118 Part II: Setup Principles and Practices Oracle Secure Backup administrative server Oracle Secure Backup clients NAS appliance Linux NDMP OB OB Linux Unix Backup Restore Control flow Windows Oracle database Oracle database Oracle Secure Backup catalog Tape library Oracle Secure Backup media server Recovery Manager Recovery Manager FIGURE 5-2 OSB administrative domain Oracle database Tape library Recovery Manager Offsite storage Enterprise Manager Database Control Oracle Secure Backup administrative server, media server, and client Linux Backup Restore b o Web browser Tape FIGURE 5-3 OSB administrative domain with a single host Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 5: Oracle Secure Backup 119 Oracle Secure Backup Daemons An administrative domain uses seven types of OSB daemons: Service daemon This daemon runs on the administrative server, media server, and client. Access to OSB configuration data on the administrative server is provided by the service daemon. It also runs jobs requested by the schedule daemon. On a media server or a client, the daemon handles membership in an administrative domain. Schedule daemon This runs only on the administrative server. It is the OSB scheduler. Index daemon This daemon runs only on the administrative server, to manage the backup catalog. It starts when a backup is completed or the catalog is accessed for restore or browsing operations. Apache web server daemon This runs only on the administrative server and provides the Web tool interface. NDMP daemon This daemon runs on a media server and a client, and provides data communication between them. Robot daemon This runs on a media server and manipulates tapes in a tape library. The service daemon starts one robot daemon for each tape library when a tape manipulation is needed. Proxy daemon This daemon runs on a client to verify user access for SBT backup and restore operations. Host Access Modes Communicating to a host in an administrative domain is possible through two access modes: Primary For primary access mode, OSB is installed on a host. The access mode is used by OSB daemons. An Oracle database typically exists on a host accessed via this mode. In OEM, it is referred to as “native” access mode. In OSB Web tool, it is called “OB” access mode. NDMP The Network Data Management Protocol host is a storage appliance provided by third-party vendors, such as DinoStor, Mirapoint, and Network Appliance. Using a vendor-specific implementation, the NDMP host uses the NDMP protocol to back up and restore file systems. OSB is accessible via NDMP, although OSB software is not installed on an NDMP host. Administrative Data OSB arranges information for the administrative domain as a hierarchy of files in the OSB home on the administrative server. The directory that OSB installed into is the OSB home. Figure 5-4 illustrates the directory structure for an OSB home. All platforms have the same directory structure, although the default home is /usr/local/oracle/backup for Unix and Linux systems, but is C:\Program Files\Oracle\Backup for Microsoft Windows systems. Domain-wide entities, such as media families, classes, and devices, are included within the administrative data. Figure 5-4 illustrates how the config directory contains several subdirectories. ■ ■ ■ ■ ■ ■ ■ ■ ■ Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 120 Part II: Setup Principles and Practices These subdirectories each represent an object maintained by OSB. For each object directory, OSB creates files describing the characteristics for the corresponding object. Only in rare circumstances would it be necessary to access the administrative database directly from the file system. The OEM, Web tool, and obtool interfaces are commonly used to access catalogs and configuration data. Oracle Secure Backup Users and Classes To enable OSB to maintain consistent user identities across the administrative domain, OSB saves information for OSB users, as well as their rights, on the administrative server. On the administrative server, each OSB user has an account and an encrypted password. Using Web tool or obtool, operating system users may enter their username and password. Using an encrypted SSL connection, the client program transmits the password to the administrative server. The admin user is created by default during OSB installation on the administrative server. Also during the installation, you can create the oracle user to back up and recover Oracle databases. The installer assigns a random password to the oracle user. Usually, it is unnecessary to log into OSB by using this user. Operating System Accounts For OSB users, the namespace is distinct from the namespaces for Linux, Unix, and Microsoft Windows users. Therefore, if you access a host in the administrative domain as, for example, the operating system user backup_usr, and if the OSB user in the domain is named backup_usr, these accounts will be managed separately, though the names are identical. You may find it convenient to create the OSB user with the same name and password as an operating system user. At the time you create an OSB user, you may associate the user with Unix and Microsoft Windows accounts. Accounts of this type are used with an unprivileged backup, which is a backup that is not run with root privileges. Privileged backup and restore operations use a client with root (Unix) or Local System (Microsoft Windows) permissions. /usr/local/oracle/backup Back up on a regular basis admin Centralized on the administrative server config class history log stateencryption security