Related Manuals for Oracle Secure Backup
Summary of Contents for Oracle Secure Backup
- Page 1 Oracle® Secure Backup Installation and Configuration Guide Release 10.3 E12835-06 December 2010 How to install, uninstall, and manage hardware and network configuration in Oracle Secure Backup...
- Page 2 If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
-
Page 3: Table Of Contents
Installing Oracle Secure Backup on Linux or UNIX Overview of Oracle Secure Backup Linux and UNIX Installation..........2-1 Prerequisites for Installing Oracle Secure Backup on Linux and UNIX........2-2 Prerequisites for Installation on Linux.................... 2-2 Required SCSI Tape Device Parameters on Linux and UNIX ............. 2-3... - Page 4 Extracting Oracle Secure Backup from OTN Download on Linux or UNIX ........ 2-4 Preparing to Install Oracle Secure Backup on Linux and UNIX............. 2-5 Creating the Oracle Secure Backup Home ..................2-5 Loading Oracle Secure Backup Software on Linux or UNIX Using setup Script......2-6 Configuring Installation Parameters in the obparameters File............
- Page 5 Displaying Help for Invoking obtool ................... 4-11 Starting obtool in Interactive Mode....................4-11 Running obtool Commands in Interactive Mode............... 4-12 Redirecting obtool Input from Text Files ................4-12 Executing obtool Commands in Noninteractive Mode............. 4-12 Running Multiple Commands in Noninteractive Mode............ 4-12 Redirecting Input in Noninteractive Mode................
- Page 6 Exporting Signed Certificates......................6-21 Importing Signed Certificates ....................... 6-21 Oracle Secure Backup Directories and Files Oracle Secure Backup Home Directory ....................A-1 Administrative Server Directories and Files..................A-1 Media Server Directories and Files...................... A-4 Client Host Directories and Files ......................A-5 B Oracle Secure Backup obparameters Installation Parameters customized obparameters ........................
- Page 7 ............................ B-5 run obopenssl............................B-6 Determining Linux SCSI Parameters Determining SCSI Device Parameters on Linux................C-1 D Oracle Secure Backup and ACSLS About ACSLS ............................D-1 ACSLS and Oracle Secure Backup....................... D-2 Communicating with ACSLS........................ D-3 Drive Association ............................ D-3 Volume Loading and Unloading ......................
- Page 8 viii...
-
Page 9: Preface
Oracle Secure Backup software. These administrators might also perform backup and restore operations. To use this document, you must be familiar with the operating system environment on which you plan to use Oracle Secure Backup. To perform Oracle database backup and restore operations, you should also be familiar with Recovery Manager concepts. -
Page 10: Related Documents
Related Documents For more information about backing up and restoring file systems with Oracle Secure Backup, see the following Oracle resources: Oracle Secure Backup Migration Guide ■ This book explains how to migrate from Reliaty Backup to Oracle Secure Backup. -
Page 11: Introduction To Oracle Secure Backup
Oracle Secure Backup supports Internet Protocol v4 (IPv4), Internet Protocol v6 (IPv6), and mixed IPv4/IPv6 environments on all platforms that support IPv6. Using Oracle Secure Backup on your network enables you to take data from a networked host running Oracle Secure Backup or a... -
Page 12: Oracle Secure Backup Concepts
Oracle Secure Backup. Client ■ client role is assigned to any host that has access to file-system or database data that can be backed up or restored by Oracle Secure Backup. Any host where 1-2 Oracle Secure Backup Installation and Configuration Guide... -
Page 13: Host Naming In An Administrative Domain
You must assign each host in an administrative domain a unique name to be used in Oracle Secure Backup operations. Typically, the host name in your DNS for this host is a good choice for the Oracle Secure Backup host name. However, you can assign a different name to a host. -
Page 14: Oracle Secure Backup Administrative Domain: Examples
One client based on UNIX and another based on Windows contain databases and other file data. Oracle Secure Backup can back up to tape the non-database files on file systems accessible on client hosts. RMAN can back up to tape database files through the Oracle Secure Backup interface. -
Page 15: Tape Devices
When configuring tape devices, the basic task is to inform Oracle Secure Backup about the existence of a tape device and then specify which media server can communicate with this tape device. - Page 16 When Oracle Secure Backup starts a backup, it decides what block size to use based on several factors. Listed in order of precedence, these factors are: Blocking factor specified using the obtar -b option ■...
-
Page 17: Tape Libraries
Because issuing a read for a too-small block would result in an error condition and a tape reposition, Oracle Secure Backup always starts a restore operation by reading the largest possible block size. This is either the current setting of the media/maxblockingfactor policy or the tape drive configuration attribute. - Page 18 Oracle Secure Backup checks for cleaning requirements when a tape is loaded into or unloaded from a tape drive. If cleaning is required, then Oracle Secure Backup loads a cleaning cartridge, waits for the cleaning cycle to complete, replaces the cleaning cartridge in its original storage element, and continues with the requested load or unload.
-
Page 19: Virtual Tape Libraries
Because the library itself is not opened during this procedure, no re-inventory is required. Many of the Oracle Secure Backup tape library commands require you to specify one or more tape library elements, in particular, storage elements and import/export elements. -
Page 20: Device Names And Attachments
Oracle Secure Backup distinguishes a tape device and the means by which the tape device connects to a host. To be usable by Oracle Secure Backup, each tape device must have at least one attachment, which describes a data path between a host and the tape device. -
Page 21: System Requirements For Oracle Secure Backup
Linux Media Server System Requirement: SCSI Generic Driver ■ Disk Space Requirements for Oracle Secure Backup When you install Oracle Secure Backup on Linux or UNIX, you load an install package for a particular operating system and perform the installation with the install package. Table 1–1 describes approximate disk space requirements. -
Page 22: Other System Requirements For Oracle Secure Backup
IP address. Most systems use DNS, NIS, WINS, or a local hosts file to do this. Oracle Secure Backup does not require a specific mechanism. Oracle Secure Backup only requires that, upon presenting the underlying system software with an IP address you have configured, it obtains an IP address corresponding to that name. -
Page 23: Installation And Configuration Overview
Appendix C, "Determining Linux SCSI Parameters". Create Oracle Secure Backup clients. Install Oracle Secure Backup software on each host with data to be backed up. Configure the Oracle Secure Backup administrative domain. Introduction to Oracle Secure Backup 1-13... -
Page 24: About Upgrade Installations
On both Linux and Solaris administrative servers, it is also necessary to stop the Oracle Secure Backup Web tool processes and Oracle Secure Backup httpd daemon processes. Use the ps command to confirm that all the Oracle Secure Backup processes are stopped:... - Page 25 About Upgrade Installations Use the kill -9 command to stop each process. On Windows hosts, you must stop the Oracle Secure Backup service: Open the Services applet. Right-click the Oracle Secure Backup Services service. Select Stop. Introduction to Oracle Secure Backup 1-15...
