Oracle® Secure Backup Administrator's Guide Release 10.1 Part Number B14234-02 |
|
|
PDF · Mobi · ePub |
A group of machines on your network that you manage as a common unit to perform backup and restore operations. An administrative domain must include one and only one administrative server. It can include the following:
One or more client hosts
One or more media servers
An administrative domain can consist of a single host that assumes the roles of administrative server, media server, and client.
The host that stores configuration information and catalog files for hosts in the administrative domain. There must be one and only one administrative server for each administrative domain. One administrative server can service all clients on your network. The administrative server runs the scheduler, which starts and monitors backups within the administrative domain.
The frequency with which Oracle Secure Backup checks the status of tape drives. When Oracle Secure Backup finds an available device, it assigns the next scheduled backup to the tape drive and starts the backup. Oracle Secure Backup checks all configured devices at this frequency and starts all backups that are ready to run as tape drives become available.
The physical or logical connection (the path in which data travels) of a tape device to a host in the administrative domain.
automated certificate provisioning mode
A mode of certificate management in which the Certification Authority (CA) signs and then transfers identity certificates to new hosts over the network. This mode of issuing certificates is vulnerable to a possible, although extremely unlikely, man-in-the-middle attack. Automated mode contrasts with manual certificate provisioning mode.
A text file used for obtar backup operations. It includes a host name and a list of directories to include or exclude from a backup image. Note that the Oracle Secure Backup scheduler transforms datasets into BDFs so that they are usable by obtar
.
A tape drive that backs up data from primary storage media such as local disk to secondary storage media. Note that Oracle Secure Backup does not support optical tape drives.
The process of obscuring backup data so that it is unusable unless decrypted. Data can be encrypted at rest, in transit, or both.
An integer that uniquely identifies a backup section.
The product of a backup operation. A single backup image can span multiple volumes in a volume set. The part of a backup image that fits on a single volume is called a backup section.
The logical container of a backup image. A backup image consists of one file. One backup image consists of one or more backup sections.
The data on a tape that identifies the backup image's file number, backup section number, and owner.
A backup that is eligible for execution by the Oracle Secure Backup scheduler. A backup job contrasts with a backup request, which is an on-demand backup that has not yet been forwarded to the scheduler by means of the backup --go
command.
The level of an incremental backup of file system data. Oracle Secure Backup supports 9 different incremental backup levels for file system backups.
A process by which data is copied from primary media to secondary media. You can use Oracle Secure Backup to make file system backups, which are backups of any file on the file system. You can also use the Oracle Secure Backup SBT library in conjunction with Recovery Manager (RMAN) to back up the database to tape.
A backup file generated by Recovery Manager (RMAN). Backup pieces are stored in a logical container called a backup set.
An on-demand backup that is held locally in obtool
until you execute the backup
command with the --go
option. At this point Oracle Secure Backup forwards the requests to the scheduler, at which time the backup requests become backup jobs and are eligible to run.
A description of when and how often Oracle Secure Backup should back up the files specified by a dataset. The backup schedule contains the names of each dataset file and the name of the media family to use. The part of the schedule called the trigger defines the days and times when the backups should occur. In obtool, you create a backup schedule with the mksched
command.
A portion of an backup image file that exists on a single tape. One backup image can contain one or more backup sections. Each backup section is uniquely identified by a backup ID.
A file that contains the standard output from a particular backup dispatched by the Oracle Secure Backup scheduler.
A time frame in which a backup operation can be executed.
A symbol code, also called a tag, that is physically applied to a volume for identification purposes. Oracle Secure Backup supports the use of tape libraries that have an automated means to read barcodes.
The number of 512-byte blocks to include in each block of data written to each tape drive. By default, Oracle Secure Backup writes 64K blocks to tape, which is a blocking factor of 128. Because higher blocking factors usually result in better performance, you can try a blocking factor larger than the obtar
default. If you pick a value larger than is supported by the operating system of the server, then Oracle Secure Backup fails with an error.
A file that is currently open or being written to and is therefore inaccessible to all other users or application programs. Depending on the client configuration, busy files might not be backed up or restored.
