Oracle® Secure Backup Administrator's Guide Release 10.1 Part Number B14234-02 |
|
|
PDF · Mobi · ePub |
This chapter explains the basic steps involved in setting up an administrative domain. It is assumed that you have read the conceptual overview in "Administrative Domains". This chapter covers the following topics:
Note:
Before you set up an administrative domain, ensure you have logged into Oracle Secure Backup as explained in "Starting the Web Tool".This section describes the steps involved in configuring an Oracle Secure Backup administrative domain. In many cases, the domain defaults are sufficient, so no additional configuration is required. Steps that are optional are noted.
This section makes the following assumptions:
Reliaty Backup is not currently installed on the hosts in your domain. If you are migrating Reliaty Backup to Oracle Secure Backup, then refer to Oracle Secure Backup Migration Guide.
You have already installed Oracle Secure Backup on a host and configured it as the administrative server. If you have not yet performed this task, refer to Oracle Secure Backup Installation Guide.
You have installed Oracle Secure Backup on the media servers and clients (except hosts that use NDMP access mode) and configured drivers and device special files so that the tape devices are usable by Oracle Secure Backup. If you have not yet performed this task, refer to Oracle Secure Backup Installation Guide.
You have not yet used the Web tool or obtool
to configure your clients, media servers, and tape devices. It is assumed that the only member of your domain is the administrative server.
If you already configured the hosts and devices in your domain, which is a step that you can optionally perform during post-installation as described in Oracle Secure Backup Installation Guide, then skip Steps 3 and 4 in the following procedure.
You are using the Oracle Secure Backup Web tool to configure the domain. "Using the Web Tool" provides an introduction to the Web tool.
Note:
If you plan to use Oracle Secure Backup with RMAN, then see Chapter 6, "Using Recovery Manager with Oracle Secure Backup". The RMAN chapter explains how to use Enterprise Manager to configure Oracle Secure Backup and perform database backup and recovery.You accept the default mode of security described in "Default Security Configuration". In this case no additional security configuration is required. You need only ensure that the hosts with the administrative server and media server roles have sufficient physical and network security.
You can configure your administrative domain in the following steps:
Use the Web tool to log in to the administrative domain as admin
. You created this user and set the password when you installed Oracle Secure Backup on the administrative server.
If necessary, configure defaults and policies for the administrative domain. For example, you could configure default media retention values or NDMP authentication information.
This task is described in "Configuring Defaults and Policies".
Configure the media servers and clients. Optionally, you can configure a subset of the hosts now and add the remaining hosts later.
This task is described in "Configuring Hosts".
This task is described in "Configuring Tape Devices".
If necessary, configure classes and users. For example, you may want to create an Oracle Secure Backup user that can make backups but does not have full administrator rights.
These tasks are described in "Configuring Classes" and "Configuring Users".
Note:
In this step you can specify user accounts for unprivileged backup and restore operations. Unprivileged operations run under the specified operating system accounts rather than asroot
(UNIX/Linux) or a member of the Administrator group (Windows). See "About User Configuration" for more information.If necessary, configure backup and media settings in preparation for setting up backup schedules. This stage of configuration is described in Chapter 5, "Configuring Backup and Media Settings" and includes the following tasks:
Configure media families.
This task is described in "Configuring Media Families".
Configure database backup storage selectors.
This task is described in "Configuring Database Backup Storage Selectors".
Configure job summary schedules.
This task is described in "Configuring Job Summary Schedules".
After you have configured the administrative domain, you are ready to set up your backup schedules and perform on-demand backups. These tasks are explained in Chapter 7, "Backing Up File System Data".
As explained in "Defaults and Policies", defaults and policies are configuration data that control how Oracle Secure Backup operates within an administrative domain. Policies are divided into classes.
This section contains the following topics:
In most cases, the policy defaults are sufficient for your administrative domain, so this step is optional. Nevertheless, you can review the defaults and make changes where necessary. Which changes are necessary depends on the specifics of your network environment.
Table 4-1 lists classes of policies that you may want to review or change.
Policy Class | Description |
---|---|
Controls media management for the administrative domain. For example, you can choose whether tapes are required to have barcodes and set the retention period and write window for volumes in the default media family. |
|
Controls settings applicable to hosts that use NDMP access mode. For example, you can configure backup environment variables or specify a user name for authentication. |
|
Controls aspects of backup and restore operations. For example, you can set the amount of time that an RMAN backup job waits in the Oracle Secure Backup scheduler queue for the required resources to become available. |
|
Controls the behavior of the Oracle Secure Backup scheduler. For example, you can specify the frequency at which the scheduler attempts to dispatch backup jobs. |
|
Controls aspects of administrative domain security. For example, you can enable SSL encryption for backup data in transit or set the key size for host identity certificates. "Configuring Security for the Administrative Domain" explains how to change the default security policies. |
Refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference for descriptions of the policies and valid settings for the classes listed in Table 4-1. Keep this information handy as you review the current policy settings for your domain.
In the Advanced section of the Configure page, click Defaults and Policies to display the page shown in Figure 4-1. This page lists the policy classes.