- Page 26 About Upgrade Installations 1-16 Oracle Secure Backup Installation and Configuration Guide...
-
Page 27: Installing Oracle Secure Backup On Linux Or Unix
Uninstalling Oracle Secure Backup on Linux or UNIX ■ Overview of Oracle Secure Backup Linux and UNIX Installation There are three steps to installing Oracle Secure Backup on a Linux or UNIX host: Loading Files required for installing Oracle Secure Backup are staged on the... -
Page 28: Prerequisites For Installing Oracle Secure Backup On Linux And Unix
Oracle Secure Backup to access tape devices. Creating attach points on each media server This step is required for the Oracle Secure Backup device driver to access tape devices. You need the SCSI device parameters to perform this task. -
Page 29: Required Scsi Tape Device Parameters On Linux And Unix
Assigning Oracle Secure Backup Logical Unit Numbers to Devices Each tape drive and tape library must be assigned an Oracle Secure Backup LUN during the configuration process. This number is used to generate unique device names during device configuration. Oracle Secure Backup logical unit numbers are assigned as needed automatically on Windows. -
Page 30: Extracting Oracle Secure Backup From Otn Download On Linux Or Unix
Create a directory called osbdownload on a file system with enough free space to hold the downloaded installation file: mkdir /tmp/osbdownload Open a Web browser and go to the Oracle Secure Backup Web site on Oracle Technology Network (OTN): http://www.oracle.com/technology/products/secure-backup Click Free Download. -
Page 31: Preparing To Install Oracle Secure Backup On Linux And Unix
Creating the Oracle Secure Backup Home You now have all of the files required to install Oracle Secure Backup release 10.3. Preparing to Install Oracle Secure Backup on Linux and UNIX Perform the following actions before installing Oracle Secure Backup: Select hosts for the administrative server, media server, and client roles, as ■... -
Page 32: Loading Oracle Secure Backup Software On Linux Or Unix Using Setup Script
The setup script performs the loading process, in which packages of files required to install Oracle Secure Backup are extracted from the installation media and staged in the Oracle Secure Backup home for later use by the installob installation script. -
Page 33: Configuring Installation Parameters In The Obparameters File
Configuring Installation Parameters in the obparameters File The setup script creates a file called obparameters in the install subdirectory of the Oracle Secure Backup home. For example, if the Oracle Secure Backup home is in the default location /usr/local/oracle/backup, then the obparameters file is located at /usr/local/oracle/backup/install/. -
Page 34: Installing Oracle Secure Backup On Linux Or Unix With Installob
2-18. Start the installob script. The Oracle Secure Backup setup script ends by asking to start the installation process using the installob script. If you enter yes to this question, then the setup script runs the installob script for you. - Page 35 The installob script prompts for a password for the keystore and then prompts you to re-enter the password. Oracle recommends that you choose a password of at least 8 characters in length that contains a mixture of alphabetic and numeric characters.
- Page 36 It is a security vulnerability. The recommended procedure is to have the user be prompted for the password. Enter an e-mail address for notifications. The installob script asks for an e-mail address to which Oracle Secure Backup sends notifications. The default from address for e-mails generated by Oracle...
- Page 37 Target ID SCSI LUN Do not confuse the Oracle Secure Backup logical unit number with the SCSI LUN. In Linux, SCSI bus addresses are referred to as channels. Enter each parameter value in response to the prompts from the installob script.
-
Page 38: Installing Or Uninstalling Oracle Secure Backup On Aix
The makedev script can also replace an old attach point, rather than creating a new one. If you reuse an Oracle Secure Backup LUN for a tape library or drive, then the attach point for the old tape device is overwritten. -
Page 39: Identifying And Configuring Aix Devices
Oracle Secure Backup Reference for makedev syntax See Also: Identifying and Configuring AIX Devices To access SCSI or Fibre Channel tape devices, Oracle Secure Backup requires the following identifying information about how the devices are attached to their hosts: SCSI bus name ■... - Page 40 Vendor : IBM Product : ULTRIUM-TD3 World Wide Name : 2400005084800672 Total count of Media Changers and/or Tape devices found : 8 Navigate to the install directory in your Oracle Secure Backup home. For example: # cd /usr/local/oracle/backup/install Enter the makedev command at the shell prompt:...
- Page 41 RETURN error on tape change or reset True rwtimeout Set timeout for the READ or WRITE commandTrue scsi_id SCSI ID False var_block_size 0 BLOCK SIZE for variable length support True ww_name 0x2001006045175222 FC World Wide Name False Installing Oracle Secure Backup on Linux or UNIX 2-15...
-
Page 42: Identifying And Configuring Hp-Ux Devices
You can convert the hexadecimal values of lun_id and scsi_id (shown in bold) to decimal so that they are usable by the Oracle Secure Backup makdev command. After conversion, the SCSI LUN ID is 281474976710656 and the SCSI ID is 2. - Page 43 Tape drive (tape) IBM ULTRIUM-TD3 Tape drive (tape) IBM ULTRIUM-TD3 Use makedev to create attach points so that Oracle Secure Backup can identify devices for backup and restore operations. The following example runs makedev using the information in Table 2–4. The example creates the attach point /dev/obl/8 for the ADIC FastStor 2 library on SCSI bus instance 3 with the target ID 1 and SCSI LUN 0.