A repository that records backups in an Oracle Secure Backup administrative domain. You can use the Web tool or obtool
to browse the catalog and determine what files you have backed up. The catalog is stored on the administrative server.
A digitally signed statement from a Certification Authority (CA) stating that the public key (and possibly other information) of another entity has a specific value. The X.509 standard specifies the format of a certificate and the type of information contained in it: certificate version, serial number, algorithm ID, issuer, validity, subject, subject public key information, and extensions such as key usage (signing, encrypting, and so on). A variety of methods are used to encode, identify, and store the certificate.
An authority in a network that performs the function of binding a public key pair to an identity. The CA certifies the binding by digitally signing a certificate that contains a representation of the identity and a corresponding public key. The administrative server is the CA for an Oracle Secure Backup administrative domain.
Certificate Revocation List (CRL)
A list used in a public key infrastructure that enumerates the revoked certificates maintained by the Certification Authority (CA).
A named set of rights for Oracle Secure Backup users. A class can have multiple users, but each user can belong to one and only one class.
content-managed expiration policy
A volume with this type of expiration policy expires when all the backup pieces on the volume are marked as deleted. You can make Recovery Manager (RMAN) backups, but not file system backups, to content-managed volumes. You can use Recovery Manager (RMAN) to delete backup pieces.
A one-way function that accepts a message as input and produces an encrypted string called a "hash" or "message digest" as output. Given the hash, it is computationally infeasible to retrieve the input. MD5 and SHA-1 are commonly used cryptographic hash functions.
A type of incremental backup in which Oracle Secure Backup copies only data that has changed at a lower backup level. For example, a level 3 incremental backup copies only that data that has changed since the most recent backup that is level 2 or lower.
Background processes that are assigned a task by Oracle Secure Backup during the execution of backup and restore operations. Some daemons run continually and others are started and stopped as required.
Data Management Application (DMA)
An application that controls a backup or restore operation over the NDMP through connections to a data service and tape service. The DMA is the session master, whereas the NDMP services are the slaves. In an Oracle Secure Backup administrative domain, obtar
is an example of a DMA.
An application that runs on a client and provides Network Data Management Protocol (NDMP) access to database and file system data on the primary storage system.
A secondary storage device within a tape library. In libraries that contain multiple tape drives, DTEs are sequentially numbered starting with 1.
database backup storage selector
An Oracle Secure Backup configuration object that specifies characteristics of Recovery Manager (RMAN) SBT backups. The storage selector act as a layer between RMAN, which accesses the database, and the Oracle Secure Backup software, which manages the backup media.
The contents of a file system backup. A dataset is described in a dataset file. For example, you could create the dataset file my_data.ds
to describe a dataset that includes the /home
directory on host brhost2
.
A directory that contains dataset files. The directory groups dataset files together as a set for common reference.
A text file that describes a dataset. The Oracle Secure Backup dataset language provides a text-based means to define file system data that you want to back up.
An internal, uniquely generated number that differentiates databases. Oracle creates this number automatically when you create the database.
A set of configuration data that specifies how Oracle Secure Backup runs in an administrative domain.
A tape drive or tape library identified by a user-defined device name.
The process by which Oracle Secure Backup automatically detects devices accessed through NDMP as well as configuration changes for such devices.
A file name in the /dev
file system on UNIX or Linux that represents a hardware device. A device special file does not specify data on disk, but identifies a hardware unit and the device driver that handles it. The inode of the file contains the device number as well as permissions and ownership data. An attachment consists of a host name and the device special file name by which that device is accessed by Oracle Secure Backup.
differential incremental backup
A type of incremental backup in which Oracle Secure Backup copies only data that has changed at the same or lower backup level. This backup is also called a level 10 backup. Oracle Secure Backup does not support the level 10 backup in conjunction with some platforms, including NAS devices such as Network Appliance filers.
A set of bits computed by an Certification Authority (CA) to signify the validity of specified data. The algorithm for computing the signature makes it difficult to alter the data without invalidating the signature.