dataset default device family host schedule summary user FIGURE 5-4 Administrative server directories Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 5: Oracle Secure Backup 121 If you were to create an OSB user named backup_usr and associate it with Unix account ubackup_usr and Microsoft Windows account wbackup_usr, when backup_usr uses the backup unprivileged command to back up a client, the jobs will run under the operating system account associated with backup_usr. Therefore, backup_usr is only able to back up files on a Unix client accessible to ubackup_usr, and able to back up files on a Microsoft Windows client accessible to wbackup_usr. With the “modify administrative domain’s configuration” right, you may configure the preauthorization attribute for an OSB user. This right allows you to preauthorize operating system users to create RMAN backups or to access the OSB command-line utilities. NDMP Hosts When setting up an OSB user account, you may configure user access to NDMP. You may set up the host to use a user-defined text password, a null password, or the default NDMP password. A password for an NDMP host is associated with the host, not the user. You may configure a password authentication method such as MD5-encrypted or text. Oracle Secure Backup Rights and Classes A defined set of rights granted to an OSB user is considered an OSB class. Though similar to a Unix group, an OSB class has a finer granularity of access rights specific for the needs of OSB. As shown in Figure 5-5, multiple users may be assigned to a class, while each user is a member of a single class. FIGURE 5-5 Rights and classes Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 122 Part II: Setup Principles and Practices These classes are important to understanding the rights of an OSB user: admin Utilized for overall administration of a domain, it consists of all rights necessary to change domain configurations and to complete backup and restore operations. monitor Does not allow users to receive e-mail notifications, change domain configurations, or to complete backup and restore operations. The users can only access backups, see information about storage devices and domain configuration, and list scheduled jobs. operator For standard day-to-day operations, it has no configuration rights, but consists of all the rights needed for backup and restore operations. This class allows the user to control and query the state of primary and secondary storage devices. oracle Much like the operator class, but with rights enabling the user to change Oracle database configuration settings and to perform Oracle database backups. Members of this class usually are OSB users mapped to operating system accounts of an Oracle database installation. reader Allows members to browse the OSB catalog. Readers may modify only the name and password for their OSB user accounts. user Assigned to users to allow them rights to interact in limited ways with their domains. This class allows users to browse their own data within the OSB catalog and to perform user-based restores. Installing and Configuring Oracle Secure Backup OSB is available for delivery on CD-ROM or may be downloaded from the Oracle Technology Network (OTN) web site at the following address: http://www.oracle.com/technology/products/secure-backup/index.html The following are requirements for installing and configuring OSB: Each host in the OSB administrative domain must run TCP/IP. Static IP addresses should be assigned to all hosts, or it should be ensured that the DHCP server always assigns the same IP address. There should be no duplicate host names in the OSB administrative domain, because index catalog data is based on the client host name. For Linux media servers, the SCSI Generic (SG) driver needs to be installed. Each node of a RAC cluster using OSB requires an installation of OSB. ■ ■ ■ ■ ■ ■ ■ ■ ■ ■ Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 5: Oracle Secure Backup 123 RMAN Workshop: Install and Configure Oracle Secure Backup Workshop Notes The following example uses the Linux operating system. OSB is downloaded from OTN. The recommended directory for the installation of OSB on Linux is /usr/local/oracle/backup. To simplify the example, the administrative server, media server, and client are all installed on the same machine. Step 1. As the root user, check if the uncompress utility is installed on the system. If it is not, create a symbolic link pointing to the gunzip utility: [root@lin32 ~]# uncompress -bash: uncompress: command not found [root@lin32 ~]# ln -s /bin/gunzip /bin/uncompress Step 2. Create a directory for the download, and then issue the change directory command to that directory: [root@lin32 ~]# mkdir download [root@lin32 ~]# cd download/ Step 3. Download OSB into the download directory and then unzip the product: [root@lin32 download]# ls –l total 43864 -rw-r r 1 root root 44866571 Jan 19 20:31 osb-10.3.0.1.0 linux32 release.zip [root@lin32 download]# unzip osb-10.3.0.1.0 linux32 release.zip Archive: osb-10.3.0.1.0 linux32 release.zip creating: osb-10.3.0.1.0 linux32 cdrom090504/ extracting: osb-10.3.0.1.0 linux32 cdrom090504/OSB.10.3.0.1.0 LINUX32.rel creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/ creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/ creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/css/ inflating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/css/blafdoc.css inflating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/css/bp layout.css inflating: osb-10.3.0.1.0 linux32 cdrom090504/welcome.html