See Also:
Oracle Secure Backup Reference to learn about the policy commands in theobtool
command-line interface and the descriptions of the classes and policiesBefore changing a policy setting, refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference. This appendix contains extensive descriptions of the policies and describes valid settings. Typically, should not need to change the default settings.
To change a policy setting:
In the Policy column on the Defaults and Policies page, click the name of the policy class to be edited. For example, click scheduler.
The policy_name page appears. Figure 4-2 shows the Scheduler page.
Change the settings of one or more policies. Refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference for explanations of the policies.
Choose one of the following:
Click Apply to remain on this page.
Click OK to save the changes and return to the Defaults and Policies page.
When you change a policy setting from its default, the Web tool displays the default value for the policy in the Reset to Default Value column. Figure 4-2 shows the Scheduler page after the backup frequency has been changed to 6 minutes from the default of 5 minutes.
You can reset the value of a one or more policies to the default value.
To reset a policy:
In the Policy column on the Defaults and Policies page, click the name of the policy class that contains the policy to be reset.
Check box in the Reset to Default Value column for the policy that you are resetting.
Click Apply or OK.
This section explains how to define, change, and remove hosts. This section contains the following topics:
Although it is assumed that you have installed Oracle Secure Backup on the network hosts (except filers and other hosts that use NDMP access mode), you have not yet made the administrative server aware of the other hosts in your domain. This section explains how to configure the identity and membership of the hosts in your domain.
For hosts on which Oracle Secure Backup is installed, you can configure attributes such as the following:
Host name
IP address
Role
Host accessibility (whether the host is in service or not in service)
For hosts that use NDMP access mode, you can configure the same host attributes in the preceding list, but also configure the following attributes:
NDMP authorization type
NDMP password
TCP port number for use with NDMP
Refer to the mkhost
description in Oracle Secure Backup Reference for a complete account of host attributes.
It is recommended that you configure your hosts as follows:
Configure the media servers.
This task is described in "Adding a Host".
Configure the clients.
In some cases, your media servers and administrative server are the only clients, so you can skip this step. This task is described in "Adding a Host".
Ping all hosts in the domain to make sure that they are accessible.
You can use the ping operation to determine whether a host is responsive to requests from Oracle Secure Backup. This task is described in "Pinging a Host".
If necessary, modify, rename, or remove media servers and clients.
These tasks are described in "Displaying or Editing Host Properties", "Renaming a Host", and "Removing a Host".
Click Hosts in the Configure page to display the Hosts page, which is shown in Figure 4-4. The Hosts page lists the host name, status, and roles attributed to the host. You can perform all host configuration tasks in this page or in pages to which it is linked.
To add a new host to an administrative domain:
From the Home page, click the Configure tab.
Click Hosts in the Basic section to display the Hosts page.
Click Add to add a host.
The Web tool displays a form for entering a host name.
In the Host box, enter the name of the host.
The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum length of a host name is 127 characters.
The host name must be unique among all Oracle Secure Backup host names.
If you do not configure explicit IP interface names for this host (see the following step), then Oracle Secure Backup considers this host name to be the IP interface name for the host. As such, it must be resolvable through your site's host name resolution system (usually DNS or NIS) to the IP address of a network interface on the host.
In the IP Interface name(s) box, optionally enter one or more IP interface names. Separate multiple entries with a comma.
If you define one or more IP names, then you can specify either resolvable host names or IP addresses. For example, you can use myhost.oracle.com
for a host name or 141.146.8.66 for an IP address.
Note:
The use of DHCP to assign IP addresses is not supported for hosts that participate in an Oracle Secure Backup administrative domain. You must assign static IP addresses to all hosts. If you cannot use static IP addresses, then ensure that the DHCP server guarantees that a given host is always assigned the same IP address.If this box is not empty, then Oracle Secure Backup never uses the user-assigned host name to get the host's IP address; instead, it considers each name in this IP address field until it finds one that resolves to a working IP address. If preferred network interfaces (PNI) are used, then Oracle Secure Backup considers the PNI address first.
If you leave this box blank, then Oracle Secure Backup uses the name you assigned to the host in the previous step as the resolvable IP name for the host.
In the Status list, select one of the following:
in service
Select this option to indicate that the machine is logically available to perform backup and restore operations.
not in service
Select this option to indicate that the machine is logically unavailable to perform backup and restore operations.
In the Roles list, select one or more administrative domain roles for the host. You can select multiple roles. Your choices are the following:
Note:
See "Administrative Domains" to learn about these roles.In the Access method box, select an access method for the host (if applicable). Your choices are the following:
ob
Select this option if the host has Oracle Secure Backup installed.
NDMP
Select this option if the host does not have Oracle Secure Backup installed—for example, a Network-Attached Storage (NAS) device—and uses the Network Data management Protocol (NDMP) to perform all backup and restore operations.
Note:
NDMP is an open standard that defines a common architecture for the way heterogeneous file servers on a network are backed up. This protocol permits the creation of a common agent used by the central backup application to back up servers running different operating systems.If you select ob, then perform Step 9 and then jump to Step 16. If you select NDMP, then skip to Step 10 and perform all subsequent steps.
In Public and private key sizes, select a size for the public/private key associated with the identity certificate for this host.
