You are on page 1of 484

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY.

SHARING THE FILE IS STRICTLY PROHIBITED.

Volume I Student Guide

D57258GC10

Edition 1.0

March 2009

Part Number

Oracle University and (Oracle Corporation) use only.

Oracle Database 11g: Oracle


Secure Backup

Author

Copyright 2009, Oracle. All rights reserved.

Maria Billings

Disclaimer

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Christian Bauwens
Donna Cooksey
Gerlinde Frenzen
Steven Fried
Donna Keesling

This document contains proprietary information and is protected by copyright and


other intellectual property laws. You may copy and print this document solely for your
own use in an Oracle training course. The document may not be modified or altered in
any way. Except where your use constitutes "fair use" under copyright law, you may
not use, share, download, upload, copy, print, display, perform, reproduce, publish,
license, post, transmit, or distribute this document in whole or in part without the
express authorization of Oracle.
The information contained in this document is subject to change without notice. If you
find any problems in the document, please report them in writing to: Oracle University,
500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.

Isabelle Marchand
Judy Panock
Branislav Valny

Editor
Raj Kumar

Graphic Designer
Satish Bettegowda

Publisher
Syed Ali
Nita Brozowski

Restricted Rights Notice


If this documentation is delivered to the United States Government or anyone using
the documentation on behalf of the United States Government, the following notice is
applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Governments rights to use, modify, reproduce, release, perform, display, or
disclose these training materials are restricted by the terms of the applicable Oracle
license agreement and/or the applicable U.S. Government contract.
Trademark Notice
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other
names may be trademarks of their respective owners.

Oracle University and (Oracle Corporation) use only.

Technical Contributors
and Reviewers

Preface
I

Introduction to Oracle Database 11g: Oracle Secure Backup


Objectives I-2
Course Objectives I-3
Suggested Schedule I-4
The Product in Context I-5
Your Learning Aids I-6
Oracle Secure Backup Documentation I-7
Additional Resources I-8

Oracle Secure Backup Overview


Objectives 1-2
What Is Oracle Secure Backup? 1-3
Oracle Secure Backup Tape Backup Management 1-4
Tape Management and Integration with Oracle Products 1-5
The Integration Advantage 1-6
Client/Server Architecture Host Roles 1-7
Oracle Secure Backup Architecture 1-8
Oracle Secure Backup for Centralized Tape Backup Management 1-9
Typical SAN Environment 1-11
Oracle Secure Backup Interface Options 1-12
Media Concepts: Overview 1-13
Backup Pieces and Backup Images 1-14
RMAN and Oracle Secure Backup Overview 1-15
Oracle Secure Backup Media Family 1-16
Tape Drives and Libraries 1-17
Virtual Tape Library (VTL) 1-19
Managing Data to Be Protected 1-20
Securing Data and Access to the Backup Domain 1-21
Quiz 1-22
Why Use Oracle Secure Backup? 1-26
Summary 1-27

iii

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Contents

Installing Oracle Secure Backup


Objectives 2-2
Performing Preinstallation Tasks 2-3
Installation and Configuration of the Administrative Domain 2-4
Quiz 2-5
Performing Installation Tasks 2-9
Administrative Server Installation: Example 2-10
Wizard-Based Installation on Windows 2-16
Oracle Secure Backup Interfaces 2-17
Oracle Secure Backup Web Tool Home Page 2-18
Common Obtool Commands 2-19
Quiz 2-20
Summary 2-23
Practice 2 Overview: Installing and Configuring Oracle Secure Backup 2-24

Securing Domain and Data


Objectives 3-2
Managing User Access Control 3-3
Predefined Classes and User Rights 3-4
Configuring Oracle Secure Backup Users 3-7
Oracle Secure Backup User: OS Permissions 3-9
Preauthorization 3-11
Preauthorizing Access 3-12
Assigning Windows Account Information 3-13
Quiz 3-14
Authentication 3-16
Leveraging Oracle Security Technology 3-17
Administrative Server Certificate Authority (CA) 3-19
Oracle Wallets for OSB Intradomain Communication 3-21
Encrypted Backups to Tape 3-23
Oracle Secure Backup Encryption 3-24
Configuring Host Encryption Policies 3-25
Using OSB Encryption Keys 3-26
Transient Backup Encryption 3-27
Comparing OSB and RMAN Encryption 3-29
Quiz 3-30
Summary 3-34
Practice 3 Overview:
Configuring OSB Security 3-35

Configuring RMAN for Oracle Secure Backup

iv

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performing RMAN Backups and Restores


Objectives 5-2
Scheduling Backups with EM 5-3
Oracle-Suggested Backup 5-4
RMAN and OSB Process Flow 5-7
Oracle Secure Backup Jobs 5-8
RMAN and Oracle Secure Backup Job Execution 5-9
Managing Database Tape Backups 5-10
Performing Database Recovery 5-12
RMAN Automatic Failover to Previous Backup 5-13
Quiz 5-14
Summary 5-16
Practice 5 Overview: Performing OSB-Encrypted Backup and Restore 5-17

Backing Up File-System Data with Oracle Secure Backup


Objectives 6-2
Backing Up OS File Systems with Oracle Secure Backup 6-3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives 4-2
Oracle Database
Disk and Tape Backup Solution 4-3
Backing Up the Flash Recovery Area to Tape 4-4
Defining Retention for RMAN Backups 4-5
RMAN and Oracle Secure Backup Basic Process Flow 4-6
Integration with Enterprise Manager 4-7
Configuring the Administrative Server in EM 4-8
Oracle Secure Backup Administrative Server Page 4-9
RMAN Database Backup to Tape 4-10
Recovery Settings 4-11
Backup Settings 4-12
Database Backup Storage Selector 4-13
Defining Database Storage Selectors 4-15
Media Families and RMAN 4-16
Media Management Expiration Policies for Automated Tape Recycling 4-17
RMAN and Oracle Secure Backup 4-19
Media Management Expiration
Troubleshooting Technique 4-20
Quiz 4-21
Summary 4-25
Practice 4 Overview:
Configuring RMAN for OSB 4-26

Restoring File-System Backups with Oracle Secure Backup


Objectives 7-2
Browsing the Catalog for
File-System Backup Data 7-3
Restoring File-System Data 7-4
Restoring File-System Files with Oracle Secure Backup 7-5
The Restore Page 7-6
Listing All File-System Backups of a Client 7-7
Creating a Catalog-Based Restore Request 7-8
Submitting Restore Requests 7-12
Quiz 7-13
Summary 7-16
Practice 7 Overview: Restoring File-System Data 7-17

Managing Your Oracle Secure Backup Domain


Objectives 8-2
Oracle Secure Backup Processes: Daemons 8-3
Managing Common Daemon Operations 8-5
Quiz 8-6
Managing Defaults and Policies 8-7
Configuring Oracle Secure Backup Policies 8-8
Oracle Secure Backup: Backup Metadata Catalogs 8-9
Oracle Secure Backup: Directory Structure 8-11
Backing Up the Catalog 8-12
Manual Catalog Backup 8-13

vi

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

File-System Backups 6-4


Managing Media Families 6-5
Dataset Examples 6-6
Creating Datasets 6-9
Configuring Backup Windows 6-11
Creating Backup Schedules 6-13
Creating Backup Triggers 6-14
Previewing a Backup Trigger 6-16
Creating On-Demand Backup Requests 6-17
Submitting Backup Requests 6-19
Reviewing Jobs 6-20
Quiz 6-21
Summary 6-24
Practice 6 Overview:
Backing up File-System Data 6-25

Managing the OSB Infrastructure


Objectives 9-2
Managing Clients 9-3
Adding Media Servers 9-4
NAS Devices 9-6
Adding NDMP Media Servers 9-7
Adding Devices 9-8
Discovering Devices on NDMP Hosts 9-10
Managing Devices 9-11
Tape Library Properties 9-12
Tape Drive Properties 9-13
Managing Volumes 9-14
Quiz 9-16
Summary 9-27
Practice 9 Overview: Viewing OSB Management Tasks 9-28

10 Configuring and Using Tape Vaulting


Objectives 10-2
Overview of Vaulting 10-3
Configuring a New Vaulting Environment 10-5
Defining Media Storage Locations 10-6
Defining Rotation Policies and Rules 10-7
Defining Rotation Policies and Rules 10-8
Associating a Media Family with a Rotation Policy 10-9
Using the Vaulting Environment 10-11
Scheduling a Location Scan 10-12
Viewing Scan Control Jobs 10-13
Executing a Media Movement Job 10-14
Viewing Vaulting Reports 10-15
Troubleshooting Vaulting 10-16
Recovery Manager and Vaulting 10-17
Recalling a Tape Volume 10-18
Quiz 10-19
Summary 10-22
Practice 10 Overview: Configuring and Using Tape Vaulting 10-23
11 Configuring Tape Duplication

vii

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz 8-14
Summary 8-16
Practice 8 Overview: Performing a Preconfigured OSB Catalog Backup 8-17

12 Tuning Oracle Secure Backup


Objectives 12-2
Tuning Hardware 12-3
Tuning RMAN and Oracle Secure Backup 12-4
Tuning RMAN Software 12-6
Performance Factors 12-8
Tuning Oracle Secure Backup 12-11
Results of Tuning 12-12
Scalability of the Overall System 12-13
Quiz 12-14
Summary 12-18
Appendix A
Appendix B Oracle Secure Backup: Additional Topics
Objectives B-2
Encrypted Backups to Tape . B-3
Creating RMAN Encrypted Backups B-4
Using Transparent Mode Encryption B-5
Using Password Mode Encryption B-7
Using Dual Mode Encryption B-8
Restoring Encrypted Backups B-9
Performing Encrypted Recovery B-10
Comparing RMAN and OSB Encryption B-11
Oracle Secure Backup Jobs B-14
viii

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives 11-2
Media Management 11-3
Overview of Tape Duplication 11-4
Tape Duplication and Vaulting 11-5
Tape Duplication and Migration 11-6
Configuring and Using Volume Duplication 11-7
Configuring a Duplication Environment 11-8
Defining Volume Duplication Policies 11-9
Associating a Duplication Policy with a Media Family 11-10
Scheduling Volume Duplication 11-11
Executing Jobs 11-12
Quiz 11-13
Summary 11-15
Practice 11 Overview:
Viewing Media Life Cycle Demonstration 11-16

Appendix C Oracle Secure Backup Additional Installation Topics


Topics C-2
Windows Installation: Overview C-3
Oracle Secure Backup InstallShield Wizard C-4
Oracle Secure Backup Service Startup C-7
Service Logon and SCSI Devices C-8
Oracle Secure Backup Installed Files C-9
Installed Files for Host Role: Administrative Server C-13
Installed Files for Host Role: Media Server C-15
Installed Files for Host Role: Client C-16
Verifying Your Installation C-17
Removing Oracle Secure Backup C-18
Summary C-20
Appendix D Glossary
Index

ix

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Jobs B-16


Viewing Job Properties and Transcripts B-18
Troubleshooting Jobs B-20
Suspending and Resuming Job Dispatching B-21
Job Summaries B-23
Displaying Log Files and Transcripts B-24
Summary B-25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Preface

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Before you begin this course, you should be able to perform database backup and
restore operations in Enterprise Manager at least equivalent to the level of the
Oracle Database 11g: Administration Workshop I course, ideally equivalent to the
level of the Oracle Database 11g: Administration Workshop II course.
How This Course Is Organized
Oracle Database 11g: Oracle Secure Backup is an instructor-led course featuring
lectures and hands-on exercises. Online demonstrations and written practice
sessions reinforce the concepts and skills that are introduced.

Preface - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Profile
Before You Begin This Course

Title

Part Number

Oracle Secure Backup Installation and Configuration


Guide, Release 10.2

E05408-02

Oracle Secure Backup Administrators Guide,


Release 10.2

E05407-02

Oracle Secure Backup Reference, Release 10.2

E05410-02

Oracle Secure Backup Migration Guide, Release 10.2

E05409-01

Oracle Secure Backup Readme, Release 10.2

E05411-05

Oracle Secure Backup Licensing Information,


Release 10.2

E10310-02

Additional Publications
System release bulletins
Installation and users guides
read.me files
International Oracle Users Group (IOUG) articles
Oracle Magazine

Preface - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Related Publications
Oracle Publications

Typographic Conventions
The following two lists explain Oracle University typographical conventions for
words that appear within regular text or within code samples.

Convention

Object or Term

Example

Courier New

User input;
commands;
column, table, and
schema names;
functions;
PL/SQL objects;
paths

Use the SELECT command to view


information stored in the LAST_NAME
column of the EMPLOYEES table.
Enter 300.
Log in as scott

Initial cap

Triggers;
Assign a When-Validate-Item trigger to
user interface object the ORD block.
names, such as
button names
Click the Cancel button.

Italic

Titles of
courses and
manuals;
emphasized
words or phrases;
placeholders or
variables

For more information on the subject see


Oracle SQL Reference
Manual

Lesson or module
titles referenced
within a course

This subject is covered in Lesson 3,


Working with Objects.

Quotation marks

Do not save changes to the database.


Enter hostname, where
hostname is the host on which the
password is to be changed.

Preface - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

1. Typographic Conventions for Words Within Regular Text

Typographic Conventions (continued)

Convention

Object or Term

Example

Uppercase

Commands,
functions

SELECT employee_id
FROM employees;

Lowercase,
italic

Syntax variables

CREATE ROLE role;

Initial cap

Forms triggers

Form module: ORD


Trigger level: S_ITEM.QUANTITY
item
Trigger name: When-Validate-Item
. . .

Lowercase

Column names,
table names,
filenames,
PL/SQL objects

. . .
OG_ACTIVATE_LAYER
(OG_GET_LAYER ('prod_pie_layer'))
. . .
SELECT last_name
FROM
employees;

Bold

Text that must


be entered by a
user

CREATE USER scott


IDENTIFIED BY tiger;

Preface - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

2. Typographic Conventions for Words Within Code Samples

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Introduction to Oracle Database 11g:


Oracle Secure Backup

After completing this lesson, you should be able to describe:


The overall course objectives
The product in context
Your learning aids

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup I - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

After completing this course, you should be able to:


Install and manage Oracle Secure Backup (OSB)
Use Oracle Secure Backup and Recovery Manager (RMAN)
to create Oracle Database backup and restore operations
Use Oracle Secure Backup to create file-system backup and
restore operations
Manage the OSB environment:

Back up the OSB catalog


Manage OSB domain: Add client
Manage tape media (vaulting and duplication)
Tune OSB

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup I - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Course Objectives

Topic

Lessons

Day

Overview, Installation and Configuration

1, 2, 3, 4

File System Backup and Restore

6, 7

OSB Management (Core Tasks)

8, 9

10, 11, 12

Database Backup and Restore

Advanced OSB Management


(Tape Vaulting, Duplication and Tuning)

Copyright 2009, Oracle. All rights reserved.

Suggested Schedule
The lessons in this guide are arranged in the order in which you will probably study them in the class.
If your instructor teaches the class in the sequence in which the lessons are printed in this guide, the
class should run approximately as shown in the schedule. Your instructor, however, may vary the
sequence of the lessons for a number of reasons, including:
Customizing material for a specific audience
Splitting topics, such as backup and restore of the database
Maximizing the use of course resources (such as hardware and software)

Oracle Database 11g: Oracle Secure Backup I - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Suggested Schedule

Copyright 2009, Oracle. All rights reserved.

The Product in Context


Oracle Secure Backup is a product in the High Availability group of database options. It has its
own release cycle and version number, for example, Oracle Secure Backup 10.2 is the correct version
for Oracle Database 11g (Release 1).
Oracle Secure Backup provides the fastest, most efficient Oracle database backups to tape, as well as
heterogeneous file system protection.

Oracle Database 11g: Oracle Secure Backup I - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

The Product in Context

Related material:
Oracle by Example (OBE): OTN > Oracle Database 11g >
Availability > Oracle Secure Backup
Installing and Configuring Oracle Secure Backup 10.2
Performing Encrypted Backups with Oracle Secure Backup
10.2
Configuring Policy-Based Media Management with Oracle
Secure Backup 10.2

Viewlets or demonstrations accessible from the product


home page:
Media Lifecycle Management
Backup Encryption to Tape
And more to come

Copyright 2009, Oracle. All rights reserved.

Your Learning Aids:


OBEs show you step-by-step how to perform a specific task. They do not discuss why you need to
perform a task. It is assumed that you have your own technical environment to follow along.
Viewlets or demonstrations are generally a series of screenshots, displaying how a specific task is
accomplished.

Oracle Database 11g: Oracle Secure Backup I - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Your Learning Aids

Oracle Secure Backup Installation and Configuration Guide


Oracle Secure Backup Administrators Guide
Oracle Secure Backup Reference
Oracle Secure Backup Migration Guide
Oracle Secure Backup Readme
Oracle Secure Backup Licensing Information

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup I - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Documentation

To continue your learning:


Oracle Secure Backup home page
http://www.oracle.com/technology/products/secure-backup

High Availability home page


http://www.oracle.com/technology/deploy/availability

Oracle University (OU)


http://education.oracle.com

Oracle Technology Network (OTN)


http://www.oracle.com/technology

Oracle by Example (OBE)


http://www.oracle.com/technology/obe

My Oracle Support: OracleMetaLink


http://metalink.oracle.com
Copyright 2009, Oracle. All rights reserved.

Additional Resources
Product home pages on OTN provide you with a variety of information, which can include the latest
product updates, white papers, FAQs, and so on.
Oracle University offers different formats to best suit your needs:
Instructor-Led inClass Training
Live Web Class
Self-Study CD-ROMs
Oracle Technology Network is a free resource with information about the core Oracle software
products, including database and development tools. You can have access to:
Technology centers
Oracle Community, including user groups
Software downloads and code samples, and much more
My Oracle Support: Access to My Oracle Support is included as part of your annual support
maintenance fees. In addition to the most up-to-date technical information available, My Oracle
Support gives you access to:
Service requests (SRs)
Certification matrixes
Technical forums monitored by Oracle experts
Software patches
Bug reports
Oracle Database 11g: Oracle Secure Backup I - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Additional Resources

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Oracle Secure Backup Overview

After completing this lesson, you should be able to:


Describe how Oracle Secure Backup complements the
Oracle backup and recovery options
Define Oracle Secure Backup terminology
Describe Oracle Secure Backup interface options
Describe backup management features of Oracle Secure
Backup

Copyright 2009, Oracle. All rights reserved.

For More Information


http://www.oracle.com/technology/deploy/availability
http://www.oracle.com/technology/products/secure-backup
Oracle Secure Backup Administrators Guide
Oracle Secure Backup Reference

Oracle Database 11g: Oracle Secure Backup 1 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

What Is Oracle Secure Backup?


Centralized tape backup management software:
Managing data protection for diverse, distributed servers and
tape devices
Client/server architecture for backing up and restoring data
locally or over the LAN, WAN, or SAN

Oracle Secure Backup features:


Tape backup management for entire Oracle environment,
including file systems and the Oracle database
Policy-based backup management
Secure data protection and interdomain communication
Effective media and device management
Broad tape device and platform support

Copyright 2009, Oracle. All rights reserved.

What Is Oracle Secure Backup?


Oracle Secure Backup is centralized tape management software. It enables reliable data
protection to tape, and supports the major tape drives and libraries in SAN, Gigabit Ethernet
(GbE), and SCSI environments.
Oracle Secure Backup enables you to do the following:
Back up and restore data using a variety of machine architectures.
Access local and remote file systems and devices from any location in a network without
using Network File System (NFS) or Common Internet File System (CIFS) protocols.
Back up to and restore from Oracle Cluster File System (OCFS) on Linux and Windows
Use wildcards and exclusion lists to specify what you want to back up.
Control secondary storage-based data recording format and compression.
Duplex database backups (back up the same files to multiple devices). Each data stream
automatically goes to a separate device.
Perform full, incremental, or differential backups.
Maintain security and limit the users who are authorized to perform data management
operations.
Support most popular tape drives and libraries.

Oracle Database 11g: Oracle Secure Backup 1 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle databases

File-system data
UNIX

Integration with
RMAN

Windows

Highest levels of tape


data protection at the
lowest cost

Fastest, most efficient


Oracle database tape
backup

Protection of entire
Oracle environment
including Oracle
application files

Oracle integrated product

Linux
NAS

Oracle Secure Backup


Centralized tape backup system

Tape
Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Tape Backup Management


Business background: The increased demands on the enterprise backup infrastructure require
more rigorous service-level agreements for backup windows and restoration time, while
achieving reliable data protection within budget. The tape technology meets this challenge by
offering high-speed devices and high-capacity media with a throughput similar to that of a disk
(generally, at a high cost). Oracle Secure Backup addresses this issue by providing centralized
tape backup management for the Oracle database and file systems in mixed, diverse
environments, thus reducing the cost and complexity of tape backup and restoration.
The graphic shows that Oracle databases are integrated via RMAN with Oracle Secure Backup
(OSB) and that UNIX, Linux, Windows and Network Attached Storage (NAS) directly use OSB.

Oracle Database 11g: Oracle Secure Backup 1 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup


Tape Backup Management

Oracle Application Server


configuration files
Oracle database:
Version Oracle9i and later
Real Application Clusters
File-system data:
Oracle home installations
Other nondatabase data

Oracle Secure
Backup
Centralized
tape backup
management
Tape
library

Copyright 2009, Oracle. All rights reserved.

Tape Management and Integration with Oracle Products


Some of the many options available for protecting your Oracle data are backing up solely to
disk, backing up to disk as a staging area for tape backups, or backing up directly to tape. Disk
backup and restore operations are generally faster than the equivalent tape operations. However,
tape backups provide some advantages for long-term backup requirements, such as off-site
storage and portability, which allow you to move backups from one data center to another.
Oracle Secure Backup provides tape backup management for all your files relating to Oracle
products, including:
Oracle database backups stored on tape through integration with Recovery Manager
Seamless support of Oracle Real Application Clusters (RAC)
Support for Oracle Cluster File System (OCFS) and Automatic Storage Management
(ASM)
Central administration of distributed clients and media servers including:
- Oracle Application Server
- Oracle Collaboration Suite
- Oracle home and binaries
Note: Oracle Secure Backup has its own release cycle and version numbers; for example, Oracle
Secure Backup 10.2 is the correct version for Oracle Database 11g (Release 1).

Oracle Database 11g: Oracle Secure Backup 1 - 5

Oracle University and (Oracle Corporation) use only.

Oracle Beehive configuration files


Backup and restore

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Management and


Integration with Oracle Products

The Integration Advantage


Key benefits of RMAN and Oracle Secure Backup
integration:
Exclusive support of RMAN backup encryption to tape
Faster, more reliable database backups to tape
Single technical support resource, expediting problem
resolution

Enterprise Manager integration exclusive to OSB


Familiar interface for Oracle customers, reducing any
learning curves associated with other products
Management of the entire Oracle database backup and
recovery from disk (Flash Recovery Area) to tape

Advanced, effective security based on proven Oracle


technology
Copyright 2009, Oracle. All rights reserved.

The Integration Advantage


This slide summarizes key benefits of RMAN and Oracle Secure Backup integration over other
third-party media management libraries.
Details about the security technology are:
Secure Sockets Layer (SSL) implementation
Embedded Oracle wallets

Oracle Database 11g: Oracle Secure Backup 1 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.


Administrative
server

N
E
T
W
O
R
K

Maintains
configuration settings
and backup history
catalog

Oracle Secure
Backup catalog

Media
server

Administrative server

Media server
Transfers data to or
from attached
devices

Client
Contains data to be
backed up

Client
Data to
backup

Copyright 2009, Oracle. All rights reserved.

Client/Server Architecture Host Roles


To configure Oracle Secure Backup, you must define an administrative domain. An
administrative domain is a group of machines on your network that you manage as a common
unit to perform backup and restore operations. An administrative domain has one administrative
server, one or more clients, and one or more media servers.
The administrative server is a machine in your administrative domain that contains a full
installation of the Oracle Secure Backup software. This host maintains the backup catalog
files and other files for configuration settings and administrative data. The administrative
server runs the scheduler, which starts and monitors jobs within the administrative domain.
You need one administrative server for each administrative domain at your site. To
configure an administrative server, choose an administrative server installation when
installing Oracle Secure Backup on the host.
A media server is a machine that has one or more secondary storage devices, such as a
tape library, connected to it. A media server transfers data to and from its attached storage
devices. During installation, you can configure multiple secondary storage devices on
media servers.
A client is a machine whose locally accessed data is backed up by Oracle Secure Backup.
Most of the machines defined within the administrative domain are clients.

Oracle Database 11g: Oracle Secure Backup 1 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Client/Server Architecture
Host Roles

Client

Administrative server

Media server

obscheduled
observiced

observiced

observiced

obhttpd

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Architecture


The Oracle Secure Backup Architecture includes:
Oracle Secure Backup catalog, a directory structure with host-specific subdirectories. This
means the contents vary depending on the roles you assign to the host. An administrative
server has the central catalog with configuration and metadata.
Daemons (or services), which are processes, that run in the background and perform OSB
operations on behalf of an application
Some daemons run continually; others run only to perform specific work and then exit when the
work is completed. The Oracle Secure Backup daemons actively participate in managing backup
and restore operations:

obscheduled daemon: This daemon initiates scheduled events and manages jobs.

observiced daemon: On the administrative server, this daemon runs jobs (such as
backup and restore operations) at the request of the obscheduled daemon.
Apache Web server daemon (obhttpd): This daemon provides the Web tool GUI for
Oracle Secure Backup.

Oracle Database 11g: Oracle Secure Backup 1 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Architecture

NAS

UNIX or
Windows
Linux
Heterogeneous
clients backed up
over the network

Oracle Secure Backup


administrative server

LAN
Media
servers
locally
backed up

OSB Cloud
module
Oracle
Database

Oracle Secure Backup


Administrative Domain

Tape
Library

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup for Centralized Tape Backup Management


The Oracle Secure Backup software offers centralized backup management of heterogeneous
clients and servers by storing the backup and configuration data in a central repository called the
Oracle Secure Backup administrative server. The administrative server contains a consolidated
backup catalog, providing a single location for managing backup policies, scheduling backups
for multiple platforms, and managing local and remote tape devices. The configured machines
and devices managed by an administrative server make up the Oracle Secure Backup
administrative domain, as shown in the slide.
The Oracle Secure Backup tape management system minimizes the complexity of managing
diverse architectures by offering:
Flexible tape device configuration with options for single- and multihosted tape libraries
Support for major tape libraries and tape drives in GbE and SCSI environments
Client/server architecture providing centralized administration of distributed media servers
over a local area network (LAN) or wide area network (WAN)

Oracle Database 11g: Oracle Secure Backup 1 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup for


Centralized Tape Backup Management

Oracle Database 11g: Oracle Secure Backup 1 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup for Centralized Tape Backup Management (continued)


The Storage Cloud enables users to take advantage of the virtually unlimited pool of computing
resources and storage over the Internet (the Cloud). Unlike the traditional IT setup, users have
little insight or control over the underlying infrastructure. Their interaction with the Cloud is
primarily governed through an abstracted interface provided by the Cloud vendor. The Cloud is
essentially disk storage.
With the Oracle Secure Backup Cloud module, it is possible to send the local disk backups of
the Oracle database directly to a storage cloud for off-site storage purposes. Amazon S3 is the
first Cloud vendor that Oracle has partnered with, to enable database backup in the Cloud. This
functionality may be extended to more Cloud platforms or vendors in the future.
Backup and recovery from the Cloud is performed by RMAN. OSB 10.2 cannot back up to disk.
So, OSB 10.2 does not have an explicit integration with the Cloud. RMAN backup encryption
and advanced compression technologies may be used for Cloud backup strategies.

LAN

Administrative
server
SAN

Oracle Secure Backup:


Dynamically shares tape drives
attached to the Storage Area
Network (SAN)
Manages any resource
contention

Fibre
connectivity

Oracle
Database

Tape devices

Copyright 2009, Oracle. All rights reserved.

Typical SAN Environment


Oracle Secure Backup supports Storage Area Network (SAN) environments. The slide depicts a
typical SAN environment where one or more servers are attached to the SAN along with one or
more tape devices. Each of the tape devices attached to the SAN appears local to the servers
using SAN. Clients within the administrative domain are backed up over the network to the tape
devices on the configured media servers.
Oracle Secure Backup automatically manages resource contention for tape drives within the
SAN. During a backup or restore operation, a server engages a tape drive, thereby making it
temporarily unavailable to other servers. When the operation completes, the tape drive is again
available for use by any of the servers using SAN, as permitted by your configuration.
When configuring tape devices, you are asked to configure attachments, where each attachment
describes a data path between the host and the device itself. A device must have at least one
attachment. In a SAN environment, a tape device may have multiple attachments, one for each
host that can access the device.
The Fibre fabric and switches within the SAN are transparent to Oracle Secure Backup.
Therefore, SAN interoperability becomes important at the hardware level. When configuring a
SAN, it is recommended to confirm that the hardware components have been tested and certified
to work together.
Oracle Database 11g: Oracle Secure Backup 1 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Typical SAN Environment

EM

RMAN

Web tool

SBT

Database
operations

Oracle
Secure
Backup

obtool

File-system
operations

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Interface Options


As shown in the slide, you can access Oracle Secure Backup in four different ways depending on
what you want to do:
Enterprise Manager provides a graphical interface to Oracle Secure Backup for users who
elect to perform database backup and restore operations through integration with RMAN.
You can also perform administrative tasks such as managing media and devices within the
Oracle Secure Backup administrative domain. The Enterprise Manager console includes a
link to the Oracle Secure Backup Web tool for performing file-system backup and restore
operations.
Use RMAN to back up your databases directly to tape. RMAN can be accessed either
through the RMAN executable or through EM. RMAN communicates with Oracle Secure
Backup through the system backup to tape (SBT) interface.
The Web tool is a GUI application that enables you to configure administrative domains,
manage operations, browse the backup catalog, and back up and restore data. It provides a
graphical and interactive interface to access the obtool utility. You should use this interface
when making backups of file-system data.
The obtool utility provides a command-line interface to Oracle Secure Backup. This
interface gives you the same functionalities as the GUI interface.

Oracle Database 11g: Oracle Secure Backup 1 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Interface Options

Media Concepts: Overview

Volume set
Volume

Volume

Backup image
Product of a backup operation
Product of a backup operation
Physical tape

Physical tape

Set of tapes containing backup images


Set of volumes with common characteristics

Copyright 2009, Oracle. All rights reserved.

Media Concepts: Overview


Oracle Secure Backup organizes the backups it creates in a simple hierarchy, which comprises
the following logical concepts:
A backup image is the product of a backup operation. A backup image is a file that
consists of one or more backup sections. A backup image can be contained within a single
volume or it can span multiple volumes. The part of a backup image that fits on a single
volume is called a backup section.
A volume is a single unit of media such as an LTO-3 tape. It can store many backup
images.
A volume set is a group of one or more volumes that contain a complete backup image.
A media family is a named classification of volumes that share some common attributes,
such as the volume naming method, the policies used for writing data to volumes, and the
length of time volumes are retained in the media family.
When you back up files using Oracle Secure Backup, you generate a volume set that has some
common characteristics defined by the media family that you have associated with your backup
operation.

Oracle Database 11g: Oracle Secure Backup 1 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Media family

RMAN backup set


Oracle
database
files

RMAN
backup
piece

Backup
image

RMAN
backup
piece

Backup
image

Oracle Secure Backup images

Copyright 2009, Oracle. All rights reserved.

Backup Pieces and Backup Images


The backup of an Oracle database, created by RMAN, results in a backup set (an RMANspecific logical structure), which contains at least one backup piece (an RMAN-specific physical
file containing the backed up data).
Oracle Secure Backup backs up and maintains backup metadata for each RMAN backup piece
written to tape within its own catalog. You can browse backup pieces with the obtool commandline or Oracle Secure Backup Web tool.
Note: Use RMAN for the management of RMAN backup pieces.
If you manage the backup pieces stored on tape by using Oracle Secure Backup utilities instead
of RMAN, the Oracle Secure Backup catalog and the RMAN repository can become
unsynchronized. The best practice is for backup pieces to be updated through RMAN, not
manually by the use of Oracle Secure Backup.

Oracle Database 11g: Oracle Secure Backup 1 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Backup Pieces and Backup Images

RMAN and Oracle Secure Backup Overview

Data file 1

BACKUP
AS COPY

RMAN

OSB

Image
copy

Backup
image

BACKUP AS
BACKUPSET

Data file 2

Backup
piece

(filesperset 3)

Backup
image

Library
Media family
Volume set
Volume

Volume

Backup
image
section

Backup
image
section

Volume

Volume

Backup
image
section

Backup
image
section

Volume
Backup
image
section

Volume

Data file 3
Backup
piece
Backup
image

Data file 4

Backup set
File-system
file

Backup
image
section

Backup
image

Media family
...

Copyright 2009, Oracle. All rights reserved.

RMAN and Oracle Secure Backup Overview


This slide combines the previously discussed concepts into one overview. On the left side it
shows data files on the OS level, how they relate to RMAN image copies and backup pieces, and
how these relate to OSB backup images. File-system files, which of course do not have and
RMAN equivalent, relate directly to OSB backup images.
The right side depicts that OSB backup images are stored as backup image section on a volume,
within a volume set, which belongs to a media family in a tape library.

Oracle Database 11g: Oracle Secure Backup 1 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

OS

Oracle Secure Backup Media Family


A named classification of volumes that share the same:
Volume identification sequence
Write-allowed period
Expiration policy (either content- or time-managed)

Used to classify and characterize backup types


Commonly associated with backup levels, which generally
correspond to retention times, such as:
Full
Incremental
Archive log

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Media Family


Media families provide a way to establish write periods and retention policies for data backed up
to various kinds of tapes. You can, for example, establish a media family for all of your backups
that remain on-site, a separate media family for your backups that are to be stored off-site.
A media family is a classification of backup media that share the same:
Volume identification sequence: The volume ID consists of a fixed portion, followed by
a sequence number assigned and updated by Oracle Secure Backup. When you create a
media family, you specify how to generate volume IDs that become part of the volume
label.
Write window: The beginning of the write window is the time at which Oracle Secure
Backup first writes to a volume in the volume set. The write window is a user-specified
time interval that applies to all volumes in the set. Oracle Secure Backup continues to
append backups to the volume set until the end of this interval. When the write window
closes, Oracle Secure Backup does not allow further updates to the volume set until it
expires or is relabeled, reused, unlabeled, or overwritten.
Expiration policy: When a volume set expires, Oracle Secure Backup automatically
considers each volume in the set eligible to be overwritten. A media family is either
content managed (default) or time managed. These two policies are mutually exclusive.

Oracle Database 11g: Oracle Secure Backup 1 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

mainlib

Tape library
robotics move
tapes between
drives and slots.

Storage elements
(slots) store
tapes.

Tape library
Robotic control
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________

Barcode reader
scans labels on
cartridges.

maintd1

maintd2

maintd3

Type of tape drive


refers to its tape
format such as
LTO-3 or
SDLT600.

Device connectivity varies by device:


SCSI, Fibre, and iSCSI
Copyright 2009, Oracle. All rights reserved.

Tape Drives and Libraries


Oracle Secure Backup maintains information about secondary storage devices, tape libraries,
and tape drives, so they can be used for local and network backup and restore operations. These
devices are easily configured during the installation process, or a new device can be easily added
to an existing Oracle Secure Backup environment.
Each tape drive and tape library is uniquely identified within an Oracle Secure Backup
administrative domain by a user-defined name (for example, mainlib and maintd1).
Because Oracle Secure Backup manages tape drive operations, it must explicitly be able to
identify the tape drive as well as understand if the tape drive is housed within a tape library.
Oracle Secure Backup must further determine which tape slots (storage elements) are available
for storing tapes when they are not loaded in a tape drive.
Before you can use tape drives or tape libraries with Oracle Secure Backup, you must add the
device to the administrative domain. Oracle Secure Backup maintains a distinction between a
device and the means by which the device is connected to a host. Each device you configure can
have one or more attachments, where each attachment describes a data path between a host and
the device itself. Most often, an attachment includes the identity of a host plus a UNIX device
special file name, a Windows device name, or NAS device name. In rare cases, additional
information is needed to complete the attachment definition.

Oracle Database 11g: Oracle Secure Backup 1 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Drives and Libraries

When a device is attached to multiple hosts, Oracle Secure Backup automatically manages
contention for the device so that only one host is permitted access to it at any time. For example,
SAN-attached devices often have multiple attachments, one for each host that has local access to
the device through its Fibre channel interface.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Drives and Libraries (continued)


A Fibre channelattached tape drive or tape library often has multiple attachments, one for each
host that can directly access it.

Oracle Database 11g: Oracle Secure Backup 1 - 18

Virtual Tape Library (VTL)


Providing the performance advantages of disk backup
Disk appliances, emulating tape libraries and drives
Most popular virtual tape libraries supported by Oracle
Secure Backup
See Tape Device compatibility guide on Oracle Technology
Network)

Increasingly adopted into IT environments


Seamless deployment without changing backup
infrastructure
Flexible configuration with user-defined options for number
and type of tape emulation

Attached to the network or servers, depending on the


manufacturer

Copyright 2009, Oracle. All rights reserved.

Virtual Tape Library (VTL)


A virtual tape library leverages traditional tape backup with disk technology to create an
optimized backup and recovery infrastructure. Tape emulation software on the disk appliance
emulates popular tape devices and formats. Because VTLs identify themselves as tape
equipment, for the backup software, they appear identical to the actual tape device that is
emulated.
VTLs offer the performance advantages of disk backup and they may be seamlessly deployed in
a system environment, without changing the backup infrastructure.
Note: In this class (where physical tape devices are not available), you use virtual test devices to
practice Oracle Secure Backup operations. These virtual test devices are not supported in
production use and are different from the commercially sold VTLs.
For a list of supported VTLs, refer to Certify on My Oracle Support.

Oracle Database 11g: Oracle Secure Backup 1 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Database

File-System Data

Defining what data to


back up

RMAN backup sets

User-defined datasets:
based on hosts, files, or
directories

Backup options

Use RMAN backup


levels: full and
incremental

Multilevel backups: full,


incremental, or off-site

Frequency of backups

Recurring or immediate
backups scheduled
using Enterprise
Manager

Flexible date/time calendar


based scheduling
On-demand backups

Copyright 2009, Oracle. All rights reserved.

Managing Data to Be Protected


Managing the backup infrastructure of file-system data and Oracle database data is easily
administered with Oracle Secure Backup and RMAN. Defining what data to back up is
conceptually similar for file-system and database data. Both require that you, the user, define
what to include in the backup. For the database, you use the RMAN backups sets created using
RMAN or Enterprise Manager. For file systems, Oracle Secure Backup uses datasets. Use the
Oracle Secure Backup Web tool to define file-system datasets.
After defining what data to back up, you must determine what type of backup is most
appropriate to meet your backup and restore requirements. Oracle Secure Backup offers multiple
backup levels for file-system backups including full backup levels, multiple incremental levels,
and an off-site backup level. The off-site level is actually a full backup performed without
interfering with any incremental backup strategies. Oracle Secure Backup also provides flexible
scheduling options that enable you to determine ongoing backup schedules based on the day and
time granularity. For the Oracle database, RMAN offers full and incremental backup levels that
are backed up to tape by Oracle Secure Backup.
After you have defined what, how, and how often to back up your data through scheduling,
Oracle Secure Backup can automatically implement your backup schedules, only requiring
manual intervention for hardware errors or media needs.

Oracle Database 11g: Oracle Secure Backup 1 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Data to Be Protected

Securing Data and Access to the Backup Domain


User-level access control
Users assigned to a set of privileges, called classes
Consistent user identity mapping OS privileges to Oracle
Secure Backup user, called preauthorized access

Host authentication

Two-way server authentication

Encryption
Oracle Secure Backup encryption for data in transport and
on tape
For database backups: choice of RMAN and OSB encryption
For file-system backups: OSB encryption

Copyright 2009, Oracle. All rights reserved.

Securing Data and Access to the Backup Domain


Access Control
To access the Oracle Secure Backup software, you must enter a username and password or use
preauthorization. Each Oracle Secure Backup user is assigned to a class, which defines the
actions that are permitted for that user.
Host Authentication
All hosts in the administrative domain use SSL and X.509 certificates for identity verification
and authentication. Sensitive data is encrypted before transmittal over the network.
The Web server requires a signed X.509 certificate and associated public and private keys to
establish an SSL connection with a client browser. The X.509 certificate for the Web server is
self-signed by the installation script when you install OSB on the administrative server.
Note: Currently, the Network Data Management Protocol (NDMP) does not include a
mechanism to accommodate the negotiation of an SSL connection to NDMP filers.
Encryption
For your database backups, you have a choice of RMAN and OSB encryption; for your filesystem backups, use OSB encryption.

Oracle Database 11g: Oracle Secure Backup 1 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

The best way to manage Oracle backup pieces when your


configuration includes Oracle Secure Backup (OSB) is with:
1. OSB
2. RMAN
3. OSB or RMAN
4. RMAN or SQL

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 1 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which interfaces may be used to back up and restore filesystem data:


1. obtool
2. RMAN
3. Enterprise Manager
4. Web tool

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 4

Oracle Database 11g: Oracle Secure Backup 1 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

During a backup or restore operation, a server engages a tape


drive; but the tape drive is available at the same time for use by
any of the servers on the SAN as permitted by your
configuration.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 1 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which of the following statements is true? - You can assign to a


single host:
1. The role of administrative server
2. The role of media server
3. The role of OSB client
4. All three roles

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2, 3, 4

Oracle Database 11g: Oracle Secure Backup 1 - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Why Use Oracle Secure Backup?


Intelligent integration with RMAN delivering the best
performance and security for database backups
Backup encryption performed with Oracle database
Faster, smaller backups protecting only used blocks

Scalable, low-cost per-tape drive pricing


Substantial cost savings over the competition
Unlimited clients, servers, and NAS

Single technical support resource for entire backup


solution expedites problem resolution
Reliable, centralized backup management for entire Oracle
environment

Copyright 2009, Oracle. All rights reserved.

Why Use Oracle Secure Backup?


Since Oracle 8.0, RMAN is the recommended backup utility for the Oracle database. It is
known for reliable, automated, online protection of data to disk, and is integrated with
numerous third-party media management products for backups to tape. Oracle Secure
Backup provides an alternative to expensive, third-party tape backup utilities by providing
the media management layer for RMAN tape utilization.
Oracle Secure Backup increases customer return on investment by providing end-to-end
tape data protection for your Oracle environment at a fraction of the cost of other tape
products.
Oracle Secure Backup exclusively provides RMAN encrypted backup to tape.
To deliver the fastest database tape backup, Oracle Secure Backup backs up only used
blocks (from Oracle Database 10.2.0.2 and later). This process makes the backups faster
and smaller, which also saves space on tape.
Oracle Secure Backup (as part of the Oracle technology stack) offers a single-vendor
technical resource for complete Oracle database protection. The Oracle Secure Backup
installation automatically links the SBT libraries for RMAN tape backups.

Oracle Database 11g: Oracle Secure Backup 1 - 26

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

In this lesson, you should have learned how to:


Describe how Oracle Secure Backup complements the
Oracle backup and recovery options
Define Oracle Secure Backup terminology
Describe Oracle Secure Backup interface options
Describe backup management features of Oracle Secure
Backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 1 - 27

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Installing Oracle Secure Backup

After completing this lesson, you should be able to:


Decide on the structure of your administrative domain
Perform preinstallation tasks
Install Oracle Secure Backup on Linux

Copyright 2009, Oracle. All rights reserved.

For More Information


Oracle Secure Backup Installation and Configuration Guide
For supported tape devices, see http://www.oracle.com/technology/products/secure-backup.
For supported Web browser, platform and NAS devices, see Oracles certification matrix on My
Oracle Support.

Oracle Database 11g: Oracle Secure Backup 2 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Performing Preinstallation Tasks


Confirm that your planned environment is supported.
Tape device support matrix on OTN
Platform support on Certify on metalink.oracle.com

Plan disk space for Oracle Secure Backup.


Obtain Oracle Secure Backup software via OTN download
or CD.
Plan your administrative domain-that is, determine which
host will be the administrative server, which the media
server(s) and which the client(s).
Obtain SCSI device information (UNIX and Linux).

Copyright 2009, Oracle. All rights reserved.

