. All rights reserved.
Integration with Enterprise Manager Oracle Secure Backup has been integrated with Enterprise Manager (Database Control and Grid Control). It can be accessed through the Availability page. By using the EM interface, you can manage the Oracle Secure Backup administrative domain and perform tasks such as adding or deleting media servers or tape devices, and scheduling RMAN backups for the database. The OSB Web tool is the best interface to use file-system backups, adding and deleting clients, managing defaults and polices, and managing Oracle Secure Backup users.
Oracle Database 11g: Oracle Secure Backup 4 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Integration with Enterprise Manager
Copyright © 2009, Oracle. All rights reserved.
Configuring the Administrative Server in EM Before you can use Enterprise Manager to manage your administrative domain, you must first configure the administrative server information within EM. Connect to the Database Control on the administrative server. From the Availability page, click the “Oracle Secure Backup Device and Media” link in the Oracle Secure Backup section. This takes you to the Add Administrative Server page if this is the first time you are trying to access Oracle Secure Backup from Database Control on that host. On the Add Administrative Server page, specify the Oracle Secure Backup home directory, which is the directory specified during the software installation. (The recommended Oracle Secure Backup Home is /usr/local/oracle/backup, as shown in the screenshot.) EM assumes that the local host is the Oracle Secure Backup administrative server and enters the local host name for the administrative server name. You also need to enter the Oracle Secure Backup administrative Username (for example, admin) and Password. On the following page, you specify the OS user as Host Credentials.
Oracle Database 11g: Oracle Secure Backup 4 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring the Administrative Server in EM
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Administrative Server Page The Administrative Server home page provides an overview of your administrative domain. From this management page, you can perform management tasks for the administration domain by clicking the appropriate links: • Administrative server (the Edit Settings link in the General section) • Media servers • Media families • Volumes (the Details link) • Devices (the Manage link) • For file-system backups, a link to invoke the Oracle Secure Backup Web tool is conveniently located at the bottom of the page. It is marked by a red box. Note: Use the Manage Devices link to test the accessibility of your libraries.
Oracle Database 11g: Oracle Secure Backup 4 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Administrative Server Page
1. Configure
2. Perform Backup and Restore
Oracle Secure Backup Database backup storage selector
Oracle server session SBT library
RMAN
SBT channel EM
Oracle Secure Backup
Preauthorized RMAN user
Copyright © 2009, Oracle. All rights reserved.
RMAN Database Backup to Tape The RMAN database backup to tape consists of two steps: 1. Configure preauthorization and a database storage selector in Oracle Secure Backup. 2. Use RMAN to perform your backup and restore operation. When you install Oracle Secure Backup, the installer automatically performs the following tasks: • Copies the SBT library to the /lib subdirectory of the OSB_Home directory • Creates a symbolic link to the library in the /lib or /usr/lib directory So, by default, you are automatically using Oracle Secure Backup each time you allocate an SBT_TAPE channel with RMAN. On a host that has Oracle Secure Backup installed, RMAN searches for and loads the SBT library, as soon as an SBT channel is allocated. RMAN looks in a platform-specific default location for the SBT library. On UNIX or Linux, the default library file name is libobk.so, with the extension varying according to platform: .so, .sl, .a, and so on. On Windows, the default library location is %ORACLE_HOME%\bin\orasbt.dll. When you access Oracle Secure Backup from RMAN, all you do is allocate a channel of type SBT_TAPE, and then run RMAN commands to back up or restore your database.
Oracle Database 11g: Oracle Secure Backup 4 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RMAN Database Backup to Tape
Copyright © 2009, Oracle. All rights reserved.
Recovery Settings In Enterprise Manager, navigate to Availability > Recovery Settings and ensure that the database is in ARCHIVELOG mode and that your Flash Recovery Area (FRA) is big enough. Oracle Corporation recommends the use of this area for all disk backups, but other configurations are possible.
Oracle Database 11g: Oracle Secure Backup 4 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Recovery Settings
Copyright © 2009, Oracle. All rights reserved.
Backup Settings In Enterprise Manager, you must configure “Tape Drives” (in this screenshot set to 1) and you must configure a database backup storage selector. Optional, but recommended: You should test your tape drive.
Oracle Database 11g: Oracle Secure Backup 4 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Backup Settings
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
• • •
RMAN passes database name, content type and copy number to OSB. OSB determines corresponding selector. Selector specifies devices and media family (and any restrictions). Database name Database ID
Wait time
Copy number
Database backup storage selector
Restricted devices
Host Media family
Content: archivelog,
full, incremental, autobackup
Copyright © 2009, Oracle. All rights reserved.
Database Backup Storage Selector Database backup storage selectors are for backups of Oracle databases. Oracle Secure Backup uses information contained in storage selectors to interact with RMAN when performing backup operations. Oracle Secure Backup maintains storage selectors as an object type on the administrative server. When RMAN performs an Oracle database backup to devices and media managed by Oracle Secure Backup, RMAN passes the database name, content type, and copy number to Oracle Secure Backup. With this information Oracle Secure Backup determines the corresponding database backup storage selector. This selector informs Oracle Secure Backup to which devices, if any, to restrict this backup, and which media family (if any) to use. Database backup storage selectors enable you to specify which resources should be used by SBT backups. A database backup storage selector object contains the following information: • The database name or ID. An asterisk character (*) indicates that the storage selector applies to all databases. • The name of the hosts to which this selector applies. An asterisk character (*) indicates that the storage selector applies to databases residing on all available hosts.
Oracle Database 11g: Oracle Secure Backup 4 - 13
Oracle University and (Oracle Corporation) use only.
Database Backup Storage Selector
duration::= forever | disabled | number {[seconds] | [minutes] | [hours] | [days] | [weeks] | [months] | [years]}
If the resources do not become available during the specified wait time, RMAN fails the job. Note: For more information about creating and managing database backup storage selectors, refer to the obtool topic, “Database Backup Storage Selector Commands,” in the Oracle Secure Backup Reference.
Oracle Database 11g: Oracle Secure Backup 4 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Database Backup Storage Selector (continued) • The name of the media family to use for backups under the control of this storage selector object • The backup content to which this selector applies. The content may be one or more of the following: - archivelog: Backs up or restores database archived redo logs - full: Backs up or restores the database files, regardless of when they were last backed up. This option is the same as a level 0 backup. - incremental: Backs up or restores only data that has been modified since the last backup, regardless of the backup level - autobackup: Backs up or restores control files - * : Represents all content types • The names of devices to which backups controlled by this storage selector are restricted. You specify the restriction in one of the following forms: - devicename: Uses the specified device - @hostname: Uses any device of the specified host - devicename@hostname: Uses the specified device attached to the specified host When more than one device restriction is specified in a list, Oracle Secure Backup selects only one of them from the list. • The RMAN copy number to which this selector applies. This is configured for use with the RMAN commands BACKUP … COPIES or CONFIGURE BACKUP COPIES to duplex backup sets to protect against disaster, media damage, or human error. The copy number must be an integer in the range of 1 through 4. The default value is an asterisk (*), which indicates that the storage selector applies to any copy number. • How long to wait for the availability of resources required by backups under the control of this storage selector. The resource wait time is specified as a duration, which has the following format:
Copyright © 2009, Oracle. All rights reserved.
Defining Database Storage Selectors Storage selectors are created, named, and modified by a user belonging to a class with the Modify administrative domain's configuration right. To create a database backup storage selector, perform the following steps: 1. In EM Database Control, click the Availability tab. 2. On the Availability page, click the Configure Backup Settings link. 3. On the Configure Backup Settings page, click Configure in the Oracle Secure Backup section. This takes you to the Backup Storage Selectors page. From there, you can manage your backup storage selectors. Then, click Return. You can also use the following example command to create a database storage selector: mkssel -c * -d * -i * -h EDRSR14P1 -r vdte1 ssel1
This example creates a database backup storage selector that is valid for any Oracle database located on the EDRSR14P1 host. The storage selector object is called ssel1, and it restricts backups to the vdte1 tape drive. The lsssel command enables you to list the defined database backup storage selectors in your administrative domain.
Oracle Database 11g: Oracle Secure Backup 4 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Database Storage Selectors
Copyright © 2009, Oracle. All rights reserved.
Media Families and RMAN OSB provides two default media families: • The time-managed OSB-CATALOG-MF for OSB catalog backups • The content-managed RMAN-DEFAULT for RMAN backups. Thus, creating media families for use in RMAN backups is optional. You may find it useful to create different media families for the different types of backup sets that you create with RMAN and for backups that have different retention and storage requirements. For example, you may want to create a media family on-site backups and a separate media family for off-site backups. You can create media families in Enterprise Manager. On the Administrative Server page, you can click the link corresponding to the Media Families number. This takes you to the Media Families page, where you can create new media families and manage the existing media families used by Oracle Secure Backup. Alternatively, you can use the Oracle Secure Backup Web tool to create these media families or use the mkmf command in obtool. Note: For more information about how to manage media families within Oracle Secure Backup, refer to the Oracle Secure Backup Administrator’s Guide.
Oracle Database 11g: Oracle Secure Backup 4 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Media Families and RMAN
OSB
Recycling time-managed volumes Write window Retention duration Updates allowed
Volume set creation
Ready for reuse: The day after volume expiration
Updates forbidden
Volume set closed Library Media family Volume set
File-system file
Backup image
OS
OSB
Volume
Volume
Volume
Backup image section
Backup image section
Backup image section
Copyright © 2009, Oracle. All rights reserved.
Media Management Expiration Policies for Automated Tape Recycling Oracle Secure Backup automates tape recycling, reusing tapes after the backups or volumes have expired, depending on their user-defined recycling method. Time-managed expiration policies: The expiration time is associated at the volume level for time-managed media families. When the volume expiration date is reached, the volume becomes eligible to be overwritten. Each volume in a volume set will have an expiration date, which is determined as follows: • The user-defined Write window determines how long the tape may be appended to after the first tape write event (optional). • The user-defined retention time determines how long the volume must be retained after the Write window has closed or after the first tape write event, if a write-window is not defined. If a write-window is not defined, the volume will be appended to, until it is full. • The expiration time is the Write-window time plus the retention time. In short, time-managed volumes for file-system backups have a user-defined expiration period associated with the volume, not content of volume. (This policy is not for RMAN.)
Oracle Database 11g: Oracle Secure Backup 4 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Media Management Expiration Policies for Automated Tape Recycling
Media Management Expiration Policies for Automated Tape Recycling Recycling content-managed volumes
Marked DELETED by RMAN Expired Backup piece
Expired Backup piece
Or
Marked DELETED by Oracle Secure Backup
Expired Backup piece
Expired Backup piece
Ready for reuse: “deleted” attribute for all backup pieces
Volume set
RMAN control of content expiration: • RMAN DELETE OBSOLETE command notifies OSB about obsolete backup pieces. • OSB updates expiration status in the Oracle Secure Backup catalog (no deletion from tape). • After all backup pieces on a specific tape have a “deleted” attribute, OSB considers the tape eligible for reuse. • OSB overwrites the tape, when a tape is needed. Copyright © 2009, Oracle. All rights reserved.
Media Management Expiration Policies for Automated Tape Recycling Content-managed expiration policies: The expiration time is associated with the content on the tape, not with the actual volume. • With content-managed volumes, the retention period is configured within RMAN by using the recovery window or redundancy setting. Oracle Secure Backup does not associate a specific date with the backup piece, but updates the piece attribute from “content manages use” to “deleted” status as instructed by RMAN. • By issuing the RMAN DELETE OBSOLETE command, RMAN deletes any disk backups no longer needed to meet the user-configured retention policies and notifies the media management software (Oracle Secure Backup) about which pieces can be deleted. The expiration status is updated in the Oracle Secure Backup catalog, but the actual pieces are not deleted from tape. Instead, the backup pieces receive the “deleted” attribute. • After all backup pieces on a specific tape have a “deleted” attribute, Oracle Secure Backup considers the tape eligible for reuse, and overwrites the tape when a tape is needed.
Oracle Database 11g: Oracle Secure Backup 4 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RMAN
RMAN and Oracle Secure Backup
Data file 1
BACKUP AS COPY
RMAN
OSB
Image copy
Backup image
BACKUP AS BACKUPSET
Data file 2
Backup piece
(filesperset 3)
Media family Volume set Volume
Volume
Volume
Backup image section
Backup image section
Backup image section
Volume
Volume
Volume
Backup image section
Backup image section
Backup image section
Backup image
Data file 3 Backup piece Backup image
Data file 4
Backup set File-system file
Library
Backup image
Media family ...
Copyright © 2009, Oracle. All rights reserved.
RMAN and Oracle Secure Backup This slide shows the RMAN backup pieces and their relationship to volumes. As previously seen: On the left side it shows data files on the OS level, how they relate to RMAN image copies and backup pieces, and how these relate to OSB backup images. Filesystem files, which of course do not have and RMAN equivalent, relate directly to OSB backup images. The right side depicts that OSB backup images are stored as backup image section on a volume, within a volume set, which belongs to a media family in a tape library.
Oracle Database 11g: Oracle Secure Backup 4 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
OS
RMAN repository
OSB catalog
RMAN EM
• • •
Administrative server
RMAN repository and OSB catalog must remain synchronized. RMAN CROSSCHECK command marks removed pieces as expired. RMAN DELETE EXPIRED command removes pieces from RMAN repository.
Copyright © 2009, Oracle. All rights reserved.
Media Management Expiration Troubleshooting Technique It is not recommended, but you can remove backup pieces (an RMAN backup piece corresponds to an Oracle Secure Backup backup image) with the Oracle Secure Backup Web tool or the rmpiece command in the obtool utility. These commands remove the backup piece from the Oracle Secure Backup catalog. If you remove a backup piece outside of RMAN, you must use the RMAN CROSSCHECK command to update the RMAN repository and have the removed backup pieces marked as EXPIRED. Then you use the RMAN DELETE EXPIRED command to remove these backup pieces from the RMAN repository.
Oracle Database 11g: Oracle Secure Backup 4 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Media Management Expiration Troubleshooting Technique
Which are the parameters that RMAN passes via a database storage selector to OSB? 1. Database name or ID 2. Copy number 3. Host unique name 4. Content type
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2, 4
Oracle Database 11g: Oracle Secure Backup 4 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which types of content may be associated with a storage selector? 1. Archivelog 2. Tablespace 3. Datafile 4. Autobackup 5. Incremental
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 4, 5
Oracle Database 11g: Oracle Secure Backup 4 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 4 - 23
Oracle University and (Oracle Corporation) use only.
Quiz
Creating a media family for RMAN is mandatory: 1. True 2. False
The recommended retention policy for RMAN backups with OSB is: 1. Recovery window 2. Redundancy 3. OSB management of retention
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 4 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Describe integrated disk and tape backup • Register the administrative Server in EM, a one-time task • Check RMAN backup and recovery settings • Create database backup storage selectors to pass information between OSB and RMAN • Use time-managed expiration policies for file-system data backups with OSB • Use content-managed expiration policies for database backups with RMAN
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 4 - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Registering the administrative server in EM • Verifying connectivity to the libraries • Creating a database backup storage selector for your database • Testing your tape backup • Verifying RMAN recovery settings Note: Completing this practice is a prerequisite for the following practices.
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 4 - 26
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4 Overview: Configuring RMAN for OSB
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Performing RMAN Backups and Restores
After completing this lesson, you should be able to: • Perform an OSB-encrypted RMAN backup to tape • Restore a data file from a tape backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 5 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Configuration > Backup Restore
Copyright © 2009, Oracle. All rights reserved.
Scheduling Backups with EM With the EM Database Control Console, you can schedule backups to disk, tape, or both: 1. To schedule a backup, click the Schedule Backup link on the Availability page. 2. On the Schedule Backup page, you can choose either the Oracle-suggested backup strategy, or configure a customized backup. In the screenshot shown in the slide, the Oracle-suggested strategy is chosen by clicking the Schedule Oracle-Suggested Backup button. Regardless of whether you accept the suggested backup method or devise your own, you can select the type of storage media to use for your backups. The Oracle-suggested backup strategy makes a one-time, whole-database backup, which is performed online. This is a baseline incremental level 0 backup. The automated backup strategy then schedules incremental level 1 backups for each following day. By selecting Schedule Customized Backup, you gain access to a wider range of configuration options. Select the objects that you want to back up—the whole database (the default) or individual tablespaces, data files, archived logs, or any Oracle backups currently residing on the disk (to move them to the tape).
Oracle Database 11g: Oracle Secure Backup 5 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Scheduling Backups with EM
Copyright © 2009, Oracle. All rights reserved.
Oracle-Suggested Backup On the Schedule Oracle-Suggested Backup: Destination page, select Disk, Tape, or Both Disk and Tape. Your selection here (and other recovery settings, such as ARCHIVELOG enabled or not), determines the options available to you on other pages of the Schedule Backup Wizard.
Oracle Database 11g: Oracle Secure Backup 5 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle-Suggested Backup
Copyright © 2009, Oracle. All rights reserved.
Oracle-Suggested Backup (continued) On the Schedule Oracle-Suggested Backup: Setup page, specify your disk and tape settings. (If you have not yet configured a tape device, you receive an error.) At the bottom of the page, you can specify RMAN encryption. If you use RMAN encryption, it overrides Oracle Secure Backup encryption (and none of your OSB encryption settings will be used).
Oracle Database 11g: Oracle Secure Backup 5 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle-Suggested Backup
Copyright © 2009, Oracle. All rights reserved.
Oracle-Suggested Backup (continued) On the Schedule Oracle-Suggested Backup: Schedule page, specify the backup start time. On the Schedule Oracle-Suggested Backup: Review page, review parameters and the RMAN script and click Submit Job.
Oracle Database 11g: Oracle Secure Backup 5 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle-Suggested Backup
RMAN and OSB Process Flow
5 RMAN
4
1 2
Administrative server
3 OSB client: Database server
Data being backed up
Media server
Copyright © 2009, Oracle. All rights reserved.
RMAN and OSB Process Flow This graphic depicts the sequence of events in the RMAN and OSB process: 1. RMAN initiates backup. If RMAN is started from the Enterprise Manager (EM) interface, then you must configure the administrative server in EM (a one-time task). 2. Oracle Secure Backup creates the backup job. 3. Oracle Secure Backup executes the job (transfers data from client to media). 4. Oracle Secure Backup updates its own catalog. 5. RMAN updates its repository. Each backup and restore operation creates output both in RMAN and OSB.
Oracle Database 11g: Oracle Secure Backup 5 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
EM
Log Backup Restore
Job ID Type Transcript
Job summaries Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Jobs Each backup and restore operation creates a corresponding job. Each job has a unique ID, log, and transcript (as shown in the graphic). • Job logs describe high-level events, such as: - Job creation - Job dispatch - Completion times • Job transcripts describe the job details, such as: - Created at the time of dispatch - Updated as the job progresses - Input requests, such as “operator assistance required” There are two different job types: • Data set jobs for file-system backup or restore operations • Oracle backup jobs for database backup or restore operations A job summary is a text file report produced by Oracle Secure Backup that describes the status of selected file-system backup and restore jobs. Job summaries may be generated on a regular, repeating basis and sent via email to users.
Oracle Database 11g: Oracle Secure Backup 5 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Jobs
Copyright © 2009, Oracle. All rights reserved.
RMAN and Oracle Secure Backup Job Execution To verify that your RMAN and Oracle Secure Backup job executed successfully, review: • Output Log (you can see how RMAN first uses the disk, then the tape) • EM Backup Reports (accessible from the EM Availability page) If an error occurs during an SBT session, then Oracle Secure Backup attempts to send the error description to the administrative server to be saved in the job transcript. The database writes SBT errors to the sbtio.log trace file. Typically, sbtio.log is located in the rdbms/log subdirectory of the Oracle home, but you can specify an alternative location.
Oracle Database 11g: Oracle Secure Backup 5 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RMAN and Oracle Secure Backup Job Execution
Copyright © 2009, Oracle. All rights reserved.
Managing Tape Backups Use the Manage Current Backups page to search for and display a list of backup sets or backup copies. You can then perform management operations on selected copies, sets, or files. You can access this page from the Availability page. The Manage Current Backups page displays both disk and tape backups, as shown in the slide. Use the Search section to find backup sets or copies. For example, use the Status “Available” and the Contents options (Datafile, Archived Redo Log, SPFILE, and Control File) and Completion Time “Within a month” to filter the results list. You can use Catalog Additional Files to catalog backup pieces on disk or to add metadata to the RMAN repository when adding a new database to an RMAN recovery catalog. You can ensure that data about backups in the recovery catalog or control file is synchronized with the corresponding data on disk or in the media management catalog by performing the Crosscheck All function and scheduling the operation as a job.
Oracle Database 11g: Oracle Secure Backup 5 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Database Tape Backups
Oracle Database 11g: Oracle Secure Backup 5 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Tape Backups (continued) You can use the Delete All Obsolete function to remove backups that are obsolete or eligible for deletion. You can use the function to create a job that removes the physical files, deletes the recovery catalog records (if you use a catalog), and updates the records in the target control file to the DELETED status. If the backup is stored on tape and managed by Oracle Secure Backup, the Oracle Secure Backup catalog is also updated to indicate that the backup pieces are deleted. You can create a job using the Delete All Expired function to remove expired records. First, use the Crosscheck All function to determine whether backups recorded in the repository still exist on disk or tape. If Enterprise Manager cannot locate the backups, then it updates their records to the EXPIRED status. After that, you can use the Delete All Expired function to remove the records.
Configuration Backup > Restore
Copyright © 2009, Oracle. All rights reserved.
Performing Database Recovery In Enterprise Manager, you can access the Perform Recovery page from the Availability page. The Perform Recovery page enables you to perform various kinds of database recovery. You can recover the whole database, a particular data file, or a tablespace. RMAN automatically retrieves from backup all the files that are needed for the specified recovery operation, regardless of whether the files were backed up to disk or tape. If RMAN requests files from a previous backup that is stored on tape, Oracle Secure Backup automatically determines which tape to use. If those tapes are not immediately available (offsite), RMAN will wait for the resources as long as you specify. You can specify RMAN resource wait times in the following locations, each of which overrides the preceding specifications in the list: 1. The rmanresourcewaittime policy 2. The RMAN channel configuration parameter OB_RESOURCE_WAIT_TIME
Oracle Database 11g: Oracle Secure Backup 5 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Performing Database Recovery
Copyright © 2009, Oracle. All rights reserved.
RMAN Automatic Failover to Previous Backup When you recover your database after a data loss, RMAN automatically selects the most appropriate backup to restore. RMAN automatically switches to a previous backup if the most recent backup is not available. This operation is totally transparent and is automatically done by RMAN. Failover from disk backups to tape backups is useful when you are using a Flash Recovery Area with your Oracle database. The screenshot in the slide illustrates this situation, where the data file backup was inadvertently deleted from the Flash Recovery Area. As you can see, RMAN restored the data file using the next most recent backup, which was stored on tape by Oracle Secure Backup. If you use tape backups exclusively in your environment and a backup or tape is not available, then RMAN and Oracle Secure Backup can fail over to the next most recent backup on tape. Note: RMAN and Oracle Secure Backup work in tandem: RMAN performs the data file or database recovery. Oracle Secure Backup restores the necessary files, if they are located on tape.
Oracle Database 11g: Oracle Secure Backup 5 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RMAN Automatic Failover to Previous Backup
Oracle Secure Backup supports which types of jobs: 1. RMAN backup jobs 2. RMAN restore jobs 3. RMAN recover jobs
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2
Oracle Database 11g: Oracle Secure Backup 5 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Where can RMAN record the errors returned from OSB over the SBT interface: 1. To $ORACLE_HOME/trace/sbtio.log by default 2. To /usr/local/oracle/sbtio.log by default 3. To another location specified by the DBA 4. To $ORACLE_HOME/rdbms/log/sbtio.log by default
Copyright © 2009, Oracle. All rights reserved.
Answers: 3, 4
Oracle Database 11g: Oracle Secure Backup 5 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Perform an OSB-encrypted RMAN backup to tape • Restore a data file from a tape backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 5 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Performing an RMAN backup to tape (encrypted by Oracle Secure Backup) • Restoring a data file from a tape backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 5 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5 Overview: Performing OSB-Encrypted Backup and Restore
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Backing Up File-System Data with Oracle Secure Backup
After completing this lesson, you should be able to: • Create datasets • Schedule file backups • Submit backup requests • Perform file-system backups
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 6 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Backing Up OS File Systems with Oracle Secure Backup Two ways of scheduling data backups of file systems with Oracle Secure Backup: – On-demand backups – Scheduled backups
•
Two types of backups: – Full: All specified files – Incremental: Only files that have changed since the last lower backup Full Up to nine levels Backup level 0
1
2
3
2
3
Copyright © 2009, Oracle. All rights reserved.
Backing Up OS File Systems with Oracle Secure Backup You can back up file-system files in two different ways: • By creating on-demand (ad hoc or one-time-only) backup jobs and submitting them to the Oracle Secure Backup scheduler (with the go option) • By using backup schedules, which define backup jobs that run at predetermined times. The scheduler automatically initiates such jobs at a day and time that you specify. With Oracle Secure Backup, you can create two types of backups: • Full backups: A full backup backs up all specified files, regardless of when they were last backed up. This option is the same as backup level 0. You can also perform a type of full backup, called an off-site backup, that does not affect the full or incremental backup schedule. • Incremental backups: There are nine different incremental backup levels. In each level, Oracle Secure Backup backs up only those files that have changed since the last backup at a lower (numerical) backup level. You can also instruct Oracle Secure Backup to back up only those files that have been modified since the last backup, regardless of its backup level. Note: The “incr” level backups are not supported on certain NAS devices, including Network Appliance filers.
Oracle Database 11g: Oracle Secure Backup 6 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
File-System Backups
Set up media families. Create datasets. For scheduled backups: Create backup windows. For repeating backups: Create schedule and triggers. Create and execute backup requests.
Copyright © 2009, Oracle. All rights reserved.
File-System Backups After you have configured your administrative domain, you perform the following steps with Oracle Secure Backup to create file-system file backups: 1. Log in as a UNIX, Linux, or Windows operating system user that has access to the files to be backed up, and log in to Oracle Secure Backup with backup privileges. 2. Configure media families to help manage the volumes created by the backup operation, if you have not done so already. 3. Create a dataset that identifies the hosts and files which you want to back up. For scheduled backups, perform the following additional steps: • Create at least one backup window, if you need to restrict the hours during which backups can be performed. If there are no restrictions, then you can use the default backup window. • Create a schedule for your backup job and add at least one trigger to this schedule. For on-demand backups, perform the following additional steps: • Create one or more backup requests. • Send your backup requests to the scheduler. Doing so turns each backup request into a backup job, making it eligible to run. When you terminate your Oracle Secure Backup session, any backup requests that have not been submitted are lost.
Oracle Database 11g: Oracle Secure Backup 6 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Your steps to back up your file system:
Copyright © 2009, Oracle. All rights reserved.
Managing Media Families From the EM Administrative Server page, you can click the link corresponding to the Media Families number. This takes you to the Media Families page from where you have the options to add a new media family. You can also select an existing media family, and edit or remove it. To add a new media family, perform the following steps: 1. Enter a name for the media family in the Media Family Name field. Normally, this name will appear as the prefix in each volume ID that uses this media family. 2. Enter a write-allowed time period in the Write window field (seconds, minutes, hours, days, weeks, months, years). You can set the write window to a specific duration, such as 14 days or three weeks. All volume sets that are members of the media family remain open for updates for this period. If you do not specify a write window for a volume set, Oracle Secure Backup considers the volume set eligible to be updated indefinitely. 3. Enter an amount of time to retain the volume in the Retain Time fields. Oracle Secure Backup uses this to apply an expiration date to the volume set. If you intend to use this media family to store RMAN backups, then select the Content Manages Reuse option. 4. Optionally, enter additional information in the Comment field. 5. Click OK to create your new media family.
Oracle Database 11g: Oracle Secure Backup 6 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Media Families
Dataset Examples
•
Textual description that defines which files to back up Examples found in the samples usr1 directory
stc1
stc2
stc3
/ home
usr2
tmp
labs file1.tmp file2.txt
labs
usr3
usr4
labs
file1.temp file2.junk labs
tmp
Copyright © 2009, Oracle. All rights reserved.
Dataset Examples With Oracle Secure Backup, use datasets to describe the list of files that you want to back up. A dataset is a textual description that tells Oracle Secure Backup which files to back up. Datasets employ a lightweight language. This dataset language gives you great flexibility in building and organizing datasets for the files that you want to protect. The graphic illustrates the files that you can find on three different hosts. By using the dataset defined in the next slide, you can back up the files in the graphic except those shown in dashed boxes (file1.tmp for home/usr1, and directory tmp, file1.temp, and file2.junk for home/usr4). To familiarize yourself with the dataset language, review the samples subdirectory of your Oracle Secure Backup home directory.
Oracle Database 11g: Oracle Secure Backup 6 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
# Dataset "common-exclusions": exclude name tmp exclude name *.tmp exclude name *.temp exclude name *.backup # Dataset "application files": exclude name *~ include path /home/usr1 include path /home/usr2 include host stc1 include host stc2 include host stc3 { include dataset common-exclusions include path /home/usr3 before backup optional "/etc/local/nfy '/usr3 begin'" after backup optional "/etc/local/nfy '/usr3 end'" include path /home/usr4 { exclude name *.junk } }
Copyright © 2009, Oracle. All rights reserved.
Dataset Examples (continued) Oracle Secure Backup dataset language has the following characteristics: • Comments may appear anywhere following a comment sign (#). • Statements have the form: statement-name [statement-argument] where statement-name may consist of multiple space-separated words, such as include path. • Some statements may begin a nested block, and statements within the block apply only to the statement that began the block. These have the form: statement-name [statementargument]{ statement-name [statement-argument] ...} • An escape character, \, may appear anywhere to remove the special meaning of the character following it. • Blank lines are ignored. The slide shows you two datasets that can be used to back up the data shown in the previous slide. The first script is used to exclude directories and files starting with tmp, *.tmp, *.temp, and *.backup. Note: The * wildcard can be used in datasets as long as the backup is of a regular file system, not an NDMP filer.
Oracle Database 11g: Oracle Secure Backup 6 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Dataset Examples
When performing a normal (nondatabase) backup, you may want to skip files that would be included in a database backup. Examples of such files include the database files themselves, control files, redo logs, and flashback logs. To exclude these files, specify the exclude oracle files directive in your dataset. Note: For more information about the dataset language, refer to the Oracle Secure Backup Administrator’s Guide.
Oracle Database 11g: Oracle Secure Backup 6 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Dataset Examples (continued) The second script is used to back up the following data on hosts stc1, stc2, and stc3: • On stc1 and stc2: /home/usr1 and /home/usr2 • On stc3: /home/usr1, /home/usr2, /home/usr3, and /home/usr4 except files starting with tmp, *.tmp, *.temp, *.backup, and *.junk only for /home/usr4 When Oracle Secure Backup starts backing up data in /home/usr3 on stc3, it executes the /etc/local/nfy executable. The same executable is also executed when Oracle Secure Backup finishes its backup of /home/usr3.
Copyright © 2009, Oracle. All rights reserved.
