manualshive.com logo in svg

Oracle Secure Backup 10.3, Руководство по установке и настройке, Страница: 121 / 174

Поделиться
Скачать
Oracle Secure Backup 10.3 Скачать руководство пользователя страница 121

Host Authentication and Communication

Managing Security for Backup Networks

6-11

Automated and Manual Certificate Provisioning Mode

Oracle Secure Backup provides automated and manual modes for initializing the 
security credentials for a 

client

 host that wants to join the domain. The automated 

mode is easy to use, but it has potential security vulnerabilities. The manual mode is 
harder to use, but it is less vulnerable to tampering.

In 

automated certificate provisioning mode

, which is the default, adding a host to the 

domain is transparent. The host generates a 

public key

/

private key

 pair and then 

sends a 

certificate

 request, which includes the public key, to the 

Certification 

Authority (CA)

. The CA issues the host an 

identity certificate

, which it sends to the 

host along with any certificates required to establish a chain of trust to the CA.

The communication between the two hosts is over a secure but non-authenticated 

Secure Sockets Layer (SSL)

 connection. It is conceivable that a rogue host could insert 

itself into the network between the CA and the host, thereby masquerading as the 
legitimate host and illegally entering the domain.

In 

manual certificate provisioning mode

, the CA does not automatically transmit 

certificate responses to the host. You must transfer the certificate as follows:

1.

Use the obcm utility to export a signed certificate from the CA.

2.

Use a secure mechanism such as a floppy disk or USB key chain drive to transfer a 
copy of the signed identity certificate from the CA to the host.

3.

Use obcm on the host to import the transferred certificate into the host's 

wallet

The obcm utility verifies that the certificate request in the wallet matches the 
signed identity certificate.

You must balance security and usability to determine which certificate provisioning 
mode is best for your 

administrative domain

.

Oracle Wallet

Oracle Secure Backup stores every 

certificate

 in an Oracle 

wallet

. The wallet is 

represented on the operating system as a password-protected, encrypted file. Each 
host in the 

administrative domain

 has its own wallet in which it stores its 

identity 

certificate

private key

, and at least one 

trusted certificate

. Oracle Secure Backup does 

not share its wallets with other Oracle products.

Besides maintaining its password-protected wallet, each host in the domain maintains 
an 

obfuscated wallet

. This version of the wallet does not require a password. The 

obfuscated wallet, which is scrambled but not encrypted, enables the Oracle Secure 
Backup software to run without requiring a password during system startup.

The password for the password-protected wallet is generated by Oracle Secure Backup 
and not made available to the user. The password-protected wallet is not usually used 
after the security credentials for the host have been established, because the Oracle 
Secure Backup 

daemons

 use the obfuscated wallet.

Figure 6–4

 illustrates the relationship between the certificate authority and other hosts 

in the domain.

Note:

To reduce risk of unauthorized access to obfuscated wallets, 

Oracle Secure Backup does not back them up. The obfuscated version 
of a wallet is named cwallet.sso. By default, the wallet is located in 

/usr/etc/ob/wallet

 on Linux and UNIX and 

C:\Program 

Files\Oracle\Backup\db\wallet

 on Windows.

Содержание Secure Backup 10.3

Страница 1: ...Oracle Secure Backup Installation and Configuration Guide Release 10 3 E12835 06 December 2010 How to install uninstall and manage hardware and network configuration in Oracle Secure Backup ...

Страница 2: ... are commercial computer software or commercial technical data pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such the use duplication disclosure modification and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract and to the extent applicable by the terms of the Government cont...

Страница 3: ...ces 1 10 System Requirements for Oracle Secure Backup 1 11 Disk Space Requirements for Oracle Secure Backup 1 11 Other System Requirements for Oracle Secure Backup 1 12 Linux Media Server System Requirement SCSI Generic Driver 1 12 Acquiring Oracle Secure Backup Installation Media 1 12 Installation and Configuration Overview 1 13 About Upgrade Installations 1 14 Preparing Administrative Domain Hos...

Страница 4: ...Changer and Sequential Devices 2 19 Utilizing sgen Attach Points 2 20 Performing an Upgrade Installation on Linux or UNIX 2 20 Uninstalling Oracle Secure Backup on Linux or UNIX 2 20 3 Installing Oracle Secure Backup on Windows Preliminary Steps 3 1 Disabling Removable Storage Service on Windows Media Servers 3 2 Extracting Oracle Secure Backup from OTN Download on Windows 3 2 Running the Oracle S...

Страница 5: ... 8 Configuring Preferred Network Interfaces PNI 5 8 Pinging a Host 5 9 Viewing or Editing Host Properties 5 9 Updating a Host 5 9 Removing a Host 5 10 Adding Tape Devices to an Administrative Domain 5 10 Tape Device Names 5 11 About Configuring Tape Drives and Libraries 5 11 Updating a Tape Device Inventory 5 12 Displaying the Devices Page 5 13 Configuring a Tape Library 5 14 Configuring Automatic...

Страница 6: ...4 Default Security Configuration 6 15 Configuring Security for the Administrative Domain 6 16 Providing Certificates for Hosts in the Administrative Domain 6 16 Configuring the Administrative Server 6 16 Configuring Media Servers and Clients 6 17 Setting the Size for Public and Private Keys 6 18 Setting the Key Size in obparameters 6 18 Setting the Key Size in the certkeysize Security Policy 6 19 ...

Страница 7: ...sl B 6 C Determining Linux SCSI Parameters Determining SCSI Device Parameters on Linux C 1 D Oracle Secure Backup and ACSLS About ACSLS D 1 ACSLS and Oracle Secure Backup D 2 Communicating with ACSLS D 3 Drive Association D 3 Volume Loading and Unloading D 3 Imports and Exports D 3 Access Controls D 4 Scratch Pool Management D 4 Modified Oracle Secure Backup Commands D 4 Unsupported Oracle Secure ...

Страница 8: ...viii ...

Страница 9: ... available in HTML format and contains markup to facilitate access by the disabled community Accessibility standards will continue to evolve over time and Oracle is actively engaged with other market leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers For more information visit the Oracle Accessibility Program Web site at ht...

Страница 10: ... about database backup and recovery including the Recovery Manager RMAN utility see the following Oracle resources Oracle Database Backup and Recovery Advanced User s Guide This book provides an overview of backup and recovery and discusses backup and recovery strategies It provides instructions for basic backup and recovery of your database using Recovery Manager RMAN The Oracle Secure Backup pro...

Страница 11: ... and mixed IPv4 IPv6 environments on all platforms that support IPv6 Using Oracle Secure Backup on your network enables you to take data from a networked host running Oracle Secure Backup or a NAS device that support NDMP and back up that data on a tape device on the network That data can include ordinary file system files and databases backed up with Recovery Manager RMAN As part of the Oracle st...

Страница 12: ...ich backups are stored and each tape device with its attachment to the hosts A host can belong to only one administrative domain Host Roles in an Administrative Domain Each host in an administrative domain must be assigned one or more of the following Oracle Secure Backup roles Administrative server Each administrative domain must have exactly one administrative server During postinstallation conf...

Страница 13: ...dors such as Network Appliance and EMC are supported only in NDMP access mode Each NDMP host uses a vendor specific implementation of the NDMP protocol to back up and restore file systems Some devices support older versions of the NDMP protocol When adding such devices to the administrative domain extra parameters might be required Oracle Secure Backup supports NDMP versions 3 and 4 and various ex...