In the NDMP authorization type list, select an authorization type. The authorization type defines the way in which Oracle Secure Backup authenticates itself to the NDMP server. Typically, you should use the default setting.
Your choices are the following:
default
Select this option to use the value of the Authentication type for the NDMP policy.
none
Select this option to attempt to use the NDMP server from Oracle Secure Backup and provide no authentication data. This technique is usually unsuccessful.
Select this option to negotiate with the NDMP server to determine the best authentication mode to use.
Select this option to use plain (unencrypted) text to authenticate.
Select this option to use the MD5 digest algorithm to authenticate.
See Also:
"Configuring Defaults and Policies" to learn about NDMP-related policiesIn the Username box, enter the name used to authenticate Oracle Secure Backup to this NDMP server. If left blank, then the Oracle Secure Backup uses the name in the NDMP policy.
In the Password list, select one of the following options:
Use default password
Select this option to use the default NDMP password.
Use text password
Select this option to enter a password.
Set to NULL
Check this box to use a NULL password.
The password is used to authenticate Oracle Secure Backup to this NDMP server.
In the Backup type box, enter an NDMP backup type. A backup type is the name of a backup method supported by the NDMP Data Service running on a host. Backup types are defined by each Data Service provider.
In the Protocol Version list, select 2, 3, 4, or as proposed by server.
The NDMP protocol has three public versions, called 2, 3, and 4. Typically, it is acceptable to let Oracle Secure Backup choose the protocol version that the server proposes when the connection is established. If necessary (for example, for testing) you can change the NDMP protocol version with which Oracle Secure Backup communicates to this server.
In the Port box, enter a port number. Typically, the TCP port (10000) in the NDMP policy is used. You can specify another port if this server uses a port other than the default.
Note:
You can add backup and restore environment variables only after you create the host. Refer to "Adding Backup and Restore Environment Variables to an NDMP Host".Check the Suppress communication with host checkbox if you want to add a host to the administrative domain that is currently not accessible on the network.
You can use the ping operation to determine whether a host is responsive to requests from Oracle Secure Backup.
Ping attempts to establish a TCP connection to the host on each of the IP addresses you have configured for it. For hosts that use primary access mode, connection occurs through TCP port 400; for hosts that use the NDMP access mode, connections occur through the configured NDMP TCP port, usually 10000.
Oracle Secure Backup reports the status of each connection attempt and immediately closes each connection that has been established successfully.
This operation is useful for ensuring that a host is responsive on all of its configured IP addresses.
To ping a host:
From the Hosts page, select a host to ping.
Click Ping.
A status line appears on the page with the results of the operation.
To display or edit host properties:
From the Hosts page, select the name of the host whose properties require editing.
Click the Suppress communication with host checkbox to edit a host that is not accessible through the network.
Click Edit.
The Web tool displays a page with details for the host you selected.
Make any required changes to the host properties. If you only want to view the properties, then do not make changes.
See "Configuring Preferred Network Interfaces (PNI)" in the following section to specify, on a client-by-client basis, which of the server's network interfaces should be used to transmit data to be backed up or restored.
After you configure and create an NDMP host, you can edit the host to add backup and restore environment variables.
To add backup and restore variables:
In the box that displays next to the Backup environment vars or Restore environment vars box, enter a name-value pair.
Click Add to add the name-value pair as an environment variable.
For example, enter A=B or "Name A"="Value B" (if the name or value includes spaces). Select an existing environment variable pair and click Remove to remove the pair.
Multiple physical data paths can exist between a client, which contains primary storage to be backed up or restored, and a server, which controls secondary storage devices that write and read the backup media or serves as the administrative server. The PNI (Preferred Network Interface) specifies the network interface that should be used to transmit data to be backed up or restored.
To configure a preferred network interface:
Follow Steps 1 and 2 in "Displaying or Editing Host Properties" to select a host.
Click Preferred Network Interfaces.
In the IP Address list, select an IP address or name. The IP address or name identifies the network interface that the clients you select will use when communicating with the server.
Select one or more clients to use this IP address or DNS name from the Host list box.
Click Add.
The Web tool displays the PNI in the IP Address:Host List box.
This section explains how to remove a host from an Oracle Secure Backup administrative domain.
When you remove a host, Oracle Secure Backup destroys all information pertinent to that host, including:
Configuration data
Incremental backup state information
Metadata in the backup catalog for this host
Device attachments
Preferred network interface references
Moreover, when you remove a UNIX or Windows host, Oracle Secure Backup contacts that host and directs it to delete the administrative domain membership information it maintains locally. You can suppress this communication if the host is no longer accessible.
To remove a host:
From the Hosts page, select the name of the host that you want to remove.
Check Suppress communication with host to remove a machine that is not connected to the network.
Click Remove.
Oracle Secure Backup prompts you to confirm the removal of the host.
Click Yes to remove the host or No to leave the host undisturbed.
If you selected Yes, then Oracle Secure Backup removes the host and returns you to the Host page.
In the Hosts page, select the name of the host to rename.
Check Suppress communication with host to rename a machine that is not connected to the network.
Click Rename.
The Web tool displays a message box in which you can enter the new name.
Enter the new name for the host in the text box.
Click Yes to rename the host or No to leave the host name unchanged.