-
Page 44: Identifying And Configuring Linux Attach Points
HP Ultrium 2 /dev/sg4 Use the mkdev command in obtool to create attach points so that Oracle Secure Backup can identify devices for backup and restore operations. The following example creates attach points for the tape library and tape drive... -
Page 45: Enabling The Solaris Sgen Driver For Changer And Sequential Devices
Use the following steps to enable the Solaris sgen driver for sequential and changer devices: If your host does not have a previous installation of Oracle Secure Backup, skip to Step 2. When you enable the Solaris sgen driver on a host that already has Oracle Secure Backup installed, the attach points and device configuration will be lost. -
Page 46: Utilizing Sgen Attach Points
/dev/obtn that point to the entries in /dev/scsi/changer or /dev/scsi/sequential. There must be a unique /dev/obln or /dev/obtn entry for each device that Oracle Secure Backup utilizes. These entries in /dev will be used in the obtool mkdev command during Oracle Secure Backup device configuration. - Page 47 Oracle Secure Backup. Enter the name of a host from which you want to uninstall Oracle Secure Backup. The uninstallob script asks for the name of the obparameters file used for installation.
- Page 48 Select one of the following options: ■ If you select this option, then the uninstallob script displays progress messages as it uninstalls Oracle Secure Backup. When it is finished, it displays the following message: Oracle Secure Backup has been successfully removed from host_name.
-
Page 49: Installing Oracle Secure Backup On Windows
Installing Oracle Secure Backup on Windows This chapter explains how to install Oracle Secure Backup on hosts that run the Windows operating system. This chapter contains these sections: Preliminary Steps ■ Disabling Removable Storage Service on Windows Media Servers ■... -
Page 50: Disabling Removable Storage Service On Windows Media Servers
In Windows Explorer, create a temporary folder called osbdownload on a file system with enough free space to hold the downloaded installation file. Open a Web browser and go to the Oracle Secure Backup Web site on Oracle Technology Network (OTN): http://www.oracle.com/technology/products/secure-backup... -
Page 51: Running The Oracle Secure Backup Windows Installer
2. You now have all of the files required to install Oracle Secure Backup release 10.3. Running the Oracle Secure Backup Windows Installer Complete the following steps to install Oracle Secure Backup on a Windows host:... - Page 52 Running the Oracle Secure Backup Windows Installer If you have uninstalled Oracle Secure Backup software before beginning this installation, or if you have never installed it on this computer, then the Clean Install page appears. Click Next to continue. The Customer Information screen appears.
- Page 53 Enter the name of your company in the Organization field. Select one of these options: – Anyone who uses this computer This option allows anyone who has access to this computer to use Oracle Secure Backup. – Only for me This option limits use of Oracle Secure Backup to you.
- Page 54 Configure locally attached media devices option, click Next, and go to step 9. Oracle Secure Backup always installs the software required for the media server role. But if you want this Windows host to have the media server role in...
- Page 55 Running the Oracle Secure Backup Windows Installer See Also: "Configuring Oracle Secure Backup" on page 3-14 ■ Chapter 5, "Configuring and Managing the Administrative ■ Domain" To install the Windows host as an administrative server, click the ■ Administrative Server list and select This feature will be installed on local hard drive.
- Page 56 Running the Oracle Secure Backup Windows Installer If you plan to perform Oracle Database backup and restore operations with RMAN, then enable the action for Create "oracle" user in the administrative server submenu. 3-8 Oracle Secure Backup Installation and Configuration Guide...
- Page 57 If this option is enabled, then the installer creates an Oracle Secure Backup user called oracle (with the rights of the oracle class) whose purpose is to facilitate Oracle Database backup and restore operations with Recovery Manager (RMAN). Installing Oracle Secure Backup on Windows 3-9...
- Page 58 Running the Oracle Secure Backup Windows Installer Note: You are required to create the oracle user only if you plan to use ■ Oracle Secure Backup with RMAN. Oracle Secure Backup If you intend to use to perform one-time, ■...
- Page 59 Running the Oracle Secure Backup Windows Installer If you do not plan to use Oracle Secure Backup to back up your databases, then leave the Create "oracle" user option unselected. This is the default. In addition to the options described in step 6, you can perform the following actions in the Oracle Secure Backup Setup screen: Click Help for detailed descriptions of the installation options.
- Page 60 Running the Oracle Secure Backup Windows Installer Enter a password for the Oracle Secure Backup admin user in the Password for 'admin' user field. Enter the password again in the Re-type password for verification field. The minimum password length is determined by the minuserpasswordlen security policy.
- Page 61 The default from address for e-mails generated by Oracle Note: Secure Backup is SYSTEM@fqdn, where fqdn is the fully qualified domain name of the Oracle Secure Backup administrative server. You can change this default from address after installation. See Oracle Secure Backup Reference for more information.
-
Page 62: Configuring Oracle Secure Backup
3-14. Configuring Oracle Secure Backup This section explains how to configure Oracle Secure Backup using the Oracle Secure Backup Configuration utility. This utility starts automatically when you click Finish on the final Installshield Wizard screen during the installation of Oracle Secure Backup. - Page 63 Configuring Oracle Secure Backup Click Next. The Oracle Secure Backup Service Startup screen appears. Select one of these modes in which to start the Oracle Secure Backup service: Automatic ■ The Oracle Secure Backup service starts automatically when you restart your host.
- Page 64 Configuring Oracle Secure Backup Manual ■ The Oracle Secure Backup service must be started manually by a user who is a member of the Administrators group. Disabled ■ The Oracle Secure Backup service is disabled. Click Next. The Oracle Secure Backup Service Logon screen appears.