Страница 14: ... Oracle Secure Backup administrative domain that includes three client hosts one administrative server and one media server A NAS appliance contains ordinary file data One client based on UNIX and another based on Windows contain databases and other file data Oracle Secure Backup can back up to tape the non database files on file systems accessible on client hosts RMAN can back up to tape database...

Страница 15: ...y which media server can communicate with this tape device This section contains these topics Tape Drives Tape Libraries Device Names and Attachments Tape Drives A tape drive is a tape device that uses precisely controlled motors to wind a tape from one reel to another The tape passes a read write head as it winds Most magnetic tape systems use small reels fixed inside a cartridge to protect the t...

Страница 16: ...backup it decides what block size to use based on several factors Listed in order of precedence these factors are Blocking factor specified using the obtar b option This option can also be specified as part of the operations backupoptions policy If this option is specified then it overrides all other factors Configuration of the tape drive to be used You can specify what blocking factor maximum bl...

Страница 17: ...the block and adjusts the size of subsequent reads to match what is on the tape Each tape drive supports a specific tape format Typical tape formats include 8mm 4mm or Digital Audio Tape DAT Advanced Intelligent Tape AIT Digital Data Storage DDS Digital Linear Tape DLT and Super DLT SDLT Linear Tape Open LTO an open alternative to the proprietary DLT format Information about the tape formats of ta...

Страница 18: ...needed to store the complete backup image Barcode readers A barcode is a symbol code that is physically applied to volumes for identification purposes Some tape libraries have an automated barcode reader Oracle Secure Backup can use barcodes to identify tapes in a tape library Automatic tape drive cleaning Oracle Secure Backup checks for cleaning requirements when a tape is loaded into or unloaded...

Страница 19: ...tape drive if any that you select for an operation Oracle Secure Backup refers to elements by their abbreviation mte se iee or dte followed by the number of the element for example se5 iee2 dte1 When multiple elements of a type exist element numbering starts at 1 When only one element of a type exists the number can be omitted Thus iee1 and iee both refer to the first and only import export elemen...

Страница 20: ...utility provides the fundamental interface for Oracle Secure Backup functions including configuration media handling and backup and restore of file system files Oracle Enterprise Manager offers access to most Oracle Secure Backup functions available through obtool as part of its Database Control and Grid Control interfaces Oracle Secure Backup includes its own Web based interface called the Oracle...

Страница 21: ...the install package Table 1 1 describes approximate disk space requirements Table 1 2 describes approximate disk space required for an installation of Oracle Secure Backup on Windows with and without the administrative server The disk space required for the Oracle Secure Backup catalog depends on many factors But as a general rule plan for catalog space equal to 250 of your largest index created a...

Страница 22: ...ame IP address On Oracle Secure Backup network installations it is important that there be no duplicate host names Index catalog data is stored in a directory based on the name of the client host Duplicate host names would result in information related to backups from multiple clients being combined in a manner that could prevent successful restore operations from backup files You can configure Or...

Страница 23: ...irements for Oracle Secure Backup on page 1 11 d Install Oracle Secure Backup software on this host When this step is complete the administrative domain is initialized But the only host included in the administrative domain at this point is the administrative server 2 Create Oracle Secure Backup media servers a Select one or more hosts to be media servers These hosts must have a tape device or oth...

Страница 24: ...n upgrade installation the Oracle Secure Backup catalogs contained in the admin directory are preserved retaining configuration information and backup metadata for your administrative domain This state information for your administrative domain such as the backup catalog host user and device configuration information and any scheduled backup jobs is stored in the admin directory under the Oracle S...

Страница 25: ...tion to Oracle Secure Backup 1 15 Use the kill 9 command to stop each process On Windows hosts you must stop the Oracle Secure Backup service 1 Open the Services applet 2 Right click the Oracle Secure Backup Services service 3 Select Stop ...

Страница 26: ...About Upgrade Installations 1 16 Oracle Secure Backup Installation and Configuration Guide ...

Страница 27: ... Parameters in the obparameters File Installing Oracle Secure Backup on Linux or UNIX with installob Installing or Uninstalling Oracle Secure Backup on AIX Installing or Uninstalling Oracle Secure Backup on HP UX Creating Attach Points with makedev Performing an Upgrade Installation on Linux or UNIX Uninstalling Oracle Secure Backup on Linux or UNIX Overview of Oracle Secure Backup Linux and UNIX ...

Страница 28: ...t privileges to perform the installation Prerequisites for Installation on Linux For each Linux media server ensure that the SCSI Generic SG driver is installed This driver is required for Oracle Secure Backup to interact with a tape device Kernel modules are usually loaded directly by the facility that requires them if the correct settings are present in the etc modprobe conf file However it is s...

Страница 29: ...p Logical Unit Numbers to Devices Each tape drive and tape library must be assigned an Oracle Secure Backup LUN during the configuration process This number is used to generate unique device names during device configuration Oracle Secure Backup logical unit numbers are assigned as needed automatically on Windows For each UNIX or Linux media server however you must select Oracle Secure Backup logi...

Страница 30: ...mkdir tmp osbdownload 3 Open a Web browser and go to the Oracle Secure Backup Web site on Oracle Technology Network OTN http www oracle com technology products secure backup 4 Click Free Download The Oracle Technology Network Developer License Terms page appears 5 Read Export Controls on the Programs and select the Yes I accept option Read the Oracle Technology Network Development License Agreemen...

Страница 31: ...then unexpected behavior can result If you are installing Oracle Secure Backup in an Oracle RAC environment then you must install Oracle Secure Backup on each node in the cluster Creating the Oracle Secure Backup Home You must create an Oracle Secure Backup home The Oracle Secure Backup setup program uses this directory to store installation files specific to your host To create the Oracle Secure ...

Страница 32: ...ted the setup software to the tmp osbdownload OB directory then you would run setup as follows tmp osbdownload OB setup Oracle Secure Backup expands compressed files in a temporary directory during installation To specify a directory for this expansion you can use the t option to the setup command The following example specifies that setup should use directory_name for the expansion media_dir setu...

Страница 33: ...omize installation directories and symbolic links created during installation on different platforms If you are using Oracle Secure Backup to back up Oracle Database files to tape then you can create an Oracle Secure Backup user named oracle for use in RMAN backups You can associate this user with Linux or UNIX operating system credentials by setting parameters in obparameters See Also Installing ...

Страница 34: ...Enter 3 Confirm the settings in the obparameters file This step depends upon the value of the customized obparameters parameter in the obparameters file described in Configuring Installation Parameters in the obparameters File on page 2 7 The two possibilities are You have edited the obparameters file and set customized obparameters to yes In this case the installob script assumes that you have ma...

Страница 35: ...ive server The installob script asks for a password for the admin user and then asks you to reenter it for confirmation Oracle recommends that you choose a password of at least 8 characters in length containing a mixture of alphabetic and numeric characters When you type in the password your entry is not echoed to the display The minimum password length is determined by the minuserpasswordlen secu...

Страница 36: ...on an administrative server with no tape devices attached Note The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle It is a security vulnerability The recommended procedure is to have the user be prompted for the password Note The default from address for e mails generated by Oracle Secure Backup is root fqdn where fqdn is the ful...

Страница 37: ...ters for all tape libraries and tape drives attached to this host the installob script begins device driver configuration and device special file creation Record the name of the device special file created for each tape device The filename is needed when you configure the attachment for the tape device as part of configuring the Oracle Secure Backup domain The filename should be dev obtn for tape ...

