Synopsis. With Oracle Secure Backup, Oracle now
offers the capability to insure that all Recovery Manager (RMAN) backups are
created and maintained in a secure fashion, all without the need for a potentially
expensive and cumbersome media management layer (MML). This article – the
second in this series – simulates the creation and administration of an Oracle
Secured Backup environment to demonstrate how it can be used effectively in
concert with existing RMAN backup and recovery scripts.
I provided a management-level discussion of the features of Oracle
Secure Backup (OSB) in the previous
article in this series. In this article, I’ll demonstrate how to set up an
OSB environment, the construction of virtual tape libraries and tape devices to
test the OSB environment, and how to utilize an OSB tape device as a target for
Oracle 10gR2 Recovery Manager (RMAN) database backup operations.
Demonstration Prerequisites
To create a simulated Linux environment for this Oracle
Secure Backup demonstration, I’ve installed VMWare Server on a Microsoft
Windows XP environment host. I’ve also installed a CentOS 4.2 guest virtual
machine to create a simulated Red Hat Enterprise Linux 4.0 environment. I’ve
named this new virtual server 10gBUR
(10g Backup and Recovery).
Once the Linux OS was successfully installed, I created a
new Oracle 10gR2 database home using Oracle 10.2.0.1.0 software. I then created
a new Oracle 10gR2 database using the General Purpose template, making
sure to create the Oracle sample schemas during the database’s creation. This
yielded me a sufficient robust target for experimenting with OSB backup
operations.
Setting Up Oracle Secure Backup
To
obtain the most recent release of the Oracle Secure Backup software, I
downloaded the OSB
source files directly from the OTN website, and I then uncompressed
the OSB software to a staging directory that’s accessible on my target
server.
I’ve also created the default OSB directory, /usr/local/oracle/backup,
on my target server. Oracle strongly recommends creating this directory ahead
of time, as it greatly simplifies the initial OSB configuration. Once this
directory was created, I logged in as the root user, changed my terminal session’s focus to
that directory with the cd command, and initiated the installation of
OSB by executing the setup
shell script that’s located in the OSB staging directory:
#> mkdir /usr/local/oracle/backup
#> cd /usr/local/oracle/backup
#> /stage/osb/setup
Welcome to Oracle's setup program for Oracle Secure Backup. This
program loads Oracle Secure Backup software from the CD-ROM to a
filesystem directory of your choosing.
This CD-ROM contains Oracle Secure Backup version 10.1.0.3_LINUX32.
Please wait a moment while I learn about this host... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
You may load any of the following Oracle Secure Backup packages:
1. linux32 (RHEL 3, RHEL 4, SuSE 9)
administrative server, media server, client
Enter a space-separated list of packages you'd like to load. To load all
packages, enter 'all' [1]: all
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Loading Oracle Secure Backup installation tools... done.
Using your previous obparameters file. The new file shipped with this
distribution of Oracle Secure Backup is called install/obparameters.new.
Loading linux32 administrative server, media server, client... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Loading of Oracle Secure Backup software from CD-ROM is complete.
You may unmount and remove the CD-ROM.
Would you like to continue Oracle Secure Backup installation with
'installob' now? (The Oracle Secure Backup Installation Guide
contains complete information about installob.)
Please answer 'yes' or 'no' [yes]: yes
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Welcome to installob, Oracle Secure Backup's UNIX installation program.
It installs Oracle Secure Backup onto one or more UNIX or Linux systems
on your network. (Install Oracle Secure Backup for Windows using the
CD-ROM from which you loaded this software.)
For most questions, a default answer appears enclosed in square brackets.
Press Enter to select this answer.
Please wait a few seconds while I learn about this machine... done.
Have you already reviewed and customized install/obparameters for your
Oracle Secure Backup installation [yes]? yes
- - - - - - - - - - - - - - - - - - - - - - - - - - -
You can choose to install Oracle Secure Backup in one of two ways:
(a) interactively, by answering questions asked by this program, or
(b) in batch mode, by preparing a network description file
Use interactive mode to install Oracle Secure Backup on a small number
of hosts. Use batch mode to install Oracle Secure Backup on any number
of hosts.
