Performing Encrypted Backups with Oracle Secure Backup 10.2

Purpose

This tutorial shows you how to perform encrypted backups of an Oracle database and file system data with Oracle Secure Backup (OSB) 10.2.

Time to Complete

Approximately 1 hour

Topics

This tutorial covers the following topics:

 Overview
 Prerequisites
 Configuring Host Encryption Policies in Oracle Secure Backup
 Performing an Encrypted Oracle Database Backup

Performing an Encrypted File System Backup

 Restoring from an Encrypted RMAN Backup
 Restoring from an Encrypted File System Backup
 Summary
 Related information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: This action loads all screenshots simultaneously, so response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

Overview

This tutorial covers how to perform immediate, encrypted database and file system backups using Oracle Secure Backup encryption. You use an encryption key that OSB transparently (randomly) generates for encryption during backup and decryption during recovery.

 

Back to Topic List

 

Prerequisites

Before starting this tutorial, you should:

1.

Have performed the "Installing and Configuring Oracle Secure Backup 10.2 " tutorial and met all prerequisites listed there.

 

2.

For this tutorial you need to know the following details:

  • Password of the SYS Oracle user: SYS_password
  • Password of the oracle OS user account: host_password
  • Password of the admin OSB user: admin_password
  • Password of the oracle OSB user: host_password
  • Enterprise Manager URL: https://<host machine>:<port>/em
  • Oracle Secure Web Tool URL: https://<host machine>/index.php

Back to Topic List

Configuring Host Encryption Policies in Oracle Secure Backup

In this topic you configure an OSB host encryption policy that defines the following:

To configure host encryption policies, perform the following steps:

1.

To start the OSB Web tool, open your web browser and enter your URL in the following format:

https://<host machine>/index.php

 

2.

On the Oracle Secure Backup Login page, enter admin as User Name and your admin_password , then click Login.


3.

On the OSB Web tool Home page, click Preferences in the top-right corner.

 

4.

Select the On Setting for Extended command output, then click Apply.

The page does not change, when you click Apply. You can see the result of this change in step 6, following.

Note: This is an optional setting which displays the OSB commands issued at each step in the Extended Command Output section.

 

5.

Click Configure, then click Hosts (in the Basic section).

 

6.

On the Configure: Hosts page, view the Extended Command Output in the lower part of the page, which you can hide or show by setting Preferences.

To configure host encryption policies, select your host and click Edit.

 

7.

Select Encryption: required . Accept the default algorithm of aes192 and leave the other fields with their default values as well. Then click the Apply button.

You should receive a success message.

 

8.

In the Extended Command Output section, you can view the obtool command, which was created and executed, based on your host modifications. Click OK.

 

9.

Again, you should receive a success message. Navigate to the OSB Home page.

Note: Do not log out from the OSB Web tool.

Back to Topic List

 

Performing an Encrypted Oracle Database Backup

In this topic you perform an immediate full backup of the Oracle database, encrypted by Oracle Secure Backup per host encryption policy, which you defined in the previous task. Oracle database backups to tape (using Oracle Secure Backup) are started from the Receovery Manager (RMAN) or the Oracle Enterprise Manager (EM) interface. Although RMAN offers backup encryption, this topic demonstrates the use of OSB encryption, where all encryption keys are generated and managed by OSB based on the host encryption policy. You will view the RMAN output log and the OSB job transcript.

To backup your database encrypted to tape, perform the following steps:

1.

To access Enterprise Manager (EM), open your web browser and enter your URL in the following format:

https://<host machine>:<port>/em

 

2.

On the Enterprise Manager Login page, enter SYS as User Name, your SYS_password and select Connect As SYSDBA. Then click Login.


3.

On the Oracle Database home page, click Availability.

 

4.

On the Availability page, click Schedule Backup in the Manage section.

 

5.

On the Schedule Backup page, ensure that the Host Credentials are provided (if needed enter oracle and host_password ); ensure that Whole Database is selected. Then click Schedule Customized Backup.

 

6.

On the Schedule Customized Backup: Options page, accept all default values.

Expand Encryption to see that RMAN encryption is not selected. However, because of your defined OSB host encryption policy, the backup will be encrypted by Oracle Secure Backup. Then click Next.

 

7.

On the Schedule Customized Backup: Settings page, select Tape, and then click Next.