Страница 38: ...h makedev The makedev script in Oracle Secure Backup is used to create an attach point for a single tape drive Internally the installob script calls makedev once for each tape device specified during installation Alternatively you can run makedev outside of installob to create all required attach points The makedev script can also replace an old attach point rather than creating a new one If you r...

Страница 39: ...e is located in the cdtools directory of the Oracle Secure Backup CD or CD image The syntax is as follows where dname is the device file name of the SCSI bus or Fibre Channel fabric to scan obscan dname The obscan tool determines the SCSI ID and LUN for every tape and media changer device in a switched configuration To identify and configure AIX devices with obscan and makedev 1 Log on as root You...

Страница 40: ...006045175222 Target id 6423827 Lun 2 Vendor IBM Product ULTRIUM TD2 World Wide Name 2001006045175222 Target id 6491411 Lun 0 Vendor ADIC Product Scalar i500 World Wide Name 2400005084800672 Target id 6491411 Lun 1 Vendor IBM Product ULTRIUM TD3 World Wide Name 2400005084800672 Target id 6491411 Lun 2 Vendor IBM Product ULTRIUM TD3 World Wide Name 2400005084800672 Target id 6491411 Lun 3 Vendor IBM...

Страница 41: ...nfiguration no tool is provided to help you determine the SCSI ID and LUN However for IBM supported devices in these configurations you can use the lsattr command To identify and configure AIX devices with lsattr and makedev 1 Log on as root You must have operating system privileges to access devices which is often root access to run lsattr 2 Run lsattr for each SCSI and Fibre Channel adapter with...

Страница 42: ...bout how the devices are attached to their hosts SCSI bus number instance Target ID LUN To gather device information in HP UX you can use the ioscan utility located in usr sbin on the HP UX operating system The ioscan command searches the system and lists any devices that it finds You must have root access to run ioscan To identify and configure HP UX devices 1 Log on as root 2 Execute the followi...

Страница 43: ...n Table 2 4 The example creates the attach point dev obl 8 for the ADIC FastStor 2 library on SCSI bus instance 3 with the target ID 1 and SCSI LUN 0 makedev Enter logical unit number 0 31 0 8 Enter d if this device is a tape drive or l if a SCSI 2 addressable tape library d l Enter SCSI bus instance 3 Enter SCSI target id 0 16777215 1 Enter SCSI logical unit number lun 0 7 0 0 dev obl 8 created T...

Страница 44: ...SCSI F53A dev sg5 2 0 0 0 1 dev nst1 IBM ULTRIUM TD2 5AT0 dev sg6 2 0 0 1 8 ADIC Scalar 24 310A dev sg7 2 0 1 0 1 dev nst2 IBM ULTRIUM TD2 5AT0 dev sg8 2 0 1 1 8 ADIC Scalar 24 310A dev sg9 2 0 2 0 1 dev nst3 IBM ULTRIUM TD3 54K1 dev sg10 2 0 3 0 1 dev nst4 IBM ULTRIUM TD3 54K1 dev sg11 2 0 3 1 8 ADIC Scalar 24 310A 2 Using the sg_map output make a note of the attach point for each tape device tha...

Страница 45: ... that admin directory 2 Enable sequential 01 and changer 01 devices by adding the following line in the kernel drv sgen conf file device type config list sequential changer 3 Verify that there is an entry for the sgen driver in etc minor_perm An example of an entry in this file is as follows sgen 0600 root sys 4 Verify that there is an entry for the sgen driver in etc name_to_major The following i...

Страница 46: ...ed the obparameters file then save a copy of it 3 Cancel all active and pending jobs 4 Stop all Oracle Secure Backup daemons 5 Run the setup scripts from the new CD ROM 6 During the upgrade process the installer displays the following prompt Oracle Secure Backup is already installed on this machine myhostname Would you like to re install it preserving current configuration data no Enter yes to per...

Страница 47: ... script asks to remove the Oracle Secure Backup home directory Select one of the following options no Select this option if you do not want to remove the Oracle Secure Backup home directory yes Select this option to remove the Oracle Secure Backup home directory All files in the home directory are deleted The only exception is the admin directory which you can elect to retain by answering yes at t...

Страница 48: ...allation on this host Select one of the following options yes If you select this option then the uninstallob script displays progress messages as it uninstalls Oracle Secure Backup When it is finished it displays the following message Oracle Secure Backup has been successfully removed from host_name no If you select this option then the uninstallob script does not uninstall Oracle Secure Backup fr...

Страница 49: ...ur network as described in Installation and Configuration Overview on page 1 13 Ensure that each host has a network connection and runs TCP IP If you are installing Oracle Secure Backup on a media server then physically attach each tape library and tape drive that you intend to make available for use by Oracle Secure Backup Restart the media server if required Disable any system software that scan...

Страница 50: ...rectory on your local hard drive To download and extract the Oracle Secure Backup installation Zip file on Windows 1 Log on to your host as a user with Administrator privileges 2 In Windows Explorer create a temporary folder called osbdownload on a file system with enough free space to hold the downloaded installation file 3 Open a Web browser and go to the Oracle Secure Backup Web site on Oracle ...

Страница 51: ...Secure Backup from a CD ROM then insert the CD ROM If AutoPlay is enabled then the setup exe program starts automatically and opens the Oracle Secure Backup Setup Wizard If Windows AutoPlay is not enabled then open the drive containing the installation CD ROM using Windows Explorer and run the setup exe program If you are installing Oracle Secure Backup from an Oracle Technology Network OTN downlo...

Страница 52: ...Installation and Configuration Guide If you have uninstalled Oracle Secure Backup software before beginning this installation or if you have never installed it on this computer then the Clean Install page appears 3 Click Next to continue The Customer Information screen appears ...

Страница 53: ... in the User Name field b Enter the name of your company in the Organization field c Select one of these options Anyone who uses this computer This option allows anyone who has access to this computer to use Oracle Secure Backup Only for me This option limits use of Oracle Secure Backup to you Click Next to continue The Oracle Secure Backup Setup screen appears ...

Страница 54: ...e software required for the media server role But if you want this Windows host to have the media server role in your Oracle Secure Backup administrative domain then you must complete the Oracle Secure Backup software installation configure any tape devices attached to this host and then add the media server role If you select the Configure locally attached media devices option then the Oracle Sec...

Страница 55: ...er click the Administrative Server list and select This feature will be installed on local hard drive Selecting this option removes the X from the administrative server icon and includes the administrative server role in the installation See Also Configuring Oracle Secure Backup on page 3 14 Chapter 5 Configuring and Managing the Administrative Domain ...

Страница 56: ...ows Installer 3 8 Oracle Secure Backup Installation and Configuration Guide 6 If you plan to perform Oracle Database backup and restore operations with RMAN then enable the action for Create oracle user in the administrative server submenu ...

Страница 57: ...le Secure Backup on Windows 3 9 If this option is enabled then the installer creates an Oracle Secure Backup user called oracle with the rights of the oracle class whose purpose is to facilitate Oracle Database backup and restore operations with Recovery Manager RMAN ...

Страница 58: ...at the client with required privileges after you complete the Oracle Secure Backup installation Otherwise Oracle Secure Backup cannot perform the backup operation This requirement applies regardless of the platform that acts as the administrative server The installer assigns a random password to the oracle user In most cases you are not required to change the assigned password because it is not us...