If you select Yes, then Oracle Secure Backup renames the host and returns you to the Host page.
This section explains how and when to update a host. When you add or modify a host in an Oracle Secure Backup administrative domain, Oracle Secure Backup exchanges messages with that host to inform it of its new state. If no communication is possible (such as when you have checked the Suppress communication with host checkbox) during an add or edit operation, then the host contains out-of-date configuration information. Use Update Host to send fresh state information to the host.
Updating is useful only for hosts that use the primary access method. NDMP-accessed hosts do not maintain any Oracle Secure Backup state data and are therefore not eligible for this function.
To update a host:
From the Host page, select the name of the host to be updated.
Click Update.
This section explains how to configure secondary storage devices for use with Oracle Secure Backup. This section contains the following topics:
This section explains how to configure tape libraries and tape drives for use with Oracle Secure Backup. For both tape drives and tape libraries, you can configure attributes such as the following:
The name of the device
The attachment, which is the description of a physical or logical connection of a device to a host
Whether the device is in service, that is, logically accessible to Oracle Secure Backup
For tape drives, you can configure additional attributes such as the following:
The library in which the tape drive is housed, if the drive is not standalone
A range of library storage elements that can be used by the device, if the drive is in a tape library
For tape libraries, you can additionally set attributes such as the following:
Whether automatic cleaning is enabled
Whether a barcode reader is present
The duration of a cleaning interval
Refer to the mkdev
description in Oracle Secure Backup Reference for a complete account of tape device attributes.
It is recommended that you configure your tape devices as follows:
Disable any system software that scans and opens arbitrary SCSI targets before configuring Oracle Secure Backup tape devices. If Oracle Secure Backup has to contend with other system software (such as monitoring software) for access to tape libraries and drives, then unexpected behavior can result.
Configure tape libraries or tape drives locally attached to your media servers.
Note:
Oracle Secure Backup automatically assigns the media server role to an administrative server when you configure an attached tape device.This tasks are described in "Configuring a Tape Library" and "Configuring a Tape Drive".
Configure tape devices that are network-accessible but are not locally attached to hosts. In this case, you must you must choose which media servers should control the devices.
This tasks are described in "Configuring a Tape Library" and "Configuring a Tape Drive".
Discover tape devices attached to hosts that use NDMP access mode.
Oracle Secure Backup can automatically detect NDMP-attached devices and configure them for the administrative domain. This task is described in "Discovering NDMP-Based Tape Devices Automatically".
Ping each tape device to make sure that it is accessible by Oracle Secure Backup.
This task is described in "Pinging a Device".
Inventory each library and then list its volumes.
Volumes in a library should show either a barcode or the status unlabeled
. If a library shows a slot as occupied
, then this slot is in an invalid state.
This task is described in "Updating an Inventory" and "Browsing Volumes".
The Devices page, which is shown in Figure 4-5, lists the tape libraries and tape drives that are currently in the administrative domain. The page lists the type, status, and name of every device.
To add a tape device to an administrative domain:
From the Home page, click the Configure tab.
Click Devices in the Basic section to display the Devices page.
You can add new devices in one of two ways:
By automatically discovering them. Oracle Secure Backup can automatically discover and configure secondary storage devices connected to certain types of NDMP servers, such as Network Appliance filers. See "Editing Device Properties" to use automatic device discovery.
By adding them manually. See the next step to define devices that cannot be automatically discovered.
Note:
Discovery is a way to learn out about new devices or otherwise unconfigured devices that exist on the host. This technique works only for NDMP devices.Click Add to add a device.
In the Device box, enter a name for the device.
The name must start with an alphanumeric character. It can only contain letters, numerals, dashes, underscores, or periods. It may contain at most 127 characters.
The device name is of your choosing. It must be unique among all Oracle Secure Backup device names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.
In the Type list, select one of the following:
library
If you select this option, then see "Configuring a Tape Library" to continue.
tape
If you select this option, then see "Configuring a Tape Drive" to continue.
Note:
If you a configuring a tape device housed within a tape library, then configure the library first. See "Configuring a Tape Library" for more information.This section explains how to configure a library for use with Oracle Secure Backup. A library is a medium changer that accepts SCSI commands to move media between storage locations and drives.
Before configuring your library, ensure that you followed the instructions in "Configuring Tape Devices".
To configure a tape library:
In the Status list, select one of the following options:
in service
Select this option to indicate that the device is logically available to perform Oracle Secure Backup backup and restore operations.
not in service
Select this option to indicate that the device is logically unavailable to perform backup or restore operations.
auto not in service
This option indicates that the device is logically unavailable to perform backup or restore operation and is set automatically as a result of a failed operation.
In the Debug mode list, select yes or no. The default is yes.
In the World Wide Name box, enter a world-wide name if one exists for the device.
Oracle Secure Backup supports devices whose operating system-assigned logical names (for example, nrst0a
) can vary at each operating system restart. This situation applies to Fibre Channel-attached tape drives and libraries connected to Network Appliance filers. You can refer to these raw devices with their world-wide names (for example, nr.WWN[2:000:0090a5:0003f7]L1.a
), rather than their logical names.