Creating Datasets Using the Web Tool Interface You can use the Oracle Secure Backup Web tool to create a dataset: 1. From the Home page, click the Backup tab in the menu bar. 2. On the Backup menu, click Datasets in the submenu under Settings. The Datasets page appears. Dataset directories appear in the Path box with a slash as the last character in the name. 3. Click the Add button to create a new dataset. When you create a new dataset description, the initial contents of the dataset are defined by a dataset template. 4. Select File or Directory from the Dataset type list. Like Windows and UNIX file systems, Oracle Secure Backup datasets are organized in a naming tree. You may optionally create dataset directories to help you organize your data definitions. Later, you will discover that when you want Oracle Secure Backup to back up data, you identify the name of the dataset. If you give the name of a dataset directory, it is equivalent to naming all the datasets contained within that directory tree. Dataset directories may be nested up to 10 levels deep. By default, a dataset file is created under the /admin/config/dataset directory.
Oracle Database 11g: Oracle Secure Backup 6 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating Datasets
ob> lsds Top level dataset directory: NEW_CLIENTS/ ob> cdds NEW_CLIENTS ob> mkds --dir TEST ob> cdds TEST ob> mkds -i test1 Input the new dataset contents. Terminate with an EOF or a line containing just a dot ("."). exclude name tmp include path /u01/oracle/solutions . Apply your changes [yes]? y ob> lsds Dataset directory NEW_CLIENTS/TEST: Test1
The obtool commands used for managing datasets are as follows: • cdds is used to navigate into the dataset directory structure. • pwdds is used to show you the current path in the dataset directory structure. • lsds is used to list the contents of the current dataset directory. • mkds is used to create both dataset directories and datasets. The --dir option is used for directories. The –i option is used to directly enter your dataset description text without the use of any special editor. As shown in the example, the system asks you to enter your text and finish it with a dot. • rmds is used to remove both directories and files. The --nq option is used to avoid any confirmation before doing the removal. Note: For more information about these obtool commands, refer to the Oracle Secure Backup Reference.
Oracle Database 11g: Oracle Secure Backup 6 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating Datasets (continued) Using the Web Tool Interface (continued) 5. In the Name field, enter a name for the dataset. 6. Update the dataset statements displayed in the template file to define your backup data. For more information, see “Dataset Examples,” earlier in this lesson. 7. Choose one of the following: - Click the Save button to accept your entries and return to the Datasets page. - Click Cancel to abort the operation and move back one page. If your dataset has errors, a message appears in the Status section. As you can see in the slide, you also have the options to check, edit, rename, and remove datasets. Using the obtool Interface Similarly, you can manage your dataset directories and description files by using the obtool interface. The example shown here first looks at the contents of the dataset directory, and then creates the new directory TEST inside the existing NEWCLIENTS directory. Then, a new dataset called test1 is created inside the TEST directory.
Copyright © 2009, Oracle. All rights reserved.
Configuring Backup Windows A backup window is a time range within which Oracle Secure Backup performs scheduled backup jobs. You must have at least one backup window in order for scheduled backup jobs to run. You can identify a single backup window that applies to all days of the week, or fine-tune backup windows to specific weekdays or dates. A default backup window is always created, and is identified as daily 00:00-24:00. Backup windows have a start time and an end time. Backups are eligible for execution after the start time specified by a backup window. When the backup window end time arrives, Oracle Secure Backup completes any backups that have already been started. No more backups are started until the window opens again or a new window opens. Perform the following steps to create a backup window by using the Oracle Secure Backup Web tool: 1. From the Backup menu, click Backup Windows in the submenu under Settings. The Backup Windows page appears. 2. Click the Add button to add a new backup window. The Backup Window page appears.
Oracle Database 11g: Oracle Secure Backup 6 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Backup Windows
•
•
addbw { --times/-t time-range[,time-range]... } day-specifier[,day-specifier]... time-range: Represents a time-of-day range using the syntax start-time-end-time. For example: 08:00:00-08:30:00 or 1430-14:35:30 day-specifier: Represents a range of time in terms of days using the syntax: year/month/day | month/day | wday | wday-wday | weekday[s] | weekend[s] | daily | today | yesterday wday::= sunday[s] | monday[s] | tuesday[s] | wednesday[s] | thursday[s] | friday[s] | saturday[s]
If no backup windows are identified, then scheduled backups will not run. The default backup window has a day-specifier of 'daily 00:00-24:00'. Obtool commands for backup windows include: • addbw: To add a new backup window • chkbw: To check for the existence of a backup window • lsbw: To list backup windows • rmbw: To remove a backup window or specific time ranges • setbw: To change the settings of a backup window
Oracle Database 11g: Oracle Secure Backup 6 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Backup Windows (continued) 3. Select a backup window type from the Type field. Your choices are: - Day range: If you select this option, refer to the “Creating Backup Triggers” section. - Date: If you select this option, refer to the Oracle Secure Backup Administrator’s Guide. 4. Select a local time range (expressed in 24-hour format) from the Time range field. Oracle Secure Backup will start scheduled backups during this time range. A time range is an interval specified as -, where the start and end times are in the form hour:minute:second. You can also use a four-digit hour-minute specifier (for example, 1430, which indicates 2:30 PM). The time range is based on the local time and takes into account Daylight Savings Time, if it applies to your locale. If the end time precedes the start time, Oracle Secure Backup assumes that the end time refers to the following day. For example, 20:00–02:00 indicates 8:00 PM as the start time and 02:00 AM of the next day as the end time. 5. Select one of the following: - Click OK to save your entries and exit the page. The Backup Windows page reappears. - Click Cancel to void the operation and move back one page. Using obtool for Backup Windows Obtool has a group of commands that enable you to configure backup windows. A backup window enables you to specify a time frame for the execution of scheduled backup operations. You can identify a single backup window that applies to all days of the week or fine-tune backup windows based on specific days or dates. When you create a backup window, you specify the time and day range by using the following syntax:
Copyright © 2009, Oracle. All rights reserved.
Creating Backup Schedules A backup schedule indicates to Oracle Secure Backup what data to back up and how to back it up. Execute the following steps to create a schedule with the Oracle Secure Backup Web tool: 1. From the Backup menu, click Schedules in the submenu under Settings. The Schedules page appears. Backup schedules appear in the Schedule name box in the central panel. 2. Click the Add button to add a new schedule. The New Schedules page appears. 3. Enter a name for the schedule in the Schedule field. 4. Enter a priority number for the backup job in the Priority field. 5. In the Datasets box, select one or more datasets to include in the backup job. 6. Optionally, select one or more restrictions in the Restrictions box. You can restrict scheduled backups to specific devices. 7. Optionally, enter any information that you want to store with the backup schedule in the Comments field. Obtool commands for backup schedules include: • chsched: To change an existing backup schedule • lssched: To list backup schedules • mksched: To make a new backup schedule • rensched: To assign a new name to a schedule • rmsched: To remove a schedule Oracle Database 11g: Oracle Secure Backup 6 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating Backup Schedules
Copyright © 2009, Oracle. All rights reserved.
Creating Backup Triggers To create triggers by using the Oracle Secure Backup Web tool, perform the following steps: 1. Navigate to Backup Schedules > Weekly Catalog backup > Triggers. The Triggers page appears with the default setting of Day in the Trigger type field. 2. Using the Trigger type field, select a time representation for defining when to perform the backup job. Your choices are: - one time: To perform a backup only once - day (default): To perform a backup one or more days during the week - month: To perform a backup one day a month - quarter: To perform a backup one day per quarter - year: To perform a backup one day during the year 3. Select a backup level from the “Backup level” field. You can choose full, incr, offsite, or an incremental level from 1 through 9. 4. Select the hour and minute to start the backup in the “Backup at” fields. 5. Select a media family to be used by this scheduled backup in the “Media family” field. 6. Optionally, choose an expiration time period in the “Expire after” fields (in seconds, minutes, hours, days, weeks, months, years, or forever). If the scheduled backup is not started by this time, it is deleted and not run at all.
Oracle Database 11g: Oracle Secure Backup 6 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating Backup Triggers
Oracle Database 11g: Oracle Secure Backup 6 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating Backup Triggers (continued) 7. Your selection in step 2 determines what screens you see. Here, it is supposed that the day option is used. Select the days on which Oracle Secure Backup will run the scheduled backup. Your choices are: - Select daily: To trigger the schedule to run on all seven days of the week - Select weekdays: To trigger the backup to run on weekdays only (Monday through Friday) - Select weekends: To trigger the backup to run only on weekends (Saturday and Sunday) - Alternatively, from both the “Select weekdays” and “Select weekends” fields, you can select a mix of individual days on which you can trigger scheduled backups to run (for example, Monday, Tuesday, and Saturday at 8:00 AM). 8. Optionally, select an option from the “Week in month” group. This option enables you to limit which week in the month the backup schedule will run. Your choice are: - All: This includes all weeks. - Selected (First, Second, Third, Fourth, Fifth, and Last): This enables you to specify the week to include. 9. Optionally, specify weekday exceptions from the Except list. An exception prevents Oracle Secure Backup from backing up data on the day that you specify. Your choices are: - none (default): To disable an exception - except: To enable an exception 10. Select a value from the Time list. Your choices are: - before: To enable you to specify an exception before a specified day - after: To enable you to specify an exception after a specified day 11. Select values from the Specify day fields. From the first field, your choices are none, first, second, third, fourth, and last. From the second field, your choices are Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday. 12. Click one of the following: - Add, to accept your entries and add the trigger You are returned to the Triggers page with a success message. The schedule is displayed in the Triggers field. The schedule displays the level of the backup, the time at which it is to begin, and the days on which the backup is to be performed. - Edit, to modify the trigger - Remove, to delete the trigger - Cancel, to void the operation and move back one page Note: In the slide, you can see how to create a trigger at the day level. For the other levels, refer to the Oracle Secure Backup Administrator’s Guide.
Copyright © 2009, Oracle. All rights reserved.
Previewing a Backup Trigger To preview a backup trigger by using the Oracle Secure Backup Web tool: Navigate to Backup > Schedules, select a schedule, and click Edit > Triggers > Preview. Note: Oracle Secure Backup 10.2 has a predefined OSB-CATALOG-DS schedule to back up your OSB catalog. Because this daily backup should not be encrypted, the Encryption parameter is set to No.
Oracle Database 11g: Oracle Secure Backup 6 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Previewing a Backup Trigger
Copyright © 2009, Oracle. All rights reserved.
Creating On-Demand Backup Requests To create an on-demand backup request with the Oracle Secure Backup Web tool, perform the following steps: 1. From the Backup page, click Backup Now in the submenu under the Operations section. The Backup Now page appears. In the backup box in the central panel, each backup request that you have created but have not yet sent to the scheduler is displayed. Backup requests are identified by a backup name and number. 2. To create a new backup, click the Add button. The Options page appears. 3. Select one or more datasets from the Datasets box. 4. Optionally, select a future date and time for the backup to run from the “Backup date” and “Backup time” fields. If you leave these fields unchanged, Oracle Secure Backup considers your backup job immediately available for execution. 5. Optionally, enter an expiration time in the “Expire after” field. Do this if you want Oracle Secure Backup to automatically delete this backup job if it has not started within the specified expiration period after the date and time intervals defined earlier in the “Backup date” and “Backup time” fields. 6. Select a backup level from the Backup level field. Your choices are: full (default), 1 to 9, incr, and offsite.
Oracle Database 11g: Oracle Secure Backup 6 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating On-Demand Backup Requests
Oracle Database 11g: Oracle Secure Backup 6 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating On-Demand Backup Requests (continued) 7. Select a media family to which the data of this backup should be assigned from the Media family field. 8. Optionally, select one or more device restrictions from the Restrictions field. Oracle Secure Backup enables you to restrict backups to one or more of the following: - A specific tape drive, displayed as devicename - Any tape drive attached to a specific host, displayed as @hostname - Any tape drive-host attachment, displayed as devicename@hostname If you do not set a restriction (the default), your backup job will use any available device at the discretion of Oracle Secure Backup scheduling system. 9. Optionally, change the priority of the backup job in the Priority field. The default is 100. The priority of a job is a positive integer value. The lower this value, the greater the priority assigned to the job by the scheduler. It considers priority 20 jobs, for example, more important than priority 100 jobs. The scheduler always gives preference to dispatching higher priority jobs over lower priority ones. 10. Choose whether you want the backup to operate in unprivileged or privileged mode. Unprivileged mode is the default. An unprivileged backup runs under your UNIX user identity or Windows account identity, as configured in your Oracle Secure Backup user profile. Your access to file-system data, therefore, is constrained by the rights of the UNIX user or Windows account having that identity. On UNIX systems, a privileged backup runs under the root user identity. On Windows systems, it runs under the same account identity as the Oracle Secure Backup service on the Windows client. 11. Choose one of the following: - Click OK to accept your selections. When you do so, Oracle Secure Backup displays this backup request in the list box on the Backup Now page. - Click Cancel to void the operation and move back one page.
Copyright © 2009, Oracle. All rights reserved.
Submitting Backup Requests To send backup requests to the scheduler, perform the following steps in the Oracle Secure Backup Web tool: 1. From the Backup menu, click Backup Now in the submenu under Operations. The Backup Now page appears. 2. Click the Go button. Oracle Secure Backup sends each backup request that appears in the Number/Dataset central panel to the scheduler. A message appears in the status section for each request acknowledged by the scheduler. Oracle Secure Backup deletes each backup request upon its acceptance by the scheduler. As a result, the Number/Dataset central panel is empty upon completion of the Go operation. 3. To view the status of your job, go to the Manage page and click the Jobs link. On the Jobs page, click the Show Transcript button to see the output of your job.
Oracle Database 11g: Oracle Secure Backup 6 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Submitting Backup Requests
Copyright © 2009, Oracle. All rights reserved.
Reviewing Jobs On the Manage: Jobs page in the Oracle Secure Backup Web tool, you can view a list of jobs according to your selection criteria. For more details, click a job (it is highlighted), then click Show Properties or Show Transcript.
Oracle Database 11g: Oracle Secure Backup 6 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Reviewing Jobs
File-system backups should use time-managed media families: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 6 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which are required for all backups of OS files with OSB? 1. Media families 2. Datasets 3. Backup windows 4. Backup schedule 5. Backup triggers
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2
Oracle Database 11g: Oracle Secure Backup 6 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Datasets are the actual backups of files produced by OSB: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 6 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Create datasets, which are scripts to define OS files for backups • Schedule file backups to be performed in predefined time windows • Submit backup requests • Perform file-system backups
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 6 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Creating a dataset • Scheduling a backup of the dataset Note: The completion of this practice is a prerequisite for the following practice, “Restore File-System Data.”
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 6 - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6 Overview: Backing up File-System Data
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Restoring File-System Backups with Oracle Secure Backup
After completing this lesson, you should be able to: • Browse the catalog for file-system backup data • Create catalog-based restore requests • Perform file-system restoration
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 7 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Copyright © 2009, Oracle. All rights reserved.
Browsing the Catalog for File-System Backup Data The administrative server maintains a catalog in which it stores metadata relating to backup and restore operations for the administrative domain. Oracle Secure Backup maintains a discrete backup catalog for each client in your administrative domain. When you browse a backup catalog, Oracle Secure Backup presents the data in the form of a filesystem tree, just as it appeared on the client from which the data was saved. For example, if you backed up the /home/myfile.dat file located on myhost, the backup catalog for myhost represents the contents of the backup image as /home/myfile.dat. At the root of the backup catalog is the superdirectory, which contains all files and directories saved from the uppermost file-system level. The superdirectory provides you with a starting point from which to access every top-level file-system object stored in the backup catalog. For Windows clients, this superdirectory contains the drive identifiers, such as C:.
Oracle Database 11g: Oracle Secure Backup 7 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Browsing the Catalog for File-System Backup Data
Restoring File-System Data Restoring the needed files is easily accomplished using the Oracle Secure Backup catalog, which offers: – Tree-style browsing of all backups – Multiple query options for fast identification of needed files
• •
You can restore files to the original location or to an alternative location. The end-user restore ability is based on user-level permissions.
•
OSB automatically recalls tapes located at alternate locations for the restore operation. (The Restore job remains in a pending state until tapes are returned to an accessible tape device.)
•
Fast restoration from tape is accomplished by using tape position data obtained during backup. Copyright © 2009, Oracle. All rights reserved.
Restoring File-System Data You can gain practical experience with this during the practice session.
Oracle Database 11g: Oracle Secure Backup 7 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Two ways to restore data: • Catalog-based restore operation: Based on catalog backup history • Directly from media: Based only on the data contained in the volumes – Referred to as a RAW restore and is not commonly used – Recommended only for advanced users
Copyright © 2009, Oracle. All rights reserved.
Restoring File-System Files with Oracle Secure Backup With Oracle Secure Backup, you can restore data in two different ways: • By browsing backup catalogs for the file-system objects of interest. After you have located their names and selected the instances to restore, you can direct Oracle Secure Backup to perform the restore operation. This is called “catalog-based restore.” • By knowing the names of the file-system objects of interest and the secondary storage location (volume ID and backup image file number) in which they are stored. This is called raw restore. For more information about raw restore operations, see the Oracle Secure Backup documentation.
Oracle Database 11g: Oracle Secure Backup 7 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Restoring File-System Files with Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
The Restore Page You can use the Oracle Secure Backup Web tool to restore your saved files. You do this from the Restore page. To access the Restore page from the Web tool Home page, click the Restore tab on the menu bar.
Oracle Database 11g: Oracle Secure Backup 7 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
The Restore Page
Copyright © 2009, Oracle. All rights reserved.
Listing All File-System Backups of a Client Perform the following steps to list all backups of a client by using the Oracle Secure Backup Web tool: 1. From the Restore: Backup Catalog page, select any host from the Hosts Name list. 2. Click Browse Host. Oracle Secure Backup displays the Browse Host page. 3. Drill down to the file or directory for which you want to display the available backups. Click the List Host Backups button. A properties page appears. Click the Close button when you have finished viewing this window.
Oracle Database 11g: Oracle Secure Backup 7 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Listing All File-System Backups of a Client
Copyright © 2009, Oracle. All rights reserved.
Creating a Catalog-Based Restore Request To browse a backup catalog for data restore operation, perform the following steps: 1. From the Web tool Home page, click the Restore tab on the menu bar. The Restore page appears. 2. On the Restore page, click the Backup Catalog link in the Operations section. 3. On the Restore: Backup Catalog page, select the client from which the data was originally saved in the Host Name list. 4. Select one or more data selectors from the Data Selector list box. 5. Select a View mode: Inclusive or Exact. 6. Optionally, enter the path name of the directory that you want to browse in the Path field. If you do not do this, Oracle Secure Backup displays the uppermost directory that it has backed up for the selected client. 7. Click Browse Host. Oracle Secure Backup displays the Browse Host page with the selected directory displayed.
Oracle Database 11g: Oracle Secure Backup 7 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating a Catalog-Based Restore Request
Copyright © 2009, Oracle. All rights reserved.
Creating a Catalog-Based Restore Request (continued) 8. On the Browse Host page, click a directory name to make it your current directory and view its contents. You can repeat this operation many times to find the data that you want to restore. You can choose a directory to restore (and all its contents), or you can choose to restore individual files. 9. You can change the Data selector, and then click Apply to redisplay the page. 10. You can also change the View mode without leaving this page. 11. Select the check box next to the name of each file-system file or directory that you want to restore. Doing so creates an Oracle Secure Backup restore request for each instance of the file identified by the data selector. To learn the identity of those instances, view the object property page by clicking the adjacent Properties button. When you do, Oracle Secure Backup displays a pop-up window. After you view the pop-up window, click Close.
Oracle Database 11g: Oracle Secure Backup 7 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating a Catalog-Based Restore Request
Copyright © 2009, Oracle. All rights reserved.
Creating a Catalog-Based Restore Request (continued) 12. On the Browse Host page, after you have selected the objects that you want to be restored, click the Add button. The New Restore page appears. 13. Optionally, enter an alternative path name for each file or directory to restore. The original path name of each object that you previously selected appears in the lower-left portion of this page. To its right is a text box in which you can enter the alternative path name. If you leave this blank, Oracle Secure Backup restores the data using its original name. 14. Optionally, select the Device option and select a tape drive to use to perform the restore operation. By default, Oracle Secure Backup automatically selects the tape drive to use. 15. Select your restore mode. Unprivileged mode is the default. An unprivileged restore operation runs under your UNIX user identity or Windows account identity, as configured in your Oracle Secure Backup user profile. The privileged mode uses the root or administrator accounts. (You must have appropriate rights to choose this option.) 16. Optionally, enter one or more obtar options in the Obtar option(s) field. For example, -J enables debug output and provides a high level of detail in the job transcript. For details about obtar options, refer to the Oracle Secure Backup Reference.
Oracle Database 11g: Oracle Secure Backup 7 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating a Catalog-Based Restore Request
Oracle Database 11g: Oracle Secure Backup 7 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating a Catalog-Based Restore Request (continued) 17. Select the “No high speed positioning” check box if you do not want to use the available position data to speed up the restore operation. 18. Select the “NDMP incremental restore” check box to direct certain NAS data servers to apply incremental restore rules. Typically, recoveries are additive: each file and directory restored from a full or an incremental backup is added to its destination directory. When you select NDMP incremental restore, NAS data servers that implement this feature restore each directory to its exact state as of the last incremental backup image applied during the restore job. Files that were deleted before the last incremental backup are deleted by the NAS data service upon restore of that incremental backup. 19. Select “Replace existing files” to overwrite any existing files with those restored from the backup image. Alternatively, select “Keep existing files” to keep any existing files instead of the default overwriting them with files from the backup image. 20. If you are restoring to a Windows system, select “Replace in use files” to replace in use files with those from the backup image. Windows deletes each in use file when the last user closes it. Alternatively, select “Keep in use files” to leave any in use Windows files unchanged. 21. Click OK. Oracle Secure Backup displays the Browse Host page. The restore request you just made appears in the Restore items list. Oracle Secure Backup displays the message, “Success: file(s) added to restore list” in the status area.
Copyright © 2009, Oracle. All rights reserved.
Submitting Restore Requests Submitting a restore request initiates the creation of an Oracle Secure Backup job. Perform the following steps to send catalog-based restore requests to the scheduler by using the Oracle Secure Backup Web tool: 1. From the Browse Restore Catalog page, select any host from the Hosts Name list. 2. Click Browse Host. Oracle Secure Backup displays the Browse Host page. 3. Click Go. The Web tool sends each restore request that appears in the “Restore items” list box to the scheduler. A message appears in the status area for each request acknowledged by the scheduler. It can say, for example: 2 catalog restore request items submitted; job id is admin/2. Oracle Secure Backup deletes each restore request upon its acceptance by the scheduler. As a result, the “Restore items” list is empty upon completion of the Go operation. 4. To view the status of your job, go to the Manage page, and click the Jobs link. On the Jobs page, select “restore” in the Types field, and click Apply. You can see the output of your job.
Oracle Database 11g: Oracle Secure Backup 7 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Submitting Restore Requests
When performing a restore operation, Oracle Secure Backup will by default overwrite or replace existing files: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 7 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Files can be restored to either the original location or elsewhere: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 7 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Restoring OS file data with Oracle Secure Backup can be done: 1. Using a catalog-based restore operation 2. Directly from the media 3. Using RMAN 4. Using the dd command
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2
Oracle Database 11g: Oracle Secure Backup 7 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Browse the catalog for file-system backup data • Create catalog-based restore requests • Perform file-system restoration
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 7 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
Practice 7 Overview: Restoring File-System Data
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 7 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
This practice covers performing a file-system restore operation.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Managing Your Oracle Secure Backup Domain
After completing this lesson, you should be able to: • Describe Oracle Secure Backup processes • Configure defaults and policies • Browse primary Oracle Secure Backup catalogs • Perform preconfigured catalog backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 8 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
> Daemons Policies Catalogs
Client
Administrative server
Media server
observiced
obscheduled
observiced
obproxyd
observiced
obrobotd
obhttpd
obndmpd
obixd
obproxyd
obproxyd
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Processes: Daemons To oversee data protection activities among diverse hosts, devices, and databases, you define an administrative domain. There must be one and only one administrative server for each administrative domain. The administrative server includes: • Oracle Secure Backup catalog, a directory structure with host-specific subdirectories. This means, the contents vary depending on the roles you assign to the host. An administrative server has the central catalog with configuration and metadata. • Daemons (or services), which are processes that run in the background and perform OSB operations on behalf of an application Some daemons run continually; others run only to perform specific work and then exit when they have finished. The Oracle Secure Backup daemons actively participate in managing backup and restore operations: • observiced daemon: On the administrative server, this daemon runs jobs (such as backup and restore operations) at the request of the obscheduled daemon, cleans up old log files and transcripts, and provides access to Oracle Secure Backup configuration data to other hosts in the domain.
Oracle Database 11g: Oracle Secure Backup 8 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Processes: Daemons
Oracle Database 11g: Oracle Secure Backup 8 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Processes: Daemons (continued) observiced daemon (continued) • The observiced daemon starts the obscheduled daemon and the Web server during initialization. When running on a client or media server, observiced is primarily responsible for invoking Oracle Secure Backup programs in response to a request from the administrative server. On all hosts, the observiced daemon is usually started as part of system startup and runs continually. On UNIX and Linux, startup is usually performed through entries in /etc/init.d, whereas on a Windows host, the observiced daemon is started by the Service Control Manager. • obscheduled daemon: This daemon initiates scheduled events and manages jobs. The daemon receives job creation requests from obtool users and from the SBT interface in response to RMAN commands. • obixd daemon: This daemon manages the backup catalog. One instance of this daemon runs for each client whenever the contents of that client’s catalog must be read or updated. • Apache Web server daemon (obhttpd): This daemon provides the Web tool GUI for Oracle Secure Backup. • obndmpd daemon: This daemon implements the NDMP tape service and provides media services to remote clients. It is launched by the observiced daemon in response to client requests to open a channel to a tape drive that is not locally connected to the client. • obrobotd daemon: This daemon is launched by the observiced daemon in response to requests to manipulate tapes in a tape library. One instance of this daemon runs for each tape library whenever the services of that tape library are required. • obproxyd daemon: This daemon verifies user access for SBT backup and restore operations. The proxy daemon runs on the host that contains the SBT library accessed during the operations. The invocation of the proxy daemon is platform specific. The proxy daemon uses the operating system user identity of the process invoking the SBT library and the local host name to determine the Oracle Secure Backup user account for the backup operation. If a preauthorization exists for this OS user and host, and if the associated Oracle Secure Backup user is permitted to perform RMAN backups, then the login to Oracle Secure Backup is permitted. On a host running the Windows operating system, only the observiced daemon runs as a Windows service. The other Oracle Secure Backup daemons do not run as services.
Copyright © 2009, Oracle. All rights reserved.
Managing Common Daemon Operations Oracle Secure Backup daemons respond to a common set of control commands. Sending control commands to daemons is an infrequently performed task that you would typically perform only under the guidance of Oracle Support Services. The daemon control commands are: • dump: To direct the daemon to dump internal state information into its log file • reinitialize: To direct the daemon to reread configuration data from the file system • debugon: To direct the daemon to generate extra information to its log file • debugoff: To cancel a previous debugon command. This is the default state. To send a command to a daemon, perform the following steps: 1. From the Web tool Home page, click the Manage tab. 2. From the Manage page, click the Daemons link in the Maintenance section. 3. On the Daemons page, select a daemon from the Type list. 4. From the Host list, select the host on which the daemon is running. 5. Select a command from the Command list. 6. Click Apply to accept your selections.
Oracle Database 11g: Oracle Secure Backup 8 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Common Daemon Operations
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 8 - 6
Oracle University and (Oracle Corporation) use only.
Quiz
All OSB daemons run continuously: 1. True 2. False
Daemons > Policies Catalogs
For the ease of management (of simple and complex environments): • Policy settings for devices, catalog indexing, log management, and general backup and recovery operations • Email notification of system events and reports • Policies that control the behavior of daemons and services • NDMP Data Management Agent (DMA) defaults • Policies that control aspects of domain security
Copyright © 2009, Oracle. All rights reserved.
Managing Defaults and Policies Defaults and policies are configuration data that control how Oracle Secure Backup operates within an administrative domain. The data is maintained on the administrative server. Oracle Secure Backup is preconfigured with a set of defaults and policies for fast deployment in most environments. Oracle Secure Backup policies are grouped into several policy classes. Each policy class contains policies that describe a particular area of Oracle Secure Backup operations: • Daemon policies • Device policies • Index policies • Log policies • Media policies • Naming policies • NDMP policies • Operations policies • Scheduler policies • Security policies • Testing policies Oracle Database 11g: Oracle Secure Backup 8 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Defaults and Policies
1 3
2
Copyright © 2009, Oracle. All rights reserved.
Configuring Oracle Secure Backup Policies To modify the policies settings by using the Web tool, perform the following steps: 1. From the Configure page, select Defaults and Policies. 2. Click the name of the policy that you want to modify. 3. Make any required changes. 4. Choose one of the following: - Click Apply to remain in this page. - Click OK to save the changes and return to the Configure page. - Click Cancel to avoid the operation and move back one page. 5. Operations example: You can set operation policies to specify the following: - Whether Oracle Secure Backup updates backup history data every time a client host is backed up - Whether Oracle Secure Backup creates volume and backup image labels for a new backup image whenever it backs up data - Whether Oracle Secure Backup performs block-level verification after each backup section is completed - Additional options to apply to scheduler-dispatched backup and restore operations, such as enabling diagnostic output mode with the obtar -J option Oracle Database 11g: Oracle Secure Backup 8 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring Oracle Secure Backup Policies
Daemons Policies > Catalogs
File-system metadata: indices.cur
1
Piece catalog: sbtpiece.dat and sbtpiece.idx
2
Volumes catalog: volumes.dat and volumes.idx 3 Backup sections catalog: archives.dat and archives.idx
4
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup: Backup Metadata Catalogs The Oracle Secure Backup catalog is a collection of backup metadata catalogs and configuration files. They are centrally located on the administrative server in a hierarchical file system under the OSB_Home directory. The following are the four primary catalogs: 1. File-system backup metadata is stored for each client in the indices.cur catalog (also known as the index database). Thus, if the administrative server has 100 clients, it has 100 indices.cur files. The indices.cur file is located in the /usr/local/oracle/backup/admin/history/host/host_name directory. 2. Oracle database backup piece metadata is stored in the sbtpiece.dat and sbtpiece.idx files. 3. A listing of all tapes that contain backups registered with the Oracle Secure Backup catalog, is stored in the volumes.dat and volumes.idx files. When a tape is overwritten, the volumes catalog is immediately updated. 4. Information about backup sections is stored in the archives.dat and archives.idx files. This is important when a backup spans multiple volumes. The last three catalogs are located in the /usr/local/oracle/backup/admin/state/general/ directory.
Oracle Database 11g: Oracle Secure Backup 8 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup: Backup Metadata Catalogs
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup: Backup Metadata Catalogs (continued) After volumes have been overwritten or unlabeled, the backup metadata is no longer needed. The index daemon automatically removes this backup metadata from the catalog at the interval set by the indexcleanupfrequency index policy (default is 21 days).
