Oracle 10g Secure Backup, Part 1: Concepts
February 22, 2007
Synopsis. Oracle 10gs new Secure Backup features offer the capability to insure that all Recovery Manager (RMAN) backups are created and maintained in a secure fashion without the need for a potentially expensive and cumbersome media management layer (MML). This article the first in this series provides an overview of Oracle Secured Backup and how it can be utilized in concert with RMAN backup, restoration, and recovery scripts.
One of my very first tasks as a newly-minted Oracle DBA was to develop a disaster recovery scheme for my clients brand-new Oracle 8i production databases. After spending some time reviewing exactly what a robust D/R strategy should include, I decided that wed need to configure alternate media backups in other words, backing up our database directly to tape using Oracle Recovery Manager (RMAN) in concert with what at that time was a reasonably powerful and flexible Sony tape drive.
After one week of constant experimentation, numerous failed backups, and still no backup tapes produced, I discovered just how difficult it could be to configure a Media Management Layer (MML) in Oracle 8i. As the production deployment date loomed nearer, I made a critical choice: I decided to back up my clients database directly to near-line disk storage. (Of course, alternate tape backups would still be created, but we decided to simply copy the backup files from the near-line disk storage area directly to tape using a Veritas backup system.)
This scenario made me aware of several drawbacks to the traditional media management layer approach for creating alternate media backups:
Implementing an MML agent is non-trivial. I remember spending several fruitless days trying to get the provided Legato Storage Manager to communicate with the Sony tape drive. Though we considered using another MML, we abandoned further consideration of this approach when we found that their backup agents were relatively expensive, in the range of $1000.00 or more.
Theres no centralized repository for the RMAN backups. Although RMAN could handle keeping track of all the backup tapes in its repository catalog, this was the only method to keep track of which tapes would be required in a disaster recovery situation, and our system administrators demanded a centralized solution for tracking all tapes necessary for D/R.
Image copy backup files are not secure. As I demonstrated in my series on Oracle 10g database file security features, image copies of a tablespaces datafiles are not secure unless theyre encrypted using the newest Oracle 10g security features. Should a hacker obtain a backup tape via surreptitious means, its possible that the image copies stored on tape may provide an invaluable source of sensitive data.
Only Oracle database files can be backed up. As an Oracle 8i DBA, I spent a lot of time making sure that my clients databases could be restored and recovered to any point in time within the timeframe specified in our service-level agreements. However, once external tables appeared on the Oracle horizon in Oracle 9i, I realized that I needed a way to back up the operating system files that comprised the external tables. Unfortunately, RMAN doesnt provide a way to handle this requirement because it only backs up Oracle database files (control files, datafiles, and archived redo logs).
Oracle Secure Backup: Features Overview
Fortunately, the new Oracle Secure Backup (OSB) toolset resolves all of these drawbacks, and adds some long-overdue features, thus providing a robust and flexible centralized tape backup and management system:
Centralized Tape Management. First and foremost, Oracle Secure Backup provides a centralized repository to store and manage information about all mission-critical tape backup files for an entire Oracle enterprise environment. This repository is stored in what OSB calls an administrative server, one of three central components to this architecture.
Tape Drive Optimization. Since a typical enterprise may need to support a considerable number and different types of tape backup devices, OSB supports configuration of a media server that is solely responsible for managing those backup devices. This eliminates the need to master various Media Management Layer protocols and agents, since the media server handles all this transparently.
Faster Tape Reads. Restoring an Oracle datafile backup from tape is still one of the most critical needs that OSB fills. Datafile sizes are continuing to increase, and show no sign of growing smaller anytime soon: Remember that in Oracle 10g the maximum size of a BIGFILE tablespaces datafile is now 128 terabytes. OSB provides a fast tape read mechanism that enables the media server to signal a tape drive to reposition itself to exactly the appropriate spot on the tape media so that datafile restoration can commence more quickly, thus eliminating the need to read the entire tape file forward from its initial tape mark.
Backups, Backups, and More Backups. As you might expect, OSB certainly provides the ability to easily write Oracle RMAN backups of control files, data files, and archived redo logs to tape media. Now OSB also makes it possible to back up the contents of an Oracle Cluster File System (OCFS) as well as the contents of a traditional OS-based file system like NTFS or EXT3. In addition, its now possible to create incremental backups of any of the files stored in an OS file system as well.
Scheduling Capabilities. Since it leverages existing Oracle Enterprise Manager and database technology, OSB offers a robust set of scheduling options for running tape backups at appropriate times. These scheduler features can be used either in concert with RMAN for database backups, or standalone to perform OS-level backups.
Security. Last but not least, OSB enables robust security options for encryption and decryption of sensitive data, whether that data is present within tape backups of Oracle datafiles or kept within operating system files. For example, the flat files that make up the contents of Oracle external tables can be easily encrypted and decrypted using OSB security methods.
OSB Architecture and Roles
To provide these features, Oracle Secure Backup divides responsibilities among three different components in what it calls an administrative domain. This domain is really nothing more than a combination of roles that together handle all backup and restore capabilities:
Administrative Server. A server thats fulfilling this OSB role is responsible for managing all backup information within the administrative domain via a separate OSB catalog that contains all necessary backup information. This catalog is stored in a standard centralized location (e.g. /usr/local/backup/oracle on a Linux-based server) and contains information about all devices, servers, and clients within the domain. There is only one administrative server in an OSB domain.