Страница 59: ... screen Click Help for detailed descriptions of the installation options Click Change to change the destination folder for the installation Click Space to display the disk space required for the installation Click Next to continue The Oracle Secure Backup Encryption Key Store Password screen appears 7 Enter a password for the Oracle Secure Backup encryption wallet in the Password for encryption wa...

Страница 60: ...ength Enter an e mail address in the Email address for admin user field Entering an email address for the admin user enables Oracle Secure Backup to send notifications of important events Setting this field is optional See Also Oracle Secure Backup Reference for more information on the minuserpasswordlen security policy Note Oracle suggests that you choose an administrative user password of at lea...

Страница 61: ...s A progress bar appears When the files are copied the InstallShield Completed screen appears Note The default from address for e mails generated by Oracle Secure Backup is SYSTEM fqdn where fqdn is the fully qualified domain name of the Oracle Secure Backup administrative server You can change this default from address after installation See Oracle Secure Backup Reference for more information ...

Страница 62: ...ield Wizard screen during the installation of Oracle Secure Backup If you complete this initial configuration and subsequently want to view or change your configuration settings then you can revisit the Oracle Secure Backup Configuration utility in either of two ways Select Start All Programs Oracle Secure Backup Oracle Secure Backup Configuration Enter obcfg at the command line Complete the follo...

Страница 63: ...ackup on Windows 3 15 2 Click Next The Oracle Secure Backup Service Startup screen appears 3 Select one of these modes in which to start the Oracle Secure Backup service Automatic The Oracle Secure Backup service starts automatically when you restart your host ...

Страница 64: ...up Service Select one of these options System Account Select this option if you plan to run the Oracle Secure Backup service daemon and associated subordinate daemons with full privileges This Account Select this option if you plan to run the Oracle Secure Backup service daemon and associated subordinate daemons with the privilege set associated with an existing Windows user account You must fill ...

Страница 65: ...ccount must be able to replace a process level token Click Next or Finish to proceed If you are configuring a media server then proceed to step 5 5 Select the tape library and tape drive to assign to the Oracle Secure Backup device drivers After a short delay the devices are redisplayed with check marks in the first column and an Oracle Secure Backup device name for each of them in the last column...

Страница 66: ...ackup includes daemon components that listen on port 400 port 10000 and other dynamically assigned ports Because the dynamically assigned ports used by Oracle Secure Backup span a broad range of port numbers your firewall must be configured to allow executables for the Oracle Secure Backup daemons to listen on all ports The Oracle Secure Backup Windows installation provides a sample batch script c...

Страница 67: ... Oracle Secure Backup to complete the installation If you do not want to save the existing admin directory files then you must exit the installation uninstall Oracle Secure Backup release 10 2 and select the Delete option After you have uninstalled Oracle Secure Backup release 10 2 you can install Oracle Secure Backup release 10 3 by running the Oracle Secure Backup release 10 3 installer You can ...

Страница 68: ...estart the host 3 Run the Oracle Secure Backup release 10 3 installer Uninstalling Oracle Secure Backup on Windows Complete the following steps to uninstall Oracle Secure Backup on Windows 1 Select Start All Programs Oracle Secure Backup Uninstall Oracle Secure Backup A confirmation dialog appears 2 Click Yes to remove Oracle Secure Backup from your computer 3 If you configured your host as an adm...

Страница 69: ...Manager Using the Oracle Secure Backup Web Tool Using obtool Using Oracle Secure Backup in Enterprise Manager You can use Oracle Enterprise Manager 10g 10 2 or Oracle Enterprise Manager 11g to perform most Oracle Secure Backup tasks including administrative domain and hardware configuration managing your media and backing up and restoring databases Oracle Enterprise Manager is the preferred Web in...

Страница 70: ... Oracle Secure Backup Links in Oracle Enterprise Manager If you are using releases 10 2 0 1 or 10 2 0 2 of Oracle Enterprise Manager Grid Control or release 10 2 0 2 of Oracle Enterprise Manager Database Control then the Maintenance page does not include the Oracle Secure Backup section by default If the Oracle Secure Backup section does not appear in the Maintenance page then you must configure O...

Страница 71: ...appears 3 Log in to your Oracle Secure Backup administrative domain as follows a Enter the Oracle Secure Backup home directory in the Oracle Secure Backup Home field This directory is usually usr local oracle backup on UNIX and Linux and C Program Files Oracle Backup on Windows b Enter the name of an Oracle Secure Backup administrative user in the Username field For example enter admin c Enter the...

Страница 72: ... that can connect to the administrative server through SSL The Apache Web server supplied with Oracle Secure Backup must be running to respond to these requests Supported browsers are listed on Certify on My Oracle Support at the following URL http support oracle com This section contains these topics Starting a Web Tool Session Web Tool Home Page Web Tool Configure Page Web Tool Manage Page Web T...

Страница 73: ...s not recognized Accept the certificate It is not necessary to view the certificate or make any configuration changes The Oracle Secure Backup Login page appears 3 Enter an Oracle Secure Backup user name in the User Name box and a password in the Password box If you are logging into the Oracle Secure Backup Web tool for the first time then log in as the admin user You can create additional users a...

Страница 74: ...ng on A menu bar at the top of the Oracle Secure Backup Home page enables you to select among the Configure Manage Backup and Restore tabs Persistent Page Links The top and bottom panels of the Home page and every page of the Oracle Secure Backup Web tool interface have the following persistent links Help Use this link to access online documentation for Oracle Secure Backup in PDF format Logout No...

Страница 75: ...nd obtool process to retain state information across HTTP requests When the time between requests exceeds this limit the process exits gracefully and the associated user s session state is lost The default is 24 hours Select table size This option sets the number of rows in the display window of the Oracle Secure Backup Web tool interface The default is 8 rows About This link displays information ...

Страница 76: ...backup and restore operations The advanced section contains the following links Classes Click this link to configure classes A class defines a set of rights that are granted to a user A class can apply to multiple users however each user is assigned to exactly one class Job Summaries Click this link to create a job summary schedule for generation of job summaries for email distribution A job summa...

Страница 77: ...the following links Jobs Click this link to manage jobs in an administrative domain You can view the status of backup and restore jobs Volumes Click this link to filter and then view all volumes in the catalog You can filter the results to scale down your search A volume is a unit of media such as 8mm tape A volume can contain multiple backup images Backup Images Click this link to manage backup i...

Страница 78: ...et file describes the data to back up Schedules Click this link to configure a backup schedule The backup schedule describes the frequency with which a backup runs Backup Windows Click this link to configure backup windows A backup window is a time range for the execution of scheduled backup operations Web Tool Restore Page Click the Restore tab to display restore options Figure 4 6 shows a sample...

Страница 79: ...em prompt obtool help invocation Starting obtool in Interactive Mode Enter obtool at the command line to use obtool in interactive mode The first time you invoke obtool you are required to establish your identity as an Oracle Secure Backup user If you have not yet established a user identity then obtool prompts you for a user name and password Note All examples in this section assume that the bin ...

Страница 80: ...noninteractive mode from the Linux or UNIX shell or from the Windows command prompt with arguments that specify the command to run obtool runs the specified command immediately and exits Use the following syntax obtool cl option command name option argument The following example runs the lshost command and then returns to the operating system prompt obtool lshost Output of command lshost brhost2 c...

Страница 81: ... ended with an exit command and a second session is started No login credentials are required for this second session because the login token was preserved The second session is ended with a logout command and a third session is started The third session requires login credentials because the login token was destroyed by the logout command cfoch stbcs06 1 obtool Oracle Secure Backup 10 3 0 0 Warni...