A group of machines and devices on a network that are administered as a unit with common rules and procedures. Within the internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.
The number of recovered write errors divided by the total blocks written, multiplied by 100.
Specifies a file or path to be excluded from a backup operation.
The means by which Oracle Secure Backup determines how volumes in a media family expire, that is, when they are eligible to be overwritten. A media family can either have a content-managed expiration policy or time-managed expiration policy.
Fiber Distributed Data Interface (FDDI)
A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps. FDDI networks are typically used as backbones for wide-area networks.
A protocol used primarily among devices in a Storage Area Network (SAN).
A backup of files on the file system initiated by Oracle Secure Backup. A file system backup is distinct from a Recovery Manager (RMAN) backup made through the Oracle Secure Backup SBT interface.
An operation that backs up all of the files selected on a client. Unlike in an incremental backup, files are backed up whether or not they have changed since the last backup.
A network made up of a multitude of machines, operating systems, and applications of different types from different vendors.
A network comprised of similar components: one type of machine, server, and network operating system.
The initialization phase of a connection between two hosts in the administrative domain. After the hosts authenticate themselves to each other with identity certificates, communications between the hosts are encrypted by SSL. Almost all connections are two-way authenticated; exceptions include initial host invitation to join a domain and interaction with hosts that use NDMP access mode.
An X.509 certificate signed by the Certification Authority (CA) that uniquely identifies a host in an Oracle Secure Backup administrative domain.
An operation that backs up only the files on a client that changed after a previous backup. Oracle Secure Backup supports 9 different incremental backup levels for file system backups. A cumulative incremental backup copies only data that changed since the most recent backup at a lower level. A differential incremental backup, which is equivalent to a level 10 backup, copies data that changed since an incremental backup at the same or lower level.
An incremental backup contrasts with a full backup, which always backs up all files regardless of when they last changed. A full backup is equivalent to an incremental backup at level 0.
A catalog created and maintained by Oracle Secure Backup that describes past, current, and pending backup jobs.
A text file report produced by Oracle Secure Backup that describes the status of selected backup and restore jobs. Oracle Secure Backup generates the report according to a user-specified job summary schedule.
A user-defined schedule for generating job summaries. You create job summary schedules with the mksum
command in obtool
.
Logical unit number of a device. LUNs make it possible for a number of devices to share a single SCSI ID.
manual certificate provisioning mode
A mode of certificate management in which you must manually export the signed identity certificate for a new host from the administrative server, transfer it to the new host, and manually import the certificate into the wallet of the new host. Unlike automated certificate provisioning mode, this mode is not vulnerable to a possible (if extremely unlikely) man-in-the-middle attack.
A named classification of backup volumes that share the same volume sequence file, expiration policy, and write window.
A machine or server that has one or more devices connected to it. A media server is responsible for transferring data to or from the devices that are attached to it.
The mode indicates the way in which Oracle Secure Backup can use a volume physically loaded into a tape drive. Valid values are read-only, write/append, overwrite, and not mounted.
An application that runs on a media server in an Oracle Secure Backup administrative domain and provides access to secondary storage media over NDMP.
A synonym for primary access mode.
The mode of access for a filer or other host that uses NDMP for communications within the administrative domain. NDMP access mode contrasts with primary access mode, which uses the Oracle Secure Backup network protocol. Note that Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.
Network Attached Storage (NAS)
A NAS server is a computer on a network that hosts file systems. The server exposes the file systems to its clients through one or more standard protocols, most commonly NFS and CIFS.
Network Data Management Protocol (NDMP)
An open standard protocol that defines a common architecture for backups of heterogeneous file servers on a network. This protocol allows the creation of a common agent used by the central backup application, called a DMA, to back up servers running different operating systems. With NDMP, network congestion is minimized because the data path and control path are separated. Backup can occur locally—from file servers direct to tape drives—while management can occur centrally.
A text file that lists the hosts in your network on which Oracle Secure Backup should be installed. For each host, you can identify the Oracle Secure Backup installation type, the host name, and the list of tape drives attached. The install
subdirectory in the Oracle Secure Backup home includes a sample network description file named obndf
.