inflating: osb-10.3.0.1.0 linux32 cdrom090504/doc.tar Step 4. Create the directory where the install will place OSB files: [root@lin32 download]# mkdir -p /usr/local/oracle/backup Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 124 Part II: Setup Principles and Practices Step 5. Issue the change directory command to the OSB destination and run setup: [root@lin32 download]# cd /usr/local/oracle/backup/ [root@lin32 backup]# /root/download/osb-10.3.0.1.0 linux32 cdrom090504/setup The following output is returned: Welcome to Oracle’s setup program for Oracle Secure Backup. This program loads Oracle Secure Backup software from the CD ROM to a filesystem directory of your choosing. This CD ROM contains Oracle Secure Backup version 10.3.0.1.0 LINUX32. Please wait a moment while I learn about this host done. 1. linux32 administrative server, media server, client Loading Oracle Secure Backup installation tools done. Loading linux32 administrative server, media server, client done. Oracle Secure Backup has installed a new obparameters file. Your previous version has been saved as install/obparameters.savedbysetup. Any changes you have made to the previous version must be made to the new obparameters file. Would you like the opportunity to edit the obparameters file Please answer 'yes' or 'no' [no]: Step 6. Leaving the default parameters for now, press ENTER to choose the default answer. The following output is returned: Loading of Oracle Secure Backup software from CD ROM is complete. You may unmount and remove the CD ROM. Would you like to continue Oracle Secure Backup installation with 'installob' now? (The Oracle Secure Backup Installation Guide contains complete information about installob.) Please answer 'yes' or 'no' [yes]: Step 7. Again, press ENTER to choose the default answer. The following output is returned: - - - - - - - - - - - - - - - - - - - - - - - - - - - Welcome to installob, Oracle Secure Backup’s installation program. For most questions, a default answer appears enclosed in square brackets. Press Enter to select this answer. Please wait a few seconds while I learn about this machine done. Have you already reviewed and customized install/obparameters for your Oracle Secure Backup installation [yes]? Step 8. Again, press ENTER to choose the default answer and to leave the default parameters. The following output is returned: - - - - - - - - - - - - - - - - - - - - - - - - - - - Oracle Secure Backup is not yet installed on this machine. Oracle Secure Backup’s Web server has been loaded, but is not yet configured. Choose from one of the following options. The option you choose defines the software components to be installed. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 5: Oracle Secure Backup 125 Configuration of this host is required after installation completes. You can install the software on this host in one of the following ways: (a) administrative server, media server and client (b) media server and client (c) client If you are not sure which option to choose, please refer to the Oracle Secure Backup Installation Guide. (a,b or c) [a]? Step 9. You are going to install all three components of OSB on the same server, so again press ENTER to choose the default answer. The following output is returned: Beginning the installation. This will take just a minute and will produce several lines of informational output. Installing Oracle Secure Backup on lin32 (Linux version 2.6.18-53.el5) You must now enter a password for the Oracle Secure Backup encryption key store. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the key store password: Re-type password for verification: Step 10. Enter the OSB encryption key twice. The key is not displayed. You will see the following output: You must now enter a password for the Oracle Secure Backup 'admin' user. Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters. Please enter the admin password: Re-type password for verification: Step 11. Enter the admin password twice. The password is not displayed. You will see the following output: You should now enter an email address for the Oracle Secure Backup 'admin' user. Oracle Secure Backup uses this email address to send job summary reports and to notify the user when a job requires input. If you leave this blank, you can set it later using the obtool’s 'chuser' command. Please enter the admin email address: Step 12. Leave the e-mail address blank for now. The following output is returned: generating links for admin installation with Web server updating /etc/ld.so.conf checking Oracle Secure Backup’s configuration file (/etc/obconfig) setting Oracle Secure Backup directory to /usr/local/oracle/backup in /etc/obconfig setting local database directory to /usr/etc/ob in /etc/obconfig setting temp directory to /usr/tmp in /etc/obconfig setting administrative directory to /usr/local/oracle/backup/admin in /etc/obconfig protecting the Oracle Secure Backup directory creating /etc/rc.d/init.d/observiced activating observiced via chkconfig initializing the administrative domain ****************************** N O T E ****************************** On Linux systems Oracle recommends that you answer no to the next two questions. The preferred mode of operation on Linux systems is to use the /dev/sg devices for Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. 