Synopsis. Oracle 10g’s new Secure Backup features offer the capability to insure that all Recovery Manager (RMAN) backups are created and maintained in a secure fashion without the need for a potentially expensive and cumbersome media management layer (MML). This article – the first in this series – provides an overview of Oracle Secured Backup and how it can be utilized in concert with RMAN backup, restoration, and recovery scripts.
One of my very first tasks as a newly-minted Oracle DBA was to develop a disaster recovery scheme for my client’s brand-new Oracle 8i production databases. After spending some time reviewing exactly what a robust D/R strategy should include, I decided that we’d need to configure alternate media backups – in other words, backing up our database directly to tape – using Oracle Recovery Manager (RMAN) in concert with what at that time was a reasonably powerful and flexible Sony tape drive.
After one week of constant experimentation, numerous failed backups, and still no backup tapes produced, I discovered just how difficult it could be to configure a Media Management Layer (MML) in Oracle 8i. As the production deployment date loomed nearer, I made a critical choice: I decided to back up my client’s database directly to near-line disk storage. (Of course, alternate tape backups would still be created, but we decided to simply copy the backup files from the near-line disk storage area directly to tape using a Veritas backup system.)
This scenario made me aware of several drawbacks to the traditional media management layer approach for creating alternate media backups:
Implementing an MML agent is non-trivial. I remember spending several fruitless days trying to get the provided Legato Storage Manager to communicate with the Sony tape drive. Though we considered using another MML, we abandoned further consideration of this approach when we found that their backup “agents” were relatively expensive, in the range of $1000.00 or more.
There’s no centralized repository for the RMAN backups. Although RMAN could handle keeping track of all the backup tapes in its repository catalog, this was the only method to keep track of which tapes would be required in a disaster recovery situation, and our system administrators demanded a centralized solution for tracking all tapes necessary for D/R.
Image copy backup files are not secure. As I demonstrated in my series on Oracle 10g database file security features, image copies of a tablespace’s datafiles are not secure unless they’re encrypted using the newest Oracle 10g security features. Should a hacker obtain a backup tape via surreptitious means, it’s possible that the image copies stored on tape may provide an invaluable source of sensitive data.
Only Oracle database files can be backed up. As an Oracle 8i DBA, I spent a lot of time making sure that my client’s databases could be restored and recovered to any point in time within the timeframe specified in our service-level agreements. However, once external tables appeared on the Oracle horizon in Oracle 9i, I realized that I needed a way to back up the operating system files that comprised the external tables. Unfortunately, RMAN doesn’t provide a way to handle this requirement because it only backs up Oracle database files (control files, datafiles, and archived redo logs).
Oracle Secure Backup: Features Overview
Fortunately, the new Oracle Secure Backup (OSB) toolset resolves all of these drawbacks, and adds some long-overdue features, thus providing a robust and flexible centralized tape backup and management system:
Centralized Tape Management. First and foremost, Oracle Secure Backup provides a centralized repository to store and manage information about all mission-critical tape backup files for an entire Oracle enterprise environment. This repository is stored in what OSB calls an administrative server, one of three central components to this architecture.
Tape Drive Optimization. Since a typical enterprise may need to support a considerable number and different types of tape backup devices, OSB supports configuration of a media server that is solely responsible for managing those backup devices. This eliminates the need to master various Media Management Layer protocols and agents, since the media server handles all this transparently.
Faster Tape Reads. Restoring an Oracle datafile backup from tape is still one of the most critical needs that OSB fills. Datafile sizes are continuing to increase, and show no sign of growing smaller anytime soon: Remember that in Oracle 10g the maximum size of a BIGFILE tablespace’s datafile is now 128 terabytes. OSB provides a fast tape read mechanism that enables the media server to signal a tape drive to reposition itself to exactly the appropriate spot on the tape media so that datafile restoration can commence more quickly, thus eliminating the need to read the entire tape file forward from its initial tape mark.
Backups, Backups, and More Backups. As you might expect, OSB certainly provides the ability to easily write Oracle RMAN backups of control files, data files, and archived redo logs to tape media. Now OSB also makes it possible to back up the contents of an Oracle Cluster File System (OCFS) as well as the contents of a traditional OS-based file system like NTFS or EXT3. In addition, it’s now possible to create incremental backups of any of the files stored in an OS file system as well.
Scheduling Capabilities. Since it leverages existing Oracle Enterprise Manager and database technology, OSB offers a robust set of scheduling options for running tape backups at appropriate times. These scheduler features can be used either in concert with RMAN for database backups, or standalone to perform OS-level backups.
Security. Last but not least, OSB enables robust security options for encryption and decryption of sensitive data, whether that data is present within tape backups of Oracle datafiles or kept within operating system files. For example, the “flat files” that make up the contents of Oracle external tables can be easily encrypted and decrypted using OSB security methods.
OSB Architecture and Roles
To provide these features, Oracle Secure Backup divides responsibilities among three different components in what it calls an administrative domain. This domain is really nothing more than a combination of roles that together handle all backup and restore capabilities:
Administrative Server. A server that’s fulfilling this OSB role is responsible for managing all backup information within the administrative domain via a separate OSB catalog that contains all necessary backup information. This catalog is stored in a standard centralized location (e.g. /usr/local/backup/oracle on a Linux-based server) and contains information about all devices, servers, and clients within the domain. There is only one administrative server in an OSB domain.
Media Server. This OSB component is responsible for managing alternate media devices. The list of devices supported currently includes approximately 200 different models of physical tape drives, virtual tape libraries, and physical tape libraries. OSB also permits multiple servers to be designated as media servers, which means that it’s not necessary to reattach all alternate media devices to one central server.
Here’s the current list of network attached storage devices that Oracle Secure Backup currently supports. This list is subject to change in the future, of course, so be sure to consult the Certify tab on Oracle Metalink to obtain the most recent list:
Table 1-x. Network Attached Storage Devices Supported For Oracle Secure Backup
Data ONTAP 6.5