 

8.

On the Schedule Customized Backup: Schedule page, ensure that One Time (Immediately) is selected and then click Next.

 

9.

On the Schedule Customized Backup: Review page, review the provided information, and then click Submit Job.

 

10.

You should receive a success message. Click View Job.

 

11.

During or after your job execution, click the Step: Backup link.

 

12.

Review the output log. If your job is still running, use your browser's refresh or reload button until you see the commands highlighted below. You should see that Oracle Secure Backup is used as media management software and that RMAN is not encrypting this backup. The backup is encrypted by OSB, because the host encryption policy is set to 'required'.



When you are finished reviewing the RMAN output log, click your browser's Return or Go Back button.

 

13.

Switch to your OSB Web tool, which should still be open from the previous task. To display the job transcript on the OSB Home page, either click the transcript icon before the Active Jobs ID link (if your job is still running):

Or first click the Show completed jobs link, and then click the transcript icon before the Completed Jobs ID link.

Note: The last three jobs in this example are part of the encrypted database backup.

14.

Review the output and note the OSB encryption (towards the end of the file). Then click the Close button.

 

Back to Topic List

Performing an Encrypted File System Backup

In this topic you perform an encrypted file system data backup. You do not need to configure encryption, because the host encryption policy is set to "required". Once a host is configured, both RMAN and file system data can use the same encryption policy. But you do need to configure a dataset. With a dataset you define the directory/data that you wish to back up.

To perform an encrypted file system backup, perform the following steps:

1.

As the oracle user, create the test1 subdirectory under your working directory by executing the following command:

$ mkdir test1

 

2.

Copy some files from your working directory to your new t est1 directory and confirm their arrival by executing the following commands:

$  
                              
cp c* test1
$  
                              
ls -l test1/*
-rwxr-xr-x 1 oracle oinstall 805 Jun 14 00:28 test1/config1_in.sh
-rwxr-xr-x 1 oracle oinstall 886 Jun 14 00:28 test1/config1_out.sh
-rwxr-xr-x 1 oracle oinstall 346 Jun 14 00:28 test1/config1.sh
-rwxr-xr-x 1 oracle oinstall 162 Jun 14 00:28 test1/config2.txt
$ 

                            
3.

To configure a dataset in the OSB Web tool, navigate to Backup > Datasets (in the Settings section), and then click Add.

 

4.

Review the text, which provides a template on how to create a dataset.

# Begin dataset TEMPLATES/new_button.
#
# This is the dataset template that the Oracle Secure Backup
# Web Interface uses when you press "add a new dataset".
# Uncomment the line below and place any domain-wide directives in
# admin-domain defaults
#include dataset admin-domain
# Edit the lines that follow to specify the host(s) and the name(s)
# of file system objects to be backed up on those hosts.

Delete all text, because it is for informational purposes only.

To backup only your test1 directory, enter TEST1 as Name and the following lines with your host name and your working directory under the sample code, then click Save.

include host host01
include path /< your working directory>/test1

 

5.

You should receive a success message. Click the Backup link.

 

6.

To backup the data in your just defined dataset, click Backup Now (in the Operations section).

 

7.

On the Backup Now page, click Add.

 

8.

On the Options page, select or enter the following, then click OK:

Datasets: TEST1
Restrictions: vdte1@host01
Backup level: full
Media family: offsite_test
Encryption: no

Note: You can select Encryption: no, because your host policy is already set to required. You will see in the job transcript below, that encryption occurs.

You should receive a success message.

 

9.

On the Backup Now page, select the TEST1 dataset and click Go.

 

10.

Note your job id and click Home.

 

11.

On the OSB Home page, click the transcript icon before your Job ID . .

 

12.

In the Job Transcript Viewer scroll through the output file and review it. For example, you might notice the encryption algorithm (which was defined in the host encryption policies) and the number of files and directories that you just backed up. When you are finished reviewing the output, click Close.

If you are planning to execute the "Configuring Policy-Based Media Management with Oracle Secure Backup 10.2" tutorial, then please note the time of your file system backup (especially if it exceeds five minutes).

You can leave the Web tool available for a later task.

Back to Topic List

Restoring from an Encrypted RMAN Backup

In this topic you restore RMAN data files from your encrypted database backup tape. Because the recovery scope is datafiles, this is known as object level recovery.