A client/server application that gives all network users access to shared files stored on computers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP (Transmission Control Protocol/Internet Protocol). Users can manipulate shared files as if they were stored on local disk. With NFS, computers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. The NFS standards are publicly available and widely used.
One of the file systems for the Windows operating system. NTFS has features to improve reliability, such as transaction logs to help restore from disk failures.
A tape is not rewound when Oracle Secure Backup finishes writing to it. This lets Oracle Secure Backup remain in position to write the next backup image.
A synonym for primary access mode.
A wallet whose data is scrambled into a form that is extremely difficult to read if the scrambling algorithm is unknown. The wallet is read-only and is not protected by a password. An obfuscated wallet supports single sign-on (SSO).
An instance configuration data managed by Oracle Secure Backup: class, user, host, device, library, backup schedule, and so on. Objects are stored as files in subdirectories of admin/config
in the Oracle Secure Backup home.
The underlying engine of Oracle Secure Backup that moves data to and from tape. obtar
is a descendent of the original Berkeley UNIX tar(2)
command.Although obtar
is typically not accessed directly, you can use it to back up and restore files or directories specified on the command line or in a Backup Description File (BDF). obtar
enables the use of features not exposed through obtool or the Web tool.
The principal command-line interface to Oracle Secure Backup. You can use this tool to perform all Oracle Secure Backup configuration, backup and restore, maintenance, and monitoring operations. The obtool
utility is an alternative to the Web tool.
A backup that is equivalent to a full backup except that it does not affect the full/incremental backup schedule. An offsite backup is useful when you want to create an backup image for offsite storage without disturbing your incremental backup schedule.
A file system backup initiated through the backup
command in obtool or the Web tool. The backup is one-time-only and either runs immediately or at a specified time in the future. An on-demand backup contrasts with a scheduled backup, which is initiated by the Oracle Secure Backup scheduler.
A person who runs backup operations, manages backup schedules, swaps tapes, and checks for errors.
A request from Oracle Secure Backup that asks for the operator to perform a task, such as mounting a different volume during a backup.
When using obtar, this is the host on which you execute the obtar
command.
The directory in which the Oracle Secure Backup software is installed. The Oracle Secure Backup home is typically /usr/local/oracle/backup
on UNIX/Linux and C:\Program Files\Oracle\Backup
on Windows. This directory contains binaries and configuration files. The contents of the directory differ depending on which role is assigned to the host within the administrative domain.
Oracle Secure Backup logical unit number
A number between 0 and 31 used to generate unique device special file names during device configuration (for example: /dev/obt0
, /dev/obt1
, and so on). Although it is not a requirement, unit numbers typically start at 0 and increment for each additional device of a given type, whether library or drive.
The Oracle Secure Backup logical unit number should not be confused with the SCSI logical unit number. The SCSI LUN is part of the hardware address of the device, whereas the Oracle Secure Backup logical unit number is part of the name of the device special file.
A defined account within an Oracle Secure Backup administrative domain. Oracle Secure Backup users exist in a separate namespace from operating system users.
The process of replacing a file on your system by restoring a file that has the same file name.
PNI (Preferred Network Interface)
The network interface that should be used to transmit data to be backed up or restored. A network can have multiple physical connections between a client and the server performing a backup or restore on behalf of that client. For example, a network can have both Ethernet and Fiber Distributed Data Interface (FDDI) connections between a pair of hosts. PNI enables you to specify, on a client-by-client basis, which of the server's network interfaces should be used.
An optional attribute of an Oracle Secure Backup user. A preauthorization gives an operating system user access to specified Oracle Secure Backup resources.
The mode of access for a host that uses the Oracle Secure Backup network protocol for communications within the administrative domain. Oracle Secure Backup must be installed on hosts that use primary access mode. In contrast, hosts that use NDMP access mode do not require Oracle Secure Backup to be installed. Note that Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.
A number that corresponds to a specific public key and is known only to the owner. Private and public keys exist in pairs in all public key cryptography systems. In a typical public key cryptosystem, such as RSA, a private key corresponds to exactly one public key. Private keys can be used to compute signatures and decrypt data.