Oracle Database 11g: Oracle Secure Backup 8 - 10
Oracle Secure Backup: Directory Structure
OSB_HOME directory
admin • • • •
config history log state
apache • • • • •
conf htdocs images logs modules
bin
lib
device
help
tools.linux32
man
etc
.drv.linux32
samples
Administrative server
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup: Directory Structure The Oracle Secure Backup home directory is created on every host where you install Oracle Secure Backup, although the contents of the directory vary depending on the roles that you assigned to the host. The slide shows the installed directories for an administrative server on a Linux operating system. The directories in the dashed box contain executable files, or information related to storage devices. They are: bin, etc, device, lib, tools.linux32, and .drv.linux32. Not shown in the slide are the following directories: .bin.linux32, .etc.linux32, and .lib.linux32. Oracle Secure Backup maintains its own centralized catalog on the administrative server. The Oracle Secure Backup catalog contains all the information used to define your configuration, and also metadata relating to your backup and restore operations. Oracle Secure Backup organizes its catalog in a hierarchical way. The admin directory contains the administrative domain catalogs.
Oracle Database 11g: Oracle Secure Backup 8 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
/usr/local/oracle/backup
Preconfigured catalog backup with the following elements: • OSB-CATALOG-MF media family: All catalog backups will be written to same tapes. • OSB-CATALOG-SUM job summary: Daily reports are emailed to users showing status of catalog backup • OSB-CATALOG-DS dataset: All directories and files of the OSB catalog are defined for the file-system backup. • OSB-CATALOG-SCHED schedule: The schedule determines the timing for the catalog backup. For you to do: • Edit the OSB-CATALOG-SCHED trigger to specify the backup time.
Copyright © 2009, Oracle. All rights reserved.
Backing Up the Catalog The primary catalog backup configuration settings have been defined. Only one step remains which requires user intervention: Edit the OSB-CATALOG-SCHED trigger specifying when the backup should be performed.
Oracle Database 11g: Oracle Secure Backup 8 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Backing Up the Catalog
Manual Catalog Backup
– Oracle Secure Backup home directory – The /etc/obconfig file – The /usr/etc/ob directory
2. Create a backup request, either on-demand or scheduled. 3. Submit the backup request to the scheduler. 4. Store the volume set in a known location.
Copyright © 2009, Oracle. All rights reserved.
Manual Catalog Backup If you do not want to use the preconfigured recommended catalog backup specifications, you can create your own with the above steps. You will need the catalog backup only in unusual, difficult circumstances, so you should make special provisions when storing the backup, such as: • Storing the volume set in a known location so that the tapes can be retrieved without having to look up which volumes were used to store the backup • Configuring the operations/backupoptions policy to use the -v option (if you configured a scheduled backup). This generates a full transcript and lists all the files that are backed up. Then, save the transcript along with the tapes. For additional protection, you can back up the /usr/etc/ob directory, which is the job transcript directory. You may also want to save a copy of the SCSI parameters used to create the device special files for your tape devices. This can help you to reconfigure the tape devices during disaster recovery of your administrative server. The parameter specifications should be saved along with the volumes that contain the catalog backup.
Oracle Database 11g: Oracle Secure Backup 8 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
1. Create a dataset that includes:
How many indices.cur files exist containing file-system metadata? 1. One for each directory on each client 2. One for each client 3. One for each file system on each client 4. One for each media server
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 8 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
What should be contained in the backup of the OSB catalog? 1. The OSB home directory 2. The /etc/obconfig file 3. The /usr/local/oracle directory 4. The /usr/etc/ob directory
Copyright © 2009, Oracle. All rights reserved.
Answers: 1, 2, 4
Oracle Database 11g: Oracle Secure Backup 8 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Describe Oracle Secure Backup processes • Configure defaults and policies • Browse primary Oracle Secure Backup catalogs • Perform preconfigured catalog backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 8 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the topic of backing up the Oracle Secure Backup catalog data and critical files.
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 8 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8 Overview: Performing a Preconfigured OSB Catalog Backup
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Managing the OSB Infrastructure
After completing this lesson, you should be able to: • Manage clients • Manage media servers (tape devices and libraries) • Manage volumes
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 9 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
> Clients Media Serv. - Devices - Libraries Volumes Jobs
Copyright © 2009, Oracle. All rights reserved.
Managing Clients Adding Clients may be your most common management task. You can perform it with the mkhost obtool command or the OSB Web tool. 1. In the Web tool, click Configure, and then click Hosts. 2. Select the “Suppress communication with host” check box if you want to add a (standalone) server to the administrative domain. 3. Click the Add button. Then enter a host name of your choice in the Host field. The name must be unique among all Oracle Secure Backup host names. 4. Optionally, enter one IP interface name in the “IP Interface name(s)” field. If you leave this blank, OSB uses the name of the host (step 3) as the resolvable IP name for the host. 5. Select a status from the Status field. Your choices are: - In service: Indicates that the server is logically available for backup and restores - Not in service: Indicates that the server is unavailable 6. Select one or more administrative domain roles for the host from the Roles field. 7. Select an access method for the host (if applicable) from the “Access method” field. Your choices are: ob or NDMP. Removing hosts from your administrative domain, includes that: • The backup catalog is also removed. • The key store remains, so that your backups from that host remain valid. Oracle Database 11g: Oracle Secure Backup 9 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Clients
Copyright © 2009, Oracle. All rights reserved.
Adding Media Servers From the Administrative Server page, you can click the link corresponding to the number of configured Media Servers in the administrative domain. This takes you to the Media Servers page from which you can manage your media servers. On the Media Servers page, click Add to add a new media server to your administrative domain. To configure a new media server on the Add Media Server page, perform the following steps: 1. Select the “Suppress communication with host” check box if you want to add a host to the administrative domain that is not yet connected to the network. 2. Enter the name by which you want to refer to the host in the Name field. The host name that you choose must be unique among all Oracle Secure Backup host names. 3. Optionally, enter one IP interface name in the “DNS Hostname(s) or IP Address(es)” field. If you leave this blank, Oracle Secure Backup uses the name you assigned to the host in step 2 as the resolvable IP name for the host.
Oracle Database 11g: Oracle Secure Backup 9 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Adding Media Servers
Clients > Media Serv. - Devices - Libraries Volumes Jobs
Note: For more information about how to manage media servers within Oracle Secure Backup, refer to the Oracle Secure Backup Administrator’s Guide.
Oracle Database 11g: Oracle Secure Backup 9 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Adding Media Servers (continued) 4. Select a status from the Status field. Your choices are: - In Service: Indicates that the server is logically available to perform backup and restore operations - Not In Service: Indicates that the server is logically unavailable to perform backup or restore operations 5. Select an access method for the host (if applicable) from the Access Mode field. Your choices are: - Native: The host contains a local installation of Oracle Secure Backup. - NDMP: The host is accessed through the Oracle Secure Backup RPC protocol (plus NDMP) or solely through Network Data Management Protocol (NDMP). 6. Click OK.
• • • •
Communicate via NDMP Do not require installation of Oracle Secure Backup software on the NAS appliance Support local data transfer (from file server directly to and from tape drives) with simultaneous central management May be a client or media server but not an administrative server
Copyright © 2009, Oracle. All rights reserved.
NAS Devices The Network Data Management Protocol (NDMP) defines a common architecture for backups of heterogeneous file servers on a network. NDMP allows administrators to back up data using any combination of compliant network–attached servers, backup devices, and management applications. With NDMP, network congestion is minimized because the data path and control path are separated. Backups can occur locally—from file servers directly to tape drives— whereas management occurs centrally. NDMP is commonly used by NAS devices, which are also known as filers, to perform backup and restore operations without requiring an Oracle Secure Backup installation on the appliance. The filer communicates with the backup software through NDMP. This model is very different from the classic backup model, which requires the installation of an agent or backup software component on each host to communicate and perform backup and restore operations as directed by the backup software server. For supported NAS devices, see Certify on My Oracle Support.
Oracle Database 11g: Oracle Secure Backup 9 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
NAS Devices
Clients Media Serv. > - Devices - Libraries Volumes Jobs
Copyright © 2009, Oracle. All rights reserved.
Adding NDMP Media Servers If you select NDMP in the Access Mode field on the Add Media Server page, you must also specify the following additional options for your new host: 1. Select an authentication type from the Authentication Type field. The authentication type defines the way in which Oracle Secure Backup authenticates itself to the NDMP server. Typically, you should use the negotiated default setting. Your choices are: - default: Uses the value of the Authentication type for the NDMP policy - none: Attempts to use the NDMP server from Oracle Secure Backup without providing authentication data (this is usually unsuccessful) - negotiated: Instructs Oracle Secure Backup to negotiate with the NDMP server to determine the best authentication mode to use - text: Uses plain (unencrypted) text to authenticate - md5: Uses the MD5 digest algorithm to authenticate 2. Enter a username in the Username field. The username is used to authenticate Oracle Secure Backup to this NDMP server. 3. Other NDMP settings that you can enter on this page include: password, backup type, protocol version, and port. Enter the values which are appropriate for your environment.
Oracle Database 11g: Oracle Secure Backup 9 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Adding NDMP Media Servers
Copyright © 2009, Oracle. All rights reserved.
Adding Devices You can add new devices in one of two ways: • By automatically discovering them. Oracle Secure Backup can automatically discover and configure secondary storage devices connected to certain types of NDMP servers, such as Network Appliance filers. • By adding them manually to define devices that cannot be automatically discovered . On the Devices page, click either Add Library or Add Drive to add a new device to your configuration. You can also use the mkdev obtool command to add an Oracle Secure Backup device object to your administrative domain configuration. Here are some examples: ob> mkdev --type library --attach hasun20:/dev/obl0 tc-lib ob> mkdev --type tape --library tc-lib --dte 1 --attach hasun20:/dev/obt0 tc-tape ob> lsdev
The following output appears: library tc-lib in service drive 1 tc-tape in service
Oracle Database 11g: Oracle Secure Backup 9 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Adding Devices
Oracle Database 11g: Oracle Secure Backup 9 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Adding Devices (continued) The first example shows you how to add a tape library device to your configuration. As shown in the slide, you must specify the device type, its attachment, and its Oracle Secure Backup name. The second example is doing the same thing for a tape drive that is part of your tape library. In addition to the type, attachment, and name, you must specify the corresponding tape library as well as the data transfer element (DTE) of the tape drive. Oracle Secure Backup identifies each tape drive within a tape library by its DTE number. A DTE must be specified if library is specified. The third example displays the output of the lsdev command, which shows you the current configuration for both devices. Unlike SCSI, which is a host-centric protocol, Fibre Channel libraries and tape drives are typically shared among multiple Oracle Secure Backup media servers. A Fibre Channel– attached tape drive or tape library often has multiple attachments, one for each host that can directly access it. You can specify multiple attach points when creating a device with the mkdev or chdev obtool commands, the Web tool, or Enterprise Manager. Multiple attach points enable you to attach the same device to multiple hosts on a network. Note: For more information about the mkdev and chdev commands, refer to the Oracle Secure Backup Reference.
ob> discoverdev --verbose --host edrsr12p1
Copyright © 2009, Oracle. All rights reserved.
Discovering Devices on NDMP Hosts Libraries and tape devices attached to Network Attached Storage (NAS) filers are automatically configured by the operating system on which the NAS device runs. Both SCSI device and Fibre Channel configuration occur automatically and require no input from the user. Oracle Secure Backup can detect changes in device configuration for some types of these NDMP-accessed hosts and, on the basis of this information, and automatically update the device configuration in the administrative domain. However, NAS tape libraries and tape drives must first be made accessible to the Oracle Secure Backup software. This is accomplished by performing device discovery on each of the NAS filers in the administrative domain. You can discover devices by using Enterprise Manager, the OSB Web tool, or obtool commands. Oracle Secure Backup detects multiple hosts connected to the same device by comparing the serial numbers reported by the operating system.
Oracle Database 11g: Oracle Secure Backup 9 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Discovering Devices on NDMP Hosts
Copyright © 2009, Oracle. All rights reserved.
Managing Devices From the Administrative Server page, you can click the link corresponding to the Devices number. This takes you to the Devices page from where you have the options to Add Library and Add Drive. You can also select an existing device, and click Edit or Remove to perform those actions on that device. A tape must be mounted in the drive before you can write to it. “Mounting a volume” means logically preparing a tape volume in a drive to be read or written. Note: Unlike tape devices, Oracle Secure Backup will refuse to communicate with a tape library that it does not recognize (a tape library whose product ID does not appear in the OSB_Home/devices/ob_robots file). Too many things may go wrong when trying to control an unknown tape library.
Oracle Database 11g: Oracle Secure Backup 9 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Devices
Clients Media Serv. - Devices > - Libraries Volumes Jobs
Em_devices_crop.gif
Em_08_lib_prop_2.gif
Copyright © 2009, Oracle. All rights reserved.
Tape Library Properties To view tape library properties, perform the following steps in Enterprise Manager: 1. On the Devices page, click the name of a tape library in the main text box. The Edit Library page is displayed, showing the properties of the selected tape library. The device attachment information is displayed at the bottom of the page. 2. Click Show Advanced Settings to view additional properties for the device. 3. You can make changes to the tape library configuration and then click one of the following: - Apply, to implement those changes and remain in this page - OK, to save the changes and return to the Device page - Cancel, to avoid the operation and move back one page - Attachments, to configure device attachments Using the Web tool interface: 1. On the Manage page, select a tape library or tape drive in the main text box 2. Click Show Properties
Oracle Database 11g: Oracle Secure Backup 9 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Library Properties
Copyright © 2009, Oracle. All rights reserved.
Tape Drive Properties To view tape drive properties, perform the following steps: 1. On the Manage page, select a tape drive in the main text box. 2. Click Show Properties. The Web tool displays a page with the properties for the tape drive that you selected. 3. Click Close to return to the Manage page.
Oracle Database 11g: Oracle Secure Backup 9 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Drive Properties
Clients Media Serv. - Devices - Libraries > Volumes Jobs
Copyright © 2009, Oracle. All rights reserved.
Managing Volumes You can access the Volumes page from the Administrative Server page by clicking the Details link to the right of the Volumes label in the Resources section. You can use the Volumes page to display a list of all volumes associated with an administrative server. To display the volumes, you must first specify a filter option. You do so by using the Search section. In the example in the slide, the filter option limits the volumes displayed to only those for the RMAN-DEFAULT media family. For a listing of all volumes, select the All search option, and then click Go. The Results table identifies the Volume ID and other important information related to your volumes. You can view all the backup sections in a selected volume by clicking Backup Sections. Note: For more information about how to manage volumes within Oracle Secure Backup, refer to the Oracle Secure Backup Administrator’s Guide.
Oracle Database 11g: Oracle Secure Backup 9 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Volumes
Copyright © 2009, Oracle. All rights reserved.
Managing Volumes (continued) Use the Backup Sections page to display the sections of a backup. A backup section is that portion of a backup image that fits on one physical volume. The Sections table displays the client host, attributes, and time stamp for each section.
Oracle Database 11g: Oracle Secure Backup 9 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Volumes
Backup job transcripts are kept for seven days by default. How can you increase this? 1. You cannot, it is fixed at seven days. 2. You can increase it in the backup schedule. 3. You can define this in the Logs section of Defaults and Policies. 4. You can specify this in the backup dataset. 5. You can configure this in the media family.
Copyright © 2009, Oracle. All rights reserved.
Answers: 3
Oracle Database 11g: Oracle Secure Backup 9 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
If you remove a host from the OSB domain, the backup catalog is also removed. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 9 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
If you remove a host from the OSB domain, the key store is also removed, which means that your backups from that host become invalid. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 9 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Communication with NAS devices uses the SSH protocol: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 9 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Filers using NDMP do not require an OSB Installation on the filer: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 9 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
New devices may be discovered in which ways: 1. By automatic discovery for all devices 2. By automatic discovery on NDMP devices 3. Manually
Copyright © 2009, Oracle. All rights reserved.
Answers: 2, 3
Oracle Database 11g: Oracle Secure Backup 9 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Only hosts with a media server role are available for allocation of tape/library device attachments: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 9 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
You can add a client to the OSB domain by: 1. Adding it to the backup dataset 2. Using the Web tool Configure tabbed page 3. Using Enterprise Manager 4. Executing the mkhost obtool command
Copyright © 2009, Oracle. All rights reserved.
Answers: 2, 4
Oracle Database 11g: Oracle Secure Backup 9 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
NDMP media servers cannot share tape devices with regular media servers: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 9 - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Discovered NDMP devices are automatically available by default: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 9 - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
After you create a tape library device, the list of volumes in that library are available to Oracle Secure Backup: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 9 - 26
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Manage clients • Manage media servers (tape devices and libraries) • Manage volumes
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 9 - 27
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Viewing how to add an OSB client to an existing domain – Installing OSB software on a new client – Configuring client role in the administrative domain
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 9 - 28
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 9 Overview: Viewing OSB Management Tasks
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Configuring and Using Tape Vaulting
After completing this lesson, you should be able to: • Describe the use of tape vaulting • Configure tape vaulting • Use a tape vaulting environment • View tape rotation reports • Troubleshoot vaulting
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 10 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Overview of Vaulting
Tape library
catalog
Media recycle bin
“Iron Mountain” off-site storage
Vault_Offsite Library = 1 hour after full Offsite = 2 years after arrival Media_Recycle_Bin = duration disabled
Copyright © 2009, Oracle. All rights reserved.
Overview of Vaulting An example of media requirements, which illustrates the life cycle of backup tapes, includes: 1. Tapes in a tape library are written to either for a given time period, for example, one week, or until they are full. 2. If a tape has a retention requirement, for example, two years, then you might have a policy to store these tapes offsite. 3. Operators, robots, or both perform the physical transport of tape volumes. 4. After the retention time expires, the tapes move to their next location. 5. The volumes might be held in a media recycle bin (temporary storage) until they are needed for reuse.
Oracle Database 11g: Oracle Secure Backup 10 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
An example of the the life cycle of backup tapes:
Configuring in Oracle Secure Backup: • Locations (offsite) • Rotation policies (via offsite_2Y media family) • Location scan schedule Operator tasks: • Executing media movement jobs • Extracting volumes • Packing and shipping volumes Offsite_2Y Write Window = 1 week Retain Time = 2 years
Media Family
Vault_Offsite Library = 1 hour after full Offsite = 2 years after arrival Media_Recycle_Bin = duration disabled
Rotation Policy Copyright © 2009, Oracle. All rights reserved.
Overview of Vaulting (continued) Oracle Secure Backup uses a volume rotation policy to track a backup volume as it moves from its originating location to a storage location and is eventually recycled. This process is known as vaulting. To use tape vaulting, you must configure the following: • Locations: Storage locations • Rotation policies, that volumes inherit from their media family (After rotation policies are associated to their media family, you must perform at least one backup to have test data available.) • Location scan schedule, which initiates location scans (Location scans create pending media movement jobs for eligible candidate tape volumes.) Operators perform the following tasks: • Execute media movement jobs. • Extract volumes from their present location with the help of pick reports. • Pack and ship volumes with their distribution reports to their new location.
Oracle Database 11g: Oracle Secure Backup 10 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Overview of Vaulting
• • •
Defining media storage locations Defining rotation policies and rules Associating a rotation policy with a media family
Copyright © 2009, Oracle. All rights reserved.
Configuring a New Vaulting Environment The list in the slide shows the prerequisite tasks before you can use the Oracle Secure Backup tape vaulting functionality.
Oracle Database 11g: Oracle Secure Backup 10 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring a New Vaulting Environment
1
2
3
Copyright © 2009, Oracle. All rights reserved.
Defining Media Storage Locations You can use either the obtool commands or the OSB Web tool interface to manage your information about media storage locations. 1. In the OSB Web tool, navigate to Configure > Locations. On the Configure: Locations page, you see OSB-generated locations: - The Media_Recycle_Bin default location can be used as a temporary "holding" location, when tapes are ready for reuse. - When you configured devices, vlib and vlib2 were automatically created as "active locations". 2. To add a new location: - On the Configure: Locations > New Locations page, enter a name: offsite and optionally, 3 minutes as Recall time, then click Apply. - The Recall time is the time needed to return tapes for the restore operation. Recall time is an optional parameter, but its use is recommended, especially when you plan to use duplication policies. OSB considers this information and initiates restore operations (from original or duplicate tapes) with the shortest recall time. 3. You should receive a success message and then click OK.
Oracle Database 11g: Oracle Secure Backup 10 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Media Storage Locations
Rotation policy quick_test_rotation
Location vlib2 offsite Media_Recycle_Bin
made up of in
subject to for
Rotation rule vlib2: windowclosed: 5 minutes offsite: arrival: 2 minutes Media_Recycle_Bin: arrival: 1 minutes
Copyright © 2009, Oracle. All rights reserved.
Defining Rotation Policies and Rules A rotation policy determines the location and duration of tape movement and location. The following rules apply: • Each rotation policy must be made up of one or more rotation rules. • Each rotation rule must be in one and only one rotation policy and each rotation rule must be for one and only one location. • Each location may be subject to one or more rotation rules.
Oracle Database 11g: Oracle Secure Backup 10 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Rotation Policies and Rules
2 3 4
1 5
Copyright © 2009, Oracle. All rights reserved.
Defining Rotation Policies and Rules (continued) 1. To create a rotation policy in the OSB Web tool, navigate to Configure > Rotation Policies > Add, then enter a policy name and click Apply. To define rotation rules, use the middle section of the page. Possible events: firstwrite, lastwrite, windowclosed, nonwritable, arrival and expiration. 2. Your first rotation rule (which must use a volume in an active location) appears in the display section above your definition area. In this example, the tapes (per media family) are eligible for movement five minutes after the Write window has closed. This implies that the media family must have a Write window parameter specified. 3. Test volume takes two minutes to arrive at the offsite location. Later, when a media movement job is executed, OSB assumes the volumes are at the next scheduled location and does not take the shipping time into account. 4. The Media_Recycle_Bin is a holding location. When you return a tape device to the Media_Recycle_Bin or another user-configured location, then OSB considers the tape to be at the end of its rotation policy. OSB does not associate the tape with another rotation policy until the tape is reused. Then OSB will use the new media family and rotation policy (if any). 5. To add these rules to the rotation policy, click OK.
Oracle Database 11g: Oracle Secure Backup 10 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Rotation Policies and Rules
Location
Rotation policy
vlib2 offsite Media_Recycle_Bin
quick_test_rotation
made up of
for
in
governed by
Media family offsite_test
subject to for
Rotation rule vlib2: windowclosed: 5 minutes offsite: arrival: 2 minutes Media_Recycle_Bin: arrival: 1 minutes
Copyright © 2009, Oracle. All rights reserved.
Associating a Media Family with a Rotation Policy Media families establish tape retention as well as the foundation for rotation and duplication policies. You must create a media family for each set of tapes that has different retention requirements. The following rules apply: • Each media family may be governed by one and only one rotation policy. • Each rotation policy may be for one or more media families.
Oracle Database 11g: Oracle Secure Backup 10 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Associating a Media Family with a Rotation Policy
OSB
Recycling time-managed volumes Write window Retention duration Updates allowed
Volume set creation
Updates forbidden
Volume set closed
Copyright © 2009, Oracle. All rights reserved.
Associating a Media Family with a Rotation Policy (continued) To configure a media family in the OSB Web tool, navigate to Configure > Media Families. Select the media family and click Edit. Select your rotation policy, specify your volume expiration and write window. • The Volume expiration for OSB is Time Managed. Retain the volume set for 10 minutes. • The Write window is the period of time for which a volume set is open for updates. Ensure that your backups fit in this Write window. Note: Of course, content-managed media families can also have rotation policies just like timemanaged ones.
Oracle Database 11g: Oracle Secure Backup 10 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Associating a Media Family with a Rotation Policy
1. 2. 3. 4. 5.
Performing a backup Scheduling a location scan Viewing scan control jobs Executing a media movement job Viewing vaulting reports Scanning the OSB catalog Eligible candidates?
Yes, for vaulting:
Creating pending volume movement job(s) Executed by operators
No:
No action Copyright © 2009, Oracle. All rights reserved.
Using the Vaulting Environment In addition to the vaulting configuration, you need a suitable backup tape to test your vaulting environment. To execute a rotation policy, you must schedule a location scan which identifies when the catalog should be scanned for eligible candidate tapes. You can schedule location scans for one, several, or all locations. The location scan is automatically executed according to your specified schedule. The location scan creates a media movement job for each location. You, as OSB operator, must explicitly execute the media movement job which: • Generates a pick and distribution report • Moves tapes to import or export slots of the library
Oracle Database 11g: Oracle Secure Backup 10 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Using the Vaulting Environment
Scheduling a Location Scan
2 Copyright © 2009, Oracle. All rights reserved.
Scheduling a Location Scan To schedule a location scan in the OSB Web tool, navigate to Manage > Schedule Location Scan > Add. 1. Enter a schedule name and select the locations; first click Apply, and then click Triggers. 2. To define a time-based trigger, specify the start time and the scanning frequency by day, week, or month. You can also specify exceptions, such as when not to run a location scan. You can add multiple triggers to each location scan, for example, if you wish to schedule one scan in the morning and another in the afternoon. Click Add for each trigger.
Oracle Database 11g: Oracle Secure Backup 10 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
1
Copyright © 2009, Oracle. All rights reserved.
Viewing Scan Control Jobs To view scan control jobs in the OSB Web tool, navigate to Manage > Jobs; then: 1. Select the Viewing options to display the jobs that interest you. 2. For each job, you can click Show Properties and/or Show Transcript, to review details of the job execution. 3. In the Job Transcript Viewer, select the level of detail that you wish to review. The screenshot above uses “Verbose”. You can see your pending media movement job highlighted.
Oracle Database 11g: Oracle Secure Backup 10 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Viewing Scan Control Jobs
Executing a Media Movement Job 1
3 4
5
Copyright © 2009, Oracle. All rights reserved.
Executing a Media Movement Job To execute a media movement job in the OSB Web tool, navigate to Manage > Jobs. 1. Select the media movement Types and the following check boxes: Active, Complete and Pending. Then click Apply. 2. Select your media movement job and click Run. 3. Select Now and Media Movement as Run Option and then click Apply. 4. When the job is completed, review the Properties. 5. You should see that the operation completed without errors. Note: When a media movement job is executed, OSB assumes that the tape is at its next location without taking transport time into account. OSB does not validate the arrival of the physical tape at its next location. So, OSB administrators or system operators should confirm the actual arrival with the help of the distribution list.
Oracle Database 11g: Oracle Secure Backup 10 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
2
An example of the the life cycle of backup tapes with sample reports: Distribution report
Pick report Schedule reports
Location report
Tape library Exception reports catalog
Media recycle bin
“Iron Mountain” off-site storage Distribution report
Copyright © 2009, Oracle. All rights reserved.
Viewing Vaulting Reports To view vaulting reports in the OSB Web tool, navigate to Manage > Location Reports and select your report from the Type drop-down list. • The pick report lists all volumes to be picked (selected) for distribution to another location. Pick and distribution reports are automatically generated when you run a media movement job. • OSB creates a distribution report when it creates a media movement job. It lists all volumes that are being sent to a particular location as the result of a media movement job. (You can think of it as a packing list to be included in the shipment of volumes to a location.) • The location report lists the tapes at their locations and when they are scheduled to move to the next location. The next location and the eligibility move date come from the rotation policy for that volume. • A schedule report contains the same information as a location report, but it is limited to volumes whose move-eligibility dates fall within a range that you specify. • An exception report shows the current and expected locations for all volumes whose current and expected locations are different, compared to their rotation policy. For example, if a volume is recalled from a storage location back into a tape library, then that volume appears in the exception report for that tape library. Oracle Database 11g: Oracle Secure Backup 10 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Viewing Vaulting Reports
Misplaced volumes: • Volumes inventory or physical search • To find discrepancies early: Two distribution reports – Report with tape – Directly transmitted report, alerting operator
Stranded volumes: • Omitting locations when changing active rotation policies • Exception report: Volumes outside their rotation policies • Moving stranded volumes with the OSB Web tool
Copyright © 2009, Oracle. All rights reserved.
Troubleshooting Vaulting If a volume is manually removed from an active or storage location and misplaced, then Oracle Secure Backup does not flag it as misplaced. The OSB catalog still shows it at its former location. Its misplaced status is not discovered until the volume becomes eligible for inclusion in a media movement job. Finding it might require a complete volume inventory or a physical search. A volume that is misplaced on route to a storage location is the worst case. Tip: Generate two distribution reports for each media movement job: one to accompany the volume to the storage location, and transmit the other by itself to the storage location operator. If the operator receives a distribution report without a matching volume, then the operator immediately knows that a volume has been misplaced on route. Volumes inherit their rotation policies from their media families. If you change the rotation policy associated with a media family and you omit one or more locations, then all volumes in the newly omitted locations at the time of the policy change are stranded. OSB does not create media movement jobs for these volumes, because it does not look for them in the omitted locations. These stranded volumes appear in the volume exception report. Use OSB Web tool > Manage > Volumes to move the stranded volumes to a location within the new rotation policy.
Oracle Database 11g: Oracle Secure Backup 10 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Troubleshooting Vaulting
RMAN and OSB integration: • RMAN restore operation fails if required volumes are in storage, rather than in an active location. • RESTORE DATABASE PREVIEW shows status of all required volumes. • RESTORE DATABASE PREVIEW RECALL creates OSB media movement job to recall required volumes. • RMAN restore operation succeeds with all required volumes on site.
Copyright © 2009, Oracle. All rights reserved.
Recovery Manager and Vaulting RMAN and OSB are closely integrated: • In Oracle Database 10g (10.2 and later), an RMAN restore operation fails immediately if any needed volume are located at a storage location, rather than an active location. • You can use the RESTORE DATABASE PREVIEW command to get the status of all volumes required for a restore operation, including volumes that are AVAILABLE, but located remotely. • You can use the RESTORE DATABASE PREVIEW RECALL command to start a recall for all volumes needed for a restore operation that are currently at a storage location. This RMAN command translates into an Oracle Secure Backup media movement job. • When the volumes have been recalled from storage, the RESTORE DATABASE PREVIEW output for the same restore operation indicates that these volumes are now available on site. A restore operation can be completed successfully at this point.
Oracle Database 11g: Oracle Secure Backup 10 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Recovery Manager and Vaulting
For Database Restore
For File-system Restore
RESTORE DATABASE PREVIEW RECALL creates media movement job, “manual” recall
Automated recall, while job remains “pending”
Explicitly enable media movement job. Manual start of restore operation
Automated start of restore operation
Volume “frozen” after restore operation Manual release
Policy-based release Return volume to proper place in rotation.
Copyright © 2009, Oracle. All rights reserved.
Recalling a Tape Volume When a tape is recalled, Oracle Secure Backup is optimized for each specific activity. This means, OSB functionality varies slightly for database and file-system restore operations. 1. When a restore operation needs a volume that is not in an active location, then OSB automatically generates a volume recall request for file-system restore operation. The job remains in a “pending” state until the volume arrives. This is not implemented for a database related recall, because a “pending” job would use server processes while waiting. 2. You must explicitly enable this media movement job before the volume can be recalled. Usually, recall requests are processed with the next regular media movement, but they can also be executed immediately. 3. For the database, you start the restore operation; for the file-system data, the pending job continues and automatically starts restore operation. 4. When the restore operation is complete, the volume is frozen at its current point in the rotation cycle until it is released. For the file-system restore operation: the autovolumerelease policy determines if the volume is automatically released or not. 5. You release the volume from its current location and return it to the proper place in its rotation (as specified by the rotation policy that applies to that volume).