- Page 65 After a short delay, the devices are redisplayed with check marks in the first column and an Oracle Secure Backup device name for each of them in the last column. Make a note of the device name assigned to each device. You must have these device names when you set up the devices in Oracle Secure Backup later on.
-
Page 66: Configuring Firewalls For Oracle Secure Backup On Windows
400, port 10000, and other dynamically assigned ports. Because the dynamically assigned ports used by Oracle Secure Backup span a broad range of port numbers, your firewall must be configured to allow executables for the Oracle Secure Backup daemons to listen on all ports. -
Page 67: Upgrade Installation On Windows 32-Bit
Oracle Secure Backup to complete the installation. If you do not want to save the existing admin directory files, then you must exit the installation, uninstall Oracle Secure Backup release 10.2, and select the Delete option. -
Page 68: Upgrade Installation On Windows X64
Run the Oracle Secure Backup release 10.3 installer. Uninstalling Oracle Secure Backup on Windows Complete the following steps to uninstall Oracle Secure Backup on Windows: Select Start > All Programs > Oracle Secure Backup > Uninstall Oracle Secure Backup. A confirmation dialog appears. -
Page 69: Oracle Secure Backup User Interfaces
Oracle Secure Backup User Interfaces This chapter introduces the interfaces that you can use with Oracle Secure Backup. The major interfaces to Oracle Secure Backup are: Oracle Enterprise Manager ■ This is the primary graphical user interface for managing Oracle Secure Backup. -
Page 70: Enabling Oracle Secure Backup Links In Oracle Enterprise Manager
■ Enabling Oracle Secure Backup Links in Oracle Enterprise Manager If you are using releases 10.2.0.1 or 10.2.0.2 of Oracle Enterprise Manager Grid Control or release 10.2.0.2 of Oracle Enterprise Manager Database Control, then the Maintenance page does not include the Oracle Secure Backup section by default. If the Oracle Secure Backup section does not appear in the Maintenance page, then you must configure Oracle Enterprise Manager to enable the links. -
Page 71: Registering An Administrative Server In Oracle Enterprise Manager
Accessing the Web Tool from Enterprise Manager The Oracle Enterprise Manager console for a database provides a link to the Oracle Secure Backup Web tool. You can use this link when you need access to Oracle Secure Backup Web tool functions, such as file-system backup information. -
Page 72: Using The Oracle Secure Backup Web Tool
Using the Oracle Secure Backup Web Tool Log in to the Oracle Enterprise Manager Database Control as a user with database administrator rights. Go to the Oracle Secure Backup section of the Maintenance page. If the Oracle Secure Backup section does not appear in the Maintenance page, then "Enabling Oracle Secure Backup Links in Oracle Enterprise Manager"... -
Page 73: Web Tool Home Page
User Name box and a password in the Password box. If you are logging into the Oracle Secure Backup Web tool for the first time, then log in as the admin user. You can create additional users after you log in. -
Page 74: Persistent Page Links
A menu bar at the top of the Oracle Secure Backup Home page enables you to select among the Configure, Manage, Backup, and Restore tabs. When using the Oracle Secure Backup Web tool, ensure that Note: your browser is configured to reload the page every time it is viewed. -
Page 75: Web Tool Configure Page
Using the Oracle Secure Backup Web Tool Logs the current user out of the Oracle Secure Backup Web tool, clears user name and password cookies, and returns to the Login page. Preferences ■ Use this link to access settings for the following options: –... -
Page 76: Web Tool Manage Page
Oracle Secure Backup can generate and email job summaries detailing the status of each scheduled backup. - Page 77 Using the Oracle Secure Backup Web Tool Figure 4–4 Oracle Secure Backup Manage Page The Manage page is divided into two main sections. One is for Maintenance, and the other is for Devices and Media. The Devices and Media section includes the following...
-
Page 78: Web Tool Backup Page
Click this link to perform raw restores, which require prior knowledge of the names of the file-system objects you want to restore. You must also know the volume IDs and the file numbers on which the volumes are stored. 4-10 Oracle Secure Backup Installation and Configuration Guide... -
Page 79: Using Obtool
The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the user be prompted for the password. -
Page 80: Running Obtool Commands In Interactive Mode
Using obtool Running obtool Commands in Interactive Mode You can enter the commands described in Oracle Secure Backup Reference at the obtool prompt. For example, the lshost command displays information about the hosts in your administrative domain: ob> lshost brhost2... -
Page 81: Ending An Obtool Session
The practice of supplying a password in clear text on a Note: command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the user be prompted for the password. - Page 82 Using obtool 4-14 Oracle Secure Backup Installation and Configuration Guide...
-
Page 83: Configuring And Managing The Administrative Domain
For details, see Oracle Secure Backup Administrator's Guide. Administrative Domain Configuration Steps: Outline The required steps to configure Oracle Secure Backup after installation are as follows: Use your Web browser to connect to the Oracle Secure Backup Web tool running on the administrative server as the admin user. -
Page 84: Configuring The Administrative Domain With Hosts
After configuring each client host, ping it to ensure that it is reachable. Initial configuration is complete. Oracle Secure Backup is installed on all hosts, and all clients, media servers and tape devices are accessible by Oracle Secure Backup. Network communication among hosts in the administrative domain is configured with the default security configuration described in "Default Security... -
Page 85: Viewing The Hosts In The Administrative Domain
Whether the host is in service or not in service at the moment ■ After adding a host to the administrative domain, Oracle recommends that you ping the host to confirm that it can be accessed by the administrative server. - Page 86 The Oracle Secure Backup Web tool displays a form for entering configuration information about the host. In the Host field, enter the unique name of the host in the Oracle Secure Backup administrative domain. In most cases, this name is the host name resolvable to an IP address using the host name resolution system (such as DNS or NIS) on your network.
- Page 87 NDMP-related policies In the Username field, enter the name used to authenticate Oracle Secure Backup to this NDMP server. If left blank, then Oracle Secure Backup uses the name in the NDMP policy. In the Password list, select one of these options: Use default password ■...