This option is most useful for tape drives and libraries attached to Network Appliance filers. Unlike the logical name, the world-wide name does not change across reboots.
Any substring of the attachment's raw device name that is the string $WWN
is replaced with the value of the WWN each time the device is opened. For example a usable raw device name for a SAN-attached Network Appliance filer is nr.$WWN.a
, specifying a no-rewind, best-compression device having the World Wide Name found in the device object.
The WWN is usually auto-discovered by the device discovery function in Oracle Secure Backup; however, you can enter it manually if necessary.
In the Barcode reader list, select one of the following options to indicate whether a barcode reader is present. A barcode is a symbol code that is physically applied to volumes for identification purposes; some libraries have an automated means to read barcodes, which Oracle Secure Backup supports.
yes
Select this option to indicate that the library has a barcode reader.
no
Select this option to indicate that the library does not have a barcode reader.
default
Select this option to indicate that Oracle Secure Backup should automatically determine the barcode reader using information reported by either the library, the external device file, or both.
In the Barcode required list, select yes or no. If you specify yes, and if a tape in the library does not have a readable barcode, then Oracle Secure Backup refuses to use the tape. This option is configurable for each library.
Typically, Oracle Secure Backup does not discriminate between tapes with readable barcodes and those without. This policy ensures that Oracle Secure Backup can always solicit a tape needed for restore by using both the barcode and the volume ID.
See "Configuring Automatic Tape Cleaning for a Library" for instruction on using the Auto clean, Clean interval (duration), and Clean using emptiest options.
In the Unload required list, select yes, no or default to specify whether or not an unload operation is required before moving a tape from a drive to a storage element.
Typically, you should leave this set to default yes, which means the value comes from the external device table ob_drives
. If you encounter difficulties, however, particularly timeouts waiting for offline while unloading a drive, then select no.
Click Apply, OK, or Cancel.
After the device has been created, you can select Attachments to configure device attachments. See "Configuring a Device Attachment" for more information.
Oracle Secure Backup can automatically clean tape drives in a library. A cleaning cycle is initiated either when a drive reports that it needs cleaning or when a specified usage time has elapsed.
Oracle Secure Backup checks for cleaning requirements when a cartridge is either loaded into or unloaded from a drive. If at that time a cleaning is required, Oracle Secure Backup loads a cleaning cartridge, waits for the cleaning cycle to complete, replaces the cleaning cartridge in its original storage element, and continues with the requested load or unload.
To configure automatic cleaning for a library:
In the Auto clean list, select yes to enable automatic drive cleaning or no to disable it. You can also manually request that a cleaning be performed whenever a drive is not in use.
Note:
Not all drives can report that cleaning is required. For those drives, you must define a cleaning interval.In the Clean interval (duration) box, enter a value and then select the cleaning frequency from the adjacent list. This interval is the amount of time a drive is used before a cleaning cycle is initiated. If automatic drive cleaning is enabled, then this duration indicates the interval between cleaning cycles.
In the Clean using emptiest box, select one of the following options:
yes
Select this option to specify the emptiest cleaning tape, which causes cleaning tapes to "round robin" as cleanings are required.
no
Select this option use the fullest cleaning tape, which causes each cleaning tape to be used until it fills, then the next cleaning tape fills, and so on.
If there are multiple cleaning tapes in a library, then Oracle Secure Backup needs to decide which to use. If you do not otherwise specify, Oracle Secure Backup chooses the cleaning tape with the fewest number of cleaning cycles remaining.
Click Apply, OK, Cancel, or Attachments (see "Configuring a Device Attachment").
Before configuring a tape drive, ensure that you followed the instructions in "Configuring Tape Devices".
To configure tape drives for use with Oracle Secure Backup:
Select the Status, Debug mode, and World Wide Name. Refer to Steps 1 through 3 in "Configuring a Tape Library" for an explanation of these options.
In the Library list, select a library name if the drive is located in a library.
In the DTE box, enter the Data Transfer Element (DTE). DTE is the SCSI-2 name for a tape drive in a library. DTEs are numbered 1 through n and are used to identify drives in a library.
Note:
This option is not available for standalone tape drives.In the Automount box, select yes (default) or no to specify whether automount mode is on or off. Enable the automount mode if you want Oracle Secure Backup to mount tapes for backup and restore operations without operator intervention.
In the Error rate box, enter an error rate percentage or leave this box blank to accept the default setting. The default is 8.
The error rate is the ratio of restored write errors that occur during a backup job divided by the total number of blocks written, multiplied by 100. If the error rate for any backup is higher than this setting, then Oracle Secure Backup displays a warning message in the backup transcript.
Oracle Secure Backup also issues a warning if it encounters a SCSI error when trying to read or reset the drive's error counters. Some drives do not support the SCSI commands necessary to perform these operations. To avoid these warnings, error rate checking can be disabled by checking None.
In the Blocking factor box, enter the blocking factor or leave this box blank to accept the default setting. The default is 128 bytes.
A blocking factor specifies how many 512-byte records to include in each block of data written to tape. By default, Oracle Secure Backup writes 64K blocks to tape (blocking factor 128).
In the Max Blocking factor box, enter the maximum blocking factor.