Media Server. This OSB component is responsible for managing alternate media devices. The list of devices supported currently includes approximately 200 different models of physical tape drives, virtual tape libraries, and physical tape libraries. OSB also permits multiple servers to be designated as media servers, which means that its not necessary to reattach all alternate media devices to one central server.
Heres the current list of network attached storage devices that Oracle Secure Backup currently supports. This list is subject to change in the future, of course, so be sure to consult the Certify tab on Oracle Metalink to obtain the most recent list:
For a list of tape backup devices that OSB currently supports, consult this document on Oracle Technology Network (OTN):
Clients. Finally, OSB can service any number of client applications. The client applications serviced includes Oracle databases through the RMAN interface (the obvious choice for the default client). Since OSB utilizes Network Data Management Protocol (NDMP) to manage backup devices as well as transfer backup data between all servers in the administrative domain, this means that backup appliances like network-attached storage (NAS) are also supported.
OSB Architecture Examples
As you might expect, this role-based architecture is extremely flexible. Depending on the enterprises size and backup requirements, I might decide to co-locate all three roles on one server (which is how Ill demonstrate OSB in my next article):
However, each OSB role could also be assigned to separate servers for improved disaster recovery capabilities as well as appropriate allocation of backup / restore capacities. For example, in a more robust enterprise deployment, there might be multiple servers that fulfill client roles, serviced by one or more servers that fulfill media server roles:
Like many other Oracle utilities, OSB offers several different methods to access its powerful capabilities. Ill delve into using all three of these interfaces in the next articles in this series; however, the one(s) you choose to use will depend on which Oracle products and interfaces your shop has decided to implement and support:
Oracle Enterprise Manager. Both Enterprise Manager Database Control and Enterprise Manager Grid Control meld nicely with OSB administrative domains. Heres an example of how OSB could be accessed from the Management page for an Oracle database that uses Enterprise Manager Database Control to control its backup and recovery processes:
OSB Web Interface. If you decide not to use the EM interface(s), but youd still prefer to use a GUI to manage Oracle Secure Backup capabilities, OSB also provides its own intuitive custom web-based interface. The example below shows the Home page for the OSB web tool:
OBTOOL. Finally, OSBs command-line interface, obtool, provides both batch and interactive command capabilities with over 100 different command options. Heres some sample output from the obtool command set that shows what OSB backups currently exist:
# Logging into OBTOOL in command line mode $> obtool # List all current backups ob> lsbackup --long 1: Dataset: orcl_full_bkup.ds Media family: (null) Backup level: full Priority: 10 Privileged op: no Eligible to run: 2007/02/15.18:00:00 Job expires: 2007/02/18.18:00:00 Restriction: any device
OSB Security Features: Users, Classes, and Access Rights
As its name implies, Oracle Secure Backup offers several levels of security to insure that the appropriate client gets permission to use only the resources appropriate to its required operations. For example, in a Linux-based database server its important to insure that only the oracle OS user account has been granted sufficient privileges to both create RMAN database backups and to restore those backups in case of media recovery. Likewise, for critical OS file system copies, its probably a good idea to make sure that only root can create and restore backups.
OSB Users. OSB facilitates this by creating a separate set of Oracle Secure Backup users. These OSB users can then be associated with the appropriate OS user account. Through these assignments, OSB offers the capability to perform either an unprivileged backup (i.e., without access to root level privileges) or a privileged backup (i.e., with full access to root privileges). For NDMP hosts, OSB permits the association of an OSB user directly with the NDMP host itself, since there are no real OS user accounts by which to perform an association.
OSB Classes. In addition, each OSB user can be granted access to appropriate resources by assigning each user to one or more Oracle Secure Backup classes. As shown in Table 1-2, OSB provides five standard classes, but it also permits the creation of customized classes for more advanced security management.
OSB Scheduling Features
Oracle Secure Backup also offers robust scheduling tools that work very much like the new Scheduler, DBMS_SCHEDULER, in an Oracle 10gR2 database. The OSB Scheduler permits me to create OSB jobs that handle both backup and recovery tasks for either OS file systems or, in concert with RMAN, for Oracle databases. I can also create an OSB schedule that encapsulates several OSB jobs, or I can simply create a separate, one-time-only OSB job to handle a special backup or recovery circumstance.
In the next article in this series, Ill demonstrate how to construct a simulated Oracle Secure Backup environment using VMWare virtual servers for its key components, how to integrate Secure Backup features into existing RMAN backup and restoration operations, and how to manage the Secure Backup environment with Oracle Enterprise Manager, OSB Web Interface, and the OSB obtool command set.
References and Additional Reading
Even though Ive hopefully provided enough technical information in this article to encourage you to explore with these features, I also strongly suggest that you first review the corresponding detailed Oracle documentation before proceeding with any experiments. Actual implementation of these features should commence only after a crystal-clear understanding exists. Please note that Ive drawn upon the following Oracle 10gR2 documentation for the deeper technical details of this article:
B14194-03 Oracle Backup and Recovery Reference
B14234-02 Oracle Secure Backup Administrators Guide
B14235-05 Oracle Secure Backup Installation Guide
B14236-02 Oracle Secure Backup Reference
B25049-01 Oracle Secure Backup Migration Guide
B32120-01 Oracle Secure Backup ReadMe
Dont forget that the Oracle Technology Network (OTN) Oracle Secure Backup home page is an excellent source of valuable (and constantly updated!) information.