Performing Preinstallation Tasks


There is no required sequence between the preinstallation tasks.
Check the supported device list on OTN to confirm that your environment is supported:
Platform support by host role
Tape library and tape drive support
Connectivity support
Each host that participates in an Oracle Secure Backup administrative domain must have a network
connection and run TCP/IP. Oracle Secure Backup uses this protocol for all inter- and intra-server
communication between its own and other system components.
Each appliance that employs a closed operating system, such as Network Attached Storage (NAS)
and tape servers, is backed up using NDMP. This protocol enables Oracle Secure Backup to access
primary and secondary storage controlled by the appliance.
Each host that participates in an Oracle Secure Backup administrative domain must also have some
preconfigured way to resolve a host name to an IP address. Most systems use one of the name
resolution mechanisms: Domain Name Service (DNS), Network Information Service (NIS),
Windows Internet Name Service (WINS), or a local hosts file to do this. Oracle Secure Backup
does not require a specific mechanism. Oracle Secure Backup requires only that, upon presenting the
underlying system software with an IP address you have configured, it obtains an IP address
corresponding to that name.
Oracle Database 11g: Oracle Secure Backup 2 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

The graphic makes a distinction between the original software


OTN
CD-ROM
installation,
which
includes the mandatory configuration of the
administrative server, and later configurations of media and
client host roles. It also shows that tape drives and libraries can
1. Software
2. Configure additional hosts and
be added
at any point in time.
installation

tape devices

Administrative
server
Media
server

Media
server

Client

Tape drives
and libraries

Client

Copyright 2009, Oracle. All rights reserved.

Installation and Configuration of the Administrative Domain


The installation and configuration of your administrative domain includes the following:
Install the Oracle Secure Backup software itself on each of your hosts except NDMP-enabled
hosts such as NAS filers.
Define your administrative domain on the administrative server. This step involves defining all
media servers, clients, and NAS filers.
When installing a media server, Oracle Secure Backup device attachments are created as part of
the device driver installation process. These attachments are used during the device definition.
Make the administrative server aware of the tape devices that exist in your administrative
domain. On each defined media servers, you configure the directly attached SCSI and Fibre
Channel devices (tape libraries and tape drives). If you use a NAS filer with attached tape
libraries and tape drives, you can use Oracle Secure Backup commands to discover these
devices; this allows Oracle Secure Backup to recognize and communicate with the NASattached devices.

Oracle Database 11g: Oracle Secure Backup 2 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Installation and Configuration of


the Administrative Domain

The host that you use to initiate and manage backup and restore jobs
should have the role of administrative server.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 2 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

You have hosts in your network with data that needs to be backed up.
Assign these hosts the role of:
1. Administrative server
2. OSB client
3. Media server

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 2 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

You should assign hosts, which have tape or other secondary storage
devices attached to them, the role of media server.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 2 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 2 - 8

Oracle University and (Oracle Corporation) use only.

Quiz

A single host can NEVER serve all roles.


1. True
2. False

Performing Installation Tasks

2. Create an Oracle Secure Backup home directory.


3. Change your directory to the <OSB_Home> directory.
4. Run the setup program from your <OSB_Home> directory
and respond to the prompts.
[stage] $ su
Password:
[stage]# mkdir -p /usr/local/oracle/backup
[stage]# cd /usr/local/oracle/backup
[backup]# /stage/osb_installmedia/setup

Copyright 2009, Oracle. All rights reserved.

Performing Installation Tasks


The recommended directory for installing the Oracle Secure Backup software is
/usr/local/oracle/backup. You can install the software in a different directory, if desired.
However, then the printed and online documentation for Oracle Secure Backup may not agree with
your actual commands, output, and GUI screens. For users new to Oracle Secure Backup, this can
add an unwanted layer of confusion.
In this course, you use the default directory /usr/local/oracle/backup as OSB_Home.
Note: There is no default OSB_Home environment variable, which is used to refer to this
directory, unlike the ORACLE_HOME variable used with Oracle Database installations.
After your OSB_Home directory is created, change your current directory to the OSB_Home
directory, and execute the setup program from your staging area, which in this example is the
/stage/osb_installmedia directory. If you use your CD-ROM drive as your staging area,
use a command similar to /cdrom/cdrom0/setup. In the slide example, a stage directory is used
instead of a CD-ROM drive.

Oracle Database 11g: Oracle Secure Backup 2 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

1. Log in as the root user.

Administrative Server Installation: Example

This CD-ROM contains Oracle Secure Backup version


10.2.0.2.0_linux32.
Please wait a moment while I learn about this host... done.
- - - - - - - - - - - - - - - - - - - - 1. Linux32 administrative server, media server, client
- - - - - - - - - - - - - - - - - - - - Loading Oracle Secure Backup installation tools... done.
Loading linux32 administrative server, media server, client...
done.
- - - - - - - - - - - - - - - - - - - - Loading of Oracle Secure Backup software from CD-ROM is
complete. You may unmount and remove the CD-ROM.
Would you like to continue Oracle Secure Backup installation
with 'installob' now? (The Oracle Secure Backup Installation
Guide contains complete information about installob.)
Please answer 'yes' or 'no' [yes]: no

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example


As you can see, Oracle Secure Backup analyzes the host on which you start the installation, then it
loads the relevant software.
installob is the primary installation script for Oracle Secure Backup. It can be called in a standalone fashion by invoking the installob shell script.

Oracle Database 11g: Oracle Secure Backup 2 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Welcome to Oracle's setup program for Oracle Secure Backup.


This program loads Oracle Secure Backup software from the CDROM to a filesystem directory of your choosing.

Welcome to installob, Oracle Secure Backup's UNIX installation


program.
It installs Oracle Secure Backup onto one or more UNIX or Linux
systems on your network. (Install Oracle Secure Backup for
Windows using the CD-ROM from which you loaded this software.)
For most questions, a default answer appears enclosed in square
brackets. Press Enter to select this answer.
Please wait a few seconds while I learn about this machine...
done.
Have you already reviewed and
for your Oracle Secure Backup
Would you like to do this now
- - - - - - - - - -

customized install/obparameters
installation [yes]? no
[yes]? no
- - - - - - - - - - -

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example (continued)


The obparameters file is preconfigured. If you wish a default installation, answer no, once, to
the question about customizing this file.
If you wish to customize it, then you can use a text editor to edit the obparameters file in the
/usr/local/oracle/backup/install/ directory (referred to as the
OSB_Home/install directory). Various parameters are defined that you can configure to meet the
needs of your business. For example, you can modify parameters for:
Automatic startup at boot time of the observiced daemon
Automatic creation of an Oracle Secure Backup user, called oracle, that is assigned the
oracle class, and preauthenticated to be used by RMAN
Default certificate key size

Oracle Database 11g: Oracle Secure Backup 2 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Installation: Example

Oracle Secure Backup is not yet installed on this machine.


Oracle Secure Backup's Web server has been loaded, but is not
yet configured.
You can install this host one of three ways:
(a) administrative server
(the host will also be able to act as a media server or
client)
(b) media server
(the host will also be able to act as a client)
(c) client
If you are not sure which way to install, please refer to the
Oracle Secure Backup Installation Guide. (a,b or c) [a]? a

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example (continued)


Specify the role for this server. If you install Oracle Secure Backup for first time on a specific
network, then you should begin with an administrative server installation. By default, the
administrative server is also configured as a client.

Oracle Database 11g: Oracle Secure Backup 2 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Installation: Example

Beginning the installation. This will take just a minute and


will produce several lines of informational output.
Installing Oracle Secure Backup on edvmr1p0 (Linux version
2.6.9-67.0.7.0.1.ELxenU)
You must now enter a password for the Oracle Secure Backup
encryption key store. Oracle suggests you choose a password of
at least 8 characters in length, containing a mixture of
alphabetic and numeric characters.
Please enter the key store password:key_password <<not echoed>>
Re-type password for verification:key_password <<not echoed >>

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example (continued)


Choose a password for the Oracle Secure Backup encryption key store, which follows your security
strategies. (Do not forget this password).
Note: In this class, simple and easy to remember passwords (oracle) are used to avoid detracting
from the purpose of the exercise. In real development and production environments, use strong
passwords that follow the guidelines in Oracle Database Security Guide and the Oracle Secure
Backup Administrators Guide.

Oracle Database 11g: Oracle Secure Backup 2 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Installation: Example

You must now enter a password for the Oracle Secure Backup
'admin' user.
Oracle suggests you choose a password of at least 8 characters
in length, containing a mixture of alphabetic and numeric
characters.
Please enter the admin password:admin_password << not echoed >>
Re-type password for verification:admin_password <<not echoed>>
You should now enter an email address for the Oracle Secure
Backup 'admin user. Oracle Secure Backup uses this email
address to send job summary reports and to notify the user when
a job requires input. If you leave this blank, you can set it
later using the obtool's 'chuser' command.
Please enter the admin email address:

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example (continued)


Choose a password for the admin user, which follows your security strategies. If you know the
email of the admin user you can enter it as well.
During the software installation, you see the actions that are performed. For example:
generating links for admin installation with Web server
updating /etc/ld.so.conf
checking Oracle Secure Backup's configuration file (/etc/obconfig)
setting Oracle Secure Backup directory to /usr/local/oracle/backup in
/etc/obconfig
setting local database directory to /usr/etc/ob in /etc/obconfig
setting temp directory to /usr/tmp in /etc/obconfig
setting administrative directory to /usr/local/oracle/backup/admin in
/etc/obconfig
protecting the Oracle Secure Backup directory
creating /etc/rc.d/init.d/observiced
activating observiced via chkconfig
initializing the administrative domain

If you wish to see the daemons or background processes, enter the following after the installation:
# ps -a |grep ob
13760 pts/0
00:00:00 observiced
13772 pts/0
00:00:00 obscheduled

Oracle Database 11g: Oracle Secure Backup 2 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Installation: Example

*********************** N O T E ************************
On Linux systems Oracle recommends that you answer no to
the next two questions. The preferred mode of operation on
Linux systems is to use the /dev/sg devices for attach
points as described in the 'ReadMe and in the
'Installation and Configuration Guide'.
Is edvmr1p0 connected to any tape libraries that you'd
like to use with Oracle Secure Backup [no]? no
Is edvmr1p0 connected to any tape drives that you'd like
to use with Oracle Secure Backup [no]? no
Installation summary:
Installation
Mode
admin

Host
OS
Driver
Name
Name Installed?
edvmr1p0 Linux no

OS Move
Required?
no

Reboot
Req?
no

Oracle Secure Backup is now ready for your use.

Copyright 2009, Oracle. All rights reserved.

Administrative Server Installation: Example (continued)


After the Oracle Secure Backup software has been installed, you are asked if you want to configure
any tape libraries or tape drives that might be attached to the current host.
As suggested in the NOTE on the slide, you should answer no to both questions and follow the
methods recommended in the Oracle Secure Backup Installation Guide.
After the software installation completes, an installation summary appears.

Oracle Database 11g: Oracle Secure Backup 2 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Installation: Example

There are 3 Windows screenshots on this slide, showing:


the Oracle Secure Backup welcome page
the setup page, on which you choose which host roles to install, and
the admin user password and email page

Copyright 2009, Oracle. All rights reserved.

Wizard-Based Installation on Windows


Start your Windows installation by running the setup.exe program. This activates the
InstallShield wizard. Answer the questions of the InstallShield wizard, such as your customer
information, your server role definition, your predefined Oracle user, passwords for the admin user
and the encryption key store, and other questions needed to complete the installation on a Windows
server.
During the installation process, the Oracle Secure Backup Setup wizard copies all Oracle Secure
Backup files to the local host and generates Windows Registry entries.
The default directory on Windows is C:\Program Files\Oracle\Backup\, which is
different from the recommended UNIX directory of usr/local/oracle/backup.

Oracle Database 11g: Oracle Secure Backup 2 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Wizard-Based Installation on Windows

Oracle Secure
Backup

Web tool

obtool

https://<host_name>

EM interface

https://<host_name>:1158/em

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Interfaces


You can use either the GUI interface or the obtool command-line interface (CLI) to access the Oracle
Secure Backup information. In all cases, you must use a valid username and password.
For example, if you want to view the Oracle Secure Backup users, you can choose any of these three
interfaces:
You can start the Web tool by entering https://<host_name> into your Web browser.
Click the Configure tab, and then click Users.
You can start Enterprise Manager by entering https://<host_name>:1158/em into
your Web browser, and then select the following: Availability > Oracle Secure Backup Device
and Media > Configure > Users.
You can start the obtool command line by entering obtool in a terminal window, and then the
lsuser command.
Note: Enterprise Manager is the recommended interface.

Oracle Database 11g: Oracle Secure Backup 2 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Interfaces

This screenshot has the OSB home page as it first appears.


The home page has the following sections:
1. Failed Jobs
2. Active Jobs
3. Pending Jobs
4. Completed jobs (within the last 24 hours)
5. Devices
No jobs have been executed; the devices are not in use.

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Web Tool Home Page


The Oracle Secure Backup Web tool Home page provides a snapshot of the current status of Oracle
Secure Backup jobs and devices, presenting important summary information to administrators and
users.
The Home page includes the schedule times and status of recent jobs as well as job IDs, job type, and
job level. Oracle Secure Backup provides a link for failed jobs, alerting users and administrators to
potential trouble spots.
The Devices link lists the devices associated with each job along with information concerning device
type, device name, and status. This page provides you with an overall sense of the various backup or
restore processes that are going on.
The Web tool provides a graphic interface for just about all of the Oracle Secure Backup features,
such as:
Flexible scheduling options for backups of file-system data:
- Specify backups based on time of day, days of the week, month, quarter, or year
- Schedule backups to start immediately or at a future date
Backup windows to minimize impact on day-to-day backup operations
Ability to create off-site backups for remote storage without disturbing currently scheduled
incremental backups of the same data

Oracle Database 11g: Oracle Secure Backup 2 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Web Tool Home Page

Category

Obtool Command

Hosts

lshost -l

Devices

lsdev

Storage selectors

lsssel

User info

id, lsuser, lsclass

Jobs and schedules

lsjob (-a | -c | -p)


lsbw (backup windows)
Lssched

Backups

lsds (for dataset information)


lspiece (for RMAN backup pieces)
lsbackup (for file-system backups)
lssection (for backup image sections)

Media families

lsmf --long

Volumes

lsvol --all or lsvol --library <libname>

Copyright 2009, Oracle. All rights reserved.

Common Obtool Commands


The slide lists some of the common obtool commands that you can use to query the Oracle Secure
Backup administrative and catalog data. Depending upon the information you want to retrieve, you
may use additional options to specify the amount of information returned, such as listing all the
volumes for a particular media family or listing only completed jobs.
For details of all command options, see the Oracle Secure Backup Reference.
These commands can assist you with troubleshooting your OSB installation and configuration. For
example, the lshost command shows the current roles of a host. If you want to add a device to
your OSB domain, the host must have the mediaserver role, which is not installed by default.

Oracle Database 11g: Oracle Secure Backup 2 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Common Obtool Commands

Oracle Secure Backup installation automatically discovers


NAS-attached media devices.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 2 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

When installing the administrative server, the following


components are also installed:
1. Media server only
2. Client only
3. Media server and client
4. None

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 2 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

After initial installation, the OSB administrative server is


automatically configured with a media server role:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 2 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Decide on the structure of your administrative domain
Perform preinstallation tasks
Install Oracle Secure Backup on Linux

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 2 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Creating your Oracle Secure Backup home directory
Installing the Oracle Secure Backup software
Configuring the media server and virtual test devices
Inserting volumes into both tape libraries
Note: Completing all practice steps is a prerequisite for all the
following practices.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 2 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2 Overview:
Installing and Configuring Oracle Secure Backup

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Securing Domain and Data

After completing this lesson, you should be able to:


Manage user access control for Oracle Secure Backup
Add an Oracle Secure Backup user with preauthorized
access
Describe host authentication
Determine backup security characteristics
Describe Oracle Secure Backup encryption
Configure host encryption policies

Copyright 2009, Oracle. All rights reserved.

Objectives
This course focuses on Oracle Secure Backup: Access control, authentication and OSB
encryption. For comprehensive coverage of Oracles security concepts and tools (including
RMAN encryption), see the course titled Oracle Database 11g: Security.

Oracle Database 11g: Oracle Secure Backup 3 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Access Control
Authentication
Encryption

Oracle Secure Backup user:


Is different from an Oracle schema and an OS user
Is assigned to a single UNIX and a single Window account
Has one set of access rights
Belongs to only one class
Set of user rights

Set of user rights

Class

Class

Copyright 2009, Oracle. All rights reserved.

Managing User Access Control


Oracle Secure Backup maintains its own catalog of Oracle Secure Backup users and their
rights on the administrative server. This is in addition to the database access and operating
system control. By storing Oracle Secure Backup access control information about the
administrative server, Oracle Secure Backup maintains a consistent user identity across the
administrative domain.
A set of rights is grouped into a class, which can be assigned to multiple users. However,
each user is a member of exactly one class. An Oracle Secure Backup user is different from an
Oracle schema user, as well as an operating system user. You can assign Oracle Secure
Backup usernames and passwords that are identical to or different from those of existing
operating system users. Each Oracle Secure Backup user is associated with a single UNIX
account and a single Windows account. These UNIX and Windows accounts are used when
some component of Oracle Secure Backup must assume a UNIX or Windows identity when
running on behalf of a given Oracle Secure Backup user.
Note: You might find it convenient to name Oracle Secure Backup users like their OS user
identity.
To configure Oracle Secure Backup users, you must belong to a class with the Modify
administrative domains configuration right.
Oracle Database 11g: Oracle Secure Backup 3 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing User Access Control .>

Predefined Classes and User Rights


Browse backup catalogs with this access

operator

user

oracle

reader

Privileged

notdenied

permitted

permitted

named

Y
Y

Y
Y

Modify any job, regardless of its owner

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y

Access Oracle backups

all

all

Perform Oracle backups and restores

Display administrative domain's configuration

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

admin

Modify own name and password


Modify administrative domain's configuration
Perform backups as self
Perform backups as privileged user
List any jobs owned by user
Modify any jobs owned by user
Perform restores as self
Perform restores as privileged user
Receive e-mail requesting operator assistance
Receive e-mail describing internal errors
Query and display information about devices
Manage devices and change device state
List any job, regardless of its owner

Y
Y

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y

Y
Y
Y
Y

owner

Y
Y
Y
Y
Y
Y
Y

owner

none

Copyright 2009, Oracle. All rights reserved.

Predefined Classes and User Rights


A class defines a set of rights or access privileges. Oracle Secure Backup comes with the
following predefined classes:
admin: Is used for the overall administration of a domain. The admin class has all the
rights and privileges needed to modify domain configurations and perform backup and
restore operations.
operator: Is used for standard day-to-day operations. The operator class lacks
configuration privileges but has all the rights needed for backup and restore operations as
well as viewing and managing devices.
user: Is assigned to specific users giving them permission to interact in a limited way
with their domains. This class is reserved for users who need to browse their own data
within the Oracle Secure Backup catalog and perform user-based restore operations.
oracle: Is similar to the operator class with specific privileges to modify Oracle
database configuration settings, as well as to perform Oracle database backups and restore
operations
reader: Enables users to view the Oracle Secure Backup catalog data. Readers are
permitted only to modify the given name and password for their Oracle Secure Backup
user accounts.
You can use the mkclass command to define your own Oracle Secure Backup user class.
Oracle Database 11g: Oracle Secure Backup 3 - 4

Oracle University and (Oracle Corporation) use only.

Rights

Oracle Database 11g: Oracle Secure Backup 3 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Predefined Classes and User Rights (continued)


Here is the explanation of each right:
Browse backup catalogs with this access:
- Privileged: Users can browse all directories.
- Notdenied: Users can browse any directory for which they are not explicitly denied
access. This option differs from permitted in that it allows access to a directory
having no stat record stored in the catalog.
- Permitted: Users can browse a directory to which, based on operating system file
ownership and protection, they have read rights.
- Named: Users can browse a directory if the UNIX user defined in the Oracle Secure
Backup identity is listed as the owner of the directory or the UNIX group defined in
the Oracle Secure Backup identity matches the group of the directory. If the UNIX
user defined in the Oracle Secure Backup identity has read rights for the directory,
but is not the UNIX owner or a member of the UNIX group associated with the
directory, then the user is not able to browse the directory.
- None: Users have no rights to browse any directory.
Display administrative domains configuration allows the class member to list objects
(for example, hosts, devices, and users) in the administrative domain.
Modify own name and password allows the class member to modify certain attributes
for their own user objects (password and given name).
Modify administrative domains configuration allows the class member to edit (create,
modify, rename, and remove) all configuration data in an Oracle Secure Backup
administrative domain. These include classes, users, hosts, devices, defaults and policies,
schedules, datasets, media families, summaries, and backup windows.
Perform backups as self allows the class member to back up only those files and
directories in which the member has access (using either UNIX user and group names or a
Windows domain account).
Perform backups as privileged user allows the class member to back up files and
directories while acting as a privileged user (root on UNIX and as a member of the
Administrators group on Windows).
List any jobs owned by user enables the class member to view:
- Status of scheduled, ongoing, and completed jobs that they create
- Transcripts for job that they create
Modify any jobs owned by user allows the class member to modify only jobs that the
member configured.
Perform restore as self allows class members to restore the contents of backup images
under the restrictions of the access rights imposed by the users UNIX name or group, or
the Windows domain and account.

Oracle Database 11g: Oracle Secure Backup 3 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Predefined Classes and User Rights (continued)


Perform restore as privileged user allows the class member to recover the contents of
backup images as a privileged user (root on UNIX and as a member of the
Administrators group on Windows).
Receive email requesting operator assistance allows the class member to receive email
messages when Oracle Secure Backup requires manual intervention. Occasionally, during
backup and restore operations, your assistance may be requiredfor example, if a new
tape is required to continue a backup. In such cases, emails are sent to all users who
belong to classes having this attribute.
Receive email describing internal errors allows the class member to receive email
messages describing errors that occurred in any Oracle Secure Backup activity.
Query and display information about devices allows the class member to query the
state of all storage devices configured within the administrative domain.
Manage devices and change device state allows a class member to control the state of
devices.
List any job, regardless of owner allows the class member to view:
- Status of any scheduled, ongoing, and completed jobs
- Transcripts for any job
Modify job, regardless of owner permits the class member to make changes to any job.
Access Oracle backups specifies the type of access to Oracle Database backups made
through the SBT interface. The values are as follows:
- owner indicates that the user can access only SBT backups created by the user.
- class indicates that the user can access SBT backups created by any Oracle Secure
Backup user in the same class.
- all indicates that the user can access all SBT backups.
- none indicates that the user has no access to SBT backups.
Perform Oracle backups and restores allows the class member to back up and restore
Oracle databases. Users with this right are Oracle Secure Backup users that are mapped to
operating system accounts used when performing Oracle database installations.
SBT requests will be honored only if the OS account making the request is mapped to an
Oracle Secure Backup user who has the Oracle database backup/restore right. In addition to
this, SBT restore, query, and remove requests will be honored only if the OS account making
the request is mapped to an Oracle Secure Backup user whose Access Oracle backups right
allows access to the piece requested.

Tip: No clear text


passwords, use
prompts.
For unprivileged backup, that
is, file-system backup not as
UNIX root or Windows
Administrator

Copyright 2009, Oracle. All rights reserved.

Configuring Oracle Secure Backup Users


To configure one or more users, perform the following steps:
1. From the Web tool Home page, click the Configure tab in the menu bar.
2. Click Users in the submenu under Basic. The Users page appears.
3. Click the Add button to add a new user. A dialog box appears for entering a username.
4. Enter a username in the User field. Formally, it is unrelated to any other name used in
your computing environment or the Oracle Secure Backup administrative domain.
Practically, you might find it convenient to choose Oracle Secure Backup usernames that
are identical to users Windows or UNIX names.
5. Enter a password for the user in the Password field. This password is used to log in to
Oracle Secure Backup.
Note: The practice of supplying a password in clear text on a command line or in a
command script is not recommended by Oracle Corporation. It is a security vulnerability.
The recommended procedure is to prompt the user for the password.
6. Select a class from the User class list.
7. Optionally, enter a given name in the Given name filed. This name is for information
purposes only.

Oracle Database 11g: Oracle Secure Backup 3 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Oracle Secure Backup Users

Oracle Database 11g: Oracle Secure Backup 3 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Oracle Secure Backup Users (continued)


8. Enter a UNIX name for this account in the UNIX name field. This name forms the
identity of any nonprivileged jobs run by the user on UNIX systems. If this Oracle Secure
Backup user will not, or is not permitted to, run Oracle Secure Backup jobs on UNIX
systems, the user can leave this field blank.
9. Enter a UNIX group name for this account in the UNIX group field. This name forms the
identity of any nonprivileged jobs run by the user on UNIX systems.
10. In the NDMP server user list, select yes if you want Oracle Secure Backups NDMP
server to accept a login from this user using the username and password you have
supplied. This is not required for normal Oracle Secure Backup operation and is typically
set to no.
11. Enter the email address for the user in the Email address field. When Oracle Secure
Backup wants to communicate with this user, such as to deliver a summary report or
notify the user of a pending input request, it does so by sending an email to this address.
12. Choose one of the following:
- Click Apply to add the user account and remain in this page.
- Click OK to add the user account and return to the Users page. The user account
appears in the User Name box on the Users page. A message appears in the Status
box informing you that the user was successfully added.
- Click Cancel to avoid the operation and move back one page.
13. If the user you configured needs to initiate backup and restore operations on Windows
clients, refer to the Assigning Windows Account Information section.
Note: Oracle Secure Backup creates the admin user when a new administrative domain is
initialized. You cannot remove the admin user.

% obtool
Oracle Secure Backup 10.2
login: osbuser1

osbuser1 can only


backup and restore data
accessible to
UNIX name: jdoe
UNIX group: sysadmin

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup User: OS Permissions


When writing backup data to tape, you must log into Oracle Secure Backup. You can login
explicitly or transparently by using "preauthorization". Oracle Secure Backup uses the class
and rights assigned to the osbuser1 user, to determine whether or not the requested action is
allowed. In this example, the osbuser1 user can only back up and restore data accessible by
the jdoe UNIX user and the sysadmin UNIX group. The UNIX name and group are the
identity under which an unprivileged backup operation will be performed.
When an Oracle Secure Backup user makes an unprivileged backup or restore of a host, the
host is accessed by means of an operating system identity.
If a UNIX or Linux host is backed up or restored, then Oracle Secure Backup uses the
UNIX username and group values for the operating system identity.
If a Windows host is backed up or restored, then Oracle Secure Backup uses the first
(domain, account, password) triplet that allows access to the host.

Oracle Database 11g: Oracle Secure Backup 3 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup User:


OS Permissions

Type of Backup Operation

OS Namespace

Scheduled job

OSB admin user: typically root on


UNIX or LocalSystem on Windows

Unprivileged on-demand and RMAN backups

Current session of the OSB user

Privileged backup

root on UNIX; OSB service on


Windows

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup User: OS Permissions (continued)


The OS user that is used to access the files being backed up depends upon the type of backup
operation:
If you create a scheduled job, the backup runs in the OS namespace associated with the
Oracle Secure Backup admin user, which is typically root on UNIX-like systems or
LocalSystem on Windows systems.
If you perform an on-demand backup, the OS namespace associated with the Oracle
Secure Backup user of the current session is used, unless you specify the backup should
run as a privileged operation. A backup that runs in privileged mode runs under the root
operating system identity. On Windows systems, the backup runs under the same account
as the Oracle Secure Backup service on the Windows client. Backup and restore requests
submitted through the RMAN interface are treated as on-demand jobs.

Oracle Database 11g: Oracle Secure Backup 3 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup User:


OS Permissions

RMAN script:
run {
allocate channel oem_sbt_backup1 type 'SBT_TAPE' format '%U';
}

Preauthorized users do not log in explicitly.


Oracle Secure Backup verifies:
RMAN preauthorization
Matching OS and database identity
Backup and /or restore class rights

Copyright 2009, Oracle. All rights reserved.

Preauthorization
You can preauthorize Oracle Secure Backup users for the use of the obtool command line
(cmdline), rman, or both. Using the example from the previous slide, the jdoe OS user
can be preauthorized to use Oracle Secure Backup as the osbuser1 OSB user, without
having to supply an Oracle Secure Backup username or password.
Preauthorization for file-system backups is primarily used to avoid logging in to Oracle Secure
Backup when running custom scripts. Without cmdline preauthorization, the script would
fail, because access to Oracle Secure Backup is not granted without user login.
RMAN preauthorization is required to successfully backup or restore the Oracle database.
Oracle database backups are invoked from RMAN or Enterprise Manager. When Oracle
Secure Backup receives communication from RMAN (through sbt), Oracle Secure Backup
verifies that an OSB user meets the following requirements:
1) RMAN preauthorization on that host
2) Matching the OS user identity of the Oracle instance associated with the database (which
is, for example, oracle)
3) Assignment to a class with rights to back up or restore Oracle database
If these three criteria are not successfully met, Oracle Secure Backup does not perform the
RMAN backup or restore requests.
Oracle Database 11g: Oracle Secure Backup 3 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Preauthorization

Best Practice Tip:


Limit preauthorized
access to selected hosts.

Unique combination of: Hosts,


OS and Windows name

Copyright 2009, Oracle. All rights reserved.

Preauthorizing Access
To provide preauthorized access, you can modify parameters for an existing user account:
1. From the Users page, select the name of the user from the User Name box.
2. Click the Edit button. A page appears with details for the user you selected.
3. Make any required changes. To modify users, you must be a member of a class that has
this right enabled.
4. Choose one of the following:
- Click Apply to remain in this page.
- Click OK to save the changes and return to the Users page.
- Click Cancel to avoid the operation and move back one page.
If your Oracle Secure Backup user needs to initiate backup and restore operations on
Windows clients, then you must add Windows Domains information.
To configure RMAN and/or command-line preauthorization, click Preauthorized Access
and specify the appropriate attributes. The combination of Hosts, OS username, and
Windows domain name must be unique.

Oracle Database 11g: Oracle Secure Backup 3 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Preauthorizing Access

Copyright 2009, Oracle. All rights reserved.

Assigning Windows Account Information


You can associate an Oracle Secure Backup user with multiple Windows domain accounts or
use a single account that applies to all Windows domains.
This section explains how to configure Windows account information for existing Oracle
Secure Backup users who need to initiate backups and restores on Windows clients.
To assign Windows account information to an Oracle Secure Backup user, perform the
following steps:
1. From the Users page, select the name of the user from the User Name box.
2. Click the Edit button. A page appears with details for the user you selected.
3. Click the Windows Domains button. The Windows Domains page appears.
4. Enter a Windows domain name in the Domain name field. Type an asterisk (*) in this box
for all Windows domains.
5. Enter a Windows user account in the Username field.
6. Enter a Windows password in the Password field.
7. Click the Add button to add the Windows account information. The domain appears in the
Domain: Username list.

Oracle Database 11g: Oracle Secure Backup 3 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Assigning Windows Account Information

Preauthorization may be specified for:


1. obtool users only
2. RMAN only
3. Both

Copyright 2009, Oracle. All rights reserved.

Answers: 3

Oracle Database 11g: Oracle Secure Backup 3 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which are required to allow RMAN to successfully backup or


restore using Oracle Secure Backup:
1. RMAN must connect via a preauthorized user.
2. The preauthorized OSB user's OSB class must have
database backup and restore rights.
3. The preauthorized OSB user's OSB class must have OS
file backup and restore rights.
4. The OSB user permissions must match those of Oracle
instance.

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2, 4

Oracle Database 11g: Oracle Secure Backup 3 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Access Control
> Authentication
Encryption

The identity of each host is securely established before


accepting communications.
X.509 certificate
transmitted
proving identity

Identity verified
Ethernet Network

Messages sent securely

Reply submitted

SSL communication
established; backup or
restore operations may
proceed

Copyright 2009, Oracle. All rights reserved.

Authentication
For hosts to securely exchange control messages and backup data within the domain, they
must first authenticate themselves to one another. Host connections are always based on twoway authentications with the exception of the initial host invitation to join a domain and
communication with NDMP servers.
In two-way authentication, the hosts participate in a handshake process whereby they mutually
decide on a cipher suite to use, exchange identity certificates, and validate that each others
certificate has been issued by a trusted Certificate Authority (CA). At the end of this process, a
secure and trusted communication channel is established for the exchange of data.
The use of identity certificates and SSL prevents outside attackers from impersonating a client
in the administrative domain and accessing backup data. For example, an outside attacker
would not be able to run an application on a nondomain host that sends messages to domain
hosts that claim origin from a host within the domain.
Note: Currently, the NDMP protocol does not include a mechanism to accommodate the
negotiation of an SSL connection to NDMP filers.

Oracle Database 11g: Oracle Secure Backup 3 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Authentication

Leveraging Oracle Security Technology


Intradomain communications are secured by using the
Secure Sockets Layer (SSL) protocol.
Backup messages are encrypted as part of SSL
communication.
Two-way authentication of clients and servers is performed,
with an SSL handshake verifying identity.

Every client and server has a unique X.509 certificate


signed by a trusted Certificate Authority (CA).
The Oracle Secure Backup administrative server is the CA
that issues and manages security credentials within the
domain.

Oracle wallets are encrypted containers storing X.509


certificates on all machines within the domain.

Copyright 2009, Oracle. All rights reserved.

Leveraging Oracle Security Technology


Oracle Secure Backup uses the SSL protocol to establish a secure communication channel
between hosts in an administrative domain. Any host in the domain can use a public key to
send an encrypted message to another host, but only the host with the corresponding private
key can decrypt the message. The default key size for all hosts in the domain is 1,024 bits. If
you accept this default, then you do not need to perform any additional configuration. You can
set the size of the key to values between 512 (less secure) and 4,096 (very secure). The
Advanced Encryption Standard (AES) defines three standard key lengths, which are 128-bit,
192-bit, and 256-bit.
The Web server requires a signed X.509 certificate and associated public and private keys to
establish an SSL connection with a client browser. The X.509 certificate for the Web server is
self-signed by the installation script when you install Oracle Secure Backup on the
administrative server.

Oracle Database 11g: Oracle Secure Backup 3 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

For more information about how to modify the secure settings for your installation, refer to the
Oracle Secure Backup Administrators Guide.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Leveraging Oracle Security Technology (continued)


You can modify the default security configuration in the following ways:
Disable SSL for interhost authentication and communication by setting the
securecomms security policy.
Transmit identity certificates in manual certificate provisioning mode.
Set the key size for a host to a value greater or less than the default of 1,024 bits.
Disable encryption for backup data in transit by setting the encryptdataintransit
security policy.

Oracle Database 11g: Oracle Secure Backup 3 - 18

Administrative
server

Media server
and client

Wallet

Wallet

Signing
certificate
Identity
certificate

Identity
certificate

If destroyed without backups:


Create new wallets for each host
in the domain.

If destroyed: Reinstall host to


create new wallet, which can
then be digitally signed by CA.

Copyright 2009, Oracle. All rights reserved.

Administrative Server Certificate Authority (CA)


The Oracle Secure Backup administrative server is automatically configured as the Certificate
Authority (CA) upon installation. During the installation of an administrative server, its
wallets (encrypted and obfuscated) are created along with a signing certificate and identity
certificate. The administrative server has the signing certificate, which it needs to sign the
identity certificates for other hosts, and its identity certificate, which it needs to establish
authenticated SSL connections with other hosts in the domain.
By default, wallets and identity certificates are automatically created during the installation of
media servers and clients. However, you can manually provision these certificates by using the
obcm utility. For more information about obcm and manual certificate provisioning, see the
Oracle Secure Backup Reference.
The encrypted wallets should be backed up, whereas the obfuscated wallets should not be
backed up. If a host wallet becomes destroyed, the host must be reinstalled and configured.
This generates a new host wallet, which again is to be digitally signed by the administrative
server. If the administrative server wallet is destroyed, the wallet must be re-created using the
--initnewdomain command. However, if a new administrative server wallet is created,
then a new wallet for each host in the domain must be created, so that their identity certificates
are digitally signed by the new administrative server signing certificate.
Oracle Database 11g: Oracle Secure Backup 3 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server
Certificate Authority (CA)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Administrative Server Certificate Authority (CA) (continued)


Because Oracle Secure Backup embedded wallets are used only for intradomain
communication, they do not have any direct relationship to the backup data written to tape.
Therefore, if wallets are destroyed and re-created, it does not affect the restoration of data
from tape.

Oracle Database 11g: Oracle Secure Backup 3 - 20

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup creates a unique wallet for every


host in the administrative domain. (No additional
configuration is needed. No sharing with other Oracle
products.)
The wallets contain X.509 certificates, but no encryption
keys (unlike the database wallets).
There are two types of wallets:
A password protected, encrypted file to establish security
credentials
An obfuscated wallet, used by Oracle Secure
Backup daemons

Note: Back up the encrypted wallet regularly,


but never the obfuscated one.
Copyright 2009, Oracle. All rights reserved.

Oracle Wallets
When you add hosts to the administrative domain, Oracle Secure Backup creates the wallet,
keys, and certificates for each host. No additional intervention or configuration is required. All
required wallet functionality is embedded in Oracle Secure Backup, thereby eliminating the
need for other wallet utilities.
Every host in the domain, including the administrative server, has a private key known only to
that host that is stored with the hosts identity certificate. This private key corresponds to a
public key that is made available to other hosts in the administrative domain. Any host in the
domain can use a public key to send an encrypted message to another host, but only the host
with the corresponding private key can decrypt the message. Oracle wallets are encrypted
containers designed to store X.509 certificates. Unlike the database encryption key wallet, the
Oracle Secure Backup wallet does not store encryption keys for data.
Oracle Secure Backup does not share its wallets with other Oracle products.
Besides maintaining its password-protected wallet, each host in the domain maintains an
obfuscated wallet. This version of the wallet does not require a password. The obfuscated
wallet, which is scrambled but not encrypted, enables the Oracle Secure Backup software to
run without requiring a password during system startup.
Oracle Database 11g: Oracle Secure Backup 3 - 21

Oracle University and (Oracle Corporation) use only.

Oracle Wallets for


OSB Intradomain Communication

To reduce the risk of unauthorized access to obfuscated wallets, Oracle Secure Backup does
not back them up. The obfuscated version of a wallet is named cwallet.sso. By default,
the wallet is located in /usr/etc/ob/wallet on Linux and UNIX and C:\Program
Files\Oracle\Backup\db\wallet on Windows.
Best practice tip: Back up the encrypted wallet.

Oracle Database 11g: Oracle Secure Backup 3 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Wallets (continued)


The password for the password-protected wallet is generated by Oracle Secure Backup and not
made available to the user. The password-protected wallet is not normally used after the
security credentials for the host have been established because the Oracle Secure Backup
daemons use the obfuscated wallet.

Access Control
Authentication
> Encryption

OSB backup encryption:


Available for RMAN and file-system data
Data encryption on the client host (prior to any transport or
local writes, but not for NAS)
According to your encryption policy:

Encryption level
Encryption algorithm
Key types
Rekey frequency

Note: Consider costs and benefits of encryption, such as


performance, accessibility and administrative overhead.

Copyright 2009, Oracle. All rights reserved.

Encrypted Backups to Tape


Oracle Secure Backup encryption is available for both RMAN backup data (Oracle 9i and
higher) and for file-system data.
Oracle Secure Backup encrypts data on the client host. (Because there is no client software
installation on NAS, NAS data cannot be encrypted by OSB.) While encryption occurs outside
the database, the data is encrypted prior to transport over the network or prior to being written
to a locally attached tape device. Backup clients do not have direct access to the tape drives,
Data is sent to the media server, which applies your encryption policies.
To implement your encryption policy, you can choose among multiple levels, considering the
costs and benefits of encryption, such as performance, accessibility and administrative
overhead. Details of your OSB encryption choices are covered in the following pages.

Oracle Database 11g: Oracle Secure Backup 3 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Encrypted Backups to Tape

Embedded SSL
for keys
RMAN
backup data

Key store
for each
host

Administrative server
OSB
encryption

Tape libraries
and drives

Encrypted data

File-system
data

Media
server

Client host

Encrypted
data on tape

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Encryption


OSB encryption keys are managed by Oracle Secure Backup. They are stored in host-specific
encrypted key stores on the administrative server. For security purposes, encryption keys are
not stored on client machines, but instead are transmitted via SSL for encryption and
decryption. During backup or restore operations, they are held in memory at the client host,
but never saved on disk.
The backup data is encrypted on the client host before any transport. OSB backup encryption
protects data on tape (while onsite, offsite or lost).

Oracle Database 11g: Oracle Secure Backup 3 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Encryption

Encryption level
Default: AES192
Key renewal:
- Automatic for transparent keys
- Email, log file and display output
notification for passphrase renewal
Certificate keys define level of security
for host authentication and are NOT
related to backup encryption.

Copyright 2009, Oracle. All rights reserved.

Configuring Host Encryption Policies


You can specify encryption:
At the global or host level for all backup data (additionally at backup or volume level for
file-system data).
- required: All data coming from this backup domain or this client must be
encrypted.
- allowed: The decision to encrypt is deferred to the next lower priority item.
Supported algorithms: AES128, AES192 (default), and AES256
A client rekeyfrequency policy defines when a new key is generated. For example,
the policy might require that a new set of keys be generated every 30 days. Transparent
keys are automatically rekeyed. For keys that depend on a passphrase, you receive an
email notification. Additionally, Oracle Secure Backup writes a message to the log files
and the display output.
Key types: transparent (randomly generated keys) or passphrase (keys generated
based on your passphrase.)

Oracle Database 11g: Oracle Secure Backup 3 - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Host Encryption Policies

First generated during client installation (mkhost phase)

Valid until automatic or manual renewal


Key types:
transparent: Randomly generated keys, default and
recommended
Passphrase: Keys generated based on your passphrase
(hash of passphrase is stored, but not the passphrase itself)

Stored in encrypted key stores on the administrative


server:
Active encryption keys
All old encryption keys

Copyright 2009, Oracle. All rights reserved.

Using OSB Encryption Keys


Each newly created client gets an automatically generated key during the mkhost phase. It
remains valid for encryption until:
A key renewal event occurs.
You manually renew an automatically generated key.
You change the key to a passphrase by providing a new passphrase.
The passphrase itself is never stored anywhere. The hash of the passphrase and the key
generated from the passphrase are stored in the encrypted key store. Oracle Secure Backup
does not enforce a minimum length for a passphrase.
After the new key is created, it is added to the wallet-protected key store and marked as the
active encryption key. Old encryption keys are left in the key store and used for automatic and
seamless decryption of data. If clients are removed from the backup domain, then their key
stores are still retained on the administrative server. This ensures that you can always restore
data.

Oracle Database 11g: Oracle Secure Backup 3 - 26

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Using OSB Encryption Keys

One-time use in addition to the regular schedule


Moving data to other OSB domains
Encrypting data at the volume set level for a given job
Transient Key for this volume set:
Based on a passphrase
Not stored by default in key store

Site B

Site A

Copyright 2009, Oracle. All rights reserved.

Transient Backup Encryption


Scenario: You work in a data center for many customers. From your production environment
(A) your customer requests a one-time backup of his three client hosts to create the same
environment (B) as his independent test environment. Each of the client backup files is
encrypted with its own specific key. You do not want to disclose the keys, because they are
used for the regularly scheduled backups.
Oracle Secure Backup enables cross-site backup encryption without this security threat by
encrypting data at the volume set level for a given backup job. The key for this volume set
encryption is based on a passphrase. The data is encrypted with this passphrase-generated key
for all clients that are part of this specific backup job. You, as backup administrator of Site A,
give the passphrase and encryption algorithm to Site B for the restore operation, so that the
data can be decrypted.
In all other cases, the OSB encryption keys are automatically added to the appropriate walletprotected key store. A transient key, however, is a one-time key used mainly for moving data
to a remote location. By default, transient encryption keys are not stored in the key stores, but
Oracle Secure Backup provides you the --storekey/-s option of the backup obtool
command to store the key.

Oracle Database 11g: Oracle Secure Backup 3 - 27

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Transient Backup Encryption

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Transient Backup Encryption (continued)


Before restoring data in another OSB domain, the tapes must first be imported to update the
OSB catalog. Your customer enters the passphrase during the restore operation to decrypt the
backup.
In another scenario, if backup and restore operations occur in the same domain (for example,
you must duplicate a test environment for another team), then you do not need to provide the
passphrase, because Oracle Secure Backup knows it already.

Oracle Database 11g: Oracle Secure Backup 3 - 28

Comparing OSB and RMAN Encryption

OSB Encryption

RMAN Encryption

For RMAN backup For file-system data

Only for RMAN backup data

Global or host
level

Database or tablespace level

Global, host, backup or


volume level

Data encryption on the client host

Data encryption within the database:


no further encryption

OSB encryption keys:


- Managed by OSB
- Stored in host-specific encrypted key
stores on administrative server

RMAN encryption keys:


- Managed by database
- Stored in database wallet

Encryption algorithms: AES128, AES192


(default), and AES256

Encryption algorithms up to 256-bit


AES

Seamless decryption within domain

User-entered password for decryption

Copyright 2009, Oracle. All rights reserved.

