OSB Administrative Domain and Servers
An administrative domain is collection of servers (hosts) that you manage as a single group for backup and restore operations. Within an OSB administrative domain, each server can be assigned one or more of the following roles:
•
•
•
For each administrative domain, as shown in Figure 20–1, there is only one administrative server that controls the backup, restore, and scheduling operations. An administrative server manages one or more media servers and one or more clients.
546
CHAPTER 20 ■ ORACLE SECURE BACKUP
■
Tip
For complete details on all of the OSB interfaces, see the Oracle Secure Backup Administrator's Guide and Oracle Secure Backup Reference available at www.oracle.com/technetwork/database/secure-backup/documentation/.
OSB Users and Classes
An Oracle Secure Backup user is an account defined within an OSB administrative domain. These users are separate from operating system users. OSB user information is stored in the OSB administrative domain server. You are required to enter a username and password when accessing OSB through its interfaces such as obtool or OSB Web tool.
An OSB class is a set of privileges and rights granted to a user. Each user can be assigned to only one OSB class. OSB classes help maintain a consistent user experience across all servers in an administrative domain.
OSB Daemons
Oracle Secure Backup uses seven different background processes (daemons) to manage the configuration, backup, and restore operations. The executables that start the daemons are in the OSB_HOME/etc directory on each of the servers. These processes are described in this list:
Schedule daemon
runs only on the administrative server and manages the scheduled backups.
Index daemon
runs only on the administrative server and manages the backup catalog for each client.
Apache web server daemon
runs only on the administrative server and services the OSB web tool.
Service Daemon
runs on the administrative, media, and client servers. On the administrative server, it runs jobs as requested by the schedule daemon. When running on the media or client server, it allows for remote administration of the host.
Network data management protocol (NDMP) daemon
runs on the
administrative, media, and client servers; it provides data communication between servers in the administrative domain.
Robot Daemon
runs only on the media server and helps manage
communication to tape devices.
Proxy Daemon
runs only on the client server and verifies user access for SBT
backup and restore operations.
Now that you have a basic understanding of the OSB architecture, you are ready to download and install the OSB software.
548
CHAPTER 20 ■ ORACLE SECURE BACKUP
Download and Installation
You can download the OSB software from Oracle’s Technology Network (OTN) site at www.oracle.com/technetwork/database/secure-backup/downloads/.
For the examples in this chapter, I downloaded OSB version 10.3.0.3.0, and saved the zip file osb-10.3.0.3.0_linux32.zip under a staging directory /stage/osb of my admin server in the OSB
administrative domain. You can stage this binary file in a choice of your location on your server.
Oracle recommends installing the OSB software under the directory /usr/local/oracle/backup for Unix and Linux platforms and C:\Program Files\Oracle\Backup for the Windows platform. Once you have downloaded the OSB zip file and copied it to the appropriate directory, then you may proceed to the installation steps, as shown here:
1. To perform the OSB installation, you must logon as root.
$ su - root
2. If the uncompress utility is not available, create a link.
# ln -s /bin/gunzip /bin/uncompress
3. Go to the staging directory, and unzip the zip file that you downloaded from OTN.
# cd /stage/osb
# unzip osb-10.3.0.3.0_linux32.zip
4. If the OSB home directory does not exist, create the directory.
# mkdir -p /usr/local/oracle/backup
5. Go to the OSB home directory and run the setup script.
# cd /usr/local/oracle/backup
# /stage/osb/osb-10.3.0.3.0_linux32/setup
The following output is displayed:
Welcome to Oracle's setup program for Oracle Secure Backup. This
program loads Oracle Secure Backup software from the CD-ROM to a
filesystem directory of your choosing.
This CD-ROM contains Oracle Secure Backup version 10.3.0.3.0_LINUX32.
Please wait a moment while I learn about this host... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
1. linux32
administrative server, media server, client
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Loading Oracle Secure Backup installation tools... done.
Loading linux32 administrative server, media server, client... done.
- - - - - - - - - - - - - - - - - - - - - - - - - - -
Oracle Secure Backup has installed a new obparameters file.
Your previous version has been saved as install/obparameters.savedbysetup.
Any changes you have made to the previous version must be
made to the new obparameters file.
Would you like the opportunity to edit the obparameters file
Please answer 'yes' or 'no' [no]:
6. Since you are not modifying the obparameters file, accept the default parameters by pressing the Enter key. The following output is displayed: 549
CHAPTER 20 ■ ORACLE SECURE BACKUP
Loading of Oracle Secure Backup software from CD-ROM is complete.
You may unmount and remove the CD-ROM.
Would you like to continue Oracle Secure Backup installation with
'installob' now? (The Oracle Secure Backup Installation Guide
contains complete information about installob.)
Please answer 'yes' or 'no' [yes]:
7. Press the Enter key to proceed with running the installob. The following output is displayed:
Welcome to installob, Oracle Secure Backup's installation program.
For most questions, a default answer appears enclosed in square brackets.
Press Enter to select this answer.
Please wait a few seconds while I learn about this machine... done.
