CHAPTER 20 Oracle Secure Backup Introduction to Oracle Secure Backup • Backing up to tape is often a business requirement. • To this end, Oracle provides a centralized tape backup solution, Oracle Secure Backup (OSB). • This tool is a full-feature enterprise backup management system that automates the tape backup and restore of operating system files. • OSB can also be configured as a media management layer with RMAN. OSB Editions • Oracle Secure Backup Express • Oracle Secure Backup OSB Features • Backup and restore of database files in a Real Application • • • • • • • • Clusters (RAC) environments Integrated with Oracle Enterprise Manager Grid Control (with Oracle Database 10g Release 2 or higher) Supports multiple tape drives Encrypted tape backups Fibre-attached device support Fast backup compression (with Oracle Database 11g Release 1 or higher) RMAN medium level compression (with Oracle Database 11g Release 2 or higher) Networked backup of distributed hosts and tape devices Automated cartridge system library software (ACSLS) and automated rotation of tapes between multiple locations (vaulting) OSB Administrative Domain and Servers • An administrative domain is collection of servers (hosts) that you manage as a single group for backup and restore operations. • Within an OSB administrative domain, each server can be assigned one or more of the following roles: • Administrative (admin) server • Media server • Client server (or client host) OSB Interfaces There are four tools you can use to run and manage OSB backup and restore tasks: • Enterprise Manager database control and grid control • Oracle Secure Backup Web tool • Oracle Secure Backup command line tool (obtool) • Recover Manager command line tool (rman) OSB Users and Classes • An Oracle Secure Backup user is an account defined • • • • within an OSB administrative domain. These users are separate from operating system users. OSB user information is stored in the OSB administrative domain server. You are required to enter a username and password when accessing OSB through its interfaces such as obtool or OSB Web tool. An OSB class is a set of privileges and rights granted to a user. Each user can be assigned to only one OSB class. OSB classes help maintain a consistent user experience across all servers in an administrative domain. OSB Daemons • Schedule daemon runs only on the administrative server and • • • • • • manages the scheduled backups. Index daemon runs only on the administrative server and manages the backup catalog for each client. Apache web server daemon runs only on the administrative server and services the OSB web tool. Service Daemon runs on the administrative, media, and client servers. On the administrative server, it runs jobs as requested by the schedule daemon. When running on the media or client server, it allows for remote administration of the host. Network data management protocol (NDMP) daemon runs on the administrative, media, and client servers; it provides data communication between servers in the administrative domain. Robot Daemon runs only on the media server and helps manage communication to tape devices. Proxy Daemon runs only on the client server and verifies user access for SBT backup and restore operations. Download and Installation To perform the OSB installation, you must logon as root. If the uncompress utility is not available, create a link. Go to the staging directory, and unzip the zip file that you downloaded from OTN. 4. If the OSB home directory does not exist, create the directory. 5. Go to the OSB home directory and run the setup script. 6. Since you are not modifying the obparameters file, accept the default parameters by pressing the Enter key. 7. Press the Enter key to proceed with running the installob. 8. Press Enter to proceed with the OSB installation. 9. If OSB is already installed and you are performing an OSB upgrade, enter yes to retain the previous configuration. 10. Press Enter to accept the default value a, which is to configure the server as the administrative server, media server, and client. 11. Enter the password twice for the admin user. 12. Enter the email address for the admin user. 1. 2. 3. Command-line Access to OSB • obtool is the utility that provides command line access to OSB $ obtool $ obtool -u apress_oracle ob> id ob> help topics Configuring Users and Classes • When OSB is installed, the default user account created is named admin, which has all of the privileges relating to OSB. For security reasons, create separate OSB user accounts to access the different environments, such as production, test, and development. • Also, assign specific classes (or roles) to these users, such as admin, operator, oracle, user, and reader. Monitor them to limit their rights to modify OSB administrative domain configurations and perform backup and restore operations. • Limiting rights ensures that a particular OSB user can back up the test database, but has no rights to, say, restore the production database. Configuring Media Families • The media family classifies and defines the characteristics of the tape volume, such as the volume ID, volume expiration, and write window. • The volume ID, which is used by OSB to uniquely identify the tape volume, consists of the name of the media family affixed with a six-digit sequence number generated by OSB. • For example, if the name of the media family is APRESS_BACKUP, then the first volume ID is APRESS_BACKUP-000001, the second is APRESS_BACKUP-000002, and so on. Configuring Database Backup Storage Selector • The default media family for RMAN backup is RMAN- DEFAULT. • To use a different media family when running RMAN backup, create a database backup storage selector using the mkssel command. Database Backup • There are two ways to configure RMAN for a backup to tape: • Allocating a channel • Configuring a channel RMAN> configure channel device type sbt_tape parms 'ENV=(OB_MEDIA_FAMILY=APRESS_RMAN)'; RMAN> backup device type sbt_tape database; Database Restore • For RMAN restore and recover, you have to allocate an RMAN channel for SBT_TAPE. In the following example, the RMAN channel for SBT_TAPE is allocated inside the run{} block: • RMAN> run { allocate channel t1 type sbt_tape; restore database; recover database; } Configuring Backup Windows • The backup window defines the range of time the scheduled backups are allowed to run. • The default backup window is daily 00:00 to 24:00. If there is no backup window defined, the scheduled backups are not going to run at all. • For production servers, you may want the backups to run daily only between 1 a.m. and 5 a.m. when there is minimal database traffic. Configuring Backup Schedules and Triggers • The backup schedule defines what data to backup, where to store the backup, and how the backup runs, while the triggers define when a backup is scheduled to run. • For what data to backup, set the specific datasets. • For where to store the backup, set the specific tape drives. • If no specific tape drive is selected, then any available tape drive will be used. Listing Jobs • To display the jobs that are still running, issue lsjob command with the --active or -a option. • For other job states, use --complete or -c option for completed jobs, --pending or -p for pending jobs, -inputrequest or -i for jobs currently requesting input, and -all or -A to display all jobs regardless of the job state. • For example, to list active jobs: ob> lsjob --active Summary • Many business environments require that database backups be stored on tape. • OSB is an Oracle product that provides the functionality to backup files to tape. • OSB can be integrated with RMAN to enable backups of database files directly to tape.