Comparing OSB and RMAN Encryption


Oracle Database backup encryption can be performed in one of two ways:
OSB encryption:
- For both: RMAN backup data (Oracle 9i and higher) and for file-system data
- Oracle Secure Backup encrypts data on the client host. (Because there is no client
software installation on NAS, NAS data cannot be encrypted by OSB.) While
encryption occurs outside the database, the data is encrypted prior to transport over
the network or prior to being written to a locally attached tape device. For
decryption within the same domain, you do not have to provide a passphrase.
- Embedded SSL technology provides secure transport of backup data and messages
between two-way authenticated servers.
RMAN encryption (available with Advanced Security Option):
- RMAN can encrypt backups of an Oracle database on the database or tablespace
level. RMAN encrypts the backup data within the database. This is generally faster
than the OSB encryption. The RMAN encryption keys are stored in database wallets
and are managed by the database. You must provide passwords for decryption.
- RMAN encrypted backups require the Advanced Security Option. For more on
RMAN encryption, see the course titled Oracle Database 11g: Security.
When OSB encounters RMAN encrypted backups, it does not perform any additional
encryption.
Oracle Database 11g: Oracle Secure Backup 3 - 29

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Via Advanced
Security Option

OSB host encryption keys are stored:


1. On each host
2. In an Oracle wallet
3. All in one encrypted key store on the administrative server
4. Each in their specific host key store on the administrative
server

Copyright 2009, Oracle. All rights reserved.

Answers: 4

Oracle Database 11g: Oracle Secure Backup 3 - 30

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which statements are true about transient backups?


1. The passphrase for a transient backup is briefly stored in
clear text.
2. Only the hash value and the key, based on the
passphrase, are stored.
3. Transient backups can only be restored in the same OSB
domain.
4. Transient backups can use just one encryption key for a
backup job, even if diverse hosts are part of the volume
set.

Copyright 2009, Oracle. All rights reserved.

Answers: 2, 4

Oracle Database 11g: Oracle Secure Backup 3 - 31

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Your host encryption policy is set to passphrase-generated


keys. Within the same OSB domain, encrypted backups are
automatically decrypted and restored without requiring that you
enter any password.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 3 - 32

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which is the most secure OSB encryption setting?


1. Key type: passphrase and algorithm: AES256
2. Key type: passphrase and algorithm: AES128
3. Key type: transparent and algorithm: AES256
4. Key type: transparent and algorithm: AES192 (default)
5. Key type: transparent and algorithm: AES128

Copyright 2009, Oracle. All rights reserved.

Answers: 3

Oracle Database 11g: Oracle Secure Backup 3 - 33

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Manage user access control for Oracle Secure Backup
Add an Oracle Secure Backup user with preauthorized
access
Describe host authentication
Determine backup security characteristics
Describe Oracle Secure Backup encryption
Configure host encryption policies

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 3 - 34

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Defining a new Oracle Secure Backup user
Configuring preauthorization for this user
Defining a host encryption policy
Note: Completing all practice steps is a prerequisite for all the
following practices.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 3 - 35

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3 Overview:
Configuring OSB Security

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Configuring RMAN for Oracle Secure Backup

After completing this lesson, you should be able to:


Describe integrated disk and tape backup
Register the Administrative Server in EM
Check RMAN backup and recovery settings
Create database backup storage selectors
Use time- and content-managed expiration policies

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 4 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Oracle Database
Disk and Tape Backup Solution

RMAN

Flash
Recovery
Area

RMAN

Backup directly --- OR --- Backup from


to tape
disk to tape

Oracle Secure Backup


Media Management Layer

Flash Recovery
Area space
managed by
RMAN
Automatic
restores from disk
or tape without
user-specified
destination
Optimized backup
to tape

Enterprise
Manager

Copyright 2009, Oracle. All rights reserved.

Oracle Database Disk and Tape Backup Solution


Oracle Database 10g (and later) has a Flash Recovery Area, which is a unified disk storage
location for all database recovery-related files. RMAN manages the disk space in the Flash
Recovery Area. With the Flash Recovery Area and Oracle Secure Backup, you can easily deploy
a comprehensive disk and tape backup and recovery strategy for your Oracle databases.
By putting RMAN in control of your backup and restore operations, you simplify your
availability-related processes. You have the most effective restore process because RMAN
automatically restores from the best backup source (which can be disk or tape). If the most
recent backup is not available, RMAN continues with a previous backup. This failover can be
from disk to tape. It does not require any user intervention.

Oracle Database 11g: Oracle Secure Backup 4 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Databases

One simple RMAN command: BACKUP RECOVERY AREA

Advantages of using the Flash Recovery Area to tape:


Performing optimized backups to tape
First restoring from Flash Recovery Area for maximum
performance, then using tape (if needed)
Reducing I/O on databases (separate disk group)

Copyright 2009, Oracle. All rights reserved.

Backing Up the Flash Recovery Area to Tape


To back up the Flash Recovery Area to tape with Oracle Secure Backup, you issue one RMAN
command: BACKUP RECOVERY AREA. Using this disk-to-tape backup method (instead of
performing a separate backup of the production database to tape) provides a few distinct
advantages:
Saves tape resources with optimized backups of the Flash Recovery Area. It eliminates
unnecessary backup of files, which are already on tape.
Enables RMAN to utilize better restore intelligence, first from disk, then from tape, as
needed. Otherwise, RMAN use the most recent backup regardless of the storage media.
Reduces I/O (important for production databases) because the Flash Recovery Area uses a
separate disk group.

Oracle Database 11g: Oracle Secure Backup 4 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Backing Up the Flash Recovery Area to Tape

Achieving retention policy with both disk and tape backups


Defining an RMAN RECOVERY WINDOW retention policy
Using the RMAN DELETE OBSOLETE command:
Deleting obsolete files on disk
Notifying Oracle Secure Backup of backup pieces that are no
longer needed

Defining content-managed media families for RMAN and


Oracle Secure Backup (recommendation)
File2

RMAN recovery window

File1

Now

Seven-day retention

Copyright 2009, Oracle. All rights reserved.

Defining Retention for RMAN Backups


By defining retention periods within RMAN, a combination of disk and tape backups is used to
meet your recovery requirements. When using the Flash Recovery Area and Oracle Secure
Backup, the recommended RMAN retention policy is the user-defined RECOVERY WINDOW
option. This means, that you define a period of time within which point-in-time recovery must
be possible. When defining this recovery window, also consider the following:
Base retention on recovery needs
Size the Flash Recovery Area based on desired disk recovery capability
Schedule disk and tape backups through RMAN or EM
If your recovery plan allows for restoration from disk for a certain number of hours each day, the
Flash Recovery Area should be of sufficient size to hold the recovery-related files for this time
period. The amount of time backups remain within the Flash Recovery Area is determined by
the amount of available disk space, not by a specific time setting.

Oracle Database 11g: Oracle Secure Backup 4 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Retention for RMAN Backups

EM

5
RMAN

1
2

Administrative
server

3
OSB client:
Database server

Data being
backed up

Media server

Copyright 2009, Oracle. All rights reserved.

RMAN and Oracle Secure Backup Basic Process Flow


1. RMAN initiates backup and passes the database backup storage selector to OSB. If RMAN
is started from the Enterprise Manager (EM) interface, then you must configure the
administrative server in EM (a one-time task).
2. Oracle Secure Backup creates the backup job. Typically, the OS namespace associated with
the Oracle Secure Backup user of the current session is used.
3. Oracle Secure Backup executes the job (transfers data from client to media).
4. Oracle Secure Backup updates its own catalog.
5. RMAN updates its repository.

Oracle Database 11g: Oracle Secure Backup 4 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN and Oracle Secure Backup


Basic Process Flow

The Oracle Secure Backup Device


and Media link invokes the OSB
Administrative Server page in EM.
The File System Backup and
Restore link invokes the Oracle
Secure Backup Web tool.

Copyright 2009, Oracle. All rights reserved.

Integration with Enterprise Manager


Oracle Secure Backup has been integrated with Enterprise Manager (Database Control and Grid
Control). It can be accessed through the Availability page.
By using the EM interface, you can manage the Oracle Secure Backup administrative domain
and perform tasks such as adding or deleting media servers or tape devices, and scheduling
RMAN backups for the database.
The OSB Web tool is the best interface to use file-system backups, adding and deleting clients,
managing defaults and polices, and managing Oracle Secure Backup users.

Oracle Database 11g: Oracle Secure Backup 4 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Integration with Enterprise Manager

Copyright 2009, Oracle. All rights reserved.

Configuring the Administrative Server in EM


Before you can use Enterprise Manager to manage your administrative domain, you must first
configure the administrative server information within EM.
Connect to the Database Control on the administrative server. From the Availability page, click
the Oracle Secure Backup Device and Media link in the Oracle Secure Backup section. This
takes you to the Add Administrative Server page if this is the first time you are trying to access
Oracle Secure Backup from Database Control on that host.
On the Add Administrative Server page, specify the Oracle Secure Backup home directory,
which is the directory specified during the software installation. (The recommended Oracle
Secure Backup Home is /usr/local/oracle/backup, as shown in the screenshot.) EM
assumes that the local host is the Oracle Secure Backup administrative server and enters the
local host name for the administrative server name. You also need to enter the Oracle Secure
Backup administrative Username (for example, admin) and Password.
On the following page, you specify the OS user as Host Credentials.

Oracle Database 11g: Oracle Secure Backup 4 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring the Administrative Server in EM

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Administrative Server Page


The Administrative Server home page provides an overview of your administrative domain.
From this management page, you can perform management tasks for the administration domain
by clicking the appropriate links:
Administrative server (the Edit Settings link in the General section)
Media servers
Media families
Volumes (the Details link)
Devices (the Manage link)
For file-system backups, a link to invoke the Oracle Secure Backup Web tool is
conveniently located at the bottom of the page. It is marked by a red box.
Note: Use the Manage Devices link to test the accessibility of your libraries.

Oracle Database 11g: Oracle Secure Backup 4 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup


Administrative Server Page

1. Configure

2. Perform Backup and Restore

Oracle Secure
Backup
Database
backup
storage
selector

Oracle server
session
SBT
library

RMAN

SBT
channel
EM

Oracle Secure
Backup

Preauthorized
RMAN user

Copyright 2009, Oracle. All rights reserved.

RMAN Database Backup to Tape


The RMAN database backup to tape consists of two steps:
1. Configure preauthorization and a database storage selector in Oracle Secure Backup.
2. Use RMAN to perform your backup and restore operation.
When you install Oracle Secure Backup, the installer automatically performs the following
tasks:
Copies the SBT library to the /lib subdirectory of the OSB_Home directory
Creates a symbolic link to the library in the /lib or /usr/lib directory
So, by default, you are automatically using Oracle Secure Backup each time you allocate an
SBT_TAPE channel with RMAN.
On a host that has Oracle Secure Backup installed, RMAN searches for and loads the SBT
library, as soon as an SBT channel is allocated. RMAN looks in a platform-specific default
location for the SBT library. On UNIX or Linux, the default library file name is libobk.so,
with the extension varying according to platform: .so, .sl, .a, and so on. On Windows, the
default library location is %ORACLE_HOME%\bin\orasbt.dll.
When you access Oracle Secure Backup from RMAN, all you do is allocate a channel of type
SBT_TAPE, and then run RMAN commands to back up or restore your database.

Oracle Database 11g: Oracle Secure Backup 4 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN Database Backup to Tape

Copyright 2009, Oracle. All rights reserved.

Recovery Settings
In Enterprise Manager, navigate to Availability > Recovery Settings and ensure that the database
is in ARCHIVELOG mode and that your Flash Recovery Area (FRA) is big enough. Oracle
Corporation recommends the use of this area for all disk backups, but other configurations are
possible.

Oracle Database 11g: Oracle Secure Backup 4 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Recovery Settings

Copyright 2009, Oracle. All rights reserved.

Backup Settings
In Enterprise Manager, you must configure Tape Drives (in this screenshot set to 1) and you
must configure a database backup storage selector. Optional, but recommended: You should test
your tape drive.

Oracle Database 11g: Oracle Secure Backup 4 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Backup Settings

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN passes database name, content type and copy


number to OSB.
OSB determines corresponding selector.
Selector specifies devices and media family (and any
restrictions).
Database name
Database ID

Wait time

Copy number

Database
backup
storage
selector

Restricted
devices

Host
Media family

Content: archivelog,

full,
incremental, autobackup

Copyright 2009, Oracle. All rights reserved.

Database Backup Storage Selector


Database backup storage selectors are for backups of Oracle databases. Oracle Secure Backup
uses information contained in storage selectors to interact with RMAN when performing backup
operations. Oracle Secure Backup maintains storage selectors as an object type on the
administrative server.
When RMAN performs an Oracle database backup to devices and media managed by Oracle
Secure Backup, RMAN passes the database name, content type, and copy number to Oracle
Secure Backup. With this information Oracle Secure Backup determines the corresponding
database backup storage selector. This selector informs Oracle Secure Backup to which devices,
if any, to restrict this backup, and which media family (if any) to use.
Database backup storage selectors enable you to specify which resources should be used by SBT
backups. A database backup storage selector object contains the following information:
The database name or ID. An asterisk character (*) indicates that the storage selector
applies to all databases.
The name of the hosts to which this selector applies. An asterisk character (*) indicates that
the storage selector applies to databases residing on all available hosts.

Oracle Database 11g: Oracle Secure Backup 4 - 13

Oracle University and (Oracle Corporation) use only.

Database Backup Storage Selector

duration::= forever | disabled |


number {[seconds] | [minutes] | [hours] |
[days] | [weeks] | [months] | [years]}

If the resources do not become available during the specified wait time, RMAN fails the
job.
Note: For more information about creating and managing database backup storage selectors,
refer to the obtool topic, Database Backup Storage Selector Commands, in the Oracle Secure
Backup Reference.

Oracle Database 11g: Oracle Secure Backup 4 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Database Backup Storage Selector (continued)


The name of the media family to use for backups under the control of this storage selector
object
The backup content to which this selector applies. The content may be one or more of the
following:
- archivelog: Backs up or restores database archived redo logs
- full: Backs up or restores the database files, regardless of when they were last
backed up. This option is the same as a level 0 backup.
- incremental: Backs up or restores only data that has been modified since the last
backup, regardless of the backup level
- autobackup: Backs up or restores control files
- * : Represents all content types
The names of devices to which backups controlled by this storage selector are restricted.
You specify the restriction in one of the following forms:
- devicename: Uses the specified device
- @hostname: Uses any device of the specified host
- devicename@hostname: Uses the specified device attached to the specified host
When more than one device restriction is specified in a list, Oracle Secure Backup selects
only one of them from the list.
The RMAN copy number to which this selector applies. This is configured for use with the
RMAN commands BACKUP COPIES or CONFIGURE BACKUP COPIES to duplex
backup sets to protect against disaster, media damage, or human error. The copy number
must be an integer in the range of 1 through 4. The default value is an asterisk (*), which
indicates that the storage selector applies to any copy number.
How long to wait for the availability of resources required by backups under the control of
this storage selector. The resource wait time is specified as a duration, which has the
following format:

Copyright 2009, Oracle. All rights reserved.

Defining Database Storage Selectors


Storage selectors are created, named, and modified by a user belonging to a class with the
Modify administrative domain's configuration right.
To create a database backup storage selector, perform the following steps:
1. In EM Database Control, click the Availability tab.
2. On the Availability page, click the Configure Backup Settings link.
3. On the Configure Backup Settings page, click Configure in the Oracle Secure Backup
section. This takes you to the Backup Storage Selectors page. From there, you can manage
your backup storage selectors. Then, click Return.
You can also use the following example command to create a database storage selector:
mkssel -c * -d * -i * -h EDRSR14P1 -r vdte1 ssel1

This example creates a database backup storage selector that is valid for any Oracle database
located on the EDRSR14P1 host. The storage selector object is called ssel1, and it restricts
backups to the vdte1 tape drive.
The lsssel command enables you to list the defined database backup storage selectors in your
administrative domain.

Oracle Database 11g: Oracle Secure Backup 4 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Database Storage Selectors

Copyright 2009, Oracle. All rights reserved.

Media Families and RMAN


OSB provides two default media families:
The time-managed OSB-CATALOG-MF for OSB catalog backups
The content-managed RMAN-DEFAULT for RMAN backups. Thus, creating media
families for use in RMAN backups is optional.
You may find it useful to create different media families for the different types of backup sets
that you create with RMAN and for backups that have different retention and storage
requirements. For example, you may want to create a media family on-site backups and a
separate media family for off-site backups.
You can create media families in Enterprise Manager. On the Administrative Server page, you
can click the link corresponding to the Media Families number. This takes you to the Media
Families page, where you can create new media families and manage the existing media families
used by Oracle Secure Backup.
Alternatively, you can use the Oracle Secure Backup Web tool to create these media families or
use the mkmf command in obtool.
Note: For more information about how to manage media families within Oracle Secure Backup,
refer to the Oracle Secure Backup Administrators Guide.

Oracle Database 11g: Oracle Secure Backup 4 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Media Families and RMAN

OSB

Recycling time-managed volumes


Write window
Retention duration
Updates allowed

Volume set
creation

Ready for reuse:


The day after volume
expiration

Updates forbidden

Volume set
closed
Library
Media family
Volume set

File-system
file

Backup
image

OS

OSB

Volume

Volume

Volume

Backup
image
section

Backup
image
section

Backup
image
section

Copyright 2009, Oracle. All rights reserved.

Media Management Expiration Policies for Automated Tape Recycling


Oracle Secure Backup automates tape recycling, reusing tapes after the backups or volumes have
expired, depending on their user-defined recycling method.
Time-managed expiration policies: The expiration time is associated at the volume level for
time-managed media families. When the volume expiration date is reached, the volume becomes
eligible to be overwritten. Each volume in a volume set will have an expiration date, which is
determined as follows:
The user-defined Write window determines how long the tape may be appended to after the
first tape write event (optional).
The user-defined retention time determines how long the volume must be retained after the
Write window has closed or after the first tape write event, if a write-window is not defined.
If a write-window is not defined, the volume will be appended to, until it is full.
The expiration time is the Write-window time plus the retention time.
In short, time-managed volumes for file-system backups have a user-defined expiration period
associated with the volume, not content of volume. (This policy is not for RMAN.)

Oracle Database 11g: Oracle Secure Backup 4 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Media Management Expiration Policies for


Automated Tape Recycling

Media Management Expiration Policies for


Automated Tape Recycling
Recycling content-managed volumes

Marked DELETED
by RMAN
Expired
Backup
piece

Expired
Backup
piece

Or

Marked DELETED by
Oracle Secure Backup

Expired
Backup
piece

Expired
Backup
piece

Ready for reuse:


deleted attribute for
all backup pieces

Volume
set

RMAN control of content expiration:


RMAN DELETE OBSOLETE command notifies OSB about
obsolete backup pieces.
OSB updates expiration status in the Oracle Secure Backup
catalog (no deletion from tape).
After all backup pieces on a specific tape have a deleted
attribute, OSB considers the tape eligible for reuse.
OSB overwrites the tape, when a tape is needed.
Copyright 2009, Oracle. All rights reserved.

Media Management Expiration Policies for Automated Tape Recycling


Content-managed expiration policies: The expiration time is associated with the content on
the tape, not with the actual volume.
With content-managed volumes, the retention period is configured within RMAN by using
the recovery window or redundancy setting. Oracle Secure Backup does not associate a
specific date with the backup piece, but updates the piece attribute from content manages
use to deleted status as instructed by RMAN.
By issuing the RMAN DELETE OBSOLETE command, RMAN deletes any disk backups
no longer needed to meet the user-configured retention policies and notifies the media
management software (Oracle Secure Backup) about which pieces can be deleted. The
expiration status is updated in the Oracle Secure Backup catalog, but the actual pieces are
not deleted from tape. Instead, the backup pieces receive the deleted attribute.
After all backup pieces on a specific tape have a deleted attribute, Oracle Secure Backup
considers the tape eligible for reuse, and overwrites the tape when a tape is needed.

Oracle Database 11g: Oracle Secure Backup 4 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN

RMAN and Oracle Secure Backup

Data file 1

BACKUP
AS COPY

RMAN

OSB

Image
copy

Backup
image

BACKUP AS
BACKUPSET

Data file 2

Backup
piece

(filesperset 3)

Media family
Volume set
Volume

Volume

Volume

Backup
image
section

Backup
image
section

Backup
image
section

Volume

Volume

Volume

Backup
image
section

Backup
image
section

Backup
image
section

Backup
image

Data file 3
Backup
piece
Backup
image

Data file 4

Backup set
File-system
file

Library

Backup
image

Media family
...

Copyright 2009, Oracle. All rights reserved.

RMAN and Oracle Secure Backup


This slide shows the RMAN backup pieces and their relationship to volumes.
As previously seen: On the left side it shows data files on the OS level, how they relate to
RMAN image copies and backup pieces, and how these relate to OSB backup images. Filesystem files, which of course do not have and RMAN equivalent, relate directly to OSB backup
images.
The right side depicts that OSB backup images are stored as backup image section on a volume,
within a volume set, which belongs to a media family in a tape library.

Oracle Database 11g: Oracle Secure Backup 4 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

OS

RMAN
repository

OSB catalog

RMAN
EM

Administrative server

RMAN repository and OSB catalog must remain


synchronized.
RMAN CROSSCHECK command marks removed pieces as
expired.
RMAN DELETE EXPIRED command removes pieces from
RMAN repository.

Copyright 2009, Oracle. All rights reserved.

Media Management Expiration Troubleshooting Technique


It is not recommended, but you can remove backup pieces (an RMAN backup piece corresponds
to an Oracle Secure Backup backup image) with the Oracle Secure Backup Web tool or the
rmpiece command in the obtool utility. These commands remove the backup piece from the
Oracle Secure Backup catalog.
If you remove a backup piece outside of RMAN, you must use the RMAN CROSSCHECK
command to update the RMAN repository and have the removed backup pieces marked as
EXPIRED. Then you use the RMAN DELETE EXPIRED command to remove these backup
pieces from the RMAN repository.

Oracle Database 11g: Oracle Secure Backup 4 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Media Management Expiration


Troubleshooting Technique

Which are the parameters that RMAN passes via a database


storage selector to OSB?
1. Database name or ID
2. Copy number
3. Host unique name
4. Content type

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2, 4

Oracle Database 11g: Oracle Secure Backup 4 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which types of content may be associated with a storage


selector?
1. Archivelog
2. Tablespace
3. Datafile
4. Autobackup
5. Incremental

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 4, 5

Oracle Database 11g: Oracle Secure Backup 4 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 4 - 23

Oracle University and (Oracle Corporation) use only.

Quiz

Creating a media family for RMAN is mandatory:


1. True
2. False

The recommended retention policy for RMAN backups with


OSB is:
1. Recovery window
2. Redundancy
3. OSB management of retention

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 4 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Describe integrated disk and tape backup
Register the administrative Server in EM, a one-time task
Check RMAN backup and recovery settings
Create database backup storage selectors to pass
information between OSB and RMAN
Use time-managed expiration policies for file-system data
backups with OSB
Use content-managed expiration policies for database
backups with RMAN

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 4 - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Registering the administrative server in EM
Verifying connectivity to the libraries
Creating a database backup storage selector for your
database
Testing your tape backup
Verifying RMAN recovery settings
Note: Completing this practice is a prerequisite for the following
practices.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 4 - 26

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4 Overview:
Configuring RMAN for OSB

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Performing RMAN Backups and Restores

After completing this lesson, you should be able to:


Perform an OSB-encrypted RMAN backup to tape
Restore a data file from a tape backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 5 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Configuration
> Backup
Restore

Copyright 2009, Oracle. All rights reserved.

Scheduling Backups with EM


With the EM Database Control Console, you can schedule backups to disk, tape, or both:
1. To schedule a backup, click the Schedule Backup link on the Availability page.
2. On the Schedule Backup page, you can choose either the Oracle-suggested backup strategy,
or configure a customized backup.
In the screenshot shown in the slide, the Oracle-suggested strategy is chosen by clicking the
Schedule Oracle-Suggested Backup button. Regardless of whether you accept the suggested
backup method or devise your own, you can select the type of storage media to use for your
backups.
The Oracle-suggested backup strategy makes a one-time, whole-database backup, which is
performed online. This is a baseline incremental level 0 backup. The automated backup strategy
then schedules incremental level 1 backups for each following day.
By selecting Schedule Customized Backup, you gain access to a wider range of configuration
options. Select the objects that you want to back upthe whole database (the default) or
individual tablespaces, data files, archived logs, or any Oracle backups currently residing on the
disk (to move them to the tape).

Oracle Database 11g: Oracle Secure Backup 5 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Scheduling Backups with EM

Copyright 2009, Oracle. All rights reserved.

Oracle-Suggested Backup
On the Schedule Oracle-Suggested Backup: Destination page, select Disk, Tape, or Both Disk
and Tape. Your selection here (and other recovery settings, such as ARCHIVELOG enabled or
not), determines the options available to you on other pages of the Schedule Backup Wizard.

Oracle Database 11g: Oracle Secure Backup 5 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle-Suggested Backup

Copyright 2009, Oracle. All rights reserved.

Oracle-Suggested Backup (continued)


On the Schedule Oracle-Suggested Backup: Setup page, specify your disk and tape settings. (If
you have not yet configured a tape device, you receive an error.)
At the bottom of the page, you can specify RMAN encryption. If you use RMAN encryption, it
overrides Oracle Secure Backup encryption (and none of your OSB encryption settings will be
used).

Oracle Database 11g: Oracle Secure Backup 5 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle-Suggested Backup

Copyright 2009, Oracle. All rights reserved.

Oracle-Suggested Backup (continued)


On the Schedule Oracle-Suggested Backup: Schedule page, specify the backup start time.
On the Schedule Oracle-Suggested Backup: Review page, review parameters and the RMAN
script and click Submit Job.

Oracle Database 11g: Oracle Secure Backup 5 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle-Suggested Backup

RMAN and OSB Process Flow

5
RMAN

1
2

Administrative
server

3
OSB client:
Database server

Data being
backed up

Media server

Copyright 2009, Oracle. All rights reserved.

RMAN and OSB Process Flow


This graphic depicts the sequence of events in the RMAN and OSB process:
1. RMAN initiates backup. If RMAN is started from the Enterprise Manager (EM) interface,
then you must configure the administrative server in EM (a one-time task).
2. Oracle Secure Backup creates the backup job.
3. Oracle Secure Backup executes the job (transfers data from client to media).
4. Oracle Secure Backup updates its own catalog.
5. RMAN updates its repository.
Each backup and restore operation creates output both in RMAN and OSB.

Oracle Database 11g: Oracle Secure Backup 5 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

EM

Log
Backup
Restore

Job
ID
Type
Transcript

Job
summaries
Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Jobs


Each backup and restore operation creates a corresponding job. Each job has a unique ID, log,
and transcript (as shown in the graphic).
Job logs describe high-level events, such as:
- Job creation
- Job dispatch
- Completion times
Job transcripts describe the job details, such as:
- Created at the time of dispatch
- Updated as the job progresses
- Input requests, such as operator assistance required
There are two different job types:
Data set jobs for file-system backup or restore operations
Oracle backup jobs for database backup or restore operations
A job summary is a text file report produced by Oracle Secure Backup that describes the status
of selected file-system backup and restore jobs. Job summaries may be generated on a regular,
repeating basis and sent via email to users.

Oracle Database 11g: Oracle Secure Backup 5 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Jobs

Copyright 2009, Oracle. All rights reserved.

RMAN and Oracle Secure Backup Job Execution


To verify that your RMAN and Oracle Secure Backup job executed successfully, review:
Output Log (you can see how RMAN first uses the disk, then the tape)
EM Backup Reports (accessible from the EM Availability page)
If an error occurs during an SBT session, then Oracle Secure Backup attempts to send the error
description to the administrative server to be saved in the job transcript. The database writes
SBT errors to the sbtio.log trace file. Typically, sbtio.log is located in the
rdbms/log subdirectory of the Oracle home, but you can specify an alternative location.

Oracle Database 11g: Oracle Secure Backup 5 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN and Oracle Secure Backup Job Execution

Copyright 2009, Oracle. All rights reserved.

Managing Tape Backups


Use the Manage Current Backups page to search for and display a list of backup sets or backup
copies. You can then perform management operations on selected copies, sets, or files. You can
access this page from the Availability page.
The Manage Current Backups page displays both disk and tape backups, as shown in the slide.
Use the Search section to find backup sets or copies. For example, use the Status Available
and the Contents options (Datafile, Archived Redo Log, SPFILE, and Control File) and
Completion Time Within a month to filter the results list.
You can use Catalog Additional Files to catalog backup pieces on disk or to add metadata to the
RMAN repository when adding a new database to an RMAN recovery catalog.
You can ensure that data about backups in the recovery catalog or control file is synchronized
with the corresponding data on disk or in the media management catalog by performing the
Crosscheck All function and scheduling the operation as a job.

Oracle Database 11g: Oracle Secure Backup 5 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Database Tape Backups

Oracle Database 11g: Oracle Secure Backup 5 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Tape Backups (continued)


You can use the Delete All Obsolete function to remove backups that are obsolete or eligible for
deletion. You can use the function to create a job that removes the physical files, deletes the
recovery catalog records (if you use a catalog), and updates the records in the target control file
to the DELETED status. If the backup is stored on tape and managed by Oracle Secure Backup,
the Oracle Secure Backup catalog is also updated to indicate that the backup pieces are deleted.
You can create a job using the Delete All Expired function to remove expired records. First, use
the Crosscheck All function to determine whether backups recorded in the repository still exist
on disk or tape. If Enterprise Manager cannot locate the backups, then it updates their records to
the EXPIRED status. After that, you can use the Delete All Expired function to remove the
records.

Configuration
Backup
> Restore

Copyright 2009, Oracle. All rights reserved.

Performing Database Recovery


In Enterprise Manager, you can access the Perform Recovery page from the Availability page.
The Perform Recovery page enables you to perform various kinds of database recovery. You can
recover the whole database, a particular data file, or a tablespace. RMAN automatically retrieves
from backup all the files that are needed for the specified recovery operation, regardless of
whether the files were backed up to disk or tape.
If RMAN requests files from a previous backup that is stored on tape, Oracle Secure Backup
automatically determines which tape to use. If those tapes are not immediately available
(offsite), RMAN will wait for the resources as long as you specify.
You can specify RMAN resource wait times in the following locations, each of which overrides
the preceding specifications in the list:
1. The rmanresourcewaittime policy
2. The RMAN channel configuration parameter OB_RESOURCE_WAIT_TIME

Oracle Database 11g: Oracle Secure Backup 5 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performing Database Recovery

Copyright 2009, Oracle. All rights reserved.

RMAN Automatic Failover to Previous Backup


When you recover your database after a data loss, RMAN automatically selects the most
appropriate backup to restore. RMAN automatically switches to a previous backup if the most
recent backup is not available. This operation is totally transparent and is automatically done by
RMAN.
Failover from disk backups to tape backups is useful when you are using a Flash Recovery Area
with your Oracle database. The screenshot in the slide illustrates this situation, where the data
file backup was inadvertently deleted from the Flash Recovery Area. As you can see, RMAN
restored the data file using the next most recent backup, which was stored on tape by Oracle
Secure Backup. If you use tape backups exclusively in your environment and a backup or tape is
not available, then RMAN and Oracle Secure Backup can fail over to the next most recent
backup on tape.
Note: RMAN and Oracle Secure Backup work in tandem: RMAN performs the data file or
database recovery. Oracle Secure Backup restores the necessary files, if they are located on tape.

Oracle Database 11g: Oracle Secure Backup 5 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN Automatic Failover to Previous Backup

Oracle Secure Backup supports which types of jobs:


1. RMAN backup jobs
2. RMAN restore jobs
3. RMAN recover jobs

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2

Oracle Database 11g: Oracle Secure Backup 5 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Where can RMAN record the errors returned from OSB over
the SBT interface:
1. To $ORACLE_HOME/trace/sbtio.log by default
2. To /usr/local/oracle/sbtio.log by default
3. To another location specified by the DBA
4. To $ORACLE_HOME/rdbms/log/sbtio.log by default

Copyright 2009, Oracle. All rights reserved.

Answers: 3, 4

Oracle Database 11g: Oracle Secure Backup 5 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Perform an OSB-encrypted RMAN backup to tape
Restore a data file from a tape backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 5 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Performing an RMAN backup to tape (encrypted by Oracle
Secure Backup)
Restoring a data file from a tape backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 5 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5 Overview:
Performing OSB-Encrypted Backup and Restore

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Backing Up File-System Data


with Oracle Secure Backup

After completing this lesson, you should be able to:


Create datasets
Schedule file backups
Submit backup requests
Perform file-system backups

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 6 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Backing Up OS File Systems


with Oracle Secure Backup
Two ways of scheduling data backups of file systems with
Oracle Secure Backup:
On-demand backups
Scheduled backups

Two types of backups:


Full: All specified files
Incremental: Only files that have changed since the last
lower backup
Full
Up to nine levels
Backup level 0

Copyright 2009, Oracle. All rights reserved.

Backing Up OS File Systems with Oracle Secure Backup


You can back up file-system files in two different ways:
By creating on-demand (ad hoc or one-time-only) backup jobs and submitting them to the
Oracle Secure Backup scheduler (with the go option)
By using backup schedules, which define backup jobs that run at predetermined times. The
scheduler automatically initiates such jobs at a day and time that you specify.
With Oracle Secure Backup, you can create two types of backups:
Full backups: A full backup backs up all specified files, regardless of when they were last
backed up. This option is the same as backup level 0. You can also perform a type of full
backup, called an off-site backup, that does not affect the full or incremental backup schedule.
Incremental backups: There are nine different incremental backup levels. In each level, Oracle
Secure Backup backs up only those files that have changed since the last backup at a lower
(numerical) backup level. You can also instruct Oracle Secure Backup to back up only those
files that have been modified since the last backup, regardless of its backup level.
Note: The incr level backups are not supported on certain NAS devices, including Network
Appliance filers.

Oracle Database 11g: Oracle Secure Backup 6 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

File-System Backups

Set up media families.


Create datasets.
For scheduled backups: Create backup windows.
For repeating backups: Create schedule and triggers.
Create and execute backup requests.

Copyright 2009, Oracle. All rights reserved.

File-System Backups
After you have configured your administrative domain, you perform the following steps with Oracle
Secure Backup to create file-system file backups:
1. Log in as a UNIX, Linux, or Windows operating system user that has access to the files to be
backed up, and log in to Oracle Secure Backup with backup privileges.
2. Configure media families to help manage the volumes created by the backup operation, if you
have not done so already.
3. Create a dataset that identifies the hosts and files which you want to back up.
For scheduled backups, perform the following additional steps:
Create at least one backup window, if you need to restrict the hours during which backups can
be performed. If there are no restrictions, then you can use the default backup window.
Create a schedule for your backup job and add at least one trigger to this schedule.
For on-demand backups, perform the following additional steps:
Create one or more backup requests.
Send your backup requests to the scheduler. Doing so turns each backup request into a backup
job, making it eligible to run.
When you terminate your Oracle Secure Backup session, any backup requests that have not been
submitted are lost.

Oracle Database 11g: Oracle Secure Backup 6 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Your steps to back up your file system:

Copyright 2009, Oracle. All rights reserved.

Managing Media Families


From the EM Administrative Server page, you can click the link corresponding to the Media
Families number. This takes you to the Media Families page from where you have the options to add
a new media family. You can also select an existing media family, and edit or remove it.
To add a new media family, perform the following steps:
1. Enter a name for the media family in the Media Family Name field. Normally, this name will
appear as the prefix in each volume ID that uses this media family.
2. Enter a write-allowed time period in the Write window field (seconds, minutes, hours, days,
weeks, months, years). You can set the write window to a specific duration, such as 14 days or
three weeks. All volume sets that are members of the media family remain open for updates for
this period. If you do not specify a write window for a volume set, Oracle Secure Backup
considers the volume set eligible to be updated indefinitely.
3. Enter an amount of time to retain the volume in the Retain Time fields. Oracle Secure Backup
uses this to apply an expiration date to the volume set. If you intend to use this media family to
store RMAN backups, then select the Content Manages Reuse option.
4. Optionally, enter additional information in the Comment field.
5. Click OK to create your new media family.

Oracle Database 11g: Oracle Secure Backup 6 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Media Families

Dataset Examples

Textual
description
that defines which
files to back up
Examples
found in the
samples
usr1
directory

stc1

stc2

stc3

/
home

usr2

tmp

labs file1.tmp file2.txt

labs

usr3

usr4

labs

file1.temp file2.junk labs

tmp

Copyright 2009, Oracle. All rights reserved.

Dataset Examples
With Oracle Secure Backup, use datasets to describe the list of files that you want to back up.
A dataset is a textual description that tells Oracle Secure Backup which files to back up. Datasets
employ a lightweight language. This dataset language gives you great flexibility in building and
organizing datasets for the files that you want to protect.
The graphic illustrates the files that you can find on three different hosts. By using the dataset
defined in the next slide, you can back up the files in the graphic except those shown in dashed boxes
(file1.tmp for home/usr1, and directory tmp, file1.temp, and file2.junk
for home/usr4).
To familiarize yourself with the dataset language, review the samples subdirectory of your Oracle
Secure Backup home directory.

Oracle Database 11g: Oracle Secure Backup 6 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

# Dataset "common-exclusions":
exclude name tmp
exclude name *.tmp
exclude name *.temp
exclude name *.backup
# Dataset "application files":
exclude name *~
include path /home/usr1
include path /home/usr2
include host stc1
include host stc2
include host stc3 {
include dataset common-exclusions
include path /home/usr3
before backup optional "/etc/local/nfy '/usr3 begin'"
after backup optional "/etc/local/nfy '/usr3 end'"
include path /home/usr4 {
exclude name *.junk } }

Copyright 2009, Oracle. All rights reserved.

Dataset Examples (continued)


Oracle Secure Backup dataset language has the following characteristics:
Comments may appear anywhere following a comment sign (#).
Statements have the form: statement-name [statement-argument] where
statement-name may consist of multiple space-separated words, such as include path.
Some statements may begin a nested block, and statements within the block apply only to the
statement that began the block. These have the form: statement-name [statementargument]{ statement-name [statement-argument] ...}
An escape character, \, may appear anywhere to remove the special meaning of the character
following it.
Blank lines are ignored.
The slide shows you two datasets that can be used to back up the data shown in the previous slide.
The first script is used to exclude directories and files starting with tmp, *.tmp, *.temp, and
*.backup.
Note: The * wildcard can be used in datasets as long as the backup is of a regular file system, not an
NDMP filer.

Oracle Database 11g: Oracle Secure Backup 6 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Dataset Examples

When performing a normal (nondatabase) backup, you may want to skip files that would be included
in a database backup. Examples of such files include the database files themselves, control files, redo
logs, and flashback logs. To exclude these files, specify the exclude oracle files directive
in your dataset.
Note: For more information about the dataset language, refer to the Oracle Secure Backup
Administrators Guide.

Oracle Database 11g: Oracle Secure Backup 6 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Dataset Examples (continued)


The second script is used to back up the following data on hosts stc1, stc2, and stc3:
On stc1 and stc2: /home/usr1 and /home/usr2
On stc3: /home/usr1, /home/usr2, /home/usr3, and /home/usr4 except files
starting with tmp, *.tmp, *.temp, *.backup, and *.junk only for /home/usr4
When Oracle Secure Backup starts backing up data in /home/usr3 on stc3, it executes the
/etc/local/nfy executable. The same executable is also executed when Oracle Secure Backup
finishes its backup of /home/usr3.

Copyright 2009, Oracle. All rights reserved.

Creating Datasets
Using the Web Tool Interface
You can use the Oracle Secure Backup Web tool to create a dataset:
1. From the Home page, click the Backup tab in the menu bar.
2. On the Backup menu, click Datasets in the submenu under Settings. The Datasets page appears.
Dataset directories appear in the Path box with a slash as the last character in the name.
3. Click the Add button to create a new dataset. When you create a new dataset description, the
initial contents of the dataset are defined by a dataset template.
4. Select File or Directory from the Dataset type list. Like Windows and UNIX file systems, Oracle
Secure Backup datasets are organized in a naming tree. You may optionally create dataset
directories to help you organize your data definitions. Later, you will discover that when you
want Oracle Secure Backup to back up data, you identify the name of the dataset. If you give the
name of a dataset directory, it is equivalent to naming all the datasets contained within that
directory tree. Dataset directories may be nested up to 10 levels deep. By default, a dataset file is
created under the /admin/config/dataset directory.

Oracle Database 11g: Oracle Secure Backup 6 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating Datasets

ob> lsds
Top level dataset directory:
NEW_CLIENTS/
ob> cdds NEW_CLIENTS
ob> mkds --dir TEST
ob> cdds TEST
ob> mkds -i test1
Input the new dataset contents. Terminate with an EOF or a line
containing just a dot (".").
exclude name tmp
include path /u01/oracle/solutions
.
Apply your changes [yes]? y
ob> lsds
Dataset directory NEW_CLIENTS/TEST:
Test1

The obtool commands used for managing datasets are as follows:


cdds is used to navigate into the dataset directory structure.
pwdds is used to show you the current path in the dataset directory structure.
lsds is used to list the contents of the current dataset directory.
mkds is used to create both dataset directories and datasets. The --dir option is used for
directories. The i option is used to directly enter your dataset description text without the use
of any special editor. As shown in the example, the system asks you to enter your text and finish
it with a dot.
rmds is used to remove both directories and files. The --nq option is used to avoid any
confirmation before doing the removal.
Note: For more information about these obtool commands, refer to the Oracle Secure Backup
Reference.

Oracle Database 11g: Oracle Secure Backup 6 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating Datasets (continued)


Using the Web Tool Interface (continued)
5. In the Name field, enter a name for the dataset.
6. Update the dataset statements displayed in the template file to define your backup data. For
more information, see Dataset Examples, earlier in this lesson.
7. Choose one of the following:
- Click the Save button to accept your entries and return to the Datasets page.
- Click Cancel to abort the operation and move back one page.
If your dataset has errors, a message appears in the Status section. As you can see in the slide, you
also have the options to check, edit, rename, and remove datasets.
Using the obtool Interface
Similarly, you can manage your dataset directories and description files by using the obtool
interface. The example shown here first looks at the contents of the dataset directory, and then
creates the new directory TEST inside the existing NEWCLIENTS directory. Then, a new dataset
called test1 is created inside the TEST directory.

Copyright 2009, Oracle. All rights reserved.

Configuring Backup Windows


A backup window is a time range within which Oracle Secure Backup performs scheduled backup
jobs. You must have at least one backup window in order for scheduled backup jobs to run. You can
identify a single backup window that applies to all days of the week, or fine-tune backup windows to
specific weekdays or dates. A default backup window is always created, and is identified as daily
00:00-24:00.
Backup windows have a start time and an end time. Backups are eligible for execution after the start
time specified by a backup window. When the backup window end time arrives, Oracle Secure
Backup completes any backups that have already been started. No more backups are started until the
window opens again or a new window opens.
Perform the following steps to create a backup window by using the Oracle Secure Backup Web tool:
1. From the Backup menu, click Backup Windows in the submenu under Settings. The Backup
Windows page appears.
2. Click the Add button to add a new backup window. The Backup Window page appears.