-
Page 88: Adding The Media Server Role To An Administrative Server
If you choose both the administrative server and media server roles when installing Oracle Secure Backup on a host, then that host is automatically part of the administrative domain. But it is not recognized as a media server until that role is explicitly granted to it using the chhost command in obtool or the Oracle Secure Backup Web tool. - Page 89 Configuring the Administrative Domain with Hosts Select the administrative server and click Edit. The Configure: Hosts > host_name page appears. In the Roles list, shift-click to add the media server role and then click OK. The Configure: Hosts page reappears with the media server role added to the administrative server host.
-
Page 90: Adding Backup And Restore Environment Variables To An Ndmp Host
This list shows each IP address or name by which this host can be referenced. Each is associated with a specific network interface. The IP address or name identifies the network interface that clients you select can use when communicating with the server. 5-8 Oracle Secure Backup Installation and Configuration Guide... -
Page 91: Pinging A Host
Select one or more clients to use this IP address or DNS name from the Host list field. Click Add. The Oracle Secure Backup Web tool displays the PNI in the IP Address: Host List field. To remove a PNI: In the IP Address: Host List field, select the name of the PNI to remove. -
Page 92: Removing A Host
Oracle Secure Backup removes the host and returns you to the Host page. Adding Tape Devices to an Administrative Domain This section explains how to configure a tape drive or tape library for use with Oracle Secure Backup. This section contains these topics: Tape Device Names ■... -
Page 93: Tape Device Names
Oracle Secure Backup. However, you can enter it manually if necessary. About Configuring Tape Drives and Libraries This section explains how to configure a tape drive or tape library for use with Oracle Secure Backup. You can add a tape device in one of two ways: Manually ■... -
Page 94: Updating A Tape Device Inventory
If a library shows a slot as occupied, then this slot is in an invalid state. Updating a Tape Device Inventory To update a tape library or tape drive inventory using the Oracle Secure Backup Web tool: From the Oracle Secure Backup Web tool Home page, click Manage. -
Page 95: Displaying The Devices Page
Adding Tape Devices to an Administrative Domain In the Devices section, click Libraries. The Manage: Libraries page appears. Select the tape drive or tape library you want to inventory in the Devices table. Select Inventory (Library | Drive) in the Library commands list. In this example, lib1 is selected. -
Page 96: Configuring A Tape Library
It can contain at most 127 characters. The tape device name is of your choosing. It must be unique among all Oracle Secure Backup device names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain. - Page 97 In the Barcode required list, select yes or no. If you specify yes, then Oracle Secure Backup refuses to use any tape that lacks a readable barcode.
-
Page 98: Configuring Automatic Tape Cleaning For A Library
Enter a value in the Minimum writable volumes field. When Oracle Secure Backup scans tape devices for volumes to be moved, it looks at this minimum writable volume threshold. If the minimum writable volume threshold is nonzero, and if the number of writable volumes in that tape library is less than this threshold, then Oracle Secure Backup creates a media movement job for the full volumes even if their rotation policy does not require it. -
Page 99: Configuring A Tape Drive
In the Serial number field, enter the serial number of the tape drive. This step is not required. But if you do not enter a serial number, then Oracle Secure Backup reads and stores the tape drive serial number the first time it opens the tape drive. - Page 100 This option is not available for standalone tape drives. In the Automount field, select yes (default) or no to specify whether automount mode is on or off. Enable the automount mode if you want Oracle Secure Backup to mount tapes for backup and restore operations without operator intervention.
-
Page 101: Discovering Tape Devices Automatically On Ndmp Hosts
If you select All or Storage element range or list, then this option is no longer visible. Oracle Secure Backup allows all tapes to be accessed by all tape drives. The use list enables you to divide the use of the tapes for tape libraries in which you are using multiple tape drives to perform backups. -
Page 102: Configuring An Ndmp Copy-Enabled Virtual Tape Library
(new drive) WWN: [none] new attach-point on host_name, rawname c0t0l2 If there are no changed tape devices to discover, then the Oracle Secure Backup Web tool displays a message similar to the following: Info: beginning device discovery for host_name. -
Page 103: Adding A Tape Device Attachment
--type library --class vtl --attach osb_media_server:/dev/obl0,ndmp_media_server:/dev/sg0 vlib This library and its drives are accessible through the Oracle Secure Backup media server and the embedded NDMP server. This command configures an Oracle Secure Backup device object that is associated with virtual tape drive vdrive1, which is contained in the virtual library vlib. -
Page 104: Pinging A Device Attachment
Inquires about the device's identity data with the SCSI INQUIRY command Closes the connection If the attachment is remote from the host running the Oracle Secure Backup Web tool (or obtool), then Oracle Secure Backup establishes an NDMP session with the remote media server to effect this function. -
Page 105: Multiple Attachments For San-Attached Tape Devices
SAN. Systems such as a Network Appliance filer permit access to tape devices attached to a SAN through their WWN. Oracle Secure Backup includes a reference to the WWN in the device attachment's raw device name. -
Page 106: Creating Attach Points For Solaris 10 Scsi And Fibre Channel Devices
■ Pinging a Tape Device To determine whether a tape device is reachable by Oracle Secure Backup through any available attachment, ping the tape device. You should ping each tape device after it is configured or discovered, to verify that it is configured correctly. -
Page 107: Editing Device Properties
The tape device type ■ If a tape device is in service, then it Oracle Secure Backup can use it; if it is not in service, then Oracle Secure Backup cannot use it. When a tape device is taken out of service, no more backups are dispatched to it. -
Page 108: Setting Serial Number Checking
In this example, library lib1 is verified. No errors are found. Setting Serial Number Checking You can use the Oracle Secure Backup Web tool to enable or disable tape device serial number checking. If serial number checking is enabled, then whenever Oracle Secure Backup opens a tape device, it checks the serial number of that device. - Page 109 Verifying and Configuring Added Tape Devices In the Policy column, click devices. The Configure: Defaults and Policies > Devices page appears. Do one of the following: Select Yes from the Check serial numbers list to enable tape device serial number checking. This is the default setting. Select No from the Check serial numbers list to disable tape device serial number checking.