Which installation method would you like to use (a or b) [a]? a
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Oracle Secure Backup is not yet installed on this machine.
Oracle Secure Backup's Web server has been loaded, but is not yet configured.
You can install this host one of three ways:
(a) administrative server
(the host will also be able to act as a media server or client)
(b) media server
(the host will also be able to act as a client)
(c) client
If you are not sure which way to install, please refer to the Oracle
Secure Backup Installation Guide. (a,b or c) [a]? a
Beginning the installation. This will take just a minute and will produce
several lines of informational output.
Installing Oracle Secure Backup on 10gBUR (Linux version 2.6.9-34.EL)
You must now enter a password for the Oracle Secure Backup 'admin' user.
Oracle suggests you choose a password of at least 8 characters in length,
containing a mixture of alphabetic and numeric characters.
Please enter the admin password: ******
Re-type password for verification: ******
generating links for admin installation with Web server
updating /etc/ld.so.conf
checking Oracle Secure Backup's configuration file (/etc/obconfig)
setting Oracle Secure Backup directory to /usr/local/oracle/backup in /etc/obconfig
setting local database directory to /usr/etc/ob in /etc/obconfig
setting temp directory to /usr/tmp in /etc/obconfig
setting administrative directory to /usr/local/oracle/backup/admin in /etc/obconfig
protecting the Oracle Secure Backup directory
removing /etc/rc.d/init.d/qrserviced
creating /etc/rc.d/init.d/observiced
activating observiced via chkconfig
initializing the administrative domain
Is 10gBUR connected to any tape libraries that you'd like to use with
Oracle Secure Backup [no]? no
Is 10gBUR connected to any tape drives that you'd like to use with
Oracle Secure Backup [no]? no
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you like to install Oracle Secure Backup on any other machine [yes]? no
Installation summary:
Installation Host OS Driver OS Move Reboot
Mode Name Name Installed? Required? Required?
admin 10gBUR Linux no no no
Oracle Secure Backup is now ready for your use.
Configuring OSB Media Server Devices
As you can see from the prompts and answers I provided
during the execution of the setup
script, I’ve now successfully configured an OSB administrative server, media
server and client on the same server. My next task is to configure the
appropriate OSB media server devices to provide targets for backup operations.
Fortunately, I don’t need to purchase one of the supported (but
generally extremely expensive!) backup appliances or tape drives to simulate OSB’s
capabilities; on the contrary, I can create virtual tape devices using
the obtool
OSB command set. To demonstrate, I’ll create one virtual tape library with a
single virtual tape drive device within that library, and configure both of
them for use with Oracle backup operations.
Creating a virtual tape library. To define a virtual
tape library, I’ll use obtool’s
mkdev
command set:
#> obtool --user admin --password oracle < /home/oracle/mklib.obp
And here’s the contents of mklib.obp:
mkdev -t library -o -S 4 -a 10gBUR:/vlib -v vlib
To break down this command and its corresponding parameter
file’s syntax:
-
--user
and --password:
The device is created for the OSB admin user with the appropriate password. Note
that the admin
account is specific to OSB – it is not the same as a user account that might
exist in a corresponding Oracle database.
-
-t library: Signifies that a tape library is
being created.
-
-o: Tells OSB that this tape library is immediately
available for use.
-
-S: Instructs OSB to create a specific number
of slots for this virtual tape library.
-
-a: Constructs the path (also known as the attachment
specification, or attachspec) to the tape library attachment(s) for OSB.
-
-v: Specifies the verbose
option so that detailed information about the OSB media library’s creation is
written to stdout.
-
vlib: The label that’s assigned to this virtual
tape library.
Creating a virtual tape drive. Next, I’ll create a
virtual tape drive within the virtual tape library just defined. Once again
I’ll use obtool’s mkdev
command, but this time with slightly different parameters:
#> obtool --user admin --password oracle < /home/oracle/mktapedev.obp
And here’s the contents of mktapedev.obp:
mkdev -t tape -o -a 10gBUR:/vt -v -l vlib -d 1 vt
To break down this parameter file’s syntax:
-
-t tape: Specifies that a tape device is
being created.