Oracle Database 11g: Oracle Secure Backup 6 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Backup Windows

addbw { --times/-t time-range[,time-range]... }


day-specifier[,day-specifier]...
time-range: Represents a time-of-day range using the syntax start-time-end-time. For
example: 08:00:00-08:30:00 or 1430-14:35:30
day-specifier: Represents a range of time in terms of days using the syntax:
year/month/day | month/day | wday | wday-wday | weekday[s] |
weekend[s] | daily | today | yesterday
wday::=
sunday[s] | monday[s] | tuesday[s] | wednesday[s] |
thursday[s] | friday[s] | saturday[s]

If no backup windows are identified, then scheduled backups will not run. The default backup
window has a day-specifier of 'daily 00:00-24:00'.
Obtool commands for backup windows include:
addbw: To add a new backup window
chkbw: To check for the existence of a backup window
lsbw: To list backup windows
rmbw: To remove a backup window or specific time ranges
setbw: To change the settings of a backup window

Oracle Database 11g: Oracle Secure Backup 6 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Backup Windows (continued)


3. Select a backup window type from the Type field. Your choices are:
- Day range: If you select this option, refer to the Creating Backup Triggers section.
- Date: If you select this option, refer to the Oracle Secure Backup Administrators Guide.
4. Select a local time range (expressed in 24-hour format) from the Time range field. Oracle Secure
Backup will start scheduled backups during this time range. A time range is an interval specified
as <start time>-<end time>, where the start and end times are in the form
hour:minute:second. You can also use a four-digit hour-minute specifier (for example,
1430, which indicates 2:30 PM). The time range is based on the local time and takes into
account Daylight Savings Time, if it applies to your locale. If the end time precedes the start
time, Oracle Secure Backup assumes that the end time refers to the following day. For example,
20:0002:00 indicates 8:00 PM as the start time and 02:00 AM of the next day as the end time.
5. Select one of the following:
- Click OK to save your entries and exit the page. The Backup Windows page reappears.
- Click Cancel to void the operation and move back one page.
Using obtool for Backup Windows
Obtool has a group of commands that enable you to configure backup windows. A backup window
enables you to specify a time frame for the execution of scheduled backup operations. You can
identify a single backup window that applies to all days of the week or fine-tune backup windows
based on specific days or dates.
When you create a backup window, you specify the time and day range by using the following
syntax:

Copyright 2009, Oracle. All rights reserved.

Creating Backup Schedules


A backup schedule indicates to Oracle Secure Backup what data to back up and how to back it up.
Execute the following steps to create a schedule with the Oracle Secure Backup Web tool:
1. From the Backup menu, click Schedules in the submenu under Settings. The Schedules page
appears. Backup schedules appear in the Schedule name box in the central panel.
2. Click the Add button to add a new schedule. The New Schedules page appears.
3. Enter a name for the schedule in the Schedule field.
4. Enter a priority number for the backup job in the Priority field.
5. In the Datasets box, select one or more datasets to include in the backup job.
6. Optionally, select one or more restrictions in the Restrictions box. You can restrict scheduled
backups to specific devices.
7. Optionally, enter any information that you want to store with the backup schedule in the
Comments field.
Obtool commands for backup schedules include:
chsched: To change an existing backup schedule
lssched: To list backup schedules
mksched: To make a new backup schedule
rensched: To assign a new name to a schedule
rmsched: To remove a schedule
Oracle Database 11g: Oracle Secure Backup 6 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating Backup Schedules

Copyright 2009, Oracle. All rights reserved.

Creating Backup Triggers


To create triggers by using the Oracle Secure Backup Web tool, perform the following steps:
1. Navigate to Backup Schedules > Weekly Catalog backup > Triggers. The Triggers page appears
with the default setting of Day in the Trigger type field.
2. Using the Trigger type field, select a time representation for defining when to perform the
backup job. Your choices are:
- one time: To perform a backup only once
- day (default): To perform a backup one or more days during the week
- month: To perform a backup one day a month
- quarter: To perform a backup one day per quarter
- year: To perform a backup one day during the year
3. Select a backup level from the Backup level field. You can choose full, incr, offsite,
or an incremental level from 1 through 9.
4. Select the hour and minute to start the backup in the Backup at fields.
5. Select a media family to be used by this scheduled backup in the Media family field.
6. Optionally, choose an expiration time period in the Expire after fields (in seconds, minutes,
hours, days, weeks, months, years, or forever). If the scheduled backup is not started by this
time, it is deleted and not run at all.

Oracle Database 11g: Oracle Secure Backup 6 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating Backup Triggers

Oracle Database 11g: Oracle Secure Backup 6 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating Backup Triggers (continued)


7. Your selection in step 2 determines what screens you see. Here, it is supposed that the day
option is used. Select the days on which Oracle Secure Backup will run the scheduled backup.
Your choices are:
- Select daily: To trigger the schedule to run on all seven days of the week
- Select weekdays: To trigger the backup to run on weekdays only (Monday through Friday)
- Select weekends: To trigger the backup to run only on weekends (Saturday and Sunday)
- Alternatively, from both the Select weekdays and Select weekends fields, you can
select a mix of individual days on which you can trigger scheduled backups to run (for
example, Monday, Tuesday, and Saturday at 8:00 AM).
8. Optionally, select an option from the Week in month group. This option enables you to limit
which week in the month the backup schedule will run. Your choice are:
- All: This includes all weeks.
- Selected (First, Second, Third, Fourth, Fifth, and Last): This enables you to specify the
week to include.
9. Optionally, specify weekday exceptions from the Except list. An exception prevents Oracle
Secure Backup from backing up data on the day that you specify. Your choices are:
- none (default): To disable an exception
- except: To enable an exception
10. Select a value from the Time list. Your choices are:
- before: To enable you to specify an exception before a specified day
- after: To enable you to specify an exception after a specified day
11. Select values from the Specify day fields. From the first field, your choices are none, first,
second, third, fourth, and last. From the second field, your choices are Monday, Tuesday,
Wednesday, Thursday, Friday, Saturday, and Sunday.
12. Click one of the following:
- Add, to accept your entries and add the trigger
You are returned to the Triggers page with a success message. The schedule is displayed in
the Triggers field. The schedule displays the level of the backup, the time at which it is to
begin, and the days on which the backup is to be performed.
- Edit, to modify the trigger
- Remove, to delete the trigger
- Cancel, to void the operation and move back one page
Note: In the slide, you can see how to create a trigger at the day level. For the other levels, refer to
the Oracle Secure Backup Administrators Guide.

Copyright 2009, Oracle. All rights reserved.

Previewing a Backup Trigger


To preview a backup trigger by using the Oracle Secure Backup Web tool:
Navigate to Backup > Schedules, select a schedule, and click Edit > Triggers > Preview.
Note: Oracle Secure Backup 10.2 has a predefined OSB-CATALOG-DS schedule to back up your
OSB catalog. Because this daily backup should not be encrypted, the Encryption parameter is set to
No.

Oracle Database 11g: Oracle Secure Backup 6 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Previewing a Backup Trigger

Copyright 2009, Oracle. All rights reserved.

Creating On-Demand Backup Requests


To create an on-demand backup request with the Oracle Secure Backup Web tool, perform the
following steps:
1. From the Backup page, click Backup Now in the submenu under the Operations section. The
Backup Now page appears. In the backup box in the central panel, each backup request that you
have created but have not yet sent to the scheduler is displayed. Backup requests are identified
by a backup name and number.
2. To create a new backup, click the Add button. The Options page appears.
3. Select one or more datasets from the Datasets box.
4. Optionally, select a future date and time for the backup to run from the Backup date and
Backup time fields. If you leave these fields unchanged, Oracle Secure Backup considers
your backup job immediately available for execution.
5. Optionally, enter an expiration time in the Expire after field. Do this if you want Oracle
Secure Backup to automatically delete this backup job if it has not started within the specified
expiration period after the date and time intervals defined earlier in the Backup date and
Backup time fields.
6. Select a backup level from the Backup level field. Your choices are: full (default), 1 to 9, incr,
and offsite.

Oracle Database 11g: Oracle Secure Backup 6 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating On-Demand Backup Requests

Oracle Database 11g: Oracle Secure Backup 6 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating On-Demand Backup Requests (continued)


7. Select a media family to which the data of this backup should be assigned from the Media
family field.
8. Optionally, select one or more device restrictions from the Restrictions field. Oracle Secure
Backup enables you to restrict backups to one or more of the following:
- A specific tape drive, displayed as devicename
- Any tape drive attached to a specific host, displayed as @hostname
- Any tape drive-host attachment, displayed as devicename@hostname
If you do not set a restriction (the default), your backup job will use any available device at the
discretion of Oracle Secure Backup scheduling system.
9. Optionally, change the priority of the backup job in the Priority field. The default is 100. The
priority of a job is a positive integer value. The lower this value, the greater the priority
assigned to the job by the scheduler. It considers priority 20 jobs, for example, more important
than priority 100 jobs. The scheduler always gives preference to dispatching higher priority
jobs over lower priority ones.
10. Choose whether you want the backup to operate in unprivileged or privileged mode.
Unprivileged mode is the default. An unprivileged backup runs under your UNIX user identity
or Windows account identity, as configured in your Oracle Secure Backup user profile. Your
access to file-system data, therefore, is constrained by the rights of the UNIX user or Windows
account having that identity. On UNIX systems, a privileged backup runs under the root user
identity. On Windows systems, it runs under the same account identity as the Oracle Secure
Backup service on the Windows client.
11. Choose one of the following:
- Click OK to accept your selections. When you do so, Oracle Secure Backup displays this
backup request in the list box on the Backup Now page.
- Click Cancel to void the operation and move back one page.

Copyright 2009, Oracle. All rights reserved.

Submitting Backup Requests


To send backup requests to the scheduler, perform the following steps in the Oracle Secure Backup
Web tool:
1. From the Backup menu, click Backup Now in the submenu under Operations. The Backup Now
page appears.
2. Click the Go button. Oracle Secure Backup sends each backup request that appears in the
Number/Dataset central panel to the scheduler. A message appears in the status section for each
request acknowledged by the scheduler.
Oracle Secure Backup deletes each backup request upon its acceptance by the scheduler. As a
result, the Number/Dataset central panel is empty upon completion of the Go operation.
3. To view the status of your job, go to the Manage page and click the Jobs link. On the Jobs page,
click the Show Transcript button to see the output of your job.

Oracle Database 11g: Oracle Secure Backup 6 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Submitting Backup Requests

Copyright 2009, Oracle. All rights reserved.

Reviewing Jobs
On the Manage: Jobs page in the Oracle Secure Backup Web tool, you can view a list of jobs
according to your selection criteria. For more details, click a job (it is highlighted), then click Show
Properties or Show Transcript.

Oracle Database 11g: Oracle Secure Backup 6 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Reviewing Jobs

File-system backups should use time-managed media families:


1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 6 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which are required for all backups of OS files with OSB?


1. Media families
2. Datasets
3. Backup windows
4. Backup schedule
5. Backup triggers

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2

Oracle Database 11g: Oracle Secure Backup 6 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Datasets are the actual backups of files produced by OSB:


1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 6 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Create datasets, which are scripts to define OS files for
backups
Schedule file backups to be performed in predefined time
windows
Submit backup requests
Perform file-system backups

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 6 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Creating a dataset
Scheduling a backup of the dataset
Note: The completion of this practice is a prerequisite for the
following practice, Restore File-System Data.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 6 - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6 Overview:
Backing up File-System Data

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Restoring File-System Backups


with Oracle Secure Backup

After completing this lesson, you should be able to:


Browse the catalog for file-system backup data
Create catalog-based restore requests
Perform file-system restoration

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 7 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Copyright 2009, Oracle. All rights reserved.

Browsing the Catalog for File-System Backup Data


The administrative server maintains a catalog in which it stores metadata relating to backup and
restore operations for the administrative domain. Oracle Secure Backup maintains a discrete backup
catalog for each client in your administrative domain.
When you browse a backup catalog, Oracle Secure Backup presents the data in the form of a filesystem tree, just as it appeared on the client from which the data was saved. For example, if you
backed up the /home/myfile.dat file located on myhost, the backup catalog for myhost
represents the contents of the backup image as /home/myfile.dat.
At the root of the backup catalog is the superdirectory, which contains all files and directories saved
from the uppermost file-system level. The superdirectory provides you with a starting point from
which to access every top-level file-system object stored in the backup catalog. For Windows clients,
this superdirectory contains the drive identifiers, such as C:.

Oracle Database 11g: Oracle Secure Backup 7 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Browsing the Catalog for


File-System Backup Data

Restoring File-System Data


Restoring the needed files is easily accomplished using
the Oracle Secure Backup catalog, which offers:
Tree-style browsing of all backups
Multiple query options for fast identification of needed files

You can restore files to the original location or to an


alternative location.
The end-user restore ability is based on user-level
permissions.

OSB automatically recalls tapes located at alternate locations for


the restore operation. (The Restore job remains in a pending
state until tapes are returned to an accessible tape device.)

Fast restoration from tape is accomplished by using tape


position data obtained during backup.
Copyright 2009, Oracle. All rights reserved.

Restoring File-System Data


You can gain practical experience with this during the practice session.

Oracle Database 11g: Oracle Secure Backup 7 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Two ways to restore data:


Catalog-based restore operation: Based on catalog backup
history
Directly from media: Based only on the data contained in
the volumes
Referred to as a RAW restore and is not commonly used
Recommended only for advanced users

Copyright 2009, Oracle. All rights reserved.

Restoring File-System Files with Oracle Secure Backup


With Oracle Secure Backup, you can restore data in two different ways:
By browsing backup catalogs for the file-system objects of interest. After you have located their
names and selected the instances to restore, you can direct Oracle Secure Backup to perform the
restore operation. This is called catalog-based restore.
By knowing the names of the file-system objects of interest and the secondary storage location
(volume ID and backup image file number) in which they are stored. This is called raw restore.
For more information about raw restore operations, see the Oracle Secure Backup
documentation.

Oracle Database 11g: Oracle Secure Backup 7 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Restoring File-System Files with


Oracle Secure Backup

Copyright 2009, Oracle. All rights reserved.

The Restore Page


You can use the Oracle Secure Backup Web tool to restore your saved files. You do this from the
Restore page. To access the Restore page from the Web tool Home page, click the Restore tab on the
menu bar.

Oracle Database 11g: Oracle Secure Backup 7 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

The Restore Page

Copyright 2009, Oracle. All rights reserved.

Listing All File-System Backups of a Client


Perform the following steps to list all backups of a client by using the Oracle Secure Backup Web
tool:
1. From the Restore: Backup Catalog page, select any host from the Hosts Name list.
2. Click Browse Host. Oracle Secure Backup displays the Browse Host page.
3. Drill down to the file or directory for which you want to display the available backups. Click the
List Host Backups button. A properties page appears. Click the Close button when you have
finished viewing this window.

Oracle Database 11g: Oracle Secure Backup 7 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Listing All File-System Backups of a Client

Copyright 2009, Oracle. All rights reserved.

Creating a Catalog-Based Restore Request


To browse a backup catalog for data restore operation, perform the following steps:
1. From the Web tool Home page, click the Restore tab on the menu bar. The Restore page
appears.
2. On the Restore page, click the Backup Catalog link in the Operations section.
3. On the Restore: Backup Catalog page, select the client from which the data was originally saved
in the Host Name list.
4. Select one or more data selectors from the Data Selector list box.
5. Select a View mode: Inclusive or Exact.
6. Optionally, enter the path name of the directory that you want to browse in the Path field. If you
do not do this, Oracle Secure Backup displays the uppermost directory that it has backed up for
the selected client.
7. Click Browse Host. Oracle Secure Backup displays the Browse Host page with the selected
directory displayed.

Oracle Database 11g: Oracle Secure Backup 7 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating a Catalog-Based Restore Request

Copyright 2009, Oracle. All rights reserved.

Creating a Catalog-Based Restore Request (continued)


8. On the Browse Host page, click a directory name to make it your current directory and view its
contents. You can repeat this operation many times to find the data that you want to restore.
You can choose a directory to restore (and all its contents), or you can choose to restore
individual files.
9. You can change the Data selector, and then click Apply to redisplay the page.
10. You can also change the View mode without leaving this page.
11. Select the check box next to the name of each file-system file or directory that you want to
restore. Doing so creates an Oracle Secure Backup restore request for each instance of the file
identified by the data selector.
To learn the identity of those instances, view the object property page by clicking the adjacent
Properties button. When you do, Oracle Secure Backup displays a pop-up window. After you view
the pop-up window, click Close.

Oracle Database 11g: Oracle Secure Backup 7 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating a Catalog-Based Restore Request

Copyright 2009, Oracle. All rights reserved.

Creating a Catalog-Based Restore Request (continued)


12. On the Browse Host page, after you have selected the objects that you want to be restored, click
the Add button. The New Restore page appears.
13. Optionally, enter an alternative path name for each file or directory to restore. The original path
name of each object that you previously selected appears in the lower-left portion of this page.
To its right is a text box in which you can enter the alternative path name. If you leave this
blank, Oracle Secure Backup restores the data using its original name.
14. Optionally, select the Device option and select a tape drive to use to perform the restore
operation. By default, Oracle Secure Backup automatically selects the tape drive to use.
15. Select your restore mode. Unprivileged mode is the default. An unprivileged restore operation
runs under your UNIX user identity or Windows account identity, as configured in your Oracle
Secure Backup user profile. The privileged mode uses the root or administrator
accounts. (You must have appropriate rights to choose this option.)
16. Optionally, enter one or more obtar options in the Obtar option(s) field. For example,
-J enables debug output and provides a high level of detail in the job transcript. For details
about obtar options, refer to the Oracle Secure Backup Reference.

Oracle Database 11g: Oracle Secure Backup 7 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating a Catalog-Based Restore Request

Oracle Database 11g: Oracle Secure Backup 7 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating a Catalog-Based Restore Request (continued)


17. Select the No high speed positioning check box if you do not want to use the available
position data to speed up the restore operation.
18. Select the NDMP incremental restore check box to direct certain NAS data servers to apply
incremental restore rules. Typically, recoveries are additive: each file and directory restored
from a full or an incremental backup is added to its destination directory. When you select
NDMP incremental restore, NAS data servers that implement this feature restore each directory
to its exact state as of the last incremental backup image applied during the restore job. Files
that were deleted before the last incremental backup are deleted by the NAS data service upon
restore of that incremental backup.
19. Select Replace existing files to overwrite any existing files with those restored from the
backup image. Alternatively, select Keep existing files to keep any existing files instead of
the default overwriting them with files from the backup image.
20. If you are restoring to a Windows system, select Replace in use files to replace in use files
with those from the backup image. Windows deletes each in use file when the last user closes
it. Alternatively, select Keep in use files to leave any in use Windows files unchanged.
21. Click OK. Oracle Secure Backup displays the Browse Host page. The restore request you just
made appears in the Restore items list. Oracle Secure Backup displays the message, Success:
file(s) added to restore list in the status area.

Copyright 2009, Oracle. All rights reserved.

Submitting Restore Requests


Submitting a restore request initiates the creation of an Oracle Secure Backup job.
Perform the following steps to send catalog-based restore requests to the scheduler by using the
Oracle Secure Backup Web tool:
1. From the Browse Restore Catalog page, select any host from the Hosts Name list.
2. Click Browse Host. Oracle Secure Backup displays the Browse Host page.
3. Click Go. The Web tool sends each restore request that appears in the Restore items list box
to the scheduler. A message appears in the status area for each request acknowledged by the
scheduler. It can say, for example: 2 catalog restore request items
submitted; job id is admin/2. Oracle Secure Backup deletes each restore request
upon its acceptance by the scheduler. As a result, the Restore items list is empty upon
completion of the Go operation.
4. To view the status of your job, go to the Manage page, and click the Jobs link. On the Jobs
page, select restore in the Types field, and click Apply. You can see the output of your job.

Oracle Database 11g: Oracle Secure Backup 7 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Submitting Restore Requests

When performing a restore operation, Oracle Secure Backup


will by default overwrite or replace existing files:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 7 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Files can be restored to either the original location or


elsewhere:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 7 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Restoring OS file data with Oracle Secure Backup can be done:


1. Using a catalog-based restore operation
2. Directly from the media
3. Using RMAN
4. Using the dd command

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2

Oracle Database 11g: Oracle Secure Backup 7 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Browse the catalog for file-system backup data
Create catalog-based restore requests
Perform file-system restoration

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 7 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

Practice 7 Overview:
Restoring File-System Data

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 7 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

This practice covers performing a file-system restore operation.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Managing Your Oracle Secure Backup


Domain

After completing this lesson, you should be able to:


Describe Oracle Secure Backup processes
Configure defaults and policies
Browse primary Oracle Secure Backup catalogs
Perform preconfigured catalog backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 8 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

> Daemons
Policies
Catalogs

Client

Administrative server

Media server

observiced

obscheduled

observiced

obproxyd

observiced

obrobotd

obhttpd

obndmpd

obixd

obproxyd

obproxyd

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Processes: Daemons


To oversee data protection activities among diverse hosts, devices, and databases, you define
an administrative domain. There must be one and only one administrative server for each
administrative domain.
The administrative server includes:
Oracle Secure Backup catalog, a directory structure with host-specific subdirectories. This
means, the contents vary depending on the roles you assign to the host. An administrative
server has the central catalog with configuration and metadata.
Daemons (or services), which are processes that run in the background and perform OSB
operations on behalf of an application
Some daemons run continually; others run only to perform specific work and then exit when
they have finished. The Oracle Secure Backup daemons actively participate in managing
backup and restore operations:
observiced daemon: On the administrative server, this daemon runs jobs (such as
backup and restore operations) at the request of the obscheduled daemon, cleans up
old log files and transcripts, and provides access to Oracle Secure Backup configuration
data to other hosts in the domain.

Oracle Database 11g: Oracle Secure Backup 8 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Processes: Daemons

Oracle Database 11g: Oracle Secure Backup 8 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Processes: Daemons (continued)


observiced daemon (continued)
The observiced daemon starts the obscheduled daemon and the Web server
during initialization. When running on a client or media server, observiced is
primarily responsible for invoking Oracle Secure Backup programs in response to a
request from the administrative server. On all hosts, the observiced daemon is usually
started as part of system startup and runs continually. On UNIX and Linux, startup is
usually performed through entries in /etc/init.d, whereas on a Windows host, the
observiced daemon is started by the Service Control Manager.
obscheduled daemon: This daemon initiates scheduled events and manages jobs. The
daemon receives job creation requests from obtool users and from the SBT interface in
response to RMAN commands.
obixd daemon: This daemon manages the backup catalog. One instance of this daemon
runs for each client whenever the contents of that clients catalog must be read or updated.
Apache Web server daemon (obhttpd): This daemon provides the Web tool GUI for
Oracle Secure Backup.
obndmpd daemon: This daemon implements the NDMP tape service and provides
media services to remote clients. It is launched by the observiced daemon in response
to client requests to open a channel to a tape drive that is not locally connected to the
client.
obrobotd daemon: This daemon is launched by the observiced daemon in response
to requests to manipulate tapes in a tape library. One instance of this daemon runs for
each tape library whenever the services of that tape library are required.
obproxyd daemon: This daemon verifies user access for SBT backup and restore
operations. The proxy daemon runs on the host that contains the SBT library accessed
during the operations. The invocation of the proxy daemon is platform specific. The proxy
daemon uses the operating system user identity of the process invoking the SBT library
and the local host name to determine the Oracle Secure Backup user account for the
backup operation. If a preauthorization exists for this OS user and host, and if the
associated Oracle Secure Backup user is permitted to perform RMAN backups, then the
login to Oracle Secure Backup is permitted.
On a host running the Windows operating system, only the observiced daemon runs as a
Windows service. The other Oracle Secure Backup daemons do not run as services.

Copyright 2009, Oracle. All rights reserved.

Managing Common Daemon Operations


Oracle Secure Backup daemons respond to a common set of control commands. Sending
control commands to daemons is an infrequently performed task that you would typically
perform only under the guidance of Oracle Support Services.
The daemon control commands are:
dump: To direct the daemon to dump internal state information into its log file
reinitialize: To direct the daemon to reread configuration data from the file
system
debugon: To direct the daemon to generate extra information to its log file
debugoff: To cancel a previous debugon command. This is the default state.
To send a command to a daemon, perform the following steps:
1. From the Web tool Home page, click the Manage tab.
2. From the Manage page, click the Daemons link in the Maintenance section.
3. On the Daemons page, select a daemon from the Type list.
4. From the Host list, select the host on which the daemon is running.
5. Select a command from the Command list.
6. Click Apply to accept your selections.

Oracle Database 11g: Oracle Secure Backup 8 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Common Daemon Operations

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 8 - 6

Oracle University and (Oracle Corporation) use only.

Quiz

All OSB daemons run continuously:


1. True
2. False

Daemons
> Policies
Catalogs

For the ease of management (of simple and complex


environments):
Policy settings for devices, catalog indexing, log
management, and general backup and recovery
operations
Email notification of system events and reports
Policies that control the behavior of daemons and services
NDMP Data Management Agent (DMA) defaults
Policies that control aspects of domain security

Copyright 2009, Oracle. All rights reserved.

Managing Defaults and Policies


Defaults and policies are configuration data that control how Oracle Secure Backup operates
within an administrative domain. The data is maintained on the administrative server.
Oracle Secure Backup is preconfigured with a set of defaults and policies for fast deployment
in most environments. Oracle Secure Backup policies are grouped into several policy classes.
Each policy class contains policies that describe a particular area of Oracle Secure Backup
operations:
Daemon policies
Device policies
Index policies
Log policies
Media policies
Naming policies
NDMP policies
Operations policies
Scheduler policies
Security policies
Testing policies
Oracle Database 11g: Oracle Secure Backup 8 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Defaults and Policies

1
3

Copyright 2009, Oracle. All rights reserved.

Configuring Oracle Secure Backup Policies


To modify the policies settings by using the Web tool, perform the following steps:
1. From the Configure page, select Defaults and Policies.
2. Click the name of the policy that you want to modify.
3. Make any required changes.
4. Choose one of the following:
- Click Apply to remain in this page.
- Click OK to save the changes and return to the Configure page.
- Click Cancel to avoid the operation and move back one page.
5. Operations example: You can set operation policies to specify the following:
- Whether Oracle Secure Backup updates backup history data every time a client host
is backed up
- Whether Oracle Secure Backup creates volume and backup image labels for a new
backup image whenever it backs up data
- Whether Oracle Secure Backup performs block-level verification after each backup
section is completed
- Additional options to apply to scheduler-dispatched backup and restore operations,
such as enabling diagnostic output mode with the obtar -J option
Oracle Database 11g: Oracle Secure Backup 8 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring Oracle Secure Backup Policies

Daemons
Policies
> Catalogs

File-system metadata: indices.cur

Piece catalog: sbtpiece.dat and sbtpiece.idx

Volumes catalog: volumes.dat and volumes.idx 3


Backup sections catalog: archives.dat and
archives.idx

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup: Backup Metadata Catalogs


The Oracle Secure Backup catalog is a collection of backup metadata catalogs and
configuration files. They are centrally located on the administrative server in a hierarchical file
system under the OSB_Home directory. The following are the four primary catalogs:
1. File-system backup metadata is stored for each client in the indices.cur catalog (also
known as the index database). Thus, if the administrative server has 100 clients, it has
100 indices.cur files. The indices.cur file is located in the
/usr/local/oracle/backup/admin/history/host/host_name directory.
2. Oracle database backup piece metadata is stored in the sbtpiece.dat and
sbtpiece.idx files.
3. A listing of all tapes that contain backups registered with the Oracle Secure Backup
catalog, is stored in the volumes.dat and volumes.idx files. When a tape is
overwritten, the volumes catalog is immediately updated.
4. Information about backup sections is stored in the archives.dat and
archives.idx files. This is important when a backup spans multiple volumes.
The last three catalogs are located in the
/usr/local/oracle/backup/admin/state/general/ directory.

Oracle Database 11g: Oracle Secure Backup 8 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup:


Backup Metadata Catalogs

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup: Backup Metadata Catalogs (continued)


After volumes have been overwritten or unlabeled, the backup metadata is no longer needed.
The index daemon automatically removes this backup metadata from the catalog at the interval
set by the indexcleanupfrequency index policy (default is 21 days).

Oracle Database 11g: Oracle Secure Backup 8 - 10

Oracle Secure Backup: Directory Structure

OSB_HOME directory

admin

config
history
log
state

apache

conf
htdocs
images
logs
modules

bin

lib

device

help

tools.linux32

man

etc

.drv.linux32

samples

Administrative server

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup: Directory Structure


The Oracle Secure Backup home directory is created on every host where you install Oracle
Secure Backup, although the contents of the directory vary depending on the roles that you
assigned to the host. The slide shows the installed directories for an administrative server on a
Linux operating system. The directories in the dashed box contain executable files, or
information related to storage devices. They are: bin, etc, device, lib,
tools.linux32, and .drv.linux32. Not shown in the slide are the following directories:
.bin.linux32, .etc.linux32, and .lib.linux32.
Oracle Secure Backup maintains its own centralized catalog on the administrative server. The
Oracle Secure Backup catalog contains all the information used to define your configuration,
and also metadata relating to your backup and restore operations. Oracle Secure Backup
organizes its catalog in a hierarchical way. The admin directory contains the administrative
domain catalogs.

Oracle Database 11g: Oracle Secure Backup 8 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

/usr/local/oracle/backup

Preconfigured catalog backup with the following elements:


OSB-CATALOG-MF media family: All catalog backups will
be written to same tapes.
OSB-CATALOG-SUM job summary: Daily reports are
emailed to users showing status of catalog backup
OSB-CATALOG-DS dataset: All directories and files of the
OSB catalog are defined for the file-system backup.
OSB-CATALOG-SCHED schedule: The schedule
determines the timing for the catalog backup.
For you to do:
Edit the OSB-CATALOG-SCHED trigger to specify the
backup time.

Copyright 2009, Oracle. All rights reserved.

Backing Up the Catalog


The primary catalog backup configuration settings have been defined. Only one step remains
which requires user intervention: Edit the OSB-CATALOG-SCHED trigger specifying when
the backup should be performed.

Oracle Database 11g: Oracle Secure Backup 8 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Backing Up the Catalog

Manual Catalog Backup

Oracle Secure Backup home directory


The /etc/obconfig file
The /usr/etc/ob directory

2. Create a backup request, either on-demand or scheduled.


3. Submit the backup request to the scheduler.
4. Store the volume set in a known location.

Copyright 2009, Oracle. All rights reserved.

Manual Catalog Backup


If you do not want to use the preconfigured recommended catalog backup specifications, you
can create your own with the above steps.
You will need the catalog backup only in unusual, difficult circumstances, so you should make
special provisions when storing the backup, such as:
Storing the volume set in a known location so that the tapes can be retrieved without
having to look up which volumes were used to store the backup
Configuring the operations/backupoptions policy to use the -v option (if you
configured a scheduled backup). This generates a full transcript and lists all the files that
are backed up. Then, save the transcript along with the tapes. For additional protection,
you can back up the /usr/etc/ob directory, which is the job transcript directory.
You may also want to save a copy of the SCSI parameters used to create the device special
files for your tape devices. This can help you to reconfigure the tape devices during disaster
recovery of your administrative server. The parameter specifications should be saved along
with the volumes that contain the catalog backup.

Oracle Database 11g: Oracle Secure Backup 8 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

1. Create a dataset that includes:

How many indices.cur files exist containing file-system


metadata?
1. One for each directory on each client
2. One for each client
3. One for each file system on each client
4. One for each media server

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 8 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

What should be contained in the backup of the OSB catalog?


1. The OSB home directory
2. The /etc/obconfig file
3. The /usr/local/oracle directory
4. The /usr/etc/ob directory

Copyright 2009, Oracle. All rights reserved.

Answers: 1, 2, 4

Oracle Database 11g: Oracle Secure Backup 8 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Describe Oracle Secure Backup processes
Configure defaults and policies
Browse primary Oracle Secure Backup catalogs
Perform preconfigured catalog backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 8 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the topic of backing up the Oracle Secure


Backup catalog data and critical files.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 8 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8 Overview:
Performing a Preconfigured OSB Catalog Backup

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Managing the OSB Infrastructure

After completing this lesson, you should be able to:


Manage clients
Manage media servers (tape devices and libraries)
Manage volumes

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 9 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

> Clients
Media Serv.
- Devices
- Libraries
Volumes
Jobs

Copyright 2009, Oracle. All rights reserved.

Managing Clients
Adding Clients may be your most common management task. You can perform it with the
mkhost obtool command or the OSB Web tool.
1. In the Web tool, click Configure, and then click Hosts.
2. Select the Suppress communication with host check box if you want to add a (standalone) server to the administrative domain.
3. Click the Add button. Then enter a host name of your choice in the Host field. The name
must be unique among all Oracle Secure Backup host names.
4. Optionally, enter one IP interface name in the IP Interface name(s) field. If you leave
this blank, OSB uses the name of the host (step 3) as the resolvable IP name for the host.
5. Select a status from the Status field. Your choices are:
- In service: Indicates that the server is logically available for backup and restores
- Not in service: Indicates that the server is unavailable
6. Select one or more administrative domain roles for the host from the Roles field.
7. Select an access method for the host (if applicable) from the Access method field. Your
choices are: ob or NDMP.
Removing hosts from your administrative domain, includes that:
The backup catalog is also removed.
The key store remains, so that your backups from that host remain valid.
Oracle Database 11g: Oracle Secure Backup 9 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Clients

Copyright 2009, Oracle. All rights reserved.

Adding Media Servers


From the Administrative Server page, you can click the link corresponding to the number of
configured Media Servers in the administrative domain.
This takes you to the Media Servers page from which you can manage your media servers. On
the Media Servers page, click Add to add a new media server to your administrative domain.
To configure a new media server on the Add Media Server page, perform the following steps:
1. Select the Suppress communication with host check box if you want to add a host to the
administrative domain that is not yet connected to the network.
2. Enter the name by which you want to refer to the host in the Name field. The host name
that you choose must be unique among all Oracle Secure Backup host names.
3. Optionally, enter one IP interface name in the DNS Hostname(s) or IP Address(es)
field. If you leave this blank, Oracle Secure Backup uses the name you assigned to the
host in step 2 as the resolvable IP name for the host.

Oracle Database 11g: Oracle Secure Backup 9 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Adding Media Servers

Clients
> Media Serv.
- Devices
- Libraries
Volumes
Jobs

Note: For more information about how to manage media servers within Oracle Secure
Backup, refer to the Oracle Secure Backup Administrators Guide.

Oracle Database 11g: Oracle Secure Backup 9 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Adding Media Servers (continued)


4. Select a status from the Status field. Your choices are:
- In Service: Indicates that the server is logically available to perform backup and
restore operations
- Not In Service: Indicates that the server is logically unavailable to perform backup
or restore operations
5. Select an access method for the host (if applicable) from the Access Mode field. Your
choices are:
- Native: The host contains a local installation of Oracle Secure Backup.
- NDMP: The host is accessed through the Oracle Secure Backup RPC protocol (plus
NDMP) or solely through Network Data Management Protocol (NDMP).
6. Click OK.

Communicate via NDMP


Do not require installation of Oracle Secure
Backup software on the NAS appliance
Support local data transfer (from file server directly to and
from tape drives) with simultaneous central management
May be a client or media server but not an administrative
server

Copyright 2009, Oracle. All rights reserved.

NAS Devices
The Network Data Management Protocol (NDMP) defines a common architecture for backups
of heterogeneous file servers on a network. NDMP allows administrators to back up data using
any combination of compliant networkattached servers, backup devices, and management
applications. With NDMP, network congestion is minimized because the data path and control
path are separated. Backups can occur locallyfrom file servers directly to tape drives
whereas management occurs centrally.
NDMP is commonly used by NAS devices, which are also known as filers, to perform backup
and restore operations without requiring an Oracle Secure Backup installation on the
appliance. The filer communicates with the backup software through NDMP. This model is
very different from the classic backup model, which requires the installation of an agent or
backup software component on each host to communicate and perform backup and restore
operations as directed by the backup software server.
For supported NAS devices, see Certify on My Oracle Support.

Oracle Database 11g: Oracle Secure Backup 9 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

NAS Devices

Clients
Media Serv.
> - Devices
- Libraries
Volumes
Jobs

Copyright 2009, Oracle. All rights reserved.

Adding NDMP Media Servers


If you select NDMP in the Access Mode field on the Add Media Server page, you must also
specify the following additional options for your new host:
1. Select an authentication type from the Authentication Type field. The authentication type
defines the way in which Oracle Secure Backup authenticates itself to the NDMP server.
Typically, you should use the negotiated default setting. Your choices are:
- default: Uses the value of the Authentication type for the NDMP policy
- none: Attempts to use the NDMP server from Oracle Secure Backup without
providing authentication data (this is usually unsuccessful)
- negotiated: Instructs Oracle Secure Backup to negotiate with the NDMP server to
determine the best authentication mode to use
- text: Uses plain (unencrypted) text to authenticate
- md5: Uses the MD5 digest algorithm to authenticate
2. Enter a username in the Username field. The username is used to authenticate Oracle
Secure Backup to this NDMP server.
3. Other NDMP settings that you can enter on this page include: password, backup type,
protocol version, and port. Enter the values which are appropriate for your environment.

Oracle Database 11g: Oracle Secure Backup 9 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Adding NDMP Media Servers

Copyright 2009, Oracle. All rights reserved.

Adding Devices
You can add new devices in one of two ways:
By automatically discovering them. Oracle Secure Backup can automatically discover and
configure secondary storage devices connected to certain types of NDMP servers, such as
Network Appliance filers.
By adding them manually to define devices that cannot be automatically discovered .
On the Devices page, click either Add Library or Add Drive to add a new device to your
configuration.
You can also use the mkdev obtool command to add an Oracle Secure Backup device object
to your administrative domain configuration. Here are some examples:
ob> mkdev --type library --attach hasun20:/dev/obl0 tc-lib
ob> mkdev --type tape --library tc-lib --dte 1 --attach hasun20:/dev/obt0
tc-tape
ob> lsdev

The following output appears:


library
tc-lib in service
drive 1 tc-tape in service

Oracle Database 11g: Oracle Secure Backup 9 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Adding Devices

Oracle Database 11g: Oracle Secure Backup 9 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Adding Devices (continued)


The first example shows you how to add a tape library device to your configuration. As shown
in the slide, you must specify the device type, its attachment, and its Oracle Secure Backup
name.
The second example is doing the same thing for a tape drive that is part of your tape library. In
addition to the type, attachment, and name, you must specify the corresponding tape library as
well as the data transfer element (DTE) of the tape drive. Oracle Secure Backup identifies each
tape drive within a tape library by its DTE number. A DTE must be specified if library is
specified.
The third example displays the output of the lsdev command, which shows you the current
configuration for both devices.
Unlike SCSI, which is a host-centric protocol, Fibre Channel libraries and tape drives are
typically shared among multiple Oracle Secure Backup media servers. A Fibre Channel
attached tape drive or tape library often has multiple attachments, one for each host that can
directly access it. You can specify multiple attach points when creating a device with the
mkdev or chdev obtool commands, the Web tool, or Enterprise Manager. Multiple attach
points enable you to attach the same device to multiple hosts on a network.
Note: For more information about the mkdev and chdev commands, refer to the Oracle
Secure Backup Reference.

ob> discoverdev --verbose --host


edrsr12p1

Copyright 2009, Oracle. All rights reserved.

Discovering Devices on NDMP Hosts


Libraries and tape devices attached to Network Attached Storage (NAS) filers are
automatically configured by the operating system on which the NAS device runs. Both SCSI
device and Fibre Channel configuration occur automatically and require no input from the
user.
Oracle Secure Backup can detect changes in device configuration for some types of these
NDMP-accessed hosts and, on the basis of this information, and automatically update the
device configuration in the administrative domain.
However, NAS tape libraries and tape drives must first be made accessible to the Oracle
Secure Backup software. This is accomplished by performing device discovery on each of the
NAS filers in the administrative domain. You can discover devices by using Enterprise
Manager, the OSB Web tool, or obtool commands.
Oracle Secure Backup detects multiple hosts connected to the same device by comparing the
serial numbers reported by the operating system.

Oracle Database 11g: Oracle Secure Backup 9 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Discovering Devices on NDMP Hosts

Copyright 2009, Oracle. All rights reserved.

Managing Devices
From the Administrative Server page, you can click the link corresponding to the Devices
number.
This takes you to the Devices page from where you have the options to Add Library and Add
Drive. You can also select an existing device, and click Edit or Remove to perform those
actions on that device.
A tape must be mounted in the drive before you can write to it. Mounting a volume means
logically preparing a tape volume in a drive to be read or written.
Note: Unlike tape devices, Oracle Secure Backup will refuse to communicate with a tape
library that it does not recognize (a tape library whose product ID does not appear in the
OSB_Home/devices/ob_robots file). Too many things may go wrong when trying to
control an unknown tape library.

Oracle Database 11g: Oracle Secure Backup 9 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Devices

Clients
Media Serv.
- Devices
> - Libraries
Volumes
Jobs

Em_devices_crop.gif

Em_08_lib_prop_2.gif

Copyright 2009, Oracle. All rights reserved.

Tape Library Properties


To view tape library properties, perform the following steps in Enterprise Manager:
1. On the Devices page, click the name of a tape library in the main text box.
The Edit Library page is displayed, showing the properties of the selected tape library.
The device attachment information is displayed at the bottom of the page.
2. Click Show Advanced Settings to view additional properties for the device.
3. You can make changes to the tape library configuration and then click one of the
following:
- Apply, to implement those changes and remain in this page
- OK, to save the changes and return to the Device page
- Cancel, to avoid the operation and move back one page
- Attachments, to configure device attachments
Using the Web tool interface:
1. On the Manage page, select a tape library or tape drive in the main text box
2. Click Show Properties

Oracle Database 11g: Oracle Secure Backup 9 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Library Properties

Copyright 2009, Oracle. All rights reserved.

Tape Drive Properties


To view tape drive properties, perform the following steps:
1. On the Manage page, select a tape drive in the main text box.
2. Click Show Properties.
The Web tool displays a page with the properties for the tape drive that you selected.
3. Click Close to return to the Manage page.

Oracle Database 11g: Oracle Secure Backup 9 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Drive Properties

Clients
Media Serv.
- Devices
- Libraries
> Volumes
Jobs

Copyright 2009, Oracle. All rights reserved.

Managing Volumes
You can access the Volumes page from the Administrative Server page by clicking the Details
link to the right of the Volumes label in the Resources section. You can use the Volumes page
to display a list of all volumes associated with an administrative server.
To display the volumes, you must first specify a filter option. You do so by using the Search
section. In the example in the slide, the filter option limits the volumes displayed to only those
for the RMAN-DEFAULT media family. For a listing of all volumes, select the All search
option, and then click Go.
The Results table identifies the Volume ID and other important information related to your
volumes. You can view all the backup sections in a selected volume by clicking Backup
Sections.
Note: For more information about how to manage volumes within Oracle Secure Backup,
refer to the Oracle Secure Backup Administrators Guide.

Oracle Database 11g: Oracle Secure Backup 9 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Volumes

Copyright 2009, Oracle. All rights reserved.

Managing Volumes (continued)


Use the Backup Sections page to display the sections of a backup. A backup section is that
portion of a backup image that fits on one physical volume. The Sections table displays the
client host, attributes, and time stamp for each section.

Oracle Database 11g: Oracle Secure Backup 9 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Volumes

Backup job transcripts are kept for seven days by default. How
can you increase this?
1. You cannot, it is fixed at seven days.
2. You can increase it in the backup schedule.
3. You can define this in the Logs section of Defaults and
Policies.
4. You can specify this in the backup dataset.
5. You can configure this in the media family.

Copyright 2009, Oracle. All rights reserved.

Answers: 3

Oracle Database 11g: Oracle Secure Backup 9 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

If you remove a host from the OSB domain, the backup catalog
is also removed.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 9 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

If you remove a host from the OSB domain, the key store is
also removed, which means that your backups from that host
become invalid.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 9 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Communication with NAS devices uses the SSH protocol:


1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 9 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Filers using NDMP do not require an OSB Installation on the


filer:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 9 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

New devices may be discovered in which ways:


1. By automatic discovery for all devices
2. By automatic discovery on NDMP devices
3. Manually

Copyright 2009, Oracle. All rights reserved.

Answers: 2, 3

Oracle Database 11g: Oracle Secure Backup 9 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Only hosts with a media server role are available for allocation
of tape/library device attachments:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 9 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

You can add a client to the OSB domain by:


1. Adding it to the backup dataset
2. Using the Web tool Configure tabbed page
3. Using Enterprise Manager
4. Executing the mkhost obtool command

Copyright 2009, Oracle. All rights reserved.

Answers: 2, 4

Oracle Database 11g: Oracle Secure Backup 9 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

NDMP media servers cannot share tape devices with regular


media servers:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 9 - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Discovered NDMP devices are automatically available by


default:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 9 - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

After you create a tape library device, the list of volumes in that
library are available to Oracle Secure Backup:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 9 - 26

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Manage clients
Manage media servers (tape devices and libraries)
Manage volumes

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 9 - 27

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Viewing how to add an OSB client to an existing domain
Installing OSB software on a new client
Configuring client role in the administrative domain

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 9 - 28

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 9 Overview:
Viewing OSB Management Tasks

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Configuring and Using Tape Vaulting

After completing this lesson, you should be able to:


Describe the use of tape vaulting
Configure tape vaulting
Use a tape vaulting environment
View tape rotation reports
Troubleshoot vaulting

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 10 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Overview of Vaulting

Tape
library

catalog

Media
recycle bin

Iron Mountain
off-site storage

Vault_Offsite
Library = 1 hour after full
Offsite = 2 years after arrival
Media_Recycle_Bin = duration disabled

Copyright 2009, Oracle. All rights reserved.