Страница 82: ...Using obtool 4 14 Oracle Secure Backup Installation and Configuration Guide ...

Страница 83: ...ions explain how to configure the administrative domain with host and tape device information using the Oracle Secure Backup Web tool You can perform the same tasks using the obtool command line interface to Oracle Secure Backup The instructions set up administrative domain security in a default security configuration that should be adequate for most users Further configuration of users user class...

Страница 84: ...e topics About Administrative Domain Host Configuration Viewing the Hosts in the Administrative Domain Adding a Host to the Administrative Domain Adding the Media Server Role to an Administrative Server Adding Backup and Restore Environment Variables to an NDMP Host Configuring Preferred Network Interfaces PNI Pinging a Host Viewing or Editing Host Properties Updating a Host Removing a Host About ...

Страница 85: ...number for use with NDMP Viewing the Hosts in the Administrative Domain In the Oracle Secure Backup Web tool on the Configure page click Hosts to display the Hosts page The Hosts page lists the host name configured host roles and the current status of the host Figure 5 1 shows a typical Hosts page Figure 5 1 Oracle Secure Backup Web Tool Hosts Page Adding a Host to the Administrative Domain To add...

Страница 86: ...ith Oracle Secure Backup If any of the preceding conditions apply to this host then enter one or more IP interface names in this field Valid values are either resolvable host names or IP addresses Separate multiple values with a comma For example you can use myhost oracle com for a host name or 141 146 8 66 for an IP address If a value is specified for this field then Oracle Secure Backup tries th...

Страница 87: ...ing Your choices are the following default Select this option to use the value of the Authentication type for the NDMP policy none Select this option to attempt to use the NDMP server from Oracle Secure Backup and provide no authentication data This technique is usually unsuccessful negotiated Select this option to negotiate with the NDMP server to determine the best authentication mode to use tex...

Страница 88: ... is not currently accessible on the network then select the Suppress communication with host option 17 Click OK to save your changes Adding the Media Server Role to an Administrative Server If you choose both the administrative server and media server roles when installing Oracle Secure Backup on a host then that host is automatically part of the administrative domain But it is not recognized as a...

Страница 89: ...tive Domain 5 7 2 Select the administrative server and click Edit The Configure Hosts host_name page appears 3 In the Roles list shift click to add the media server role and then click OK The Configure Hosts page reappears with the media server role added to the administrative server host ...

Страница 90: ...ths can exist between a client which contains primary storage to be backed up or restored a media server which controls at least one secondary storage device that writes and reads the backup media and the administrative server For example a host might have multiple network interfaces connected to the network containing the hosts in the administrative domain You can specify a PNI that identifies th...

Страница 91: ... each connection that has been established successfully To ping a host 1 From the Hosts page select a host to ping 2 Click Ping A status line appears on the page with the results of the operation Viewing or Editing Host Properties If you are having difficulties in configuration then you might be required to view or edit the configuration of a host To display or edit host properties 1 From the Host...

Страница 92: ...rects it to delete the administrative domain membership information it maintains locally You can suppress this communication if the host is no longer accessible To remove a host 1 From the Hosts page select the name of the host to remove Check Suppress communication with host to remove a host that is not connected to the network 2 Click Remove Oracle Secure Backup prompts you to confirm the remova...

Страница 93: ...can enter it manually if necessary About Configuring Tape Drives and Libraries This section explains how to configure a tape drive or tape library for use with Oracle Secure Backup You can add a tape device in one of two ways Manually A tape device connected to a media server on which Oracle Secure Backup is installed must be added to the administrative domain manually Automatically discovery Orac...

Страница 94: ...uld control the tape devices and for each media server specify an attachment between the media server and the tape device The procedure is identical to configuring a tape device attached locally to a media server 4 Perform automatic device discovery to add every tape device attached to hosts that use NDMP access mode such as NAS filers Discovering Tape Devices Automatically on NDMP Hosts on page 5...

Страница 95: ...ary list is set to the device you want to inventory 7 Select the Force option Instead of reading from its cache the tape library updates the inventory by physically scanning all tape library elements 8 Click OK When the inventory is complete the Manage Libraries page reappears and displays a success message To see the results of the inventory select the tape drive or tape library again and click L...

Страница 96: ... the tape device The name must start with an alphanumeric character It can only contain letters numerals dashes underscores or periods It can contain at most 127 characters The tape device name is of your choosing It must be unique among all Oracle Secure Backup device names It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain 6 In ...

Страница 97: ...me ID 12 Set whether the tape library should use automatic cleaning 13 In the Unload required list select yes or no to specify if an unload operation is required before moving a tape from a tape drive to a storage element The default value is no 14 Select an ejection type Your choices are Automatic Whenever a volume becomes eligible to be ejected from the tape library Oracle Secure Backup moves th...

Страница 98: ...he cleaning cycle to complete replaces the cleaning cartridge in its original storage element and continues with the requested load or unload To configure automatic cleaning for a tape library 1 In the Auto clean list select yes to enable automatic tape drive cleaning or no to disable it You can also manually request that a cleaning be performed whenever a tape drive is not in use In the Clean int...

Страница 99: ...tape device name is of your choosing It must be unique among all Oracle Secure Backup device names It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain 6 In the Serial number field enter the serial number of the tape drive This step is not required But if you do not enter a serial number then Oracle Secure Backup reads and stores th...

Страница 100: ...s do not support the SCSI commands necessary to perform these operations To avoid these warnings error rate checking can be disabled by selecting None 15 In the Blocking factor field enter the blocking factor or leave this field blank to accept the default setting The default is 128 bytes The blocking factor value specifies how many 512 byte records to include in each block of data written to tape...

Страница 101: ...ration based on this information Oracle Secure Backup detects and acts on these kinds of changes Tape devices that were not previously part of the administrative domain are discovered For each such tape device Oracle Secure Backup creates a device with an internally assigned name and configures a device attachment for it If a previously configured tape device has an attachment then Oracle Secure B...

Страница 102: ...host objects must be assigned the media server role in Oracle Secure Backup One Oracle Secure Backup library device object with two attach specifications must be created for the virtual library One access path is through the media server to which the VTL is attached The other access path is through the embedded NDMP server An Oracle Secure Backup tape device object with two access paths must also ...

Страница 103: ...ary 5 This command configures an Oracle Secure Backup device object that is associated with the physical library plib mkdev type library attach ndmp_media_server dev sg1 plib This library and its drives are accessible only through the embedded NDMP server 6 This command configures an Oracle Secure Backup device object that is associated with tape drive pdrive1 which is contained in the physical li...

Страница 104: ... lun field enter a SCSI LUN for the device 6 Click Add to add the attachment Pinging a Device Attachment You can ping a device attachment to determine whether the tape device is accessible to Oracle Secure Backup using that attachment Pinging device attachments is a good way to test whether you set up the attachment properly When you ping a device Oracle Secure Backup performs the following steps ...

Страница 105: ...ces For NDMP servers that run version 2 other data might be required to define SCSI parameters needed to access the tape device These parameters are sent in an NDMP message called NDMP_SCSI_SET_TARGET Oracle Secure Backup NDMP servers do not use this data or this message Configuring Multihosted Device Objects A multihosted device also known as a shared device is a tape library shared by multiple h...