The largest value permitted for the maximum blocking factor is 4096. This represents a maximum tape block size of 2MB. This maximum is subject to device and operating system limitations that can reduce this maximum block size.
In the Drive usage box, enter the amount of time a drive has been in use since it was last cleaned and then select the time unity from the adjacent list.
Leave the Current tape box empty during initial configuration. This box will automatically be filled in after an inventory has been taken.
In the Use list group, select one of the following options to configure the use list:
Storage element range or list
Click this button to select a numerical range of storage element addresses. Enter a range in the box, for example, 1-20.
All
Click this button to specify all storage elements. For libraries with single drives, you can select this option to use all tapes.
None
Select this button to indicate that no storage elements have yet been specified. This is the default setting. If you select All or Storage element range or list, then this option is no longer visible.
Oracle Secure Backup allows all tapes to be accessed by all drives. The use list enables you to divide the use of the tapes for libraries containing multiple drives in which you are using more than one drive to perform backups. For example, you might want the tapes in the first half of the storage elements to be available to the first drive, and those in the second half to be available to the second drive.
Click Apply, OK, or Cancel.
To edit the properties for an existing device:
From the Devices page, select the name of the device.
Click Edit.
The Web tool displays a page with details for the device you selected.
Make any required changes.
Click Apply, OK, Cancel, or Attachments (see "Configuring a Device Attachment" to configure attachments to the device).
From the Devices page, select the name of the device.
Click Remove.
Oracle Secure Backup prompts you to confirm the removal.
Click Yes to remove the device.
Oracle Secure Backup informs you that the device was successfully removed and returns you to the Device page.
From the Devices page, select the name of the device.
Enter the new name for the device in the text box.
Click Rename.
Oracle Secure Backup prompts you to confirm the removal.
Click Yes to accept the new name.
The Web tool informs you that the device was successfully renamed and returns you to the Device page.
As explained in "Device Names and Attachments", Oracle Secure Backup maintains a distinction between a device and the means by which the device is connected to a host. Each configurable device can have one or more attachments, where each attachment describes a data path between a host and the device. Typically, an attachment includes the identity of a host plus a UNIX device special file name, a Windows device name, or NAS device name. In rare cases, Oracle Secure Backup requires additional information to complete the attachment definition.
Before proceeding to configure the device attachment, refer to the description of the mkdev
command in Oracle Secure Backup Reference. The description of the aspec placeholder describes the syntax and naming conventions for device attachments.
To configure a device attachment:
After adding or editing a device, click the Attachments button.
In the Host list, select a host.
In the Raw device box, enter the raw device name. This is the operating system's name for the device, such as a UNIX device special file. For example, a library name might be /dev/obl0
on Linux and //./obl0
on Windows.
Note:
Steps 4 through 8 need to be performed only for certain hosts running certain NDMP version 2 and 3 servers, such as Network Appliance Data ONTAP 5.1 or 5.2.In the ST device box, enter a device name.
In the ST target box, enter a target number.
In the SCSI device box, enter a SCSI device.
In the ST controller box, enter a bus target number.
In the ST lun box, enter a SCSI logical unit number for the device.
Click Add to add the attachment.
To change an existing device attachment on the Attachments page:
In the host:raw device box, select the device attachment you want to change.
Click Edit.
The Web tool displays a page with details for the device attachment you selected.
Make the required changes.
Click Add to change the device attachment.
To remove a device attachment from a tape drive or library on the Attachments page:
In the host:raw device box, select the name of the device attachment.
Click Remove.
You can display device attachment properties from the Devices page.
To display attachment properties:
Select the name of the device for which you want to view attachment properties.
Click the Show Properties button.
The Web tool displays a page that displays various properties, including device attachments, for the device you selected.
Click Close to exit the page.
Oracle Secure Backup enables you to determine whether a device is accessible to Oracle Secure Backup using a specific attachment.
When you ping a device, Oracle Secure Backup performs the following steps:
Establishes a logical connection to the device
Inquires about the device's identity data with the SCSI INQUIRY command
Closes the connection
If the attachment is remote from the host running the Web tool (or obtool
), then Oracle Secure Backup establishes an NDMP session with the remote media server to effect this function.
To ping an attachment from the Attachments page:
In the host:raw device box, select the attachment to ping.
Click the Ping button.
The Web tool opens a new window that describes the status of the attachment.
Click Close to exit the page.
The Web tool a device is in service, which host or hosts the device is connected to, the device type, and various other details relating to devices.
Note:
If a device is in service, it means the device can be used by Oracle Secure Backup; if it is not in service, then it cannot be used by Oracle Secure Backup. When a device is taken out of service, no more backups are dispatched to it.In the Device page, select the name of the device for which you want to display properties.
Click the Show Properties button.
The Web tool displays a page with the properties for the device you selected.
Oracle Secure Backup enables you to determine whether a tape device is accessible to Oracle Secure Backup using any available attachment.
Pinging a library causes all of its in service member tape drives to be pinged as well.
To ping a device:
In the Devices page, select a device to ping.
Click the Ping button.
The Web tool displays the status of the operation.
Oracle Secure Backup can detect changes in device configuration for some types of NDMP-accessed hosts and, based on this information, automatically update the administrative domain's device configuration.