To recover a data file from an RMAN tape backup, perform the following steps:

1.

In your web browser, on the Enterprise Manager Login page, enter SYS as User Name, your SYS_password and select Connect As SYSDBA. Then click Login.

 

2.

On the EM home page, click Availability. Then click Perform Recovery.


3.

On the Perform Recovery page, confirm your Host Credentials and select Datafiles as Recovery Scope, then click Recover.

 

4.

On the Perform Object Level Recovery: Datafiles page, click Add.

 

5.

On the Perform Object Level Recovery: Datafiles: Available Datafiles page, select the example01.dbf datafile and then click Select.

 

6.

On the Perform Object Level Recovery: Datafiles page, select the example01.dbf datafile and then click Next.

 

7.

On the Perform Object Level Recovery: Rename page, accept the default values and click Next.

 

8.

On the Perform Object Level Recovery: Review page, click Edit RMAN Script to view this script.

 

9.

On the Perform Object Level Recovery: Review: Edit RMAN Script page, review the RMAN commands and click Submit.

 

10.

Depending on your system resources the Processing: Perform Object Level Recovery page is displayed.

You should receive a success message. On the Perform Recovery: Result page, scroll through the output to review it and click OK.

 

11.

Return to the Web tool if it is available, or login with admin as User Name and your admin_password .

 

12.

On the Web tool Home page, click Show completed jobs if your restore job is not visible. Then click on the transcript icon before the Job ID.

 

13.

Review the Job Transcript which shows that the data file (and the backup piece) is successfully restored.

Oracle Secure Backup automatically decrypts the files during restoration. This is also true for user-defined passphrase encryption: As long as a restoration is performed within the same OSB domain as the original backup, then Oracle Secure Backup automatically decrypts the files for you, whether the encryption occurred through transparently generated keys or through a user-defined passphrase.

Your transcript might look a little different. When you are finished reviewing it, click Close.

 

Back to Topic List

Restoring from an Encrypted File System Backup

In this topic you restore data files from the encrypted file system backup tape.

To restorer from an encrypted file system backup, perform the following steps:

1.

Continue in your OSB Web tool or start it directly in a web browser (not from EM) with admin as User Name and your admin_password .

 

2.

On the OSB Home page, click Preferences in the top-right corner. Select the On Setting for Extended command output, and click Apply.

The page does not change. Then click Restore.


3.

On the Restore page, click Backup Catalog.

 

4.

On the Restore: Backup Catalog page, select host01 as Host Name, latest as Data Selector and then click Browse Host.

 

5.

On the Restore: Backup Catalog > host01 page, enter the Path to your test1 directory in the following format:

<your host>:/<your working directory>/test1, then click Browse Host.

 

6.

The backed up files from your test1 directory should appear in the Browse Host section.

Click the Show restore list and browse options link.

The available restore items appear. This is an alternative way to select the files that you wish to restore.

Select each of the files in the Browse Host section and click Add.

 

7.

On the Restore: Restore > New Restore page, accept the default settings and click OK.

You should receive a success message.

 

8.

On the Restore: Restore > host01 page, click Go.

 

9.

Notice the job id. Yours may be different. Then click Manage.

 

10.

On the Manage page, click Jobs.

 

11.

In the Viewing options area, select the following values and then click Apply:

Viewing options: Active, Complete and Pending
Types: files system restore

 

12.

Select your restore job and click Show Properties.

Your screenshot should show only one restore job, unless you are repeating this task.

 

13.

Review the job properties. Towards the end, you want to see that your restore completed with no error. When you are finished reviewing, click Close.

 

14.

Click Logout in the top-right corner to leave the OSB Web tool.

 

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Configure Host Encryption Policies in Oracle Secure Backup
 Perform an Encrypted Oracle Database Backup
 Perform an Encrypted File System Backup
 Restore from an Encrypted RMAN Backup
 Restore from an Encrypted File System Backup

Back to Topic List

Related Information

To learn more about Oracle Secure Backup you can refer to:

 Configuring Policy-Based Media Management with Oracle Secure Backup 10.2 tutorial
 Additional OBEs on the OTN web site.
 Demonstration material ( viewlets )

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

 

 

Left Curve
Popular Downloads
Right Curve
Untitled Document