Страница 106: ...ying Device Properties Editing Device Properties Verifying Tape Device Configuration Setting Serial Number Checking Pinging a Tape Device To determine whether a tape device is reachable by Oracle Secure Backup through any available attachment ping the tape device You should ping each tape device after it is configured or discovered to verify that it is configured correctly To ping a tape device 1 ...

Страница 107: ...tallation such as not configuring every attachment for a tape device or incorrectly configuring its properties then you can edit its properties To edit the properties for an existing tape device 1 From the Devices page select the name of the tape device 2 Click Edit The Oracle Secure Backup Web tool displays a page with details for the tape device you selected 3 Make any required changes 4 Click O...

Страница 108: ...r the serial number policy was enabled then it cannot have stored a serial number in the device object In this case the serial number is stored in the device object and the open succeeds There is a serial number in the device object and it matches the serial number just read from the device In this case Oracle Secure Backup opens the tape device There is a serial number in the device object and it...

Страница 109: ...ts and Policies Devices page appears 4 Do one of the following a Select Yes from the Check serial numbers list to enable tape device serial number checking This is the default setting b Select No from the Check serial numbers list to disable tape device serial number checking 5 Click OK The Configure Defaults and Policies page appears with a success message ...

Страница 110: ...Verifying and Configuring Added Tape Devices 5 28 Oracle Secure Backup Installation and Configuration Guide ...

Страница 111: ...a in Transit Default Security Configuration Configuring Security for the Administrative Domain Managing Certificates with obcm Backup Network Security Overview An Oracle Secure Backup administrative domain is a network of hosts Any such network has a level of vulnerability to malicious attacks The task of the security administrator is to learn the types of possible attacks and techniques to guard ...

Страница 112: ...cure Hosts for the Administrative and Media Servers Determining the Distribution Method of Host Identity Certificates After completing these stages you can proceed to the implementation phase as described in Configuring Security for the Administrative Domain on page 6 16 Identifying Assets and Principals The first step in planning security for an administrative domain is determining the assets and...

Страница 113: ...mines which security model to use The following criteria partially distinguish types of network environments Scale The number of assets and principals associated with a domain plays an important role in domain security A network that includes 1000 hosts and 2000 users has more points of entry for an attacker than a network of 5 hosts and 2 users Sensitivity of data The sensitivity of data is measu...

Страница 114: ...tive user of the Oracle Secure Backup domain and is in charge of backups on the domain The system administrator manages the hosts tape devices and networks used by the domain In this network type the domain is fairly secure because it has one isolated host accessed by only a few trusted users The administrator of the domain would probably not make security administration a primary concern and the ...

Страница 115: ...tially include a dozen media server hosts that service the backups of a few hundred databases and file systems Principals include the following users The backup administrator accesses the domain as an Oracle Secure Backup administrative user The system administrator administers the computers devices and network Database administrators can access their own databases and possibly have physical acces...

Страница 116: ...eone could steal a laptop used on a business trip Malicious employees could illicitly log in to computers or run tcpdump or similar utilities to listen to network traffic The compromise of a client host must not compromise an entire administrative domain A malicious user on a compromised computer must not be able to access data that was backed up by other users on other hosts This user must also n...

Страница 117: ...rotocol NDMP Deliberately misusing an Oracle Secure Backup identity If a person with Oracle Secure Backup administrator rights turns malicious then he or she can wreak havoc on the administrative domain For example he or she could overwrite the file system on every host in the domain No backup software can force a person always to behave in the best interests of your organization Determining the D...

Страница 118: ...able to man in the middle attacks only if attackers can insert themselves into the network between the administrative server and the host being added This is the only place they can intercept network traffic and act as the man in the middle This is difficult without the assistance of a rogue employee Manual certificate provisioning mode is recommended if the host being added is outside the corpora...

Страница 119: ...ions This section contains these topics Identity Certificates and Public Key Cryptography Authenticated SSL Connections Certification Authority Oracle Wallet Web Server Authentication Revoking a Host Identity Certificate Identity Certificates and Public Key Cryptography An identity certificate has both a body and a digital signature The contents of a certificate include the following A public key ...

Страница 120: ...ach other s identity certificate has been issued by a trusted Certification Authority CA At the end of this process a secure and trusted communication channel is established for the exchange of data The use of identity certificates and Secure Sockets Layer SSL prevents outside attackers from impersonating a client in the administrative domain and accessing backup data For example an outside attack...

Страница 121: ...n the host to import the transferred certificate into the host s wallet The obcm utility verifies that the certificate request in the wallet matches the signed identity certificate You must balance security and usability to determine which certificate provisioning mode is best for your administrative domain Oracle Wallet Oracle Secure Backup stores every certificate in an Oracle wallet The wallet ...

Страница 122: ...st practice to use Oracle Secure Backup catalog recovery to back up the wallet If you do not use Oracle Secure Backup catalog recovery to back up the wallet then Oracle recommends that the ewallet p12 encryption wallet not be backed up on the same media as encrypted data Encryption wallets are not excluded from backup operations automatically You must use the exclude dataset statement to specify w...

Страница 123: ...n the apache conf subdirectory of the Oracle Secure Backup home A single password protects the certificates and keys This password is stored in encrypted form in the daemons file located in admin config default When the Web server starts it obtains the password by using a mechanism specified in the Web server configuration file This password is never transmitted over the network Revoking a Host Id...

Страница 124: ...l encryption to data in transit within an administrative domain If you have not selected either RMAN encryption or Oracle Secure Backup encryption then backup data in transit both file system and database data is not encrypted through SSL by default To improve security you can enable encryption for data in transit within the administrative domain with the encryptdataintransit security policy To en...

Страница 125: ...e the data resides on tape in unencrypted form Unencrypted Oracle Secure Backup of the file system on client_host with encryptdataintransit set to yes Oracle Secure Backup encrypts the data before transferring it over the network to media_server The encrypted data is decrypted at media_server After Oracle Secure Backup writes the data to tape the data resides on tape in unencrypted form Default Se...

Страница 126: ...Secure Backup on a host and specify this host as the administrative server then this server is the Certification Authority CA for the Oracle Secure Backup administrative domain Oracle Secure Backup configures the host as the CA automatically as part of the standard installation You are not required to take additional steps to provide a signing certificate for this server Oracle Secure Backup autom...

Страница 127: ...ctory By default the wallet used by Oracle Secure Backup is located in the following locations usr etc ob wallet UNIX and Linux C Program Files Oracle Backup db wallet Windows The obcm utility always accesses the wallet in the preceding locations You cannot override the default location If you choose to add hosts in manual certificate provisioning mode then you must perform the following steps for...

Страница 128: ...eys match then the host is a member of the domain If the keys do not match then an attacker probably attempted to pass off their own host as the host during processing of the mkhost command You can run the mkhost command again after the rogue host has been eliminated from the network Setting the Size for Public and Private Keys As a general rule the larger the sizes of the public key and the priva...

Страница 129: ...ange or override this default when configuring an individual host Setting the Key Size in the certkeysize Security Policy You can change the default key size in the security policy at any time Any hosts configured after the change default to the changed key size You can set the key size in the certkeysize security policy through obtool or the Oracle Secure Backup Web tool Oracle Secure Backup uses...

Страница 130: ...ts when configuring client stadf56 This setting applies only to host stadf56 ob mkhost inservice role client certkeysize 4096 stadf56 Info waiting for host to update certification status Info waiting for host to update certification status Info waiting for host to update certification status Info waiting for host to update certification status ob lshost stadf56 stadf56 client via OB in service Ena...