Oracle Secure Backup detects and acts on these kinds of changes:
Devices that were not previously configured but have appeared. For each such device, Oracle Secure Backup creates a new device with an internally-assigned name and configures a device attachment for it.
Devices that were previously configured for which a new attachment has appeared. For each, Oracle Secure Backup adds an attachment to the existing device.
Devices that were previously configured for which an attachment has disappeared. For each, Oracle Secure Backup removes the attachment from the device.
Oracle Secure Backup detects multiple hosts connected to the same device by comparing the serial numbers reported by the operating system. Oracle Secure Backup also determines whether any discovered device is accessible by its serial number; if so, it configures each device attachment to reference the serial number instead of any logical name assigned by the operating system.
To discover a device:
In the list of hosts, select the name of an NDMP host.
Click Discover.
The Web tool displays a message in the status area, which can also be a message stating that no changes to device configuration are discovered.
Click OK to return to the Devices page.
As explained in "Oracle Secure Backup Classes and Rights", a class defines a set of rights that are granted to a user. A class can include multiple users, but each user is a member of one and only one class.
In most cases, the default classes are sufficient. Refer to Oracle Secure Backup Reference for a complete account of the rights that belong to each class.
This section contains the following topics:
In the Advanced section of the Configure page, click Classes to display the page shown in Figure 4-6. You can use this page to manage existing classes or configure new classes.
As explained in "Users and Classes", Oracle Secure Backup creates default classes when the administrative domain is first initialized. You can use these classes or create your own.
To add a class:
The New Classes page appears. This page describes class rights options.
In the Class box, enter a name for the class. The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length is 127 characters.
The class name is of your choosing. It must be unique among all Oracle Secure Backup class names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.
Select the rights to grant to this class. Refer to the "Classes and Rights" in Oracle Secure Backup Reference for a detailed explanation of these rights.
Click Apply or OK.
To modify existing classes, you must have the modify administrative domain's configuration
right. When you change the class that a user belongs to or modify the rights of such a class, the changes do not take effect until the user exits from the Oracle Secure Backup component that he is currently using.
To edit a class:
In the Class Name box, select the name of the class that you want to edit.
Click Edit.
The Web tool displays a page with details for the class name you selected.
Make any required changes.
Click Apply or OK.
You cannot remove a class to which any users currently belong. Instead, you need to reassign or delete all existing members of a class before the class can be removed.
To remove a class:
In the Class Name box, select the name of the class to be removed.
Click Remove.
A message prompts you to confirm the removal of the class.
Click Yes to remove the class name or No to leave the class undisturbed.
A message appears in Status box telling you whether the class was successfully removed.
In the Class name box, select the name of the class that you want to rename.
Click Rename.
A message prompts you to confirm the renaming of the class.
In the text box, enter the new name for the class.
Click Yes to rename the class name or No to leave the class undisturbed.
A message appears in Status box telling you the result of the operation.
To display the properties for a class:
In the Class Name box, select the name of the class whose properties you want to display.
Click Edit.
The Web tool displays a page with details for the class name you selected.
Click Cancel to return to the Classes page.
As explained in "Oracle Secure Backup Users and Passwords", an Oracle Secure Backup user exists in a separate namespace from an operating system user. This section explains how to define, change, and remove Oracle Secure Backup users. It contains the following topics:
When you run installob
on the administrative server, Oracle Secure Backup creates the admin
user by default. Unless you configured your obparameters
file to create the oracle
user, no other users exist in the administrative domain.
At this stage, you can optionally create new users or modify the attributes of the current users. The following user attributes are particularly important:
Preauthorizations
You can preauthorize an operating system user to make Oracle Database SBT backups through RMAN or log in to the user-invoked Oracle Secure Backup command-line utilities.
A preauthorization for an operating system user is associated with a specific Oracle Secure Backup user. For example, you can enable the Linux user muthu
to log in to obtool
as the Oracle Secure Backup user named backup_admin
. Additionally, you could preauthorize muthu
to run RMAN backups under the backup_admin
identity.
Operating system accounts for unprivileged backups
An unprivileged backup is a file system backup of a client that does not run on the operating system as root
(UNIX/Linux) or a member of the Administrators group (Windows). You must specify which operating system accounts are used for unprivileged backups.
It is recommended that you follow these steps:
If necessary, add new users.
This task is described in "Adding a User".
If necessary, change the admin
password. You set the original password when you installed Oracle Secure Backup on the administrative server.
This task is described in "Changing a User Password".
Review the attributes of every user and, if necessary, configure preauthorizations and account settings for unprivileged backups.
These tasks are described in "Editing User Properties", "Assigning Windows Account Information", and "Assigning Preauthorized Access".
In the Configure page, click Users to display the Users page, which is shown in Figure 4-7. This page lists all users authorized by Oracle Secure Backup along with their class names and email addresses. You can perform all user configuration tasks in this page or in pages to which it provides links.
To add one or more users:
In the Users page, click Add to add a new user.
The Web tool displays the New Users form for entering a user name.
In the User box, enter a user name.
The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length that you can enter is 31 characters.
The user name must be unique among all Oracle Secure Backup user names. Formally, it is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain. Practically, it is helpful to choose Oracle Secure Backup user names that are identical to Windows or UNIX user names.
