Oracle Secure Backup administrative serverOracle Secure Backup clients NAS appliance Oracle database Oracle Secure Backup catalog Tape library Oracle Secure Backup media server Recovery
Trang 1Oracle Secure Backup administrative server
Oracle Secure Backup clients
NAS appliance
Oracle database
Oracle Secure Backup catalog
Tape library
Oracle Secure Backup media server
Recovery Manager
Recovery Manager
FIGURE 5-2 OSB administrative domain
Oracle database Tape
library
Recovery Manager
Offsite storage
Enterprise Manager Database Control Oracle Secure Backup
administrative server, media server, and client
Linux
Backup Restore
b o
Web browser Tape
FIGURE 5-3 OSB administrative domain with a single host
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 2Oracle Secure Backup Daemons
An administrative domain uses seven types of OSB daemons:
Service daemon This daemon runs on the administrative server, media server, and
client Access to OSB configuration data on the administrative server is provided by the service daemon It also runs jobs requested by the schedule daemon On a media server
or a client, the daemon handles membership in an administrative domain
Schedule daemon This runs only on the administrative server It is the OSB scheduler Index daemon This daemon runs only on the administrative server, to manage the
backup catalog It starts when a backup is completed or the catalog is accessed for restore or browsing operations
Apache web server daemon This runs only on the administrative server and provides
the Web tool interface
NDMP daemon This daemon runs on a media server and a client, and provides data
communication between them
Robot daemon This runs on a media server and manipulates tapes in a tape library The
service daemon starts one robot daemon for each tape library when a tape manipulation
is needed
Proxy daemon This daemon runs on a client to verify user access for SBT backup and
restore operations
Host Access Modes
Communicating to a host in an administrative domain is possible through two access modes:
Primary For primary access mode, OSB is installed on a host The access mode is used
by OSB daemons An Oracle database typically exists on a host accessed via this mode
In OEM, it is referred to as “native” access mode In OSB Web tool, it is called “OB” access mode
NDMP The Network Data Management Protocol host is a storage appliance provided
Trang 3These subdirectories each represent an object maintained by OSB For each object directory, OSB creates files describing the characteristics for the corresponding object
Only in rare circumstances would it be necessary to access the administrative database directly from the file system The OEM, Web tool, and obtool interfaces are commonly used to access catalogs and configuration data
Oracle Secure Backup Users and Classes
To enable OSB to maintain consistent user identities across the administrative domain, OSB saves information for OSB users, as well as their rights, on the administrative server
On the administrative server, each OSB user has an account and an encrypted password Using Web tool or obtool, operating system users may enter their username and password Using
an encrypted SSL connection, the client program transmits the password to the administrative server
The admin user is created by default during OSB installation on the administrative server Also during the installation, you can create the oracle user to back up and recover Oracle databases The installer assigns a random password to the oracle user Usually, it is unnecessary to log into OSB by using this user
Operating System Accounts
For OSB users, the namespace is distinct from the namespaces for Linux, Unix, and Microsoft Windows users Therefore, if you access a host in the administrative domain as, for example, the operating system user backup_usr, and if the OSB user in the domain is named backup_usr, these accounts will be managed separately, though the names are identical You may find it convenient
to create the OSB user with the same name and password as an operating system user
At the time you create an OSB user, you may associate the user with Unix and Microsoft Windows accounts Accounts of this type are used with an unprivileged backup, which is a backup that is not run with root privileges Privileged backup and restore operations use a client with root (Unix) or Local System (Microsoft Windows) permissions
/usr/local/oracle/backup Back up on a regular basis
admin Centralized on the administrative server
config
class
dataset default device family host schedule summary user
FIGURE 5-4 Administrative server directories
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 4If you were to create an OSB user named backup_usr and associate it with Unix account
ubackup_usr and Microsoft Windows account wbackup_usr, when backup_usr uses the backup
unprivileged command to back up a client, the jobs will run under the operating system account
associated with backup_usr Therefore, backup_usr is only able to back up files on a Unix client accessible to ubackup_usr, and able to back up files on a Microsoft Windows client accessible to wbackup_usr
With the “modify administrative domain’s configuration” right, you may configure the preauthorization attribute for an OSB user This right allows you to preauthorize operating system users to create RMAN backups or to access the OSB command-line utilities
NDMP Hosts