- Page 110 Verifying and Configuring Added Tape Devices 5-28 Oracle Secure Backup Installation and Configuration Guide...
-
Page 111: Managing Security For Backup Networks
Managing Security for Backup Networks This chapter describes how to make your backup network more secure. Oracle Secure Backup is automatically configured for network security in your administrative domain, but you can enhance that basic level of security in several ways. Secure communications among the nodes of your administrative domain concerns the encryption of network traffic among your hosts. -
Page 112: Planning Security For An Administrative Domain
SSL protects the administrative domain from eavesdropping, message tampering or forgery, and replay attacks. Network backup software such as Oracle Secure Backup is only one component of a secure backup network. Oracle Secure Backup can supplement but not replace the physical and network security provided by administrators. -
Page 113: Identifying Your Backup Environment Type
■ These users do not fall into any of the preceding categories of principals, but can access a larger network that contains the Oracle Secure Backup domain. Onlookers might own a host outside the domain. The relationships between assets and principals partially determine the level of... -
Page 114: Data Center
The users probably include only the backup administrator and system administrator, who might be the same person. The backup administrator is the administrative user of the Oracle Secure Backup domain and is in charge of backups on the domain. The system administrator manages the hosts, tape devices, and networks used by the domain. - Page 115 Principals include the following users: The backup administrator accesses the domain as an Oracle Secure Backup ■ administrative user. The system administrator administers the computers, devices, and network.
-
Page 116: Corporate Network
The assets include basically every piece of data and every computer in the corporation. Each administrative domain can have multiple users. Some host owners can have their own Oracle Secure Backup account to initiate a restore of their file systems or databases. -
Page 117: Determining The Distribution Method Of Host Identity Certificates
Planning Security for an Administrative Domain Oracle Secure Backup cannot itself provide physical or network security for any host nor verify whether such security exists. For example, Oracle Secure Backup cannot stop malicious users from performing the following illicit activities: Physically compromising a host ■... -
Page 118: Trusted Hosts
These hosts are the and each server. These hosts administrative server media are classified by Oracle Secure Backup as trusted hosts. Hosts configured with only the client role are classified as non-trusted hosts. "Choosing Secure Hosts for the Administrative and Media See Also: Servers"... -
Page 119: Host Authentication And Communication
The same command succeeds when attempted on admin or media. You can turn off these trust checks by setting the Oracle Secure Backup security policy trustedhosts to off. This disables the constraints placed on non-trusted hosts. -
Page 120: Authenticated Ssl Connections
CA. Like other hosts in the domain, the CA stores its identity certificate. The CA also maintains a signing certificate that authorizes the CA to sign the identity certificates for the other hosts in the domain. 6-10 Oracle Secure Backup Installation and Configuration Guide... -
Page 121: Automated And Manual Certificate Provisioning Mode
The password for the password-protected wallet is generated by Oracle Secure Backup and not made available to the user. The password-protected wallet is not usually used after the security credentials for the host have been established, because the Oracle Secure Backup daemons use the obfuscated wallet. -
Page 122: Oracle Secure Backup Encryption Wallet
If you do not use Oracle Secure Backup catalog recovery to back up the wallet, then Oracle recommends that the ewallet.p12 encryption wallet not be backed up on the same media as encrypted data. Encryption wallets are not excluded from backup operations automatically. -
Page 123: Web Server Authentication
See Also: Oracle Secure Backup Reference for revhost syntax and semantics If you revoke a host identity certificate, then none of the Oracle Secure Backup service accept connections from that host. Revocation is not reversible. If you revoke daemons Managing Security for Backup Networks 6-13... -
Page 124: Encryption Of Data In Transit
Oracle Secure Backup transfers the RMAN-encrypted data over the network to media_server. Oracle Secure Backup does not apply additional encryption to the data as it passes over the network. After Oracle Secure Backup writes the data to tape, the data resides on tape in encrypted form. -
Page 125: Default Security Configuration
Oracle Secure Backup transfers the encrypted backup data over the network to media_server. Oracle Secure Backup does not apply additional encryption to the data as it passes over the network. After Oracle Secure Backup writes the data to tape, the file-system data resides on tape in encrypted form. -
Page 126: Configuring Security For The Administrative Domain
Configuring the Administrative Server If you install Oracle Secure Backup on a host and specify this host as the administrative server, then this server is the Certification Authority (CA) for the Oracle Secure Backup domain. -
Page 127: Configuring Media Servers And Clients
Configuring Security for the Administrative Domain Configuring Media Servers and Clients Oracle Secure Backup creates security credentials for a host when you use the Oracle Secure Backup Web tool or run the mkhost command in obtool to configure the host. -
Page 128: Setting The Size For Public And Private Keys
The default key size for all hosts in the domain is 1024 bits. If you accept this default, then you are not required to perform any additional configuration. Oracle Secure Backup enables you to set the key to any of the following bit values, which are listed in descending order of security: 4096 ■... -
Page 129: Setting The Key Size In The Certkeysize Security Policy
Configuring Security for the Administrative Domain You can set the key size in the obparameters file when you install Oracle Secure Backup on the administrative server. When you install Oracle Secure Backup interactively, the install script gives you an opportunity to modify the obparameters file. -
Page 130: Enabling And Disabling Ssl For Host Authentication And Communication
Configuring Security for the Administrative Domain You can set the key size when you use the mkhost command or Oracle Secure Backup Web tool to configure a host. If you specify the --certkeysize option on the mkhost command, then the specified value overrides the default certificate key size set in the security policy. -
Page 131: Managing Certificates With Obcm
The operating system user running obcm must have write permissions in the wallet directory. By default, the wallet used by Oracle Secure Backup is located in the following locations: /usr/etc/ob/wallet (UNIX and Linux) ■... - Page 132 Managing Certificates with obcm import --file signed_certificate_file Because only one Oracle Secure Backup wallet exists on the host, you are not required to specify the --host option. For example, the following example imports the certificate from /tmp/brhost2_cert.f: import --file /tmp/brhost2_cert.f The obcm utility issues an error message if the certificate being imported does not correspond to the certificate request in the wallet.