In the Password box, enter a password. This password is used to log in to Oracle Secure Backup. The maximum character length that you can enter is 16 characters.
In the User class list, select a class. A class defines a set of rights.
See Also:
"Oracle Secure Backup Classes and Rights" for more detail on the default Oracle Secure Backup classesIn the Given name box, optionally enter a name for the user. This name is for information purposes only.
In the UNIX name box, enter a UNIX name for this account.
This name forms the identity of any non-privileged jobs run by the user on UNIX systems. If this Oracle Secure Backup user will not—or is not permitted to—run Oracle Secure Backup jobs on UNIX systems, then the user can leave this field blank.
In the UNIX group box, enter a UNIX group name for this account.
This name forms the identity of any non-privileged jobs run by the user on UNIX systems. If this Oracle Secure Backup user will not —or is not permitted to—run Oracle Secure Backup jobs on UNIX systems, then the user can leave this field blank.
In the NDMP server user box, select yes to request that Oracle Secure Backup's NDMP server accept a login from this user by using the supplied user name and password. This option is not required for normal Oracle Secure Backup operation and is typically set to no.
In the Email address box, enter the email address for the user. When Oracle Secure Backup wants to communicate with this user, such as to deliver a job summary or notify the user of a pending input request, it sends email to this address.
Click Apply, OK, or Cancel.
If the user you configured needs to initiate backup and restore operations on Windows clients, see "Assigning Windows Account Information".
This section explains how to modify properties for an existing user account.
Note:
To modify users, you need to be a member of a class that has this right enabled. See "Oracle Secure Backup Classes and Rights" for details.To edit user properties:
From the Users page, select the name of the user from the User name box.
Click Edit.
The Web tool displays a page with details for the user you selected.
Make any required changes.
Click Apply, OK, or Cancel.
If the user you configured needs to initiate backup and restore operations on Windows clients, see "Assigning Windows Account Information" in the following section.
This section explains how to modify the password for an existing user account.
Note:
To modify users, you need to be a member of a class that has this right enabled. See "Oracle Secure Backup Classes and Rights" for details.To edit user properties:
From the Users page, select the name of the user from the User name box.
Click Change Password.
The Web tool displays a page with details for the user you selected.
Enter a new password and confirm it.
Click OK or Cancel.
This section explains how to configure Windows account information for Oracle Secure Backup users who need to initiate backups and restore operations on Windows systems.
You can associate an Oracle Secure Backup user with multiple Windows domain accounts or use a single account that applies to all Windows domains.
To assign Windows account information to an Oracle Secure Backup user:
Follow Steps 1 and 2 in "Editing User Properties".
Click Windows Domains.
In the Domain name box, enter a Windows domain name. Enter an asterisk (*
) in this box for all Windows domains.
In the Username and Password boxes, enter the account information for a Windows user.
Click Add to add the Windows account information. The account information appears in the Domain:Username box.
This section explains how to grant access to Oracle Secure Backup services and data to the specified operating system user. You can preauthorize Oracle Database SBT backups through RMAN or preauthorize login to the user-invoked Oracle Secure Backup command-line utilities.
Oracle Secure Backup preauthorizes access only for the specified operating system user on the specified host. For each host within an Oracle Secure Backup administrative domain, the administrator may declare one or more one-to-one mappings between operating system and Oracle Secure Backup user identities.You can create preauthorizations only if you have the modify administrative domain's configuration
right. Typically, only a user in the admin
class has this right.
To assign preauthorized access:
From the Users page, select the name of the user from the User name box.
Click Edit.
The Web tool displays a page with details for the user you selected.
Click Preauthorized Access.
In the Hosts lists, select either all hosts or the name of the host to which the operating system user is granted preauthorized access.
In the OS username box, enter the operating system user account with which the Oracle Secure Backup user should access services and data. Enter an asterisk (*) or leave blank to select all users.
In the Windows domain name box, enter the Windows domain to which the operating system user belongs. The Windows domain is only applicable to preauthorized logins from a Windows host. Enter an asterisk (*) or leave blank to select all domains.
If you enter a Windows account name in the OS username box, then you must enter an asterisk, leave the box blank, or enter a specific domain.
In the Attributes box, select cmdline or rman.
The cmdline attribute preauthorizes login through the user-invoked Oracle Secure Backup command-line utilities such as obtool
. The rman attribute preauthorizes Oracle Database SBT backups through RMAN.
Click Add.
The Web tool displays the preauthorization information in the Preauthorized Access page.
See Also:
"Creating a Preauthorized Oracle Secure Backup Account" for more details about RMAN preauthorizationsFrom the Users page, select the name of the user from the User Name box.
Click Rename.
Oracle Secure Backup prompts you to enter the new name of the user.
Enter the new name for the user in the text box.
Click Yes to rename the user.
You are returned to the Users page.
To remove an Oracle Secure Backup user:
From the Users page, select the name of the user from the User Name box.
Click Remove.
Oracle Secure Backup prompts you to confirm the removal of the user.
Click Yes to remove the user.
You are returned to the Users page. A message appears in the Success box telling you the user was successfully removed.