Oracle Database 11g: Oracle Secure Backup 10 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Recalling a Tape Volume
A tape is assigned a rotation policy according to the: 1. Media family configuration 2. Backup schedule 3. Defaults and Policies 4. Dataset
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 10 - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
A scheduled location scan is configured for 10 AM on Tuesday so the media movement job will run automatically at that time: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 10 - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
You change a rotation policy in a fully functional environment, because your organization does not want to renew a contract with some of your storage providers. The tapes from the omitted locations are automatically transferred to a default location: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 10 - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Describe the use of tape vaulting • Configure tape vaulting • Use a tape vaulting environment • View tape rotation reports • Troubleshoot vaulting
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 10 - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the following topics: • Configuring a new vaulting environment • Performing a backup • Scheduling a location scan • Executing a media movement job • Viewing tape rotation reports
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 10 - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10 Overview: Configuring and Using Tape Vaulting
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Configuring Tape Duplication
After completing this lesson, you should be able to: • Describe the use of tape duplication • Differentiate duplication from vaulting and migration • Configure tape duplication
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 11 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Managing tapes from the first write to reuse based on userdefined media families, duplication and rotation policies Media family:
Duplication policy:
Acting on tape pool to establish retention and reuse
Automates the duplication of tapes, which can use either the same or different retention times and rotation schedules
Rotation policy or vaulting: Tape reuse: Automatic reuse of expired tapes within the administrative domain
Automates the tape rotation between two or more sites
Copyright © 2009, Oracle. All rights reserved.
Media Management Oracle Secure Backup 10.2 provides the following key enhancements for media management: • Automated rotation of tapes between locations, referred to as vaulting • Automated duplication of tapes according to duplication policy • On-demand tape duplication
Oracle Database 11g: Oracle Secure Backup 11 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Media Management
ONSITE_1M
OFFSITE_2Y
media family
media family
Tape Library
catalog
“Cabinet” tape library on-site storage
“Iron Mountain” off-site storage Media recycle bin
Tapes duplicated to another media family may have a different retention and rotation schedule than the original tapes. Copyright © 2009, Oracle. All rights reserved.
Overview of Tape Duplication A real-life example: You may want to maintain one set of backup tapes onsite for one month and send a copy of the tapes offsite for disaster recovery and long-term storage requirements (for example, for two years).
Oracle Database 11g: Oracle Secure Backup 11 - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Overview of Tape Duplication
ONSITE_1M
COPY_OFFSITE
Write Window = 1 week Retain Time = 4 weeks
Trigger = 1 hour after window closed # of Duplicates = 1 Duplicate to Media Family= OFFSITE_2Y
Media Family
Duplication Policy
VAULT_ONSITE Library = 1 week after Full Cabinet = 1 month after arrival Library = duration disabled Rotation Policy
VAULT_OFFSITE
OFFSITE_2Y
Library = 1 hour after full Iron_Mountain = 2 years after arrival Media_Recycle_Bin = duration disabled
Write Window = None Retain Time = 2 years Media Family
Rotation Policy
Copyright © 2009, Oracle. All rights reserved.
Tape Duplication and Vaulting In this scenario, your backup is associated with the onsite_1m media family (with a onemonth retention and a rotation policy to an on-site storage location). The onsite_1m media family has a duplication policy that copies the tapes to the offsite_2y media family (which has a two-year retention, no duplication policy, and a rotation policy to the desired storage location for two years). Note: Oracle Secure Backup performs duplication before rotation.
Oracle Database 11g: Oracle Secure Backup 11 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tape Duplication and Vaulting
Tape Duplication and Migration
• • •
Virtual tapes migrate to physical tape per user-defined policy. Duplication policy enables “migration” to the same or a different media family. Physical tape, which was at first the duplicate, becomes the “original” backup, and VTL space is reused.
Copy tape Reclaim storage in VTL Virtual Tape Library (VTL)
First duplicate, then only backup
Copyright © 2009, Oracle. All rights reserved.
Tape Duplication and Migration Virtual tape libraries (VTLs) are disk backup appliances that emulate tape devices. VTLs can be seamlessly deployed into an environment because the tape backup software recognizes the VTL as the tape device that it is emulating. VTLs are becoming more widely adopted to achieve the performance benefits of disks without requiring any change to the backup infrastructure. If you need to maintain backups in your VTL for a short period of time (a week or a month), then you migrate data to physical tape, as defined in your rotation and duplication policy. Once the virtual tape has been copied to physical tape, the disk space is reclaimed in the VTL. At this point the duplicate copy becomes the original. Note: This functionality is not available for the Oracle classroom setup.
Oracle Database 11g: Oracle Secure Backup 11 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Virtual Tape Libraries (VTLs)
Configuring a duplication environment involves: • Defining media storage locations • Viewing or defining a volume duplication window • Defining a volume duplication policy (within the duplication window) • Associating a duplication policy with a media family Using the duplication environment consists of: 1. Scheduling a volume duplication 2. Performing a backup 3. Executing jobs
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 11 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring and Using Volume Duplication
•
Defining media storage locations
•
Viewing or defining volume duplication window
Copyright © 2009, Oracle. All rights reserved.
Configuring a Duplication Environment • In the OSB Web tool, navigate to Configure > Locations. • In the OSB Web tool, navigate to Configure > Volume Duplication Windows. View the time range of the daily default window, which is from 10:00 to 20:00 (10 AM to 8 PM).
Oracle Database 11g: Oracle Secure Backup 11 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Configuring a Duplication Environment
Copyright © 2009, Oracle. All rights reserved.
Defining Volume Duplication Policies In the OSB Web tool, navigate to Configure > Volume Duplication Policies. Click Add to define a new policy. Duplicate tapes can be made in the same or a different media family than the original tapes. If the same media family is used, then the duplicated tapes have the same retention and rotation schedule (if any) as the original ones. If a different media family is used, then the duplicate tapes have the retention and rotation schedule (if any) of the new media family.
Oracle Database 11g: Oracle Secure Backup 11 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Defining Volume Duplication Policies
Copyright © 2009, Oracle. All rights reserved.
Associating a Duplication Policy with a Media Family 1. Navigate to OSB Web tool > Configure > Media Families. 2. Then select your media family. 3. Click Edit. 4. Associate the Volume duplication policy by selecting your rotation policy from the dropdown list.
Oracle Database 11g: Oracle Secure Backup 11 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Associating a Duplication Policy with a Media Family
1
2
3
Copyright © 2009, Oracle. All rights reserved.
Scheduling Volume Duplication 1. Navigate to OSB Web tool > Manage > Schedule Volume Duplication > Add. Enter a name for the duplication schedule and select the appropriate locations, first click Apply, then click Triggers. 2. Select frequency and time of day (within your volume duplication window) and click Add. 3. Your duplication will be automatically executed at your specified day and time.
Oracle Database 11g: Oracle Secure Backup 11 - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Scheduling Volume Duplication
Scan control job: Scanning the OSB catalog Eligible candidates?
Yes, for duplication: Creating
and executing volume duplication job(s)
Yes, for vaulting:
Creating "pending" volume movement job(s) Executed by operators
No:
No action
Copyright © 2009, Oracle. All rights reserved.
Executing Jobs Tape vaulting and tape duplication are optional configuration settings. They are independent of each other. However, if both policies are defined for a tape, then OSB will duplicate this tape before executing the rotation policy. This ensures that the duplication requirement is completed, before the tape is shipped offsite. So, your duplication job will run automatically within your scheduled time window, before any data movement jobs, if both are defined for the same media family.
Oracle Database 11g: Oracle Secure Backup 11 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Executing Jobs
A tape is assigned a duplication policy according to the: 1. Media family configuration 2. Backup schedule 3. Defaults and Policies 4. Dataset
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 11 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
After scheduling tape duplication, you must run the media duplication job manually: 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 2
Oracle Database 11g: Oracle Secure Backup 11 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Describe the use of tape volume duplication • Differentiate duplication from vaulting and migration • Configure tape duplication
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 11 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
This practice covers the topic of tape configuration. View the osb_media_lifecycle viewlet, that shows both tape vaulting and duplication. OSB_CATALOG-MF Write Window = 7 days Retain Time = 14 days
Demo_Rotation vlib : windowclosed : 1 hour Demo : arrival : 6 months Media_Recycle_Bin : arrival: disabled
Full_Offsite Write Window = None Retain Time = 6 months
Rotation Policy
Full_Dup_Offsite
Full_Demo Write Window = 2 hours Retain Time = 1 months
Trigger = 1 hour after window closed Duplicates = 1 Duplicate to media family= Full_Offsite
Media Families
Duplication Policy
Copyright © 2009, Oracle. All rights reserved.
Practice 11 Overview: Viewing Media Life Cycle Demonstration The viewlet shows the following tape configuration tasks: 1. Create a new Demo location. 2. Create a new Demo_Rotation rotation policy with three rules. 3. Assign the Demo_Rotation policy to the OSB_CATALOG-MF media family. 4. Create a Full_Demo media family. 5. Create a Full_Offsite media family and assign the Demo_Rotation policy. 6. Create a Full_Dup_Offsite duplication policy, that copies tapes from the Full_Demo media family to the Full_offsite media family. 7. Associate the Full_Dup_Offsite duplication policy with the Full_Demo media family. 8. Create the Demo_Loc_Scan schedule for vaulting jobs. 9. View the default volume duplication window. 10. Create the Demo_dup_scan schedule within the duplication time window for the duplication job. 11. Navigate to Location reports, which enable you to track tapes at the various locations.
Oracle Database 11g: Oracle Secure Backup 11 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 11 Overview: Viewing Media Life Cycle Demonstration
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Tuning Oracle Secure Backup
After completing this lesson, you should be able to: • Identify tunable hardware and software components • Choose the optimal disk storage subsystem • List potentially CPU-intensive server operations • Choose the optimal tape subsystem and connections • Analyze RMAN read operations • Analyze media manager write operations • Describe RMAN and OSB tuning dependencies
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 12 - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
The most important hardware components involved in backup and recovery are: Tape storage subsystem
Connection between tapes and server SAN, direct attach Database server
Connection between disks and server fiber attach Disk storage subsystem
Copyright © 2009, Oracle. All rights reserved.
Tuning Hardware To understand how to tune backup and recovery performance, it is important to understand the performance characteristic of each component, so that you can maximize its performance. The most important hardware components involved in backup and recovery are: • Disk storage subsystem • Servers • Tape subsystem • Connection between the disks and server, and the server and tape subsystem Generally, fiber-attached disks are used for production and SAN-attached are used for secondary backup storage. SAN disk storage is transparent for Oracle Secure Backup. OSB regards SAN as a collection of disks. In contrast, NAS uses NDMP, and OSB must identify the NAS device.
Oracle Database 11g: Oracle Secure Backup 12 - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tuning Hardware
Tuning RMAN and Oracle Secure Backup Disk storage subsystem are best configured: – With ASM without using hardware-based RAID – Using only outer sectors of the physical disk
•
Potentially CPU-intensive server operations include: – – – – – –
Copying data from I/O buses to memory buffers Validating data blocks Copying memory buffers from RMAN to OSB Copying data from memory buffers to I/O buses Encryption Compression
Copyright © 2009, Oracle. All rights reserved.
Tuning RMAN and Oracle Secure Backup It is important to know which components can create a bottleneck and why. Backup and recovery performance depends on both software and hardware components. The most efficient and scalable way to configure a disk storage subsystem is to use ASM without using hardware-based RAID. Because Oracle ASM spreads database files across all available disks, ASM can achieve low contention and high I/O throughput even on commodity disk arrays such as simple JBODs (Just a Bunch of Disks). You can achieve further improvement in disk throughput by using only outer sectors of the physical disk. Although the processing power of the server (for example, CPU, internal bus, and so on) is rarely a backup bottleneck, it can affect backup performance. The following potentially CPUintensive operations occur inside the server: • Copying data from I/O buses to memory buffers • Validating data blocks • Copying memory buffers from Oracle Recovery Manager to Oracle Secure Backup • Copying data from memory buffers to I/O buses Oracle encryption and compression backups are other CPU-intensive operations whose speed may be limited by the processing power of the CPU. For example, testing showed that a single Intel Xeon 3.2 GHz processor could encrypt Oracle data blocks during the backup at a speed of about 40 MB.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Tuning RMAN and Oracle Secure Backup Tape subsystem performance is improved by: – Adaptive tape speed – Larger tape blocks
•
Best connection between the disks and server, and the server and tape subsystem: Fibre Channel SAN
Copyright © 2009, Oracle. All rights reserved.
Tuning RMAN and Oracle Secure Backup (continued) Additional performance factors are: • The tape subsystem can be an important factor in backup and recovery performance. One popular option for tape drives is LTO technology. The native transfer rate for LTO3 drives is 80 MB/s and up to 150 MB/s compressed.Tape streaming is not an issue, because most modern tape technologies have adaptive tape speed. • The physical tape block size is the amount of data written by the media management software to a tape in one write operation. The common rule is that a larger tape block size leads to a faster backup, because the larger block size uses the bandwidth between server and tape drive more efficiently. • Fibre Channel SANs provides the most performance. It is a widely accepted connectivity method between servers, tapes, and disk. In SAN environments, the connectivity between HBA, Fibre Channel switches, tape controllers, and disk controllers is an important consideration, and the overall SAN performance is dependent upon each of these components. The most important recommendation is to zone the disk subsystem to a different HBA from the tape subsystem.
Oracle Database 11g: Oracle Secure Backup 12 - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Oracle database initialization parameters for tuning RMAN: • _BACKUP_KSFQ_BUFCNT (16): Maximum number of outstanding I/O requests = Number of disks, if 32 or more • _BACKUP_KSFQ_BUFSZ (1 MB): Size of individual I/O requests = Size of ASM stripe
Copyright © 2009, Oracle. All rights reserved.
Tuning RMAN Software By default, RMAN uses asynchronous an I/O operation to read data. The DISK_ASYNCH_IO Oracle database initialization parameter controls asynchronous I/O. When I/O is asynchronous, a server session can begin an I/O and then perform other work while waiting for the I/O operation to complete. The server session can also begin multiple I/O operations before waiting for the first to complete. • The maximum number of outstanding I/O requests during backup is controlled by the _BACKUP_KSFQ_BUFCNT parameter, whereas the size of I/O requests is controlled by the _BACKUP_KSFQ_BUFSZ parameter. • Even though these parameters are so-called underscore parameters, to achieve the best performance you might need to set the _BACKUP_KSFQ_BUFCNT parameter to the number of disks in the ASM disk group and the _BACKUP_KSFQ_BUFSZ parameter to the size of the ASM stripe. The default is 16 for _BACKUP_KSFQ_BUFCNT and 1 MB for _BACKUP_KSFQ_BUFSZ. These defaults are acceptable for ASM disk groups with fewer than 32 disks and when the ASM stripe size is 1 MB. The diagram depicts RMAN buffers and data flow during a backup between input and output I/O buffers.
Oracle Database 11g: Oracle Secure Backup 12 - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tuning RMAN Software
RMAN needs to be tuned, so it can use all disk spindles in the ASM disk group. An example: • _KSFQ_BACKUP_BUFCNT database parameter: 64 • MAXOPENFILES RMAN channel parameter: 1
Copyright © 2009, Oracle. All rights reserved.
Tuning RMAN Software (continued) As noted previously, Oracle RMAN is responsible for the reading of data. Thus, RMAN must be tuned so that it can use all disk spindles in the ASM disk group. The graph on this page shows an example of benchmark testing: The maximum throughput is achieved with the _KSFQ_BACKUP_BUFCNT parameter set to 64; so the maximum number of outstanding I/O reads is 64. Because the disks are striped with the default ASM stripe size of 1 MB, there is no need to modify the size of I/O reads, which are controlled by the _KSFQ_BACKUP_BUFSZ parameter. Because ASM stripes each data file across all available disks, RMAN multiplexing should not be used. Consequently, the Oracle RMAN channel parameter MAXOPENFILES is set to 1.
Oracle Database 11g: Oracle Secure Backup 12 - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Tuning RMAN Software
Performance optimizations based on RMAN and OSB integration include: • No reading and writing of unused blocks (automatic) • Backup of only uncommitted undo (automatic) • Shared buffer between SBT and OSB tape (automatic) • User-defined TCP/IP buffer size for sending larger packets over the network • Linux direct I/O: Writing from OSB tape buffer (user space) via DMA to tape
Copyright © 2009, Oracle. All rights reserved.
Performance Factors Performance optimizations with Oracle Secure Backup 10.2 and Oracle Database 11g are: • An RMAN/OSB backup (OSB 10.1 and higher) reads and writes only used data file blocks. This feature is only available when RMAN uses Oracle Secure Backup as its media manager. • Oracle Secure Backup 10.2 eliminates backup of committed undo (increasing backup performance and reducing tape consumption). Only uncommitted undo is backed up. • Oracle Secure Backup 10.2 optimizes SBT buffer allocation by using a shared buffer between SBT and tape. In past versions, RMAN writes data to the SBT buffer, then the media manager copies data from the SBT buffer to the tape buffer. Using a shared buffer (OSB and RMAN only) reduces CPU overhead by up to 30% in internal tests. Note: These Oracle Secure Backup 10.2 and Recovery Manager 11g performance optimizations are not available with third-party media management utilities. In addition to Oracle database backup performance enhancements, Oracle Secure Backup 10.2 has strengthened the data transfer architecture, achieving faster performance than that of OSB 10.1 for file system and networked backups. You can now explicitly define TCP/IP buffer size to send larger packet sizes over the network (as desired), and further increase your remote backup performance.
Oracle Database 11g: Oracle Secure Backup 12 - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Performance Factors
# echo 1 > /proc/scsi/sg/allow_dio # touch /usr/local/oracle/device/enable_dio
To use direct I/O with Oracle Secure Backup, you need RedHat AS 4.0 or above and the patch that includes Oracle Secure Backup direct I/O enhancement 5479541. From the benchmark testing example: The team experimented backing up data with and without direct I/O: Without direct I/O the maximum speed of four drives on one node was about 220 MBs with nearly 100% CPU utilization. That speed was 40% slower than a backup with direct I/O. Enabling direct I/O significantly helps performance.
Oracle Database 11g: Oracle Secure Backup 12 - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Performance Factors (continued) Note: Oracle Secure Backup supports Linux direct I/O, which eliminates additional memory copies when backing up to tape. To decrease CPU usage and increase speed, OSB can take advantage of direct I/O for writing to tapes. With direct I/O, the Linux kernel can manipulate memory allocated within the user space (that is, the OSB tape buffer), so that the adapter driver can transfer data via the Direct Memory Access (DMA) technique directly to or from that user space memory. Without direct I/O, the memory first must be copied to the kernel space and then transferred by means of the DMA to the adapter. Thus, using direct I/O to write to tape can significantly reduce CPU usage. You can enable direct I/O by issuing the following commands as a super user on the OSB media server:
• • •
Backup parallelism: One RMAN channel per tape device RMAN ALLOCATE CHANNEL and CONFIGURE CHANNEL parameter BLKSIZE: Size of buffer shared with OSB OSB BLOCKINGFACTOR media policy: Controlling tape block size.
Copyright © 2009, Oracle. All rights reserved.
Performance Factors (continued) Other performance factors include: • The number of concurrent RMAN channels controls backup parallelism. An RMAN channel represents one stream of data to an output device. An RMAN channel is an operating system process or thread (on Windows) that reads the data from disk and sends it to the output device. The backup is performed in parallel on all allocated channels. Because the channels act independently, the number of active channels defines the level of parallelism. The number of channels should not exceed the number of tape devices: One RMAN channel per tape device should provide the best performance. • The size of the output buffers used to transfer data from RMAN to Oracle Secure Backup is controlled by the RMAN ALLOCATE CHANNEL and CONFIGURE CHANNEL parameter BLKSIZE. So you can tune the size of Oracle database output buffers and tape block size. • Oracle Secure Backup provides the media management layer for RMAN. In other words, Oracle Secure Backup is responsible for copying data from Oracle database buffers and writing these buffers to tape. The most important parameter for tuning Oracle Secure Backup is the BLOCKINGFACTOR media policy that controls tape block size.
Oracle Database 11g: Oracle Secure Backup 12 - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Performance Factors
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
•
Decreasing the value of the RMAN BLKSIZE parameter causes less CPU usage and, in the case of greater parallelism, a faster backup. You can achieve faster tape backups by increasing the BLOCKINGFACTOR media policy (if parallelism > 1).
Copyright © 2009, Oracle. All rights reserved.
Tuning Oracle Secure Backup From the benchmark testing example: • The graph shows the speed of an RMAN backup to tape with one and four RMAN channels with different values of BLKSIZE. It is important to emphasize that BLKSIZE does not influence speed when parallelism is 1. Further testing on other operation systems such as Solaris showed that BLKSIZE has minimal impact on performance, so the testers believe that this behavior is specific to Linux. • To better use the bandwidth between server host and tape, the testers increase the tape block size and document the performance gains of larger block size. You can change the tape block size by setting the BLOCKINGFACTOR media policy. The value of this parameter represents the number of 512-byte blocks with the default setting of 128. The test shows that the best speed is achieved with the BLOCKINGFACTOR set to 4096, which corresponds to a block size of 2 MB. To achieve direct I/O with larger buffers (2 MB), you need the Linux RedHat patch, that fixes bug 5479559. Without that patch the maximum tape block size is 512 KB. • Changing tape block size does not have any measurable affect on backup performance when parallelism is 1. This is because with parallelism 1, the CPU is able to initiate DMA requests (to transfer from server memory to tape controller) fast enough to keep the tape drive spinning. Oracle Database 11g: Oracle Secure Backup 12 - 11
Oracle University and (Oracle Corporation) use only.
Tuning Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
Results of Tuning From the benchmark testing example: After tuning the base environment and documenting the performance results, we measured the performance achieved by adding a RAC node and more tape drives. Our test proved the scalability of this solution. Oracle Secure Backup leverages over 97% of available throughput with performance increasing linearly with that of hardware capability. The chart demonstrates how Oracle Secure Backup delivers speeds of 700 MB/s leveraging over 97% of available disk throughput to eight LTO-3 tape drives. • The blue line shows the linear improvement in backup speed utilizing one node of the RAC as the number of tape drives is increased from one to four. • By adding a second node and an additional four tape drives, backup performance continues to increase in direct relation to the additional hardware capabilities, as shown on the green line of the chart.
Oracle Database 11g: Oracle Secure Backup 12 - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Results of Tuning
Scalability of: • Disk Storage Subsystem with Oracle ASM • Servers with RAC • Tapes with an appropriate tape library design • SAN drive sharing • Backup software supporting: – New nodes in a RAC cluster – New disks in an ASM disk group – New clients and media servers in the OSB domain
Copyright © 2009, Oracle. All rights reserved.
Scalability of the Overall System Because of the exponential growth of transactional data, the most important aspect of the entire backup system is scalability. • By adding more disk drives to an ASM disk group, you can easily scale the throughput of the disk subsystem. • By combining the computing power of multiple commodity servers, RAC provides high availability for the Oracle database in addition to scalability. As new nodes are added to the RAC environment, the computing power linearly increases performance. • A tape library design should allow the tape library to be easily expanded by adding more tape drives and capacity. • Oracle Secure Backup has a SAN drive-sharing feature that enables utilization of all hosts in a RAC cluster. • The OSB backup software is easily scalable: It supports new nodes in a RAC cluster, new disks in an ASM disk group, new clients and media servers in the OSB domain.
Oracle Database 11g: Oracle Secure Backup 12 - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Scalability of the Overall System
With parallelism 1, you can achieve faster tape backups by increasing the BLOCKFACTOR media policy. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 12 - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Which of the following performance optimizations are only available if you are using RMAN and OSB together? 1. Linux direct I/O 2. Backup of only uncommitted undo 3. Fibre Channel SAN 4. Shared buffer between SBT and OSB tape
Copyright © 2009, Oracle. All rights reserved.
Answers: 2, 4
Oracle Database 11g: Oracle Secure Backup 12 - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
With parallelism 1, the RMAN ALLOCATE CHANNEL and CONFIGURE CHANNEL parameter BLKSIZE has minimal impact on performance. 1. True 2. False
Copyright © 2009, Oracle. All rights reserved.
Answers: 1
Oracle Database 11g: Oracle Secure Backup 12 - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
Assume that you are tuning an environment with 64 disks. The _BACKUP_KSFQ_BUFSZ parameter is set to 1 MB, which is also the size of your ASM stripe. To which value should you set the _BACKUP_KSFQ_BUFCNT parameter? 1. 16 2. 32 3. 64
Copyright © 2009, Oracle. All rights reserved.
Answers: 3
Oracle Database 11g: Oracle Secure Backup 12 - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Quiz
In this lesson, you should have learned how to: • Identify tunable hardware and software components • Choose optimal subsystems • Consider performance factors, such as: – RMAN needs to be tuned, so it can use all disk spindles in the ASM disk group (with the _KSFQ_BACKUP_BUFCNT database parameter: 64). – Enabling Linux direct I/O significantly helps performance. – One RMAN channel per tape device should provide the best performance. – Tune the size of Oracle database output buffers and tape block size, and specify TCP/IP buffer size for sending larger packets over the network.
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup 12 - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Appendix A Practices and Solutions
Practices for Lesson 1 ......................................................................................................... 3 Practices for Lesson 2 ......................................................................................................... 4 Practice 2-1: Install Oracle Secure Backup .................................................................... 5 Practice 2-2: Configure Media for Oracle Secure Backup ............................................. 9 Practices for Lesson 3 ....................................................................................................... 13 Practice 3-1: Configure an OSB User........................................................................... 14 Practice 3-2: Configure a Host Encryption Policy........................................................ 19 Practices for Lesson 4 ....................................................................................................... 21 Practice 4-1: Configure RMAN for OSB...................................................................... 22 Practices for Lesson 5 ....................................................................................................... 34 Practice 5-1: Perform an Oracle-Suggested Backup..................................................... 35 Practice 5-2: Recover a Data File from an OSB-Encrypted Backup ............................ 44 Practices for Lesson 6 ....................................................................................................... 50 Practice 6-1: Back Up File-System Data ...................................................................... 51 Practices for Lesson 7 ....................................................................................................... 61 Practice 7-1: Restore File-System Data ........................................................................ 62 Practices for Lesson 8 ....................................................................................................... 67 Practice 8-1: Perform a Preconfigured OSB Catalog Backup ...................................... 68 Practices for Lesson 9 ....................................................................................................... 75 Practice 9-1: View OSB Management Tasks................................................................ 76 Practices for Lesson 10 ..................................................................................................... 78 Practice 10-1: Configure Tape Vaulting ....................................................................... 79 Practice 10-2: Use Tape Vaulting ................................................................................. 91 Practices for Lesson 11 ................................................................................................... 106 Practice 11-1: View Media Lifecycle Demo .............................................................. 107
Oracle Database 11g: Oracle Secure Backup
A-2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Table of Contents
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 1
There are no practices for Lesson 1.
Oracle Database 11g: Oracle Secure Backup
A-3
Background: You are promoted to be the Oracle Secure Backup administrator in your organization. Your first task is to create your own training environment. You install Oracle Secure Backup on only one server and confirm that each installation step is correctly executed. THE VIRTUAL TEST DEVICES USED IN THIS LAB ARE FOR TRAINING PURPOSES ONLY. THEY ARE NOT SUPPORTED FOR PRODUCTION USE. Note: Executing all installation and configuration steps is a prerequisite for the following practices.
Oracle Database 11g: Oracle Secure Backup
A-4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 2
In this practice, you perform the following tasks: Create your Oracle Secure Backup home directory. Install the Oracle Secure Backup software. Unless specified otherwise during this practice, you should log in as the oracle user to your terminal emulator session. Note: In this practice, simple and easy to remember passwords are used in order not to detract from the purpose of the exercise. In real development and production environments, use strong passwords following the guidelines in Oracle Database Security Guide and the Oracle Secure Backup Administrator’s Guide. Use the following information to install the software: The Oracle Secure Backup software is staged on your server in the /stage/osb_installmedia directory. Your Oracle Secure Backup home directory is /usr/local/oracle/backup. All your passwords are oracle. During installation, you configure only the local server as an administrative server with no attached devices. 1) Log in as the root user and create /usr/local/oracle/backup as your Oracle Secure Backup home directory. Change to that directory. Ensure that the uncompress utility is available. su – root Password: oracle # mkdir -p /usr/local/oracle/backup # cd /usr/local/oracle/backup # ln -s /bin/gunzip /bin/uncompress #
2) Continue as the root user. Start the installation of Oracle Secure Backup from the staging directory. Begin with the setup program. Note: The output has been slightly formatted to reduce the number of space lines. # /stage/osb_installmedia/setup Welcome to Oracle's setup program for Oracle Secure Backup. This program loads Oracle Secure Backup software from the CDROM to a filesystem directory of your choosing. This CD-ROM contains Oracle Secure Backup version 10.2.0.2.0_linux32. Please wait a moment while I learn about this host... done.
Oracle Database 11g: Oracle Secure Backup
A-5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2-1: Install Oracle Secure Backup
Practice 2-1: Install Oracle Secure Backup (continued) -
- - - - - - - - - - - - - - - 1. linux32 administrative server, media server, client
-
-
- - - - - - - - - - - - - - - - - - - Loading Oracle Secure Backup installation tools... done. Using your previous obparameters file. The new file shipped with this distribution of Oracle Secure Backup is called install/obparameters.new. Loading linux32 administrative server, media server, client... done. - - - - - - - - - - - - - - - - - - Loading of Oracle Secure Backup software from CD-ROM is complete. You may unmount and remove the CD-ROM.
-
Would you like to continue Oracle Secure Backup installation with 'installob' now? (The Oracle Secure Backup Installation Guide contains complete information about installob.) Please answer 'yes' or 'no' [yes]: yes -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Welcome to installob, Oracle Secure Backup's UNIX installation program. It installs Oracle Secure Backup onto one or more UNIX or Linux systems on your network. (Install Oracle Secure Backup for Windows using the CD-ROM from which you loaded this software.) For most questions, a default answer appears enclosed in square brackets. Press Enter to select this answer. Please wait a few seconds while I learn about this machine... done. Have you already reviewed and customized install/obparameters for your Oracle Secure Backup installation [yes]? no Would you like to do this now [yes]? no - - - - - - - - - - - - - - - - - - - Oracle Secure Backup is not yet installed on this machine. Oracle Secure Backup's Web server has been loaded, but is not yet configured.
Oracle Database 11g: Oracle Secure Backup
A-6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
-
Practice 2-1: Install Oracle Secure Backup (continued)
If you are not sure which way to install, please refer to the Oracle Secure Backup Installation Guide. (a,b or c) [a]? a Beginning the installation. This will take just a minute and will produce several lines of informational output. Installing Oracle Secure Backup on edvmr1p0 (Linux version 2.6.9-67.0.7.0.1.ELxenU) You must now enter a password for the Oracle Secure Backup encryption key store. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the key store password: oracle Re-type password for verification: oracle You must now enter a password for the Oracle Secure Backup 'admin' user. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the admin password: oracle Re-type password for verification: oracle
You should now enter an email address for the Oracle Secure Backup 'admin' user. Oracle Secure Backup uses this email address to send job summary reports and to notify the user when a job requires input. If you leave this blank, you can set it later using the obtool's 'chuser' command. Please enter the admin email address: generating links for admin installation with Web server updating /etc/ld.so.conf
Oracle Database 11g: Oracle Secure Backup
A-7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
You can install this host one of three ways: (a) administrative server the host will also be able to act as a media server or client) (b) media server (the host will also be able to act as a client) (c) client
checking Oracle Secure Backup's configuration file (/etc/obconfig) setting Oracle Secure Backup directory to /usr/local/oracle/backup in /etc/obconfig setting local database directory to /usr/etc/ob in /etc/obconfig setting temp directory to /usr/tmp in /etc/obconfig setting administrative directory to /usr/local/oracle/backup/admin in /etc/obconfig protecting the Oracle Secure Backup directory creating /etc/rc.d/init.d/observiced activating observiced via chkconfig initializing the administrative domain ********************** N O T E ************************* On Linux systems Oracle recommends that you answer no to the next two questions. The preferred mode of operation on Linux systems is to use the /dev/sg devices for attach points as described in the 'ReadMe' and in the 'Installation and Configuration Guide'.