-
Page 133: Oracle Secure Backup Directories And Files
■ /usr/local/oracle/backup on Linux and UNIX ■ The Oracle Secure Backup home directory is created on every host where you install Oracle Secure Backup, although the contents of the directory vary depending on the roles you assigned to the host. - Page 134 Log files for email summary reports admin/log/security/ Security-related logfiles admin/state/ Dynamic state data admin/state/device/ Device state admin/state/device/device_name/ State for device_name admin/state/family/ Media family state admin/state/family/media_family_name State for media_family_name admin/state/general/ Miscellaneous state admin/state/host/ Host state A-2 Oracle Secure Backup Installation and Configuration Guide...
- Page 135 Device tables help/ Oracle Secure Backup help files samples/ Sample tools for scripting with Oracle Secure Backup Table A–2 Windows Directories for an Administrative Server Directory Description db\xcr\ Transcripts for jobs that ran on this host db\.hostid...
- Page 136 They are described in the following tables: Architecture-Independent Directories for a Media Server ■ Windows Directories for a Media Server ■ Linux and UNIX Directories and Files for a Media Server ■ A-4 Oracle Secure Backup Installation and Configuration Guide...
-
Page 137: Client Host Directories And Files
Client Host Directories and Files Every computer that acts only as a client host contains the minimum set of directories and files needed for Oracle Secure Backup operations. They are described in the following tables: Architecture-Independent Directory for a Client Host ■... - Page 138 Shell program that selects an executable from a .bin.* or .etc.* directory, based on the computer architecture of the host executing the command. Symbolic links and the architecture-independent .wrapper shell program enable hosts to contain executables for multiple computer architectures. A-6 Oracle Secure Backup Installation and Configuration Guide...
-
Page 139: B Oracle Secure Backup Obparameters Installation Parameters
Oracle Secure Backup obparameters Installation Parameters This appendix describes the installation parameters for Oracle Secure Backup on Linux or UNIX. You can set these parameters in the obparameters file, which is a plain text file located in the install subdirectory of the Linux or UNIX Oracle Secure Backup home. -
Page 140: Start Daemons At Boot
Specifies a 4096-bit key length. This value offers a very high 4096 level of security. create preauthorized oracle user This parameter controls whether the Oracle Secure Backup installation process creates Oracle Secure Backup user named oracle which has been preauthorized to perform database backup and restore operations. -
Page 141: Default Unix User
Backup user named oracle if requested. By setting this parameter, you specify the Linux or UNIX operating system user to which the Oracle Secure Backup user named oracle is mapped. You can also perform this task through the Oracle Secure Backup tool. -
Page 142: Linux Db Dir And Solaris64 Db Dir
/usr/etc/ob. linux temp dir and solaris64 temp dir Oracle Secure Backup typically uses the /usr/tmp directory on each host for storage of transient files. Oracle Secure Backup requires that the temporary directory be able to contain lockable files and that it be accessible during the beginning of the restart process. -
Page 143: Ask About Ob Dir
(such as.lib.linux32). Oracle Secure Backup home ask about ob dir Specifies whether the installation notifies you when you are about to install Oracle Secure Backup into a directory other than the default Oracle Secure Backup home. -
Page 144: Run Obopenssl
Oracle recommends using the default provided to ensure Note: proper initialization of your Oracle Secure Backup tool. Table B–12 run obopenssl: Values Value Meaning yes (default) Create the certificate. Do not create the certificate. B-6 Oracle Secure Backup Installation and Configuration Guide... -
Page 145: C Determining Linux Scsi Parameters
Determining Linux SCSI Parameters For the Linux and UNIX platforms, if you do not know the parameters of a SCSI tape device, then you must determine them before you begin installation. This appendix describes procedures for determining SCSI device parameters on Linux and UNIX. Determining SCSI Device Parameters on Linux To obtain tape device information on Linux, use the cat command to view the contents of /proc/scsi/scsi. - Page 146 Based on the output shown in Example C–1, Table C–1 summarizes the tape device information for storabck05. Table C–1 storabck05 Device Summary Host Bus SCSI bus Device Adapter address Target ID SCSI LUN Library Tape drive C-2 Oracle Secure Backup Installation and Configuration Guide...
-
Page 147: D Oracle Secure Backup And Acsls
Oracle Secure Backup and ACSLS This appendix describes Oracle Secure Backup support for StorageTek Automated Cartridge System Library Software (ACSLS). ACSLS is a package of server software that controls one or more Automated Cartridge Systems tape library. This appendix contains these sections: About ACSLS ■... -
Page 148: Acsls And Oracle Secure Backup
Oracle Secure Backup Reference for more information on obtool ■ device commands ACSLS references all of its volumes by their external barcode labels, which are required for all ACS volumes. Oracle Secure Backup continues to allow the operator access these ACS volumes by storage element, volume label, and barcode label. -
Page 149: Communicating With Acsls
Oracle Secure Backup, and map the operating system device to the Oracle Secure Backup device. The same steps are required for ACSLS. But you must also further define the ACSLS mapping of the tape drive through the mkdev or chdev command. -
Page 150: Access Controls
ACSLS enables you to define one or more scratch pools to which a blank or recycled volume can be assigned. Subsequent scratch mount requests are then restricted to volumes in the pool or pools specified with the request. Oracle Secure Backup offers equivalent functionality with an optional scratch pool ID for objects. -
Page 151: Unsupported Oracle Secure Backup Commands
Oracle Secure Backup handles ACS tape devices no differently from other devices. The Oracle Secure Backup device driver (if any) is installed, and special device files are created. The data path is controlled solely by Oracle Secure Backup. ACSLS is not involved. - Page 152 Installation and Configuration D-6 Oracle Secure Backup Installation and Configuration Guide...