Страница 131: ...e server to export a signed certificate for a newly configured host To export a signed identity certificate 1 Log on to the administrative server 2 Assuming that your PATH variable is set correctly enter obcm at the operating system command line to start the obcm utility The operating system user running obcm must have write permissions in the wallet directory 3 Enter the following command where h...

Страница 132: ...not required to specify the host option For example the following example imports the certificate from tmp brhost2_cert f import file tmp brhost2_cert f The obcm utility issues an error message if the certificate being imported does not correspond to the certificate request in the wallet 5 Remove the certificate file from its temporary location on the operating system For example rm tmp brhost2_ce...

Страница 133: ...ere you install Oracle Secure Backup although the contents of the directory vary depending on the roles you assigned to the host Each host on which Oracle Secure Backup is installed contains a configuration file that records details of the configuration of Oracle Secure Backup on the host On Windows the configuration file is called obconfig txt in the db subdirectory of the Oracle Secure Backup ho...

Страница 134: ...r data admin encryption Encryption data admin encryption keys Keys used in encryption admin encryption wallet Wallet used in encryption admin history History data generated by Oracle Secure Backup admin history edcf Network Data Management Protocol NDMP environment data container files admin history host Host specific history data admin history host host_name Backup catalog for host_name admin log...

Страница 135: ...e htdocs js Apache server Java script files apache htdocs php Apache server PHP files apache images Apache server Web image files apache logs Apache server log files bin Executables or links to executables In an installation on a Windows operating system this directory contains the executables for the Windows operating system In an installation on a Linux or UNIX operating system this directory co...

Страница 136: ...emons and maintenance tools etc operating_system Daemons and utility programs for operating_ system install Installation programs lib Architecture independent shared library for the system backup to tape SBT interface lib operating_system Shared library for the SBT interface for operating_system where operating_system is a derivative of the operating system name For example the directory for Sun S...

Страница 137: ...Backup help files temp Log file for observiced and temporary files db hostid Identifying information for this host db wallet Security credentials for this host Table A 6 Linux and UNIX Directories and Files for a Media Server Directory or File Description bin operating_system Executables for operating_system where operating_system is a derivative of the operating system name For example the direct...

Страница 138: ...A 9 Linux and UNIX Directories and Files for a Client Host Directory or File Description bin operating_system Executables for operating_system where operating_system is a derivative of the operating system name For example the directory for Sun Solaris is bin solaris etc Architecture independent executables for daemons and maintenance tools etc operating_system Daemons and utility programs for ope...

Страница 139: ...e This appendix contains these sections customized obparameters start daemons at boot identity certificate key size create preauthorized oracle user default UNIX user default UNIX group linux ob dir and solaris64 ob dir linux db dir and solaris64 db dir linux temp dir and solaris64 temp dir linux links and solaris64 links ask about ob dir default protection run obopenssl customized obparameters If...

Страница 140: ... file have not been changed The value of no is set by default yes Specifies that installation parameters in the obparameters file have been changed Table B 2 start daemons at boot Values Value Meaning no Specifies that the Oracle Secure Backup daemons do not start automatically at start time yes default Specifies that the Oracle Secure Backup daemons start automatically at start time Note Certific...

Страница 141: ...m in your network This directory must be private to each platform and not shared through Network File System NFS or a similar remote file system When the installation programs install Oracle Secure Backup software they choose these home directories for the installation or verify that these are the directories you have used These defaults might be changed based on the availability of disk space on ...

Страница 142: ...ange the value of these parameters if you want the installation programs to create links in another directory for a specific platform These parameters are particular to each supported platform On some systems it might be more appropriate to place links in bin instead of usr bin or in usr etc instead of etc This parameter must be followed by three values in the order shown Table B 7 os name ob dir ...

Страница 143: ...10 os name links Parameters and Values Parameter Meaning linux links Specifies the directories where symbolic links are created for Linux hosts The default directory list is usr bin etc lib solaris64 links Specifies the directories where symbolic links are created for Solaris 64 bit hosts The default directory list is usr bin etc lib Note If the obparameters file specifies a lib directory for the ...

Страница 144: ... 0 755 etc root 0 4755 etc obixd root 0 4755 etc observiced root 0 4755 etc obscheduled root 0 4755 etc obrobotd root 0 755 etc root 0 4755 etc doswitch root 0 644 drv root 0 755 lib root 0 755 root 0 755 usr etc ob root 0 644 usr etc ob hostid root 0 755 usr etc ob xcr root 0 644 etc obconfig run obopenssl Specifies whether the installation prompts you to create the certificates for the Apache We...

Страница 145: ...vision 03 Host scsi0 Channel 00 Id 04 Lun 00 Vendor ADIC Model Scalar 24 Rev 237A Type Medium Changer ANSI SCSI revision 02 A device of type Sequential Access such as the first tape device in the list is a tape drive A device of type Medium Changer such as the second tape device is a tape library For each tape device the information needed is found in the line that reads Host scsi0 Channel 00 Id 0...

Страница 146: ...N of both tape devices is 0 By convention the tape library and tape drive can each be assigned 0 as the Oracle Secure Backup logical unit number Based on the output shown in Example C 1 Table C 1 summarizes the tape device information for storabck05 Table C 1 storabck05 Device Summary Device Host Bus Adapter SCSI bus address Target ID SCSI LUN Library 0 0 2 0 Tape drive 0 0 4 0 ...

Страница 147: ...municating with ACSLS Drive Association Volume Loading and Unloading Imports and Exports Access Controls Scratch Pool Management Modified Oracle Secure Backup Commands Unsupported Oracle Secure Backup Commands Installation and Configuration About ACSLS Figure D 1 shows how ACSLS fits into a configuration of client systems Library Storage Modules LSMs and a single Library Management Unit LMU The LS...

Страница 148: ...e Backup An ACSLS volume is called a cartridge Cartridges are loaded and unloaded through cartridge access points Oracle Secure Backup obtool device commands mkdev chdev lsdev and rmdev have been modified to manage these cartridge access points ACSLS references all of its volumes by their external barcode labels which are required for all ACS volumes Oracle Secure Backup continues to allow the ope...

Страница 149: ...ive Oracle Secure Backup requires that you attach the tape drive to a media server install an appropriate operating system driver for the tape drive create a device within Oracle Secure Backup and map the operating system device to the Oracle Secure Backup device The same steps are required for ACSLS But you must also further define the ACSLS mapping of the tape drive through the mkdev or chdev co...

Страница 150: ...atch Pool Management ACSLS enables you to define one or more scratch pools to which a blank or recycled volume can be assigned Subsequent scratch mount requests are then restricted to volumes in the pool or pools specified with the request Oracle Secure Backup offers equivalent functionality with an optional scratch pool ID for media family objects When a volume is pulled from the scratch pool Ora...

Страница 151: ...vices no differently from other devices The Oracle Secure Backup device driver if any is installed and special device files are created The data path is controlled solely by Oracle Secure Backup ACSLS is not involved creating Oracle Secure Backup objects for ACSLS devices is performed with the mkdev command in obtool with the following modifications For ACSLS tape libraries the usual host devname ...

Страница 152: ...Installation and Configuration D 6 Oracle Secure Backup Installation and Configuration Guide ...

Страница 153: ...ce all clients on your network The administrative server runs the scheduler which starts and monitors backups within the administrative domain Apache Web server A public domain Web server used by the Oracle Secure Backup Web tool attachment The physical or logical connection the path in which data travels of a tape device to a host in the administrative domain automated certificate provisioning mo...