File system backup operations initiated with the --privileged
option of the backup
command. On UNIX and Linux systems, a privileged backup runs under the root
user identity. On Windows systems, the backup runs under the same account (usually Local System
) as the Oracle Secure Backup service on the Windows client.
A number associated with a particular entity intended to be known by everyone who needs to have trusted interactions with this entity. A public key, which is used in conjunction with a corresponding private key, can encrypt communication and verify signatures.
A schema in an Oracle database that contains metadata for use by Recovery Manager (RMAN). The recovery catalog is managed by RMAN and is independent of the Oracle Secure Backup catalog.
Copies files from the volumes in a backup device to the designated system.
A list of operators to whom restore data requests are emailed.
The length of time that data in a volume set is not eligible to be overwritten. The retention period is an attribute of a time-managed media family. The retention period begins at the write window close time. For example, if the write window for a media family is 7 days, then a retention period of 14 days indicates that the data is eligible to be overwritten 21 days from the first write to the first volume in the volume set.
A utility supplied with Oracle Database used for database backup, restore, and recovery. RMAN is a separate application from Oracle Secure Backup. Unlike RMAN, you can use Oracle Secure Backup to back up any file on the file system—not just database files. Oracle Secure Backup includes an SBT interface that RMAN can use to back up database files directly to tape.
Privileges within the administrative domain that are assigned to a class. For example, the perform backup as self
right is assigned to the operator
class by default. Every Oracle Secure Backup user that belongs to a class is granted the rights associated with this class.
The functions that hosts in your network can have during backup and restore operations. There are three roles in Oracle Secure Backup: administrative server, media server, and client host. A host in your network can serve in any of these roles or any combination of them. For example, the administrative server can also be a client and media server.
The underlying engine of Oracle Secure Backup that moves data to and from tape. obtar
enables the use of features not exposed through obtool or the Web tool. In normal circumstances users do not use obtar
directly.
A media management software library that Recovery Manager (RMAN) can use to back up to tertiary storage. An SBT interface conforms to a published API and is supplied by a media management vendor. Oracle Secure Backup includes an SBT interface for use with RMAN.
A user-defined time period for executing scheduled backup operations. File system backups are triggered by a schedule, which you can create with the mksched
command in obtool
. In contrast, on-demand backups are one-time-only backups created with the backup
command.
The frequency with which Oracle Secure Backup determines whether manual changes have been made to any schedules. If Oracle Secure Backup finds changes, it updates the job list and starts any necessary backups.
A file system backup that is scheduled through the mksched
command in obtool
or the Web tool (or is modified by the runjob
command). A backup schedule describes which files should be backed up. A trigger defined in the schedule specifies when the backup job should run.
A daemon (obscheduled
) that runs on an administrative server and is responsible for managing all backup scheduling activities. The scheduler maintains a job list of backup jobs scheduled for execution.
A daemon (observiced
) that runs on each host in the administrative domain that that communicates through primary access mode. The service daemon provides a wide variety of services, including certificate operations.
A cryptographic protocol that provides secure network communication. SSL provides endpoint authentication through certificates. Data transmitted over SSL is protected from eavesdropping, tampering or message forgery, and replay attacks.
Small Computer System Interface (SCSI)
A parallel I/O bus and protocol that permits the connection of a variety of peripherals to host computers. Connection to the SCSI bus is achieved through a host adapter and a peripheral controller.
A consistent copy of a volume or a file system. Snapshots are supported only for Network Appliance filers running Data ONTAP 6.4 or later.
A high-speed subnetwork of shared storage devices. A SAN is designed to assign data backup and restore functions to a secondary network where so that they do not interfere with the functions and capabilities of the server.
A physical location within a tape library where a volume can be stored and retrieved by a library's robotic arm.
A device that reads and writes data stored on a tape. Tape drives are sequential-access, which means that they must read all preceding data to read any particular piece of data. The drives are accessible through various protocols, including SCSI and Fibre Channel. A tape drive can exist standalone or in a tape library.