Overview of Vaulting
An example of media requirements, which illustrates the life cycle of backup tapes, includes:
1. Tapes in a tape library are written to either for a given time period, for example, one week,
or until they are full.
2. If a tape has a retention requirement, for example, two years, then you might have a policy
to store these tapes offsite.
3. Operators, robots, or both perform the physical transport of tape volumes.
4. After the retention time expires, the tapes move to their next location.
5. The volumes might be held in a media recycle bin (temporary storage) until they are
needed for reuse.

Oracle Database 11g: Oracle Secure Backup 10 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

An example of the the life cycle of backup tapes:

Configuring in Oracle Secure Backup:


Locations (offsite)
Rotation policies (via offsite_2Y media family)
Location scan schedule
Operator tasks:
Executing media movement jobs
Extracting volumes
Packing and shipping volumes
Offsite_2Y
Write Window = 1 week
Retain Time = 2 years

Media Family

Vault_Offsite
Library = 1 hour after full
Offsite = 2 years after arrival
Media_Recycle_Bin = duration disabled

Rotation Policy
Copyright 2009, Oracle. All rights reserved.

Overview of Vaulting (continued)


Oracle Secure Backup uses a volume rotation policy to track a backup volume as it moves from
its originating location to a storage location and is eventually recycled. This process is known as
vaulting.
To use tape vaulting, you must configure the following:
Locations: Storage locations
Rotation policies, that volumes inherit from their media family (After rotation policies are
associated to their media family, you must perform at least one backup to have test data
available.)
Location scan schedule, which initiates location scans (Location scans create pending
media movement jobs for eligible candidate tape volumes.)
Operators perform the following tasks:
Execute media movement jobs.
Extract volumes from their present location with the help of pick reports.
Pack and ship volumes with their distribution reports to their new location.

Oracle Database 11g: Oracle Secure Backup 10 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Overview of Vaulting

Defining media storage locations


Defining rotation policies and rules
Associating a rotation policy with a media family

Copyright 2009, Oracle. All rights reserved.

Configuring a New Vaulting Environment


The list in the slide shows the prerequisite tasks before you can use the Oracle Secure Backup
tape vaulting functionality.

Oracle Database 11g: Oracle Secure Backup 10 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring a New Vaulting Environment

Copyright 2009, Oracle. All rights reserved.

Defining Media Storage Locations


You can use either the obtool commands or the OSB Web tool interface to manage your
information about media storage locations.
1. In the OSB Web tool, navigate to Configure > Locations. On the Configure: Locations
page, you see OSB-generated locations:
- The Media_Recycle_Bin default location can be used as a temporary "holding"
location, when tapes are ready for reuse.
- When you configured devices, vlib and vlib2 were automatically created as
"active locations".
2. To add a new location:
- On the Configure: Locations > New Locations page, enter a name: offsite and
optionally, 3 minutes as Recall time, then click Apply.
- The Recall time is the time needed to return tapes for the restore operation. Recall
time is an optional parameter, but its use is recommended, especially when you plan
to use duplication policies. OSB considers this information and initiates restore
operations (from original or duplicate tapes) with the shortest recall time.
3. You should receive a success message and then click OK.

Oracle Database 11g: Oracle Secure Backup 10 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Media Storage Locations

Rotation policy
quick_test_rotation

Location
vlib2
offsite
Media_Recycle_Bin

made up of
in

subject to
for

Rotation rule
vlib2: windowclosed: 5 minutes
offsite: arrival: 2 minutes
Media_Recycle_Bin: arrival: 1 minutes

Copyright 2009, Oracle. All rights reserved.

Defining Rotation Policies and Rules


A rotation policy determines the location and duration of tape movement and location. The
following rules apply:
Each rotation policy must be made up of one or more rotation rules.
Each rotation rule must be in one and only one rotation policy and each rotation rule must
be for one and only one location.
Each location may be subject to one or more rotation rules.

Oracle Database 11g: Oracle Secure Backup 10 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Rotation Policies and Rules

2
3
4

1
5

Copyright 2009, Oracle. All rights reserved.

Defining Rotation Policies and Rules (continued)


1. To create a rotation policy in the OSB Web tool, navigate to Configure > Rotation Policies
> Add, then enter a policy name and click Apply.
To define rotation rules, use the middle section of the page. Possible events: firstwrite,
lastwrite, windowclosed, nonwritable, arrival and expiration.
2. Your first rotation rule (which must use a volume in an active location) appears in the
display section above your definition area. In this example, the tapes (per media family)
are eligible for movement five minutes after the Write window has closed. This implies
that the media family must have a Write window parameter specified.
3. Test volume takes two minutes to arrive at the offsite location. Later, when a media
movement job is executed, OSB assumes the volumes are at the next scheduled location
and does not take the shipping time into account.
4. The Media_Recycle_Bin is a holding location. When you return a tape device to the
Media_Recycle_Bin or another user-configured location, then OSB considers the tape to
be at the end of its rotation policy. OSB does not associate the tape with another rotation
policy until the tape is reused. Then OSB will use the new media family and rotation
policy (if any).
5. To add these rules to the rotation policy, click OK.

Oracle Database 11g: Oracle Secure Backup 10 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Rotation Policies and Rules

Location

Rotation policy

vlib2
offsite
Media_Recycle_Bin

quick_test_rotation

made up of

for

in

governed by

Media family
offsite_test

subject to
for

Rotation rule
vlib2: windowclosed: 5 minutes
offsite: arrival: 2 minutes
Media_Recycle_Bin: arrival: 1 minutes

Copyright 2009, Oracle. All rights reserved.

Associating a Media Family with a Rotation Policy


Media families establish tape retention as well as the foundation for rotation and duplication
policies. You must create a media family for each set of tapes that has different retention
requirements. The following rules apply:
Each media family may be governed by one and only one rotation policy.
Each rotation policy may be for one or more media families.

Oracle Database 11g: Oracle Secure Backup 10 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Associating a Media Family with a Rotation Policy

OSB

Recycling time-managed volumes


Write window
Retention duration
Updates allowed

Volume set
creation

Updates forbidden

Volume set
closed

Copyright 2009, Oracle. All rights reserved.

Associating a Media Family with a Rotation Policy (continued)


To configure a media family in the OSB Web tool, navigate to Configure > Media Families.
Select the media family and click Edit.
Select your rotation policy, specify your volume expiration and write window.
The Volume expiration for OSB is Time Managed. Retain the volume set for 10 minutes.
The Write window is the period of time for which a volume set is open for updates. Ensure
that your backups fit in this Write window.
Note: Of course, content-managed media families can also have rotation policies just like timemanaged ones.

Oracle Database 11g: Oracle Secure Backup 10 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Associating a Media Family with a Rotation Policy

1.
2.
3.
4.
5.

Performing a backup
Scheduling a location scan
Viewing scan control jobs
Executing a media movement job
Viewing vaulting reports
Scanning the OSB catalog
Eligible candidates?

Yes, for vaulting:

Creating pending volume movement job(s)


Executed by operators

No:

No action
Copyright 2009, Oracle. All rights reserved.

Using the Vaulting Environment


In addition to the vaulting configuration, you need a suitable backup tape to test your vaulting
environment.
To execute a rotation policy, you must schedule a location scan which identifies when the
catalog should be scanned for eligible candidate tapes. You can schedule location scans for one,
several, or all locations. The location scan is automatically executed according to your specified
schedule.
The location scan creates a media movement job for each location. You, as OSB operator, must
explicitly execute the media movement job which:
Generates a pick and distribution report
Moves tapes to import or export slots of the library

Oracle Database 11g: Oracle Secure Backup 10 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Using the Vaulting Environment

Scheduling a Location Scan

2
Copyright 2009, Oracle. All rights reserved.

Scheduling a Location Scan


To schedule a location scan in the OSB Web tool, navigate to Manage > Schedule Location Scan
> Add.
1. Enter a schedule name and select the locations; first click Apply, and then click Triggers.
2. To define a time-based trigger, specify the start time and the scanning frequency by day,
week, or month. You can also specify exceptions, such as when not to run a location scan.
You can add multiple triggers to each location scan, for example, if you wish to schedule
one scan in the morning and another in the afternoon. Click Add for each trigger.

Oracle Database 11g: Oracle Secure Backup 10 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Viewing Scan Control Jobs


To view scan control jobs in the OSB Web tool, navigate to Manage > Jobs; then:
1. Select the Viewing options to display the jobs that interest you.
2. For each job, you can click Show Properties and/or Show Transcript, to review details of
the job execution.
3. In the Job Transcript Viewer, select the level of detail that you wish to review. The
screenshot above uses Verbose. You can see your pending media movement job
highlighted.

Oracle Database 11g: Oracle Secure Backup 10 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Viewing Scan Control Jobs

Executing a Media Movement Job


1

3
4

Copyright 2009, Oracle. All rights reserved.

Executing a Media Movement Job


To execute a media movement job in the OSB Web tool, navigate to Manage > Jobs.
1. Select the media movement Types and the following check boxes: Active, Complete
and Pending. Then click Apply.
2. Select your media movement job and click Run.
3. Select Now and Media Movement as Run Option and then click Apply.
4. When the job is completed, review the Properties.
5. You should see that the operation completed without errors.
Note: When a media movement job is executed, OSB assumes that the tape is at its next location
without taking transport time into account. OSB does not validate the arrival of the physical tape
at its next location. So, OSB administrators or system operators should confirm the actual arrival
with the help of the distribution list.

Oracle Database 11g: Oracle Secure Backup 10 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

An example of the the life cycle of backup tapes with sample


reports:
Distribution
report

Pick
report
Schedule
reports

Location
report

Tape
library
Exception
reports
catalog

Media
recycle bin

Iron Mountain
off-site storage
Distribution
report

Copyright 2009, Oracle. All rights reserved.

Viewing Vaulting Reports


To view vaulting reports in the OSB Web tool, navigate to Manage > Location Reports and
select your report from the Type drop-down list.
The pick report lists all volumes to be picked (selected) for distribution to another
location. Pick and distribution reports are automatically generated when you run a media
movement job.
OSB creates a distribution report when it creates a media movement job. It lists all
volumes that are being sent to a particular location as the result of a media movement job.
(You can think of it as a packing list to be included in the shipment of volumes to a
location.)
The location report lists the tapes at their locations and when they are scheduled to move
to the next location. The next location and the eligibility move date come from the rotation
policy for that volume.
A schedule report contains the same information as a location report, but it is limited to
volumes whose move-eligibility dates fall within a range that you specify.
An exception report shows the current and expected locations for all volumes whose
current and expected locations are different, compared to their rotation policy. For
example, if a volume is recalled from a storage location back into a tape library, then that
volume appears in the exception report for that tape library.
Oracle Database 11g: Oracle Secure Backup 10 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Viewing Vaulting Reports

Misplaced volumes:
Volumes inventory or physical search
To find discrepancies early: Two distribution reports
Report with tape
Directly transmitted report, alerting operator

Stranded volumes:
Omitting locations when changing active rotation policies
Exception report: Volumes outside their rotation policies
Moving stranded volumes with the OSB Web tool

Copyright 2009, Oracle. All rights reserved.

Troubleshooting Vaulting
If a volume is manually removed from an active or storage location and misplaced, then Oracle
Secure Backup does not flag it as misplaced. The OSB catalog still shows it at its former
location. Its misplaced status is not discovered until the volume becomes eligible for inclusion in
a media movement job. Finding it might require a complete volume inventory or a physical
search.
A volume that is misplaced on route to a storage location is the worst case.
Tip: Generate two distribution reports for each media movement job: one to accompany the
volume to the storage location, and transmit the other by itself to the storage location operator. If
the operator receives a distribution report without a matching volume, then the operator
immediately knows that a volume has been misplaced on route.
Volumes inherit their rotation policies from their media families. If you change the rotation
policy associated with a media family and you omit one or more locations, then all volumes in
the newly omitted locations at the time of the policy change are stranded. OSB does not create
media movement jobs for these volumes, because it does not look for them in the omitted
locations. These stranded volumes appear in the volume exception report. Use OSB Web tool >
Manage > Volumes to move the stranded volumes to a location within the new rotation policy.

Oracle Database 11g: Oracle Secure Backup 10 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Troubleshooting Vaulting

RMAN and OSB integration:


RMAN restore operation fails if required volumes are in
storage, rather than in an active location.
RESTORE DATABASE PREVIEW shows status of all
required volumes.
RESTORE DATABASE PREVIEW RECALL creates OSB
media movement job to recall required volumes.
RMAN restore operation succeeds with all required
volumes on site.

Copyright 2009, Oracle. All rights reserved.

Recovery Manager and Vaulting


RMAN and OSB are closely integrated:
In Oracle Database 10g (10.2 and later), an RMAN restore operation fails immediately if
any needed volume are located at a storage location, rather than an active location.
You can use the RESTORE DATABASE PREVIEW command to get the status of all volumes
required for a restore operation, including volumes that are AVAILABLE, but located
remotely.
You can use the RESTORE DATABASE PREVIEW RECALL command to start a recall for
all volumes needed for a restore operation that are currently at a storage location. This
RMAN command translates into an Oracle Secure Backup media movement job.
When the volumes have been recalled from storage, the RESTORE DATABASE PREVIEW
output for the same restore operation indicates that these volumes are now available on
site. A restore operation can be completed successfully at this point.

Oracle Database 11g: Oracle Secure Backup 10 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Recovery Manager and Vaulting

For Database Restore

For File-system Restore

RESTORE DATABASE PREVIEW


RECALL creates media movement job,
manual recall

Automated recall, while job remains


pending

Explicitly enable media movement job.


Manual start of restore operation

Automated start of restore operation

Volume frozen after restore operation


Manual release

Policy-based release
Return volume to proper place in rotation.

Copyright 2009, Oracle. All rights reserved.

Recalling a Tape Volume


When a tape is recalled, Oracle Secure Backup is optimized for each specific activity. This
means, OSB functionality varies slightly for database and file-system restore operations.
1. When a restore operation needs a volume that is not in an active location, then OSB
automatically generates a volume recall request for file-system restore operation. The job
remains in a pending state until the volume arrives. This is not implemented for a
database related recall, because a pending job would use server processes while waiting.
2. You must explicitly enable this media movement job before the volume can be recalled.
Usually, recall requests are processed with the next regular media movement, but they can
also be executed immediately.
3. For the database, you start the restore operation; for the file-system data, the pending job
continues and automatically starts restore operation.
4. When the restore operation is complete, the volume is frozen at its current point in the
rotation cycle until it is released. For the file-system restore operation: the
autovolumerelease policy determines if the volume is automatically released or not.
5. You release the volume from its current location and return it to the proper place in its
rotation (as specified by the rotation policy that applies to that volume).

Oracle Database 11g: Oracle Secure Backup 10 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Recalling a Tape Volume

A tape is assigned a rotation policy according to the:


1. Media family configuration
2. Backup schedule
3. Defaults and Policies
4. Dataset

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 10 - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

A scheduled location scan is configured for 10 AM on Tuesday


so the media movement job will run automatically at that time:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 10 - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

You change a rotation policy in a fully functional environment,


because your organization does not want to renew a contract
with some of your storage providers. The tapes from the
omitted locations are automatically transferred to a default
location:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 10 - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Describe the use of tape vaulting
Configure tape vaulting
Use a tape vaulting environment
View tape rotation reports
Troubleshoot vaulting

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 10 - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the following topics:


Configuring a new vaulting environment
Performing a backup
Scheduling a location scan
Executing a media movement job
Viewing tape rotation reports

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 10 - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10 Overview:
Configuring and Using Tape Vaulting

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Configuring Tape Duplication

After completing this lesson, you should be able to:


Describe the use of tape duplication
Differentiate duplication from vaulting and migration
Configure tape duplication

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 11 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Managing tapes from the first write to reuse based on userdefined media families, duplication and rotation policies
Media family:

Duplication policy:

Acting on tape pool


to establish retention
and reuse

Automates the duplication of tapes, which


can use either the same or different
retention times and rotation schedules

Rotation policy or vaulting:


Tape reuse:
Automatic reuse of
expired tapes within
the administrative
domain

Automates the tape rotation between


two or more sites

Copyright 2009, Oracle. All rights reserved.

Media Management
Oracle Secure Backup 10.2 provides the following key enhancements for media management:
Automated rotation of tapes between locations, referred to as vaulting
Automated duplication of tapes according to duplication policy
On-demand tape duplication

Oracle Database 11g: Oracle Secure Backup 11 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Media Management

ONSITE_1M

OFFSITE_2Y

media family

media family

Tape
Library

catalog

Cabinet
tape library
on-site storage

Iron Mountain
off-site storage
Media
recycle bin

Tapes duplicated to another media family may have a different


retention and rotation schedule than the original tapes.
Copyright 2009, Oracle. All rights reserved.

Overview of Tape Duplication


A real-life example: You may want to maintain one set of backup tapes onsite for one month and
send a copy of the tapes offsite for disaster recovery and long-term storage requirements (for
example, for two years).

Oracle Database 11g: Oracle Secure Backup 11 - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Overview of Tape Duplication

ONSITE_1M

COPY_OFFSITE

Write Window = 1 week


Retain Time = 4 weeks

Trigger = 1 hour after window closed


# of Duplicates = 1
Duplicate to Media Family= OFFSITE_2Y

Media Family

Duplication Policy

VAULT_ONSITE
Library = 1 week after Full
Cabinet = 1 month after arrival
Library = duration disabled
Rotation Policy

VAULT_OFFSITE

OFFSITE_2Y

Library = 1 hour after full


Iron_Mountain = 2 years after arrival
Media_Recycle_Bin = duration disabled

Write Window = None


Retain Time = 2 years
Media Family

Rotation Policy

Copyright 2009, Oracle. All rights reserved.

Tape Duplication and Vaulting


In this scenario, your backup is associated with the onsite_1m media family (with a onemonth retention and a rotation policy to an on-site storage location). The onsite_1m media
family has a duplication policy that copies the tapes to the offsite_2y media family (which
has a two-year retention, no duplication policy, and a rotation policy to the desired storage
location for two years).
Note: Oracle Secure Backup performs duplication before rotation.

Oracle Database 11g: Oracle Secure Backup 11 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tape Duplication and Vaulting

Tape Duplication and Migration

Virtual tapes migrate to physical tape per user-defined policy.


Duplication policy enables migration to the same or a different
media family.
Physical tape, which was at first the duplicate, becomes the
original backup, and VTL space is reused.

Copy tape
Reclaim storage in VTL
Virtual Tape
Library (VTL)

First duplicate,
then only backup

Copyright 2009, Oracle. All rights reserved.

Tape Duplication and Migration


Virtual tape libraries (VTLs) are disk backup appliances that emulate tape devices. VTLs can be
seamlessly deployed into an environment because the tape backup software recognizes the VTL
as the tape device that it is emulating.
VTLs are becoming more widely adopted to achieve the performance benefits of disks without
requiring any change to the backup infrastructure. If you need to maintain backups in your VTL
for a short period of time (a week or a month), then you migrate data to physical tape, as defined
in your rotation and duplication policy. Once the virtual tape has been copied to physical tape,
the disk space is reclaimed in the VTL. At this point the duplicate copy becomes the original.
Note: This functionality is not available for the Oracle classroom setup.

Oracle Database 11g: Oracle Secure Backup 11 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Virtual Tape Libraries (VTLs)

Configuring a duplication environment involves:


Defining media storage locations
Viewing or defining a volume duplication window
Defining a volume duplication policy (within the duplication
window)
Associating a duplication policy with a media family
Using the duplication environment consists of:
1. Scheduling a volume duplication
2. Performing a backup
3. Executing jobs

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 11 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring and Using Volume Duplication

Defining media storage locations

Viewing or defining volume duplication window

Copyright 2009, Oracle. All rights reserved.

Configuring a Duplication Environment


In the OSB Web tool, navigate to Configure > Locations.
In the OSB Web tool, navigate to Configure > Volume Duplication Windows. View the
time range of the daily default window, which is from 10:00 to 20:00 (10 AM to 8 PM).

Oracle Database 11g: Oracle Secure Backup 11 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Configuring a Duplication Environment

Copyright 2009, Oracle. All rights reserved.

Defining Volume Duplication Policies


In the OSB Web tool, navigate to Configure > Volume Duplication Policies. Click Add to define
a new policy.
Duplicate tapes can be made in the same or a different media family than the original tapes. If
the same media family is used, then the duplicated tapes have the same retention and rotation
schedule (if any) as the original ones. If a different media family is used, then the duplicate tapes
have the retention and rotation schedule (if any) of the new media family.

Oracle Database 11g: Oracle Secure Backup 11 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Defining Volume Duplication Policies

Copyright 2009, Oracle. All rights reserved.

Associating a Duplication Policy with a Media Family


1. Navigate to OSB Web tool > Configure > Media Families.
2. Then select your media family.
3. Click Edit.
4. Associate the Volume duplication policy by selecting your rotation policy from the dropdown list.

Oracle Database 11g: Oracle Secure Backup 11 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Associating a Duplication Policy with a Media


Family

Copyright 2009, Oracle. All rights reserved.

Scheduling Volume Duplication


1. Navigate to OSB Web tool > Manage > Schedule Volume Duplication > Add. Enter a
name for the duplication schedule and select the appropriate locations, first click Apply,
then click Triggers.
2. Select frequency and time of day (within your volume duplication window) and click Add.
3. Your duplication will be automatically executed at your specified day and time.

Oracle Database 11g: Oracle Secure Backup 11 - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Scheduling Volume Duplication

Scan control job: Scanning the OSB catalog


Eligible candidates?

Yes, for duplication: Creating

and executing volume duplication job(s)

Yes, for vaulting:

Creating "pending" volume movement job(s)


Executed by operators

No:

No action

Copyright 2009, Oracle. All rights reserved.

Executing Jobs
Tape vaulting and tape duplication are optional configuration settings. They are independent of
each other. However, if both policies are defined for a tape, then OSB will duplicate this tape
before executing the rotation policy. This ensures that the duplication requirement is completed,
before the tape is shipped offsite.
So, your duplication job will run automatically within your scheduled time window, before any
data movement jobs, if both are defined for the same media family.

Oracle Database 11g: Oracle Secure Backup 11 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Executing Jobs

A tape is assigned a duplication policy according to the:


1. Media family configuration
2. Backup schedule
3. Defaults and Policies
4. Dataset

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 11 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

After scheduling tape duplication, you must run the media


duplication job manually:
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 2

Oracle Database 11g: Oracle Secure Backup 11 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Describe the use of tape volume duplication
Differentiate duplication from vaulting and migration
Configure tape duplication

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 11 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

This practice covers the topic of tape configuration. View the


osb_media_lifecycle viewlet, that shows both tape
vaulting and duplication.
OSB_CATALOG-MF
Write Window = 7 days
Retain Time = 14 days

Demo_Rotation
vlib : windowclosed : 1 hour
Demo : arrival : 6 months
Media_Recycle_Bin : arrival: disabled

Full_Offsite
Write Window = None
Retain Time = 6 months

Rotation Policy

Full_Dup_Offsite

Full_Demo
Write Window = 2 hours
Retain Time = 1 months

Trigger = 1 hour after window closed


Duplicates = 1
Duplicate to media family= Full_Offsite

Media Families

Duplication Policy

Copyright 2009, Oracle. All rights reserved.

Practice 11 Overview: Viewing Media Life Cycle Demonstration


The viewlet shows the following tape configuration tasks:
1. Create a new Demo location.
2. Create a new Demo_Rotation rotation policy with three rules.
3. Assign the Demo_Rotation policy to the OSB_CATALOG-MF media family.
4. Create a Full_Demo media family.
5. Create a Full_Offsite media family and assign the Demo_Rotation policy.
6. Create a Full_Dup_Offsite duplication policy, that copies tapes from the Full_Demo media
family to the Full_offsite media family.
7. Associate the Full_Dup_Offsite duplication policy with the Full_Demo media family.
8. Create the Demo_Loc_Scan schedule for vaulting jobs.
9. View the default volume duplication window.
10. Create the Demo_dup_scan schedule within the duplication time window for the
duplication job.
11. Navigate to Location reports, which enable you to track tapes at the various locations.

Oracle Database 11g: Oracle Secure Backup 11 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 11 Overview:
Viewing Media Life Cycle Demonstration

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Tuning Oracle Secure Backup

After completing this lesson, you should be able to:


Identify tunable hardware and software components
Choose the optimal disk storage subsystem
List potentially CPU-intensive server operations
Choose the optimal tape subsystem and connections
Analyze RMAN read operations
Analyze media manager write operations
Describe RMAN and OSB tuning dependencies

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 12 - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

The most important hardware components involved in


backup and recovery are:
Tape storage subsystem

Connection between tapes and server SAN, direct attach


Database server

Connection between disks and server fiber attach


Disk storage subsystem

Copyright 2009, Oracle. All rights reserved.

Tuning Hardware
To understand how to tune backup and recovery performance, it is important to understand the
performance characteristic of each component, so that you can maximize its performance.
The most important hardware components involved in backup and recovery are:
Disk storage subsystem
Servers
Tape subsystem
Connection between the disks and server, and the server and tape subsystem
Generally, fiber-attached disks are used for production and SAN-attached are used for secondary
backup storage. SAN disk storage is transparent for Oracle Secure Backup. OSB regards SAN as
a collection of disks. In contrast, NAS uses NDMP, and OSB must identify the NAS device.

Oracle Database 11g: Oracle Secure Backup 12 - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tuning Hardware

Tuning RMAN and Oracle Secure Backup


Disk storage subsystem are best configured:
With ASM without using hardware-based RAID
Using only outer sectors of the physical disk

Potentially CPU-intensive server operations include:

Copying data from I/O buses to memory buffers


Validating data blocks
Copying memory buffers from RMAN to OSB
Copying data from memory buffers to I/O buses
Encryption
Compression

Copyright 2009, Oracle. All rights reserved.

Tuning RMAN and Oracle Secure Backup


It is important to know which components can create a bottleneck and why. Backup and
recovery performance depends on both software and hardware components.
The most efficient and scalable way to configure a disk storage subsystem is to use ASM
without using hardware-based RAID. Because Oracle ASM spreads database files across all
available disks, ASM can achieve low contention and high I/O throughput even on commodity
disk arrays such as simple JBODs (Just a Bunch of Disks). You can achieve further
improvement in disk throughput by using only outer sectors of the physical disk.
Although the processing power of the server (for example, CPU, internal bus, and so on) is
rarely a backup bottleneck, it can affect backup performance. The following potentially CPUintensive operations occur inside the server:
Copying data from I/O buses to memory buffers
Validating data blocks
Copying memory buffers from Oracle Recovery Manager to Oracle Secure Backup
Copying data from memory buffers to I/O buses
Oracle encryption and compression backups are other CPU-intensive operations whose speed
may be limited by the processing power of the CPU. For example, testing showed that a single
Intel Xeon 3.2 GHz processor could encrypt Oracle data blocks during the backup at a speed of
about 40 MB.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tuning RMAN and Oracle Secure Backup


Tape subsystem performance is improved by:
Adaptive tape speed
Larger tape blocks

Best connection between the disks and server, and the


server and tape subsystem: Fibre Channel SAN

Copyright 2009, Oracle. All rights reserved.

Tuning RMAN and Oracle Secure Backup (continued)


Additional performance factors are:
The tape subsystem can be an important factor in backup and recovery performance. One
popular option for tape drives is LTO technology. The native transfer rate for LTO3 drives
is 80 MB/s and up to 150 MB/s compressed.Tape streaming is not an issue, because most
modern tape technologies have adaptive tape speed.
The physical tape block size is the amount of data written by the media management
software to a tape in one write operation. The common rule is that a larger tape block size
leads to a faster backup, because the larger block size uses the bandwidth between server
and tape drive more efficiently.
Fibre Channel SANs provides the most performance. It is a widely accepted connectivity
method between servers, tapes, and disk. In SAN environments, the connectivity between
HBA, Fibre Channel switches, tape controllers, and disk controllers is an important
consideration, and the overall SAN performance is dependent upon each of these
components. The most important recommendation is to zone the disk subsystem to a
different HBA from the tape subsystem.

Oracle Database 11g: Oracle Secure Backup 12 - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle database initialization parameters for tuning RMAN:


_BACKUP_KSFQ_BUFCNT (16): Maximum number of
outstanding I/O requests = Number of disks, if 32 or more
_BACKUP_KSFQ_BUFSZ (1 MB): Size of individual I/O
requests = Size of ASM stripe

Copyright 2009, Oracle. All rights reserved.

Tuning RMAN Software


By default, RMAN uses asynchronous an I/O operation to read data. The DISK_ASYNCH_IO
Oracle database initialization parameter controls asynchronous I/O. When I/O is asynchronous, a
server session can begin an I/O and then perform other work while waiting for the I/O operation
to complete. The server session can also begin multiple I/O operations before waiting for the
first to complete.
The maximum number of outstanding I/O requests during backup is controlled by the
_BACKUP_KSFQ_BUFCNT parameter, whereas the size of I/O requests is controlled by
the _BACKUP_KSFQ_BUFSZ parameter.
Even though these parameters are so-called underscore parameters, to achieve the best
performance you might need to set the _BACKUP_KSFQ_BUFCNT parameter to the
number of disks in the ASM disk group and the _BACKUP_KSFQ_BUFSZ parameter to
the size of the ASM stripe. The default is 16 for _BACKUP_KSFQ_BUFCNT and 1 MB for
_BACKUP_KSFQ_BUFSZ. These defaults are acceptable for ASM disk groups with fewer
than 32 disks and when the ASM stripe size is 1 MB.
The diagram depicts RMAN buffers and data flow during a backup between input and output I/O
buffers.

Oracle Database 11g: Oracle Secure Backup 12 - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tuning RMAN Software

RMAN needs to be tuned, so it can use all disk spindles in the


ASM disk group. An example:
_KSFQ_BACKUP_BUFCNT database parameter: 64
MAXOPENFILES RMAN channel parameter: 1

Copyright 2009, Oracle. All rights reserved.

Tuning RMAN Software (continued)


As noted previously, Oracle RMAN is responsible for the reading of data. Thus, RMAN must be
tuned so that it can use all disk spindles in the ASM disk group.
The graph on this page shows an example of benchmark testing: The maximum throughput is
achieved with the _KSFQ_BACKUP_BUFCNT parameter set to 64; so the maximum number of
outstanding I/O reads is 64. Because the disks are striped with the default ASM stripe size of 1
MB, there is no need to modify the size of I/O reads, which are controlled by the
_KSFQ_BACKUP_BUFSZ parameter.
Because ASM stripes each data file across all available disks, RMAN multiplexing should not be
used. Consequently, the Oracle RMAN channel parameter MAXOPENFILES is set to 1.

Oracle Database 11g: Oracle Secure Backup 12 - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Tuning RMAN Software

Performance optimizations based on RMAN and OSB


integration include:
No reading and writing of unused blocks (automatic)
Backup of only uncommitted undo (automatic)
Shared buffer between SBT and OSB tape (automatic)
User-defined TCP/IP buffer size for sending larger packets
over the network
Linux direct I/O: Writing from OSB tape buffer (user space)
via DMA to tape

Copyright 2009, Oracle. All rights reserved.

Performance Factors
Performance optimizations with Oracle Secure Backup 10.2 and Oracle Database 11g are:
An RMAN/OSB backup (OSB 10.1 and higher) reads and writes only used data file blocks.
This feature is only available when RMAN uses Oracle Secure Backup as its media
manager.
Oracle Secure Backup 10.2 eliminates backup of committed undo (increasing backup
performance and reducing tape consumption). Only uncommitted undo is backed up.
Oracle Secure Backup 10.2 optimizes SBT buffer allocation by using a shared buffer
between SBT and tape. In past versions, RMAN writes data to the SBT buffer, then the
media manager copies data from the SBT buffer to the tape buffer. Using a shared buffer
(OSB and RMAN only) reduces CPU overhead by up to 30% in internal tests.
Note: These Oracle Secure Backup 10.2 and Recovery Manager 11g performance optimizations
are not available with third-party media management utilities.
In addition to Oracle database backup performance enhancements, Oracle Secure Backup 10.2
has strengthened the data transfer architecture, achieving faster performance than that of OSB
10.1 for file system and networked backups. You can now explicitly define TCP/IP buffer size to
send larger packet sizes over the network (as desired), and further increase your remote backup
performance.

Oracle Database 11g: Oracle Secure Backup 12 - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performance Factors

# echo 1 > /proc/scsi/sg/allow_dio


# touch /usr/local/oracle/device/enable_dio

To use direct I/O with Oracle Secure Backup, you need RedHat AS 4.0 or above and the patch
that includes Oracle Secure Backup direct I/O enhancement 5479541.
From the benchmark testing example: The team experimented backing up data with and without
direct I/O: Without direct I/O the maximum speed of four drives on one node was about 220
MBs with nearly 100% CPU utilization. That speed was 40% slower than a backup with direct
I/O. Enabling direct I/O significantly helps performance.

Oracle Database 11g: Oracle Secure Backup 12 - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performance Factors (continued)


Note: Oracle Secure Backup supports Linux direct I/O, which eliminates additional memory
copies when backing up to tape.
To decrease CPU usage and increase speed, OSB can take advantage of direct I/O for writing to
tapes. With direct I/O, the Linux kernel can manipulate memory allocated within the user space
(that is, the OSB tape buffer), so that the adapter driver can transfer data via the Direct Memory
Access (DMA) technique directly to or from that user space memory. Without direct I/O, the
memory first must be copied to the kernel space and then transferred by means of the DMA to
the adapter. Thus, using direct I/O to write to tape can significantly reduce CPU usage.
You can enable direct I/O by issuing the following commands as a super user on the OSB media
server:

Backup parallelism: One RMAN channel per tape device


RMAN ALLOCATE CHANNEL and CONFIGURE CHANNEL
parameter BLKSIZE: Size of buffer shared with OSB
OSB BLOCKINGFACTOR media policy: Controlling tape block
size.

Copyright 2009, Oracle. All rights reserved.

Performance Factors (continued)


Other performance factors include:
The number of concurrent RMAN channels controls backup parallelism. An RMAN
channel represents one stream of data to an output device. An RMAN channel is an
operating system process or thread (on Windows) that reads the data from disk and sends it
to the output device. The backup is performed in parallel on all allocated channels.
Because the channels act independently, the number of active channels defines the level of
parallelism. The number of channels should not exceed the number of tape devices: One
RMAN channel per tape device should provide the best performance.
The size of the output buffers used to transfer data from RMAN to Oracle Secure Backup
is controlled by the RMAN ALLOCATE CHANNEL and CONFIGURE CHANNEL
parameter BLKSIZE. So you can tune the size of Oracle database output buffers and tape
block size.
Oracle Secure Backup provides the media management layer for RMAN. In other words,
Oracle Secure Backup is responsible for copying data from Oracle database buffers and
writing these buffers to tape. The most important parameter for tuning Oracle Secure
Backup is the BLOCKINGFACTOR media policy that controls tape block size.

Oracle Database 11g: Oracle Secure Backup 12 - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performance Factors

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Decreasing the value of the RMAN BLKSIZE parameter


causes less CPU usage and, in the case of greater
parallelism, a faster backup.
You can achieve faster tape backups by increasing the
BLOCKINGFACTOR media policy (if parallelism > 1).

Copyright 2009, Oracle. All rights reserved.

Tuning Oracle Secure Backup


From the benchmark testing example:
The graph shows the speed of an RMAN backup to tape with one and four RMAN
channels with different values of BLKSIZE. It is important to emphasize that BLKSIZE
does not influence speed when parallelism is 1. Further testing on other operation systems
such as Solaris showed that BLKSIZE has minimal impact on performance, so the testers
believe that this behavior is specific to Linux.
To better use the bandwidth between server host and tape, the testers increase the tape
block size and document the performance gains of larger block size. You can change the
tape block size by setting the BLOCKINGFACTOR media policy. The value of this
parameter represents the number of 512-byte blocks with the default setting of 128. The
test shows that the best speed is achieved with the BLOCKINGFACTOR set to 4096, which
corresponds to a block size of 2 MB. To achieve direct I/O with larger buffers (2 MB), you
need the Linux RedHat patch, that fixes bug 5479559. Without that patch the maximum
tape block size is 512 KB.
Changing tape block size does not have any measurable affect on backup performance
when parallelism is 1. This is because with parallelism 1, the CPU is able to initiate DMA
requests (to transfer from server memory to tape controller) fast enough to keep the tape
drive spinning.
Oracle Database 11g: Oracle Secure Backup 12 - 11

Oracle University and (Oracle Corporation) use only.

Tuning Oracle Secure Backup

Copyright 2009, Oracle. All rights reserved.

Results of Tuning
From the benchmark testing example: After tuning the base environment and documenting the
performance results, we measured the performance achieved by adding a RAC node and more
tape drives. Our test proved the scalability of this solution. Oracle Secure Backup leverages over
97% of available throughput with performance increasing linearly with that of hardware
capability.
The chart demonstrates how Oracle Secure Backup delivers speeds of 700 MB/s leveraging over
97% of available disk throughput to eight LTO-3 tape drives.
The blue line shows the linear improvement in backup speed utilizing one node of the
RAC as the number of tape drives is increased from one to four.
By adding a second node and an additional four tape drives, backup performance continues
to increase in direct relation to the additional hardware capabilities, as shown on the green
line of the chart.

Oracle Database 11g: Oracle Secure Backup 12 - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Results of Tuning

Scalability of:
Disk Storage Subsystem with Oracle ASM
Servers with RAC
Tapes with an appropriate tape library design
SAN drive sharing
Backup software supporting:
New nodes in a RAC cluster
New disks in an ASM disk group
New clients and media servers in the OSB domain

Copyright 2009, Oracle. All rights reserved.

Scalability of the Overall System


Because of the exponential growth of transactional data, the most important aspect of the entire
backup system is scalability.
By adding more disk drives to an ASM disk group, you can easily scale the throughput of
the disk subsystem.
By combining the computing power of multiple commodity servers, RAC provides high
availability for the Oracle database in addition to scalability. As new nodes are added to
the RAC environment, the computing power linearly increases performance.
A tape library design should allow the tape library to be easily expanded by adding more
tape drives and capacity.
Oracle Secure Backup has a SAN drive-sharing feature that enables utilization of all hosts
in a RAC cluster.
The OSB backup software is easily scalable: It supports new nodes in a RAC cluster, new
disks in an ASM disk group, new clients and media servers in the OSB domain.

Oracle Database 11g: Oracle Secure Backup 12 - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Scalability of the Overall System

With parallelism 1, you can achieve faster tape backups by


increasing the BLOCKFACTOR media policy.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 12 - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Which of the following performance optimizations are only


available if you are using RMAN and OSB together?
1. Linux direct I/O
2. Backup of only uncommitted undo
3. Fibre Channel SAN
4. Shared buffer between SBT and OSB tape

Copyright 2009, Oracle. All rights reserved.

Answers: 2, 4

Oracle Database 11g: Oracle Secure Backup 12 - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

With parallelism 1, the RMAN ALLOCATE CHANNEL and


CONFIGURE CHANNEL parameter BLKSIZE has minimal
impact on performance.
1. True
2. False

Copyright 2009, Oracle. All rights reserved.

Answers: 1

Oracle Database 11g: Oracle Secure Backup 12 - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

Assume that you are tuning an environment with 64 disks. The


_BACKUP_KSFQ_BUFSZ parameter is set to 1 MB, which is
also the size of your ASM stripe. To which value should you set
the _BACKUP_KSFQ_BUFCNT parameter?
1. 16
2. 32
3. 64

Copyright 2009, Oracle. All rights reserved.

Answers: 3

Oracle Database 11g: Oracle Secure Backup 12 - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Quiz

In this lesson, you should have learned how to:


Identify tunable hardware and software components
Choose optimal subsystems
Consider performance factors, such as:
RMAN needs to be tuned, so it can use all disk spindles in
the ASM disk group (with the _KSFQ_BACKUP_BUFCNT
database parameter: 64).
Enabling Linux direct I/O significantly helps performance.
One RMAN channel per tape device should provide the best
performance.
Tune the size of Oracle database output buffers and tape
block size, and specify TCP/IP buffer size for sending larger
packets over the network.

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup 12 - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Appendix A
Practices and Solutions

Practices for Lesson 1 ......................................................................................................... 3


Practices for Lesson 2 ......................................................................................................... 4
Practice 2-1: Install Oracle Secure Backup .................................................................... 5
Practice 2-2: Configure Media for Oracle Secure Backup ............................................. 9
Practices for Lesson 3 ....................................................................................................... 13
Practice 3-1: Configure an OSB User........................................................................... 14
Practice 3-2: Configure a Host Encryption Policy........................................................ 19
Practices for Lesson 4 ....................................................................................................... 21
Practice 4-1: Configure RMAN for OSB...................................................................... 22
Practices for Lesson 5 ....................................................................................................... 34
Practice 5-1: Perform an Oracle-Suggested Backup..................................................... 35
Practice 5-2: Recover a Data File from an OSB-Encrypted Backup ............................ 44
Practices for Lesson 6 ....................................................................................................... 50
Practice 6-1: Back Up File-System Data ...................................................................... 51
Practices for Lesson 7 ....................................................................................................... 61
Practice 7-1: Restore File-System Data ........................................................................ 62
Practices for Lesson 8 ....................................................................................................... 67
Practice 8-1: Perform a Preconfigured OSB Catalog Backup ...................................... 68
Practices for Lesson 9 ....................................................................................................... 75
Practice 9-1: View OSB Management Tasks................................................................ 76
Practices for Lesson 10 ..................................................................................................... 78
Practice 10-1: Configure Tape Vaulting ....................................................................... 79
Practice 10-2: Use Tape Vaulting ................................................................................. 91
Practices for Lesson 11 ................................................................................................... 106
Practice 11-1: View Media Lifecycle Demo .............................................................. 107

Oracle Database 11g: Oracle Secure Backup

A-2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Table of Contents

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 1

There are no practices for Lesson 1.

Oracle Database 11g: Oracle Secure Backup

A-3

Background: You are promoted to be the Oracle Secure Backup administrator in your
organization. Your first task is to create your own training environment. You install
Oracle Secure Backup on only one server and confirm that each installation step is
correctly executed.
THE VIRTUAL TEST DEVICES USED IN THIS LAB ARE FOR TRAINING
PURPOSES ONLY. THEY ARE NOT SUPPORTED FOR PRODUCTION USE.
Note: Executing all installation and configuration steps is a prerequisite for the following
practices.

Oracle Database 11g: Oracle Secure Backup

A-4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 2

In this practice, you perform the following tasks:


Create your Oracle Secure Backup home directory.
Install the Oracle Secure Backup software.
Unless specified otherwise during this practice, you should log in as the oracle user to
your terminal emulator session.
Note: In this practice, simple and easy to remember passwords are used in order not to
detract from the purpose of the exercise. In real development and production
environments, use strong passwords following the guidelines in Oracle Database
Security Guide and the Oracle Secure Backup Administrators Guide.
Use the following information to install the software:
The Oracle Secure Backup software is staged on your server in the
/stage/osb_installmedia directory.
Your Oracle Secure Backup home directory is /usr/local/oracle/backup.
All your passwords are oracle.
During installation, you configure only the local server as an administrative server with
no attached devices.
1) Log in as the root user and create /usr/local/oracle/backup as your
Oracle Secure Backup home directory. Change to that directory. Ensure that the
uncompress utility is available.
su root
Password: oracle <<password not echoed >>
# mkdir -p /usr/local/oracle/backup
# cd /usr/local/oracle/backup
# ln -s /bin/gunzip /bin/uncompress
#

2) Continue as the root user. Start the installation of Oracle Secure Backup from the
staging directory. Begin with the setup program.
Note: The output has been slightly formatted to reduce the number of space lines.
# /stage/osb_installmedia/setup
Welcome to Oracle's setup program for Oracle Secure Backup.
This program loads Oracle Secure Backup software from the CDROM to a filesystem directory of your choosing.
This CD-ROM contains Oracle Secure Backup version
10.2.0.2.0_linux32.
Please wait a moment while I learn about this host... done.

Oracle Database 11g: Oracle Secure Backup

A-5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-1: Install Oracle Secure Backup

Practice 2-1: Install Oracle Secure Backup (continued)


-

- - - - - - - - - - - - - - - 1. linux32
administrative server, media server, client

- - - - - - - - - - - - - - - - - - - Loading Oracle Secure Backup installation tools... done.