- Page 153 The administrative server runs the scheduler, which starts and monitors backups within the administrative domain. Apache Web server A public-domain Web server used by the Oracle Secure Backup tool. attachment The physical or logical connection (the path in which data travels) of a...
- Page 154 A description of when and how often Oracle Secure Backup should back up the files specified by a dataset. The backup schedule contains the names of each dataset file and the name of the to use.
- Page 155 The number of 512-byte blocks to include in each block of data written to each tape drive. By default, Oracle Secure Backup writes 64K blocks to tape, which is a blocking factor of 128. Because higher blocking factors usually result in better performance, you...
- Page 156 A text file that describes a dataset. The Oracle Secure Backup dataset language provides a text-based means to define file-system data to back up. defaults and policies A set of configuration data that specifies how Oracle Secure Backup runs in an administrative domain.
- Page 157 A protocol used primarily among devices in a Storage Area Network (SAN). file-system backup A backup of files on the file system initiated by Oracle Secure Backup. A file-system backup is distinct from a Recovery Manager (RMAN) backup made through the Oracle Secure Backup interface.
- Page 158 A catalog created and maintained by Oracle Secure Backup that describes past, current, and pending backup jobs. job summary A text file report produced by Oracle Secure Backup that describes the status of selected backup and restore jobs. Oracle Secure Backup generates the report according to a user-specified job summary schedule.
- Page 159 A text file that lists the hosts in your network on which Oracle Secure Backup should be installed. For each host, you can identify the Oracle Secure Backup installation type, Glossary-7...
- Page 160 An obfuscated wallet supports single sign-on (SSO). obtar The underlying engine of Oracle Secure Backup that moves data to and from tape. obtar is a descendent of the original Berkeley UNIX tar(2) command. Although obtar is typically not accessed directly, you can use it to back up and restore files or directories specified on the command line.
- Page 161 A preauthorization gives an operating system user access to specified Oracle Secure Backup resources. primary access mode The mode of access for a host that uses the Oracle Secure Backup network protocol for communications within the domain. Oracle Secure Backup must be administrative installed on hosts that use primary access mode.
- Page 162 A utility supplied with Oracle Database used for database backup, restore, and recovery. RMAN is a separate application from Oracle Secure Backup. Unlike RMAN, you can use Oracle Secure Backup to back up any file on the file system—not just database files. Oracle Secure Backup includes an...
- Page 163 SCSI logical unit number. A 3-bit identifier used on a SCSI bus to distinguish between up to eight devices (logical units) with the same SCSI ID. Do not confuse with Oracle Secure Backup logical unit number Secure Sockets Layer (SSL) A cryptographic protocol that provides secure network communication.
- Page 164 7 days and the retention to 14 days. Assume that Oracle Secure Backup first wrote to the first volume in period the set on January 1 at noon and subsequently wrote data on 20 more volumes in the set.
- Page 165 January 1 at noon and that Oracle Secure Backup subsequently wrote data on 20 more volumes in the set. In this scenario, the volume expiration time for all 21 volumes in the set is January 22 at noon.
- Page 166 The date and time that a volume set closes for updates. Oracle Secure Backup computes this time when it writes backup image file number 1 to the first volume the set.
- Page 167 6-16 about, 1-6 directories, A-1 and restore operations, 1-7 files, A-1 setting for tape drive, 5-18 installation on Linux/UNIX, 2-8 setting maximum for tape drive, 5-18 registering with Oracle Enterprise Manager, 4-3 Apache Web server and network security, 6-13 Index-1...
- Page 168 5-11, 5-14 configuration file parameters tape library status, 5-14 ask about osb dir, B-5 tape library World Wide Name (WWN), 5-15 create preauthorized oracle user, B-2 testing tape device attachments, 5-22 customized obparameters, B-1 updating hosts, 5-9 default protection, B-5...
- Page 169 6-21 setting for tape drive, 5-18 installation exporting overview, 1-13 identity certificates, 6-21 with Oracle Real Application Clusters, 2-2 installation media about, 1-12 installation on Linux/UNIX Fibre Channel parameters about obparameters, 2-7 prerequisites, 2-3 about oracle user, 2-7...
- Page 170 B-2 maximum blocking factor customized obparameters, B-1 about, 1-6 default protection, B-5 setting for tape drive, 5-18 default UNIX/LINUX group, B-3 media server default UNIX/LINUX user, B-3 defined, 1-2 identity certificate key size, B-2 directories, A-4...
- Page 171 2-7 backup environment, 6-3 ask about osb dir, B-5 Certification Authority, 6-9 confirming, 2-8 Certification Authority (CA), 6-10 create preauthorized oracle user, B-2 certkeysize, 6-19 customized obparameters, B-1 configuring clients, 6-17 default protection, B-5 configuring media servers, 6-17 default UNIX/LINUX group, B-3...
- Page 172 Windows, 3-2 obcm utility, 6-21 removing obfuscated wallet, 6-11 hosts, 5-10 Oracle wallet, 6-11 preferred network interfaces, 5-9 Oracle wallet passwords, 6-11 requirements planning, 6-2 disk space, 1-11 public key cryptography, 6-9 duplicate host names, 1-12 revoking an identity certificate, 6-13...
- Page 173 trusted hosts, 6-8 configuring during installation on using obcm utility, 6-11 Linux/UNIX, 2-10 X.509 certificates, 6-2 defined, 1-5 security, overview, 6-1 disabling SCSI scanning software, 5-17 setup script displaying properties, 5-25 about, 2-6 editing properties, 5-25 running, 2-6 naming, 5-17 selecting during installation on Windows, 3-17 authenticated connections, 6-10 setting automount mode, 5-18...
- Page 174 Windows installer running, 3-3 uninstalling WINS Oracle Secure Backup on Linux/UNIX, 2-20 requirements, 1-12 Oracle Secure Backup on Windows, 3-20 World Wide Name (WWN) uninstallob setting for tape drives, 5-18 running, 2-20 setting for tape libraries, 5-15 updating hosts, 5-9...