126 Part II: Setup Principles and Practices attach points as described in the 'ReadMe' and in the 'Installation and Configuration Guide'. Is lin32 connected to any tape libraries that you’d like to use with Oracle Secure Backup [no]? Is lin32 connected to any tape drives that you’d like to use with Oracle Secure Backup [no]? Step 13. Since, in this example, you use a Linux system, answer “no,” as recommended by Oracle, and configure the media server later. The following summary is returned: Installation summary: Installation Host OS Driver OS Move Reboot Mode Name Name Installed? Required? Required? admin lin32 Linux no no no Oracle Secure Backup is now ready for your use. The OSB administrative server, media server, and client are now installed. The OSB Web tool is used to configure the tape library and tape drives. Let’s add the oracle user and a Database Backup Storage Selector to enable backup of an Oracle database. Step 14. Connect and log into the OSB Web tool using the https://<administrative server> link as the admin user. Go to the Configure page, click the Users link, click the Add button, and add the oracle user, as shown next: Step 15. After the oracle user is added, click the Edit button, and change Preauthorized Access: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Chapter 5: Oracle Secure Backup 127 Step 16. As a result, you will have the admin and oracle users: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... for Oracle database and file system data RMAN Workshop: Schedule Oracle Database and File System Data Backups Workshop Notes This workshop schedules OSB Oracle database and file system data backups First, let’s take a full Oracle database backup Step 1 Connect to the database, go to the Availability tab in OEM, and click Schedule Backup Then, choose Whole Database and click Schedule Customized Backup. .. data backup and restore jobs can be scheduled Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Chapter 5: Oracle Secure Backup 133 Oracle Database and File System Data Backup Using Oracle Secure Backup It is not possible to perform Oracle database backup and restore using the OSB Web tool Therefore, we recommend using OEM as a centralized interface to schedule backup and. .. RMAN backups, all management of stored backups must be performed with RMAN If you manually delete backup sets, future RMAN recoveries will continue to assume that they exist RMAN must be used to mark as obsolete and to purge all RMAN backups Similarly, listing and reporting existing backups is best performed via RMAN For example, the following command lists all backups stored on an SBT device (such... detailed instructions on installing and deploying the OSB Cloud Module and Amazon S3 as a backup solution O Conventional Backups: Assumptions and Limitations Two key requirements for robust Oracle backup and recovery are scalable high-capacity on-site backup infrastructure and regular off-site storage of backups in a location separate from the database Traditionally, onsite backup infrastructure has consisted... instance, Oracle 11gR2 does not accept the ENV keyword Instead you must use an alternate channel allocation syntax using the SBT_PARMS keyword On some versions, you may also have to create a symbolic link in ORACLE_ HOME/lib called libobk.so pointing to libosbws11.so: $ ln -s $ORACLE HOME/lib/libosbws11.so $ORACLE HOME/lib/libobk.so Listing RMAN Backups and Backup Sets Stored on S3 As with all RMAN backups,... server hosts and virtual storage From the perspective of the users and applications, cloud services look and behave similarly to stand-alone server and storage equipment Oracle and the Amazon Cloud Oracle and Amazon.com have worked together to provide a way to deploy several components of Oracle technology on Amazon Web Services (AWS), Amazon.com’s cloud computing platform Currently, Oracle supports... be architected as part of an enterprise backup infrastructure at significant expense and effort ■ Time to recovery Unlike offsited tapes, which must be ordered and loaded into libraries, RMAN backups to Amazon S3 are always online and available for recoveries ■ No third-party MML license costs The Oracle Secure Backup Cloud Module is licensed through Oracle and is priced per channel That means that... of your S3 buckets, where the OSB Cloud Module stores RMAN backups One popular such tool is a Firefox browser add-on called S3fox Using S3fox, you can browse the backup pieces RMAN stores in S3 Optimizing Backups and Recoveries over the Internet Using the OSB Cloud Module and Amazon S3 The effectiveness of backing up and restoring Oracle database backups over the Internet to Amazon S3 depends on a number... target, and on the Specify Oracle Secure Backup Target page, click the Add button and then enter the host: Step 22 Click Continue and enter the values shown here: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Chapter 5: Oracle Secure Backup Step 23 After clicking two OK buttons, you will see the Backup Storage Selectors page, shown at right Step 24 Click Return, and the... com/technology/software/tech/cloud/index.html RMAN Workshop: Installing OSB Cloud Module and Using It for OSB Backups Workshop Notes This workshop installs OSB Cloud Module and schedules an OSB Oracle database backup Step 1 Download and install OSB Cloud Module: [oracle@ lin32 distrib]$ ls l total 2428 rw r r 1 oracle oinstall 2480195 Jan 19 18:13 osbws installer.zip [oracle@ lin32 distrib]$ unzip osbws installer.zip Archive: osbws . Secure Backup 133 Oracle Database and File System Data Backup Using Oracle Secure Backup It is not possible to perform Oracle database backup and restore using. to schedule backup and restore jobs for Oracle database and file system data. RMAN Workshop: Schedule Oracle Database and File System Data Backups Workshop