Using your previous obparameters file. The new file shipped
with this distribution of Oracle Secure Backup is called
install/obparameters.new.
Loading linux32 administrative server, media server, client...
done.
- - - - - - - - - - - - - - - - - - Loading of Oracle Secure Backup software from CD-ROM is
complete.
You may unmount and remove the CD-ROM.

Would you like to continue Oracle Secure Backup installation


with 'installob' now? (The Oracle Secure Backup Installation
Guide contains complete information about installob.)
Please answer 'yes' or 'no' [yes]: yes
-

Welcome to installob, Oracle Secure Backup's UNIX installation


program.
It installs Oracle Secure Backup onto one or more UNIX or
Linux systems on your network. (Install Oracle Secure Backup
for Windows using the CD-ROM from which you loaded this
software.)
For most questions, a default answer appears enclosed in
square brackets.
Press Enter to select this answer.
Please wait a few seconds while I learn about this machine...
done.
Have you already reviewed and customized install/obparameters
for your Oracle Secure Backup installation [yes]? no
Would you like to do this now [yes]? no
- - - - - - - - - - - - - - - - - - - Oracle Secure Backup is not yet installed on this machine.
Oracle Secure Backup's Web server has been loaded, but is not
yet configured.

Oracle Database 11g: Oracle Secure Backup

A-6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-1: Install Oracle Secure Backup (continued)

If you are not sure which way to install, please refer to the
Oracle Secure Backup Installation Guide. (a,b or c) [a]? a
Beginning the installation. This will take just a minute and
will produce several lines of informational output.
Installing Oracle Secure Backup on edvmr1p0 (Linux version
2.6.9-67.0.7.0.1.ELxenU)
You must now enter a password for the Oracle Secure Backup
encryption key store. Oracle suggests you choose a password
of at least 8 characters in length, containing a mixture of
alphabetic and numeric characters.
Please enter the key store password: oracle <<password not
echoed >>
Re-type password for verification: oracle <<password not
echoed >>
You must now enter a password for the Oracle Secure Backup
'admin' user.
Oracle suggests you choose a password of at least 8 characters
in length,
containing a mixture of alphabetic and numeric characters.
Please enter the admin password: oracle <<password not echoed
>>
Re-type password for verification: oracle <<password not
echoed >>

You should now enter an email address for the Oracle Secure
Backup 'admin' user. Oracle Secure Backup uses this email
address to send job summary reports and to notify the user
when a job requires input. If you leave this
blank, you can set it later using the obtool's 'chuser'
command.
Please enter the admin email address: <<no entry, just press
the Enter key>>
generating links for admin installation with Web server
updating /etc/ld.so.conf

Oracle Database 11g: Oracle Secure Backup

A-7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

You can install this host one of three ways:


(a) administrative server the host will also be able to
act as a media server or client)
(b) media server
(the host will also be able to act as a client)
(c) client

checking Oracle Secure Backup's configuration file


(/etc/obconfig)
setting Oracle Secure Backup directory to
/usr/local/oracle/backup in /etc/obconfig
setting local database directory to /usr/etc/ob in
/etc/obconfig
setting temp directory to /usr/tmp in /etc/obconfig
setting administrative directory to
/usr/local/oracle/backup/admin in /etc/obconfig
protecting the Oracle Secure Backup directory
creating /etc/rc.d/init.d/observiced
activating observiced via chkconfig
initializing the administrative domain
********************** N O T E *************************
On Linux systems Oracle recommends that you answer no to the
next two questions. The preferred mode of operation on Linux
systems is to use the /dev/sg devices for attach points as
described in the 'ReadMe'
and in the 'Installation and Configuration Guide'.

Is edvmr1p0 connected to any tape libraries that you'd like to


use with Oracle Secure Backup [no]? no
Is edvmr1p0 connected to any tape drives that you'd like to
use with Oracle Secure Backup [no]? no
Installation summary:
Installation Host
OS
Driver
OS Move
Reboot
Mode
Name
Name Installed? Required? Required?
admin
edvmr1p0 Linux no
no
no
Oracle Secure Backup is now ready for your use.
# exit
exit
$

Oracle Database 11g: Oracle Secure Backup

A-8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-1: Install Oracle Secure Backup (continued)

In this practice, you perform the following tasks:


Configure the mediaserver role for the current host.
Configure virtual test devices.
View information about the configured devices.
Insert volumes into both tape libraries.
Confirm the correct configuration via the obtool interface.
1) In a terminal window, navigate to the /home/oracle/labs directory and execute
the ./config1.sh script to update the config1_out.sh script with your short
host name.
$ cd /home/oracle/labs
$
$ cat config1.sh
#!/bin/ksh
# Only for test and training, not for production
# Must be connected as oracle OS user
if [ `whoami` != "oracle" ]; then
echo "You are supposed to be logged on as oracle when
running this script."
exit
fi

x=`hostname --short`
echo $x
sed 's/edrsr04p1/'$x'/' config1_in.sh > config1_out.sh
$ ./config1.sh
edvmr1p0
$

2) In the /home/oracle/labs directory, execute the ./config1_out.sh script to


perform the following tasks:
Configure the client,admin,mediaserver roles for the current host.
Configure the vdte1, vdte2, vdte3 and vdte4 tape drives for the vlib
library.
Configure the vdrive1 and vdrive2 for the vlib2 library.
Note: You must enter the admin_password several times, because it would be a
security violation to provide the password in clear text on a command line or in a
command script. Oracle Corporation recommends that you prompt users for the
appropriate password.

Oracle Database 11g: Oracle Secure Backup

A-9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-2: Configure Media for Oracle Secure Backup

$ ./config1_out.sh
Password: <<oracle the admin_password does not appear>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
Password: <<oracle>>
$

3) Now, practice some potential installation troubleshooting steps to confirm that the
configured devices exist according to your specifications. First view your virtual
drives and libraries as operating system directories under the u01 directory.
$ ls -l /u01
total 36
drwxrwxr-x 4
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
drwxr-xr-x 2
$

root
root
root
root
root
root
root
root
root

oinstall
root
root
root
root
root
root
root
root

4096
4096
4096
4096
4096
4096
4096
4096
4096

Aug 21 2007 app


Oct 9 13:01 vdrive1
Oct 9 13:01 vdrive2
Oct 9 13:00 vdte1
Oct 9 13:00 vdte2
Oct 9 13:01 vdte3
Oct 9 13:01 vdte4
Oct 9 13:00 vlib
Oct 9 13:01 vlib2

Note: If any of your virtual libraries or tape drives do not exist, most likely, you will
have to uninstall the OSB software and start again.
4) Start the obtool as the admin user with the oracle password, and view all roles
of your host with the lshost command.
Note: If you receive the following, Warning: auto-login failed login
token has expired, ignore it. It means that you have to enter the login username
and password as shown above. - If you are within the time period of your login
token, you do NOT have to enter username and password.
[oracle@edrsr4p1 labs]$ obtool
Oracle Secure Backup 10.2.0.2.0
login: admin
Password:oracle <<Password not echoed >>
ob> lshost
edvmr1p0
admin,mediaserver,client
in service

(via OB)

5) View your just created devices with the lsdev command.


ob> lsdev
library

vlib

in service

Oracle Database 11g: Oracle Secure Backup

A - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-2: Configure Media for Oracle Secure Backup


(continued)

drive
drive
drive
drive
library
drive
drive
ob>

1
2
3
4
1
2

vdte1
vdte2
vdte3
vdte4
vlib2
vdrive1
vdrive2

in
in
in
in
in
in
in

service
service
service
service
service
service
service

6) To insert unlabeled volumes into both tape libraries, either execute the config2.txt
OSB script in your working directory or use the insertvol command. Insert 32
volumes into the vlib library and 14 volumes into the vlib2 library.
ob>
ob>
ob>
ob>
ob>
ob>
ob>

< /home/oracle/labs/config2.txt
# Only for test and training, not for production
# OSB script, run as admin user
insertvol -L vlib -c 250 unlabeled 1-32
insertvol -L vlib2 -c 250 unlabeled 1-14

7) List the volumes in the vlib2 library with the lsvol command, to confirm that they
are correctly configured.
ob> lsvol -L vlib2
Inventory of library vlib2:
in
1:
unlabeled,
c91e60a47888102bbceaaa0b0000401
in
2:
unlabeled,
c92cec787888102bbceaaa0b0000401
in
3:
unlabeled,
c93a988c7888102bbceaaa0b0000401
in
4:
unlabeled,
c948466c7888102bbceaaa0b0000401
in
5:
unlabeled,
c9560acc7888102bbceaaa0b0000401
in
6:
unlabeled,
c963bdc07888102bbceaaa0b0000401
in
7:
unlabeled,
c9717a6e7888102bbceaaa0b0000401
in
8:
unlabeled,
c97f2eca7888102bbceaaa0b0000401
in
9:
unlabeled,
c98cecae7888102bbceaaa0b0000401
in
10:
unlabeled,
c99aa7187888102bbceaaa0b0000401
in
11:
unlabeled,
c9a8585e7888102bbceaaa0b0000401
in
12:
unlabeled,
c9b620f67888102bbceaaa0b0000401

barcode
barcode
barcode
barcode
barcode
barcode
barcode
barcode
barcode
barcode
barcode
barcode

Oracle Database 11g: Oracle Secure Backup

A - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 2-2: Configure Media for Oracle Secure Backup


(continued)

Practice 2-2: Configure Media for Oracle Secure Backup


(continued)

8) View the default media families in the obtool. Use the lsmf --long command,
and use the logout command to exit.
ob> lsmf --long
OSB-CATALOG-MF:
Write window:
7 days
Keep volume set:
14 days
Appendable:
yes
Volume ID used:
unique to this media family
Comment:
OSB catalog backup media family
RMAN-DEFAULT:
Keep volume set:
content manages reuse
Appendable:
yes
Volume ID used:
unique to this media family
Comment:
Default RMAN backup media family
ob> logout
$
Note: If you use the quit command to exit, then you do not have to enter username

and password within the time period of your login token.


If you use the logout command to exit, then you will be asked for username and
password, the next time that you enter the obtool. This is more secure.

Oracle Database 11g: Oracle Secure Backup

A - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

in
13:
unlabeled, barcode
c9c3e0427888102bbceaaa0b0000401
in
14:
unlabeled, barcode
c9d19f527888102bbceaaa0b0000401
ob>

Background: After your successful installation of the Oracle Secure Backup software,
you ensure that the security requirements of your organization are implemented with
Oracle Secure Backup. You want to limit access to the OSB domain and make sure that
tapes are encrypted at all times, whether they are onsite, in off-site storage or even lost.
Note: Executing all configuration steps in this practice is a prerequisite for the following
practices.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 3

Oracle Database 11g: Oracle Secure Backup

A - 13

In this practice, you perform the following tasks in the Oracle Secure Backup Web tool:
Set the OSB preference to view the extended command output.
Define a new Oracle Secure Backup user.
Configure preauthorization for this user.
In the Oracle Secure Backup Web tool you create the oracle Oracle Secure Backup
user and preauthorize this user for RMAN backups. Preauthorization means that this
user does not have to provide OSB credentials, after they are logged into Enterprise
Manager and started, for example, a backup job to tape.
1) Start a web browser and enter your URL in the following format:
https://<your host name>, for example,
https://edvmr1p0.us.oracle.com

2) In Oracle classrooms, you may receive a security warning about the website
certificate, which originates in the fact that you have been given a newly installed
server. Accept the certificate (permanently, if possible) or if asked, add it to your
website exception. The exact messages (and the number of windows) depend on your
browser.
3) On the Oracle Secure Backup Login page, enter admin as User Name, oracle as
Password, and click Login.

4) On the Oracle Secure Backup home page, click Preferences.

Oracle Database 11g: Oracle Secure Backup

A - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3-1: Configure an OSB User

5) On the Preferences page, select Extended command output: On and then click Apply.

Note: You will see the result of this step in several of the coming screenshots. It displays
relevant obtool commands in the Extended Command Output section below the graphic
elements on a page.
6) On the Preferences page, click Configure.

7) On the Configure page, click Users in the Basic section.

Oracle Database 11g: Oracle Secure Backup

A - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3-1: Configure an OSB User (continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3-1: Configure an OSB User (continued)

8) On the Configure: Users page, click Add.

9) On the Configure: Users > New Users page, enter or select the following values, and
then click Apply:
User oracle
Password: oracle
User class: oracle
UNIX name: oracle
UNIX group: dba

Oracle Database 11g: Oracle Secure Backup

A - 16

Practice 3-1: Configure an OSB User (continued)


NDMP server user: no

10) View the mkuser obtool command in the Extended Command Output area. You
executed this command when you clicked Apply. Then click Preauthorized Access.

11) On the Configure: Users > oracle > Preauthorized Access page, select or enter the
following values, and then click Add:

Oracle Database 11g: Oracle Secure Backup

A - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Note: If you have an NDMP server, set the value to yes, but inside the regular
classrooms, an NDMP server is not available, so set the value to no.

Practice 3-1: Configure an OSB User (continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Hosts: all hosts


OS username: *
Attributes: rman
Note: All hosts is an appropriate value for this training environment, but for
development and production environments, limit preauthorized access to selected hosts.

12) You should receive a success message.

13) If needed, scroll down and review the chu obtool command. Then click the
Configure tab in preparation for your next task.

Oracle Database 11g: Oracle Secure Backup

A - 18

In this practice, you configure a policy to encrypt all database and file system backups
on this host with Oracle Secure Backup encryption. You use an encryption key with the
AES192 default algorithm that OSB transparently (randomly) generates for encryption
during backup and decryption during recovery. All of the following backup and recovery
operations will use this policy (unless you define a specific exception).
1) Logged into the Oracle Secure Backup Web tool as the admin user, navigate to the
Configure page.
2) On the Configure page, click Hosts in the Basic section.
3) To configure host encryption policies, select your host and click Edit.

4) Select Encryption: required. Accept the default algorithm of aes192 and leave the
other fields with their default values as well. Then click Apply.

Oracle Database 11g: Oracle Secure Backup

A - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3-2: Configure a Host Encryption Policy

5) You should receive a success message.

6) View the chhost command in the Extended Command Output section. You
specified that encryption is required, that encryption keys should be randomly
generated and that they should be regenerated every month. - Click OK.

7) Log out of the Web tool.

Oracle Database 11g: Oracle Secure Backup

A - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 3-2: Configure a Host Encryption Policy (continued)

Background: You continue with your one-time configuration tasks. In this practice, you
configure RMAN for Oracle Secure Backup. Because you plan to use Enterprise
Manager (EM) as your main interface, you first register the administrative server in EM,
and then you create a database backup storage selector. This selector is used by RMAN to
pass the database name, copy number and content type to Oracle Secure Backup. Of
course, you test each step. Finally, you ensure that the database is in ARCHIVELOG mode.
Note: Completing this practice is a prerequisite for the following practices.

Oracle Database 11g: Oracle Secure Backup

A - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 4

In this practice, you perform the following tasks in Enterprise Manager as the SYS user:
Connect to the EM Database Console with your browser.
Register the administrative server in EM.
Verify connectivity to the libraries.
Create a database backup storage selector for your database.
Test your tape backup.
Verify RMAN recovery settings for the database: ARCHIVELOG mode enabled
1) To connect to Enterprise Manager, perform the following steps:
a) In a terminal window as oracle OS user, retrieve the host name for your
computer by checking the status of the dbconsole.
$ emctl status dbconsole
Oracle Enterprise Manager 11g Database Control Release
11.1.0.6.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights
reserved.
https://edvmr1p0.us.oracle.com:1158/em/console/aboutApplicatio
n
Oracle Enterprise Manager 11g is running.
----------------------------------------------------------------Logs are generated in directory
/u01/app/oracle/product/11.1.0/db_1/edvmr1p0.us.oracle.com_orc
l/sysman/log
$

b) Open your browser application and enter the URL, https://<host


name>:1158/em.
c) In Oracle classrooms, you may receive a security warning about the website
certificate, which originates in the fact that you have been given a newly installed
server. Accept the certificate (permanently, if possible) or if asked, add it to your
website exception. The exact messages (and the number of windows) depend on
your browser.
d) On the Database Login page, enter SYS as User Name, oracle as Password,
select SYSDBA from the Connect As drop-down list, and then click Login.

Oracle Database 11g: Oracle Secure Backup

A - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB

2) To register your administrative server, navigate to Availability > Oracle Secure


Backup Device and Media (in the Oracle Secure Backup section).

a) On the Add Administrative Server page, enter /usr/local/oracle/backup in


the Oracle Secure Backup Home field. Then, make sure that admin is set in the
Username field, enter oracle in the Password field, and then click OK. (Click
No, if the Password Manager offers to remember the password.)

Oracle Database 11g: Oracle Secure Backup

A - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

b) On the Host Credentials page, enter oracle for both the Username and
Password fields. Select the Save as Preferred Credential check box. Then, click
OK.

After clicking OK, the Administrative Server page is displayed.


3) To verify connectivity to the libraries, click the Manage link after Devices in the
Resources section.

Oracle Database 11g: Oracle Secure Backup

A - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

a) On the Devices page, ensure that the vlib library is selected, then choose
Verify Connectivity from the Actions drop-down list, and click the Actions Go
button.

b) You should receive the information that the vlib library and four tape drives are
accessible.

c) Select the vlib2 library, Verify Connectivity Actions and click the Actions Go
button.

Oracle Database 11g: Oracle Secure Backup

A - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

You should receive the information that the vlib2 library and two tape drives are
accessible.
d) Click the Database tab in preparation for your next task.

4) To create a database storage selector, navigate to Availability > Backup Settings.


a) On the Backup Settings page, enter 1 for Tape Drives in the Tape Settings
section.
b) Under Host Credentials, enter oracle as Username and enter oracle as
Password. If these fields are already filled in, make sure the supplied values are
correct. Select Save as Preferred Credential, and click OK.

Oracle Database 11g: Oracle Secure Backup

A - 26

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

c) Reaccess the Backup Settings page and click Configure in the Oracle Secure
Backup section.

d) On the Administrative Server Login page, make sure that your administrative
server is selected from the list. Enter oracle as Username and as Password. If
these fields are already filled in, make sure the supplied values are correct. Select
Save as Preferred Credential and click OK.

Oracle Database 11g: Oracle Secure Backup

A - 27

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

e) On the Backup Storage Selectors page, click Add to configure a Backup Storage
Selector for your database.

f) On the Add Backup Storage Selector page, under the heading For These Types
of Backups, select all check boxes (for Archive Logs, Auto Backup, Full, and
Incremental database backup types). Select RMAN-DEFAULT as Media Family.
Then click Add to limit the devices for RMAN backups.

Oracle Database 11g: Oracle Secure Backup

A - 28

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

g) On the Use Devices page, select the tape drives of your vlib library: vdte1,
vdte2, vdte3, and vdte4, and then click the Select button.

h) To create your database storage selector, click OK.

Oracle Database 11g: Oracle Secure Backup

A - 29

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

i) You should receive a success message. Your Backup Storage Selector has been
created and is now displayed. Click Return.

Oracle Database 11g: Oracle Secure Backup

A - 30

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

You return to the Backup Settings page.


5) Test your tape backup.
a) On the Backup Settings page, scroll down to see that the administrative server is
set. Make sure that your Host Credentials are correct, and then click Test Tape
Backup in the Tape Settings section in the middle of the page.

The progress window appears.

Oracle Database 11g: Oracle Secure Backup

A - 31

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 4-1: Configure RMAN for OSB (continued)

Practice 4-1: Configure RMAN for OSB (continued)

6) Connected as SYSDBA to a SQL*Plus session, verify that the database is in


ARCHIVELOG mode. If your database is in ARCHIVELOG mode, continue with the
next step. If not, shut down the database, enable archiving, and then restart the
database.
$ sqlplus / as sysdba
SQL*Plus: Release 11.1.0.6.0 - Production on Mon Oct 13
14:27:11 2008
Copyright (c) 1982, 2007, Oracle.

All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 Production
With the Partitioning, Oracle Label Security, OLAP, Data
Mining and Real Application Testing options
SQL> archive log list
Database log mode
No Archive Mode
Automatic archival
Disabled
Archive destination
USE_DB_RECOVERY_FILE_DEST
Oldest online log sequence
46
Current log sequence
48
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup mount
ORACLE instance started.
Total System Global Area 627732480 bytes
Fixed Size
1301728 bytes
Variable Size
448791328 bytes
Database Buffers
171966464 bytes
Redo Buffers
5672960 bytes
Database mounted.
SQL> alter database archivelog;
Database altered.

Oracle Database 11g: Oracle Secure Backup

A - 32

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

b) When your tape drive test is successful, click the Database Instance link to return
to the Availability page.

Practice 4-1: Configure RMAN for OSB (continued)

SQL> archive log list


Database log mode
Automatic archival
Archive destination
Oldest online log sequence
Next log sequence to archive
Current log sequence
SQL>

Archive Mode
Enabled
USE_DB_RECOVERY_FILE_DEST
46
48
48

7) Exit SQL*Plus.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition
Release 11.1.0.6.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data
Mining and Real Application Testing options
$

Oracle Database 11g: Oracle Secure Backup

A - 33

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

SQL> alter database open;


Database altered.

Background: After completing your configuration tasks, which included mandatory onetime setup tasks and (from the software point of view optional) security configuration
tasks, you are ready to perform your first database backup to tape.
You decide to use Enterprise Manager for an Oracle-Suggested Backup to tape, to test
this functionality. For a production system, you would consider backing up to both disk
and tape for faster recovery.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 5

Oracle Database 11g: Oracle Secure Backup

A - 34

In this practice, you use Enterprise Manager for an Oracle-Suggested Backup with the
following specifications:
Backup destination: tape
Full weekly backup, then daily incremental and archive log backup
Tape Drives: 1
Schedule daily backup within 5 minutes of your current date and time
Encrypted by Oracle Secure Backup
Unless specified otherwise, you should log on as the oracle user to your terminal emulator
session, and as SYSDBA to your Database Control Console.
1) Logged into Enterprise Manager as the SYS user, navigate to: Availability > Schedule
Backup.
2) On the Schedule Backup page, ensure your Host Credentials are set correctly. Then
click Schedule Oracle-Suggested Backup.

3) On the Schedule Oracle-Suggested Backup: Destination page, select Tape and click
Next.

Oracle Database 11g: Oracle Secure Backup

A - 35

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup

4) On the Schedule Oracle-Suggested Backup: Setup page, ensure 1 is set for Tape
Drives, and expand Encryption at the bottom of the page.

5) Do not enter anything in the RMAN encryption fields for this practice. Click
Next. (Although you could specify RMAN encryption in this section, doing so would
take precedence over OSB encryption.)

Oracle Database 11g: Oracle Secure Backup

A - 36

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

6) On the Schedule Oracle-Suggested Backup: Schedule page, select the daily backup
to run within 5 minutes of your current date and time, and then click Next.

7) On the Schedule Oracle-Suggested Backup: Review page, review both the Settings
and RMAN Scripts and click Submit Job.

Oracle Database 11g: Oracle Secure Backup

A - 37

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

8) You should see that the job has been successfully submitted.

9) At your specified backup time, click View Job.


The Job Execution page is displayed.
10) Wait until the job run completes. In the Summary section, note that RMAN did not
encrypt this backup.
Then, click the Backup link under the Logs section. In the Output log, review how the
RMAN command allocates the tape devices.

Oracle Database 11g: Oracle Secure Backup

A - 38

11) In the output log of RMAN, review the information about the tape backup.

12) In the screenshot above, you see the channel allocation for the tape.
Oracle Database 11g: Oracle Secure Backup

A - 39

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

14) Because you do not see OSB encryption in the RMAN output, review the OSB
transcript of this job execution.
15) Click the Database tab, then click Availability and (if your browser permits) rightclick File System Backup and Restore > Open Link in New Tab.
16) Log in to the OSB Web tool as the admin user with the oracle password.
17) Navigate to Manage > Jobs.
18) On the Manage: Jobs page, select the following viewing options: Active, Complete,
Pending and Types: Oracle backup, and then click Apply.

19) Select the datafile backup and click Show Transcript.

Oracle Database 11g: Oracle Secure Backup

A - 40

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

13) Scroll down to review the execution of all commands.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

Your screen might look a little different.


20) Review the job transcript.

Oracle Database 11g: Oracle Secure Backup

A - 41

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

22) Optional: If you are interested in a summary of the backup activities, you can select
EM Availability > Backup Reports. Scroll down to see the Result area.

Oracle Database 11g: Oracle Secure Backup

A - 42

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

21) Find the encryption values and the error rate, and then click Close.

Your screenshot will look different, but it should show SBT_TAPE under Output Devices.

Oracle Database 11g: Oracle Secure Backup

A - 43

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-1: Perform an Oracle-Suggested Backup (continued)

In this practice, you perform a tablespace recovery using the encrypted tape backup. You
perform an object-level recovery of the EXAMPLE tablespace to the current time or to a
previous point in time through the Enterprise Manager interface. Restore the files to the
default location.
Unless specified otherwise, you should log in as SYS user (with the oracle password)
and connect as SYSDBA to Enterprise Manager Database Control and SQL*Plus sessions.
1) First, copy the example01.dbf file to the /home/oracle/solutions directory
and attempt to insert a row into the HR.COUNTRIES table, which should fail. This
simulates a scenario that requires you to initiate recovery operations.
If you want to save yourself the typing of the commands, execute the rec_setup.sh
script; otherwise, execute the following commands:
Note: The output has been slightly formatted to conserve space.
$ ls $ORACLE_BASE/oradata/orcl
control01.ctl example01.dbf
control02.ctl redo01.log
control03.ctl redo02.log

redo03.log
sysaux01.dbf
system01.dbf

temp01.dbf
undotbs01.dbf
users01.dbf

$ cp $ORACLE_BASE/oradata/orcl/example01.dbf
/home/oracle/solutions/example01.save
$ ls /home/oracle/solutions
archivelog.sh example01.save
test_labs.sh

show_host.sh

show_port.sh

$ rm -f $ORACLE_BASE/oradata/orcl/example01.dbf
$ sqlplus / as sysdba
SQL*Plus: Release 11.1.0.6.0 - Production on Tue Oct 21
19:28:20 2008
Copyright (c) 1982, 2007, Oracle.

All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 Production
With the Partitioning, Oracle Label Security, OLAP, Data
Mining and Real Application Testing options
SQL> desc hr.countries
Name
Null?
------------------- -------COUNTRY_ID
NOT NULL
COUNTRY_NAME
REGION_ID

Type
---------------------CHAR(2)
VARCHAR2(40)
NUMBER

Oracle Database 11g: Oracle Secure Backup

A - 44

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup (continued)
SQL> INSERT INTO hr.countries
2 VALUES ('TT','TEST COUNTRY',1);
2

INSERT INTO hr.countries


*
ERROR at line 1:
ORA-01116: error in opening database file 5
ORA-01110: data file 5:
'/u01/app/oracle/oradata/orcl/example01.dbf'
ORA-27041: unable to open file
Linux Error: 2: No such file or directory
Additional information: 3

SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition
Release 11.1.0.6.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data
Mining and Real Application Testing options
$

The output above displays the expected error.


2) Logged in to Enterprise Manager as the SYS user, navigate to: Availability > Perform
Recovery (in the Manage section).
3) On the Perform Recovery page, you should see that one database failure is detected.
Ensure that your Host Credentials (the oracle Username and the oracle Password)
are entered, and then click Advise and Recover.

Oracle Database 11g: Oracle Secure Backup

A - 45

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

SQL>

4) Click Expand All to view the missing example01.dbf failure.


5) With the failures selected, click Advise.

6) On the Manual Actions page, click Continue with Advise.

Oracle Database 11g: Oracle Secure Backup

A - 46

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup (continued)

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup (continued)

8) The Review page displays the failure and the repair action. Click Submit Recovery
Job.

9) The Processing page appears, which should be followed by a confirmation that your
job was created successfully.

10) Your job number may be different. Click the job link.
11) If your job is still running, use your browsers Reload or Refresh button, until the job
is completed. It should have the status Succeeded on the Job Run page.
12) Click the Step: Recovery link.

Oracle Database 11g: Oracle Secure Backup

A - 47

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

7) On the Recovery Advice page, review the RMAN script and click Continue.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup (continued)

13) Review all of the RMAN output.

14) Confirm that the backup tape is used for recovery.

Oracle Database 11g: Oracle Secure Backup

A - 48

15) Click the Database tab and navigate to Availability > Perform Recovery to see that
there are no failures.

Oracle Database 11g: Oracle Secure Backup

A - 49

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 5-2: Recover a Data File from an OSB-Encrypted


Backup (continued)

Background: After configuring and testing the Oracle-Suggested Backup to tape, you
decide to create a dataset and schedule a dataset backup, as a way to backup up your filesystem data. Backups of the database and the file system are independent of each other,
that is, you can use one or the other, or both.
Of course, the Oracle Secure Backup configuration (including host encryption) that you
performed in earlier practices is available: ready to go.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 6

Oracle Database 11g: Oracle Secure Backup

A - 50

Practice 6-1: Back Up File-System Data

include host <hostname> {


include path /home/oracle/labs
}

Then you schedule a backup of the dataset that is executed immediately. You decide to
use the Oracle Secure Backup Web tool, which you access from Enterprise Manager.
Unless specified otherwise, you should log in to Enterprise Manager Database Control as
SYS user (with the oracle password) and connect as SYSDBA. You log in to the OSB
Web tool as the admin user with the oracle password.
Note: The completion of this practice is a prerequisite for the following practice,
Restore File-System Data and for the Use Tape Vaulting practice.
1) In Enterprise Manager, navigate to Availability > (if possible, right-click) File System
Backup and Restore (if possible, click Open Link in New Tab).
2) Log in to the Oracle Secure Backup Web tool as the admin user with the oracle
password.
3) To view the obtool commands at the bottom of your screen, click Preferences >
Extended command output On > Apply. Then click Backup.

4) Click Datasets.

5) On the Datasets page, click Add.

Oracle Database 11g: Oracle Secure Backup

A - 51

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

In this practice, you create a dataset called mylabs for a file-system backup. You use it
to back up your $HOME/labs directory. The dataset should be of the form:

6) On the New Datasets page, enter mylabs in the Name field and replace the given
template with the following:
include host <hostname> {
include path /home/oracle/labs
}

Make sure that you replace <hostname> with the name of your computer.
To not back up the local root directory, place comment signs (#) before the
relevant lines, or delete these lines.

Oracle Database 11g: Oracle Secure Backup

A - 52

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

7) After this is done, click Save.


8) Verify that the dataset was created successfully. On the Datasets page, select
mylabs, and click Check Dataset.

Oracle Database 11g: Oracle Secure Backup

A - 53

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

9) On the Dataset Errors page, you see that there were no errors. If there are any errors,
resolve them; then click Close.

10) To create a backup of the mylabs dataset, navigate to Backup > Backup Now in the
OSB Web tool.
11) On the Backup Now page, click Add.

Oracle Database 11g: Oracle Secure Backup

A - 54

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

Practice 6-1: Back Up File-System Data (continued)

13) Back to the Backup Now page, select the mylabs dataset and click Go to submit the
job to the scheduler.
Question: Does Oracle Secure Backup use the Oracle database scheduler?
Answer: No, it has its own scheduler, because Oracle Secure Backup can be used
independently from Oracle databases.

Oracle Database 11g: Oracle Secure Backup

A - 55

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

12) On the Backup: Backup Now > Options page, select the mylabs dataset and the
vdrive1 and vdrive2 Restrictions; then click OK.

14) Oracle Secure Backup submits the backup request and assigns a job number. Click
Manage in preparation for your next task.

Oracle Database 11g: Oracle Secure Backup

A - 56

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

15) On the Manage page, click Jobs.

Oracle Database 11g: Oracle Secure Backup

Oracle University and (Oracle Corporation) use only.

Practice 6-1: Back Up File-System Data (continued)

A - 57

16) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs by
selecting those options. In the Types box, select file system backup, and then hold the
Ctrl key and select dataset. Click Apply.

17) The updated display now shows the recent dataset backup. Select the admin/1.1
backup job and click Show Transcript.

Oracle Database 11g: Oracle Secure Backup

A - 58

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

18) Scroll through the transcript and note that the backup is encrypted, that you backed up
the correct directory, and that there are no read, or write errors. When you are
finished reviewing the transcript, click Close.

Oracle Database 11g: Oracle Secure Backup

A - 59

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

19) With the same admin/1.1 job selected, click Show Properties.
20) Scroll to the end of the properties to view the lsjob obtool command in the
Extended Command Output. Then click Close.

Oracle Database 11g: Oracle Secure Backup

A - 60

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 6-1: Back Up File-System Data (continued)

Background: After you created a backup of your /home/oracle/labs directory, you


decide to create a labs_save directory, duplicate the labs files there, and then delete the
original files. After deleting the files, you use the Oracle Secure Backup restore
operation, to restore the files, and then test that they are accessible.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 7

Oracle Database 11g: Oracle Secure Backup

A - 61

In this practice, you perform the following tasks:


Delete the contents of your labs directory.
Restore the missing lab files.
Verify that the files are recovered.
Unless specified otherwise, you should log on as the oracle user to your terminal
emulator session, as sys user with the oracle password and SYSDBA connection to
Enterprise Manager, and as admin user with the oracle password to Oracle Secure
Backup.
1) From your terminal emulator session, duplicate and then remove all the files located
in your $HOME/labs directory.
$ ls /home/oracle/labs
config1_in.sh
config1.sh
rec_setup.sh
config1_out.sh config2.txt
$ mkdir /home/oracle/solutions/labs_save
$ cp /home/oracle/labs/* /home/oracle/solutions/labs_save
$ rm -f /home/oracle/labs/*
$ ls /home/oracle/labs
$

2) Logged in to Oracle Secure Backup as the admin user, navigate to Restore > Backup
Catalog, because you are using the OSB catalog to select the data to be restored.

3) On the Backup Catalog page, select your host name and latest, and then click
Browse Host.

Oracle Database 11g: Oracle Secure Backup

A - 62

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 7-1: Restore File-System Data

4) On the Browse Host page, click the link labeled home to view its contents.

5) Continue drilling down until you reach the labs directory. Select this directory, and
then click Add.

6) On the New Restore page, accept the default settings and click OK.

Oracle Database 11g: Oracle Secure Backup

A - 63

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 7-1: Restore File-System Data (continued)

7) On the Backup Catalog page, click Show restore list and browse options to view
the items to be restored and the selection options for that data.

8) After viewing the information, click Go to submit the restore request to the scheduler.

Oracle Database 11g: Oracle Secure Backup

A - 64

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 7-1: Restore File-System Data (continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 7-1: Restore File-System Data (continued)

9) To monitor the job progress, navigate to Manage > Jobs.

10) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs by
selecting those options. In the Types box, select file system restore and click
Apply.

Oracle Database 11g: Oracle Secure Backup

A - 65

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 7-1: Restore File-System Data (continued)

11) Review the displayed job.

12) Verify that your restore job was successful.

13) In a terminal window, verify that your lab files are present.
$ ls /home/oracle/labs
config1_in.sh
config1.sh
config1_out.sh config2.txt
$

rec_setup.sh

Oracle Database 11g: Oracle Secure Backup

A - 66

Background: In the previous practices, you familiarized yourself with OSB-encrypted


backup and restore of both an Oracle database and file-system data.
It is a best practice recommendation to perform regular unencrypted backups of your
Oracle Secure Backup catalog. To do so, you use the predefined OSB catalog backup.
First review the preconfigured elements, then set a time trigger to activate the catalog
backup and confirm a successful backup. The following is your task list:
1.
2.
3.
4.

View the OSB-CATALOG-MF media family.


View the OSB-CATALOG-DS dataset.
View the OSB-CATALOG-SUM job summary.
View the OSB-CATALOG-SCHED schedule and edit its trigger to initiate catalog
backups.
5. View the completed job. Confirm a successful, unencrypted execution of the job.

Oracle Database 11g: Oracle Secure Backup

A - 67

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 8

In this practice, you perform a preconfigured catalog backup. First view the
preconfigured elements, and then edit the OSB-CATALOG-SCHED trigger to specify a
backup time.
Unless specified otherwise, you should log in as the admin user with the oracle
password to the Oracle Secure Backup Web tool.
1) To view the OSB-CATALOG-MF media family:
a) Navigate to Configure > Media Families.

b) Review the OSB-CATALOG-MF media family, but do not change any properties.
Click Cancel when you are finished with your review.

2) To view the OSB-CATALOG-DS dataset:

Oracle Database 11g: Oracle Secure Backup

A - 68

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8-1: Perform a Preconfigured OSB Catalog Backup

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)
a) Navigate to Backup > Datasets.

c) Review the OSB-CATALOG-DS dataset, but do not change any properties. Click
Cancel when you are finished with your review.

3) To view the OSB-CATALOG-SUM job summary:


a) Navigate to Configure > Job Summaries.
b) Select the OSB-CATALOG-SUM job summary and click Edit.

c) Review the OSB-CATALOG-SUM job summary, but do not change any properties.
Note the specific job summary options and properties. Click Cancel when you are
finished with your review.

Oracle Database 11g: Oracle Secure Backup

A - 69

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

b) Select the OSB-CATALOG-DS dataset and click Open.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)

4) To activate the OSB-CATALOG-SCHED schedule:


a) Navigate to Backup > Schedules.
b) Select the OSB-CATALOG-SCHED schedule and click Edit.

Oracle Database 11g: Oracle Secure Backup

A - 70

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)
c) Review the properties.

e) Click Select daily and enter a backup time a few minutes into the future. Then
click Add.

Oracle Database 11g: Oracle Secure Backup

A - 71

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

d) To edit the OSB-CATALOG-SCHED trigger, click Triggers on the Backup:


Schedules > OSB-CATALOG-SCHED page.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)

f) Review the Extended Command Output.

g) Select your newly defined trigger and click Preview.

h) Review the schedule, and then click Close.

Oracle Database 11g: Oracle Secure Backup

A - 72

5) To review your completed job after your estimated job completion time:
a) Navigate to Manage > Jobs.
b) On the Jobs page, restrict the display to only Active, Complete, or Pending jobs
by selecting those options. In the Types box, select file system backup, then
hold the Ctrl key and select dataset. Click Apply.
If the backup of the OSB catalog has not yet completed successfully, refresh the
page. If you have any unexpected errors, resolve them.
c) Select the dataset OSB-CATALOG-DS job and click Show Transcript.

d) Review the transcript of the dataset and note that encryption is off, as is required
for the catalog backup. Also note that the volume set owner is the root user.
When you are finished reviewing the transcript, click Close.

Oracle Database 11g: Oracle Secure Backup

A - 73

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 8-1: Perform a Preconfigured OSB Catalog Backup


(continued)

Oracle Database 11g: Oracle Secure Backup

A - 74

Background: Regular Oracle Secure Backup management tasks usually involve multiple
servers. Not all training environments can support this setup, so you view a
demonstration of the most common management task: Adding a new client to your
administrative domain.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 9

Oracle Database 11g: Oracle Secure Backup

A - 75

Practice 9-1: View OSB Management Tasks

Installing OSB software on a new client


Configuring a client role in the administrative domain
1) Double-click the oracles Home icon on your desktop.
2) Navigate to the /home/oracle/demos/osb_client_linux directory.

3) Double-click the osb_client_linux_viewlet_swf.html file.


4) In the Run or Display window, click Display and view the presentation.
5) Use the controls at the bottom of the viewlet window to start, pause, and stop the
presentation, as suits your personal learning style.

Oracle Database 11g: Oracle Secure Backup

A - 76

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

In this practice, you view a demonstration of OSB management tasks. You see how to
add a client to an existing domain, which consists of:

Practice 9-1: View OSB Management Tasks (continued)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

6) Uninterrupted viewing of the demonstration takes about six minutes. When you have
finished viewing the presentation, close your Web browser window.

Oracle Database 11g: Oracle Secure Backup

A - 77

Background: As Oracle Secure Backup administrator you are asked to configure and use
tape vaulting in training environment. Part of your task is to present a step-by-step list,
but with a fast rotation time; so that everybody can see the functioning of the
configuration (rather then wait, for example, a six-months return time of a tape).
The following is your high-level outline of the tasks, with a diagram of the names that
you are planning to use.
Configuring a new vaulting environment:
Define a media storage location.
Define a rotation policy consisting of several rules.
Create a new media family.
Associate a rotation policy with a media family.

Using a new vaulting environment:


Perform a backup.
Schedule a location scan.
Execute a media movement job.
View tape rotation reports:
o Location reports
o Two types of job reports:
Pick reports (which assist operators to collect the volumes that
need to be moved)
Distribution reports (which are similar to packing lists, shipped
with the volumes to the next location)

Oracle Database 11g: Oracle Secure Backup

A - 78

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 10

In this practice, you configure a new tape vaulting environment by executing the
following steps:
1. Define a media storage location.
2. Define a rotation policy with three rules.
3. Create a new media family.
4. Associate a rotation policy with a media family.
You should be logged in to Oracle Secure Backup Web tool as the admin user with the
oracle password and set Extended Command Output as your web tool preference.
You can perform steps 1, 2 and 3 in any order, but they all have to be complete before
step 4.
Note: This practice is a prerequisite for the following one Use Tape Vaulting.
1) To define a media storage location, perform the following steps:
a) Navigate to Configure > Locations (in the Media Life Cycle section).

b) On the Configure: Locations page, you see that Oracle Secure Backup has
automatically created locations for you:
The Media_Recycle_Bin location can be used as a temporary "holding"
location, when tapes are ready for reuse.
When you configured devices, vlib and vlib2 were automatically created as
"active locations".
c) To define a new location, click Add.

Oracle Database 11g: Oracle Secure Backup

A - 79

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting

d) On the Configure: Locations > New Locations page, enter offsite_location


as Location and 3 minutes as Recall time, and then click Apply.

Note: The Recall time is the time needed to return tapes for restoration. Recall time is an
optional parameter, but its use is recommended, especially when you plan to use
duplication policies. OSB considers this information and initiates restore operations
(from original or duplicate tapes) with the shortest recall time.
e) You should receive a success message. View the mkloc obtool command.

Oracle Database 11g: Oracle Secure Backup

A - 80

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

f) Click OK.

Oracle Database 11g: Oracle Secure Backup

Oracle University and (Oracle Corporation) use only.

Practice 10-1: Configure Tape Vaulting (continued)

A - 81

2) To define a rotation policy with three rules, perform the following steps:
a) Navigate to Configure > Rotation Policies.

b) On the Configure: Rotation Policies page, click Add.

c) On the Configure: Rotation Policy > New Rotation Policy page, enter
quick_test_rotation as Rotation Policy and then click Apply.

Oracle Database 11g: Oracle Secure Backup

A - 82

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

d) You should receive a success message. Review the mkrot obtool command.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

e) In the Rotation rule(s) section, select or enter the following values, and then click
Add to define your first rotation rule
Location: vlib

Oracle Database 11g: Oracle Secure Backup

A - 83

Practice 10-1: Configure Tape Vaulting (continued)

Note: Your first rotation rule (which must use a volume in an active location) appears in
the display section above your definition area. In this example, the tapes (per media
family) are eligible for movement five minutes after the Write window has closed. This
implies that the media family must have a write window parameter specified.
f) Review the chrot obtool command.

g) Define your second rotation rule: the test volume takes eight minutes to arrive at
the offsite_location location. Select or enter the following values, and then
click Add:
Location: offsite_location
Event: arrival
Duration: 8 minutes

Oracle Database 11g: Oracle Secure Backup

A - 84

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Event: windowclosed
Duration: 5 minutes

Practice 10-1: Configure Tape Vaulting (continued)

Note: Later, when a media movement job is executed, OSB assumes the volumes are at
the next scheduled location and does not take the shipping time into account.
i) To define your third rotation rule, select or enter the following values, and then
click Add:
Location: Media_Recycle_Bin
Event: arrival
Duration: 6 minutes

j) Review the chrot obtool command.

Note: The Media_recycle_bin is a holding location. When you return a tape device to
the Media_recycle_bin or another user-configured location, then OSB considers the
tape to be at the end of its rotation policy. OSB does not associate the tape with another
rotation policy until the tape is reused. Then OSB will use the new media family and
rotation policy (if any).
k) Click OK, to add these rules to the quick_test_rotation policy.

Oracle Database 11g: Oracle Secure Backup

A - 85

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

h) Review the chrot obtool command.

l) Review the chrot obtool command, and then click the Configure link in
preparation for your next task.

3) To create a new media family, perform the following steps:


a) Navigate to Configure > Media Families.