Is edvmr1p0 connected to any tape libraries that you'd like to use with Oracle Secure Backup [no]? no Is edvmr1p0 connected to any tape drives that you'd like to use with Oracle Secure Backup [no]? no Installation summary: Installation Host OS Driver OS Move Reboot Mode Name Name Installed? Required? Required? admin edvmr1p0 Linux no no no Oracle Secure Backup is now ready for your use. # exit exit $
Oracle Database 11g: Oracle Secure Backup
A-8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2-1: Install Oracle Secure Backup (continued)
In this practice, you perform the following tasks: Configure the mediaserver role for the current host. Configure virtual test devices. View information about the configured devices. Insert volumes into both tape libraries. Confirm the correct configuration via the obtool interface. 1) In a terminal window, navigate to the /home/oracle/labs directory and execute the ./config1.sh script to update the config1_out.sh script with your short host name. $ cd /home/oracle/labs $ $ cat config1.sh #!/bin/ksh # Only for test and training, not for production # Must be connected as oracle OS user if [ `whoami` != "oracle" ]; then echo "You are supposed to be logged on as oracle when running this script." exit fi
x=`hostname --short` echo $x sed 's/edrsr04p1/'$x'/' config1_in.sh > config1_out.sh $ ./config1.sh edvmr1p0 $
2) In the /home/oracle/labs directory, execute the ./config1_out.sh script to perform the following tasks: Configure the client,admin,mediaserver roles for the current host. Configure the vdte1, vdte2, vdte3 and vdte4 tape drives for the vlib library. Configure the vdrive1 and vdrive2 for the vlib2 library. Note: You must enter the admin_password several times, because it would be a security violation to provide the password in clear text on a command line or in a command script. Oracle Corporation recommends that you prompt users for the appropriate password.
Oracle Database 11g: Oracle Secure Backup
A-9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2-2: Configure Media for Oracle Secure Backup
$ ./config1_out.sh Password: Password: Password: Password: Password: Password: Password: Password: Password: $
3) Now, practice some potential installation troubleshooting steps to confirm that the configured devices exist according to your specifications. First view your virtual drives and libraries as operating system directories under the u01 directory. $ ls -l /u01 total 36 drwxrwxr-x 4 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 drwxr-xr-x 2 $
root root root root root root root root root
oinstall root root root root root root root root
4096 4096 4096 4096 4096 4096 4096 4096 4096
Aug 21 2007 app Oct 9 13:01 vdrive1 Oct 9 13:01 vdrive2 Oct 9 13:00 vdte1 Oct 9 13:00 vdte2 Oct 9 13:01 vdte3 Oct 9 13:01 vdte4 Oct 9 13:00 vlib Oct 9 13:01 vlib2
Note: If any of your virtual libraries or tape drives do not exist, most likely, you will have to uninstall the OSB software and start again. 4) Start the obtool as the admin user with the oracle password, and view all roles of your host with the lshost command. Note: If you receive the following, “Warning: auto-login failed – login token has expired”, ignore it. It means that you have to enter the login username and password as shown above. - If you are within the time period of your login token, you do NOT have to enter username and password. [oracle@edrsr4p1 labs]$ obtool Oracle Secure Backup 10.2.0.2.0 login: admin Password:oracle ob> lshost edvmr1p0 admin,mediaserver,client in service
(via OB)
5) View your just created devices with the lsdev command. ob> lsdev library
vlib
in service
Oracle Database 11g: Oracle Secure Backup
A - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2-2: Configure Media for Oracle Secure Backup (continued)
drive drive drive drive library drive drive ob>
1 2 3 4 1 2
vdte1 vdte2 vdte3 vdte4 vlib2 vdrive1 vdrive2
in in in in in in in
service service service service service service service
6) To insert unlabeled volumes into both tape libraries, either execute the config2.txt OSB script in your working directory or use the insertvol command. Insert 32 volumes into the vlib library and 14 volumes into the vlib2 library. ob> ob> ob> ob> ob> ob> ob>
< /home/oracle/labs/config2.txt # Only for test and training, not for production # OSB script, run as admin user insertvol -L vlib -c 250 unlabeled 1-32 insertvol -L vlib2 -c 250 unlabeled 1-14
7) List the volumes in the vlib2 library with the lsvol command, to confirm that they are correctly configured. ob> lsvol -L vlib2 Inventory of library vlib2: in 1: unlabeled, c91e60a47888102bbceaaa0b0000401 in 2: unlabeled, c92cec787888102bbceaaa0b0000401 in 3: unlabeled, c93a988c7888102bbceaaa0b0000401 in 4: unlabeled, c948466c7888102bbceaaa0b0000401 in 5: unlabeled, c9560acc7888102bbceaaa0b0000401 in 6: unlabeled, c963bdc07888102bbceaaa0b0000401 in 7: unlabeled, c9717a6e7888102bbceaaa0b0000401 in 8: unlabeled, c97f2eca7888102bbceaaa0b0000401 in 9: unlabeled, c98cecae7888102bbceaaa0b0000401 in 10: unlabeled, c99aa7187888102bbceaaa0b0000401 in 11: unlabeled, c9a8585e7888102bbceaaa0b0000401 in 12: unlabeled, c9b620f67888102bbceaaa0b0000401
barcode barcode barcode barcode barcode barcode barcode barcode barcode barcode barcode barcode
Oracle Database 11g: Oracle Secure Backup
A - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 2-2: Configure Media for Oracle Secure Backup (continued)
Practice 2-2: Configure Media for Oracle Secure Backup (continued)
8) View the default media families in the obtool. Use the lsmf --long command, and use the logout command to exit. ob> lsmf --long OSB-CATALOG-MF: Write window: 7 days Keep volume set: 14 days Appendable: yes Volume ID used: unique to this media family Comment: OSB catalog backup media family RMAN-DEFAULT: Keep volume set: content manages reuse Appendable: yes Volume ID used: unique to this media family Comment: Default RMAN backup media family ob> logout $ Note: If you use the quit command to exit, then you do not have to enter username
and password within the time period of your login token. If you use the logout command to exit, then you will be asked for username and password, the next time that you enter the obtool. This is more secure.
Oracle Database 11g: Oracle Secure Backup
A - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
in 13: unlabeled, barcode c9c3e0427888102bbceaaa0b0000401 in 14: unlabeled, barcode c9d19f527888102bbceaaa0b0000401 ob>
Background: After your successful installation of the Oracle Secure Backup software, you ensure that the security requirements of your organization are implemented with Oracle Secure Backup. You want to limit access to the OSB domain and make sure that tapes are encrypted at all times, whether they are onsite, in off-site storage or even lost. Note: Executing all configuration steps in this practice is a prerequisite for the following practices.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 3
Oracle Database 11g: Oracle Secure Backup
A - 13
In this practice, you perform the following tasks in the Oracle Secure Backup Web tool: Set the OSB preference to view the extended command output. Define a new Oracle Secure Backup user. Configure preauthorization for this user. In the Oracle Secure Backup Web tool you create the oracle Oracle Secure Backup user and preauthorize this user for RMAN backups. “Preauthorization” means that this user does not have to provide OSB credentials, after they are logged into Enterprise Manager and started, for example, a backup job to tape. 1) Start a web browser and enter your URL in the following format: https://, for example, https://edvmr1p0.us.oracle.com
2) In Oracle classrooms, you may receive a security warning about the website certificate, which originates in the fact that you have been given a newly installed server. Accept the certificate (permanently, if possible) or if asked, add it to your website exception. The exact messages (and the number of windows) depend on your browser. 3) On the Oracle Secure Backup Login page, enter admin as User Name, oracle as Password, and click Login.
4) On the Oracle Secure Backup home page, click Preferences.
Oracle Database 11g: Oracle Secure Backup
A - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3-1: Configure an OSB User
5) On the Preferences page, select Extended command output: On and then click Apply.
Note: You will see the result of this step in several of the coming screenshots. It displays relevant obtool commands in the Extended Command Output section below the graphic elements on a page. 6) On the Preferences page, click Configure.
7) On the Configure page, click Users in the Basic section.
Oracle Database 11g: Oracle Secure Backup
A - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3-1: Configure an OSB User (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3-1: Configure an OSB User (continued)
8) On the Configure: Users page, click Add.
9) On the Configure: Users > New Users page, enter or select the following values, and then click Apply: User oracle Password: oracle User class: oracle UNIX name: oracle UNIX group: dba
Oracle Database 11g: Oracle Secure Backup
A - 16
Practice 3-1: Configure an OSB User (continued) NDMP server user: no
10) View the mkuser obtool command in the Extended Command Output area. You executed this command when you clicked Apply. Then click Preauthorized Access.
11) On the Configure: Users > oracle > Preauthorized Access page, select or enter the following values, and then click Add:
Oracle Database 11g: Oracle Secure Backup
A - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Note: If you have an NDMP server, set the value to yes, but inside the regular classrooms, an NDMP server is not available, so set the value to no.
Practice 3-1: Configure an OSB User (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Hosts: all hosts OS username: * Attributes: rman Note: “All hosts” is an appropriate value for this training environment, but for development and production environments, limit preauthorized access to selected hosts.
12) You should receive a success message.
13) If needed, scroll down and review the chu obtool command. Then click the Configure tab in preparation for your next task.
Oracle Database 11g: Oracle Secure Backup
A - 18
In this practice, you configure a policy to encrypt all database and file system backups on this host with Oracle Secure Backup encryption. You use an encryption key with the AES192 default algorithm that OSB transparently (randomly) generates for encryption during backup and decryption during recovery. All of the following backup and recovery operations will use this policy (unless you define a specific exception). 1) Logged into the Oracle Secure Backup Web tool as the admin user, navigate to the Configure page. 2) On the Configure page, click Hosts in the Basic section. 3) To configure host encryption policies, select your host and click Edit.
4) Select Encryption: required. Accept the default algorithm of aes192 and leave the other fields with their default values as well. Then click Apply.
Oracle Database 11g: Oracle Secure Backup
A - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3-2: Configure a Host Encryption Policy
5) You should receive a success message.
6) View the chhost command in the Extended Command Output section. You specified that encryption is required, that encryption keys should be randomly generated and that they should be regenerated every month. - Click OK.
7) Log out of the Web tool.
Oracle Database 11g: Oracle Secure Backup
A - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 3-2: Configure a Host Encryption Policy (continued)
Background: You continue with your one-time configuration tasks. In this practice, you configure RMAN for Oracle Secure Backup. Because you plan to use Enterprise Manager (EM) as your main interface, you first register the administrative server in EM, and then you create a database backup storage selector. This selector is used by RMAN to pass the database name, copy number and content type to Oracle Secure Backup. Of course, you test each step. Finally, you ensure that the database is in ARCHIVELOG mode. Note: Completing this practice is a prerequisite for the following practices.
Oracle Database 11g: Oracle Secure Backup
A - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 4
In this practice, you perform the following tasks in Enterprise Manager as the SYS user: Connect to the EM Database Console with your browser. Register the administrative server in EM. Verify connectivity to the libraries. Create a database backup storage selector for your database. Test your tape backup. Verify RMAN recovery settings for the database: ARCHIVELOG mode enabled 1) To connect to Enterprise Manager, perform the following steps: a) In a terminal window as oracle OS user, retrieve the host name for your computer by checking the status of the dbconsole. $ emctl status dbconsole Oracle Enterprise Manager 11g Database Control Release 11.1.0.6.0 Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved. https://edvmr1p0.us.oracle.com:1158/em/console/aboutApplicatio n Oracle Enterprise Manager 11g is running. ----------------------------------------------------------------Logs are generated in directory /u01/app/oracle/product/11.1.0/db_1/edvmr1p0.us.oracle.com_orc l/sysman/log $
b) Open your browser application and enter the URL, https://:1158/em. c) In Oracle classrooms, you may receive a security warning about the website certificate, which originates in the fact that you have been given a newly installed server. Accept the certificate (permanently, if possible) or if asked, add it to your website exception. The exact messages (and the number of windows) depend on your browser. d) On the Database Login page, enter SYS as User Name, oracle as Password, select SYSDBA from the Connect As drop-down list, and then click Login.
Oracle Database 11g: Oracle Secure Backup
A - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB
2) To register your administrative server, navigate to Availability > Oracle Secure Backup Device and Media (in the Oracle Secure Backup section).
a) On the Add Administrative Server page, enter /usr/local/oracle/backup in the Oracle Secure Backup Home field. Then, make sure that admin is set in the Username field, enter oracle in the Password field, and then click OK. (Click No, if the Password Manager offers to remember the password.)
Oracle Database 11g: Oracle Secure Backup
A - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
b) On the Host Credentials page, enter oracle for both the Username and Password fields. Select the “Save as Preferred Credential” check box. Then, click OK.
After clicking OK, the Administrative Server page is displayed. 3) To verify connectivity to the libraries, click the Manage link after Devices in the Resources section.
Oracle Database 11g: Oracle Secure Backup
A - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
a) On the Devices page, ensure that the vlib library is selected, then choose Verify Connectivity from the Actions drop-down list, and click the Actions Go button.
b) You should receive the information that the vlib library and four tape drives are accessible.
c) Select the vlib2 library, Verify Connectivity Actions and click the Actions Go button.
Oracle Database 11g: Oracle Secure Backup
A - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
You should receive the information that the vlib2 library and two tape drives are accessible. d) Click the Database tab in preparation for your next task.
4) To create a database storage selector, navigate to Availability > Backup Settings. a) On the Backup Settings page, enter 1 for Tape Drives in the Tape Settings section. b) Under Host Credentials, enter oracle as Username and enter oracle as Password. If these fields are already filled in, make sure the supplied values are correct. Select “Save as Preferred Credential,” and click OK.
Oracle Database 11g: Oracle Secure Backup
A - 26
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
c) Reaccess the Backup Settings page and click Configure in the Oracle Secure Backup section.
d) On the Administrative Server Login page, make sure that your administrative server is selected from the list. Enter oracle as Username and as Password. If these fields are already filled in, make sure the supplied values are correct. Select “Save as Preferred Credential” and click OK.
Oracle Database 11g: Oracle Secure Backup
A - 27
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
e) On the Backup Storage Selectors page, click Add to configure a Backup Storage Selector for your database.
f) On the Add Backup Storage Selector page, under the heading “For These Types of Backups,” select all check boxes (for Archive Logs, Auto Backup, Full, and Incremental database backup types). Select RMAN-DEFAULT as Media Family. Then click Add to limit the devices for RMAN backups.
Oracle Database 11g: Oracle Secure Backup
A - 28
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
g) On the Use Devices page, select the tape drives of your vlib library: vdte1, vdte2, vdte3, and vdte4, and then click the Select button.
h) To create your database storage selector, click OK.
Oracle Database 11g: Oracle Secure Backup
A - 29
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
i) You should receive a success message. Your Backup Storage Selector has been created and is now displayed. Click Return.
Oracle Database 11g: Oracle Secure Backup
A - 30
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
You return to the Backup Settings page. 5) Test your tape backup. a) On the Backup Settings page, scroll down to see that the administrative server is set. Make sure that your Host Credentials are correct, and then click “Test Tape Backup” in the Tape Settings section in the middle of the page.
The progress window appears.
Oracle Database 11g: Oracle Secure Backup
A - 31
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 4-1: Configure RMAN for OSB (continued)
Practice 4-1: Configure RMAN for OSB (continued)
6) Connected as SYSDBA to a SQL*Plus session, verify that the database is in ARCHIVELOG mode. If your database is in ARCHIVELOG mode, continue with the next step. If not, shut down the database, enable archiving, and then restart the database. $ sqlplus / as sysdba SQL*Plus: Release 11.1.0.6.0 - Production on Mon Oct 13 14:27:11 2008 Copyright (c) 1982, 2007, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 Production With the Partitioning, Oracle Label Security, OLAP, Data Mining and Real Application Testing options SQL> archive log list Database log mode No Archive Mode Automatic archival Disabled Archive destination USE_DB_RECOVERY_FILE_DEST Oldest online log sequence 46 Current log sequence 48 SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. SQL> startup mount ORACLE instance started. Total System Global Area 627732480 bytes Fixed Size 1301728 bytes Variable Size 448791328 bytes Database Buffers 171966464 bytes Redo Buffers 5672960 bytes Database mounted. SQL> alter database archivelog; Database altered.
Oracle Database 11g: Oracle Secure Backup
A - 32
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
b) When your tape drive test is successful, click the Database Instance link to return to the Availability page.
Practice 4-1: Configure RMAN for OSB (continued)
SQL> archive log list Database log mode Automatic archival Archive destination Oldest online log sequence Next log sequence to archive Current log sequence SQL>
Archive Mode Enabled USE_DB_RECOVERY_FILE_DEST 46 48 48
7) Exit SQL*Plus. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production With the Partitioning, Oracle Label Security, OLAP, Data Mining and Real Application Testing options $
Oracle Database 11g: Oracle Secure Backup
A - 33
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
SQL> alter database open; Database altered.
Background: After completing your configuration tasks, which included mandatory onetime setup tasks and (from the software point of view “optional”) security configuration tasks, you are ready to perform your first database backup to tape. You decide to use Enterprise Manager for an Oracle-Suggested Backup to tape, to test this functionality. For a production system, you would consider backing up to both disk and tape for faster recovery.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 5
Oracle Database 11g: Oracle Secure Backup
A - 34
In this practice, you use Enterprise Manager for an Oracle-Suggested Backup with the following specifications: Backup destination: tape Full weekly backup, then daily incremental and archive log backup Tape Drives: 1 Schedule daily backup within 5 minutes of your current date and time Encrypted by Oracle Secure Backup Unless specified otherwise, you should log on as the oracle user to your terminal emulator session, and as SYSDBA to your Database Control Console. 1) Logged into Enterprise Manager as the SYS user, navigate to: Availability > Schedule Backup. 2) On the Schedule Backup page, ensure your Host Credentials are set correctly. Then click Schedule Oracle-Suggested Backup.
3) On the “Schedule Oracle-Suggested Backup: Destination” page, select Tape and click Next.
Oracle Database 11g: Oracle Secure Backup
A - 35
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup
4) On the “Schedule Oracle-Suggested Backup: Setup” page, ensure 1 is set for Tape Drives, and expand Encryption at the bottom of the page.
5) Do not enter anything in the RMAN encryption fields for this practice. Click Next. (Although you could specify RMAN encryption in this section, doing so would take precedence over OSB encryption.)
Oracle Database 11g: Oracle Secure Backup
A - 36
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
6) On the “Schedule Oracle-Suggested Backup: Schedule” page, select the daily backup to run within 5 minutes of your current date and time, and then click Next.
7) On the “Schedule Oracle-Suggested Backup: Review” page, review both the Settings and RMAN Scripts and click Submit Job.
Oracle Database 11g: Oracle Secure Backup
A - 37
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
8) You should see that the job has been successfully submitted.
9) At your specified backup time, click View Job. The Job Execution page is displayed. 10) Wait until the job run completes. In the Summary section, note that RMAN did not encrypt this backup. Then, click the Backup link under the Logs section. In the Output log, review how the RMAN command allocates the tape devices.
Oracle Database 11g: Oracle Secure Backup
A - 38
11) In the output log of RMAN, review the information about the tape backup.
12) In the screenshot above, you see the channel allocation for the tape. Oracle Database 11g: Oracle Secure Backup
A - 39
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
14) Because you do not see OSB encryption in the RMAN output, review the OSB transcript of this job execution. 15) Click the Database tab, then click Availability and (if your browser permits) rightclick File System Backup and Restore > Open Link in New Tab. 16) Log in to the OSB Web tool as the admin user with the oracle password. 17) Navigate to Manage > Jobs. 18) On the Manage: Jobs page, select the following viewing options: Active, Complete, Pending and Types: Oracle backup, and then click Apply.
19) Select the datafile backup and click Show Transcript.
Oracle Database 11g: Oracle Secure Backup
A - 40
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
13) Scroll down to review the execution of all commands.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
Your screen might look a little different. 20) Review the job transcript.
Oracle Database 11g: Oracle Secure Backup
A - 41
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
22) Optional: If you are interested in a summary of the backup activities, you can select EM Availability > Backup Reports. Scroll down to see the Result area.
Oracle Database 11g: Oracle Secure Backup
A - 42
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
21) Find the encryption values and the error rate, and then click Close.
Your screenshot will look different, but it should show SBT_TAPE under Output Devices.
Oracle Database 11g: Oracle Secure Backup
A - 43
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-1: Perform an Oracle-Suggested Backup (continued)
In this practice, you perform a tablespace recovery using the encrypted tape backup. You perform an object-level recovery of the EXAMPLE tablespace to the current time or to a previous point in time through the Enterprise Manager interface. Restore the files to the default location. Unless specified otherwise, you should log in as SYS user (with the oracle password) and connect as SYSDBA to Enterprise Manager Database Control and SQL*Plus sessions. 1) First, copy the example01.dbf file to the /home/oracle/solutions directory and attempt to insert a row into the HR.COUNTRIES table, which should fail. This simulates a scenario that requires you to initiate recovery operations. If you want to save yourself the typing of the commands, execute the rec_setup.sh script; otherwise, execute the following commands: Note: The output has been slightly formatted to conserve space. $ ls $ORACLE_BASE/oradata/orcl control01.ctl example01.dbf control02.ctl redo01.log control03.ctl redo02.log
redo03.log sysaux01.dbf system01.dbf
temp01.dbf undotbs01.dbf users01.dbf
$ cp $ORACLE_BASE/oradata/orcl/example01.dbf /home/oracle/solutions/example01.save $ ls /home/oracle/solutions archivelog.sh example01.save test_labs.sh
show_host.sh
show_port.sh
$ rm -f $ORACLE_BASE/oradata/orcl/example01.dbf $ sqlplus / as sysdba SQL*Plus: Release 11.1.0.6.0 - Production on Tue Oct 21 19:28:20 2008 Copyright (c) 1982, 2007, Oracle.
All rights reserved.
Connected to: Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 Production With the Partitioning, Oracle Label Security, OLAP, Data Mining and Real Application Testing options SQL> desc hr.countries Name Null? ------------------- -------COUNTRY_ID NOT NULL COUNTRY_NAME REGION_ID
Type ---------------------CHAR(2) VARCHAR2(40) NUMBER
Oracle Database 11g: Oracle Secure Backup
A - 44
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup (continued) SQL> INSERT INTO hr.countries 2 VALUES ('TT','TEST COUNTRY',1); 2
INSERT INTO hr.countries * ERROR at line 1: ORA-01116: error in opening database file 5 ORA-01110: data file 5: '/u01/app/oracle/oradata/orcl/example01.dbf' ORA-27041: unable to open file Linux Error: 2: No such file or directory Additional information: 3
SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production With the Partitioning, Oracle Label Security, OLAP, Data Mining and Real Application Testing options $
The output above displays the expected error. 2) Logged in to Enterprise Manager as the SYS user, navigate to: Availability > Perform Recovery (in the Manage section). 3) On the Perform Recovery page, you should see that one database failure is detected. Ensure that your Host Credentials (the oracle Username and the oracle Password) are entered, and then click Advise and Recover.
Oracle Database 11g: Oracle Secure Backup
A - 45
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
SQL>
4) Click Expand All to view the missing example01.dbf failure. 5) With the failures selected, click Advise.
6) On the Manual Actions page, click Continue with Advise.
Oracle Database 11g: Oracle Secure Backup
A - 46
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup (continued)
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup (continued)
8) The Review page displays the failure and the repair action. Click Submit Recovery Job.
9) The Processing page appears, which should be followed by a confirmation that your job was created successfully.
10) Your job number may be different. Click the job link. 11) If your job is still running, use your browser’s Reload or Refresh button, until the job is completed. It should have the status Succeeded on the Job Run page. 12) Click the Step: Recovery link.
Oracle Database 11g: Oracle Secure Backup
A - 47
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
7) On the Recovery Advice page, review the RMAN script and click Continue.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup (continued)
13) Review all of the RMAN output.
14) Confirm that the backup tape is used for recovery.
Oracle Database 11g: Oracle Secure Backup
A - 48
15) Click the Database tab and navigate to Availability > Perform Recovery to see that there are no failures.
Oracle Database 11g: Oracle Secure Backup
A - 49
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup (continued)
Background: After configuring and testing the Oracle-Suggested Backup to tape, you decide to create a dataset and schedule a dataset backup, as a way to backup up your filesystem data. Backups of the database and the file system are independent of each other, that is, you can use one or the other, or both. Of course, the Oracle Secure Backup configuration (including host encryption) that you performed in earlier practices is available: “ready to go”.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 6
Oracle Database 11g: Oracle Secure Backup
A - 50
Practice 6-1: Back Up File-System Data
include host { include path /home/oracle/labs }
Then you schedule a backup of the dataset that is executed immediately. You decide to use the Oracle Secure Backup Web tool, which you access from Enterprise Manager. Unless specified otherwise, you should log in to Enterprise Manager Database Control as SYS user (with the oracle password) and connect as SYSDBA. You log in to the OSB Web tool as the admin user with the oracle password. Note: The completion of this practice is a prerequisite for the following practice, “Restore File-System Data” and for the “Use Tape Vaulting” practice. 1) In Enterprise Manager, navigate to Availability > (if possible, right-click) File System Backup and Restore (if possible, click Open Link in New Tab). 2) Log in to the Oracle Secure Backup Web tool as the admin user with the oracle password. 3) To view the obtool commands at the bottom of your screen, click Preferences > Extended command output “On” > Apply. Then click Backup.
4) Click Datasets.
5) On the Datasets page, click Add.
Oracle Database 11g: Oracle Secure Backup
A - 51
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
In this practice, you create a dataset called mylabs for a file-system backup. You use it to back up your $HOME/labs directory. The dataset should be of the form:
6) On the New Datasets page, enter mylabs in the Name field and replace the given template with the following: include host { include path /home/oracle/labs }
Make sure that you replace with the name of your computer. To not back up the local root directory, place comment signs (#) before the relevant lines, or delete these lines.
Oracle Database 11g: Oracle Secure Backup
A - 52
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
7) After this is done, click Save. 8) Verify that the dataset was created successfully. On the Datasets page, select mylabs, and click Check Dataset.
Oracle Database 11g: Oracle Secure Backup
A - 53
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
9) On the Dataset Errors page, you see that there were no errors. If there are any errors, resolve them; then click Close.
10) To create a backup of the mylabs dataset, navigate to Backup > Backup Now in the OSB Web tool. 11) On the Backup Now page, click Add.
Oracle Database 11g: Oracle Secure Backup
A - 54
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
Practice 6-1: Back Up File-System Data (continued)
13) Back to the Backup Now page, select the mylabs dataset and click Go to submit the job to the scheduler. Question: Does Oracle Secure Backup use the Oracle database scheduler? Answer: No, it has its own scheduler, because Oracle Secure Backup can be used independently from Oracle databases.
Oracle Database 11g: Oracle Secure Backup
A - 55
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
12) On the Backup: Backup Now > Options page, select the mylabs dataset and the vdrive1 and vdrive2 Restrictions; then click OK.
14) Oracle Secure Backup submits the backup request and assigns a job number. Click Manage in preparation for your next task.
Oracle Database 11g: Oracle Secure Backup
A - 56
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
15) On the Manage page, click Jobs.
Oracle Database 11g: Oracle Secure Backup
Oracle University and (Oracle Corporation) use only.
Practice 6-1: Back Up File-System Data (continued)
A - 57
16) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs by selecting those options. In the Types box, select file system backup, and then hold the Ctrl key and select dataset. Click Apply.
17) The updated display now shows the recent dataset backup. Select the admin/1.1 backup job and click Show Transcript.
Oracle Database 11g: Oracle Secure Backup
A - 58
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
18) Scroll through the transcript and note that the backup is encrypted, that you backed up the correct directory, and that there are no read, or write errors. When you are finished reviewing the transcript, click Close.
Oracle Database 11g: Oracle Secure Backup
A - 59
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
19) With the same admin/1.1 job selected, click Show Properties. 20) Scroll to the end of the properties to view the lsjob obtool command in the Extended Command Output. Then click Close.
Oracle Database 11g: Oracle Secure Backup
A - 60
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 6-1: Back Up File-System Data (continued)
Background: After you created a backup of your /home/oracle/labs directory, you decide to create a labs_save directory, duplicate the labs files there, and then delete the original files. After deleting the files, you use the Oracle Secure Backup restore operation, to restore the files, and then test that they are accessible.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 7
Oracle Database 11g: Oracle Secure Backup
A - 61
In this practice, you perform the following tasks: Delete the contents of your labs directory. Restore the missing lab files. Verify that the files are recovered. Unless specified otherwise, you should log on as the oracle user to your terminal emulator session, as sys user with the oracle password and SYSDBA connection to Enterprise Manager, and as admin user with the oracle password to Oracle Secure Backup. 1) From your terminal emulator session, duplicate and then remove all the files located in your $HOME/labs directory. $ ls /home/oracle/labs config1_in.sh config1.sh rec_setup.sh config1_out.sh config2.txt $ mkdir /home/oracle/solutions/labs_save $ cp /home/oracle/labs/* /home/oracle/solutions/labs_save $ rm -f /home/oracle/labs/* $ ls /home/oracle/labs $
2) Logged in to Oracle Secure Backup as the admin user, navigate to Restore > Backup Catalog, because you are using the OSB catalog to select the data to be restored.
3) On the Backup Catalog page, select your host name and latest, and then click Browse Host.
Oracle Database 11g: Oracle Secure Backup
A - 62
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 7-1: Restore File-System Data
4) On the Browse Host page, click the link labeled home to view its contents.
5) Continue drilling down until you reach the labs directory. Select this directory, and then click Add.
6) On the New Restore page, accept the default settings and click OK.
Oracle Database 11g: Oracle Secure Backup
A - 63
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 7-1: Restore File-System Data (continued)
7) On the Backup Catalog page, click “Show restore list and browse options” to view the items to be restored and the selection options for that data.
8) After viewing the information, click Go to submit the restore request to the scheduler.
Oracle Database 11g: Oracle Secure Backup
A - 64
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 7-1: Restore File-System Data (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 7-1: Restore File-System Data (continued)
9) To monitor the job progress, navigate to Manage > Jobs.
10) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs by selecting those options. In the Types box, select file system restore and click Apply.
Oracle Database 11g: Oracle Secure Backup
A - 65
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 7-1: Restore File-System Data (continued)
11) Review the displayed job.
12) Verify that your restore job was successful.