Have you already reviewed and customized install/obparameters for your Oracle Secure Backup installation [yes]?
8. Press Enter to proceed with the OSB installation. The following output is displayed:
Oracle Secure Backup is already installed on this machine (BLLNX4).
Would you like to re-install it preserving current configuration data[no]?
9. If OSB is already installed and you are performing an OSB upgrade, enter yes to retain the previous configuration. The following output is displayed: Oracle Secure Backup's Web server has been loaded, but is not yet configured.
Choose from one of the following options. The option you choose defines the software components to be installed.
Configuration of this host is required after installation completes.
You can install the software on this host in one of the following ways: (a) administrative server, media server and client
(b) media server and client
(c) client
If you are not sure which option to choose, please refer to the Oracle Secure Backup Installation Guide. (a,b or c) [a]? a
10. Press Enter to accept the default value a, which is to configure the server as the administrative server, media server, and client. The following output is displayed:
Beginning the installation. This will take just a minute and will produce several lines of informational output.
Installing Oracle Secure Backup on BLLNX4 (Linux version 2.6.9-67.EL) You must now enter a password for the Oracle Secure Backup admin user.
Oracle suggests you choose a password of at least eight characters in length, containing a mixture of alphabetic and numeric characters.
Please enter the admin password:
Re-type password for verification:
11. Enter the password twice for the admin user. The following output is displayed: You should now enter an email address for the Oracle Secure Backup 'admin'
550
CHAPTER 20 ■ ORACLE SECURE BACKUP
user. Oracle Secure Backup uses this email address to send job summary reports and to notify the user when a job requires input. If you leave this blank, you can set it later using the obtool's 'chuser' command.
Please enter the admin email address: [email protected]
12. Enter the email address for the admin user. The following output is displayed: generating links for admin installation with Web server
checking Oracle Secure Backup's configuration file (/etc/obconfig)
protecting the Oracle Secure Backup directory
creating /etc/rc.d/init.d/observiced
activating observiced via chkconfig
upgrading the administrative domain (where required)
****************************** N O T E ******************************
On Linux systems Oracle recommends that you answer no to the next two questions. The preferred mode of operation on Linux systems is to use the /dev/sg devices for attach points as described in the 'ReadMe'
and in the 'Installation and Configuration Guide'.
Is BLLNX4 connected to any tape libraries that you'd like to use with Oracle Secure Backup [no]? no
Is BLLNX4 connected to any tape drives that you'd like to use with
Oracle Secure Backup [no]? no
13. Since I am installing OSB on a Linux server, then I accept the default and type no for both prompts. The following final output is displayed showing the installation summary:
Installation summary:
Installation Host OS Driver OS Move Reboot Mode Name Name Installed? Required? Required?
admin BLLNX4 Linux no no no Oracle Secure Backup is now ready for your use.
■
Note
To remove the Oracle Secure Backup, as root run the uninstallob shell script located in the OSB_HOME/install directory. The operating system variable OSB_HOME is commonly set to the
/usr/local/oracle/backup directory.
Command-line Access to OSB
All the examples in this chapter use either obtool or RMAN to access OSB and perform tasks such as creating backups and restoring files. This section focuses on connecting to the obtool utility. The first time you run the obtool utility, you will be prompted for the password of the admin user, which is the default OSB user created when you installed OSB. When prompted, use the password you specified when you installed the OSB software:
$ obtool
Oracle Secure Backup 10.3
login:
551
CHAPTER 20 ■ ORACLE SECURE BACKUP
To launch obtool utility and logon to a specific user, use the -u option, as shown here. You will learn on how to maintain OSB users in the next section.
$ obtool -u apress_oracle
To verify the OSB user that you are logged in as, issue the id command: ob> id
apress_oracle
To view a list of obtool help topics, enter the following command:
ob> help topics
Here is a small snippet of the output:
Help is available on the following topics:
advanced .. advanced and seldom-used commands
backups .. data backup operations
backupwindow .. backup window definition
browser .. file system browser
checkpoint .. checkpoint management
class .. user class rights
To exit the obtool utility, issue either exit or quit commands, as shown here: ob> exit
OSB Configuration
Once OSB is installed, you can run a simple backup command. However, for an environment where security is one of the top priorities, you may want to change the OSB default settings first. Imagine that tight security is strictly enforced on your production database, and a single OSB user account is used to backup both production and test databases. You are in a vulnerable situation because a DBA on your testing team can restore the backup of your production database to another server and access the data from there. To increase security and better manage your tape backups, I recommend creating new user accounts and assigning specific roles, as well as creating media families and database backup storage selectors. These topics are discussed in the next several subsections.
Configuring Users and Classes
When OSB is installed, the default user account created is named admin, which has all of the privileges relating to OSB. For security reasons, create separate OSB user accounts to access the different environments, such as production, test, and development. Also, assign specific classes (or roles) to these users, such as admin, operator, oracle, user, and reader. Monitor them to limit their rights to modify OSB administrative domain configurations and perform backup and restore operations. Limiting rights ensures that a particular OSB user can back up the test database, but has no rights to, say, restore the production database.