Страница 154: ... the backup command with the go option At this point Oracle Secure Backup forwards the requests to the scheduler at which time each backup request becomes a backup job and is eligible to run backup schedule A description of when and how often Oracle Secure Backup should back up the files specified by a dataset The backup schedule contains the names of each dataset file and the name of the media fa...

Страница 155: ...ncrypting and so on A variety of methods are used to encode identify and store the certificate Certification Authority CA An authority in a network that performs the function of binding a public key pair to an identity The CA certifies the binding by digitally signing a certificate that contains a representation of the identity and a corresponding public key The administrative server is the CA for...

Страница 156: ... A secondary storage device within a tape library In tape libraries that contain multiple tape drives data transfer elements are sequentially numbered starting with 1 database backup storage selector An Oracle Secure Backup configuration object that specifies characteristics of Recovery Manager RMAN SBT backups The storage selector act as a layer between RMAN which accesses the database and the Or...

Страница 157: ...lication DMA domain A group of computers and devices on a network that are administered as a unit with common rules and procedures Within the internet domains are defined by the IP address All devices sharing a common part of the IP address are said to be in the same domain error rate The number of recovered write errors divided by the total blocks written multiplied by 100 expiration policy The m...

Страница 158: ...eration that backs up only the files on a client that changed after a previous backup Oracle Secure Backup supports 9 different incremental backup levels for file system backups A cumulative incremental backup copies only data that changed since the most recent backup at a lower level A differential incremental backup which is equivalent to a level 10 backup copies data that changed since an incre...

Страница 159: ...anagement Protocol NDMP for communications within the administrative domain NDMP access mode contrasts with primary access mode which uses the Oracle Secure Backup network protocol Note that Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes Network Attached Storage NAS A NAS server is a computer on a netwo...

Страница 160: ...t accessed directly you can use it to back up and restore files or directories specified on the command line obtar enables the use of features not exposed through obtool or the Web tool obtool The principal command line interface to Oracle Secure Backup You can use this tool to perform all Oracle Secure Backup configuration backup and restore maintenance and monitoring operations The obtool utilit...

Страница 161: ...tore on behalf of that client For example a network can have both Ethernet and Fiber Distributed Data Interface FDDI connections between a pair of hosts PNI enables you to specify on a client by client basis which of the server s network interfaces is preferred preauthorization An optional attribute of an Oracle Secure Backup user A preauthorization gives an operating system user access to specifi...

Страница 162: ...set rights Privileges within the administrative domain that are assigned to a class For example the perform backup as self right is assigned to the operator class by default Every Oracle Secure Backup user that belongs to a class is granted the rights associated with this class roles The functions that hosts in your network can have during backup and restore operations There are three roles in Ora...

Страница 163: ...Connection to the SCSI bus is achieved through a host adapter and a peripheral controller SSL See Secure Sockets Layer SSL Storage Area Network SAN A high speed subnetwork of shared storage devices A SAN is designed to assign data backup and restore functions to a secondary network so that they do not interfere with the functions and capabilities of the server storage device A computer that contai...

Страница 164: ...irst wrote to the first volume in the set on January 1 at noon and subsequently wrote data on 20 more volumes in the set In this scenario all 21 volumes in the set expire on January 22 at noon You can make a Recovery Manager RMAN backup or a file system backup to a volume that use a time managed expiration policy trigger The part of a backup schedule that specifies the days and times at which the ...

Страница 165: ...number A number recorded in the volume label that indicates the order of volumes in a volume set The first volume in a set has sequence number 1 The volume ID for a volume usually includes the media family name of the volume a dash and a unique volume sequence number For example a volume ID for a volume in the RMAN DEFAULT media family could be RMAN DEFAULT 000002 volume set A group of volumes spa...

Страница 166: ... media family remain open for updates for the same time period write window close time The date and time that a volume set closes for updates Oracle Secure Backup computes this time when it writes backup image file number 1 to the first volume in the set If a volume set has a write window close time then this information is located in the volume section of the volume label write window time The le...

Страница 167: ...ories A 1 files A 1 installation on Linux UNIX 2 8 registering with Oracle Enterprise Manager 4 3 Apache Web server and network security 6 13 assets identifying for network security 6 2 attachments about 1 10 adding for tape devices 5 21 displaying device attachment properties 5 22 pinging for tape devices 5 22 raw device names 5 22 setting NDMP version 5 22 authorization types NDMP servers 5 5 au...

Страница 168: ...DMP host backup type 5 6 NDMP host environment variables 5 8 NDMP host password type 5 5 NDMP host port number 5 6 NDMP protocol version 5 6 pinging hosts 5 9 preferred network interfaces 5 8 removing a host 5 10 tape device attachments 5 21 tape devices 5 11 tape drive automount mode 5 18 tape drive blocking factor 5 18 tape drive data transfer element 5 18 tape drive error rate 5 18 tape drive m...

Страница 169: ... updating 5 9 viewing properties 5 9 Web tool Hosts page 5 3 I identity certificates distributing 6 7 exporting 6 21 importing 6 21 managing with obcm 6 21 revoking 6 13 IEE See import export element import export element defined 1 9 importing identity certificates 6 21 installation overview 1 13 with Oracle Real Application Clusters 2 2 installation media about 1 12 installation on Linux UNIX abo...

Страница 170: ... security 6 17 manual volume ejection 5 15 maximum blocking factor about 1 6 setting for tape drive 5 18 media server defined 1 2 directories A 4 files A 4 installation on Linux UNIX 2 8 media servers configuring security 6 17 medium transport element defined 1 9 MTE See medium transport element multiple attachments to storage area networks 5 23 multiple data paths 5 8 N names tape devices 5 11 ta...

Страница 171: ...mporting certificates with 6 21 in manual certificate provisioning mode 6 18 managing certificates 6 21 obfirewallconfig bat 3 18 obfuscated wallet and network security 6 11 obparameters about 2 7 ask about osb dir B 5 confirming 2 8 create preauthorized oracle user B 2 customized obparameters B 1 default protection B 5 default UNIX LINUX group B 3 default UNIX LINUX user B 3 identity certificate ...

Страница 172: ...oftware disabling 5 14 5 17 SCSI disabling scanning software 2 5 SCSI Generic driver adding 2 2 requirements 1 12 SCSI parameters prerequisites 2 3 SCSI scanning software disabling 5 14 5 17 disabling during installation on Windows 3 1 SE See storage element securecomms policy 6 16 6 20 security Apache Web server 6 13 authenticated SSL connections 6 10 automated certificate provisioning mode 6 17 ...

Страница 173: ...ery 5 11 configuring 5 11 5 17 configuring during installation on Linux UNIX 2 10 defined 1 5 disabling SCSI scanning software 5 17 displaying properties 5 25 editing properties 5 25 naming 5 17 selecting during installation on Windows 3 17 setting automount mode 5 18 setting blocking factor 5 18 setting data transfer element 5 18 setting error rate 5 18 setting maximum blocking factor 5 18 settin...

Страница 174: ...15 on demand ejection 5 15 W web browsers supported 1 11 Web tool about 1 10 4 4 adding a host 5 3 Backup page 4 10 Configure page 4 7 Devices page 5 13 displaying device attachment properties 5 22 displaying tape device properties 5 25 editing host properties 5 9 editing tape device properties 5 25 help 4 6 Home page 4 5 Hosts page 5 3 link to Oracle Enterprise Manager 4 3 logging in 4 5 Manage p...

Отзывы:

Нет отзывов