When setting up an OSB user account, you may configure user access to NDMP You may set up the host to use a user-defined text password, a null password, or the default NDMP password A password for an NDMP host is associated with the host, not the user You may configure a password authentication method such as MD5-encrypted or text
Oracle Secure Backup Rights and Classes
A defined set of rights granted to an OSB user is considered an OSB class Though similar to a Unix group, an OSB class has a finer granularity of access rights specific for the needs of OSB As shown in Figure 5-5, multiple users may be assigned to a class, while each user is a member of a single class
Trang 5These classes are important to understanding the rights of an OSB user:
admin Utilized for overall administration of a domain, it consists of all rights necessary
to change domain configurations and to complete backup and restore operations
monitor Does not allow users to receive e-mail notifications, change domain
configurations, or to complete backup and restore operations The users can only access backups, see information about storage devices and domain configuration, and list scheduled jobs
operator For standard day-to-day operations, it has no configuration rights, but consists
of all the rights needed for backup and restore operations This class allows the user to control and query the state of primary and secondary storage devices
oracle Much like the operator class, but with rights enabling the user to change Oracle
database configuration settings and to perform Oracle database backups Members of this class usually are OSB users mapped to operating system accounts of an Oracle database installation
reader Allows members to browse the OSB catalog Readers may modify only the name
and password for their OSB user accounts
user Assigned to users to allow them rights to interact in limited ways with their domains
This class allows users to browse their own data within the OSB catalog and to perform user-based restores
Installing and Configuring Oracle Secure Backup
OSB is available for delivery on CD-ROM or may be downloaded from the Oracle Technology Network (OTN) web site at the following address:
http://www.oracle.com/technology/products/secure-backup/index.htmlThe following are requirements for installing and configuring OSB:
Each host in the OSB administrative domain must run TCP/IP Static IP addresses should
be assigned to all hosts, or it should be ensured that the DHCP server always assigns the same IP address
There should be no duplicate host names in the OSB administrative domain, because index catalog data is based on the client host name
For Linux media servers, the SCSI Generic (SG) driver needs to be installed
Each node of a RAC cluster using OSB requires an installation of OSB
Trang 6RMAN Workshop: Install and Configure Oracle
Secure Backup
Workshop Notes
The following example uses the Linux operating system OSB is downloaded from OTN The recommended directory for the installation of OSB on Linux is /usr/local/oracle/backup To simplify the example, the administrative server, media server, and client are all installed on the same machine
Step 1 As the root user, check if the uncompress utility is installed on the system If it is not,
create a symbolic link pointing to the gunzip utility:
[root@lin32 ~]# uncompress -bash: uncompress: command not found [root@lin32 ~]# ln -s /bin/gunzip /bin/uncompress
Step 2 Create a directory for the download, and then issue the change directory command to
-rw-r r 1 root root 44866571 Jan 19 20:31 osb-10.3.0.1.0 linux32 release.zip [root@lin32 download]# unzip osb-10.3.0.1.0 linux32 release.zip
Archive: osb-10.3.0.1.0 linux32 release.zip creating: osb-10.3.0.1.0 linux32 cdrom090504/
extracting: osb-10.3.0.1.0 linux32 cdrom090504/OSB.10.3.0.1.0 LINUX32.rel creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/
creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/
creating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/css/
inflating: osb-10.3.0.1.0 linux32 cdrom090504/doc/dcommon/css/blafdoc.css
Trang 7Step 5 Issue the change directory command to the OSB destination and run setup:
[root@lin32 download]# cd /usr/local/oracle/backup/
[root@lin32 backup]# /root/download/osb-10.3.0.1.0 linux32 cdrom090504/setup
The following output is returned:
Welcome to Oracle’s setup program for Oracle Secure Backup This program loads Oracle Secure Backup software from the CD ROM to a filesystem directory of your choosing.
This CD ROM contains Oracle Secure Backup version 10.3.0.1.0 LINUX32.
Please wait a moment while I learn about this host done.
1 linux32 administrative server, media server, client Loading Oracle Secure Backup installation tools done.
Loading linux32 administrative server, media server, client done.
Oracle Secure Backup has installed a new obparameters file.
Your previous version has been saved as install/obparameters.savedbysetup.
Any changes you have made to the previous version must be made to the new obparameters file Would you like the opportunity to edit the obparameters file
Please answer 'yes' or 'no' [no]:
Step 6 Leaving the default parameters for now, press ENTER to choose the default answer The following output is returned:
Loading of Oracle Secure Backup software from CD ROM is complete.
You may unmount and remove the CD ROM.
Would you like to continue Oracle Secure Backup installation with 'installob' now? (The Oracle Secure Backup Installation Guide contains complete information about installob.)