Oracle Database 11g: Oracle Secure Backup

A - 86

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

b) On the Configure: Media Families page, first review the existing media families,
and then click Add.

c) On the Configure: Media Families > New Media Families page, enter and confirm
the following values, and then click Apply:
Media Family: offsite_test
Volume ID used: Unique to this media family
Volume expiration: Time Managed
Keep volume set: 10 minutes
Appendable: yes

Oracle Database 11g: Oracle Secure Backup

A - 87

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

d) You should receive a success message.

e) Scroll down to view the mkmf obtool command.

f) Click OK.
4) To associate a rotation policy with a media family, perform the following steps:
a) On the Configure: Media Families page, select the offsite_test media family,
and then click Edit.

b) On the Configure: Media Families > offsite_test page, enter or select the
following values, and then click Apply:
Write window: 5 minutes
Rotation Policy: quick_test_rotation
Oracle Database 11g: Oracle Secure Backup

A - 88

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

Practice 10-1: Configure Tape Vaulting (continued)

c) Review the chmf obtool command and then click OK.

d) You should receive a success message. You can review the chmf obtool
command again.

Oracle Database 11g: Oracle Secure Backup

A - 89

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Note: The Write window is the period of time for which a volume set is open for
updates. In other words, it needs to be long enough to complete at least one backup.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-1: Configure Tape Vaulting (continued)

Oracle Database 11g: Oracle Secure Backup

A - 90

In this practice, you use your newly configured tape vaulting environment to perform the
following tasks:
Performing a backup
Scheduling a location scan
Executing a media movement job
Viewing tape rotation reports
An additional prerequisite is the creation of the mylabs dataset in the Back Up FileSystem Data practice.
You should be logged in to Oracle Secure Backup Web tool as the admin user with the
oracle password and set Extended Command Output as your web tool preference.
1) To perform a file-system backup, execute the following steps:
a) Navigate to Backup > Backup Now.

b) On the Backup Now page, click Add.

c) On the Options page, select or enter the following values, and then click OK:
Datasets: mylabs
Backup level: full
Media family: offsite_test
Encryption: no

Oracle Database 11g: Oracle Secure Backup

A - 91

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting

d) You should receive a success message. Review the obtool command.

e) On the Backup Now page, select the mylabs dataset and click Go.

f) Note your job id and click Home. Your job id is most likely different.

g) On the OSB Home page, click the transcript icon before your Job ID. (If you do
not see your Job ID, you might need to expand the Completed Jobs node by
clicking Show completed jobs.)

Oracle Database 11g: Oracle Secure Backup

A - 92

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

h) In the Job Transcript Viewer scroll through the output file and review it. For
example, you might notice the encryption algorithm and the volume name. Should
you have to do any troubleshooting, you will probably need to know the volume
name.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

Question: Why is encryption on? (Remember you chose Encryption: no on the


Backup Now Options page).
Answer: You enabled encryption for the host in the Configure a Host Encryption
Policy practice. So, all backup jobs are automatically encrypted, unless you
explicitly exclude them from encryption, as is done with the OSB catalog backup
(in the Perform a Preconfigured OSB Catalog Backup practice).
i) When you are finished reviewing the output, click Close.
2) To schedule a location scan, perform the following tasks:
a) Navigate to Manage > Schedule Location Scan.

Oracle Database 11g: Oracle Secure Backup

A - 93

b) Click Add.

c) On the Manage: Schedule Location Scan > New Schedule Location Scan page,
enter schedule_location as Schedule Location Scan, select all Locations and
then click Apply.

d) You should receive a success message. Review the mksched obtool command
and click Triggers.

Oracle Database 11g: Oracle Secure Backup

A - 94

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

e) On the Triggers page, click Select_daily (which selects all days for you), enter or
select a time that is a couple of minutes into the future. This example uses
00:45 hours as Time. Then click Add.

Oracle Database 11g: Oracle Secure Backup

A - 95

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

Practice 10-2: Use Tape Vaulting (continued)

f) You should receive a success message. Review the chsched obtool command.
Then click the schedule_location link to return to the previous page.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Note: If you see during the next task, that no scan was executed, return to this step to edit
the schedule_location schedule by adding another "time trigger" with values that are
appropriate for your environment.

g) On the Manage: Schedule Location Scan > schedule_location page, click OK.

h) You should receive a success message. Review the chsched obtool command.

Oracle Database 11g: Oracle Secure Backup

A - 96

i) Click the Manage link in preparation for your next task


3) Based on the results of a scan control job, "pending" media movement jobs can be
created. These jobs are "pending" until they are explicitly run by an operator, who
usually also takes care of associated tasks, such as physically transporting tapes, and
so.
Note: You may encounter predefined wait time before the media movement job
appears, because the offsite_test media family has a Write Window of 5 minutes
and a "Keep Volume Set" duration of 10 minutes. Also your rotation policy has a
Write Window of 5 minutes.
To execute a media movement job, perform the following steps:
a) On the Manage: Jobs page under Viewing options, select the scan control
Types and the following check boxes: Active, Complete and Pending. Then click
Apply.

Oracle Database 11g: Oracle Secure Backup

A - 97

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

b) If you do not have any scan jobs, return to the previous task and schedule another
location scan.
If the state is future work, wait until the job execution is complete.
c) Your resulting job list will look different. On the Manage: Jobs page, select the
last volume vaulting scan job (if you have more than one) and then click Show
Properties.

d) Review the Job Properties and then click Close.

Oracle Database 11g: Oracle Secure Backup

A - 98

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

e) On the Manage: Jobs page, select the last volume vaulting scan job (if you have
more than one) and then click Show Transcript.

f) Optional: Select Level: 2 Verbose and then click Apply.


g) Review the job transcript. (Level 4 displays fewer lines than level 2.) You should
see the pending media movement job. Then click Close.
If you do not see your media movement job and the job is still running, wait
and occasionally refresh your page until it appears.
If you do not see your media movement job and the job is completed, initiate
another scan control job.

Oracle Database 11g: Oracle Secure Backup

A - 99

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

h) On the Manage: Jobs page under Viewing options, select the media movement
Types and the following check boxes: Active, Complete and Pending. Then click
Apply.

i) Your resulting job list might look different. On the Manage: Jobs page, select the
media movement for vlib job and then click Run

Oracle Database 11g: Oracle Secure Backup

A - 100

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

j) Select Now and Media Movement as Run Option and then click Apply.

Oracle Secure Backup executes the media movement job. You should receive a
success message.
k) On the Manage: Jobs page, select your media movement job and then click Show
Properties.

l) You should see a successful completion. When you are finished reviewing the job
properties, click Close.

Oracle Database 11g: Oracle Secure Backup

A - 101

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

m) On the Manage: Jobs page, select your media movement job and then click Show
Transcript.

n) Review the job transcript. You should see that your volume moved to the next
location, as specified by your rotation policy. When you are finished reviewing
the job transcript, click Close.

Oracle Database 11g: Oracle Secure Backup

A - 102

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

o) Click the Manage link in preparation for your next task.

Now you are ready to view location and job reports.


Location reports show the current and next location of your volumes.
Job reports are of two types:
Pick reports (which assist operators to collect the volumes that need to be moved)
Distribution reports (which are similar to packing lists, shipped with the volumes
to the next location)
4) To view tape rotation reports, perform the following steps:
a) Navigate to the Manage > Location Reports page.

b) On the Manage: Location Reports page, select the following values, and then
click View Report:
Location: offsite_location
Type: location

Oracle Database 11g: Oracle Secure Backup

A - 103

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

c) Review the report. Your volume is in the offsite_location. The next location
for your volume is the Media_Recycle_Bin, as defined in your volume rotation
policy (The next planned location is only listed within a report after the first
movement to a new location.)

d) When you are finished reviewing the report, click Close


e) Navigate to Manage > Job reports.

A distribution and a pick report are automatically generated for each media movement
job
f) Select the pick report and click View Report.

g) Review the pick report. It shows all volumes that need to be physically moved by
an operator. When you are finished reviewing the report, click Close.

Oracle Database 11g: Oracle Secure Backup

A - 104

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practice 10-2: Use Tape Vaulting (continued)

Practice 10-2: Use Tape Vaulting (continued)

i) Review the distribution report. A distribution report is similar to a packing list,


which is shipped with all volumes to the next location. When you are finished
reviewing the report, click Close.

j) Click Logout in the top-right corner to leave the OSB Web tool.

Oracle Database 11g: Oracle Secure Backup

A - 105

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

h) Select the distribution report and click View Report.

Background: Tape vaulting and duplication are often used together. For example, your
organization plans to maintain one set of backup tapes onsite for one month and to send a
copy of the tapes offsite for disaster recovery and to meet its long-term storage
requirements of seven years. In this scenario, your backup is associated with the
onsite_1m media family (with a one-month retention and either no rotation policy or a
rotation policy to an onsite storage location). The onsite_1m media family has a
duplication policy that copies the tapes to the offsite_7y media family (which has a
seven-year retention, no duplication policy, and a rotation policy to the desired storage
location for seven years).
The osb_media_lifecycle_viewlet_swf.html demonstration covers a similar
scenario (with different names and retention times). It includes the following tasks:
1. Create a new Demo location.
2. Create a new Demo_Rotation rotation policy with three rules.
3. Assign the Demo_Rotation policy to the OSB_CATALOG-MF media family.
4. Create a Full_Demo media family.
5. Create a Full_Offsite media family and assign the Demo_Rotation policy.
6. Create a Full_Dup_Offsite duplication policy that copies tapes from the
Full_Demo media family to the Full_offsite media family.
7. Associate the Full_Dup_Offsite duplication policy with the Full_Demo
media family.
8. Create the Demo_Loc_Scan schedule for vaulting jobs.
9. View the default volume duplication window.
10. Create the Demo_dup_scan schedule within the duplication time window for the
duplication job.
11. Navigate to Location reports, which enable you to track tapes at the various
locations.

Oracle Database 11g: Oracle Secure Backup

A - 106

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Practices for Lesson 11

Practice 11-1: View Media Lifecycle Demo

1) Click the oracles Home icon on your desktop.


2) Navigate to the /home/oracle/demos/osb_media_lifecycle directory.
3) Double-click the osb_media_lifecycle_viewlet_swf.html file.
4) In the Run or Display window, click Display and view the presentation.
5) Use the controls at the bottom of the viewlet window to start, pause and stop the
presentation, as suits your personal learning style.
6) Uninterrupted viewing of the demos takes about ten minutes. When you have finished
viewing the presentation, close your Web browser window.

Oracle Database 11g: Oracle Secure Backup

A - 107

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

In this practice, you view a demonstration of the media life cycle. This is a combination
of the tape vaulting and duplication topics.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Oracle Secure Backup: Additional Topics

After completing this lesson, you should be able to:


Perform an RMAN-encrypted database backup and restore
operations
View OSB jobs transcripts and logs
Describe OSB performance considerations related to RAC

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup B - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Objectives

Encrypted Backups to Tape


RMAN backup encryption:

Encryption keys are transparently managed by the database


Backup encryption at the database or tablespace level
Encryption algorithms up to 256-bit AES

Secure transportation over the network:


Database backups with RMAN encryption
File-system backups with SSL

RMAN encrypted backups on tapeonly available with


Oracle Secure Backup.

Copyright 2009, Oracle. All rights reserved.

Encrypted Backups to Tape


Oracle Secure Backup leverages RMAN backup encryption technology, such as:
Encryption keys being transparently managed by the database
Your ability to choose backup encryption at the database or tablespace level. (This is in
addition to the Transparent Data Encryption (TDE), which you can use inside the Oracle
database.)
Substantial protection through encryption algorithms up to 256-bit AES
During transportation over the network, database backups are secured with RMAN encryption
(in which case, no additional SSL is used). If your database backups are not encrypted by
RMAN, Oracle Secure Backup uses SSL by default. It also secures your file-system backups
over the network by using SSL.
To store RMAN encrypted backups on tape, you must use Oracle Secure Backup.

Oracle Database 11g: Oracle Secure Backup B - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

> RMAN Encryption


OSB Jobs
RAC

RMAN offers three encryption modes:


Transparent mode:
Uses the Oracle key management infrastructure
Requires that you first configure Oracle Encryption Wallet

Password mode: Requires the use of the SET


ENCRYPTION ON IDENTIFIED BY password ONLY
command in your RMAN scripts
Dual mode: Requires the use of the SET ENCRYPTION ON
IDENTIFIED BY password command in your RMAN
scripts

Copyright 2009, Oracle. All rights reserved.

Creating RMAN Encrypted Backups


For improved security, RMAN backup set backups can be encrypted. Any RMAN backups
created as backup sets can be encrypted. Image copy backups cannot be encrypted.
Encrypted backups are decrypted automatically during restore and recover operations, as long
as the required decryption keys are available, by means of either a user-supplied password or
the Oracle Encryption Wallet.
RMAN supports three encryption modes:
Transparent mode
Password mode
Dual mode
Additional information about each mode follows.

Oracle Database 11g: Oracle Secure Backup B - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Creating RMAN Encrypted Backups

Perform the following steps:


1. Create a wallet using Oracle Wallet Manager:
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=
(DIRECTORY=/opt/oracle/product/10.2.0/db_1/)))

2. Open the wallet:


ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED
BY <password>;

3. Set the master key:


ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY
<password>;

Copyright 2009, Oracle. All rights reserved.

Using Transparent Mode Encryption


Transparent encryption does not require DBA intervention as long as the required Oracle key
management infrastructure is available. Transparent encryption is best suited for day-to-day
backup operations, where backups will be restored on the same database that they were backed
up from. Transparent encryption is the default encryption mode.
You must first configure the Oracle Encryption Wallet to use transparent encryption. Refer to
the Oracle Advanced Security Administrators Guide for detailed information about the Oracle
Encryption Wallet.
Perform the following steps to use transparent mode encryption:
1. Create a wallet using Oracle Wallet Manager. By default, an unencrypted wallet
(cwallet.sso) is created when Oracle Database is installed. An encrypted wallet
(ewallet.p12) is recommended for use with backup set encryption. Place an entry in
the sqlnet.ora file as shown in the slide.
2. Open the wallet. Before you can use backup set encryption , you must ensure that the
wallet is opened by your instance. The password specified with the ALTER SYSTEM
command is the same password that you specified when you created the wallet in step 1.
3. Set the master key from within your instance. When the wallet is opened, you must set the
master key.
Oracle Database 11g: Oracle Secure Backup B - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Using Transparent Mode Encryption

4. Configure RMAN encryption level (database, tablespace,


or database excluding tablespaces):
CONFIGURE ENCRYPTION FOR DATABASE ON
CONFIGURE ENCRYPTION FOR TABLESPACE
<tablespace_name> ON

5. Set an encryption algorithm, if needed:


SET ENCRYPTION ALGORITHM 'algorithm name'

Copyright 2009, Oracle. All rights reserved.

Using Transparent Mode Encryption (continued)


4. Configure the RMAN encryption level. The CONFIGURE ENCRYPTION command is
used to specify encryption settings for the database or tablespaces within the database,
which apply unless overridden using the SET command. Options specified for an
individual tablespace take precedence over options specified for the whole database.
5. Set an encryption algorithm, if needed. Query V$RMAN_ENCRYPTION_ALGORITHMS
to obtain a list of encryption algorithms supported by RMAN. The default encryption
algorithm is 128-bit AES.

Oracle Database 11g: Oracle Secure Backup B - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Using Transparent Mode Encryption

Using Password Mode Encryption

SET ENCRYPTION ON IDENTIFIED BY <password> ONLY

Copyright 2009, Oracle. All rights reserved.

Using Password Mode Encryption


When you use password encryption, you must provide a password when you create and restore
encrypted backups. When you restore the password-encrypted backup, you must supply the
same password that was used to create the backup. Password encryption is most appropriate
for backups that will be restored at remote locations, but which must remain secure in transit.
Use the SET ENCRYPTION ON IDENTIFIED BY password ONLY command in your
RMAN scripts to enable password encryption. Password encryption cannot be persistently
configured.
Note: For security reasons, it is not possible to permanently modify your existing backup
environment so that RMAN backups are encrypted using the password mode. You can enable
password-encrypted backups only for the duration of an RMAN session.

Oracle Database 11g: Oracle Secure Backup B - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Enable password mode encryption in your RMAN session:

Using Dual Mode Encryption

Dual-mode encrypted backups can be restored


transparently or by specifying a password.
Enable password mode encryption in your RMAN session:

SET ENCRYPTION ON IDENTIFIED BY 'password'

Copyright 2009, Oracle. All rights reserved.

Using Dual Mode Encryption


Dual-mode encrypted backups can be restored transparently or by specifying a password.
Dual-mode encrypted backups are useful when you create backups that are normally restored
using the Oracle Encryption Wallet, but which occasionally must be restored where the Oracle
Encryption Wallet is not available.
To create dual-mode encrypted backup sets, specify the SET ENCRYPTION ON
IDENTIFIED BY password command in your RMAN scripts.

Oracle Database 11g: Oracle Secure Backup B - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Before restoration, set the RMAN session to decrypt


backups.
Specify all required passwords with the SET DECRYPTION
command when restoring from a set of backups that were
created with different passwords.

SET DECRYPTION IDENTIFIED BY '<password_1>'


{, '<password_2>',,'<password_n> }

Copyright 2009, Oracle. All rights reserved.

Restoring Encrypted Backups


Use the SET DECRYPTION command to specify one or more decryption passwords to be used
when reading dual-mode or password-encrypted backups. When RMAN reads encrypted
backup pieces, it tries each password in the list until it finds the correct one to decrypt that
backup piece. An error is signaled if none of the specified keys are correct.

Oracle Database 11g: Oracle Secure Backup B - 9

Oracle University and (Oracle Corporation) use only.

Restoring Encrypted Backups

1
2

Copyright 2009, Oracle. All rights reserved.

Performing Encrypted Recovery


While performing encrypted database recovery from tape and disk, you can notice the
following:
1. The SET DECRYPTION command is executed.
2. The recovery completed successfully and the EXAMPLE tablespace is brought back
online.

Oracle Database 11g: Oracle Secure Backup B - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Performing Encrypted Recovery

RMAN
Encrypted to Disk
(ASO)

Datafiles

Password

Encrypted to Tape
(OSB)

Copyright 2009, Oracle. All rights reserved.

Comparing RMAN and OSB Encryption


RMAN Encrypted Backups
Recovery Manager (RMAN) can create encrypted backups to either tape or disk as long as the
required Oracle key management infrastructure is available. RMAN encryption can use either
a password-based key or a generated key held in the Oracle wallet.
The data is encrypted by RMAN before it is transmitted to the disk or tape storage device, and
no further encryption is performed.
RMAN backup encryption is only available in the Enterprise Edition of the database, and the
COMPATIBLE parameter must be set to 10.2.0 or higher.
Encrypted backup to disk requires Advanced Security Option to provide the key infrastructure.
Encrypted backups to tape require Oracle Secure Backup (OSB) to provide the key
infrastructure. OSB includes the same technology as ASO.

Oracle Database 11g: Oracle Secure Backup B - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Comparing RMAN and OSB Encryption

OSB
Encrypted
Data Files
Tape Device

OSB Wallet
OS Files

Copyright 2009, Oracle. All rights reserved.

Comparing RMAN and OSB Encryption (continued)


Oracle Secure Backup Encryption
Oracle Secure Backup (OSB) is available in both Standard Edition and Enterprise Edition of
the Oracle Database 10g Release 2. Oracle Secure Backup includes the secure
communications technology of the ASO in the Enterprise Edition to provide secure
communication between hosts (administrative, source, and target) in the OSB domain. OSB
encrypts the transmitted data and control messages with a default key of 1,024 bits generated
for each session using SSL. OSB provides this key from an embedded wallet that is separate
from the Oracle wallet used by RMAN to encrypt backups. If RMAN encryption is provided,
OSB does not encrypt the data again for transmission. But if RMAN encryption is disabled,
OSB does encrypt the data during transmission.
You can modify the default security configuration in the following ways:
Disable SSL for interhost authentication and communication by setting the
securecomms security policy in OSB.
Transmit identity certificates in manual certificate provisioning mode.
Set the key size for a host to a value from 512 to 4,096 bits, rather than the default of
1,024 bits.

Oracle Database 11g: Oracle Secure Backup B - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Comparing RMAN and OSB Encryption

Comparing RMAN and OSB Encryption (continued)

Because Oracle Secure Backupembedded wallets are used only for interdomain
communication, they do not have any direct relationship to the backup data written to tape.
Therefore, if wallets are destroyed and re-created, it does not affect the restoration of data
from tape.
Oracle Secure Backup does not share its wallets with other Oracle products.
Besides maintaining its password-protected wallet, each host in the domain maintains an
obfuscated wallet. This version of the wallet does not require a password. The obfuscated
wallet, which is scrambled but not encrypted, enables the Oracle Secure Backup software to
run without requiring a password during system startup.
The password for the password-protected wallet is generated by Oracle Secure Backup and not
made available to the user. The password-protected wallet is not normally used after the
security credentials for the host have been established, because the Oracle Secure Backup
daemons use the obfuscated wallet.
To reduce the risk of unauthorized access to obfuscated wallets, Oracle Secure Backup does
not back them up. The obfuscated version of a wallet is named cwallet.sso. By default,
the wallet is located in /usr/etc/ob/wallet on Linux and UNIX, and C:\Program
Files\Oracle\Backup\db\wallet on Windows.
Best practice tip: Back up the OSB-encrypted wallet.

Oracle Database 11g: Oracle Secure Backup B - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Encryption (continued)


Disable encryption for backup data in transit by setting the encryptdataintransit
security policy.

Oracle Secure Backup Jobs

Oracle Secure Backup backup and restore jobs include:

Dataset
File-system backup
File-system restore
Oracle backup (RMAN)
Oracle restore (RMAN)

Oracle Secure Backup media management jobs include:


Scan control
Media movement
Duplication

For each job, Oracle Secure Backup maintains a:


Log
Running transcript
Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Jobs


Oracle Secure Backup creates jobs in response to work that you ask it to do. It assigns each job
a name, called a job identifier, that is unique among all jobs within the administrative domain.
Several events cause Oracle Secure Backup to create new jobs:
At the beginning of the day, Oracle Secure Backup inspects the triggers defined in each
schedule. For each trigger that fires that day, it creates one new job and assigns the
scheduled job a numerical job identifier.
Media management jobs are based on OSB scanning its catalog (based on your schedule).
For candidate tape volumes the appropriate jobs are created. As OSB operator, you must
execute the media movement jobs; the execution of duplication jobs can be automated.
Also, each time you explicitly request that Oracle Secure Backup perform a backup and
send your request to the scheduler, Oracle Secure Backup creates a job. It assigns the job
an identifier consisting of the username of the logged-in user, a slash, and a unique
numerical identifier. An example of such a job identifier is admin/233.

Oracle Database 11g: Oracle Secure Backup B - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RMAN Encryption
> OSB Jobs
RAC

Oracle Secure Backup keeps a log for each job. This job log describes high-level events,
such as the creation, dispatch, and completion times of the job. You can view the log through
both the Oracle Secure Backup Web tool and obtool interface.
Oracle Secure Backup also maintains a running transcript for each job. The transcript contains
everything that is written to the standard output stream by the jobs components, such as
obtar. Oracle Secure Backup creates this transcript when dispatching the job for the first
time, and updates it as the job progresses. When a job requires operator assistance, Oracle
Secure Backup prompts for assistance by using the transcript and by sending an email
notification, if you configured this.
When you list the jobs by using the obtool utility, it displays the job ID, the scheduled time,
the contents, and the job state. The contents field contains the following information,
depending on the backup job type:
The dataset being backed up (dataset jobs)
The host on which the data set is being backed up (backup job)
A description of the data being restored (restore job)
The database backup operation, such as datafile or archivelog (Oracle backup
job)
The backup piece restored (Oracle restore job)

Oracle Database 11g: Oracle Secure Backup B - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Jobs (continued)


At the scheduled start time for a dataset job, Oracle Secure Backup reads the dataset, and
then creates one subordinate job for each host that Backup Web it includes. In job
descriptions, Oracle Secure Backup calls this a backup job. It assigns each backup job an
identifier whose prefix is the parent (dataset) job ID, followed by a dot, and then followed
by a unique small number. An example of such a job identifier is admin/233.1.
Each time you explicitly request that Oracle Secure Backup restore data, and send your
request to the scheduler, Oracle Secure Backup creates a restore job for each backup
image that must be read to effect the restore. It assigns each job an identifier consisting of
the logged-in username, a slash, and a unique numerical identifier. If Oracle Secure
Backup creates multiple jobs to satisfy one restore request, it marks each job except the
first as dependent on the success of the previous job. The effect of this notation is that,
should a job fail on which a later job is dependent, that later job is also marked as failed.
RMAN creates an Oracle Secure Backup job with types of oracle backup or
oracle restore instead of the backup and restore type.

Copyright 2009, Oracle. All rights reserved.

Managing Jobs
After your backup has been submitted to the Oracle Secure Backup scheduler, you manage
these jobs from the Oracle Secure Backup Web tool:
1. From the Manage page, click the Jobs link in the Maintenance section. You are directed to
the Jobs page.
2. To limit the jobs displayed to:
- A specific host: select that host from the Host list
- Those instantiated by a certain user: select that user from the User list
- A particular dataset: select that dataset from the Dataset list
3. Select one or more of the following Viewing options:
- Active: Select this option if you want to view the status of backup jobs that are
currently in progress.
- Complete: Select this option to view the status of completed jobs, whether they
succeeded or not.
- Pending: Select this option if you want to view the statuses of jobs that are pending,
but not presently running.
- Input pending: Select this option to view the statuses of jobs that are running and
requesting input now.
Oracle Database 11g: Oracle Secure Backup B - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Jobs

On-demand backups (created as backup requests) are named using the Oracle Secure Backup
username and a system-generated number (for example, admin/1). Scheduled jobs are
named using a system-generated number, but do not include the username as part of the job
name. (or example, 1.1). Oracle Database backup jobs are considered on-demand backups,
so the username is included in the job ID (for example, oracle/1.1).

Oracle Database 11g: Oracle Secure Backup B - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Managing Jobs (continued)


- Today: Select this option if you want to view the statuses of backup jobs that are
scheduled to run today.
- Scheduled time: Select this option to display jobs scheduled within a time range that
you select from the From date and To date boxes.
4. Select the type of jobs that you want to see in the report. Your choices are: backup,
restore, dataset, Oracle backup, and Oracle restore. You can select multiple job types by
holding down Shift while selecting a job type.
5. Click Apply to accept your selections. Information is displayed in the job management
table in the central panel. The following information is available for each job:
- ID: The Oracle Secure Backup-assigned job identifier
- Type: The type of Oracle Secure Backup job associated to a host
- Time: The date and time the job began or is scheduled to begin
- State: The job status, which can be pending, completed successfully, or failed
To monitor jobs with the obtool interface, use the lsjob command. Note that the state of
newly created jobs is future work until the job has been submitted.

Copyright 2009, Oracle. All rights reserved.

Viewing Job Properties and Transcripts


To view job properties in the Oracle Secure Backup Web tool, perform the following steps:
1. Select a job ID from the job management table in the central panel of the Jobs page.
2. Click the Show Properties button. The Job Properties page appears, showing the
characteristics of the selected job.
To view a job transcript in the Oracle Secure Backup Web tool, perform the following steps:
1. Select a job from the job management table in the central panel of the Jobs page.
2. Click Show Transcripts. A transcript page appears.
3. Scroll down the page to view more information. At the end of the page, you can modify
the transcript viewing criteria. Optionally, select a message level from the Level list.
Oracle Secure Backup tags each message it writes to a transcript with a severity level.
These levels range from 0 Debug message (extra output) to 9 Fatal.
4. Optionally, select Start at line and enter a line number at which you want the transcript
view messages to start.
5. Optionally, select the Suppress input check box to suppress input requests. When a
request for input is recognized, Oracle Secure Backup prompts for a response. Specifying
this option suppresses this action.

Oracle Database 11g: Oracle Secure Backup B - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Viewing Job Properties and Transcripts

To view a job transcript, you must be the owner of the job or belong to a user class that has
either the list any jobs owned by user or the list any job, regardless
of its owner right.

Oracle Database 11g: Oracle Secure Backup B - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Viewing Job Properties and Transcripts (continued)


6. Optionally, select the Show line numbers check box to prefix each line with its
message number.
7. Optionally, select the Head lines option and enter a number representing the first N
lines of the transcript having a message severity level at or above the value you selected.
8. Optionally, select the Tail lines option if you want to display the last N lines of the
transcript having a message severity level at or above the value you selected.
9. Optionally, select a value in the Page refresh (in seconds) list. The default is 60
seconds.
10. Click Apply to accept your changes, if any, and redisplay the transcript.

Troubleshooting Jobs
A

...

Copyright 2009, Oracle. All rights reserved.

Troubleshooting Jobs
A. An alternative way to view the job properties is to click the job link on the OSB Home
page.
B. An alternative way to view the transcript is to click the icon before the job link.
Note: The job transcript informs you of an error and the job waits for your input.

Oracle Database 11g: Oracle Secure Backup B - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Suspending and Resuming Job Dispatching


It is possible to temporarily suspend and later resume the Oracle Secure Backup dispatching of
jobs. When job dispatching is suspended, running jobs are allowed to complete; however, the
scheduler starts no new jobs. After job dispatching is suspended, the scheduler resumes it
when you select the resume function or restart Oracle Secure Backup on the administrative
server.
To suspend job dispatching, from the Daemons page, click the Suspend button. The message
obscheduled suspended appears in the Status area. Any pending backup and restore
(scheduled or one-time) jobs are no longer dispatched. Jobs that are already running are
permitted to finish.
To resume job dispatching, from the Daemons page, click the Resume button. The message
obscheduled processing resumed appears in the Status area.
The following scenario shows you how to suspend and resume job dispatching with the obtool
utility:
ob> ctldaemon --command suspend
ob> lsdaemon
Process Daemon/
ID Service
State
31815 observiced
normal
31817 obscheduled suspended

Listen
port
400
64739

Qualifier

Oracle Database 11g: Oracle Secure Backup B - 21

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Suspending and Resuming Job Dispatching

ob> ctldaemon --command resume


ob> lsdaemon --long --host EDRSR14P1
Process ID:
31815
Daemon/Service:
observiced
State:
normal
Listen port:
400
Qualifier:
(none)
Process ID:
31817
Daemon/Service:
obscheduled
State:
normal
Listen port:
64739
Qualifier:
(none)
ob>

The ctldaemon command is generally used to control the operation of an Oracle Secure
Backup daemon. In the above example, ctldaemon is used to suspend and resume Oracle
Secure Backup job scheduling.
The lsdaemon command is used to list the Oracle Secure Backup daemons running on a
particular host.
Note: For more information about the these commands, refer to the Oracle Secure Backup
Reference.

Oracle Database 11g: Oracle Secure Backup B - 22

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Suspending and Resuming Job Dispatching (continued)

Copyright 2009, Oracle. All rights reserved.

Job Summaries
A job summary is a text file report that describes the backup and restore activity performed
by Oracle Secure Backup. You can use job summaries to monitor specific backup jobs, or you
can use a job summary report to monitor all backup and restore activity for a time period.
You can create a job summary schedule, which enables Oracle Secure Backup to generate
multiple summary reports, each covering different time periods or activities. If an email
system such as sendmail is operational on the administrative server, then you can supply the
email addresses for the recipients of job summary reports and the report will be sent in an
email to those recipients.
It is recommended that you create at least one job summary schedule so that you receive an
automated email describing your backup jobs.
Using the Web tool, in the Advanced section of the Configure page, click Job Summaries to
list the configured job summary schedules. To remove a job summary schedule, select the
schedule you want to remove, and then click Remove.

Oracle Database 11g: Oracle Secure Backup B - 23

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Job Summaries

($ORACLE_HOME)

Oracle Secure Backup


(<OSB_Home> directory)

rdbms/log/sbtio.log

admin/log/scheduler/log

RMAN

Copyright 2009, Oracle. All rights reserved.

Displaying Log Files and Transcripts


If an error occurs during an SBT session, Oracle Secure Backup tries to send the error
description to the administrative server to be saved in the job transcript. RMAN records the
error in the trace file named sbtio.log, unless the user has configured a different file to be
used by RMAN. By default, this trace file is located in the $ORACLE_HOME/rdbms/log
directory.
All SBT errors contain the following information:
The location (function) where the failure occurred (for example, sbtbackup)
The operation that was being performed (for example, creating a backup piece)
A brief description of the problem (for example, unable to contact admin server)
If applicable, a brief description of the remedy that the user may apply
If applicable, the name of the trace or debug file where additional information about the
problem can be found
You can get more trace information by using the TRACE option of the ALLOCATE CHANNEL
command. For example: ALLOCATE CHANNEL c1 TYPE sbt TRACE 5
Trace levels range from 0 (errors only) to 6 (verbose debugging).

Oracle Database 11g: Oracle Secure Backup B - 24

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Displaying Log Files and Transcripts

In this lesson, you should have learned how to:


Perform an RMAN-encrypted database backup and restore
operations
View OSB jobs transcripts and logs
Describe OSB performance considerations related to RAC

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup B - 25

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Copyright 2009, Oracle. All rights reserved.

Oracle University and (Oracle Corporation) use only.

Oracle Secure Backup


Additional Installation Topics

This appendix, together with the relevant lesson, should assist


you to:
Install Oracle Secure Backup on Windows
Locate and describe the Oracle Secure Backup installed
files
Verify your installation
Remove Oracle Secure Backup

Copyright 2009, Oracle. All rights reserved.

Topics
For a demonstration of the Windows installation steps, view the osb_win_ins viewlet.

Oracle Database 11g: Oracle Secure Backup C - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Topics

Run setup.exe
Answer customer information dialogs
Select the type of host from the
Oracle Secure Backup Setup screen
Install
Answer service startup dialogs
Answer service login dialogs

Copyright 2009, Oracle. All rights reserved.

Windows Installation: Overview


Before beginning your installation, see documentation for platform-specific details, such as: how
to configure firewalls.
Oracle Secure Backup supports configuring the administrative domain on a host running the
Windows operating system.
During the installation process, the Oracle Secure Backup Setup Wizard copies all Oracle Secure
Backup files to the local host and generates Windows Registry entries.
Note
Every installation of Oracle Secure Backup on Windows is a client installation, and can
additionally be a media server or administrative server installation.
With OSB 10.2, it is not necessary to stop tape device drivers, before beginning your
installation.

Oracle Database 11g: Oracle Secure Backup C - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Windows Installation: Overview

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup InstallShield Wizard


1. Run the setup.exe program from the directory into which you originally downloaded
the software. The InstallShield Wizard is displayed.
2. Click Next to continue. A system check should inform you that: This will be a clean
install of Oracle Secure Backup.
3. Click Next to continue. The Customer Information dialog box is displayed.
4. Enter your name in the User Name box.
5. Enter the name of your company in the Organization box.
6. Select a target user for the application. Your choices are:
- Anyone who uses this computer (all users)
- Only for me (user)
7. Click Next to continue.
8. Choose the program features to configure:
a. To configure the Windows host as a media server, click the pull-down menu of the
Media Server icon. The options that are displayed are shown in the slide. Selecting
the This feature will be installed on local hard drive. option removes the X from
the Media Server icon and installs the media server software.

Oracle Database 11g: Oracle Secure Backup C - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup InstallShield Wizard

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup InstallShield Wizard (continued)


b. To configure the Windows host as an administrative server, click the pull-down menu
of the Administrative Host icon and select This feature will be installed on local
hard drive. Again, selecting this option removes the X from the Administrative Host
icon and installs the administrative server software.
c. If you plan to perform Oracle database backups and restores, repeat this process for
Create oracle user. Doing so creates an Oracle Secure Backup user called oracle
(with the rights and privileges of the oracle class) whose purpose is to facilitate
RMAN backup and restores of Oracle databases.
9. Click Next to continue. The Encryption Wallet Password window is displayed. Enter a
strong password for the encryption wallet and re-enter it for verification. Then click Next.

Oracle Database 11g: Oracle Secure Backup C - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup InstallShield Wizard

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup InstallShield Wizard (continued)


10. Enter a strong password for the admin user and reenter it for verification. If possible,
provide an email address for the admin user. Oracle Secure Backup will send reports,
such as the Job Summary to this email. Click Next.
11. Click Install to start copying files. A progress bar appears. When the files are copied, the
InstallShield Completed screen is displayed.
12. Click Finish to continue.
Note: When the InstallShield Wizard is finished, it automatically calls the OSB Configuration
wizard.

Oracle Database 11g: Oracle Secure Backup C - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup InstallShield Wizard

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Service Startup


The Oracle Secure Backup Service Startup dialog box is displayed.
13. Select a mode in which to start the Oracle Secure Backup service. Your choices are:
- Automatic: The Oracle Secure Backup service starts automatically when you reboot
your host.
- Manual: The Oracle Secure Backup service must be started manually by a user who
is a member of the Administrators group.
- Disabled: The Oracle Secure Backup service is disabled.
14. Click Next to continue.
Note: On the Windows operating system, the only daemon that runs as a Windows service is the
Oracle Secure Backup service (observiced).

Oracle Database 11g: Oracle Secure Backup C - 7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Service Startup

Copyright 2009, Oracle. All rights reserved.

Service Logon and SCSI Devices


The Service Login dialog box appears.
15. Select one of the following options:
- If you plan to run the Oracle Secure Backup service daemon (and associated
subordinate daemons) with full privileges, click System Account.
- If you plan to run the Oracle Secure Backup service daemon (and associated
subordinate daemons) with the privilege set associated with an existing Windows
user account, click This Account and enter the Windows user account name and
password. If you choose this option, ensure that the account you select has enough
backup and restore privileges. The required privileges are listed in the Oracle Secure
Backup Service Logon dialog box.
16. Click Next. The SCSI Devices pages are displayed. Note the OSB Name, which you need
to know, when you manually configure devices.
17. Click Finish to complete the installation.
18. Repeat this installation process for each Windows host in your administrative domain.

Oracle Database 11g: Oracle Secure Backup C - 8

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Service Logon and SCSI Devices

<OSB_Home> directory

admin

config
history
log
state

apache

bin

device

help

samples

conf
htdocs
images
logs
modules

Administrative server

Configuration
file

Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Installed Files


The Oracle Secure Backup home directory is created on every host where you install Oracle
Secure Backup, although the contents of the directory vary depending on the roles you assigned
to the host. The illustration in the slide shows the installed directories that are common to an
administrative server on any operating system. However, an administrative server configured on
a Linux host will have additional directories created.
In addition to containing the Oracle Secure Backup directory, each host on which Oracle Secure
Backup is installed contains a configuration file. The configuration file is called
obconfig.txt in the db subdirectory where you install Oracle Secure Backup on Windows,
and it is called obconfig in the /etc directory on UNIX and Linux systems.
These directories contain the following types of files:

admin: Administrative and configuration data for the administrative domain, also the
backup catalog

apache: Apache Web server files (used by Web tool)

bin: Executables or links to executables

device: Data on the tape drives and libraries that are supported by the Oracle Secure
Backup device driver

Oracle Database 11g: Oracle Secure Backup C - 9

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Installed Files

Oracle Database 11g: Oracle Secure Backup C - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Installed Files (continued)

help: Help files (provides data for the help command in obtool)

samples: Sample tools for writing scripts or programs that interact with Oracle Secure
Backup
Note: The directory structure under the <OSB_Home> directory is the same for both Windows
and UNIX systems.
On a Windows host, an Oracle Secure Backup installation also includes the following file
objects:

db\xcr\: Transcripts for jobs that ran on this host

temp\: The directory containing observiced and obndmpd log files and temporary
files
A UNIX or Linux host has the following additional files:

.bin.<operating_system>/: Executables for operating_system, where


operating_system is a derivative of the operating system name. For example, the directory
for Sun Solaris is .bin.solaris.

.drv.<operating_system>/: Device drivers for operating_system

etc/: Links that point to the <OSB_root>/.wrapper script for each Oracle Secure
Backup utility. This script is an architecture-specific executable selection tool for Oracle
Secure Backup.

.etc.<operating_system>/: Daemons and utility programs for operating_ system

install/: Installation scripts

lib/: Link to the architecture-independent shared library for the SBT interface

.lib.<operating_system>/: Shared library for the SBT interface for


operating_system, where operating_system is a derivative of the operating system name.
For example, the directory for Sun Solaris is .lib.solaris.

man/: Man pages for Oracle Secure Backup components

man/man1: Man pages for Oracle Secure Backup executables

man/man8: Man pages for daemons and maintenance tools

tools.<operating_system>/: Maintenance tools

/usr/etc/ob/.hostid: Information used for identifying this host

/usr/etc/ob/xcr/: Transcripts for jobs that ran on this host

/usr/tmp/: Log files for observiced and obndmpd and temporary files

.wrapper: Shell program that selects an executable from a .bin.* or .etc.*


directory, based on the computer architecture of the host executing the command.
Symbolic links and the architecture-independent .wrapper shell program enable hosts to
contain executables for multiple computer architectures.

<OSB_Home>
directory

/usr/local/oracle/backup

.drv.<OS>

help

bin

device

Media server

<OSB_Home>
directory

/usr/local/oracle/backup

help

bin

device

Client
Copyright 2009, Oracle. All rights reserved.

Oracle Secure Backup Installed Files (continued)


The slide illustrates the directories created for a media server or client. The bin and device
subdirectories are created on every machine, regardless of the operating system used. The other
directories shown in the slide are created for machines that use the Windows operating system.
For a UNIX or Linux host, the following files and directories are installed in addition to the bin
and device subdirectories:
Media server:
-

.bin.<operating_system>/
.drv.<operating_system>/
etc/
.etc.<operating_system>/
man/
/usr/etc/ob/.hostid
/usr/etc/ob/xcr/
/usr/tmp/
.wrapper

Oracle Database 11g: Oracle Secure Backup C - 11

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Installed Files

.bin.<operating_system>/
etc/
.etc.<operating_system>/
man/
/usr/etc/ob/.hostid
/usr/etc/ob/xcr/
/usr/tmp/
.wrapper

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup Installed Files (continued)


Client:

Oracle Database 11g: Oracle Secure Backup C - 12

<OSB_Home> directory

admin

apache

config
history
log
state

bin

device

help

samples

conf
htdocs
images
logs
modules
Configuration
file

Copyright 2009, Oracle. All rights reserved.

Installed Files for Host Role: Administrative Server


The Oracle Secure Backup home directory is created on every host where you install Oracle
Secure Backup, although the contents of the directory vary depending on the roles you assigned
to the host. The illustration in the slide shows the installed directories that are common to an
administrative server on any operating system. However, an administrative server configured on
a Linux host will have additional directories created.
In addition to containing the Oracle Secure Backup directory, each host on which Oracle Secure
Backup is installed contains a configuration file. The configuration file is called
obconfig.txt in the db subdirectory where you install Oracle Secure Backup on Windows,
and it is called obconfig in the /etc directory on UNIX and Linux systems.
These directories contain the following types of files:

admin: Administrative and configuration data for the administrative domain, also the
backup catalog

apache: Apache Web server files (used by Web tool)

bin: Executables or links to executables

device: Data on the tape drives and libraries that are supported by the Oracle Secure
Backup device driver

Oracle Database 11g: Oracle Secure Backup C - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Installed Files for Host Role:


Administrative Server

Oracle Database 11g: Oracle Secure Backup C - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Installed Files for Host Role: Administrative Server (continued)


Oracle Secure Backup Installed Files

help: Help files (provides data for the help command in obtool)

samples: Sample tools for writing scripts or programs that interact with Oracle Secure
Backup
Note: The directory structure under the <OSB_Home> directory is the same for both Windows
and UNIX systems.
On a Windows host, an Oracle Secure Backup installation also includes the following file
objects:

db\xcr\: Transcripts for jobs that ran on this host

temp\: The directory containing observiced and obndmpd log files and temporary
files
A UNIX or Linux host has the following additional files:

.bin.<operating_system>/: Executables for operating_system, where


operating_system is a derivative of the operating system name. For example, the directory
for Sun Solaris is .bin.solaris.

.drv.<operating_system>/: Device drivers for operating_system

etc/: Links that point to the <OSB_root>/.wrapper script for each Oracle Secure
Backup utility. This script is an architecture-specific executable selection tool for Oracle
Secure Backup.

.etc.<operating_system>/: Daemons and utility programs for operating_ system

install/: Installation scripts

lib/: Link to the architecture-independent shared library for the SBT interface

.lib.<operating_system>/: Shared library for the SBT interface for


operating_system, where operating_system is a derivative of the operating system name.
For example, the directory for Sun Solaris is .lib.solaris.

man/: Man pages for Oracle Secure Backup components

man/man1: Man pages for Oracle Secure Backup executables

man/man8: Man pages for daemons and maintenance tools

tools.<operating_system>/: Maintenance tools

/usr/etc/ob/.hostid: Information used for identifying this host

/usr/etc/ob/xcr/: Transcripts for jobs that ran on this host

/usr/tmp/: Log files for observiced and obndmpd and temporary files

.wrapper: Shell program that selects an executable from a .bin.* or .etc.*


directory, based on the computer architecture of the host executing the command.
Symbolic links and the architecture-independent .wrapper shell program enable hosts to
contain executables for multiple computer architectures.