13) In a terminal window, verify that your lab files are present. $ ls /home/oracle/labs config1_in.sh config1.sh config1_out.sh config2.txt $
rec_setup.sh
Oracle Database 11g: Oracle Secure Backup
A - 66
Background: In the previous practices, you familiarized yourself with OSB-encrypted backup and restore of both an Oracle database and file-system data. It is a best practice recommendation to perform regular unencrypted backups of your Oracle Secure Backup catalog. To do so, you use the predefined OSB catalog backup. First review the preconfigured elements, then set a time trigger to activate the catalog backup and confirm a successful backup. The following is your task list: 1. 2. 3. 4.
View the OSB-CATALOG-MF media family. View the OSB-CATALOG-DS dataset. View the OSB-CATALOG-SUM job summary. View the OSB-CATALOG-SCHED schedule and edit its trigger to initiate catalog backups. 5. View the completed job. Confirm a successful, unencrypted execution of the job.
Oracle Database 11g: Oracle Secure Backup
A - 67
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 8
In this practice, you perform a preconfigured catalog backup. First view the preconfigured elements, and then edit the OSB-CATALOG-SCHED trigger to specify a backup time. Unless specified otherwise, you should log in as the admin user with the oracle password to the Oracle Secure Backup Web tool. 1) To view the OSB-CATALOG-MF media family: a) Navigate to Configure > Media Families.
b) Review the OSB-CATALOG-MF media family, but do not change any properties. Click Cancel when you are finished with your review.
2) To view the OSB-CATALOG-DS dataset:
Oracle Database 11g: Oracle Secure Backup
A - 68
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8-1: Perform a Preconfigured OSB Catalog Backup
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued) a) Navigate to Backup > Datasets.
c) Review the OSB-CATALOG-DS dataset, but do not change any properties. Click Cancel when you are finished with your review.
3) To view the OSB-CATALOG-SUM job summary: a) Navigate to Configure > Job Summaries. b) Select the OSB-CATALOG-SUM job summary and click Edit.
c) Review the OSB-CATALOG-SUM job summary, but do not change any properties. Note the specific job summary options and properties. Click Cancel when you are finished with your review.
Oracle Database 11g: Oracle Secure Backup
A - 69
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
b) Select the OSB-CATALOG-DS dataset and click Open.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued)
4) To activate the OSB-CATALOG-SCHED schedule: a) Navigate to Backup > Schedules. b) Select the OSB-CATALOG-SCHED schedule and click Edit.
Oracle Database 11g: Oracle Secure Backup
A - 70
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued) c) Review the properties.
e) Click Select daily and enter a backup time a few minutes into the future. Then click Add.
Oracle Database 11g: Oracle Secure Backup
A - 71
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
d) To edit the OSB-CATALOG-SCHED trigger, click Triggers on the Backup: Schedules > OSB-CATALOG-SCHED page.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued)
f) Review the Extended Command Output.
g) Select your newly defined trigger and click Preview.
h) Review the schedule, and then click Close.
Oracle Database 11g: Oracle Secure Backup
A - 72
5) To review your completed job after your estimated job completion time: a) Navigate to Manage > Jobs. b) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs by selecting those options. In the Types box, select file system backup, then hold the Ctrl key and select dataset. Click Apply. If the backup of the OSB catalog has not yet completed successfully, refresh the page. If you have any unexpected errors, resolve them. c) Select the dataset OSB-CATALOG-DS job and click Show Transcript.
d) Review the transcript of the dataset and note that encryption is off, as is required for the catalog backup. Also note that the volume set owner is the root user. When you are finished reviewing the transcript, click Close.
Oracle Database 11g: Oracle Secure Backup
A - 73
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 8-1: Perform a Preconfigured OSB Catalog Backup (continued)
Oracle Database 11g: Oracle Secure Backup
A - 74
Background: Regular Oracle Secure Backup management tasks usually involve multiple servers. Not all training environments can support this setup, so you view a demonstration of the most common management task: Adding a new client to your administrative domain.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 9
Oracle Database 11g: Oracle Secure Backup
A - 75
Practice 9-1: View OSB Management Tasks
Installing OSB software on a new client Configuring a client role in the administrative domain 1) Double-click the oracle’s Home icon on your desktop. 2) Navigate to the /home/oracle/demos/osb_client_linux directory.
3) Double-click the osb_client_linux_viewlet_swf.html file. 4) In the Run or Display window, click Display and view the presentation. 5) Use the controls at the bottom of the viewlet window to start, pause, and stop the presentation, as suits your personal learning style.
Oracle Database 11g: Oracle Secure Backup
A - 76
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
In this practice, you view a demonstration of OSB management tasks. You see how to add a client to an existing domain, which consists of:
Practice 9-1: View OSB Management Tasks (continued)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
6) Uninterrupted viewing of the demonstration takes about six minutes. When you have finished viewing the presentation, close your Web browser window.
Oracle Database 11g: Oracle Secure Backup
A - 77
Background: As Oracle Secure Backup administrator you are asked to configure and use tape vaulting in training environment. Part of your task is to present a step-by-step list, but with a fast rotation time; so that everybody can see the functioning of the configuration (rather then wait, for example, a six-months return time of a tape). The following is your high-level outline of the tasks, with a diagram of the names that you are planning to use. Configuring a new vaulting environment: Define a media storage location. Define a rotation policy consisting of several rules. Create a new media family. Associate a rotation policy with a media family.
Using a new vaulting environment: Perform a backup. Schedule a location scan. Execute a media movement job. View tape rotation reports: o Location reports o Two types of job reports: Pick reports (which assist operators to collect the volumes that need to be moved) Distribution reports (which are similar to packing lists, shipped with the volumes to the next location)
Oracle Database 11g: Oracle Secure Backup
A - 78
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 10
In this practice, you configure a new tape vaulting environment by executing the following steps: 1. Define a media storage location. 2. Define a rotation policy with three rules. 3. Create a new media family. 4. Associate a rotation policy with a media family. You should be logged in to Oracle Secure Backup Web tool as the admin user with the oracle password and set “Extended Command Output” as your web tool preference. You can perform steps 1, 2 and 3 in any order, but they all have to be complete before step 4. Note: This practice is a prerequisite for the following one “Use Tape Vaulting”. 1) To define a media storage location, perform the following steps: a) Navigate to Configure > Locations (in the Media Life Cycle section).
b) On the Configure: Locations page, you see that Oracle Secure Backup has automatically created locations for you: The Media_Recycle_Bin location can be used as a temporary "holding" location, when tapes are ready for reuse. When you configured devices, vlib and vlib2 were automatically created as "active locations". c) To define a new location, click Add.
Oracle Database 11g: Oracle Secure Backup
A - 79
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting
d) On the Configure: Locations > New Locations page, enter offsite_location as Location and 3 minutes as Recall time, and then click Apply.
Note: The Recall time is the time needed to return tapes for restoration. Recall time is an optional parameter, but its use is recommended, especially when you plan to use duplication policies. OSB considers this information and initiates restore operations (from original or duplicate tapes) with the shortest recall time. e) You should receive a success message. View the mkloc obtool command.
Oracle Database 11g: Oracle Secure Backup
A - 80
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
f) Click OK.
Oracle Database 11g: Oracle Secure Backup
Oracle University and (Oracle Corporation) use only.
Practice 10-1: Configure Tape Vaulting (continued)
A - 81
2) To define a rotation policy with three rules, perform the following steps: a) Navigate to Configure > Rotation Policies.
b) On the Configure: Rotation Policies page, click Add.
c) On the Configure: Rotation Policy > New Rotation Policy page, enter quick_test_rotation as Rotation Policy and then click Apply.
Oracle Database 11g: Oracle Secure Backup
A - 82
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
d) You should receive a success message. Review the mkrot obtool command.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
e) In the Rotation rule(s) section, select or enter the following values, and then click Add to define your first rotation rule Location: vlib
Oracle Database 11g: Oracle Secure Backup
A - 83
Practice 10-1: Configure Tape Vaulting (continued)
Note: Your first rotation rule (which must use a volume in an active location) appears in the display section above your definition area. In this example, the tapes (per media family) are eligible for movement five minutes after the Write window has closed. This implies that the media family must have a write window parameter specified. f) Review the chrot obtool command.
g) Define your second rotation rule: the test volume takes eight minutes to arrive at the offsite_location location. Select or enter the following values, and then click Add: Location: offsite_location Event: arrival Duration: 8 minutes
Oracle Database 11g: Oracle Secure Backup
A - 84
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Event: windowclosed Duration: 5 minutes
Practice 10-1: Configure Tape Vaulting (continued)
Note: Later, when a media movement job is executed, OSB assumes the volumes are at the next scheduled location and does not take the shipping time into account. i) To define your third rotation rule, select or enter the following values, and then click Add: Location: Media_Recycle_Bin Event: arrival Duration: 6 minutes
j) Review the chrot obtool command.
Note: The Media_recycle_bin is a holding location. When you return a tape device to the Media_recycle_bin or another user-configured location, then OSB considers the tape to be at the end of its rotation policy. OSB does not associate the tape with another rotation policy until the tape is reused. Then OSB will use the new media family and rotation policy (if any). k) Click OK, to add these rules to the quick_test_rotation policy.
Oracle Database 11g: Oracle Secure Backup
A - 85
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
h) Review the chrot obtool command.
l) Review the chrot obtool command, and then click the Configure link in preparation for your next task.
3) To create a new media family, perform the following steps: a) Navigate to Configure > Media Families.
Oracle Database 11g: Oracle Secure Backup
A - 86
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
b) On the Configure: Media Families page, first review the existing media families, and then click Add.
c) On the Configure: Media Families > New Media Families page, enter and confirm the following values, and then click Apply: Media Family: offsite_test Volume ID used: Unique to this media family Volume expiration: Time Managed Keep volume set: 10 minutes Appendable: yes
Oracle Database 11g: Oracle Secure Backup
A - 87
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
d) You should receive a success message.
e) Scroll down to view the mkmf obtool command.
f) Click OK. 4) To associate a rotation policy with a media family, perform the following steps: a) On the Configure: Media Families page, select the offsite_test media family, and then click Edit.
b) On the Configure: Media Families > offsite_test page, enter or select the following values, and then click Apply: Write window: 5 minutes Rotation Policy: quick_test_rotation Oracle Database 11g: Oracle Secure Backup
A - 88
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
Practice 10-1: Configure Tape Vaulting (continued)
c) Review the chmf obtool command and then click OK.
d) You should receive a success message. You can review the chmf obtool command again.
Oracle Database 11g: Oracle Secure Backup
A - 89
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Note: The Write window is the period of time for which a volume set is open for updates. In other words, it needs to be long enough to complete at least one backup.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-1: Configure Tape Vaulting (continued)
Oracle Database 11g: Oracle Secure Backup
A - 90
In this practice, you use your newly configured tape vaulting environment to perform the following tasks: Performing a backup Scheduling a location scan Executing a media movement job Viewing tape rotation reports An additional prerequisite is the creation of the mylabs dataset in the “Back Up FileSystem Data” practice. You should be logged in to Oracle Secure Backup Web tool as the admin user with the oracle password and set “Extended Command Output” as your web tool preference. 1) To perform a file-system backup, execute the following steps: a) Navigate to Backup > Backup Now.
b) On the Backup Now page, click Add.
c) On the Options page, select or enter the following values, and then click OK: Datasets: mylabs Backup level: full Media family: offsite_test Encryption: no
Oracle Database 11g: Oracle Secure Backup
A - 91
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting
d) You should receive a success message. Review the obtool command.
e) On the Backup Now page, select the mylabs dataset and click Go.
f) Note your job id and click Home. Your job id is most likely different.
g) On the OSB Home page, click the transcript icon before your Job ID. (If you do not see your Job ID, you might need to expand the “Completed Jobs” node by clicking Show completed jobs.)
Oracle Database 11g: Oracle Secure Backup
A - 92
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
h) In the Job Transcript Viewer scroll through the output file and review it. For example, you might notice the encryption algorithm and the volume name. Should you have to do any troubleshooting, you will probably need to know the volume name.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
Question: Why is encryption on? (Remember you chose Encryption: no on the Backup Now Options page). Answer: You enabled encryption for the host in the “Configure a Host Encryption Policy” practice. So, all backup jobs are automatically encrypted, unless you explicitly exclude them from encryption, as is done with the OSB catalog backup (in the “Perform a Preconfigured OSB Catalog Backup” practice). i) When you are finished reviewing the output, click Close. 2) To schedule a location scan, perform the following tasks: a) Navigate to Manage > Schedule Location Scan.
Oracle Database 11g: Oracle Secure Backup
A - 93
b) Click Add.
c) On the Manage: Schedule Location Scan > New Schedule Location Scan page, enter schedule_location as Schedule Location Scan, select all Locations and then click Apply.
d) You should receive a success message. Review the mksched obtool command and click Triggers.
Oracle Database 11g: Oracle Secure Backup
A - 94
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
e) On the Triggers page, click Select_daily (which selects all days for you), enter or select a time that is a couple of minutes into the future. This example uses 00:45 hours as Time. Then click Add.
Oracle Database 11g: Oracle Secure Backup
A - 95
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
Practice 10-2: Use Tape Vaulting (continued)
f) You should receive a success message. Review the chsched obtool command. Then click the schedule_location link to return to the previous page.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Note: If you see during the next task, that no scan was executed, return to this step to edit the schedule_location schedule by adding another "time trigger" with values that are appropriate for your environment.
g) On the Manage: Schedule Location Scan > schedule_location page, click OK.
h) You should receive a success message. Review the chsched obtool command.
Oracle Database 11g: Oracle Secure Backup
A - 96
i) Click the Manage link in preparation for your next task 3) Based on the results of a scan control job, "pending" media movement jobs can be created. These jobs are "pending" until they are explicitly run by an operator, who usually also takes care of associated tasks, such as physically transporting tapes, and so. Note: You may encounter predefined wait time before the media movement job appears, because the offsite_test media family has a Write Window of 5 minutes and a "Keep Volume Set" duration of 10 minutes. Also your rotation policy has a Write Window of 5 minutes. To execute a media movement job, perform the following steps: a) On the Manage: Jobs page under Viewing options, select the scan control Types and the following check boxes: Active, Complete and Pending. Then click Apply.
Oracle Database 11g: Oracle Secure Backup
A - 97
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
b) If you do not have any scan jobs, return to the previous task and schedule another location scan. If the state is future work, wait until the job execution is complete. c) Your resulting job list will look different. On the Manage: Jobs page, select the last volume vaulting scan job (if you have more than one) and then click Show Properties.
d) Review the Job Properties and then click Close.
Oracle Database 11g: Oracle Secure Backup
A - 98
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
e) On the Manage: Jobs page, select the last volume vaulting scan job (if you have more than one) and then click Show Transcript.
f) Optional: Select Level: 2 Verbose and then click Apply. g) Review the job transcript. (Level 4 displays fewer lines than level 2.) You should see the pending media movement job. Then click Close. If you do not see your media movement job and the job is still running, wait and occasionally refresh your page until it appears. If you do not see your media movement job and the job is completed, initiate another scan control job.
Oracle Database 11g: Oracle Secure Backup
A - 99
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
h) On the Manage: Jobs page under Viewing options, select the media movement Types and the following check boxes: Active, Complete and Pending. Then click Apply.
i) Your resulting job list might look different. On the Manage: Jobs page, select the media movement for vlib job and then click Run
Oracle Database 11g: Oracle Secure Backup
A - 100
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
j) Select Now and Media Movement as Run Option and then click Apply.
Oracle Secure Backup executes the media movement job. You should receive a success message. k) On the Manage: Jobs page, select your media movement job and then click Show Properties.
l) You should see a successful completion. When you are finished reviewing the job properties, click Close.
Oracle Database 11g: Oracle Secure Backup
A - 101
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
m) On the Manage: Jobs page, select your media movement job and then click Show Transcript.
n) Review the job transcript. You should see that your volume moved to the next location, as specified by your rotation policy. When you are finished reviewing the job transcript, click Close.
Oracle Database 11g: Oracle Secure Backup
A - 102
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
o) Click the Manage link in preparation for your next task.
Now you are ready to view location and job reports. Location reports show the current and next location of your volumes. Job reports are of two types: Pick reports (which assist operators to collect the volumes that need to be moved) Distribution reports (which are similar to packing lists, shipped with the volumes to the next location) 4) To view tape rotation reports, perform the following steps: a) Navigate to the Manage > Location Reports page.
b) On the Manage: Location Reports page, select the following values, and then click View Report: Location: offsite_location Type: location
Oracle Database 11g: Oracle Secure Backup
A - 103
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
c) Review the report. Your volume is in the offsite_location. The next location for your volume is the Media_Recycle_Bin, as defined in your volume rotation policy (The next planned location is only listed within a report after the first movement to a new location.)
d) When you are finished reviewing the report, click Close e) Navigate to Manage > Job reports.
A distribution and a pick report are automatically generated for each media movement job f) Select the pick report and click View Report.
g) Review the pick report. It shows all volumes that need to be physically moved by an operator. When you are finished reviewing the report, click Close.
Oracle Database 11g: Oracle Secure Backup
A - 104
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practice 10-2: Use Tape Vaulting (continued)
Practice 10-2: Use Tape Vaulting (continued)
i) Review the distribution report. A distribution report is similar to a packing list, which is shipped with all volumes to the next location. When you are finished reviewing the report, click Close.
j) Click Logout in the top-right corner to leave the OSB Web tool.
Oracle Database 11g: Oracle Secure Backup
A - 105
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
h) Select the distribution report and click View Report.
Background: Tape vaulting and duplication are often used together. For example, your organization plans to maintain one set of backup tapes onsite for one month and to send a copy of the tapes offsite for disaster recovery and to meet its long-term storage requirements of seven years. In this scenario, your backup is associated with the onsite_1m media family (with a one-month retention and either no rotation policy or a rotation policy to an onsite storage location). The onsite_1m media family has a duplication policy that copies the tapes to the offsite_7y media family (which has a seven-year retention, no duplication policy, and a rotation policy to the desired storage location for seven years). The osb_media_lifecycle_viewlet_swf.html demonstration covers a similar scenario (with different names and retention times). It includes the following tasks: 1. Create a new Demo location. 2. Create a new Demo_Rotation rotation policy with three rules. 3. Assign the Demo_Rotation policy to the OSB_CATALOG-MF media family. 4. Create a Full_Demo media family. 5. Create a Full_Offsite media family and assign the Demo_Rotation policy. 6. Create a Full_Dup_Offsite duplication policy that copies tapes from the Full_Demo media family to the Full_offsite media family. 7. Associate the Full_Dup_Offsite duplication policy with the Full_Demo media family. 8. Create the Demo_Loc_Scan schedule for vaulting jobs. 9. View the default volume duplication window. 10. Create the Demo_dup_scan schedule within the duplication time window for the duplication job. 11. Navigate to Location reports, which enable you to track tapes at the various locations.
Oracle Database 11g: Oracle Secure Backup
A - 106
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Practices for Lesson 11
Practice 11-1: View Media Lifecycle Demo
1) Click the oracle’s Home icon on your desktop. 2) Navigate to the /home/oracle/demos/osb_media_lifecycle directory. 3) Double-click the osb_media_lifecycle_viewlet_swf.html file. 4) In the Run or Display window, click Display and view the presentation. 5) Use the controls at the bottom of the viewlet window to start, pause and stop the presentation, as suits your personal learning style. 6) Uninterrupted viewing of the demos takes about ten minutes. When you have finished viewing the presentation, close your Web browser window.
Oracle Database 11g: Oracle Secure Backup
A - 107
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
In this practice, you view a demonstration of the media life cycle. This is a combination of the tape vaulting and duplication topics.
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Oracle Secure Backup: Additional Topics
After completing this lesson, you should be able to: • Perform an RMAN-encrypted database backup and restore operations • View OSB jobs transcripts and logs • Describe OSB performance considerations related to RAC
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup B - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Objectives
Encrypted Backups to Tape RMAN backup encryption:
– Encryption keys are transparently managed by the database – Backup encryption at the database or tablespace level – Encryption algorithms up to 256-bit AES
•
Secure transportation over the network: – Database backups with RMAN encryption – File-system backups with SSL
•
RMAN encrypted backups on tape—only available with Oracle Secure Backup.
Copyright © 2009, Oracle. All rights reserved.
Encrypted Backups to Tape Oracle Secure Backup leverages RMAN backup encryption technology, such as: • Encryption keys being transparently managed by the database • Your ability to choose backup encryption at the database or tablespace level. (This is in addition to the Transparent Data Encryption (TDE), which you can use inside the Oracle database.) • Substantial protection through encryption algorithms up to 256-bit AES During transportation over the network, database backups are secured with RMAN encryption (in which case, no additional SSL is used). If your database backups are not encrypted by RMAN, Oracle Secure Backup uses SSL by default. It also secures your file-system backups over the network by using SSL. To store RMAN encrypted backups on tape, you must use Oracle Secure Backup.
Oracle Database 11g: Oracle Secure Backup B - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
.
> RMAN Encryption OSB Jobs RAC
RMAN offers three encryption modes: • Transparent mode: – Uses the Oracle key management infrastructure – Requires that you first configure Oracle Encryption Wallet
•
•
Password mode: Requires the use of the SET ENCRYPTION ON IDENTIFIED BY password ONLY command in your RMAN scripts Dual mode: Requires the use of the SET ENCRYPTION ON IDENTIFIED BY password command in your RMAN scripts
Copyright © 2009, Oracle. All rights reserved.
Creating RMAN Encrypted Backups For improved security, RMAN backup set backups can be encrypted. Any RMAN backups created as backup sets can be encrypted. Image copy backups cannot be encrypted. Encrypted backups are decrypted automatically during restore and recover operations, as long as the required decryption keys are available, by means of either a user-supplied password or the Oracle Encryption Wallet. RMAN supports three encryption modes: • Transparent mode • Password mode • Dual mode Additional information about each mode follows.
Oracle Database 11g: Oracle Secure Backup B - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Creating RMAN Encrypted Backups
Perform the following steps: 1. Create a wallet using Oracle Wallet Manager: ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/opt/oracle/product/10.2.0/db_1/)))
2. Open the wallet: ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY ;
3. Set the master key: ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY ;
Copyright © 2009, Oracle. All rights reserved.
Using Transparent Mode Encryption Transparent encryption does not require DBA intervention as long as the required Oracle key management infrastructure is available. Transparent encryption is best suited for day-to-day backup operations, where backups will be restored on the same database that they were backed up from. Transparent encryption is the default encryption mode. You must first configure the Oracle Encryption Wallet to use transparent encryption. Refer to the Oracle Advanced Security Administrator’s Guide for detailed information about the Oracle Encryption Wallet. Perform the following steps to use transparent mode encryption: 1. Create a wallet using Oracle Wallet Manager. By default, an unencrypted wallet (cwallet.sso) is created when Oracle Database is installed. An encrypted wallet (ewallet.p12) is recommended for use with backup set encryption. Place an entry in the sqlnet.ora file as shown in the slide. 2. Open the wallet. Before you can use backup set encryption , you must ensure that the wallet is opened by your instance. The password specified with the ALTER SYSTEM command is the same password that you specified when you created the wallet in step 1. 3. Set the master key from within your instance. When the wallet is opened, you must set the master key. Oracle Database 11g: Oracle Secure Backup B - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Using Transparent Mode Encryption
4. Configure RMAN encryption level (database, tablespace, or database excluding tablespaces): CONFIGURE ENCRYPTION FOR DATABASE ON CONFIGURE ENCRYPTION FOR TABLESPACE ON
5. Set an encryption algorithm, if needed: SET ENCRYPTION ALGORITHM 'algorithm name'
Copyright © 2009, Oracle. All rights reserved.
Using Transparent Mode Encryption (continued) 4. Configure the RMAN encryption level. The CONFIGURE ENCRYPTION command is used to specify encryption settings for the database or tablespaces within the database, which apply unless overridden using the SET command. Options specified for an individual tablespace take precedence over options specified for the whole database. 5. Set an encryption algorithm, if needed. Query V$RMAN_ENCRYPTION_ALGORITHMS to obtain a list of encryption algorithms supported by RMAN. The default encryption algorithm is 128-bit AES.
Oracle Database 11g: Oracle Secure Backup B - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Using Transparent Mode Encryption
Using Password Mode Encryption
SET ENCRYPTION ON IDENTIFIED BY ONLY
Copyright © 2009, Oracle. All rights reserved.
Using Password Mode Encryption When you use password encryption, you must provide a password when you create and restore encrypted backups. When you restore the password-encrypted backup, you must supply the same password that was used to create the backup. Password encryption is most appropriate for backups that will be restored at remote locations, but which must remain secure in transit. Use the SET ENCRYPTION ON IDENTIFIED BY password ONLY command in your RMAN scripts to enable password encryption. Password encryption cannot be persistently configured. Note: For security reasons, it is not possible to permanently modify your existing backup environment so that RMAN backups are encrypted using the password mode. You can enable password-encrypted backups only for the duration of an RMAN session.
Oracle Database 11g: Oracle Secure Backup B - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Enable password mode encryption in your RMAN session:
Using Dual Mode Encryption
•
Dual-mode encrypted backups can be restored transparently or by specifying a password. Enable password mode encryption in your RMAN session:
SET ENCRYPTION ON IDENTIFIED BY 'password'
Copyright © 2009, Oracle. All rights reserved.
Using Dual Mode Encryption Dual-mode encrypted backups can be restored transparently or by specifying a password. Dual-mode encrypted backups are useful when you create backups that are normally restored using the Oracle Encryption Wallet, but which occasionally must be restored where the Oracle Encryption Wallet is not available. To create dual-mode encrypted backup sets, specify the SET ENCRYPTION ON IDENTIFIED BY password command in your RMAN scripts.
Oracle Database 11g: Oracle Secure Backup B - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
• •
Before restoration, set the RMAN session to decrypt backups. Specify all required passwords with the SET DECRYPTION command when restoring from a set of backups that were created with different passwords.
SET DECRYPTION IDENTIFIED BY '' {, '',…,' }
Copyright © 2009, Oracle. All rights reserved.
Restoring Encrypted Backups Use the SET DECRYPTION command to specify one or more decryption passwords to be used when reading dual-mode or password-encrypted backups. When RMAN reads encrypted backup pieces, it tries each password in the list until it finds the correct one to decrypt that backup piece. An error is signaled if none of the specified keys are correct.
Oracle Database 11g: Oracle Secure Backup B - 9
Oracle University and (Oracle Corporation) use only.
Restoring Encrypted Backups
1 2
Copyright © 2009, Oracle. All rights reserved.
Performing Encrypted Recovery While performing encrypted database recovery from tape and disk, you can notice the following: 1. The SET DECRYPTION command is executed. 2. The recovery completed successfully and the EXAMPLE tablespace is brought back online.
Oracle Database 11g: Oracle Secure Backup B - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Performing Encrypted Recovery
RMAN Encrypted to Disk (ASO)
Datafiles
Password
Encrypted to Tape (OSB)
Copyright © 2009, Oracle. All rights reserved.
Comparing RMAN and OSB Encryption RMAN Encrypted Backups Recovery Manager (RMAN) can create encrypted backups to either tape or disk as long as the required Oracle key management infrastructure is available. RMAN encryption can use either a password-based key or a generated key held in the Oracle wallet. The data is encrypted by RMAN before it is transmitted to the disk or tape storage device, and no further encryption is performed. RMAN backup encryption is only available in the Enterprise Edition of the database, and the COMPATIBLE parameter must be set to 10.2.0 or higher. Encrypted backup to disk requires Advanced Security Option to provide the key infrastructure. Encrypted backups to tape require Oracle Secure Backup (OSB) to provide the key infrastructure. OSB includes the same technology as ASO.
Oracle Database 11g: Oracle Secure Backup B - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Comparing RMAN and OSB Encryption
OSB Encrypted Data Files Tape Device
OSB Wallet OS Files
Copyright © 2009, Oracle. All rights reserved.
Comparing RMAN and OSB Encryption (continued) Oracle Secure Backup Encryption Oracle Secure Backup (OSB) is available in both Standard Edition and Enterprise Edition of the Oracle Database 10g Release 2. Oracle Secure Backup includes the secure communications technology of the ASO in the Enterprise Edition to provide secure communication between hosts (administrative, source, and target) in the OSB domain. OSB encrypts the transmitted data and control messages with a default key of 1,024 bits generated for each session using SSL. OSB provides this key from an embedded wallet that is separate from the Oracle wallet used by RMAN to encrypt backups. If RMAN encryption is provided, OSB does not encrypt the data again for transmission. But if RMAN encryption is disabled, OSB does encrypt the data during transmission. You can modify the default security configuration in the following ways: • Disable SSL for interhost authentication and communication by setting the securecomms security policy in OSB. • Transmit identity certificates in manual certificate provisioning mode. • Set the key size for a host to a value from 512 to 4,096 bits, rather than the default of 1,024 bits.
Oracle Database 11g: Oracle Secure Backup B - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Comparing RMAN and OSB Encryption
Comparing RMAN and OSB Encryption (continued)
Because Oracle Secure Backup–embedded wallets are used only for interdomain communication, they do not have any direct relationship to the backup data written to tape. Therefore, if wallets are destroyed and re-created, it does not affect the restoration of data from tape. Oracle Secure Backup does not share its wallets with other Oracle products. Besides maintaining its password-protected wallet, each host in the domain maintains an obfuscated wallet. This version of the wallet does not require a password. The obfuscated wallet, which is scrambled but not encrypted, enables the Oracle Secure Backup software to run without requiring a password during system startup. The password for the password-protected wallet is generated by Oracle Secure Backup and not made available to the user. The password-protected wallet is not normally used after the security credentials for the host have been established, because the Oracle Secure Backup daemons use the obfuscated wallet. To reduce the risk of unauthorized access to obfuscated wallets, Oracle Secure Backup does not back them up. The obfuscated version of a wallet is named cwallet.sso. By default, the wallet is located in /usr/etc/ob/wallet on Linux and UNIX, and C:\Program Files\Oracle\Backup\db\wallet on Windows. Best practice tip: Back up the OSB-encrypted wallet.
Oracle Database 11g: Oracle Secure Backup B - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Encryption (continued) • Disable encryption for backup data in transit by setting the encryptdataintransit security policy.
Oracle Secure Backup Jobs
Oracle Secure Backup backup and restore jobs include: – – – – –
•
Dataset File-system backup File-system restore Oracle backup (RMAN) Oracle restore (RMAN)
Oracle Secure Backup media management jobs include: – Scan control – Media movement – Duplication
•
For each job, Oracle Secure Backup maintains a: – Log – Running transcript Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Jobs Oracle Secure Backup creates jobs in response to work that you ask it to do. It assigns each job a name, called a job identifier, that is unique among all jobs within the administrative domain. Several events cause Oracle Secure Backup to create new jobs: • At the beginning of the day, Oracle Secure Backup inspects the triggers defined in each schedule. For each trigger that fires that day, it creates one new job and assigns the scheduled job a numerical job identifier. • Media management jobs are based on OSB scanning its catalog (based on your schedule). For candidate tape volumes the appropriate jobs are created. As OSB operator, you must execute the media movement jobs; the execution of duplication jobs can be automated. • Also, each time you explicitly request that Oracle Secure Backup perform a backup and send your request to the scheduler, Oracle Secure Backup creates a job. It assigns the job an identifier consisting of the username of the logged-in user, a slash, and a unique numerical identifier. An example of such a job identifier is admin/233.