A medium changer that accepts SCSI commands to move volumes between storage elements and tape drives.
An NDMP Service that transfers data to and from secondary storage and allows the DMA to manipulate and access secondary storage.
TCP/IP (Transmission Control Protocol/Internet Protocol)
The suite of protocols used to connect hosts for transmitting data over networks.
time-managed expiration policy
A media family expiration policy in which all volumes in a volume set can be overwritten when they reach their volume expiration time. Oracle Secure Backup computes the volume expiration time by adding the volume creation time for the first volume in the set, the write window time, and the retention period.
For example, you set the write window for a media family to 7 days and the retention period to 14 days. Assume that Oracle Secure Backup first wrote to the first volume in the set on January 1 at noon and subsequently wrote data on 20 more volumes in the set. In this scenario, all 21 volumes in the set expire on January 22 at noon.
You can make Recovery Manager (RMAN) backups or file system backups to volumes that use a time-managed expiration policy.
The part of a backup schedule that specifies the days and times at which the backups should occur.
A certificate that is considered valid without the need for validation testing. Trusted certificates build the foundation of the system of trust. Typically, they are certificates from a trusted Certification Authority (CA).
File system backups created with the --unprivileged
option of the backup
command. When you create or modify an Oracle Secure Backup user, you associate operating system accounts with this user. Unprivileged backups of a host run under the operating system account associate with Oracle Secure Backup user who initiates the backup.
A volume is a single unit of media, such as an 8mm tape. A volume can contain one or more backup images.
The time at which Oracle Secure Backup wrote backup image file number 1 to a volume.
The date and time on which a volume in a volume set expires. Oracle Secure Backup computes this time by adding the write window duration, if any, to the volume creation time for the first volume in the set, then adding the volume retention period.
For example, assume that a volume set belongs to a media family with a retention period of 14 days and a write window of 7 days. Assume that the volume creation time for the first volume in the set was January 1 at noon and that Oracle Secure Backup subsequently wrote data on 20 more volumes in the set. In this scenario, the volume expiration time for all 21 volumes in the set is January 22 at noon.
A unique alphanumeric identifier assigned by Oracle Secure Backup to a volume when it was labeled. The volume ID usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID in the RMAN-DEFAULT
media family could be RMAN-DEFAULT-000002
.
The first block of the first backup image on a volume. It contains the volume ID, the owner's name, the volume creation time, and other information.
A number recorded in the volume label that indicates the order of volumes in a volume set. The first volume in a set has sequence number 1. The volume ID for a volume usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID for a volume in the RMAN-DEFAULT
media family could be RMAN-DEFAULT-000002
.
A group of volumes spanned by a backup image. The part of the backup image that fits on a single volume is a backup section.
A field that is commonly used to hold the barcode identifier, also called a volume tag, for the volume. The volume tag is found in the volume label.
A password-protected encrypted file. An Oracle wallet is primarily designed to store X.509 certificates and their associated public key/private key pair. The contents of the wallet are only available after the wallet password has been supplied, although in the case of an obfuscated wallet no password is required.
The browser-based GUI that enables you to configure an administrative domain, manage backup and restore operations, and browse the backup catalog.
Defines the period of time, starting from the volume creation time, during which updates to a volume are allowed.
To mark a file or media so that its contents cannot be modified or deleted. To write-protect a volume, you can mount a volume read-only in Oracle Secure Backup or alter the physical media with a write-protect tab.
The period of time for which a volume set remains open for updates, usually by appending additional backup images. The write window opens at the volume creation time for the first volume in the set and closes after the write window period has elapsed. After the write window close time, Oracle Secure Backup does not allow further updates to the volume set until it expires (as determined by its expiration policy), or until it is relabeled, reused, unlabeled, or forcibly overwritten.
A write window is associated with a media family. All volume sets that are members of the media family remain open for updates for the same time period.
The date and time that a volume set closes for updates. Oracle Secure Backup computes this time when it writes backup image file number 1 to the first volume in the set. If a volume set has a write window close time, then this information is located in the volume section of the volume label.
The length of time during which writing to a volume set is permitted.