<OSB_Home>
directory

/usr/local/oracle/backup

.drv.<OS>

help

bin

device

Copyright 2009, Oracle. All rights reserved.

Installed Files for Host Role: Media Server


The slide illustrates the directories created for a media server or client. The bin and device
subdirectories are created on every machine, regardless of the operating system used. The other
directories shown in the slide are created for machines that use the Windows operating system.
For a UNIX or Linux host, the following files and directories are installed in addition to the bin
and device subdirectories:
Media server:
-

.bin.<operating_system>/
.drv.<operating_system>/
etc/
.etc.<operating_system>/
man/
/usr/etc/ob/.hostid
/usr/etc/ob/xcr/
/usr/tmp/
.wrapper

Oracle Database 11g: Oracle Secure Backup C - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Installed Files for Host Role:


Media Server

<OSB_Home>
directory

/usr/local/oracle/backup

help

bin

device

Copyright 2009, Oracle. All rights reserved.

Installed Files for Host Role: Client


The slide illustrates the directories created for a media server or client. The bin and device
subdirectories are created on every machine, regardless of the operating system used. The other
directories shown in the slide are created for machines that use the Windows operating system.
Client:
-

.bin.<operating_system>/
etc/
.etc.<operating_system>/
man/
/usr/etc/ob/.hostid
/usr/etc/ob/xcr/
/usr/tmp/
.wrapper

Oracle Database 11g: Oracle Secure Backup C - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Installed Files for Host Role: Client

Some examples:
View Oracle Secure Backup processes in Linux:
ps -e | grep ob

Use obtool commands to view Oracle Secure Backup


users and default media family:
ob> lsuser
ob> lsmf --long

Copyright 2009, Oracle. All rights reserved.

Verifying Your Installation


In the slide are some examples of how you can verify your installation with obtool
commands:
ob> lsuser
admin
admin
oracle
oracle
ob> lsmf --long
OSB-CATALOG-MF:
Write window:
7 days
Keep volume set:
14 days
Appendable:
yes
Volume ID used:
unique to this media family
Comment:
OSB catalog backup media family
RMAN-DEFAULT:
Keep volume set:
content manages reuse
Appendable:
yes
Volume ID used:
unique to this media family
Comment:
Default RMAN backup media family
ob> logout
Oracle Database 11g: Oracle Secure Backup C - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Verifying Your Installation

Removing Oracle Secure Backup

Have all users log out of Oracle Secure Backup


applications.
Close all sessions of Web tool.
Use the uninstallob script.
You must be logged in as the root user.
Call script from the parent directory of the Oracle Secure
Backup home directory.

Choose whether you want to save or remove the:


Oracle Secure Backup directory
Administrative directory

Copyright 2009, Oracle. All rights reserved.

Removing Oracle Secure Backup


You can remove Oracle Secure Backup from a client or the administrative server. If you remove
Oracle Secure Backup from an administrative server, you are given the option of retaining the
administrative directory and its contents. This enables you to safely remove and reinstall the
product without deleting your administrative server data.
You must be logged in as the root user on UNIX or Linux systems to remove Oracle Secure
Backup completely. If you are not logged in as root when you remove the software, you may
not have the privileges needed to delete files and shut down the Oracle Secure Backup daemons.
Oracle Secure Backuprelated processes such as the HTTP processes for Oracle Secure Backup
Web tool should be shut down before beginning the uninstallation process. To identify processes
for Oracle Secure Backup, you can use the following command:
# /bin/ps -ef |grep ob

You can then use kill -9 <pid> commands to kill each process in the list associated with
Oracle Secure Backup.
If you remove Oracle Secure Backup from the local machine, the uninstallob script
removes the Oracle Secure Backup home directory when the script completes. For this reason,
you should call the uninstallob script from the parent directory of the Oracle Secure
Backup home directory.
Oracle Database 11g: Oracle Secure Backup C - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup has been successfully removed from


<host>.

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Removing Oracle Secure Backup (continued)


If you encounter errors when removing the Oracle Secure Backup software, or if the
uninstallob script fails to completely remove all the files for Oracle Secure Backup
(assuming you did not choose to save any files), correct the problem causing the error if
possible, then run the uninstallob script again until you see the following message:

Oracle Database 11g: Oracle Secure Backup C - 19

This appendix provided assistance with the following topics:


Install Oracle Secure Backup on Windows
Locate and describe the Oracle Secure Backup installed
files
Verify your UNIX installation
Remove Oracle Secure Backup

Copyright 2009, Oracle. All rights reserved.

Oracle Database 11g: Oracle Secure Backup C - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Summary

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

________
D

Glossary

________

Oracle Database 11g: Oracle Secure Backup

D-1

administrative server

AIT
Apache Web server
API
Areal Density
attachment

authentication type

Definition
A group of computers on your network that
you manage as a common unit to perform
backup and restore operations.
A host where you install Oracle Secure
Backup. This host stores configuration
information and the catalog files for client
hosts. There must be one and only one
administrative server for each
administrative domain at your site. One
administrative server can service all clients
on your network. The administrative server
runs the scheduling daemon, which starts
and monitors backups within the
administrative domain.
Advanced Intelligent Tape, a magnetic tape
and drive system used for computer data
storage and archiving
A public-domain Web server used by the
Oracle Secure Backup Web interface tool.
application programming interface
Important indicator of the performance of
the disk and drive that corresponds to the
number of magnetic bits per unit area
An attachment describes a data path
between a host and a storage device. Most
often, an attachment comprises the identity
of a host plus a UNIX device special file
name, a Windows device name, or an NAS
device name. A device must have at least
one attachment, and often has multiple
attachments, one for each host that can
directly access it.
Defines the way in which Oracle Secure
Backup authenticates itself to the NDMP
server. Typically, you should use
Negotiated as your default setting.
Your choices are:
Default
None
Negotiated
Text
Md5

Oracle Database 11g: Oracle Secure Backup

D-2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Term
administrative domain

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

backup description file

backup ID
backup image

backup image label


backup image section

backup job

backup level

backup operation
backup piece
backup schedule

backup sections
backup set

Secondary storage. All addressable data


storage that is not currently in the
computers main storage or memory.
A text file you create that is used with
command-line interface backup operations.
It lists host names and directories that you
want to back up.
An integer identifier that uniquely
identifies a backup image section
The product of an Oracle Secure Backup
backup operation. Basically it is the list of
files that are backed up in one operation. A
backup image can contain one or more
media families and volume sets.
The first block of a backup image. It
contains the backup images file and
section numbers and owner.
A portion of a backup image file that exists
on a single tape. One backup image can
contain multiple sections. Each backup
section is uniquely identified by a backup
ID.
A backup operation that is scheduled to run
at a specific time. The time the job is
scheduled to run can be either immediately
or some time in the future.
The level that defines the
comprehensiveness of the backup
operation. For example, a level 2 backup
operation backs up all data changed since
the previous level 1 or level 2 backup.
A process by which data is copied from
primary media to secondary media.
A binary file written in a proprietary format
by RMAN for storing backup data. One or
more backup pieces make up a backup set.
A description of when and how often
Oracle Secure Backup is to back up one or
more datasets. The backup schedule
contains the names of each such dataset
and the name of the media family to use.
Also referred to as archive sections. See
backup image section.
A collection of Oracle Database data
backed up by RMAN.

Oracle Database 11g: Oracle Secure Backup

D-3

Oracle University and (Oracle Corporation) use only.

Auxiliary Storage/
External Storage/

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

backup window
barcode

BDF
bit

blocking factor

BSP
bus
byte

CA
catalog

CDB
CIFS
class
CLI

See Database Backup Storage Selector.


A calendar-based time at which a particular
scheduled backup becomes eligible to run
Defines a time range within which Oracle
Secure Backup executes scheduled backup
jobs
A symbol code that is physically applied to
volumes for identification purposes. Some
tape libraries have an automated means to
read barcodes, which Oracle Secure
Backup supports.
See backup description file.
The smallest amount of information in a
binary digital system that can be used to
represent two states of information, such as
YES or NO.
Specifies how many 512-byte blocks to
include in each block of data written to
each tape drive. By default, Oracle Secure
Backup writes 64 K blocks to tape
(blocking factor 128). Because higher
blocking factors usually result in better
performance, you can try a blocking factor
larger than the obtar default. If you pick
a value larger than is supported by the
operating system of the server, Oracle
Secure Backup fails with an error.
Backup Solutions Program
A collection of wires through which data is
transmitted from one part of a computer to
another
Eight bits of information that can represent
256 different statesfor example,
numbers, processor instructions, or a
combination of letters and numbers as in
ASCII code.
Certificate Authority
A hierarchical collection of files that
contains all the information used to define
your Oracle Secure Backup administrative
domain configuration
command descriptor block
See Common Internet File System.
Defines a set of rights that are granted to an
Oracle Backup user
command-line interface

Oracle Database 11g: Oracle Secure Backup

D-4

Oracle University and (Oracle Corporation) use only.

Backup Storage Selectors


backup trigger

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Common Internet File System


daemon

DAFS

DAR
DAS
DAT
data transfer element (DTE)

Data Mover daemon


Database Backup Storage Selector

dataset
dataset description file
DDS

Any computer to be backed up by Oracle


Secure Backup, including administrative
servers and media servers; also referred to
as a host
CIFS is a file-sharing protocol, used by
Windows clients to access data on a
Network Appliance filer.
A process on UNIX and Linux that runs in
the background and performs an OSB task
for an application. Some daemons run
continually (for example, observided)
and others are started and stopped as
required (for example, obrobtd). This is
equivalent to a service on a Windows host.
Direct Access File System, a new file
access protocol designed to take advantage
of standard memory-to-memory
interconnect technologies
See Direct Access Recovery.
Direct Attached Storage; those parts of a
wide area network in which the mass
storage devices are connected locally
Digital audio tape; a type of 4-mm tape
Secondary storage device within a tape
library usually referred to by a number. In
libraries that contain multiple drives, each
DTE is sequentially numbered, starting
with 1.
An operating system process that writes the
data to tape
These objects are configured to represent
backup and restore parameters that describe
an Oracle database. They act as a glue
layer between RMAN, which accesses the
database, and the Oracle Secure Backup
software, which manages the underlying
media.
A textual description employing a
lightweight language that tells Oracle
Secure Backup what files to back up
A file that contains the names of the hosts
and paths that you want Oracle Secure
Backup to back up.
Digital data storage; a type of 4-mm tape

Oracle Database 11g: Oracle Secure Backup

D-5

Oracle University and (Oracle Corporation) use only.

client

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

device
device driver

Direct Access Recovery (DAR)

direct-attached
DLT
DMA
DMA
DNS host name

A set of configuration data that explains


how Oracle Secure Backup runs in an
administrative domain
A tape drive or library identified by a userdefined device name
A routine or set of routines that implements
the device-specific aspects of generic I/O
operations. The operating system handles
the device-independent aspects of the I/O
operation but calls routines provided by the
driver for the device in question to
implement the device-specific functions.
Every device, whether it is a printer, disk
drive, or keyboard, must have a driver
program. Most devices have their drivers
installed when the device or product that
uses it is installed.
An optional capability of NDMP that
addresses the need to quickly restore a
single file from a stream of backup data
that might contain millions of individual
files. DAR relies on file history
information generated at the NAS device
during a backup operation.
Located on the same host or server; also
referred to as local
Digital Linear Tape technology; a form of
magnetic tape and drive system used for
computer data storage and archiving
data management agent
Direct memory access; a technique that
writes data from OSB tape buffers directly
to tape. Also known as Linux Direct I/O.
Every UNIX system (also known as a host)
has a host name, whether it is connected to
a network or not. Any system attached to
the Internet or any large network conforms
to a more rigorous naming convention as
part of the Domain Name System (DNS).
In DNS, every host name is composed of a
host name and domain name. The DNS
host name is the host name of the computer
(does not include the domain), which is a
symbolic name used to reference a
particular system.

Oracle Database 11g: Oracle Secure Backup

D-6

Oracle University and (Oracle Corporation) use only.

defaults and policies

encryption

encryption key

EOD
EOV

A group of computers and devices on a


network that are administered as a unit with
common rules and procedures. Within the
Internet, domains are defined by the IP
address. All devices sharing a common part
of the IP address are said to be in the same
domain.
The process of using an algorithm to
convert data into a form that is unreadable
except by the intended recipient, who uses
a key to decrypt the message, returning it to
its original readable form.
Backup data can be encrypted either by
RMAN or OSB (never by both).
Oracle Secure Backup has three methods to
generate encryption keys:
Transparent mode: Keys are randomly
generated based on the selected encryption
algorithm AES128(less secure) to AES 256
(most secure)
Passphrase mode: Keys are generated by
using a user-defined passphrase. If the
encryption keys are no longer available,
backups could be decrypted and restored
using the passphrase.
Transient mode: Keys are generated by
using a user-defined passphrase. By
default, transient keys are not stored on the
administrative because the transient backup
is a one-time backup. When the backup
data is restored outside the administrative
domain, the user must enter the correct
passphrase to decrypt and restore the data.
When the backup data is restored within the
administrative domain, no user entry is
required. Oracle Secure Backup can
decrypt and restore the data by itself.
End-of-data (EOD) label used to mark the
end of Oracle Secure Backup operations on
tape
End-of-volume (EOV) label used to mark
the end of a volume within a backup image.
This label contains the volume ID of the
next volume in the set.

Oracle Database 11g: Oracle Secure Backup

D-7

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

domain

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

expiration date
expiration policy
expire duration
FC

FDDI
Fiber Distributed Data Interface

Fibre Channel

A unit of storage equal to 1,024 x 1,024 x


1,024 x gigabytes (just over 1 billion
gigabytes)
The time the volume set is first written +
the write window duration + the retention
duration
A media family configuration setting that
determines when volumes are eligible to be
overwritten
The amount of time after a backup piece is
created during which Oracle Secure
Backup cannot overwrite the data
Fibre Channel, an interface standard for
connecting computers to mass storage
devices such as disk drives and tape
libraries. See also Fibre Channel.
fiber distributed data interface
See Fiber Distributed Data Interface.
A set of ANSI protocols for sending digital
data over fiber optic cable. FDDI networks
are token-passing networks, and support
data rates of up to 100 Mbps (100 million
bits per second). FDDI networks are
typically used as backbones for wide area
networks.
A high performance interface designed to
bring speed and flexibility to multiple diskdrive storage systems. A Fibre Channel
configuration consists of a backplane, (an
external enclosure that houses a printed
circuit board (PCB) and multiple drive
receptacles) and a Fibre Channel host bus
adapter (HBA). The backplane allows
direct connection to the drives (no cable),
supplies power to the drives, and controls
the input and output of data on all drives
within the system. Fibre Channel, a one
and two gigabit interconnect technology,
allows concurrent communications among
workstations, mainframes, servers, data
storage systems, and other peripherals
using SCSI, IP and a wide range of other
protocols to meet the needs of the data
center. (At the time of course creation,
Fibre Channel exists with 1, 2, 4, 8, 10, and
20 GB speeds.)

Oracle Database 11g: Oracle Secure Backup

D-8

Oracle University and (Oracle Corporation) use only.

exabyte

filer

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

firewall
full backup

GBIC

Gigabit Ethernet (GbE)


gigabyte
GUI
HBA
host
host role
HTTP

HTTPS

A collection of files backed up by Oracle


Secure Backup
An appliance attached to a computer
network that is used for data storage
A system designed to prevent unauthorized
access to or from a private network
An operation that backs up all the files
selected on a client. Files are backed up
whether or not they have changed since the
last backup.
Gigabit Interface Converter; an interface
module which converts the light stream
from a fibre channel cable into electronic
signals for use by a network interface card.
This technology can be used for all
connections that use a fiber optic cable,
which includes the ethernet connection.
A term describing various technologies for
implementing Ethernet networking at a
nominal speed of one gigabit per second
A unit of storage, abbreviated as G or GB,
equal to 1,024 megabytes
graphical user interface
Host bus adapter; an interface card that
plugs into the computers bus and connects
it to the network
An addressable system in a computer
network
A class of actions performed by a host.
You can have an administrative server, a
media server, or a client.
Hypertext Transfer Protocol (HTTP); the
set of rules for exchanging files (text,
graphic images, sound, video, and other
multimedia files) on the World Wide Web
Hypertext Transfer Protocol Secure
(HTTPS) is a communications protocol
designed to transfer encrypted information
between computers over the World Wide
Web. HTTPS is HTTP using a Secure
Socket Layer (SSL).

Oracle Database 11g: Oracle Secure Backup

D-9

Oracle University and (Oracle Corporation) use only.

file-system dataset

incremental backup

ISAM

iSCSI

JBOD
job summary

job transcript
kilobyte
label
LAN
library

Used in tape libraries to move volumes into


and out of the library without opening the
door. It is sometimes called a mail slot, and
is physically present only on certain
libraries. Not all libraries have a discrete
import-export element. Some libraries do
have a media access port, but some require
manual action by the operator to open the
door and remove a tape from a slot in the
library.
A process that captures data that was
changed since the level N backup
operation, where N is the level of
comprehensiveness of the backup operation
The Indexed Sequential Access Method
(ISAM) is a method for managing how a
computer accesses records and files stored
on a hard disk. While storing data
sequentially in a data file, ISAM provides
direct access to specific records through an
index. The combination of the data file and
its associated index file is called a
database. ISAM is implemented as a C
function library.
Pronounced eye-scuzzy, an acronym for
Small Computer System Interface protocol
over IP network instead of a direct SCSIcompatible cable. iSCSI enables data
blocks to be read from or sent at high speed
to a storage device such as a disk or tape
drive.
Just a Bunch of Disks; a term used for a
storage enclosure that is supplied with
preintegrated disk drives
A text file report produced by Oracle
Secure Backup that describes the status of
selected file-system backup and restore
jobs
A file that contains the standard output
from a particular backup job
A unit of storage, abbreviated as K or KB,
equal to 1,024 bytes
Data that Oracle Secure Backup uses to
identify a volume or a backup image
local area network
See tape library.

Oracle Database 11g: Oracle Secure Backup

D - 10

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

import-export element (IEE)

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

logical unit number

LTO

LUN
magazine
media family

media server

medium transport element (MTE)


megabyte
MMV
mount mode

Multi-hosted tape library


NAS

An automated backup that does not require


user interaction and typically is performed
outside of normal working hours
An internal mapping identifier used by
Oracle Secure Backup for a specific device.
LUNs make it possible for a number of
devices to share a single SCSI ID.
Linear Tape-Open technology, developed
jointly by HP, IBM, and Seagate; an open
format technology, which means that
users will have multiple sources of product
and media
See logical unit number.
A collection of tapes or volumes
A classification of backup media that share
the same volume identification sequence.
Each media family identifies the amount of
time that data can be written to a tape, and
the amount of time the tape can remain in
storage before it can be overwritten. A
media family can contain one or more
volume sets and volumes.
A computer with one or more attached tape
drives or tape libraries. Backup data is sent
to and restored from volumes loaded in
these devices.
Moves a volume from a storage element to
another element within a tape library
A unit of storage abbreviated as M or MB;
equal to 1,024 x 1,024 or 1,048,576 bytes
media management vendor
The mode indicates the way in which the
scheduling system can use a volume
physically loaded into a tape drive. Valid
values are read-only, write/append,
overwrite, and not-mounted.
A library with multiple media servers
connected to it
See Network Attached Storage.

Oracle Database 11g: Oracle Secure Backup

D - 11

Oracle University and (Oracle Corporation) use only.

lights out backup

NDMP backup type

NDMP Data Service

Network Attached Storage

network description file

network drive
Network File System

The Network Data Management Protocol


(NDMP) is a network applications protocol
facilitating data backup and restore.
Layered atop TCP and the Berkeley socket
model, NDMP defines a set of related
service models, network messages, and
finite state automations that implement
them. The protocol provides a uniform
means to back up and restore data within
and between diverse kinds of storage
servers, open systems, Wintel platforms,
and closed operating system appliances.
NDMP is commonly used by NAS devices
(also known as filers) to facilitate backup
and restore operations without having to
install the backup agent (Oracle Backup,
for example) on the appliance. The NAS
appliance communicates with the backup
software using NDMP.
The name of a backup method supported
by the NDMP Data Service running on a
host. Backup types are defined by each
Data Service provider.
One of three types of NDMP services. The
data service interfaces with the primary
storage device (such as a NAS device) and
interacts with the volume or file system
that is being either backed up or restored.
A server on your network that hosts file
systems. The server exposes the file
systems to its clients through one or more
standard protocols, most commonly NFS
and CIFS.
A text file that describes your network
configuration and is used to push software
across the network to designated systems
during installation
A hard disk physically attached to a server
and accessible over a network
A client/server application that enables all
network users to access shared files stored
on servers of different types. NFS provides
access to shared files through an interface
called the Virtual File System (VFS) that
runs on top of TCP/IP. Users can
manipulate shared files as if they were

Oracle Database 11g: Oracle Secure Backup

D - 12

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

NDMP

NT File System

NTFS
object

OCFS
offsite backup

operator
operator assistance request

Oracle Secure Backup scheduler

Oracle Database 11g: Oracle Secure Backup

D - 13

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

NFS
nibble

stored locally on the users own hard disk.


With NFS, servers connected to a network
operate as clients while accessing remote
files, and as servers while providing remote
users access to local shared files. The NFS
standards are publicly available and widely
used.
See Network File System.
A unit of information equal to 4 bits (or
half a byte)
One of the file systems for the Windows
operating system. NTFS has features to
improve reliability, such as transaction logs
to help restore from disk failures.
See NT File System.
A data storage type used to store Oracle
Secure Backup catalog data. There are user,
class, and policy objects that hold attributes
and names. Internal names are named with
a UUID; external names are user assigned.
Oracle Cluster File System
A backup that is equivalent to a full (level
0) backup except that Oracle Secure
Backup keeps a record of this backup in
such a manner that it does not affect the
full or incremental backup schedule. This is
useful when you want to create a backup
image for offsite storage without disturbing
your schedule of incremental backups.
A person who runs backup operations,
manages schedules, swaps tapes, and
checks for any errors
A request from Oracle Secure Backup that
asks for the operator to perform a task,
such as mounting a different volume during
a backup
A daemon that automatically starts backup
jobs on the specified day and time

orphan
permissions
petabyte
PHP

ping

PNI
Preferred Network Interface

RAC

A user definition, distinct from the name


spaces of existing UNIX, Linux, and
Windows users, which allows Oracle
Secure Backup to maintain a consistent
user identity across the various hosts. It
also allows Oracle Secure Backup to
express a finer granularity of user rights
than are possible with existing user
definitions.
A backup piece that exists in the Oracle
Secure Backup catalog but not in the
RMAN catalog
Operating system file privileges that allow
different users to read, write, or execute
files
A unit of storage equal to 1,024 terabytes,
(just over a million gigabytes)
Hypertext Preprocessor (PHP) is an open
source, server-side HTML scripting
language used to create dynamic Web
pages. PHP is embedded within tags, so the
author can move between HTML and PHP
instead of using large amounts of code.
Because PHP is executed on the server, the
viewer cannot see the code. PHP can
perform the same tasks as a CGI program
and is compatible with many different
kinds of databases.
Stands for Packet Internet Grouper. A
utility to determine whether a specific IP
address is accessible. It works by sending a
packet to the specified address and waiting
for a reply. You can use ping hosts to
troubleshoot network connections.
See Preferred Network Interface.
A network can have multiple physical
connections between a client and the
server. For example, a network can have
both Ethernet and FDDI connections
between a pair of hosts. Using PNI, you
can specify, on a client-by-client basis,
which of the servers network interfaces
should be used to transmit data to be
backed up or restored.
Real Application Clusters

Oracle Database 11g: Oracle Secure Backup

D - 14

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Oracle Secure Backup user

recycling policies
recycling volumes
restore operation
restore operator list

retention duration
RMAN
RMAN preauthorization

SAIT
SAN
SBT

schedule
SCSI

Originally, an acronym for Redundant


Array of Inexpensive Disks to reflect the
data accessibility and cost advantages that
properly implemented arrays could
provide. The acronym has evolved to mean
Redundant Array of Independent Disks
emphasizing the techniques potential data
availability advantages over conventional
disk storage systems.
See expiration policy.
Overwriting data on volumes generated by
Oracle Secure Backup
Copies files from the tapes in a backup
device to the file system on a designated
host
A list of operators to whom restore data
requests are e-mailed. This list is defined in
the obconfig file on the administrative
server.
See expiration policy.
Recovery Manager
Used to determine the Oracle Secure
Backup user under which a specific RMAN
operation, such as backup or restore, is
performed. This allows for the use of
Oracle Secure Backup without going
through the normal Oracle Secure Backup
login requirements.
Super Advanced Intelligent Tape; a Small
Form Factor tape cartridge
See Storage Area Network.
System backup to tape; interface between
RMAN and storage media. RMAN
communicates with Oracle Secure Backup
through the SBT interface.
A user-defined time period for executing
backup operations
Pronounced scuzzy, an acronym for
Small Computer System Interface. A
parallel I/O bus and protocol that permits
the connection of a variety of peripherals to
host computers with independence within a
class of devices (such as disk drives and
backup devices). Connection to the SCSI
bus is achieved through a host adapter and
a peripheral controller. Linux has a four-

Oracle Database 11g: Oracle Secure Backup

D - 15

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

RAID

SCSI target ID

SDLT/SuperDLT
section number
Secure Sockets Layer (SSL)

sequence number

Oracle Database 11g: Oracle Secure Backup

D - 16

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

SCSI LUN number

level hierarchical addressing scheme for


SCSI devices:
SCSI adapter number [host]
Channel number [bus]
ID number [target]
Logical unit number [LUN]
Each SCSI bus can have multiple SCSI
devices connected to it. In SCSI parlance,
the host bus adapter is called the initiator
and takes up one SCSI target ID number
(typically 7). The initiator talks to targets,
which are commonly known as SCSI
devices. Each SCSI device can contain
multiple Logical Unit Numbers (LUNs).
The value used to identify a logical unit of
a SCSI device. In the SCSI-2 specification,
there may be up to eight logical units for
each SCSI device address. These logical
units are numbered from 0 through 7.
The unique address of a SCSI device. An
8-bit SCSI can have up to eight IDs; 16-bit
up to sixteen IDs; and 32-bit up to 32 IDs.
There must be a minimum of one target
and one initiator on the bus. SCSI target
IDs range from 0 to 7 for 8-bit, 0 to 15 for
16-bit and 0 to 31 for 32-bit systems.
Super Digital Linear Tape technology; a
variant of DLT technology
A number that is recorded in the volume
label to indicate the order of the parts of a
backup image that spans multiple volumes
An application layer protocol created by
Netscape for managing the security of
message transmissions in a network. SSL
uses the public-and-private key encryption
system from RSA (a public key algorithm,
named after its inventors: Rivest, Shamir,
and Adleman), which also includes the use
of a digital certificate.
A number that is recorded in the volume
label to indicate the order of volumes in a
volume set

services daemon
single-hosted tape library
SNIA

storage consolidation
SSL
Storage Area Network

storage element (se)


storage selector
tape

tape file mark

A process on Windows that runs in the


background and performs a task for an
application. Some services run continually,
and others are started and stopped as
required.
The observiced daemon. It ensures that
tape resources are available and reserves
them for the backup job.
A tape library with only one media server
directly attached to it
Storage Networking Industry Association;
a non-profit trade organization,
incorporated in December 1997, whose
members are dedicated to ensuring that
storage networks become complete and
trusted solutions across the IT community
The concept of centralizing and sharing
storage resources among many application
servers
See Secure Sockets Layer (SSL).
A high-speed subnetwork of shared storage
devices or servers that contains disks for
storing data. A SAN storage architecture
allows remote servers access to shared tape
devices. These shared devices appear
locally attached to each SAN server.
A physical location within a tape library
where a volume can be stored and retrieved
by a tape librarys robotic mechanism
See Database Backup Storage Selector.
A data storage medium consisting of a
magnetizable oxide coating on a thin
plastic strip, commonly used for backup
and archiving. Popular for its ability to
store large amounts of data, and for its
portability. Tapes are also referred to as
removable media, or secondary storage.
A marker written to tape by Oracle Secure
Backup that signals the end of a backup
image

Oracle Database 11g: Oracle Secure Backup

D - 17

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

service

TCP/IP

terabyte
trigger
URL
UUID
virtualization

volume
volume expiration time

An automated tape-handling hardware


device that invariably house two or more
drives and from 10s to 100s of tapes. A
library accepts SCSI commands to move
media between storage locations and
drives. Tape libraries are designed for
continuous, unattended operation and allow
simultaneous reading and writing to
multiple drives. Tape libraries also offer
key features such as barcode readers to
scan labels on cartridges, and an I/O port
for importing and exporting individual
tapes under application control. It is also
referred to as a robotic tape device,
autochanger, or medium changer.
Transmission Control Protocol/Internet
Protocol. It is the suite of protocols used to
connect hosts for transmitting data over
networks.
A unit of storage, abbreviated as T or TB;
equal to 1,024 gigabytes
A user-defined period in time or sets of
times that causes a scheduled backup to run
The Uniform Resource Locator, the address
of a resource available on the Internet
Universal Unique Identifier; used for
tagging objects across a network
The pooling of physical storage from
multiple network storage devices into what
appears to be a single storage device that is
managed from a central console.
A single unit of media such as an 8-mm
tape. A volume can contain one or more
backup images.
The date and time on which a volume
expires. Oracle Secure Backup computes
this by adding the write window duration,
if any, to the time at which it wrote backup
image file number 1 to a volume, then
adding the volume retention period.

Oracle Database 11g: Oracle Secure Backup

D - 18

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

tape library

volume label

volume sequence file


volume set
volume set expiration time

volume tag

WAN

A label that uniquely identifies the volume


and includes the backup images file
number and additional information, if the
backup image is contained on a multivolume set. Oracle Secure Backup begins
each backup image with a label that
uniquely identifies the backup image.
Volume IDs appear in volume labels and
backup image labels. For example,
VOL000001 appears in the volume
sequence file.
The first block of the first backup image on
a volume. It contains the volume ID, owner
name, and date and time for the volume
creation.
A file that contains a unique volume ID to
assign when labeling a volume
The volumes that comprise a backup image
The date and time on which a volume set
expires, computed by adding the write
window duration, if any, to the time at
which the first backup image file was
written to the volume set, then adding the
volume set retention period
A field that is commonly used to hold the
barcode identifier for the volume. Each
Oracle Secure Backup volume has an
associated field called a volume tag. It is
another name for the barcode that can be
found in the volume label.
Wide area network, a computer network
that spans a relatively large geographical
area. Typically, a WAN consists of two or
more local area networks (LANs).
Computers connected to a wide area
network are often connected through public
networks, such as the telephone system.
They can also be connected through leased
lines or satellites. The largest WAN in
existence is the Internet.

Oracle Database 11g: Oracle Secure Backup

D - 19

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

volume ID

WORM

write date

write-protect

write window

A unique identifier for devices on a Storage


Area Network (SAN), similar to a media
access control (MAC) address for devices
connected via Ethernet. WWNs consist of
16 hexadecimal digits grouped as 8 pairs.
These are written with colon characters
separating each pair. The format of the
WWN is defined by the Institute of
Electrical and Electronics Engineers
(IEEE). It is also referred to as a WWPN
(Worldwide Port Name) or WWNN
(Worldwide Node Name).
Write Once Read Many times; a class of
optical recording systems that allow
recording and adding data but not altering
recorded data
Defines the period of time, starting from
the volumes first data write operation,
during which updates to the volume are
allowed
To mark a file or media so that its contents
cannot be modified or deleted. Writeprotected files and media can only be read;
you cannot write to them, edit them,
append data to them, or delete them.
The period of time for which a volume set
remains open for updates, usually by
appending additional backup images. The
write window opens at the time the volume
set is created, and closes after this specified
period has elapsed. After the write window
closes, Oracle Secure Backup does not
allow any further updates to the volume set
until it expires, or until it is relabeled,
reused, unlabeled, or forcibly overwritten.

Oracle Database 11g: Oracle Secure Backup

D - 20

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

World Wide Names (WWNs)

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

Index

administrative domain 1-7, 1-9, 1-11, 1-12, 1-17, 1-21, 2-2,


2-3, 2-4, 2-14, 2-23, 3-3, 3-5, 3-6, 3-7, 3-8, 3-16, 3-17,
3-21, 4-7, 4-8, 4-9, 4-15, 6-4, 7-3, 8-3, 8-7, 8-11, 9-3,
9-4, 9-8, 9-10, 9-28, B-14, C-3, C-8, C-9, C-13
administrator i-7, 10-14, 1-2, 2-13, 2-18, 3-5, 3-6, 3-7,
3-18, 3-27, 4-16, 6-8, 6-12, 6-15, 7-10, 9-5, 9-6, 9-14, B-5,
C-7
Apache Web server 1-8, 8-4, C-9, C-13
attachment 1-11, 1-17, 1-18, 2-4, 6-18, 9-9, 9-12, 9-22
authentication 1-21, 3-2, 3-3, 3-16, 3-17, 3-18, 3-23, 3-25,
3-34, 9-7, B-12
authentication type 9-7
B
backup ID 3-5, 9-9
backup image 1-13, 1-14, 3-5, 3-6, 4-20, 7-3, 7-5, 7-11, 8-8,
9-15, B-15
backup job 2-18, 3-8, 3-27, 3-31, 4-6, 5-7, 5-8, 5-9, 5-14,
6-3, 6-4, 6-11, 6-13, 6-14, 6-17, 6-18, 7-12, 9-16, B-14, B-15,
B-16, B-17, B-22, B-23
backup level 1-16, 1-20, 4-14, 6-3, 6-14, 6-17
backup operation 1-13, 1-19, 2-18, 3-8, 3-9, 3-10, 4-13, 6-4,
6-12, 8-4, 8-7, B-5, B-15
backup piece 1-14, 1-22, 4-5, 4-18, 4-19, 4-20, 5-10, 5-11, 8-9,
B-9, B-15, B-24
backup schedule 10-19, 11-13, 1-20, 6-3, 6-13, 6-14, 6-15, 6-22,
9-16, B-16
backup section 1-13, 4-8, 4-15, 8-8, 8-9, 9-14, 9-15
backup set 1-14, 1-20, 2-16, 4-12, 4-14, 4-15, 4-16, 4-19, 5-10,
B-4, B-5, B-8, C-3
Backup Storage Selector 4-2, 4-6, 4-12, 4-13, 4-14, 4-15, 4-25,
4-26
backup trigger 6-12, 6-14, 6-15, 6-16, 6-22
backup window 1-4, 2-18, 3-5, 6-4, 6-11, 6-12, 6-22
barcode 1-17

Oracle Database 11g: Oracle Secure Backup Index - 2

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

B
bus 12-4, 1-4, 2-11, 3-9, 3-11
catalog i-3, 10-11, 10-16, 11-12, 11-16, 1-7, 1-8, 1-9, 1-12,
1-14, 2-19, 3-3, 3-4, 3-5, 3-28, 4-6, 4-16, 4-18, 4-20, 5-7,
5-10, 5-11, 6-16, 7-2, 7-3, 7-4, 7-5, 7-7, 7-8, 7-9, 7-10,
7-11, 7-12, 7-15, 7-16, 8-2, 8-3, 8-4, 8-7, 8-9, 8-10, 8-11,
8-12, 8-13, 8-15, 8-16, 8-17, 9-17, B-14, C-9, C-13, C-17
Certificate Authority 3-16, 3-17, 3-19, 3-20
channel 12-5, 12-8, 12-11, 12-12, 12-16, 12-17, 1-18, 2-4, 3-11,
3-16, 3-17, 4-10, 5-12, 8-4, 9-9, 9-10, B-24, B-25
class i-4, i-8, 11-6, 1-13, 1-16, 1-19, 1-21, 2-11, 2-13, 3-3,
3-4, 3-5, 3-6, 3-7, 3-9, 3-11, 3-12, 3-15, 4-15, 8-7, 9-6,
B-19, C-5
D
daemon 1-8, 2-11, 2-14, 3-21, 3-22, 8-3, 8-4, 8-5, 8-6, 8-7,
8-9, 8-10, B-13, B-21, B-22, C-7, C-8, C-10, C-14, C-18
DAS 6-6, 8-11
data set 5-8, B-15
data transfer element 9-9
dataset 10-19, 11-13, 1-20, 3-5, 6-2, 6-4, 6-6, 6-7, 6-8,
6-9, 6-10, 6-13, 6-17, 6-19, 6-22, 6-23, 6-25, 6-26, 8-12, 8-13,
9-16, 9-23, B-14, B-15, B-16, B-17
direct memory 12-10
DMA 12-9, 12-10, 12-12, 8-7, B-23
DNS 2-3, 9-4
driver 12-6, 12-10, 2-4, 2-15, C-3, C-9, C-10, C-13, C-14
DTE 4-15, 9-8, 9-9
duplicate 10-6, 11-4, 11-6, 11-9, 11-12, 1-12, 3-28
duplication i-3, i-4, 10-6, 10-9, 11-1, 11-2, 11-3, 11-4, 11-5,
11-6, 11-7, 11-8, 11-9, 11-10, 11-11, 11-12, 11-13, 11-14, 11-15, 11-16,
B-14

Oracle Database 11g: Oracle Secure Backup Index - 3

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

encryption i-6, 12-4, 1-6, 1-10, 1-21, 1-26, 2-13, 2-16, 3-2,
3-3, 3-16, 3-17, 3-18, 3-21, 3-23, 3-24, 3-25, 3-26, 3-27, 3-28,
3-29, 3-30, 3-31, 3-32, 3-33, 3-34, 3-35, 5-5, 6-16, B-3, B-4,
B-5, B-6, B-7, B-8, B-11, B-12, B-13, B-14, B-25, C-5
expiration 10-8, 10-10, 1-16, 4-2, 4-17, 4-18, 4-20, 4-25, 6-5,
6-14, 6-17
expiration policy 1-16
F
fiber 12-3, 12-5, 12-16
fibre 12-5, 12-6, 1-11, 1-17, 1-18, 2-4, 9-9, 9-10
firewall C-3
full backup 1-20, 6-3
H
host role 1-7, 2-3, C-13, C-14, C-15, C-16
http i-8, 1-2, 1-8, 2-2, 2-17, 8-4, C-18
https 2-17
I
incremental 1-3, 1-16, 1-20, 2-18, 4-13, 4-14, 4-22, 5-3, 6-3,
6-14, 6-24, 7-11
J
job log 5-8, B-15
job summary 2-14, 5-8, 8-12, B-23, C-6
L
library 10-3, 10-4, 10-11, 10-15, 11-5, 12-6, 12-14, 1-5, 1-7,
1-9, 1-15, 1-17, 1-18, 1-19, 2-3, 4-10, 4-17, 4-19, 8-4, 9-8,
9-9, 9-11, 9-12, 9-22, 9-26, B-25, C-10, C-14
LUN 12-6
M
media family 10-4, 10-5, 10-8, 10-9, 10-10, 10-16, 10-19, 11-4, 11-5,
11-6, 11-7, 11-9, 11-10, 11-12, 11-13, 11-16, 1-13, 1-15, 1-16, 2-19,
4-13, 4-14, 4-16, 4-17, 4-19, 4-23, 6-5, 6-14, 6-18, 8-12, 9-14,
9-16, C-17
media movement 10-4, 10-8, 10-11, 10-13, 10-14, 10-15, 10-16, 10-17,
10-18, 10-20, 10-23, B-14

Oracle Database 11g: Oracle Secure Backup Index - 4

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

N
NAS 12-3, 1-4, 1-9, 1-17, 1-26, 2-2, 2-3, 2-4, 2-20, 3-23,
3-29, 6-3, 7-11, 9-6, 9-10, 9-19
NDMP 12-3, 1-21, 2-3, 2-4, 3-8, 3-16, 6-7, 7-11, 8-3, 8-4,
8-7, 9-3, 9-5, 9-6, 9-7, 9-8, 9-10, 9-20, 9-21, 9-24, 9-25,
C-10, C-14
network i-8, 12-9, 1-3, 1-7, 1-9, 1-11, 1-17, 1-19, 1-21,
2-3, 2-4, 2-6, 2-11, 2-12, 3-16, 3-23, 3-29, 6-3, 9-4, 9-5,
9-6, 9-8, 9-9, 9-10, B-3, B-25
network attached storage 2-3, 2-4
network file system 1-3
O
offsite 10-3, 10-4, 10-6, 10-8, 11-4, 11-5, 11-12, 11-16, 1-5,
1-10, 3-24, 5-12, 6-3, 6-14, 6-17
onsite 10-17, 11-4, 11-5, 3-24
operator 10-3, 10-4, 10-11, 10-14, 10-16, 11-12, 3-4, 3-6, 5-8,
B-14, B-15
P
passphrase 3-25, 3-26, 3-27, 3-28, 3-29, 3-31, 3-32, 3-33
permission 3-4, 3-9, 3-10, 3-15, 7-4
ping 10-4, 10-8, 10-15, 1-21
preauthorization 1-21, 3-9, 3-11, 3-12, 3-35, 4-10, 8-4
preauthorize 1-21, 3-2, 3-11, 3-12, 3-15, 3-34, 4-10
R
RAID 12-4, 12-6
recycle 10-3, 10-4, 10-6, 10-8, 11-5
retention 10-3, 10-9, 11-3, 11-4, 11-5, 11-9, 1-16, 4-5, 4-16,
4-17, 4-18, 4-24

Oracle Database 11g: Oracle Secure Backup Index - 5

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.

M
media server 12-10, 12-14, 1-5, 1-7, 1-8, 1-9, 1-11, 1-25, 2-3,
2-4, 2-6, 2-7, 2-10, 2-12, 2-21, 2-22, 2-24, 3-19, 3-23, 4-7,
4-9, 8-3, 8-4, 8-14, 9-2, 9-4, 9-5, 9-6, 9-7, 9-9, 9-22,
9-24, 9-27, B-25, C-3, C-4, C-11, C-15, C-16

SBT 12-9, 12-16, 1-12, 1-26, 3-6, 3-11, 4-10, 4-13, 5-9, 5-15,
8-4, 8-9, B-24, B-25, C-10, C-14
SCSI 12-10, 1-3, 1-9, 1-17, 2-3, 2-4, 8-13, 9-9, 9-10, C-8
SSL 11-6, 1-6, 1-19, 1-21, 3-16, 3-17, 3-18, 3-19, 3-24, 3-29,
7-9, B-3, B-12
T
tape device 10-8, 11-6, 12-11, 1-3, 1-9, 1-11, 1-19, 2-2, 2-3,
2-4, 3-23, 3-29, 4-7, 5-5, 7-4, 8-13, 9-2, 9-10, 9-11, 9-24,
9-27, B-12, B-25, C-3
tape library 10-3, 10-15, 12-14, 1-7, 1-17, 1-18, 1-19, 2-3, 8-4,
9-9, 9-11, 9-12, 9-26, B-25
tape volume 10-4, 10-18, 9-11, B-14
transcript 10-13, 3-5, 3-6, 5-8, 5-9, 6-19, 6-20, 7-10, 8-3,
8-13, 9-16, B-2, B-14, B-15, B-18, B-19, B-20, B-24, C-10, C-14
transient 3-27, 3-28, 3-31
transparent 12-3, 1-11, 3-9, 3-25, 3-26, 3-33, 5-13, B-3, B-4,
B-5, B-6, B-8
trigger 10-12, 11-11, 6-4, 6-12, 6-14, 6-15, 6-16, 6-22, 8-12,
B-14
V
virtual 11-6, 1-10, 1-19, 2-24
volume set 10-10, 1-13, 1-15, 1-16, 3-27, 3-31, 4-17, 4-19, 6-5,
8-13, C-17
W
wallet 1-6, 3-17, 3-19, 3-20, 3-21, 3-22, 3-26, 3-27, 3-29, 3-30,
B-4, B-5, B-8, B-11, B-12, B-13, C-5
write window 10-4, 10-8, 10-10, 11-5, 1-16, 4-17, 6-5, C-17

Oracle Database 11g: Oracle Secure Backup Index - 6

Oracle University and (Oracle Corporation) use only.

These eKit materials are to be used ONLY by you for the express purpose SELF STUDY. SHARING THE FILE IS STRICTLY PROHIBITED.