Oracle Database 11g: Oracle Secure Backup B - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
RMAN Encryption > OSB Jobs RAC
Oracle Secure Backup keeps a log for each job. This “job log” describes high-level events, such as the creation, dispatch, and completion times of the job. You can view the log through both the Oracle Secure Backup Web tool and obtool interface. Oracle Secure Backup also maintains a running transcript for each job. The transcript contains everything that is written to the standard output stream by the job’s components, such as obtar. Oracle Secure Backup creates this transcript when dispatching the job for the first time, and updates it as the job progresses. When a job requires operator assistance, Oracle Secure Backup prompts for assistance by using the transcript and by sending an email notification, if you configured this. When you list the jobs by using the obtool utility, it displays the job ID, the scheduled time, the contents, and the job state. The contents field contains the following information, depending on the backup job type: • The dataset being backed up (dataset jobs) • The host on which the data set is being backed up (backup job) • A description of the data being restored (restore job) • The database backup operation, such as datafile or archivelog (Oracle backup job) • The backup piece restored (Oracle restore job)
Oracle Database 11g: Oracle Secure Backup B - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Jobs (continued) • At the scheduled start time for a dataset job, Oracle Secure Backup reads the dataset, and then creates one subordinate job for each host that Backup Web it includes. In job descriptions, Oracle Secure Backup calls this a backup job. It assigns each backup job an identifier whose prefix is the parent (dataset) job ID, followed by a dot, and then followed by a unique small number. An example of such a job identifier is admin/233.1. • Each time you explicitly request that Oracle Secure Backup restore data, and send your request to the scheduler, Oracle Secure Backup creates a “restore job” for each backup image that must be read to effect the restore. It assigns each job an identifier consisting of the logged-in username, a slash, and a unique numerical identifier. If Oracle Secure Backup creates multiple jobs to satisfy one restore request, it marks each job except the first as dependent on the success of the previous job. The effect of this notation is that, should a job fail on which a later job is dependent, that later job is also marked as failed. • RMAN creates an Oracle Secure Backup job with types of oracle backup or oracle restore instead of the backup and restore type.
Copyright © 2009, Oracle. All rights reserved.
Managing Jobs After your backup has been submitted to the Oracle Secure Backup scheduler, you manage these jobs from the Oracle Secure Backup Web tool: 1. From the Manage page, click the Jobs link in the Maintenance section. You are directed to the Jobs page. 2. To limit the jobs displayed to: - A specific host: select that host from the Host list - Those instantiated by a certain user: select that user from the User list - A particular dataset: select that dataset from the Dataset list 3. Select one or more of the following Viewing options: - Active: Select this option if you want to view the status of backup jobs that are currently in progress. - Complete: Select this option to view the status of completed jobs, whether they succeeded or not. - Pending: Select this option if you want to view the statuses of jobs that are pending, but not presently running. - Input pending: Select this option to view the statuses of jobs that are running and requesting input now. Oracle Database 11g: Oracle Secure Backup B - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Jobs
On-demand backups (created as backup requests) are named using the Oracle Secure Backup username and a system-generated number (for example, admin/1). Scheduled jobs are named using a system-generated number, but do not include the username as part of the job name. (or example, 1.1). Oracle Database backup jobs are considered on-demand backups, so the username is included in the job ID (for example, oracle/1.1).
Oracle Database 11g: Oracle Secure Backup B - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Managing Jobs (continued) - Today: Select this option if you want to view the statuses of backup jobs that are scheduled to run today. - Scheduled time: Select this option to display jobs scheduled within a time range that you select from the From date and To date boxes. 4. Select the type of jobs that you want to see in the report. Your choices are: backup, restore, dataset, Oracle backup, and Oracle restore. You can select multiple job types by holding down Shift while selecting a job type. 5. Click Apply to accept your selections. Information is displayed in the job management table in the central panel. The following information is available for each job: - ID: The Oracle Secure Backup-assigned job identifier - Type: The type of Oracle Secure Backup job associated to a host - Time: The date and time the job began or is scheduled to begin - State: The job status, which can be pending, completed successfully, or failed To monitor jobs with the obtool interface, use the lsjob command. Note that the state of newly created jobs is future work until the job has been submitted.
Copyright © 2009, Oracle. All rights reserved.
Viewing Job Properties and Transcripts To view job properties in the Oracle Secure Backup Web tool, perform the following steps: 1. Select a job ID from the job management table in the central panel of the Jobs page. 2. Click the Show Properties button. The Job Properties page appears, showing the characteristics of the selected job. To view a job transcript in the Oracle Secure Backup Web tool, perform the following steps: 1. Select a job from the job management table in the central panel of the Jobs page. 2. Click Show Transcripts. A transcript page appears. 3. Scroll down the page to view more information. At the end of the page, you can modify the transcript viewing criteria. Optionally, select a message level from the Level list. Oracle Secure Backup tags each message it writes to a transcript with a severity level. These levels range from “0 Debug message (extra output)” to “9 Fatal.” 4. Optionally, select “Start at line” and enter a line number at which you want the transcript view messages to start. 5. Optionally, select the “Suppress input” check box to suppress input requests. When a request for input is recognized, Oracle Secure Backup prompts for a response. Specifying this option suppresses this action.
Oracle Database 11g: Oracle Secure Backup B - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Viewing Job Properties and Transcripts
To view a job transcript, you must be the owner of the job or belong to a user class that has either the list any jobs owned by user or the list any job, regardless of its owner right.
Oracle Database 11g: Oracle Secure Backup B - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Viewing Job Properties and Transcripts (continued) 6. Optionally, select the “Show line numbers” check box to prefix each line with its message number. 7. Optionally, select the “Head lines” option and enter a number representing the first N lines of the transcript having a message severity level at or above the value you selected. 8. Optionally, select the “Tail lines” option if you want to display the last N lines of the transcript having a message severity level at or above the value you selected. 9. Optionally, select a value in the “Page refresh (in seconds)” list. The default is 60 seconds. 10. Click Apply to accept your changes, if any, and redisplay the transcript.
Troubleshooting Jobs A
...
Copyright © 2009, Oracle. All rights reserved.
Troubleshooting Jobs A. An alternative way to view the job properties is to click the job link on the OSB Home page. B. An alternative way to view the transcript is to click the icon before the job link. Note: The job transcript informs you of an error and the job waits for your input.
Oracle Database 11g: Oracle Secure Backup B - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
B
Copyright © 2009, Oracle. All rights reserved.
Suspending and Resuming Job Dispatching It is possible to temporarily suspend and later resume the Oracle Secure Backup dispatching of jobs. When job dispatching is suspended, running jobs are allowed to complete; however, the scheduler starts no new jobs. After job dispatching is suspended, the scheduler resumes it when you select the resume function or restart Oracle Secure Backup on the administrative server. To suspend job dispatching, from the Daemons page, click the Suspend button. The message “obscheduled suspended” appears in the Status area. Any pending backup and restore (scheduled or one-time) jobs are no longer dispatched. Jobs that are already running are permitted to finish. To resume job dispatching, from the Daemons page, click the Resume button. The message “obscheduled processing resumed” appears in the Status area. The following scenario shows you how to suspend and resume job dispatching with the obtool utility: ob> ctldaemon --command suspend ob> lsdaemon Process Daemon/ ID Service State 31815 observiced normal 31817 obscheduled suspended
Listen port 400 64739
Qualifier
Oracle Database 11g: Oracle Secure Backup B - 21
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Suspending and Resuming Job Dispatching
ob> ctldaemon --command resume ob> lsdaemon --long --host EDRSR14P1 Process ID: 31815 Daemon/Service: observiced State: normal Listen port: 400 Qualifier: (none) Process ID: 31817 Daemon/Service: obscheduled State: normal Listen port: 64739 Qualifier: (none) ob>
The ctldaemon command is generally used to control the operation of an Oracle Secure Backup daemon. In the above example, ctldaemon is used to suspend and resume Oracle Secure Backup job scheduling. The lsdaemon command is used to list the Oracle Secure Backup daemons running on a particular host. Note: For more information about the these commands, refer to the Oracle Secure Backup Reference.
Oracle Database 11g: Oracle Secure Backup B - 22
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Suspending and Resuming Job Dispatching (continued)
Copyright © 2009, Oracle. All rights reserved.
Job Summaries A “job summary” is a text file report that describes the backup and restore activity performed by Oracle Secure Backup. You can use job summaries to monitor specific backup jobs, or you can use a job summary report to monitor all backup and restore activity for a time period. You can create a “job summary schedule,” which enables Oracle Secure Backup to generate multiple summary reports, each covering different time periods or activities. If an email system such as sendmail is operational on the administrative server, then you can supply the email addresses for the recipients of job summary reports and the report will be sent in an email to those recipients. It is recommended that you create at least one job summary schedule so that you receive an automated email describing your backup jobs. Using the Web tool, in the Advanced section of the Configure page, click Job Summaries to list the configured job summary schedules. To remove a job summary schedule, select the schedule you want to remove, and then click Remove.
Oracle Database 11g: Oracle Secure Backup B - 23
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Job Summaries
($ORACLE_HOME)
Oracle Secure Backup ( directory)
rdbms/log/sbtio.log
admin/log/scheduler/log
RMAN
Copyright © 2009, Oracle. All rights reserved.
Displaying Log Files and Transcripts If an error occurs during an SBT session, Oracle Secure Backup tries to send the error description to the administrative server to be saved in the job transcript. RMAN records the error in the trace file named sbtio.log, unless the user has configured a different file to be used by RMAN. By default, this trace file is located in the $ORACLE_HOME/rdbms/log directory. All SBT errors contain the following information: • The location (function) where the failure occurred (for example, sbtbackup) • The operation that was being performed (for example, “creating a backup piece”) • A brief description of the problem (for example, “unable to contact admin server”) • If applicable, a brief description of the remedy that the user may apply • If applicable, the name of the trace or debug file where additional information about the problem can be found You can get more trace information by using the TRACE option of the ALLOCATE CHANNEL command. For example: ALLOCATE CHANNEL c1 TYPE sbt TRACE 5 … Trace levels range from 0 (errors only) to 6 (verbose debugging).
Oracle Database 11g: Oracle Secure Backup B - 24
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Displaying Log Files and Transcripts
In this lesson, you should have learned how to: • Perform an RMAN-encrypted database backup and restore operations • View OSB jobs transcripts and logs • Describe OSB performance considerations related to RAC
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup B - 25
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Copyright © 2009, Oracle. All rights reserved.
Oracle University and (Oracle Corporation) use only.
Oracle Secure Backup Additional Installation Topics
This appendix, together with the relevant lesson, should assist you to: • Install Oracle Secure Backup on Windows • Locate and describe the Oracle Secure Backup installed files • Verify your installation • Remove Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
Topics For a demonstration of the Windows installation steps, view the osb_win_ins viewlet.
Oracle Database 11g: Oracle Secure Backup C - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Topics
Run setup.exe Answer customer information dialogs Select the type of host from the Oracle Secure Backup Setup screen Install Answer service startup dialogs Answer service login dialogs
Copyright © 2009, Oracle. All rights reserved.
Windows Installation: Overview Before beginning your installation, see documentation for platform-specific details, such as: how to configure firewalls. Oracle Secure Backup supports configuring the administrative domain on a host running the Windows operating system. During the installation process, the Oracle Secure Backup Setup Wizard copies all Oracle Secure Backup files to the local host and generates Windows Registry entries. Note • Every installation of Oracle Secure Backup on Windows is a client installation, and can additionally be a media server or administrative server installation. • With OSB 10.2, it is not necessary to stop tape device drivers, before beginning your installation.
Oracle Database 11g: Oracle Secure Backup C - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Windows Installation: Overview
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup InstallShield Wizard 1. Run the setup.exe program from the directory into which you originally downloaded the software. The InstallShield Wizard is displayed. 2. Click Next to continue. A system check should inform you that: “This will be a clean install of Oracle Secure Backup.” 3. Click Next to continue. The Customer Information dialog box is displayed. 4. Enter your name in the User Name box. 5. Enter the name of your company in the Organization box. 6. Select a target user for the application. Your choices are: - Anyone who uses this computer (all users) - Only for me (user) 7. Click Next to continue. 8. Choose the program features to configure: a. To configure the Windows host as a media server, click the pull-down menu of the Media Server icon. The options that are displayed are shown in the slide. Selecting the “This feature will be installed on local hard drive.” option removes the X from the Media Server icon and installs the media server software.
Oracle Database 11g: Oracle Secure Backup C - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup InstallShield Wizard
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup InstallShield Wizard (continued) b. To configure the Windows host as an administrative server, click the pull-down menu of the Administrative Host icon and select “This feature will be installed on local hard drive.” Again, selecting this option removes the X from the Administrative Host icon and installs the administrative server software. c. If you plan to perform Oracle database backups and restores, repeat this process for Create “oracle” user. Doing so creates an Oracle Secure Backup user called oracle (with the rights and privileges of the oracle class) whose purpose is to facilitate RMAN backup and restores of Oracle databases. 9. Click Next to continue. The “Encryption Wallet Password” window is displayed. Enter a strong password for the encryption wallet and re-enter it for verification. Then click Next.
Oracle Database 11g: Oracle Secure Backup C - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup InstallShield Wizard
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup InstallShield Wizard (continued) 10. Enter a strong password for the admin user and reenter it for verification. If possible, provide an email address for the admin user. Oracle Secure Backup will send reports, such as the Job Summary to this email. Click Next. 11. Click Install to start copying files. A progress bar appears. When the files are copied, the InstallShield Completed screen is displayed. 12. Click Finish to continue. Note: When the InstallShield Wizard is finished, it automatically calls the OSB Configuration wizard.
Oracle Database 11g: Oracle Secure Backup C - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup InstallShield Wizard
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Service Startup The Oracle Secure Backup Service Startup dialog box is displayed. 13. Select a mode in which to start the Oracle Secure Backup service. Your choices are: - Automatic: The Oracle Secure Backup service starts automatically when you reboot your host. - Manual: The Oracle Secure Backup service must be started manually by a user who is a member of the Administrators group. - Disabled: The Oracle Secure Backup service is disabled. 14. Click Next to continue. Note: On the Windows operating system, the only daemon that runs as a Windows service is the Oracle Secure Backup service (observiced).
Oracle Database 11g: Oracle Secure Backup C - 7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Service Startup
Copyright © 2009, Oracle. All rights reserved.
Service Logon and SCSI Devices The Service Login dialog box appears. 15. Select one of the following options: - If you plan to run the Oracle Secure Backup service daemon (and associated subordinate daemons) with full privileges, click System Account. - If you plan to run the Oracle Secure Backup service daemon (and associated subordinate daemons) with the privilege set associated with an existing Windows user account, click “This Account” and enter the Windows user account name and password. If you choose this option, ensure that the account you select has enough backup and restore privileges. The required privileges are listed in the Oracle Secure Backup Service Logon dialog box. 16. Click Next. The SCSI Devices pages are displayed. Note the OSB Name, which you need to know, when you manually configure devices. 17. Click Finish to complete the installation. 18. Repeat this installation process for each Windows host in your administrative domain.
Oracle Database 11g: Oracle Secure Backup C - 8
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Service Logon and SCSI Devices
directory
admin • • • •
config history log state
apache • • • • •
bin
device
help
samples
conf htdocs images logs modules
Administrative server
Configuration file
Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Installed Files The Oracle Secure Backup home directory is created on every host where you install Oracle Secure Backup, although the contents of the directory vary depending on the roles you assigned to the host. The illustration in the slide shows the installed directories that are common to an administrative server on any operating system. However, an administrative server configured on a Linux host will have additional directories created. In addition to containing the Oracle Secure Backup directory, each host on which Oracle Secure Backup is installed contains a configuration file. The configuration file is called obconfig.txt in the db subdirectory where you install Oracle Secure Backup on Windows, and it is called obconfig in the /etc directory on UNIX and Linux systems. These directories contain the following types of files: • admin: Administrative and configuration data for the administrative domain, also the backup catalog • apache: Apache Web server files (used by Web tool) • bin: Executables or links to executables • device: Data on the tape drives and libraries that are supported by the Oracle Secure Backup device driver
Oracle Database 11g: Oracle Secure Backup C - 9
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Installed Files
Oracle Database 11g: Oracle Secure Backup C - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Installed Files (continued) • help: Help files (provides data for the help command in obtool) • samples: Sample tools for writing scripts or programs that interact with Oracle Secure Backup Note: The directory structure under the directory is the same for both Windows and UNIX systems. On a Windows host, an Oracle Secure Backup installation also includes the following file objects: • db\xcr\: Transcripts for jobs that ran on this host • temp\: The directory containing observiced and obndmpd log files and temporary files A UNIX or Linux host has the following additional files: • .bin./: Executables for operating_system, where operating_system is a derivative of the operating system name. For example, the directory for Sun Solaris is .bin.solaris. • .drv./: Device drivers for operating_system • etc/: Links that point to the /.wrapper script for each Oracle Secure Backup utility. This script is an architecture-specific executable selection tool for Oracle Secure Backup. • .etc./: Daemons and utility programs for operating_ system • install/: Installation scripts • lib/: Link to the architecture-independent shared library for the SBT interface • .lib./: Shared library for the SBT interface for operating_system, where operating_system is a derivative of the operating system name. For example, the directory for Sun Solaris is .lib.solaris. • man/: Man pages for Oracle Secure Backup components • man/man1: Man pages for Oracle Secure Backup executables • man/man8: Man pages for daemons and maintenance tools • tools./: Maintenance tools • /usr/etc/ob/.hostid: Information used for identifying this host • /usr/etc/ob/xcr/: Transcripts for jobs that ran on this host • /usr/tmp/: Log files for observiced and obndmpd and temporary files • .wrapper: Shell program that selects an executable from a .bin.* or .etc.* directory, based on the computer architecture of the host executing the command. Symbolic links and the architecture-independent .wrapper shell program enable hosts to contain executables for multiple computer architectures.
directory
/usr/local/oracle/backup
.drv.
help
bin
device
Media server
directory
/usr/local/oracle/backup
help
bin
device
Client Copyright © 2009, Oracle. All rights reserved.
Oracle Secure Backup Installed Files (continued) The slide illustrates the directories created for a media server or client. The bin and device subdirectories are created on every machine, regardless of the operating system used. The other directories shown in the slide are created for machines that use the Windows operating system. For a UNIX or Linux host, the following files and directories are installed in addition to the bin and device subdirectories: • Media server: -
.bin./ .drv./ etc/ .etc./ man/ /usr/etc/ob/.hostid /usr/etc/ob/xcr/ /usr/tmp/ .wrapper
Oracle Database 11g: Oracle Secure Backup C - 11
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Installed Files
-
.bin./ etc/ .etc./ man/ /usr/etc/ob/.hostid /usr/etc/ob/xcr/ /usr/tmp/ .wrapper
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup Installed Files (continued) • Client:
Oracle Database 11g: Oracle Secure Backup C - 12
directory
admin • • • •
apache
config history log state
• • • • •
bin
device
help
samples
conf htdocs images logs modules Configuration file
Copyright © 2009, Oracle. All rights reserved.
Installed Files for Host Role: Administrative Server The Oracle Secure Backup home directory is created on every host where you install Oracle Secure Backup, although the contents of the directory vary depending on the roles you assigned to the host. The illustration in the slide shows the installed directories that are common to an administrative server on any operating system. However, an administrative server configured on a Linux host will have additional directories created. In addition to containing the Oracle Secure Backup directory, each host on which Oracle Secure Backup is installed contains a configuration file. The configuration file is called obconfig.txt in the db subdirectory where you install Oracle Secure Backup on Windows, and it is called obconfig in the /etc directory on UNIX and Linux systems. These directories contain the following types of files: • admin: Administrative and configuration data for the administrative domain, also the backup catalog • apache: Apache Web server files (used by Web tool) • bin: Executables or links to executables • device: Data on the tape drives and libraries that are supported by the Oracle Secure Backup device driver
Oracle Database 11g: Oracle Secure Backup C - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Installed Files for Host Role: Administrative Server
Oracle Database 11g: Oracle Secure Backup C - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Installed Files for Host Role: Administrative Server (continued) Oracle Secure Backup Installed Files • help: Help files (provides data for the help command in obtool) • samples: Sample tools for writing scripts or programs that interact with Oracle Secure Backup Note: The directory structure under the directory is the same for both Windows and UNIX systems. On a Windows host, an Oracle Secure Backup installation also includes the following file objects: • db\xcr\: Transcripts for jobs that ran on this host • temp\: The directory containing observiced and obndmpd log files and temporary files A UNIX or Linux host has the following additional files: • .bin./: Executables for operating_system, where operating_system is a derivative of the operating system name. For example, the directory for Sun Solaris is .bin.solaris. • .drv./: Device drivers for operating_system • etc/: Links that point to the /.wrapper script for each Oracle Secure Backup utility. This script is an architecture-specific executable selection tool for Oracle Secure Backup. • .etc./: Daemons and utility programs for operating_ system • install/: Installation scripts • lib/: Link to the architecture-independent shared library for the SBT interface • .lib./: Shared library for the SBT interface for operating_system, where operating_system is a derivative of the operating system name. For example, the directory for Sun Solaris is .lib.solaris. • man/: Man pages for Oracle Secure Backup components • man/man1: Man pages for Oracle Secure Backup executables • man/man8: Man pages for daemons and maintenance tools • tools./: Maintenance tools • /usr/etc/ob/.hostid: Information used for identifying this host • /usr/etc/ob/xcr/: Transcripts for jobs that ran on this host • /usr/tmp/: Log files for observiced and obndmpd and temporary files • .wrapper: Shell program that selects an executable from a .bin.* or .etc.* directory, based on the computer architecture of the host executing the command. Symbolic links and the architecture-independent .wrapper shell program enable hosts to contain executables for multiple computer architectures.
directory
/usr/local/oracle/backup
.drv.
help
bin
device
Copyright © 2009, Oracle. All rights reserved.
Installed Files for Host Role: Media Server The slide illustrates the directories created for a media server or client. The bin and device subdirectories are created on every machine, regardless of the operating system used. The other directories shown in the slide are created for machines that use the Windows operating system. For a UNIX or Linux host, the following files and directories are installed in addition to the bin and device subdirectories: • Media server: -
.bin./ .drv./ etc/ .etc./ man/ /usr/etc/ob/.hostid /usr/etc/ob/xcr/ /usr/tmp/ .wrapper
Oracle Database 11g: Oracle Secure Backup C - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Installed Files for Host Role: Media Server
directory
/usr/local/oracle/backup
help
bin
device
Copyright © 2009, Oracle. All rights reserved.
Installed Files for Host Role: Client The slide illustrates the directories created for a media server or client. The bin and device subdirectories are created on every machine, regardless of the operating system used. The other directories shown in the slide are created for machines that use the Windows operating system. • Client: -
.bin./ etc/ .etc./ man/ /usr/etc/ob/.hostid /usr/etc/ob/xcr/ /usr/tmp/ .wrapper
Oracle Database 11g: Oracle Secure Backup C - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Installed Files for Host Role: Client
Some examples: • View Oracle Secure Backup processes in Linux: ps -e | grep ob •
Use obtool commands to view Oracle Secure Backup users and default media family: ob> lsuser ob> lsmf --long
Copyright © 2009, Oracle. All rights reserved.
Verifying Your Installation In the slide are some examples of how you can verify your installation with obtool commands: ob> lsuser admin admin oracle oracle ob> lsmf --long OSB-CATALOG-MF: Write window: 7 days Keep volume set: 14 days Appendable: yes Volume ID used: unique to this media family Comment: OSB catalog backup media family RMAN-DEFAULT: Keep volume set: content manages reuse Appendable: yes Volume ID used: unique to this media family Comment: Default RMAN backup media family ob> logout Oracle Database 11g: Oracle Secure Backup C - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Verifying Your Installation
Removing Oracle Secure Backup
• •
Have all users log out of Oracle Secure Backup applications. Close all sessions of Web tool. Use the uninstallob script. – You must be logged in as the root user. – Call script from the parent directory of the Oracle Secure Backup home directory.
•
Choose whether you want to save or remove the: – Oracle Secure Backup directory – Administrative directory
Copyright © 2009, Oracle. All rights reserved.
Removing Oracle Secure Backup You can remove Oracle Secure Backup from a client or the administrative server. If you remove Oracle Secure Backup from an administrative server, you are given the option of retaining the administrative directory and its contents. This enables you to safely remove and reinstall the product without deleting your administrative server data. You must be logged in as the root user on UNIX or Linux systems to remove Oracle Secure Backup completely. If you are not logged in as root when you remove the software, you may not have the privileges needed to delete files and shut down the Oracle Secure Backup daemons. Oracle Secure Backup–related processes such as the HTTP processes for Oracle Secure Backup Web tool should be shut down before beginning the uninstallation process. To identify processes for Oracle Secure Backup, you can use the following command: # /bin/ps -ef |grep ob
You can then use kill -9 commands to kill each process in the list associated with Oracle Secure Backup. If you remove Oracle Secure Backup from the local machine, the uninstallob script removes the Oracle Secure Backup home directory when the script completes. For this reason, you should call the uninstallob script from the parent directory of the Oracle Secure Backup home directory. Oracle Database 11g: Oracle Secure Backup C - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
•
Oracle Secure Backup has been successfully removed from .
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Removing Oracle Secure Backup (continued) If you encounter errors when removing the Oracle Secure Backup software, or if the uninstallob script fails to completely remove all the files for Oracle Secure Backup (assuming you did not choose to save any files), correct the problem causing the error if possible, then run the uninstallob script again until you see the following message:
Oracle Database 11g: Oracle Secure Backup C - 19
This appendix provided assistance with the following topics: • Install Oracle Secure Backup on Windows • Locate and describe the Oracle Secure Backup installed files • Verify your UNIX installation • Remove Oracle Secure Backup
Copyright © 2009, Oracle. All rights reserved.
Oracle Database 11g: Oracle Secure Backup C - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Summary
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
________ D
Glossary
________
Oracle Database 11g: Oracle Secure Backup
D-1
administrative server
AIT Apache Web server API Areal Density attachment
authentication type
Definition A group of computers on your network that you manage as a common unit to perform backup and restore operations. A host where you install Oracle Secure Backup. This host stores configuration information and the catalog files for client hosts. There must be one and only one administrative server for each administrative domain at your site. One administrative server can service all clients on your network. The administrative server runs the scheduling daemon, which starts and monitors backups within the administrative domain. Advanced Intelligent Tape, a magnetic tape and drive system used for computer data storage and archiving A public-domain Web server used by the Oracle Secure Backup Web interface tool. application programming interface Important indicator of the performance of the disk and drive that corresponds to the number of magnetic bits per unit area An attachment describes a data path between a host and a storage device. Most often, an attachment comprises the identity of a host plus a UNIX device special file name, a Windows device name, or an NAS device name. A device must have at least one attachment, and often has multiple attachments, one for each host that can directly access it. Defines the way in which Oracle Secure Backup authenticates itself to the NDMP server. Typically, you should use Negotiated as your default setting. Your choices are: • Default • None • Negotiated • Text • Md5
Oracle Database 11g: Oracle Secure Backup
D-2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Term administrative domain
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
backup description file
backup ID backup image
backup image label backup image section
backup job
backup level
backup operation backup piece backup schedule
backup sections backup set
Secondary storage. All addressable data storage that is not currently in the computer’s main storage or memory. A text file you create that is used with command-line interface backup operations. It lists host names and directories that you want to back up. An integer identifier that uniquely identifies a backup image section The product of an Oracle Secure Backup backup operation. Basically it is the list of files that are backed up in one operation. A backup image can contain one or more media families and volume sets. The first block of a backup image. It contains the backup image’s file and section numbers and owner. A portion of a backup image file that exists on a single tape. One backup image can contain multiple sections. Each backup section is uniquely identified by a backup ID. A backup operation that is scheduled to run at a specific time. The time the job is scheduled to run can be either immediately or some time in the future. The level that defines the comprehensiveness of the backup operation. For example, a level 2 backup operation backs up all data changed since the previous level 1 or level 2 backup. A process by which data is copied from primary media to secondary media. A binary file written in a proprietary format by RMAN for storing backup data. One or more backup pieces make up a backup set. A description of when and how often Oracle Secure Backup is to back up one or more datasets. The backup schedule contains the names of each such dataset and the name of the media family to use. Also referred to as archive sections. See backup image section. A collection of Oracle Database data backed up by RMAN.
Oracle Database 11g: Oracle Secure Backup
D-3
Oracle University and (Oracle Corporation) use only.
Auxiliary Storage/ External Storage/
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
backup window barcode
BDF bit
blocking factor
BSP bus byte
CA catalog
CDB CIFS class CLI
See Database Backup Storage Selector. A calendar-based time at which a particular scheduled backup becomes eligible to run Defines a time range within which Oracle Secure Backup executes scheduled backup jobs A symbol code that is physically applied to volumes for identification purposes. Some tape libraries have an automated means to read barcodes, which Oracle Secure Backup supports. See backup description file. The smallest amount of information in a binary digital system that can be used to represent two states of information, such as YES or NO. Specifies how many 512-byte blocks to include in each block of data written to each tape drive. By default, Oracle Secure Backup writes 64 K blocks to tape (blocking factor 128). Because higher blocking factors usually result in better performance, you can try a blocking factor larger than the obtar default. If you pick a value larger than is supported by the operating system of the server, Oracle Secure Backup fails with an error. Backup Solutions Program A collection of wires through which data is transmitted from one part of a computer to another Eight bits of information that can represent 256 different states—for example, numbers, processor instructions, or a combination of letters and numbers as in ASCII code. Certificate Authority A hierarchical collection of files that contains all the information used to define your Oracle Secure Backup administrative domain configuration command descriptor block See Common Internet File System. Defines a set of rights that are granted to an Oracle Backup user command-line interface
Oracle Database 11g: Oracle Secure Backup
D-4
Oracle University and (Oracle Corporation) use only.
Backup Storage Selectors backup trigger
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Common Internet File System daemon
DAFS
DAR DAS DAT data transfer element (DTE)
Data Mover daemon Database Backup Storage Selector
dataset dataset description file DDS
Any computer to be backed up by Oracle Secure Backup, including administrative servers and media servers; also referred to as a host CIFS is a file-sharing protocol, used by Windows clients to access data on a Network Appliance filer. A process on UNIX and Linux that runs in the background and performs an OSB task for an application. Some daemons run continually (for example, observided) and others are started and stopped as required (for example, obrobtd). This is equivalent to a service on a Windows host. Direct Access File System, a new file access protocol designed to take advantage of standard memory-to-memory interconnect technologies See Direct Access Recovery. Direct Attached Storage; those parts of a wide area network in which the mass storage devices are connected locally Digital audio tape; a type of 4-mm tape Secondary storage device within a tape library usually referred to by a number. In libraries that contain multiple drives, each DTE is sequentially numbered, starting with 1. An operating system process that writes the data to tape These objects are configured to represent backup and restore parameters that describe an Oracle database. They act as a glue layer between RMAN, which accesses the database, and the Oracle Secure Backup software, which manages the underlying media. A textual description employing a lightweight language that tells Oracle Secure Backup what files to back up A file that contains the names of the hosts and paths that you want Oracle Secure Backup to back up. Digital data storage; a type of 4-mm tape
Oracle Database 11g: Oracle Secure Backup
D-5
Oracle University and (Oracle Corporation) use only.
client
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
device device driver
Direct Access Recovery (DAR)
direct-attached DLT DMA DMA DNS host name
A set of configuration data that explains how Oracle Secure Backup runs in an administrative domain A tape drive or library identified by a userdefined device name A routine or set of routines that implements the device-specific aspects of generic I/O operations. The operating system handles the device-independent aspects of the I/O operation but calls routines provided by the driver for the device in question to implement the device-specific functions. Every device, whether it is a printer, disk drive, or keyboard, must have a driver program. Most devices have their drivers installed when the device or product that uses it is installed. An optional capability of NDMP that addresses the need to quickly restore a single file from a stream of backup data that might contain millions of individual files. DAR relies on file history information generated at the NAS device during a backup operation. Located on the same host or server; also referred to as local Digital Linear Tape technology; a form of magnetic tape and drive system used for computer data storage and archiving data management agent Direct memory access; a technique that writes data from OSB tape buffers directly to tape. Also known as Linux Direct I/O. Every UNIX system (also known as a host) has a host name, whether it is connected to a network or not. Any system attached to the Internet or any large network conforms to a more rigorous naming convention as part of the Domain Name System (DNS). In DNS, every host name is composed of a host name and domain name. The DNS host name is the host name of the computer (does not include the domain), which is a symbolic name used to reference a particular system.