Please answer 'yes' or 'no' [yes]:
Step 7 Again, press ENTER to choose the default answer The following output is returned:
Welcome to installob, Oracle Secure Backup’s installation program.
-For most questions, a default answer appears enclosed in square brackets Press Enter to select this answer.
Please wait a few seconds while I learn about this machine done.
Have you already reviewed and customized install/obparameters for your Oracle Secure Backup installation [yes]?
Step 8 Again, press ENTER to choose the default answer and to leave the default parameters The following output is returned:
Oracle Secure Backup is not yet installed on this machine.
-Oracle Secure Backup’s Web server has been loaded, but is not yet configured Choose from one of the following options The option you choose defines the software components to be installed.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 8Configuration of this host is required after installation completes.
You can install the software on this host in one of the following ways:
(a) administrative server, media server and client (b) media server and client
(c) client
If you are not sure which option to choose, please refer to the Oracle Secure Backup Installation Guide (a,b or c) [a]?
Step 9 You are going to install all three components of OSB on the same server, so again press
ENTER to choose the default answer The following output is returned:
Beginning the installation This will take just a minute and will produce several lines of informational output.
Installing Oracle Secure Backup on lin32 (Linux version 2.6.18-53.el5) You must now enter a password for the Oracle Secure Backup encryption key store Oracle suggests you choose a password of at least 8 characters in length,
containing a mixture of alphabetic and numeric characters.
Please enter the key store password:
Re-type password for verification:
Step 10 Enter the OSB encryption key twice The key is not displayed You will see the
following output:
You must now enter a password for the Oracle Secure Backup 'admin' user Oracle suggests you choose a password of at least 8 characters in length, containing a mixture of alphabetic and numeric characters.
Please enter the admin password:
Re-type password for verification:
Step 11 Enter the admin password twice The password is not displayed You will see the
following output:
You should now enter an email address for the Oracle Secure Backup 'admin' user Oracle Secure Backup uses this email address to send job summary reports and to notify the user when a job requires input If you leave this blank, you can set it later using the obtool’s 'chuser' command.
Please enter the admin email address:
Trang 9attach points as described in the 'ReadMe' and in the 'Installation and Configuration Guide'.
Is lin32 connected to any tape libraries that you’d like to use with Oracle Secure Backup [no]?
Is lin32 connected to any tape drives that you’d like to use with Oracle Secure Backup [no]?
Step 13 Since, in this example, you use a Linux system, answer “no,” as recommended by
Oracle, and configure the media server later The following summary is returned:
Installation summary:
Installation Host OS Driver OS Move Reboot Mode Name Name Installed? Required? Required? admin lin32 Linux no no no Oracle Secure Backup is now ready for your use.
The OSB administrative server, media server, and client are now installed The OSB Web tool
is used to configure the tape library and tape drives Let’s add the oracle user and a Database Backup Storage Selector to enable backup of an Oracle database
Step 14 Connect and log into the OSB Web tool using the https://<administrative server> link
as the admin user Go to the Configure page, click the Users link, click the Add button, and add the oracle user, as shown next:
Step 15 After the oracle user is added, click the Edit button, and change Preauthorized Access:
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 10Step 16 As a result, you will have the admin and oracle users:
Trang 11Step 17 Go to
Configure: Hosts, and make sure that the server has the mediaserver role,
as shown here
Step 18 To add a storage
selector, click the Database Backup Storage Selectors link
at the bottom of the Configure page, click Add, and fill in the fields, as shown in the illustration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 12Step 19 Click OK
and the storage will
be created, as shown
at right
Step 20 Now, let’s
configure OEM for OSB usage Connect to the database and go to the Availability tab in OEM
Click Backup Settings and go to the end of the page shown in this illustration
Trang 13Step 21 Click Configure to specify your OSB target, and on the Specify Oracle Secure Backup
Target page, click the Add button and then enter the host:
Step 22 Click Continue and enter the values shown here:
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 14Step 23 After clicking two OK
buttons, you will see the Backup Storage Selectors page, shown
at right
Step 24 Click Return, and the
OSB Server target is ready for backing up Oracle databases
to tape, as shown here in the illustration
The OSB administrative server is configured as an OEM target and can be managed
by OEM
Trang 15Step 25 Find the OSB server
on the All Target page in OEM, and click it to see what is shown here
Step 26 Click the Setup tab to