-
-o: Tells OSB that this tape device is immediately
available for use.
-
-a: Constructs the path to the tape device
attachment.
-
-v:
Specifies the verbose option so that detailed information
about the OSB backup device’s creation is written to stdout.
-
-l vlib: The tape library that’s assigned to this
tape device.
-
-d:
The Data Transfer Element tag assigned to this virtual tape device within its
virtual tape library. This tells OSB to configure just one tape.
-
vt: Finally, this is the label that’s
assigned to this new virtual tape device.
One important point I learned while mastering these obtool
directives that will save you a lot of grief: Be sure that the directories for
the virtual tape library and devices don’t exist prior to issuing these
commands! Otherwise, obtool
will return some unexpected error messages and will simply fail to create the
virtual tape library and virtual tape device.
Reviewing the OSB Configuration With OSB Web Interface
To confirm that OSB is ready for use, I’ll use the OSB web
interface to review the configuration so far. Figure 2.1
shows the login screen that appears when I access the web interface. Once I’ve
logged into the OSB web tool, I can view the status of Oracle Secure Backup
devices, backup jobs, and other information, as shown in Figure 2.2.
To view the tape library and tape drive that I’ve already
configured, I just click into the Configure tab as shown in Figure 2.3. I
can also use the Manage
tab of the OSB web tool to make modifications to the virtual tape library I’ve
already created, as illustrated in Figure 2.4.
Likewise, I can also modify the configuration of the virtual tape device as
shown in Figure
2.5.
Configuring RMAN For Use With Oracle Secure Backup
Even though I’ve now successfully created a virtual OSB tape
library and a virtual OSB tape drive, I still grant permissions to Oracle
Recovery Manager (RMAN) so that it can interface directly with these OSB
devices. To accomplish this, I’ll once again use the obtool command set to create
a preauthorized OSB account for RMAN operations:
#> obtool --user admin --password oracle < /home/oracle/mkauthuser.obp
And here’s the contents of mkauthuser.obp:
mkuser -c oracle -p oracle -U oracle -G dba -N no -h *:*:*+rman+cmdline oracle
To break down this OSB parameter file:
-
-c: Specifies that the user should belong to
the predefined oracle
OSB account class.
-
-U and
-G: Specifies the corresponding OS account
name and OS group name for the OSB user.
-
-N no: Tells OSB that this user is not
authorized to log into an NDMP server.
-
-h *:*:*+rman+cmdline: This
parameter is crucial to the configuration of the user. The four sets of
permissions defined here, separated by colons, permit the OSB account to
perform backups (a) on any OSB host (b) owned by any OS user
account (c) on any Windows domain. The rman token preauthorizes the OSB user to create
RMAN backups over the standard RMAN SBT channel, while the cmdline
token preauthorizes the OSB user to log into OSB.
-
oracle:
Finally, this is the name of the OSB account that’s going to utilize OSB tools.
Note that this is a separate account from the oracle user account
on the operating system!
Using Enterprise Manager Database Control with Oracle Secure Backup
Almost done! Now that I’ve successfully configured a
preauthorized OSB user account for RMAN access, I just need to make the
connection between that OSB account and my Oracle database. The easiest way to
do this is to use the Enterprise Manager Database Control (EMDBC) GUI
interface to set up a link to the OSB administrative server.
Figure 2.6
shows what EMDBC displays when I select the Oracle Secure Backup Device and
Media link on the Administration
page for my database server, and Figure 2.7
shows how to provide the proper parameters to set up the link between the
database server and OSB. And once the link between the database server and OSB
is complete, I can also view the status of the OSB devices that are available
for creating database backups via RMAN, as shown in Figure 2.8.
Creating RMAN Backups Through Oracle Secure Backup
The good news is that the hard work is done, and I can
now back up my Oracle 10gR2 database directly to tape with a few simple RMAN
commands. But – even better! - OSB also gives me the tools I need to back up my
database’s Flash Recovery Area directly to tape as well.