Oracle Database 11g: Oracle Secure Backup
D-6
Oracle University and (Oracle Corporation) use only.
defaults and policies
encryption
encryption key
EOD EOV
A group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain. The process of using an algorithm to convert data into a form that is unreadable except by the intended recipient, who uses a key to decrypt the message, returning it to its original readable form. Backup data can be encrypted either by RMAN or OSB (never by both). Oracle Secure Backup has three methods to generate encryption keys: Transparent mode: Keys are randomly generated based on the selected encryption algorithm AES128(less secure) to AES 256 (most secure) Passphrase mode: Keys are generated by using a user-defined passphrase. If the encryption keys are no longer available, backups could be decrypted and restored using the passphrase. Transient mode: Keys are generated by using a user-defined passphrase. By default, transient keys are not stored on the administrative because the transient backup is a one-time backup. When the backup data is restored outside the administrative domain, the user must enter the correct passphrase to decrypt and restore the data. When the backup data is restored within the administrative domain, no user entry is required. Oracle Secure Backup can decrypt and restore the data by itself. End-of-data (EOD) label used to mark the end of Oracle Secure Backup operations on tape End-of-volume (EOV) label used to mark the end of a volume within a backup image. This label contains the volume ID of the next volume in the set.
Oracle Database 11g: Oracle Secure Backup
D-7
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
domain
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
expiration date expiration policy expire duration FC
FDDI Fiber Distributed Data Interface
Fibre Channel
A unit of storage equal to 1,024 x 1,024 x 1,024 x gigabytes (just over 1 billion gigabytes) The time the volume set is first written + the write window duration + the retention duration A media family configuration setting that determines when volumes are eligible to be overwritten The amount of time after a backup piece is created during which Oracle Secure Backup cannot overwrite the data Fibre Channel, an interface standard for connecting computers to mass storage devices such as disk drives and tape libraries. See also Fibre Channel. fiber distributed data interface See Fiber Distributed Data Interface. A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits per second). FDDI networks are typically used as backbones for wide area networks. A high performance interface designed to bring speed and flexibility to multiple diskdrive storage systems. A Fibre Channel configuration consists of a backplane, (an external enclosure that houses a printed circuit board (PCB) and multiple drive receptacles) and a Fibre Channel host bus adapter (HBA). The backplane allows direct connection to the drives (no cable), supplies power to the drives, and controls the input and output of data on all drives within the system. Fibre Channel, a one and two gigabit interconnect technology, allows concurrent communications among workstations, mainframes, servers, data storage systems, and other peripherals using SCSI, IP and a wide range of other protocols to meet the needs of the data center. (At the time of course creation, Fibre Channel exists with 1, 2, 4, 8, 10, and 20 GB speeds.)
Oracle Database 11g: Oracle Secure Backup
D-8
Oracle University and (Oracle Corporation) use only.
exabyte
filer
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
firewall full backup
GBIC
Gigabit Ethernet (GbE) gigabyte GUI HBA host host role HTTP
HTTPS
A collection of files backed up by Oracle Secure Backup An appliance attached to a computer network that is used for data storage A system designed to prevent unauthorized access to or from a private network An operation that backs up all the files selected on a client. Files are backed up whether or not they have changed since the last backup. Gigabit Interface Converter; an interface module which converts the light stream from a fibre channel cable into electronic signals for use by a network interface card. This technology can be used for all connections that use a fiber optic cable, which includes the ethernet connection. A term describing various technologies for implementing Ethernet networking at a nominal speed of one gigabit per second A unit of storage, abbreviated as G or GB, equal to 1,024 megabytes graphical user interface Host bus adapter; an interface card that plugs into the computer’s bus and connects it to the network An addressable system in a computer network A class of actions performed by a host. You can have an administrative server, a media server, or a client. Hypertext Transfer Protocol (HTTP); the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is HTTP using a Secure Socket Layer (SSL).
Oracle Database 11g: Oracle Secure Backup
D-9
Oracle University and (Oracle Corporation) use only.
file-system dataset
incremental backup
ISAM
iSCSI
JBOD job summary
job transcript kilobyte label LAN library
Used in tape libraries to move volumes into and out of the library without opening the door. It is sometimes called a mail slot, and is physically present only on certain libraries. Not all libraries have a discrete import-export element. Some libraries do have a media access port, but some require manual action by the operator to open the door and remove a tape from a slot in the library. A process that captures data that was changed since the level N backup operation, where N is the level of comprehensiveness of the backup operation The Indexed Sequential Access Method (ISAM) is a method for managing how a computer accesses records and files stored on a hard disk. While storing data sequentially in a data file, ISAM provides direct access to specific records through an index. The combination of the data file and its associated index file is called a “database.” ISAM is implemented as a C function library. Pronounced “eye-scuzzy,” an acronym for Small Computer System Interface protocol over IP network instead of a direct SCSIcompatible cable. iSCSI enables data blocks to be read from or sent at high speed to a storage device such as a disk or tape drive. Just a Bunch of Disks; a term used for a storage enclosure that is supplied with preintegrated disk drives A text file report produced by Oracle Secure Backup that describes the status of selected file-system backup and restore jobs A file that contains the standard output from a particular backup job A unit of storage, abbreviated as K or KB, equal to 1,024 bytes Data that Oracle Secure Backup uses to identify a volume or a backup image local area network See tape library.
Oracle Database 11g: Oracle Secure Backup
D - 10
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
import-export element (IEE)
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
logical unit number
LTO
LUN magazine media family
media server
medium transport element (MTE) megabyte MMV mount mode
Multi-hosted tape library NAS
An automated backup that does not require user interaction and typically is performed outside of normal working hours An internal mapping identifier used by Oracle Secure Backup for a specific device. LUNs make it possible for a number of devices to share a single SCSI ID. Linear Tape-Open technology, developed jointly by HP, IBM, and Seagate; an “open format” technology, which means that users will have multiple sources of product and media See logical unit number. A collection of tapes or volumes A classification of backup media that share the same volume identification sequence. Each media family identifies the amount of time that data can be written to a tape, and the amount of time the tape can remain in storage before it can be overwritten. A media family can contain one or more volume sets and volumes. A computer with one or more attached tape drives or tape libraries. Backup data is sent to and restored from volumes loaded in these devices. Moves a volume from a storage element to another element within a tape library A unit of storage abbreviated as M or MB; equal to 1,024 x 1,024 or 1,048,576 bytes media management vendor The mode indicates the way in which the scheduling system can use a volume physically loaded into a tape drive. Valid values are read-only, write/append, overwrite, and not-mounted. A library with multiple media servers connected to it See Network Attached Storage.
Oracle Database 11g: Oracle Secure Backup
D - 11
Oracle University and (Oracle Corporation) use only.
lights out backup
NDMP backup type
NDMP Data Service
Network Attached Storage
network description file
network drive Network File System
The Network Data Management Protocol (NDMP) is a network applications protocol facilitating data backup and restore. Layered atop TCP and the Berkeley socket model, NDMP defines a set of related service models, network messages, and finite state automations that implement them. The protocol provides a uniform means to back up and restore data within and between diverse kinds of storage servers, open systems, Wintel platforms, and closed operating system appliances. NDMP is commonly used by NAS devices (also known as filers) to facilitate backup and restore operations without having to install the backup agent (Oracle Backup, for example) on the appliance. The NAS appliance communicates with the backup software using NDMP. The name of a backup method supported by the NDMP Data Service running on a host. Backup types are defined by each Data Service provider. One of three types of NDMP services. The data service interfaces with the primary storage device (such as a NAS device) and interacts with the volume or file system that is being either backed up or restored. A server on your network that hosts file systems. The server exposes the file systems to its clients through one or more standard protocols, most commonly NFS and CIFS. A text file that describes your network configuration and is used to push software across the network to designated systems during installation A hard disk physically attached to a server and accessible over a network A client/server application that enables all network users to access shared files stored on servers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP. Users can manipulate shared files as if they were
Oracle Database 11g: Oracle Secure Backup
D - 12
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
NDMP
NT File System
NTFS object
OCFS offsite backup
operator operator assistance request
Oracle Secure Backup scheduler
Oracle Database 11g: Oracle Secure Backup
D - 13
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
NFS nibble
stored locally on the user’s own hard disk. With NFS, servers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. The NFS standards are publicly available and widely used. See Network File System. A unit of information equal to 4 bits (or half a byte) One of the file systems for the Windows operating system. NTFS has features to improve reliability, such as transaction logs to help restore from disk failures. See NT File System. A data storage type used to store Oracle Secure Backup catalog data. There are user, class, and policy objects that hold attributes and names. Internal names are named with a UUID; external names are user assigned. Oracle Cluster File System A backup that is equivalent to a full (level 0) backup except that Oracle Secure Backup keeps a record of this backup in such a manner that it does not affect the full or incremental backup schedule. This is useful when you want to create a backup image for offsite storage without disturbing your schedule of incremental backups. A person who runs backup operations, manages schedules, swaps tapes, and checks for any errors A request from Oracle Secure Backup that asks for the operator to perform a task, such as mounting a different volume during a backup A daemon that automatically starts backup jobs on the specified day and time
orphan permissions petabyte PHP
ping
PNI Preferred Network Interface
RAC
A user definition, distinct from the name spaces of existing UNIX, Linux, and Windows users, which allows Oracle Secure Backup to maintain a consistent user identity across the various hosts. It also allows Oracle Secure Backup to express a finer granularity of user rights than are possible with existing user definitions. A backup piece that exists in the Oracle Secure Backup catalog but not in the RMAN catalog Operating system file privileges that allow different users to read, write, or execute files A unit of storage equal to 1,024 terabytes, (just over a million gigabytes) Hypertext Preprocessor (PHP) is an open source, server-side HTML scripting language used to create dynamic Web pages. PHP is embedded within tags, so the author can move between HTML and PHP instead of using large amounts of code. Because PHP is executed on the server, the viewer cannot see the code. PHP can perform the same tasks as a CGI program and is compatible with many different kinds of databases. Stands for Packet Internet Grouper. A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. You can use ping hosts to troubleshoot network connections. See Preferred Network Interface. A network can have multiple physical connections between a client and the server. For example, a network can have both Ethernet and FDDI connections between a pair of hosts. Using PNI, you can specify, on a client-by-client basis, which of the server’s network interfaces should be used to transmit data to be backed up or restored. Real Application Clusters
Oracle Database 11g: Oracle Secure Backup
D - 14
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Oracle Secure Backup user
recycling policies recycling volumes restore operation restore operator list
retention duration RMAN RMAN preauthorization
SAIT SAN SBT
schedule SCSI
Originally, an acronym for Redundant Array of Inexpensive Disks to reflect the data accessibility and cost advantages that properly implemented arrays could provide. The acronym has evolved to mean Redundant Array of Independent Disks emphasizing the technique’s potential data availability advantages over conventional disk storage systems. See expiration policy. Overwriting data on volumes generated by Oracle Secure Backup Copies files from the tapes in a backup device to the file system on a designated host A list of operators to whom restore data requests are e-mailed. This list is defined in the obconfig file on the administrative server. See expiration policy. Recovery Manager Used to determine the Oracle Secure Backup user under which a specific RMAN operation, such as backup or restore, is performed. This allows for the use of Oracle Secure Backup without going through the normal Oracle Secure Backup login requirements. Super Advanced Intelligent Tape; a Small Form Factor ½″ tape cartridge See Storage Area Network. System backup to tape; interface between RMAN and storage media. RMAN communicates with Oracle Secure Backup through the SBT interface. A user-defined time period for executing backup operations Pronounced “scuzzy,” an acronym for Small Computer System Interface. A parallel I/O bus and protocol that permits the connection of a variety of peripherals to host computers with independence within a class of devices (such as disk drives and backup devices). Connection to the SCSI bus is achieved through a host adapter and a peripheral controller. Linux has a four-
Oracle Database 11g: Oracle Secure Backup
D - 15
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
RAID
SCSI target ID
SDLT/SuperDLT section number Secure Sockets Layer (SSL)
sequence number
Oracle Database 11g: Oracle Secure Backup
D - 16
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
SCSI LUN number
level hierarchical addressing scheme for SCSI devices: • SCSI adapter number [host] • Channel number [bus] • ID number [target] • Logical unit number [LUN] Each SCSI bus can have multiple SCSI devices connected to it. In SCSI parlance, the host bus adapter is called the “initiator” and takes up one SCSI target ID number (typically 7). The initiator talks to targets, which are commonly known as SCSI devices. Each SCSI device can contain multiple Logical Unit Numbers (LUNs). The value used to identify a logical unit of a SCSI device. In the SCSI-2 specification, there may be up to eight logical units for each SCSI device address. These logical units are numbered from 0 through 7. The unique address of a SCSI device. An 8-bit SCSI can have up to eight IDs; 16-bit up to sixteen IDs; and 32-bit up to 32 IDs. There must be a minimum of one target and one initiator on the bus. SCSI target IDs range from 0 to 7 for 8-bit, 0 to 15 for 16-bit and 0 to 31 for 32-bit systems. Super Digital Linear Tape technology; a variant of DLT technology A number that is recorded in the volume label to indicate the order of the parts of a backup image that spans multiple volumes An application layer protocol created by Netscape for managing the security of message transmissions in a network. SSL uses the public-and-private key encryption system from RSA (a public key algorithm, named after its inventors: Rivest, Shamir, and Adleman), which also includes the use of a digital certificate. A number that is recorded in the volume label to indicate the order of volumes in a volume set
services daemon single-hosted tape library SNIA
storage consolidation SSL Storage Area Network
storage element (se) storage selector tape
tape file mark
A process on Windows that runs in the background and performs a task for an application. Some services run continually, and others are started and stopped as required. The observiced daemon. It ensures that tape resources are available and reserves them for the backup job. A tape library with only one media server directly attached to it Storage Networking Industry Association; a non-profit trade organization, incorporated in December 1997, whose members are dedicated to “ensuring that storage networks become complete and trusted solutions across the IT community” The concept of centralizing and sharing storage resources among many application servers See Secure Sockets Layer (SSL). A high-speed subnetwork of shared storage devices or servers that contains disks for storing data. A SAN storage architecture allows remote servers access to shared tape devices. These shared devices appear locally attached to each SAN server. A physical location within a tape library where a volume can be stored and retrieved by a tape library’s robotic mechanism See Database Backup Storage Selector. A data storage medium consisting of a magnetizable oxide coating on a thin plastic strip, commonly used for backup and archiving. Popular for its ability to store large amounts of data, and for its portability. Tapes are also referred to as removable media, or secondary storage. A marker written to tape by Oracle Secure Backup that signals the end of a backup image
Oracle Database 11g: Oracle Secure Backup
D - 17
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
service
TCP/IP
terabyte trigger URL UUID virtualization
volume volume expiration time
An automated tape-handling hardware device that invariably house two or more drives and from 10s to 100s of tapes. A library accepts SCSI commands to move media between storage locations and drives. Tape libraries are designed for continuous, unattended operation and allow simultaneous reading and writing to multiple drives. Tape libraries also offer key features such as barcode readers to scan labels on cartridges, and an I/O port for importing and exporting individual tapes under application control. It is also referred to as a robotic tape device, autochanger, or medium changer. Transmission Control Protocol/Internet Protocol. It is the suite of protocols used to connect hosts for transmitting data over networks. A unit of storage, abbreviated as T or TB; equal to 1,024 gigabytes A user-defined period in time or sets of times that causes a scheduled backup to run The Uniform Resource Locator, the address of a resource available on the Internet Universal Unique Identifier; used for tagging objects across a network The pooling of physical storage from multiple network storage devices into what appears to be a single storage device that is managed from a central console. A single unit of media such as an 8-mm tape. A volume can contain one or more backup images. The date and time on which a volume expires. Oracle Secure Backup computes this by adding the write window duration, if any, to the time at which it wrote backup image file number 1 to a volume, then adding the volume retention period.
Oracle Database 11g: Oracle Secure Backup
D - 18
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
tape library
volume label
volume sequence file volume set volume set expiration time
volume tag
WAN
A label that uniquely identifies the volume and includes the backup image’s file number and additional information, if the backup image is contained on a multivolume set. Oracle Secure Backup begins each backup image with a label that uniquely identifies the backup image. Volume IDs appear in volume labels and backup image labels. For example, VOL000001 appears in the volume sequence file. The first block of the first backup image on a volume. It contains the volume ID, owner name, and date and time for the volume creation. A file that contains a unique volume ID to assign when labeling a volume The volumes that comprise a backup image The date and time on which a volume set expires, computed by adding the write window duration, if any, to the time at which the first backup image file was written to the volume set, then adding the volume set retention period A field that is commonly used to hold the barcode identifier for the volume. Each Oracle Secure Backup volume has an associated field called a volume tag. It is another name for the barcode that can be found in the volume label. Wide area network, a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local area networks (LANs). Computers connected to a wide area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.
Oracle Database 11g: Oracle Secure Backup
D - 19
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
volume ID
WORM
write date
write-protect
write window
A unique identifier for devices on a Storage Area Network (SAN), similar to a media access control (MAC) address for devices connected via Ethernet. WWNs consist of 16 hexadecimal digits grouped as 8 pairs. These are written with colon characters separating each pair. The format of the WWN is defined by the Institute of Electrical and Electronics Engineers (IEEE). It is also referred to as a WWPN (Worldwide Port Name) or WWNN (Worldwide Node Name). Write Once Read Many times; a class of optical recording systems that allow recording and adding data but not altering recorded data Defines the period of time, starting from the volume’s first data write operation, during which updates to the volume are allowed To mark a file or media so that its contents cannot be modified or deleted. Writeprotected files and media can only be read; you cannot write to them, edit them, append data to them, or delete them. The period of time for which a volume set remains open for updates, usually by appending additional backup images. The write window opens at the time the volume set is created, and closes after this specified period has elapsed. After the write window closes, Oracle Secure Backup does not allow any further updates to the volume set until it expires, or until it is relabeled, reused, unlabeled, or forcibly overwritten.
Oracle Database 11g: Oracle Secure Backup
D - 20
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
World Wide Names (WWNs)
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
Index
administrative domain 1-7, 1-9, 1-11, 1-12, 1-17, 1-21, 2-2, 2-3, 2-4, 2-14, 2-23, 3-3, 3-5, 3-6, 3-7, 3-8, 3-16, 3-17, 3-21, 4-7, 4-8, 4-9, 4-15, 6-4, 7-3, 8-3, 8-7, 8-11, 9-3, 9-4, 9-8, 9-10, 9-28, B-14, C-3, C-8, C-9, C-13 administrator i-7, 10-14, 1-2, 2-13, 2-18, 3-5, 3-6, 3-7, 3-18, 3-27, 4-16, 6-8, 6-12, 6-15, 7-10, 9-5, 9-6, 9-14, B-5, C-7 Apache Web server 1-8, 8-4, C-9, C-13 attachment 1-11, 1-17, 1-18, 2-4, 6-18, 9-9, 9-12, 9-22 authentication 1-21, 3-2, 3-3, 3-16, 3-17, 3-18, 3-23, 3-25, 3-34, 9-7, B-12 authentication type 9-7 B backup ID 3-5, 9-9 backup image 1-13, 1-14, 3-5, 3-6, 4-20, 7-3, 7-5, 7-11, 8-8, 9-15, B-15 backup job 2-18, 3-8, 3-27, 3-31, 4-6, 5-7, 5-8, 5-9, 5-14, 6-3, 6-4, 6-11, 6-13, 6-14, 6-17, 6-18, 7-12, 9-16, B-14, B-15, B-16, B-17, B-22, B-23 backup level 1-16, 1-20, 4-14, 6-3, 6-14, 6-17 backup operation 1-13, 1-19, 2-18, 3-8, 3-9, 3-10, 4-13, 6-4, 6-12, 8-4, 8-7, B-5, B-15 backup piece 1-14, 1-22, 4-5, 4-18, 4-19, 4-20, 5-10, 5-11, 8-9, B-9, B-15, B-24 backup schedule 10-19, 11-13, 1-20, 6-3, 6-13, 6-14, 6-15, 6-22, 9-16, B-16 backup section 1-13, 4-8, 4-15, 8-8, 8-9, 9-14, 9-15 backup set 1-14, 1-20, 2-16, 4-12, 4-14, 4-15, 4-16, 4-19, 5-10, B-4, B-5, B-8, C-3 Backup Storage Selector 4-2, 4-6, 4-12, 4-13, 4-14, 4-15, 4-25, 4-26 backup trigger 6-12, 6-14, 6-15, 6-16, 6-22 backup window 1-4, 2-18, 3-5, 6-4, 6-11, 6-12, 6-22 barcode 1-17
Oracle Database 11g: Oracle Secure Backup Index - 2
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
A
B bus 12-4, 1-4, 2-11, 3-9, 3-11 catalog i-3, 10-11, 10-16, 11-12, 11-16, 1-7, 1-8, 1-9, 1-12, 1-14, 2-19, 3-3, 3-4, 3-5, 3-28, 4-6, 4-16, 4-18, 4-20, 5-7, 5-10, 5-11, 6-16, 7-2, 7-3, 7-4, 7-5, 7-7, 7-8, 7-9, 7-10, 7-11, 7-12, 7-15, 7-16, 8-2, 8-3, 8-4, 8-7, 8-9, 8-10, 8-11, 8-12, 8-13, 8-15, 8-16, 8-17, 9-17, B-14, C-9, C-13, C-17 Certificate Authority 3-16, 3-17, 3-19, 3-20 channel 12-5, 12-8, 12-11, 12-12, 12-16, 12-17, 1-18, 2-4, 3-11, 3-16, 3-17, 4-10, 5-12, 8-4, 9-9, 9-10, B-24, B-25 class i-4, i-8, 11-6, 1-13, 1-16, 1-19, 1-21, 2-11, 2-13, 3-3, 3-4, 3-5, 3-6, 3-7, 3-9, 3-11, 3-12, 3-15, 4-15, 8-7, 9-6, B-19, C-5 D daemon 1-8, 2-11, 2-14, 3-21, 3-22, 8-3, 8-4, 8-5, 8-6, 8-7, 8-9, 8-10, B-13, B-21, B-22, C-7, C-8, C-10, C-14, C-18 DAS 6-6, 8-11 data set 5-8, B-15 data transfer element 9-9 dataset 10-19, 11-13, 1-20, 3-5, 6-2, 6-4, 6-6, 6-7, 6-8, 6-9, 6-10, 6-13, 6-17, 6-19, 6-22, 6-23, 6-25, 6-26, 8-12, 8-13, 9-16, 9-23, B-14, B-15, B-16, B-17 direct memory 12-10 DMA 12-9, 12-10, 12-12, 8-7, B-23 DNS 2-3, 9-4 driver 12-6, 12-10, 2-4, 2-15, C-3, C-9, C-10, C-13, C-14 DTE 4-15, 9-8, 9-9 duplicate 10-6, 11-4, 11-6, 11-9, 11-12, 1-12, 3-28 duplication i-3, i-4, 10-6, 10-9, 11-1, 11-2, 11-3, 11-4, 11-5, 11-6, 11-7, 11-8, 11-9, 11-10, 11-11, 11-12, 11-13, 11-14, 11-15, 11-16, B-14
Oracle Database 11g: Oracle Secure Backup Index - 3
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
C
encryption i-6, 12-4, 1-6, 1-10, 1-21, 1-26, 2-13, 2-16, 3-2, 3-3, 3-16, 3-17, 3-18, 3-21, 3-23, 3-24, 3-25, 3-26, 3-27, 3-28, 3-29, 3-30, 3-31, 3-32, 3-33, 3-34, 3-35, 5-5, 6-16, B-3, B-4, B-5, B-6, B-7, B-8, B-11, B-12, B-13, B-14, B-25, C-5 expiration 10-8, 10-10, 1-16, 4-2, 4-17, 4-18, 4-20, 4-25, 6-5, 6-14, 6-17 expiration policy 1-16 F fiber 12-3, 12-5, 12-16 fibre 12-5, 12-6, 1-11, 1-17, 1-18, 2-4, 9-9, 9-10 firewall C-3 full backup 1-20, 6-3 H host role 1-7, 2-3, C-13, C-14, C-15, C-16 http i-8, 1-2, 1-8, 2-2, 2-17, 8-4, C-18 https 2-17 I incremental 1-3, 1-16, 1-20, 2-18, 4-13, 4-14, 4-22, 5-3, 6-3, 6-14, 6-24, 7-11 J job log 5-8, B-15 job summary 2-14, 5-8, 8-12, B-23, C-6 L library 10-3, 10-4, 10-11, 10-15, 11-5, 12-6, 12-14, 1-5, 1-7, 1-9, 1-15, 1-17, 1-18, 1-19, 2-3, 4-10, 4-17, 4-19, 8-4, 9-8, 9-9, 9-11, 9-12, 9-22, 9-26, B-25, C-10, C-14 LUN 12-6 M media family 10-4, 10-5, 10-8, 10-9, 10-10, 10-16, 10-19, 11-4, 11-5, 11-6, 11-7, 11-9, 11-10, 11-12, 11-13, 11-16, 1-13, 1-15, 1-16, 2-19, 4-13, 4-14, 4-16, 4-17, 4-19, 4-23, 6-5, 6-14, 6-18, 8-12, 9-14, 9-16, C-17 media movement 10-4, 10-8, 10-11, 10-13, 10-14, 10-15, 10-16, 10-17, 10-18, 10-20, 10-23, B-14
Oracle Database 11g: Oracle Secure Backup Index - 4
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
E
N NAS 12-3, 1-4, 1-9, 1-17, 1-26, 2-2, 2-3, 2-4, 2-20, 3-23, 3-29, 6-3, 7-11, 9-6, 9-10, 9-19 NDMP 12-3, 1-21, 2-3, 2-4, 3-8, 3-16, 6-7, 7-11, 8-3, 8-4, 8-7, 9-3, 9-5, 9-6, 9-7, 9-8, 9-10, 9-20, 9-21, 9-24, 9-25, C-10, C-14 network i-8, 12-9, 1-3, 1-7, 1-9, 1-11, 1-17, 1-19, 1-21, 2-3, 2-4, 2-6, 2-11, 2-12, 3-16, 3-23, 3-29, 6-3, 9-4, 9-5, 9-6, 9-8, 9-9, 9-10, B-3, B-25 network attached storage 2-3, 2-4 network file system 1-3 O offsite 10-3, 10-4, 10-6, 10-8, 11-4, 11-5, 11-12, 11-16, 1-5, 1-10, 3-24, 5-12, 6-3, 6-14, 6-17 onsite 10-17, 11-4, 11-5, 3-24 operator 10-3, 10-4, 10-11, 10-14, 10-16, 11-12, 3-4, 3-6, 5-8, B-14, B-15 P passphrase 3-25, 3-26, 3-27, 3-28, 3-29, 3-31, 3-32, 3-33 permission 3-4, 3-9, 3-10, 3-15, 7-4 ping 10-4, 10-8, 10-15, 1-21 preauthorization 1-21, 3-9, 3-11, 3-12, 3-35, 4-10, 8-4 preauthorize 1-21, 3-2, 3-11, 3-12, 3-15, 3-34, 4-10 R RAID 12-4, 12-6 recycle 10-3, 10-4, 10-6, 10-8, 11-5 retention 10-3, 10-9, 11-3, 11-4, 11-5, 11-9, 1-16, 4-5, 4-16, 4-17, 4-18, 4-24
Oracle Database 11g: Oracle Secure Backup Index - 5
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
M media server 12-10, 12-14, 1-5, 1-7, 1-8, 1-9, 1-11, 1-25, 2-3, 2-4, 2-6, 2-7, 2-10, 2-12, 2-21, 2-22, 2-24, 3-19, 3-23, 4-7, 4-9, 8-3, 8-4, 8-14, 9-2, 9-4, 9-5, 9-6, 9-7, 9-9, 9-22, 9-24, 9-27, B-25, C-3, C-4, C-11, C-15, C-16
SBT 12-9, 12-16, 1-12, 1-26, 3-6, 3-11, 4-10, 4-13, 5-9, 5-15, 8-4, 8-9, B-24, B-25, C-10, C-14 SCSI 12-10, 1-3, 1-9, 1-17, 2-3, 2-4, 8-13, 9-9, 9-10, C-8 SSL 11-6, 1-6, 1-19, 1-21, 3-16, 3-17, 3-18, 3-19, 3-24, 3-29, 7-9, B-3, B-12 T tape device 10-8, 11-6, 12-11, 1-3, 1-9, 1-11, 1-19, 2-2, 2-3, 2-4, 3-23, 3-29, 4-7, 5-5, 7-4, 8-13, 9-2, 9-10, 9-11, 9-24, 9-27, B-12, B-25, C-3 tape library 10-3, 10-15, 12-14, 1-7, 1-17, 1-18, 1-19, 2-3, 8-4, 9-9, 9-11, 9-12, 9-26, B-25 tape volume 10-4, 10-18, 9-11, B-14 transcript 10-13, 3-5, 3-6, 5-8, 5-9, 6-19, 6-20, 7-10, 8-3, 8-13, 9-16, B-2, B-14, B-15, B-18, B-19, B-20, B-24, C-10, C-14 transient 3-27, 3-28, 3-31 transparent 12-3, 1-11, 3-9, 3-25, 3-26, 3-33, 5-13, B-3, B-4, B-5, B-6, B-8 trigger 10-12, 11-11, 6-4, 6-12, 6-14, 6-15, 6-16, 6-22, 8-12, B-14 V virtual 11-6, 1-10, 1-19, 2-24 volume set 10-10, 1-13, 1-15, 1-16, 3-27, 3-31, 4-17, 4-19, 6-5, 8-13, C-17 W wallet 1-6, 3-17, 3-19, 3-20, 3-21, 3-22, 3-26, 3-27, 3-29, 3-30, B-4, B-5, B-8, B-11, B-12, B-13, C-5 write window 10-4, 10-8, 10-10, 11-5, 1-16, 4-17, 6-5, C-17
Oracle Database 11g: Oracle Secure Backup Index - 6
Oracle University and (Oracle Corporation) use only.
These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.
S
View more...
Comments