![background image](http://html1.mh-extra.com/html/oracle/secure-backup-10-3/secure-backup-10-3_installation-and-configuration-manual_1646212124.webp)
Encryption of Data in Transit
6-14
Oracle Secure Backup Installation and Configuration Guide
a host identity certificate and then change your mind, then you must reinstall the
Oracle Secure Backup software on the affected host.
Encryption of Data in Transit
Figure 1–2, "Oracle Secure Backup Administrative Domain with Multiple Hosts"
on
page 1-5 illustrates the control flow and data flow within an
administrative domain
.
Control messages exchanged by hosts in the administrative domain are encrypted by
Secure Sockets Layer (SSL)
.
Data flow in the domain includes both file-system and database backup data. To
understand how
backup encryption
affects data, it is helpful to distinguish between
data at rest, which is backup data that resides on media such as disk or tape, and data
in transit, which is backup data in the process of being transmitted over the network.
File-system backups and unencrypted RMAN backups on tape (data at rest) can be
encrypted by Oracle Secure Backup. RMAN-encrypted backups made through the
Oracle Secure Backup
SBT interface
are supported, but the encryption is provided by
RMAN before the backup is provided to the SBT interface. The Oracle Secure Backup
SBT interface is the only supported interface for making encrypted RMAN backups
directly to tape.
If you have selected RMAN or Oracle Secure Backup encryption, then Oracle Secure
Backup does not apply additional encryption to data in transit within an
administrative domain. If you have not selected either RMAN encryption or Oracle
Secure Backup encryption, then backup data in transit, both file-system and database
data, is not encrypted through SSL by default. To improve security, you can enable
encryption for data in transit within the administrative domain with the
encryptdataintransit
security policy.
To enable
backup encryption
in the
encryptdataintransit
security policy:
1.
Log in to
obtool
as a user with the
modify
administrative
domain's
configuration
right.
2.
Use the
setp
command to switch the
encryptdataintransit
policy to
no
, as
shown in the following example:
ob> cdp security
ob> setp encryptdataintransit yes
Suppose you want to back up data on
client
host client_host to a
tape drive
attached
to
media server
media_server. Data encryption depends on what encryption options
you choose and on what you are backing up, as shown in the following examples:
■
Encrypted RMAN backup of a database on client_host.
RMAN encrypts the backup before it is provided to the SBT interface on client_
host. Oracle Secure Backup transfers the RMAN-encrypted data over the network
to media_server. Oracle Secure Backup does not apply additional encryption to
the data as it passes over the network. After Oracle Secure Backup writes the data
to tape, the data resides on tape in encrypted form.
See Also:
Oracle Secure Backup Administrator's Guide
for more
information on Oracle Secure Backup encryption
See Also:
Oracle Secure Backup Reference
for more information on the
encryptdataintransit
security policy
Содержание Secure Backup 10.3
Страница 8: ...viii ...
Страница 26: ...About Upgrade Installations 1 16 Oracle Secure Backup Installation and Configuration Guide ...
Страница 82: ...Using obtool 4 14 Oracle Secure Backup Installation and Configuration Guide ...
Страница 110: ...Verifying and Configuring Added Tape Devices 5 28 Oracle Secure Backup Installation and Configuration Guide ...
Страница 152: ...Installation and Configuration D 6 Oracle Secure Backup Installation and Configuration Guide ...