configure the OSB server The OSB devices can be configured
on the Devices page, as shown
in the illustration
If you click the Manage tab, file system data backup and restore jobs can be scheduled
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 16Oracle Database and File System Data Backup Using Oracle Secure Backup
It is not possible to perform Oracle database backup and restore using the OSB Web tool Therefore,
we recommend using OEM as a centralized interface to schedule backup and restore jobs for Oracle database and file system data
RMAN Workshop: Schedule Oracle Database and
File System Data Backups
Workshop Notes
This workshop schedules OSB Oracle database and file system data backups First, let’s take a full Oracle database backup
Step 1 Connect to the database, go to the Availability tab in OEM, and click Schedule Backup
Then, choose Whole Database and click Schedule Customized Backup On this page, you can choose different backup options Click Next, and on the Settings page, choose Tape, and click Next:
Trang 17Step 2 Choose
the job as a one-time job and review the scheduled job
Click Submit Job,
as shown here
Step 3 OEM will indicate that
the job has been submitted You can click View Job to see the status, as shown in the illustration
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 18Step 4 The executed job can be found on the Jobs tab:
Now, let’s take a backup of listener.ora file
Step 5 On the Manage page of OEM OSB Server, click Schedule Backup, and then choose
Specify Hosts, Directories and Files:
Trang 19Step 6 Add the listener
.ora file to be included in the backup, as shown at right
Step 7 Click Next, check
Privileged user to have the job run by the root user, and click Next again On the Specify Device Pool page, the tape device can be specified for the backup,
as the illustration shows
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 20Step 8 Click Next, select the job schedule, and click Next again Review the backup job:
Step 9 After the job is submitted, you can see the OEM confirmation The job execution status
can be seen on the Jobs page:
Trang 21Oracle Database Backup Using Oracle Secure Backup Cloud Module
OSB provides the ability to use storage clouds, such as Amazon S3, as offsite backup storage destinations To utilize Amazon S3 as backup storage, you need to sign up for Amazon S3 service and get the Access Key ID and the Secret Access Key After the access identifiers are collected, they can be used to configure OSB during the OSB Cloud Module installation The OSB Cloud Module install tool can be downloaded from OTN at the following address: http://www.oracle.com/technology/software/tech/cloud/index.html
RMAN Workshop: Installing OSB Cloud Module and
Using It for OSB Backups
Workshop Notes
This workshop installs OSB Cloud Module and schedules an OSB Oracle database backup
Step 1 Download and install OSB Cloud Module:
[oracle@lin32 distrib]$ ls l total 2428
rw r r 1 oracle oinstall 2480195 Jan 19 18:13 osbws installer.zip [oracle@lin32 distrib]$ unzip osbws installer.zip
Archive: osbws installer.zip inflating: osbws readme.txt inflating: osbws install.jar [oracle@lin32 distrib]$ vi osbws install.sh [oracle@lin32 distrib]$ cat osbws install.sh java jar osbws install.jar AWSID <Access Key ID> AWSKey <Secret Access Key>
otnUser alisher.yuldashev@<mail server>.com otnPass <OTN password> walletDir
$ORACLE HOME/dbs/osbws wallet [oracle@lin32 distrib]$ chmod u+x osbws install.sh [oracle@lin32 distrib]$ /osbws install.sh Oracle Secure Backup Database Web Service Install Tool OTN userid is valid.
AWS credentials are valid.
Creating new registration for this S3 user.
Created new log bucket.
Registration ID: <Registration ID>
S3 Logging Bucket: oracle log alisher 1 Validating log bucket location
Validating license file
Create credential oracle.security.client.connect string1 OSB web services wallet created in directory /u01/app/oracle/product/11.2.0/dbhome 1/dbs/ osbws wallet.
OSB web services initialization file /u01/app/oracle/product/11.2.0/dbhome 1/dbs/osbwsDB19TST ora created.
Step 2 Connect to the database, go to the Availability tab in OEM, and click Schedule Backup
Then, choose Whole Database and click Schedule Customized Backup We recommend you encrypt the backup to store it on offsite storage:
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 22Step 3 On the Settings page, choose Tape and click Next:
Trang 23Step 4 Choose the job as
a one-time job, review the scheduled job, and click Submit Job
Step 5 OEM will
show that the job has been submitted The executed job can be found on the Jobs tab,
as seen here
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Trang 24Oracle Secure Backup delivers high performance and secure data protection crucial for both offsite and local storage of mission-critical data Complete product support from Oracle Support Services, integration with Oracle Enterprise Manager, ability to use the Cloud as a next-generation offsite backup storage, and excellent pricing are only a few of the many reasons for employing OSB to meet your file system and Oracle database backup requirements For centralized backup tape management in mixed, distributed environments that provides a complete backup solution for the enterprise, OSB is a strong contender
Trang 25Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.