Backing Up The Whole Database To An OSB Tape Device.
To create a full backup of my existing Oracle database using an Oracle Secure
Backup virtual tape as my target media, I simply invoke the following script
within an RMAN session:
RUN {
BACKUP AS BACKUPSET
DEVICE TYPE sbt
DATABASE
PLUS ARCHIVELOG
DELETE INPUT;
}
The directive DEVICE TYPE sbt instructs RMAN to look for a qualifying tape
device as a target for the backup sets this command will create. Since I’ve
already preauthorized the vt
tape device in the OSB environment as a suitable target for RMAN backup and
restoration operations, it is automatically used in this context.
Backing Up The Flash Recovery Area Directly To An OSB
Tape Device. Best practices for Oracle 10g database backup and recovery now
strongly recommend that sufficient disk space for a Flash Recovery Area
(FRA) should be allocated as the primary target for all RMAN backup files. This
is gaining wider acceptance as the cost of cheap near-line storage continues to
fall in price dramatically.
However, it’s still also extremely important to back up all
these recovery files to alternate media on a regular basis so that in case of
disaster, a “cold metal” restoration operation is still possible. Fortunately,
Oracle 10g also provides two simple RMAN commands to easily back up the
contents of the Flash Recovery Area directly from disk to tape:
-
The BACKUP RECOVERY AREA;
directive tells RMAN to back up all files in the Flash Recovery Area that haven’t
yet been backed up to tape. This directive will search any current
or previous Flash Recovery Area for qualifying files and initiate their
copy to tape on the standard tape channel, SBT_TAPE.
-
Similarly, the BACKUP
RECOVERY FILES; directive instructs RMAN to back up all
files in either the current Flash Recovery Area or other non-FRA location that
haven’t yet been backed up to tape, but are still required for
point-in-time recovery based on the specified RMAN retention period. This
directive also initiates an immediate copy of the required recovery files to
tape media on the standard tape channel, SBT_TAPE.
To demonstrate, I first created a standard Oracle RMAN
backup of my entire database to its current Flash Recovery Area, as shown in Listing 2.1.
I then initiated a complete copy of these files from the Flash Recovery Area to
the configured OSB tape media with the BACKUP RECOVERY AREA; directive, as shown in Listing 2.2.
Finally, to summarize what types of backups RMAN recognizes
on both disk and on tape, I issued the LIST COPY; and LIST BACKUP; commands from within an RMAN command session.
The resulting output is shown in Listing 2.3.
Note that the backup sets that were created during my initial backup operation
directly to tape are listed within backup sets 2, 3, and 4, while
the result of copying the Flash Recovery Area to tape are listed within backup
sets 5, 6, and 7.
Next Steps
In the next and final article in this series, I’ll
demonstrate how to use this same Oracle Secure Backup (OSB) configuration to
perform Oracle 10gR2 Recovery Manager (RMAN) restoration and recovery
operations against previously-created RMAN backups stored within simulated
OSB virtual libraries and tape devices. I’ll also wrap up my demonstration of
OSB features by illustrating how it can be used for backing up and restoring sets
of operating system files.
References and Additional Reading
Even though I’ve hopefully provided enough technical
information in this article to encourage you to explore with these features, I
also strongly suggest that you first review the corresponding detailed Oracle
documentation before proceeding with any experiments. Actual implementation of
these features should commence only after a crystal-clear understanding exists.
Please note that I’ve drawn upon the following Oracle 10gR2 documentation for
the deeper technical details of this article:
B14194-03 Oracle Backup
and Recovery Reference
B14234-02 Oracle Secure
Backup Administrator’s Guide
B14235-05 Oracle Secure
Backup Installation Guide
B14236-02 Oracle Secure
Backup Reference
B25049-01 Oracle Secure
Backup Migration Guide
B32120-01 Oracle Secure
Backup ReadMe
And don’t forget that the Oracle Technology Network (OTN) Oracle
Secure Backup home page is an excellent source of valuable (and constantly
updated!) information.
»
See All Articles by Columnist Jim Czuprynski
» 
Comment and Contribute
